tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsSecurityHeaderParser.h (3069B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef nsSecurityHeaderParser_h
      6 #define nsSecurityHeaderParser_h
      7 
      8 #include "mozilla/LinkedList.h"
      9 #include "mozilla/Maybe.h"
     10 #include "nsCOMPtr.h"
     11 #include "nsString.h"
     12 
     13 // Utility class for handing back parsed directives and (optional) values
     14 class nsSecurityHeaderDirective
     15    : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
     16 public:
     17  // The name of the directive.
     18  nsCString mName;
     19  // The value of the directive, if any. Will be Some if and only if a '='
     20  // followed the directive name (the value itself may be the empty string).
     21  mozilla::Maybe<nsCString> mValue;
     22 };
     23 
     24 // This class parses security-related HTTP headers like
     25 // Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this
     26 // header is reproduced below, for reference:
     27 //
     28 //   Strict-Transport-Security = "Strict-Transport-Security" ":"
     29 //                               [ directive ]  *( ";" [ directive ] )
     30 //
     31 //   directive                 = directive-name [ "=" directive-value ]
     32 //   directive-name            = token
     33 //   directive-value           = token | quoted-string
     34 //
     35 //   where:
     36 //
     37 //   token          = <token, defined in [RFC2616], Section 2.2>
     38 //   quoted-string  = <quoted-string, defined in [RFC2616], Section 2.2>/
     39 //
     40 // For further reference, see [RFC6797], Section 6.1
     41 
     42 class nsSecurityHeaderParser {
     43 public:
     44  // The input to this class must be null-terminated, and must have a lifetime
     45  // greater than or equal to the lifetime of the created
     46  // nsSecurityHeaderParser.
     47  explicit nsSecurityHeaderParser(const nsCString& aHeader);
     48  ~nsSecurityHeaderParser();
     49 
     50  // Only call Parse once.
     51  nsresult Parse();
     52  // The caller does not take ownership of the memory returned here.
     53  mozilla::LinkedList<nsSecurityHeaderDirective>* GetDirectives();
     54 
     55 private:
     56  bool Accept(char aChr);
     57  bool Accept(bool (*aClassifier)(signed char));
     58  void Expect(char aChr);
     59  void Advance();
     60  void Header();          // header = [ directive ] *( ";" [ directive ] )
     61  void Directive();       // directive = directive-name [ "=" directive-value ]
     62  void DirectiveName();   // directive-name = token
     63  void DirectiveValue();  // directive-value = token | quoted-string
     64  void Token();           // token = 1*<any CHAR except CTLs or separators>
     65  void QuotedString();    // quoted-string = (<"> *( qdtext | quoted-pair ) <">)
     66  void QuotedText();      // qdtext = <any TEXT except <"> and "\">
     67  void QuotedPair();      // quoted-pair = "\" CHAR
     68 
     69  // LWS = [CRLF] 1*( SP | HT )
     70  void LWSMultiple();  // Handles *( LWS )
     71  void LWSCRLF();      // Handles the [CRLF] part of LWS
     72  void LWS();          // Handles the 1*( SP | HT ) part of LWS
     73 
     74  mozilla::LinkedList<nsSecurityHeaderDirective> mDirectives;
     75  const char* mCursor;
     76  nsSecurityHeaderDirective* mDirective;
     77 
     78  nsCString mOutput;
     79  bool mError;
     80 };
     81 
     82 #endif  // nsSecurityHeaderParser_h