tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ReportingHeader.h (5330B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_dom_ReportingHeader_h
      8 #define mozilla_dom_ReportingHeader_h
      9 
     10 #include "mozilla/TimeStamp.h"
     11 #include "nsClassHashtable.h"
     12 #include "nsIObserver.h"
     13 #include "nsITimer.h"
     14 #include "nsTObserverArray.h"
     15 
     16 class nsIHttpChannel;
     17 class nsIPrincipal;
     18 class nsIURI;
     19 
     20 namespace mozilla {
     21 
     22 class OriginAttributesPattern;
     23 
     24 namespace ipc {
     25 class PrincipalInfo;
     26 }
     27 
     28 namespace dom {
     29 
     30 class ReportingHeader final : public nsIObserver,
     31                              public nsITimerCallback,
     32                              public nsINamed {
     33 public:
     34  NS_DECL_ISUPPORTS
     35  NS_DECL_NSIOBSERVER
     36  NS_DECL_NSITIMERCALLBACK
     37  NS_DECL_NSINAMED
     38 
     39  static void Initialize();
     40 
     41  // Exposed structs for gtests
     42 
     43  struct Endpoint {
     44    nsCOMPtr<nsIURI> mUrl;
     45    nsCString mEndpointName;
     46    uint32_t mPriority;
     47    uint32_t mWeight;
     48    uint32_t mFailures;
     49  };
     50 
     51  struct Group {
     52    nsString mName;
     53    bool mIncludeSubdomains;
     54    int32_t mTTL;
     55    TimeStamp mCreationTime;
     56    nsTObserverArray<Endpoint> mEndpoints;
     57  };
     58 
     59  struct Client {
     60    nsTObserverArray<Group> mGroups;
     61  };
     62 
     63  // Parses the Reporting-Endpoints of a given header according to the algorithm
     64  // in https://www.w3.org/TR/reporting-1/#header
     65  static UniquePtr<Client> ParseReportingEndpointsHeader(
     66      const nsACString& aHeaderValue, nsIURI* aURI);
     67 
     68  // [Deprecated] Parses the contents of a given header according to the
     69  // algorithm in https://www.w3.org/TR/2018/WD-reporting-1-20180925/#header
     70  static UniquePtr<Client> ParseReportToHeader(nsIHttpChannel* aChannel,
     71                                               nsIURI* aURI,
     72                                               const nsACString& aHeaderValue);
     73 
     74  static void GetEndpointForReport(
     75      const nsAString& aGroupName,
     76      const mozilla::ipc::PrincipalInfo& aPrincipalInfo,
     77      nsACString& aEndpointURI);
     78 
     79  static void GetEndpointForReport(const nsAString& aGroupName,
     80                                   nsIPrincipal* aPrincipal,
     81                                   nsACString& aEndpointURI);
     82 
     83  // Used for network-error-logging
     84  // If no endpoint is found for aPrincipal and aIncludeSubdomains is true
     85  // we'll check all parent origins for groups that have mIncludeSubdomains
     86  // equal to true.
     87  static void GetEndpointForReportIncludeSubdomains(const nsAString& aGroupName,
     88                                                    nsIPrincipal* aPrincipal,
     89                                                    bool aIncludeSubdomains,
     90                                                    nsACString& aEndpointURI);
     91 
     92  static void RemoveEndpoint(const nsAString& aGroupName,
     93                             const nsACString& aEndpointURL,
     94                             const mozilla::ipc::PrincipalInfo& aPrincipalInfo);
     95 
     96  // ChromeOnly-WebIDL methods
     97 
     98  static bool HasReportingHeaderForOrigin(const nsACString& aOrigin);
     99 
    100 private:
    101  ReportingHeader();
    102  ~ReportingHeader();
    103 
    104  static void Shutdown();
    105 
    106  // Checks if a channel contains a Report-To header and parses its value.
    107  void ReportingFromChannel(nsIHttpChannel* aChannel);
    108 
    109  // This method checks if the protocol handler of the URI has the
    110  // URI_IS_POTENTIALLY_TRUSTWORTHY flag.
    111  static bool IsSecureURI(nsIURI* aURI);
    112 
    113  void RemoveOriginsFromHost(const nsAString& aHost);
    114 
    115  void RemoveOriginsFromOriginAttributesPattern(
    116      const OriginAttributesPattern& aPattern);
    117 
    118  void RemoveOrigins();
    119 
    120  void RemoveOriginsForTTL();
    121 
    122  void MaybeCreateCleanupTimer();
    123 
    124  void MaybeCancelCleanupTimer();
    125 
    126  static void LogToConsoleInvalidJSON(nsIHttpChannel* aChannel, nsIURI* aURI);
    127 
    128  static void LogToConsoleDuplicateGroup(nsIHttpChannel* aChannel, nsIURI* aURI,
    129                                         const nsAString& aName);
    130 
    131  static void LogToConsoleInvalidNameItem(nsIHttpChannel* aChannel,
    132                                          nsIURI* aURI);
    133 
    134  static void LogToConsoleIncompleteItem(nsIHttpChannel* aChannel, nsIURI* aURI,
    135                                         const nsAString& aName);
    136 
    137  static void LogToConsoleIncompleteEndpoint(nsIHttpChannel* aChannel,
    138                                             nsIURI* aURI,
    139                                             const nsAString& aName);
    140 
    141  static void LogToConsoleInvalidURLEndpoint(nsIHttpChannel* aChannel,
    142                                             nsIURI* aURI,
    143                                             const nsAString& aName,
    144                                             const nsAString& aURL);
    145 
    146  static void LogToConsoleInternal(nsIHttpChannel* aChannel, nsIURI* aURI,
    147                                   const char* aMsg,
    148                                   const nsTArray<nsString>& aParams);
    149 
    150  static void GetEndpointForReportInternal(const ReportingHeader::Group& aGrup,
    151                                           nsACString& aEndpointURI);
    152 
    153  nsClassHashtable<nsCStringHashKey, Client> mOrigins;
    154 
    155  nsCOMPtr<nsITimer> mCleanupTimer;
    156 };
    157 
    158 }  // namespace dom
    159 }  // namespace mozilla
    160 
    161 #endif  // mozilla_dom_ReportingHeader_h