src/webkit/browser/database/database_util.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "webkit/browser/database/database_util.h"
   6
   7 #include "base/basictypes.h"
   8 #include "base/strings/utf_string_conversions.h"
   9 #include "webkit/browser/database/database_tracker.h"
  10 #include "webkit/browser/database/vfs_backend.h"
  11
  12 namespace webkit_database {
  13
  14 const char DatabaseUtil::kJournalFileSuffix[] = "-journal";
  15
  16 bool DatabaseUtil::CrackVfsFileName(const base::string16& vfs_file_name,
  17                                     std::string* origin_identifier,
  18                                     base::string16* database_name,
  19                                     base::string16* sqlite_suffix) {
  20   // 'vfs_file_name' is of the form <origin_identifier>/<db_name>#<suffix>.
  21   // <suffix> is optional.
  22   DCHECK(!vfs_file_name.empty());
  23   size_t first_slash_index = vfs_file_name.find('/');
  24   size_t last_pound_index = vfs_file_name.rfind('#');
  25   // '/' and '#' must be present in the string. Also, the string cannot start
  26   // with a '/' (origin_identifier cannot be empty) and '/' must come before '#'
  27   if ((first_slash_index == base::string16::npos) ||
  28       (last_pound_index == base::string16::npos) ||
  29       (first_slash_index == 0) ||
  30       (first_slash_index > last_pound_index)) {
  31     return false;
  32   }
  33
  34   if (origin_identifier) {
  35     *origin_identifier = UTF16ToASCII(
  36         vfs_file_name.substr(0, first_slash_index));
  37   }
  38   if (database_name) {
  39     *database_name = vfs_file_name.substr(
  40         first_slash_index + 1, last_pound_index - first_slash_index - 1);
  41   }
  42   if (sqlite_suffix) {
  43     *sqlite_suffix = vfs_file_name.substr(
  44         last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1);
  45   }
  46   return true;
  47 }
  48
  49 base::FilePath DatabaseUtil::GetFullFilePathForVfsFile(
  50     DatabaseTracker* db_tracker, const base::string16& vfs_file_name) {
  51   std::string origin_identifier;
  52   base::string16 database_name;
  53   base::string16 sqlite_suffix;
  54   if (!CrackVfsFileName(vfs_file_name, &origin_identifier,
  55                         &database_name, &sqlite_suffix)) {
  56     return base::FilePath(); // invalid vfs_file_name
  57   }
  58
  59   base::FilePath full_path = db_tracker->GetFullDBFilePath(
  60       origin_identifier, database_name);
  61   if (!full_path.empty() && !sqlite_suffix.empty()) {
  62     DCHECK(full_path.Extension().empty());
  63     full_path = full_path.InsertBeforeExtensionASCII(
  64         UTF16ToASCII(sqlite_suffix));
  65   }
  66   // Watch out for directory traversal attempts from a compromised renderer.
  67   if (full_path.value().find(FILE_PATH_LITERAL("..")) !=
  68           base::FilePath::StringType::npos)
  69     return base::FilePath();
  70   return full_path;
  71 }
  72
  73 bool DatabaseUtil::IsValidOriginIdentifier(
  74     const std::string& origin_identifier) {
  75   std::string dotdot = "..";
  76   char forbidden[] = {'\\', '/', '\0'};
  77
  78   std::string::size_type pos = origin_identifier.find(dotdot);
  79   if (pos == std::string::npos)
  80     pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden));
  81
  82   return pos == std::string::npos;
  83 }
  84
  85 }  // namespace webkit_database