components/autofill/core/browser/webdata/autofill_table.cc - Issue 962673004: [Autofill/Autocomplete Feature] Substring matching instead of prefix matching.

Side by Side Diff: components/autofill/core/browser/webdata/autofill_table.cc

Issue 962673004: [Autofill/Autocomplete Feature] Substring matching instead of prefix matching. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Incorporated Rouslan's review comments. Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/autofill/core/browser/personal_data_manager.cc ('K') | « components/autofill/core/browser/suggestion.cc ('k') | components/autofill/core/common/BUILD.gn » ('j') | components/autofill/core/common/autofill_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/autofill/core/browser/webdata/autofill_table.h"	5 #include "components/autofill/core/browser/webdata/autofill_table.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <cmath>	8 #include <cmath>

9 #include <limits>	9 #include <limits>

10 #include <map>	10 #include <map>

(...skipping 10 matching lines...) Expand all Loading...
21 #include "base/strings/utf_string_conversions.h"	21 #include "base/strings/utf_string_conversions.h"

22 #include "base/time/time.h"	22 #include "base/time/time.h"

23 #include "components/autofill/core/browser/autofill_country.h"	23 #include "components/autofill/core/browser/autofill_country.h"

24 #include "components/autofill/core/browser/autofill_profile.h"	24 #include "components/autofill/core/browser/autofill_profile.h"

25 #include "components/autofill/core/browser/autofill_type.h"	25 #include "components/autofill/core/browser/autofill_type.h"

26 #include "components/autofill/core/browser/credit_card.h"	26 #include "components/autofill/core/browser/credit_card.h"

27 #include "components/autofill/core/browser/personal_data_manager.h"	27 #include "components/autofill/core/browser/personal_data_manager.h"

28 #include "components/autofill/core/browser/webdata/autofill_change.h"	28 #include "components/autofill/core/browser/webdata/autofill_change.h"

29 #include "components/autofill/core/browser/webdata/autofill_entry.h"	29 #include "components/autofill/core/browser/webdata/autofill_entry.h"

30 #include "components/autofill/core/common/autofill_switches.h"	30 #include "components/autofill/core/common/autofill_switches.h"

	31 #include "components/autofill/core/common/autofill_util.h"

31 #include "components/autofill/core/common/form_field_data.h"	32 #include "components/autofill/core/common/form_field_data.h"

32 #include "components/os_crypt/os_crypt.h"	33 #include "components/os_crypt/os_crypt.h"

33 #include "components/webdata/common/web_database.h"	34 #include "components/webdata/common/web_database.h"

34 #include "sql/statement.h"	35 #include "sql/statement.h"

35 #include "sql/transaction.h"	36 #include "sql/transaction.h"

36 #include "ui/base/l10n/l10n_util.h"	37 #include "ui/base/l10n/l10n_util.h"

37 #include "url/gurl.h"	38 #include "url/gurl.h"

38	39

39 using base::ASCIIToUTF16;	40 using base::ASCIIToUTF16;

40 using base::Time;	41 using base::Time;

(...skipping 408 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
449 std::vector<AutofillChange>* changes) {	450 std::vector<AutofillChange>* changes) {

450 return AddFormFieldValueTime(element, changes, Time::Now());	451 return AddFormFieldValueTime(element, changes, Time::Now());

451 }	452 }

452	453

453 bool AutofillTable::GetFormValuesForElementName(	454 bool AutofillTable::GetFormValuesForElementName(

454 const base::string16& name,	455 const base::string16& name,

455 const base::string16& prefix,	456 const base::string16& prefix,

456 std::vector<base::string16>* values,	457 std::vector<base::string16>* values,

457 int limit) {	458 int limit) {

458 DCHECK(values);	459 DCHECK(values);

459 sql::Statement s;	460 sql::Statement s1;

