SecurityOrigin.cpp [plain text]
#include "config.h"
#include "SecurityOrigin.h"
#include "BlobURL.h"
#include "FileSystem.h"
#include "URL.h"
#include "SchemeRegistry.h"
#include "SecurityPolicy.h"
#include "ThreadableBlobRegistry.h"
#include <wtf/MainThread.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/StdLibExtras.h>
#include <wtf/text/StringBuilder.h>
namespace WebCore {
static bool schemeRequiresHost(const URL& url)
{
return url.protocolIsInHTTPFamily() || url.protocolIs("ftp");
}
bool SecurityOrigin::shouldUseInnerURL(const URL& url)
{
if (url.protocolIsBlob())
return true;
UNUSED_PARAM(url);
return false;
}
URL SecurityOrigin::extractInnerURL(const URL& url)
{
return { URL(), decodeURLEscapeSequences(url.path()) };
}
static RefPtr<SecurityOrigin> getCachedOrigin(const URL& url)
{
if (url.protocolIsBlob())
return ThreadableBlobRegistry::getCachedOrigin(url);
return nullptr;
}
static bool shouldTreatAsUniqueOrigin(const URL& url)
{
if (!url.isValid())
return true;
URL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;
if (schemeRequiresHost(innerURL) && innerURL.host().isEmpty())
return true;
if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(innerURL.protocol().toStringWithoutCopying()))
return true;
return false;
}
static bool isLoopbackIPAddress(const URL& url)
{
ASSERT(url.isValid());
auto host = url.host();
if (host == "[::1]")
return true;
if (!host.startsWith("127."))
return false;
size_t dotsFound = 0;
for (size_t i = 0; i < host.length(); ++i) {
if (host[i] == '.') {
dotsFound++;
continue;
}
if (!isASCIIDigit(host[i]))
return false;
}
return dotsFound == 3;
}
static bool shouldTreatAsPotentionallyTrustworthy(const URL& url)
{
if (!url.isValid())
return false;
if (SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol().toStringWithoutCopying()))
return true;
if (isLoopbackIPAddress(url))
return true;
if (equalLettersIgnoringASCIICase(url.host(), "localhost"))
return true;
if (SchemeRegistry::shouldTreatURLSchemeAsLocal(url.protocol().toStringWithoutCopying()))
return true;
return false;
}
SecurityOrigin::SecurityOrigin(const URL& url)
: m_protocol { url.protocol().isNull() ? emptyString() : url.protocol().toString().convertToASCIILowercase() }
, m_host { url.host().isNull() ? emptyString() : url.host().convertToASCIILowercase() }
, m_port { url.port() }
{
m_domain = m_host;
if (m_port && isDefaultPortForProtocol(m_port.value(), m_protocol))
m_port = std::nullopt;
m_canLoadLocalResources = isLocal();
if (m_canLoadLocalResources)
m_filePath = url.fileSystemPath();
m_isPotentionallyTrustworthy = shouldTreatAsPotentionallyTrustworthy(url);
}
SecurityOrigin::SecurityOrigin()
: m_protocol { emptyString() }
, m_host { emptyString() }
, m_domain { emptyString() }
, m_isUnique { true }
, m_isPotentionallyTrustworthy { true }
{
}
SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
: m_protocol { other->m_protocol.isolatedCopy() }
, m_host { other->m_host.isolatedCopy() }
, m_domain { other->m_domain.isolatedCopy() }
, m_filePath { other->m_filePath.isolatedCopy() }
, m_port { other->m_port }
, m_isUnique { other->m_isUnique }
, m_universalAccess { other->m_universalAccess }
, m_domainWasSetInDOM { other->m_domainWasSetInDOM }
, m_canLoadLocalResources { other->m_canLoadLocalResources }
, m_storageBlockingPolicy { other->m_storageBlockingPolicy }
, m_enforceFilePathSeparation { other->m_enforceFilePathSeparation }
, m_needsStorageAccessFromFileURLsQuirk { other->m_needsStorageAccessFromFileURLsQuirk }
, m_isPotentionallyTrustworthy { other->m_isPotentionallyTrustworthy }
{
}
Ref<SecurityOrigin> SecurityOrigin::create(const URL& url)
{
if (RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url))
return cachedOrigin.releaseNonNull();
if (shouldTreatAsUniqueOrigin(url))
return adoptRef(*new SecurityOrigin);
if (shouldUseInnerURL(url))
return adoptRef(*new SecurityOrigin(extractInnerURL(url)));
