webservice_search_provider.cc revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2
146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "chrome/browser/ui/app_list/search/common/webservice_search_provider.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/callback.h" 1046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)#include "base/strings/string_util.h" 119ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "chrome/common/url_constants.h" 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "url/gurl.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace app_list { 1546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 16cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)namespace { 17f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 18f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)const int kWebserviceQueryThrottleIntrevalInMs = 100; 190529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 200529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} // namespace 21a3f7b4e666c476898878fa745f637129375cd889Ben Murdoch 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)WebserviceSearchProvider::WebserviceSearchProvider() : use_throttling_(true) {} 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)WebserviceSearchProvider::~WebserviceSearchProvider() {} 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void WebserviceSearchProvider::StartThrottledQuery( 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Closure& start_query) { 28cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) base::TimeDelta interval = 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeDelta::FromMilliseconds(kWebserviceQueryThrottleIntrevalInMs); 30cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (!use_throttling_ || base::Time::Now() - last_keytyped_ > interval) { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) query_throttler_.Stop(); 32cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) start_query.Run(); 33cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } else { 34cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) query_throttler_.Start(FROM_HERE, interval, start_query); 35cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 36cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) last_keytyped_ = base::Time::Now(); 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Returns whether or not the user's input string, |query|, might contain any 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// sensitive information, based purely on its value and not where it came from. 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool WebserviceSearchProvider::IsSensitiveInput(const string16& query) { 42116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const GURL query_as_url(query); 43cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (!query_as_url.is_valid()) 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 45cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The input can be interpreted as a URL. Check to see if it is potentially 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // sensitive. (Code shamelessly copied from search_provider.cc's 48cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // IsQuerySuitableForSuggest function.) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // First we check the scheme: if this looks like a URL with a scheme that is 51cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // file, we shouldn't send it. Sending such things is a waste of time and a 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // disclosure of potentially private, local data. If the scheme is OK, we 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // still need to check other cases below. 54116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFileScheme)) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Don't send URLs with usernames, queries or refs. Some of these are 58cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // private, and the Suggest server is unlikely to have any useful results 59cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // for any of them. Also don't send URLs with ports, as we may initially 60cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // think that a username + password is a host + port (and we don't want to 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // send usernames/passwords), and even if the port really is a port, the 62cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // server is once again unlikely to have and useful results. 63cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (!query_as_url.username().empty() || 64cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) !query_as_url.port().empty() || 65cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) !query_as_url.query().empty() || 66cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) !query_as_url.ref().empty()) { 67cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return true; 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 69cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 70cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Don't send anything for https except the hostname. Hostnames are OK 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // because they are visible when the TCP connection is established, but the 72cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // specific path may reveal private information. 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (LowerCaseEqualsASCII(query_as_url.scheme(), content::kHttpsScheme) && 74116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch !query_as_url.path().empty() && query_as_url.path() != "/") { 75cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return true; 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return false; 7946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)} 8046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 8146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)} // namespace app_list 822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)