	461 sql::Statement s2;
	please use gerrit instead 2015/06/30 19:06:23 I am beginning to think that it would be more corr I am beginning to think that it would be more correct to use && instead of \|\|. Like this: bool succeeded = false; if (prefix.empty()) { sql::Statement s; ... succeeded = s.Succeeded(); } else { sql::Statement s1; ... succeeded = s1.Succeeded(); if (IsFeatureSubstringMatchEnabled()) { sql::Statement s2; ... succeeded &= s2.Succeeded(); } } return succeeded; Pritam Nikam 2015/07/01 17:26:00 In that case, if \|succeeded = s1.Succeeded()\| is f Show quoted text On 2015/06/30 19:06:23, Rouslan wrote: > I am beginning to think that it would be more correct to use && instead of \|\|. > Like this: > > bool succeeded = false; > > if (prefix.empty()) { > sql::Statement s; > ... > succeeded = s.Succeeded(); > } else { > sql::Statement s1; > ... > succeeded = s1.Succeeded(); > > if (IsFeatureSubstringMatchEnabled()) { > sql::Statement s2; > ... > succeeded &= s2.Succeeded(); > } > } > > return succeeded; In that case, if \|succeeded = s1.Succeeded()\| is false, irrespective of \|s2.Succeeded()\|'s result \|succeeded\| will be always false. IMO, \|\| is appropreate here. please use gerrit instead 2015/07/03 02:05:43 Is there a case when s1.Succeeded() is false that Show quoted text On 2015/07/01 17:26:00, Pritam Nikam wrote: > On 2015/06/30 19:06:23, Rouslan wrote: > > I am beginning to think that it would be more correct to use && instead of \|\|. > > Like this: > > > > bool succeeded = false; > > > > if (prefix.empty()) { > > sql::Statement s; > > ... > > succeeded = s.Succeeded(); > > } else { > > sql::Statement s1; > > ... > > succeeded = s1.Succeeded(); > > > > if (IsFeatureSubstringMatchEnabled()) { > > sql::Statement s2; > > ... > > succeeded &= s2.Succeeded(); > > } > > } > > > > return succeeded; > > In that case, if \|succeeded = s1.Succeeded()\| is false, irrespective of > \|s2.Succeeded()\|'s result \|succeeded\| will be always false. > > IMO, \|\| is appropreate here. Is there a case when s1.Succeeded() is false that does not indicate an error? Pritam Nikam 2015/07/03 16:21:27 Done. I didn't find so far. But logically, if \|s Show quoted text On 2015/07/03 02:05:43, Rouslan wrote: > On 2015/07/01 17:26:00, Pritam Nikam wrote: > > On 2015/06/30 19:06:23, Rouslan wrote: > > > I am beginning to think that it would be more correct to use && instead of > \|\|. > > > Like this: > > > > > > bool succeeded = false; > > > > > > if (prefix.empty()) { > > > sql::Statement s; > > > ... > > > succeeded = s.Succeeded(); > > > } else { > > > sql::Statement s1; > > > ... > > > succeeded = s1.Succeeded(); > > > > > > if (IsFeatureSubstringMatchEnabled()) { > > > sql::Statement s2; > > > ... > > > succeeded &= s2.Succeeded(); > > > } > > > } > > > > > > return succeeded; > > > > In that case, if \|succeeded = s1.Succeeded()\| is false, irrespective of > > \|s2.Succeeded()\|'s result \|succeeded\| will be always false. > > > > IMO, \|\| is appropreate here. > > Is there a case when s1.Succeeded() is false that does not indicate an error? Done. I didn't find so far. But logically, if \|succeeded = s1.Succeeded();\| execution results false then \|s2.Succeeded()\|'s execution results would be immaterial if we AND their results.
460	462

461 if (prefix.empty()) {	463 if (prefix.empty()) {

462 s.Assign(db_->GetUniqueStatement(	464 s1.Assign(db_->GetUniqueStatement(

463 "SELECT value FROM autofill "	465 "SELECT value FROM autofill "

464 "WHERE name = ? "	466 "WHERE name = ? "

465 "ORDER BY count DESC "	467 "ORDER BY count DESC "

466 "LIMIT ?"));	468 "LIMIT ?"));

467 s.BindString16(0, name);	469 s1.BindString16(0, name);

