| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/net/safe_search_util.h" |
| |
| #include <string> |
| #include <utility> |
| #include <vector> |
| |
| #include "base/logging.h" |
| #include "base/strings/string_number_conversions.h" |
| #include "base/strings/string_piece.h" |
| #include "base/strings/string_split.h" |
| #include "base/strings/string_util.h" |
| #include "base/strings/stringprintf.h" |
| #include "chrome/common/url_constants.h" |
| #include "components/google/core/browser/google_util.h" |
| #include "net/cookies/cookie_util.h" |
| #include "net/http/http_request_headers.h" |
| #include "net/url_request/url_request.h" |
| #include "url/gurl.h" |
| |
| namespace { |
| |
| const char kYouTubePrefCookieName[] = "PREF"; |
| // YouTube pref flags are stored in bit masks of 31 bits each, called "f1", |
| // "f2" etc. The Safety Mode flag is bit 58, so bit 27 in "f2". |
| const char kYouTubePrefCookieSafetyModeFlagsEntryName[] = "f2"; |
| const int kYouTubePrefCookieSafetyModeFlagsEntryValue = (1 << 27); |
| |
| // Returns whether a URL parameter, |first_parameter| (e.g. foo=bar), has the |
| // same key as the the |second_parameter| (e.g. foo=baz). Both parameters |
| // must be in key=value form. |
| bool HasSameParameterKey(const std::string& first_parameter, |
| const std::string& second_parameter) { |
| DCHECK(second_parameter.find("=") != std::string::npos); |
| // Prefix for "foo=bar" is "foo=". |
| std::string parameter_prefix = second_parameter.substr( |
| 0, second_parameter.find("=") + 1); |
| return StartsWithASCII(first_parameter, parameter_prefix, false); |
| } |
| |
| // Examines the query string containing parameters and adds the necessary ones |
| // so that SafeSearch is active. |query| is the string to examine and the |
| // return value is the |query| string modified such that SafeSearch is active. |
| std::string AddSafeSearchParameters(const std::string& query) { |
| std::vector<std::string> new_parameters; |
| std::string safe_parameter = chrome::kSafeSearchSafeParameter; |
| std::string ssui_parameter = chrome::kSafeSearchSsuiParameter; |
| |
| std::vector<std::string> parameters; |
| base::SplitString(query, '&', ¶meters); |
| |
| std::vector<std::string>::iterator it; |
| for (it = parameters.begin(); it < parameters.end(); ++it) { |
| if (!HasSameParameterKey(*it, safe_parameter) && |
| !HasSameParameterKey(*it, ssui_parameter)) { |
| new_parameters.push_back(*it); |
| } |
| } |
| |
| new_parameters.push_back(safe_parameter); |
| new_parameters.push_back(ssui_parameter); |
| return JoinString(new_parameters, '&'); |
| } |
| |
| bool IsYouTubePrefCookie(const net::cookie_util::ParsedRequestCookie& cookie) { |
| return cookie.first == base::StringPiece(kYouTubePrefCookieName); |
| } |
| |
| bool IsYouTubePrefCookieSafetyModeFlagsEntry( |
| const std::pair<std::string, std::string>& pref_entry) { |
| return pref_entry.first == kYouTubePrefCookieSafetyModeFlagsEntryName; |
| } |
| |
| std::string JoinStringKeyValuePair( |
| const base::StringPairs::value_type& key_value, |
| char delimiter) { |
| return key_value.first + delimiter + key_value.second; |
| } |
| |
| // Does the opposite of base::SplitStringIntoKeyValuePairs() from |
| // base/strings/string_util.h. |
| std::string JoinStringKeyValuePairs(const base::StringPairs& pairs, |
| char key_value_delimiter, |
| char key_value_pair_delimiter) { |
| if (pairs.empty()) |
| return std::string(); |
| |
| base::StringPairs::const_iterator it = pairs.begin(); |
| std::string result = JoinStringKeyValuePair(*it, key_value_delimiter); |
| ++it; |
| |
| for (; it != pairs.end(); ++it) { |
| result += key_value_pair_delimiter; |
| result += JoinStringKeyValuePair(*it, key_value_delimiter); |
| } |
| |