return adoptRef(*new SecurityOrigin(url));
}
Ref<SecurityOrigin> SecurityOrigin::createUnique()
{
Ref<SecurityOrigin> origin(adoptRef(*new SecurityOrigin));
ASSERT(origin.get().isUnique());
return origin;
}
Ref<SecurityOrigin> SecurityOrigin::isolatedCopy() const
{
return adoptRef(*new SecurityOrigin(this));
}
void SecurityOrigin::setDomainFromDOM(const String& newDomain)
{
m_domainWasSetInDOM = true;
m_domain = newDomain.convertToASCIILowercase();
}
bool SecurityOrigin::isSecure(const URL& url)
{
if (!url.isValid() || SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol().toStringWithoutCopying()))
return true;
if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol().toStringWithoutCopying()))
return true;
return false;
}
bool SecurityOrigin::canAccess(const SecurityOrigin& other) const
{
if (m_universalAccess)
return true;
if (this == &other)
return true;
if (isUnique() || other.isUnique())
return false;
bool canAccess = false;
if (m_protocol == other.m_protocol) {
if (!m_domainWasSetInDOM && !other.m_domainWasSetInDOM) {
if (m_host == other.m_host && m_port == other.m_port)
canAccess = true;
} else if (m_domainWasSetInDOM && other.m_domainWasSetInDOM) {
if (m_domain == other.m_domain)
canAccess = true;
}
}
if (canAccess && isLocal())
canAccess = passesFileCheck(other);
return canAccess;
}
bool SecurityOrigin::passesFileCheck(const SecurityOrigin& other) const
{
ASSERT(isLocal() && other.isLocal());
if (!m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation)
return true;
return (m_filePath == other.m_filePath);
}
bool SecurityOrigin::canRequest(const URL& url) const
{
if (m_universalAccess)
return true;
if (getCachedOrigin(url) == this)
return true;
if (isUnique())
return false;
Ref<SecurityOrigin> targetOrigin(SecurityOrigin::create(url));
if (targetOrigin->isUnique())
return false;
if (isSameSchemeHostPort(targetOrigin.get()))
return true;
if (SecurityPolicy::isAccessWhiteListed(this, &targetOrigin.get()))
return true;
return false;
}
bool SecurityOrigin::canReceiveDragData(const SecurityOrigin& dragInitiator) const
{
if (this == &dragInitiator)
return true;
return canAccess(dragInitiator);
}
static bool isFeedWithNestedProtocolInHTTPFamily(const URL& url)
{
const String& urlString = url.string();
if (!urlString.startsWith("feed", false))
return false;
return urlString.startsWith("feed://", false)
|| urlString.startsWith("feed:http:", false) || urlString.startsWith("feed:https:", false)
|| urlString.startsWith("feeds:http:", false) || urlString.startsWith("feeds:https:", false)
|| urlString.startsWith("feedsearch:http:", false) || urlString.startsWith("feedsearch:https:", false);
}
bool SecurityOrigin::canDisplay(const URL& url) const
{
if (m_universalAccess)
return true;
#if !PLATFORM(IOS)
if (m_protocol == "file" && url.isLocalFile() && !filesHaveSameVolume(m_filePath, url.fileSystemPath()))
return false;
#endif
if (isFeedWithNestedProtocolInHTTPFamily(url))
return true;
String protocol = url.protocol().toString();
if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol))
return canRequest(url);
if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol))
return equalIgnoringASCIICase(m_protocol, protocol) || SecurityPolicy::isAccessToURLWhiteListed(this, url);
if (SecurityPolicy::restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url);
return true;
}
bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin, ShouldAllowFromThirdParty shouldAllowFromThirdParty) const
{
if (isUnique())
return false;
if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess && shouldAllowFromThirdParty != AlwaysAllowFromThirdParty)
return false;
if (m_storageBlockingPolicy == BlockAllStorage)
return false;
if (!topOrigin)
return true;
if (topOrigin->m_storageBlockingPolicy == BlockAllStorage)
return false;
if (shouldAllowFromThirdParty == AlwaysAllowFromThirdParty)
return true;
if (m_universalAccess)
return true;