468 s.BindInt(1, limit);	470 s1.BindInt(1, limit);

	471

	472 values->clear();

	473 while (s1.Step())

	474 values->push_back(s1.ColumnString16(0));

469 } else {	475 } else {

470 base::string16 prefix_lower = base::i18n::ToLower(prefix);	476 base::string16 prefix_lower = base::i18n::ToLower(prefix);

471 base::string16 next_prefix = prefix_lower;	477 base::string16 next_prefix = prefix_lower;

472 next_prefix[next_prefix.length() - 1]++;	478 next_prefix[next_prefix.length() - 1]++;

473	479

474 s.Assign(db_->GetUniqueStatement(	480 s1.Assign(db_->GetUniqueStatement(

475 "SELECT value FROM autofill "	481 "SELECT value FROM autofill "

476 "WHERE name = ? AND "	482 "WHERE name = ? AND "

477 "value_lower >= ? AND "	483 "value_lower >= ? AND "

478 "value_lower < ? "	484 "value_lower < ? "

479 "ORDER BY count DESC "	485 "ORDER BY count DESC "

480 "LIMIT ?"));	486 "LIMIT ?"));

481 s.BindString16(0, name);	487 s1.BindString16(0, name);

482 s.BindString16(1, prefix_lower);	488 s1.BindString16(1, prefix_lower);

483 s.BindString16(2, next_prefix);	489 s1.BindString16(2, next_prefix);

484 s.BindInt(3, limit);	490 s1.BindInt(3, limit);

	491

	492 values->clear();

	493 while (s1.Step())

	494 values->push_back(s1.ColumnString16(0));

	495

	496 if (IsFeatureSubstringMatchEnabled()) {

	497 s2.Assign(db_->GetUniqueStatement(

	498 "SELECT value FROM autofill "

	499 "WHERE name = ? AND ("

	500 " value LIKE ? OR "

	501 " value LIKE ? OR "

	502 " value LIKE ? OR "

	503 " value LIKE ? OR "

	504 " value LIKE ? OR "

	505 " value LIKE ? ESCAPE '!') "

	506 "ORDER BY count DESC "

	507 "LIMIT ?"));

	508 s2.BindString16(0, name);

