socket_permission_entry.cc revision 010d83a9304c5a91596085d917d248abff47903a
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "extensions/common/permissions/socket_permission_entry.h" 6 7#include <cstdlib> 8#include <sstream> 9#include <vector> 10 11#include "base/logging.h" 12#include "base/memory/scoped_ptr.h" 13#include "base/strings/string_number_conversions.h" 14#include "base/strings/string_split.h" 15#include "base/strings/string_util.h" 16#include "extensions/common/permissions/api_permission.h" 17#include "extensions/common/permissions/socket_permission.h" 18#include "url/url_canon.h" 19 20namespace { 21 22using content::SocketPermissionRequest; 23 24const char kColon = ':'; 25const char kDot = '.'; 26const char kWildcard[] = "*"; 27const int kWildcardPortNumber = 0; 28const int kInvalidPort = -1; 29 30bool StartsOrEndsWithWhitespace(const std::string& str) { 31 if (str.find_first_not_of(base::kWhitespaceASCII) != 0) 32 return true; 33 if (str.find_last_not_of(base::kWhitespaceASCII) != str.length() - 1) 34 return true; 35 return false; 36} 37 38} // namespace 39 40namespace extensions { 41 42SocketPermissionEntry::SocketPermissionEntry() 43 : pattern_(SocketPermissionRequest::NONE, std::string(), kInvalidPort), 44 match_subdomains_(false) {} 45 46SocketPermissionEntry::~SocketPermissionEntry() {} 47 48bool SocketPermissionEntry::operator<(const SocketPermissionEntry& rhs) const { 49 if (pattern_.type < rhs.pattern_.type) 50 return true; 51 if (pattern_.type > rhs.pattern_.type) 52 return false; 53 54 if (pattern_.host < rhs.pattern_.host) 55 return true; 56 if (pattern_.host > rhs.pattern_.host) 57 return false; 58 59 if (match_subdomains_ < rhs.match_subdomains_) 60 return true; 61 if (match_subdomains_ > rhs.match_subdomains_) 62 return false; 63 64 if (pattern_.port < rhs.pattern_.port) 65 return true; 66 return false; 67} 68 69bool SocketPermissionEntry::operator==(const SocketPermissionEntry& rhs) const { 70 return (pattern_.type == rhs.pattern_.type) && 71 (pattern_.host == rhs.pattern_.host) && 72 (match_subdomains_ == rhs.match_subdomains_) && 73 (pattern_.port == rhs.pattern_.port); 74} 75 76bool SocketPermissionEntry::Check( 77 const content::SocketPermissionRequest& request) const { 78 if (pattern_.type != request.type) 79 return false; 80 81 std::string lhost = StringToLowerASCII(request.host); 82 if (pattern_.host != lhost) { 83 if (!match_subdomains_) 84 return false; 85 86 if (!pattern_.host.empty()) { 87 // Do not wildcard part of IP address. 88 url::Component component(0, lhost.length()); 89 url::RawCanonOutputT<char, 128> ignored_output; 90 url::CanonHostInfo host_info; 91 url::CanonicalizeIPAddress( 92 lhost.c_str(), component, &ignored_output, &host_info); 93 if (host_info.IsIPAddress()) 94 return false; 95 96 // host should equal one or more chars + "." + host_. 97 int i = lhost.length() - pattern_.host.length(); 98 if (i < 2) 99 return false; 100 101 if (lhost.compare(i, pattern_.host.length(), pattern_.host) != 0) 102 return false; 103 104 if (lhost[i - 1] != kDot) 105 return false; 106 } 107 } 108 109 if (pattern_.port != request.port && pattern_.port != kWildcardPortNumber) 110 return false; 111 112 return true; 113} 114 115SocketPermissionEntry::HostType SocketPermissionEntry::GetHostType() const { 116 return pattern_.host.empty() 117 ? SocketPermissionEntry::ANY_HOST 118 : match_subdomains_ ? SocketPermissionEntry::HOSTS_IN_DOMAINS 119 : SocketPermissionEntry::SPECIFIC_HOSTS; 120} 121 122bool SocketPermissionEntry::IsAddressBoundType() const { 123 return pattern_.type == SocketPermissionRequest::TCP_CONNECT || 124 pattern_.type == SocketPermissionRequest::TCP_LISTEN || 125 pattern_.type == SocketPermissionRequest::UDP_BIND || 126 pattern_.type == SocketPermissionRequest::UDP_SEND_TO; 127} 128 129// static 130bool SocketPermissionEntry::ParseHostPattern( 131 SocketPermissionRequest::OperationType type, 132 const std::string& pattern, 133 SocketPermissionEntry* entry) { 134 std::vector<std::string> tokens; 135 base::SplitStringDontTrim(pattern, kColon, &tokens); 136 return ParseHostPattern(type, tokens, entry); 137} 138 139// static 140bool SocketPermissionEntry::ParseHostPattern( 141 SocketPermissionRequest::OperationType type, 142 const std::vector<std::string>& pattern_tokens, 143 SocketPermissionEntry* entry) { 144 145 SocketPermissionEntry result; 146 147 if (type == SocketPermissionRequest::NONE) 148 return false; 149 150 if (pattern_tokens.size() > 2) 151 return false; 152 153 result.pattern_.type = type; 154 result.pattern_.port = kWildcardPortNumber; 155 result.match_subdomains_ = true; 156 157 if (pattern_tokens.size() == 0) { 158 *entry = result; 159 return true; 160 } 161 162 // Return an error if address is specified for permissions that don't 163 // need it (such as 'resolve-host'). 164 if (!result.IsAddressBoundType()) 165 return false; 166 167 result.pattern_.host = pattern_tokens[0]; 168 if (!result.pattern_.host.empty()) { 169 if (StartsOrEndsWithWhitespace(result.pattern_.host)) 170 return false; 171 result.pattern_.host = StringToLowerASCII(result.pattern_.host); 172 173 // The first component can optionally be '*' to match all subdomains. 174 std::vector<std::string> host_components; 175 base::SplitString(result.pattern_.host, kDot, &host_components); 176 DCHECK(!host_components.empty()); 177 178 if (host_components[0] == kWildcard || host_components[0].empty()) { 179 host_components.erase(host_components.begin(), 180 host_components.begin() + 1); 181 } else { 182 result.match_subdomains_ = false; 183 } 184 result.pattern_.host = JoinString(host_components, kDot); 185 } 186 187 if (pattern_tokens.size() == 1 || pattern_tokens[1].empty() || 188 pattern_tokens[1] == kWildcard) { 189 *entry = result; 190 return true; 191 } 192 193 if (StartsOrEndsWithWhitespace(pattern_tokens[1])) 194 return false; 195 196 if (!base::StringToInt(pattern_tokens[1], &result.pattern_.port) || 197 result.pattern_.port < 1 || result.pattern_.port > 65535) 198 return false; 199 200 *entry = result; 201 return true; 202} 203 204std::string SocketPermissionEntry::GetHostPatternAsString() const { 205 std::string result; 206 207 if (!IsAddressBoundType()) 208 return result; 209 210 if (match_subdomains()) { 211 result.append(kWildcard); 212 if (!pattern_.host.empty()) 213 result.append(1, kDot).append(pattern_.host); 214 } else { 215 result.append(pattern_.host); 216 } 217 218 if (pattern_.port == kWildcardPortNumber) 219 result.append(1, kColon).append(kWildcard); 220 else 221 result.append(1, kColon).append(base::IntToString(pattern_.port)); 222 223 return result; 224} 225 226} // namespace extensions 227