content/renderer/pepper/url_request_info_util.cc - platform/external/chromium_org - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/renderer/pepper/url_request_info_util.h"

 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "content/child/request_extra_data.h"
 #include "content/common/fileapi/file_system_messages.h"
 #include "content/renderer/pepper/host_globals.h"
 #include "content/renderer/pepper/pepper_file_ref_renderer_host.h"
 #include "content/renderer/pepper/pepper_plugin_instance_impl.h"
 #include "content/renderer/pepper/plugin_module.h"
 #include "content/renderer/pepper/renderer_ppapi_host_impl.h"
 #include "content/renderer/render_thread_impl.h"
 #include "net/http/http_util.h"
 #include "ppapi/c/pp_bool.h"
 #include "ppapi/c/pp_var.h"
 #include "ppapi/proxy/ppapi_messages.h"
 #include "ppapi/shared_impl/url_request_info_data.h"
 #include "ppapi/shared_impl/var.h"
 #include "ppapi/thunk/enter.h"
 #include "third_party/WebKit/public/platform/WebData.h"
 #include "third_party/WebKit/public/platform/WebHTTPBody.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLRequest.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "url/gurl.h"
 #include "url/url_util.h"

 using ppapi::Resource;
 using ppapi::URLRequestInfoData;
 using ppapi::thunk::EnterResourceNoLock;
 using blink::WebData;
 using blink::WebHTTPBody;
 using blink::WebString;
 using blink::WebFrame;
 using blink::WebURL;
 using blink::WebURLRequest;

 namespace content {

 namespace {

 // Appends the file ref given the Resource pointer associated with it to the
 // given HTTP body, returning true on success.
 bool AppendFileRefToBody(PP_Instance instance,
                          PP_Resource resource,
                          int64_t start_offset,
                          int64_t number_of_bytes,
                          PP_Time expected_last_modified_time,
                          WebHTTPBody* http_body) {
   base::FilePath platform_path;
   PepperPluginInstanceImpl* instance_impl =
       HostGlobals::Get()->GetInstance(instance);
   if (!instance_impl)
     return false;

   RendererPpapiHost* renderer_ppapi_host =
       instance_impl->module()->renderer_ppapi_host();
   if (!renderer_ppapi_host)
     return false;
   ppapi::host::ResourceHost* resource_host =
       renderer_ppapi_host->GetPpapiHost()->GetResourceHost(resource);
   if (!resource_host || !resource_host->IsFileRefHost())
     return false;
   PepperFileRefRendererHost* file_ref_host =
       static_cast<PepperFileRefRendererHost*>(resource_host);
   switch (file_ref_host->GetFileSystemType()) {
     case PP_FILESYSTEMTYPE_LOCALTEMPORARY:
     case PP_FILESYSTEMTYPE_LOCALPERSISTENT:
       // TODO(kinuko): remove this sync IPC when we fully support
       // AppendURLRange for FileSystem URL.
       RenderThreadImpl::current()->Send(
           new FileSystemHostMsg_SyncGetPlatformPath(
               file_ref_host->GetFileSystemURL(), &platform_path));
       break;
     case PP_FILESYSTEMTYPE_EXTERNAL:
       platform_path = file_ref_host->GetExternalFilePath();
       break;
     default:
       NOTREACHED();
   }
   http_body->appendFileRange(platform_path.AsUTF16Unsafe(),
                              start_offset,
                              number_of_bytes,
                              expected_last_modified_time);
   return true;
 }

 // Checks that the request data is valid. Returns false on failure. Note that
 // method and header validation is done by the URL loader when the request is
 // opened, and any access errors are returned asynchronously.
 bool ValidateURLRequestData(const URLRequestInfoData& data) {
   if (data.prefetch_buffer_lower_threshold < 0 ||
       data.prefetch_buffer_upper_threshold < 0 ||
       data.prefetch_buffer_upper_threshold <=
           data.prefetch_buffer_lower_threshold) {
     return false;
   }
   return true;
 }

 }  // namespace

 bool CreateWebURLRequest(PP_Instance instance,
                          URLRequestInfoData* data,
                          WebFrame* frame,
                          WebURLRequest* dest) {
   // In the out-of-process case, we've received the URLRequestInfoData
   // from the untrusted plugin and done no validation on it. We need to be
   // sure it's not being malicious by checking everything for consistency.
   if (!ValidateURLRequestData(*data))
     return false;

   dest->initialize();
   dest->setURL(frame->document().completeURL(WebString::fromUTF8(data->url)));
   dest->setDownloadToFile(data->stream_to_file);
   dest->setReportUploadProgress(data->record_upload_progress);

   if (!data->method.empty())
     dest->setHTTPMethod(WebString::fromUTF8(data->method));

   dest->setFirstPartyForCookies(frame->document().firstPartyForCookies());

   const std::string& headers = data->headers;
   if (!headers.empty()) {
     net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\n\r");
     while (it.GetNext()) {
       dest->addHTTPHeaderField(WebString::fromUTF8(it.name()),
                                WebString::fromUTF8(it.values()));
     }
   }