	509 s2.BindString16(

	510 1, base::ASCIIToUTF16("% ") + prefix_lower + base::ASCIIToUTF16("%"));
	please use gerrit instead 2015/06/30 19:06:23 If "prefix_lower" contains "_", "%%", or "; DROP T If "prefix_lower" contains "_", "%%", or "; DROP TABLE autofill;"... will your code break? Please add some tests for this. Pritam Nikam 2015/07/01 17:26:00 Yeah, there seems many problems :( Show quoted text On 2015/06/30 19:06:23, Rouslan wrote: > If "prefix_lower" contains "_", "%%", or "; DROP TABLE autofill;"... will your > code break? Please add some tests for this. Yeah, there seems many problems :( please use gerrit instead 2015/07/03 02:05:43 The fix is not to move SQL injection mitigation in Show quoted text On 2015/07/01 17:26:00, Pritam Nikam wrote: > On 2015/06/30 19:06:23, Rouslan wrote: > > If "prefix_lower" contains "_", "%%", or "; DROP TABLE autofill;"... will your > > code break? Please add some tests for this. > > Yeah, there seems many problems :( > The fix is not to move SQL injection mitigation into SubstringSubstituteText(), but to do something like this instead: ------------------------------------------------------------- s2.Assign(db->GetUniqueStatement( "SELECT value FROM autofill " "WHERE name = ? AND (" " value LIKE '%' \|\| ? \|\| '%' OR " " value LIKE '%' \|\| ? \|\| '%' OR " " value LIKE '%' \|\| ? \|\| '%' OR " " value LIKE '%' \|\| ? \|\| '%' OR " " value LIKE '%' \|\| ? \|\| '%' OR " " value LIKE '%' \|\| ? \|\| '%') " " ORDER BY count DESC " "LIMIT ?")); s2.BindString16(0, name); std::string prefix_lower_utf8 = base::UTF16ToUTF8(prefix_lower); s2.BindString(1, base::StringPrintf(" %s", prefix_lower_utf8)); s2.BindString(2, base::StringPrintf(".%s", prefix_lower_utf8)); s2.BindString(3, base::StringPrintf(",%s", prefix_lower_utf8)); s2.BindString(4, base::StringPrintf("-%s", prefix_lower_utf8)); s2.BindString(5, base::StringPrintf("@%s", prefix_lower_utf8)); s2.BindString(6, base::StringPrintf("_%s", prefix_lower_utf8)); s2.BindInt(7, limit); ------------------------------------------------------------- BindString() will protect you from "_", "%", and "; DROP TABLE autofill;" in "prefix_lower". If this does not work, I welcome you emailing me or finding me on IRC to find a better way to achieve our goal here. Pritam Nikam 2015/07/03 16:21:27 This SQL query does not work on my chromium Linux Show quoted text On 2015/07/03 02:05:43, Rouslan wrote: > On 2015/07/01 17:26:00, Pritam Nikam wrote: > > On 2015/06/30 19:06:23, Rouslan wrote: > > > If "prefix_lower" contains "_", "%%", or "; DROP TABLE autofill;"... will > your > > > code break? Please add some tests for this. > > > > Yeah, there seems many problems :( > > > > The fix is not to move SQL injection mitigation into SubstringSubstituteText(), > but to do something like this instead: > > ------------------------------------------------------------- > s2.Assign(db->GetUniqueStatement( > "SELECT value FROM autofill " > "WHERE name = ? AND (" > " value LIKE '%' \|\| ? \|\| '%' OR " > " value LIKE '%' \|\| ? \|\| '%' OR " > " value LIKE '%' \|\| ? \|\| '%' OR " > " value LIKE '%' \|\| ? \|\| '%' OR " > " value LIKE '%' \|\| ? \|\| '%' OR " > " value LIKE '%' \|\| ? \|\| '%') " > " ORDER BY count DESC " > "LIMIT ?")); This SQL query does not work on my chromium Linux build. I can see it treats (_) & (%) as SQL keywords. Furthermore, as per SQLite documentation (from here [1]) for LIKE operator to handle literal (_), (%) or ESCAPE character as recommended way is to use ESCAPE clause with ESCAPE character to prepend these. Show quoted text > s2.BindString16(0, name); > std::string prefix_lower_utf8 = base::UTF16ToUTF8(prefix_lower); > s2.BindString(1, base::StringPrintf(" %s", prefix_lower_utf8)); > s2.BindString(2, base::StringPrintf(".%s", prefix_lower_utf8)); > s2.BindString(3, base::StringPrintf(",%s", prefix_lower_utf8)); > s2.BindString(4, base::StringPrintf("-%s", prefix_lower_utf8)); > s2.BindString(5, base::StringPrintf("@%s", prefix_lower_utf8)); > s2.BindString(6, base::StringPrintf("_%s", prefix_lower_utf8)); > s2.BindInt(7, limit); > ------------------------------------------------------------- const char* const prefix_lower_utf8 = base::UTF16ToUTF8(prefix_lower).c_str(); s2.BindString(1, base::StringPrintf(" %s", prefix_lower_utf8)); We need string16 version i.e. s2.BindString16() API instead. I didn't find string formatting API for \|wchar_t\| on all platforms. Presently its just for windows platform. Please refer [2]. Show quoted text > > BindString() will protect you from "_", "%", and "; DROP TABLE autofill;" in > "prefix_lower". If this does not work, I welcome you emailing me or finding me > on IRC to find a better way to achieve our goal here. Sent you details in mail. References: [1]. https://www.sqlite.org/lang_expr.html#like [2]. https://code.google.com/p/chromium/codesearch#chromium/src/base/strings/strin...
	511 s2.BindString16(

	512 2, base::ASCIIToUTF16("%.") + prefix_lower + base::ASCIIToUTF16("%"));

	513 s2.BindString16(

	514 3, base::ASCIIToUTF16("%,") + prefix_lower + base::ASCIIToUTF16("%"));

