npapi_plugin/origin.cc

   1 /*
   2  * Copyright 2008, Google Inc.
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions are
   7  * met:
   8  *
   9  *     * Redistributions of source code must retain the above copyright
  10  * notice, this list of conditions and the following disclaimer.
  11  *     * Redistributions in binary form must reproduce the above
  12  * copyright notice, this list of conditions and the following disclaimer
  13  * in the documentation and/or other materials provided with the
  14  * distribution.
  15  *     * Neither the name of Google Inc. nor the names of its
  16  * contributors may be used to endorse or promote products derived from
  17  * this software without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30  */
  31
  32
  33 #include <stdio.h>
  34
  35 #include <cctype>
  36 #include <string>
  37 #include <stdlib.h>
  38 #include <algorithm>
  39
  40 #include "native_client/include/base/basictypes.h"
  41 #include "native_client/npapi_plugin/origin.h"
  42
  43 #define NACL_SELENIUM_TEST "NACL_DISABLE_SECURITY_FOR_SELENIUM_TEST"
  44
  45 #ifdef  ORIGIN_DEBUG
  46 # define dprintf(alist) printf alist
  47 #else
  48 # define dprintf(alist)
  49 #endif
  50
  51 namespace nacl {
  52
  53 std::string UrlToOrigin(std::string url) {
  54   std::string::iterator it = find(url.begin(), url.end(), ':');
  55   if (url.end() == it) {
  56     dprintf(("no protospec separator found\n"));
  57     return "";
  58   }
  59   for (int num_slashes = 0; num_slashes < 3; ++num_slashes) {
  60     it = find(it + 1, url.end(), '/');
  61     if (url.end() == it) {
  62       dprintf(("no start of pathspec found\n"));
  63       return "";
  64     }
  65   }
  66
  67   std::string origin(url.begin(), it);
  68
  69   //
  70   // Domain names are in ascii and case insensitive, so we can
  71   // canonicalize to all lower case.  NB: Internationalizing Domain
  72   // Names in Applications (IDNA) encodes unicode in this reduced
  73   // alphabet.
  74   //
  75   for (it = origin.begin(); origin.end() != it; ++it) {
  76     *it = tolower(*it);
  77   }
  78   //
  79   // cannonicalize empty hostname as "localhost"
  80   //
  81   if ("file://" == origin) {
  82     origin = "file://localhost";
  83   }
  84   return origin;
  85 }
  86
  87 // For now we are just checking that NaCl modules are local, or on
  88 // code.google.com.  Beware NaCl modules in the browser cache!
  89 //
  90 // Eventually, after sufficient security testing, we will always
  91 // return true.
  92 bool OriginIsInWhitelist(std::string origin) {
  93   static char const *allowed_origin[] = {
  94     /*
  95      * do *NOT* add in file://localhost as a way to get old tests to
  96      * work.  The file://localhost was only for early stage testing
  97      * -- having it can be a security problem if an adversary can
  98      * guess browser cache file names.
  99      */
 100     "http://localhost",
 101     "http://localhost:80",
 102     "http://localhost:5103",
 103 #if 0
 104     "http://code.google.com",  // for demos hosted on project website
 105 #endif
 106   };
 107   for (size_t i = 0; i < ARRAYSIZE(allowed_origin); ++i) {
 108     if (origin == allowed_origin[i]) {
 109       return true;
 110     }
 111   }
 112   // We disregard the origin whitelist when running Selenium tests.
 113   // The code below is temporary since eventually we will drop the
 114   // whitelist completely.
 115 #if NACL_WINDOWS
 116   char buffer[2];
 117   size_t required_buffer_size;
 118   if (0 == getenv_s(&required_buffer_size, buffer, 2, NACL_SELENIUM_TEST)) {
 119 #else
 120   if (NULL != getenv(NACL_SELENIUM_TEST)) {
 121 #endif
 122     return true;
 123   }
 124
 125   return false;
 126 }
 127
 128 }