| return result; |
| } |
| |
| } // namespace |
| |
| namespace safe_search_util { |
| |
| // If |request| is a request to Google Web Search the function |
| // enforces that the SafeSearch query parameters are set to active. |
| // Sets the query part of |new_url| with the new value of the parameters. |
| void ForceGoogleSafeSearch(const net::URLRequest* request, GURL* new_url) { |
| if (!google_util::IsGoogleSearchUrl(request->url()) && |
| !google_util::IsGoogleHomePageUrl(request->url())) |
| return; |
| |
| std::string query = request->url().query(); |
| std::string new_query = AddSafeSearchParameters(query); |
| if (query == new_query) |
| return; |
| |
| GURL::Replacements replacements; |
| replacements.SetQueryStr(new_query); |
| *new_url = request->url().ReplaceComponents(replacements); |
| } |
| |
| // If |request| is a request to YouTube, enforces YouTube's Safety Mode by |
| // adding/modifying YouTube's PrefCookie header. |
| void ForceYouTubeSafetyMode(const net::URLRequest* request, |
| net::HttpRequestHeaders* headers) { |
| if (!google_util::IsYoutubeDomainUrl( |
| request->url(), |
| google_util::ALLOW_SUBDOMAIN, |
| google_util::DISALLOW_NON_STANDARD_PORTS)) |
| return; |
| |
| // Get the cookie string from the headers and parse it into key/value pairs. |
| std::string cookie_string; |
| headers->GetHeader(base::StringPiece(net::HttpRequestHeaders::kCookie), |
| &cookie_string); |
| net::cookie_util::ParsedRequestCookies cookies; |
| net::cookie_util::ParseRequestCookieLine(cookie_string, &cookies); |
| |
| // Find YouTube's pref cookie, or add it if it doesn't exist yet. |
| net::cookie_util::ParsedRequestCookies::iterator pref_it = |
| std::find_if(cookies.begin(), cookies.end(), IsYouTubePrefCookie); |
| if (pref_it == cookies.end()) { |
| cookies.push_back(std::make_pair(base::StringPiece(kYouTubePrefCookieName), |
| base::StringPiece())); |
| pref_it = cookies.end() - 1; |
| } |
| |
| // The pref cookie's value may be quoted. If so, remove the quotes. |
| std::string pref_string = pref_it->second.as_string(); |
| bool pref_string_quoted = false; |
| if (pref_string.size() >= 2 && |
| pref_string[0] == '\"' && |
| pref_string[pref_string.size() - 1] == '\"') { |
| pref_string_quoted = true; |
| pref_string = pref_string.substr(1, pref_string.length() - 2); |
| } |
| |
| // The pref cookie's value consists of key/value pairs. Parse them. |
| base::StringPairs pref_values; |
| base::SplitStringIntoKeyValuePairs(pref_string, '=', '&', &pref_values); |
| |
| // Find the "flags" entry that contains the Safety Mode flag, or add it if it |
| // doesn't exist. |
| base::StringPairs::iterator flag_it = |
| std::find_if(pref_values.begin(), pref_values.end(), |
| IsYouTubePrefCookieSafetyModeFlagsEntry); |
| int flag_value = 0; |
| if (flag_it == pref_values.end()) { |
| pref_values.push_back( |
| std::make_pair(std::string(kYouTubePrefCookieSafetyModeFlagsEntryName), |
| std::string())); |
| flag_it = pref_values.end() - 1; |
| } else { |
| base::HexStringToInt(base::StringPiece(flag_it->second), &flag_value); |
| } |
| |
| // Set the Safety Mode bit. |
| flag_value |= kYouTubePrefCookieSafetyModeFlagsEntryValue; |
| |
| // Finally, put it all back together and replace the original cookie string. |
| flag_it->second = base::StringPrintf("%x", flag_value); |
| pref_string = JoinStringKeyValuePairs(pref_values, '=', '&'); |
| if (pref_string_quoted) { |
| pref_string = '\"' + pref_string + '\"'; |
| } |
| pref_it->second = base::StringPiece(pref_string); |
| cookie_string = net::cookie_util::SerializeRequestCookieLine(cookies); |
| headers->SetHeader(base::StringPiece(net::HttpRequestHeaders::kCookie), |
| base::StringPiece(cookie_string)); |
| } |
| |
| } // namespace safe_search_util |