	515 s2.BindString16(

	516 4, base::ASCIIToUTF16("%-") + prefix_lower + base::ASCIIToUTF16("%"));

	517 s2.BindString16(

	518 5, base::ASCIIToUTF16("%@") + prefix_lower + base::ASCIIToUTF16("%"));

	519 s2.BindString16(6, base::ASCIIToUTF16("%!_") + prefix_lower +

	520 base::ASCIIToUTF16("%"));
	please use gerrit instead 2015/06/30 19:06:23 I am very happy that this works. Good job! Would y I am very happy that this works. Good job! Would your code be shorter and easier to understand if you changed lines 509-520 to something like this? std::string prefix_lower_utf8 = base::UTF16ToUTF8(prefix_lower); s2.BindString(1, base::StringPrintf("%% %s%%", prefix_lower_utf8)); s2.BindString(2, base::StringPrintf("%%.%s%%", prefix_lower_utf8)); s2.BindString(3, base::StringPrintf("%%,%s%%", prefix_lower_utf8)); s2.BindString(4, base::StringPrintf("%%-%s%%", prefix_lower_utf8)); s2.BindString(5, base::StringPrintf("%%@%s%%", prefix_lower_utf8)); s2.BindString(6, base::StringPrintf("%%!_%s%%", prefix_lower_utf8)); Pritam Nikam 2015/07/01 17:26:00 These doesn't work :( Show quoted text On 2015/06/30 19:06:23, Rouslan wrote: > I am very happy that this works. Good job! Would your code be shorter and easier > to understand if you changed lines 509-520 to something like this? > > std::string prefix_lower_utf8 = base::UTF16ToUTF8(prefix_lower); > s2.BindString(1, base::StringPrintf("%% %s%%", prefix_lower_utf8)); > s2.BindString(2, base::StringPrintf("%%.%s%%", prefix_lower_utf8)); > s2.BindString(3, base::StringPrintf("%%,%s%%", prefix_lower_utf8)); > s2.BindString(4, base::StringPrintf("%%-%s%%", prefix_lower_utf8)); > s2.BindString(5, base::StringPrintf("%%@%s%%", prefix_lower_utf8)); > s2.BindString(6, base::StringPrintf("%%!_%s%%", prefix_lower_utf8)); These doesn't work :(
	521 s2.BindInt(7, limit);

	522

	523 // Append substring matched suggestions.

	524 while (s2.Step())

	525 values->push_back(s2.ColumnString16(0));

	526 }

485 }	527 }

486	528

487 values->clear();	529 return s1.Succeeded() \|\| s2.Succeeded();

488 while (s.Step())

489 values->push_back(s.ColumnString16(0));

490 return s.Succeeded();

491 }	530 }

492	531

493 bool AutofillTable::HasFormElements() {	532 bool AutofillTable::HasFormElements() {

494 sql::Statement s(db_->GetUniqueStatement("SELECT COUNT(*) FROM autofill"));	533 sql::Statement s(db_->GetUniqueStatement("SELECT COUNT(*) FROM autofill"));

495 if (!s.Step()) {	534 if (!s.Step()) {

496 NOTREACHED();	535 NOTREACHED();

497 return false;	536 return false;

498 }	537 }

499 return s.ColumnInt(0) > 0;	538 return s.ColumnInt(0) > 0;

500 }	539 }

(...skipping 1691 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2192 insert.BindString16(index++, profile.GetRawInfo(PHONE_HOME_WHOLE_NUMBER));	2231 insert.BindString16(index++, profile.GetRawInfo(PHONE_HOME_WHOLE_NUMBER));

2193 insert.BindString(index++, profile.language_code());	2232 insert.BindString(index++, profile.language_code());

2194 insert.Run();	2233 insert.Run();

2195 insert.Reset(true);	2234 insert.Reset(true);

2196 }	2235 }

2197	2236

2198 return transaction.Commit();	2237 return transaction.Commit();

2199 }	2238 }

2200	2239

2201 } // namespace autofill	2240 } // namespace autofill

OLD	NEW