   // Append the upload data.
   if (!data->body.empty()) {
     WebHTTPBody http_body;
     http_body.initialize();
     int file_index = 0;
     for (size_t i = 0; i < data->body.size(); ++i) {
       const URLRequestInfoData::BodyItem& item = data->body[i];
       if (item.is_file) {
         if (!AppendFileRefToBody(instance,
                                  item.file_ref_pp_resource,
                                  item.start_offset,
                                  item.number_of_bytes,
                                  item.expected_last_modified_time,
                                  &http_body))
           return false;
         file_index++;
       } else {
         DCHECK(!item.data.empty());
         http_body.appendData(WebData(item.data));
       }
     }
     dest->setHTTPBody(http_body);
   }

   // Add the "Referer" header if there is a custom referrer. Such requests
   // require universal access. For all other requests, "Referer" will be set
   // after header security checks are done in AssociatedURLLoader.
   if (data->has_custom_referrer_url && !data->custom_referrer_url.empty())
     frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url));

   if (data->has_custom_content_transfer_encoding &&
       !data->custom_content_transfer_encoding.empty()) {
     dest->addHTTPHeaderField(
         WebString::fromUTF8("Content-Transfer-Encoding"),
         WebString::fromUTF8(data->custom_content_transfer_encoding));
   }

   if (data->has_custom_user_agent) {
     RequestExtraData* extra_data = new RequestExtraData();
     extra_data->set_custom_user_agent(
         WebString::fromUTF8(data->custom_user_agent));
     dest->setExtraData(extra_data);
   }

   return true;
 }

 bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) {
   return data.has_custom_referrer_url ||
          data.has_custom_content_transfer_encoding ||
          data.has_custom_user_agent ||
          url::FindAndCompareScheme(data.url, "javascript", NULL);
 }

 }  // namespace content
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/renderer/pepper/url_request_info_util.h"

	#include "base/logging.h"
	#include "base/strings/string_util.h"
	#include "content/child/request_extra_data.h"
	#include "content/common/fileapi/file_system_messages.h"
	#include "content/renderer/pepper/host_globals.h"
	#include "content/renderer/pepper/pepper_file_ref_renderer_host.h"
	#include "content/renderer/pepper/pepper_plugin_instance_impl.h"
	#include "content/renderer/pepper/plugin_module.h"
	#include "content/renderer/pepper/renderer_ppapi_host_impl.h"
	#include "content/renderer/render_thread_impl.h"
	#include "net/http/http_util.h"
	#include "ppapi/c/pp_bool.h"
	#include "ppapi/c/pp_var.h"
	#include "ppapi/proxy/ppapi_messages.h"
	#include "ppapi/shared_impl/url_request_info_data.h"
	#include "ppapi/shared_impl/var.h"
	#include "ppapi/thunk/enter.h"
	#include "third_party/WebKit/public/platform/WebData.h"
	#include "third_party/WebKit/public/platform/WebHTTPBody.h"
	#include "third_party/WebKit/public/platform/WebURL.h"
	#include "third_party/WebKit/public/platform/WebURLRequest.h"
	#include "third_party/WebKit/public/web/WebDocument.h"
	#include "third_party/WebKit/public/web/WebFrame.h"
	#include "url/gurl.h"
	#include "url/url_util.h"

	using ppapi::Resource;
	using ppapi::URLRequestInfoData;
	using ppapi::thunk::EnterResourceNoLock;
	using blink::WebData;
	using blink::WebHTTPBody;
	using blink::WebString;
	using blink::WebFrame;
	using blink::WebURL;
	using blink::WebURLRequest;

	namespace content {

	namespace {

	// Appends the file ref given the Resource pointer associated with it to the
	// given HTTP body, returning true on success.
	bool AppendFileRefToBody(PP_Instance instance,
	PP_Resource resource,
	int64_t start_offset,
	int64_t number_of_bytes,
	PP_Time expected_last_modified_time,
	WebHTTPBody* http_body) {
	base::FilePath platform_path;
	PepperPluginInstanceImpl* instance_impl =
	HostGlobals::Get()->GetInstance(instance);
	if (!instance_impl)
	return false;