if ((m_storageBlockingPolicy == BlockThirdPartyStorage || topOrigin->m_storageBlockingPolicy == BlockThirdPartyStorage) && !topOrigin->isSameOriginAs(*this))
return false;
return true;
}
SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const
{
if (m_universalAccess)
return AlwaysAllow;
if (isUnique())
return AlwaysDeny;
return Ask;
}
bool SecurityOrigin::isSameOriginAs(const SecurityOrigin& other) const
{
if (this == &other)
return true;
if (isUnique() || other.isUnique())
return false;
return isSameSchemeHostPort(other);
}
void SecurityOrigin::grantLoadLocalResources()
{
m_canLoadLocalResources = true;
}
void SecurityOrigin::grantUniversalAccess()
{
m_universalAccess = true;
}
void SecurityOrigin::grantStorageAccessFromFileURLsQuirk()
{
m_needsStorageAccessFromFileURLsQuirk = true;
}
String SecurityOrigin::domainForCachePartition() const
{
if (m_storageBlockingPolicy != BlockThirdPartyStorage)
return emptyString();
if (isHTTPFamily())
return host();
if (SchemeRegistry::shouldPartitionCacheForURLScheme(m_protocol))
return host();
return emptyString();
}
void SecurityOrigin::enforceFilePathSeparation()
{
ASSERT(isLocal());
m_enforceFilePathSeparation = true;
}
bool SecurityOrigin::isLocal() const
{
return SchemeRegistry::shouldTreatURLSchemeAsLocal(m_protocol);
}
String SecurityOrigin::toString() const
{
if (isUnique())
return ASCIILiteral("null");
if (m_protocol == "file" && m_enforceFilePathSeparation)
return ASCIILiteral("null");
return toRawString();
}
String SecurityOrigin::toRawString() const
{
if (m_protocol == "file")
return ASCIILiteral("file://");
StringBuilder result;
result.reserveCapacity(m_protocol.length() + m_host.length() + 10);
result.append(m_protocol);
result.appendLiteral("://");
result.append(m_host);
if (m_port) {
result.append(':');
result.appendNumber(m_port.value());
}
return result.toString();
}
static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2)
{
if (origin1.isUnique() || origin2.isUnique())
return origin1.isUnique() == origin2.isUnique();
if (origin1.protocol() != origin2.protocol())
return false;
if (origin1.protocol() == "file")
return true;
if (origin1.host() != origin2.host())
return false;
return origin1.port() == origin2.port();
}
bool originsMatch(const SecurityOrigin& origin1, const SecurityOrigin& origin2)
{
if (&origin1 == &origin2)
return true;
bool result = areOriginsMatching(origin1, origin2);
ASSERT(result == (origin1.toString() == origin2.toString()));
return result;
}
bool originsMatch(const SecurityOrigin* origin1, const SecurityOrigin* origin2)
{
if (!origin1 || !origin2)
return origin1 == origin2;
return originsMatch(*origin1, *origin2);
}
Ref<SecurityOrigin> SecurityOrigin::createFromString(const String& originString)
{
return SecurityOrigin::create(URL(URL(), originString));
}
Ref<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, std::optional<uint16_t> port)
{
String decodedHost = decodeURLEscapeSequences(host);
auto origin = create(URL(URL(), protocol + "://" + host + "/"));
if (port && !isDefaultPortForProtocol(*port, protocol))
origin->m_port = port;
return origin;
}
bool SecurityOrigin::equal(const SecurityOrigin* other) const
{
if (other == this)
return true;
if (!isSameSchemeHostPort(*other))
return false;
if (m_domainWasSetInDOM != other->m_domainWasSetInDOM)
return false;
if (m_domainWasSetInDOM && m_domain != other->m_domain)
return false;
return true;
}
bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin& other) const
{
if (m_host != other.m_host)
return false;
if (m_protocol != other.m_protocol)
return false;
if (m_port != other.m_port)
return false;
if (isLocal() && !passesFileCheck(other))
return false;
return true;
}
URL SecurityOrigin::urlWithUniqueSecurityOrigin()
{
ASSERT(isMainThread());
static NeverDestroyed<URL> uniqueSecurityOriginURL(ParsedURLString, MAKE_STATIC_STRING_IMPL("data:,"));
return uniqueSecurityOriginURL;
}
}