	RendererPpapiHost* renderer_ppapi_host =
	instance_impl->module()->renderer_ppapi_host();
	if (!renderer_ppapi_host)
	return false;
	ppapi::host::ResourceHost* resource_host =
	renderer_ppapi_host->GetPpapiHost()->GetResourceHost(resource);
	if (!resource_host \|\| !resource_host->IsFileRefHost())
	return false;
	PepperFileRefRendererHost* file_ref_host =
	static_cast<PepperFileRefRendererHost*>(resource_host);
	switch (file_ref_host->GetFileSystemType()) {
	case PP_FILESYSTEMTYPE_LOCALTEMPORARY:
	case PP_FILESYSTEMTYPE_LOCALPERSISTENT:
	// TODO(kinuko): remove this sync IPC when we fully support
	// AppendURLRange for FileSystem URL.
	RenderThreadImpl::current()->Send(
	new FileSystemHostMsg_SyncGetPlatformPath(
	file_ref_host->GetFileSystemURL(), &platform_path));
	break;
	case PP_FILESYSTEMTYPE_EXTERNAL:
	platform_path = file_ref_host->GetExternalFilePath();
	break;
	default:
	NOTREACHED();
	}
	http_body->appendFileRange(platform_path.AsUTF16Unsafe(),
	start_offset,
	number_of_bytes,
	expected_last_modified_time);
	return true;
	}

	// Checks that the request data is valid. Returns false on failure. Note that
	// method and header validation is done by the URL loader when the request is
	// opened, and any access errors are returned asynchronously.
	bool ValidateURLRequestData(const URLRequestInfoData& data) {
	if (data.prefetch_buffer_lower_threshold < 0 \|\|
	data.prefetch_buffer_upper_threshold < 0 \|\|
	data.prefetch_buffer_upper_threshold <=
	data.prefetch_buffer_lower_threshold) {
	return false;
	}
	return true;
	}

	} // namespace

	bool CreateWebURLRequest(PP_Instance instance,
	URLRequestInfoData* data,
	WebFrame* frame,
	WebURLRequest* dest) {
	// In the out-of-process case, we've received the URLRequestInfoData
	// from the untrusted plugin and done no validation on it. We need to be
	// sure it's not being malicious by checking everything for consistency.
	if (!ValidateURLRequestData(*data))
	return false;

	dest->initialize();
	dest->setURL(frame->document().completeURL(WebString::fromUTF8(data->url)));
	dest->setDownloadToFile(data->stream_to_file);
	dest->setReportUploadProgress(data->record_upload_progress);

	if (!data->method.empty())
	dest->setHTTPMethod(WebString::fromUTF8(data->method));

	dest->setFirstPartyForCookies(frame->document().firstPartyForCookies());

	const std::string& headers = data->headers;
	if (!headers.empty()) {
	net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\n\r");
	while (it.GetNext()) {
	dest->addHTTPHeaderField(WebString::fromUTF8(it.name()),
	WebString::fromUTF8(it.values()));
	}
	}

	// Append the upload data.
	if (!data->body.empty()) {
	WebHTTPBody http_body;
	http_body.initialize();
	int file_index = 0;
	for (size_t i = 0; i < data->body.size(); ++i) {
	const URLRequestInfoData::BodyItem& item = data->body[i];
	if (item.is_file) {
	if (!AppendFileRefToBody(instance,
	item.file_ref_pp_resource,
	item.start_offset,
	item.number_of_bytes,
	item.expected_last_modified_time,
	&http_body))
	return false;
	file_index++;
	} else {
	DCHECK(!item.data.empty());
	http_body.appendData(WebData(item.data));
	}
	}
	dest->setHTTPBody(http_body);
	}

	// Add the "Referer" header if there is a custom referrer. Such requests
	// require universal access. For all other requests, "Referer" will be set
	// after header security checks are done in AssociatedURLLoader.
	if (data->has_custom_referrer_url && !data->custom_referrer_url.empty())
	frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url));

	if (data->has_custom_content_transfer_encoding &&
	!data->custom_content_transfer_encoding.empty()) {
	dest->addHTTPHeaderField(
	WebString::fromUTF8("Content-Transfer-Encoding"),
	WebString::fromUTF8(data->custom_content_transfer_encoding));
	}

	if (data->has_custom_user_agent) {
	RequestExtraData* extra_data = new RequestExtraData();
	extra_data->set_custom_user_agent(
	WebString::fromUTF8(data->custom_user_agent));
	dest->setExtraData(extra_data);
	}

	return true;
	}

	bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) {
	return data.has_custom_referrer_url \|\|
	data.has_custom_content_transfer_encoding \|\|
	data.has_custom_user_agent \|\|
	url::FindAndCompareScheme(data.url, "javascript", NULL);
	}

	} // namespace content