1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/policy/core/browser/url_blacklist_manager.h"
8 #include "base/files/file_path.h"
9 #include "base/location.h"
10 #include "base/message_loop/message_loop_proxy.h"
11 #include "base/prefs/pref_service.h"
12 #include "base/sequenced_task_runner.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string_number_conversions.h"
15 #include "base/task_runner_util.h"
16 #include "base/values.h"
17 #include "components/policy/core/common/policy_pref_names.h"
18 #include "components/user_prefs/pref_registry_syncable.h"
19 #include "net/base/filename_util.h"
20 #include "net/base/load_flags.h"
21 #include "net/base/net_errors.h"
22 #include "net/url_request/url_request.h"
23 #include "url/url_parse.h"
25 using url_matcher::URLMatcher;
26 using url_matcher::URLMatcherCondition;
27 using url_matcher::URLMatcherConditionFactory;
28 using url_matcher::URLMatcherConditionSet;
29 using url_matcher::URLMatcherPortFilter;
30 using url_matcher::URLMatcherSchemeFilter;
31 using url_matcher::URLQueryElementMatcherCondition;
37 const char kFileScheme[] = "file";
39 // Maximum filters per policy. Filters over this index are ignored.
40 const size_t kMaxFiltersPerPolicy = 1000;
42 // A task that builds the blacklist on a background thread.
43 scoped_ptr<URLBlacklist> BuildBlacklist(
44 scoped_ptr<base::ListValue> block,
45 scoped_ptr<base::ListValue> allow,
46 URLBlacklist::SegmentURLCallback segment_url) {
47 scoped_ptr<URLBlacklist> blacklist(new URLBlacklist(segment_url));
48 blacklist->Block(block.get());
49 blacklist->Allow(allow.get());
50 return blacklist.Pass();
53 // Tokenise the parameter |query| and add appropriate query element matcher
54 // conditions to the |query_conditions|.
55 void ProcessQueryToConditions(
56 url_matcher::URLMatcherConditionFactory* condition_factory,
57 const std::string& query,
59 std::set<URLQueryElementMatcherCondition>* query_conditions) {
60 url::Component query_left = url::MakeRange(0, query.length());
63 // Depending on the filter type being black-list or white-list, the matcher
64 // choose any or every match. The idea is a URL should be black-listed if
65 // there is any occurrence of the key value pair. It should be white-listed
66 // only if every occurrence of the key is followed by the value. This avoids
67 // situations such as a user appending a white-listed video parameter in the
68 // end of the query and watching a video of his choice (the last parameter is
69 // ignored by some web servers like youtube's).
70 URLQueryElementMatcherCondition::Type match_type =
71 allow ? URLQueryElementMatcherCondition::MATCH_ALL
72 : URLQueryElementMatcherCondition::MATCH_ANY;
74 while (ExtractQueryKeyValue(query.data(), &query_left, &key, &value)) {
75 URLQueryElementMatcherCondition::QueryElementType query_element_type =
76 value.len ? URLQueryElementMatcherCondition::ELEMENT_TYPE_KEY_VALUE
77 : URLQueryElementMatcherCondition::ELEMENT_TYPE_KEY;
78 URLQueryElementMatcherCondition::QueryValueMatchType query_value_match_type;
79 if (!value.len && key.len && query[key.end() - 1] == '*') {
81 query_value_match_type =
82 URLQueryElementMatcherCondition::QUERY_VALUE_MATCH_PREFIX;
83 } else if (value.len && query[value.end() - 1] == '*') {
85 query_value_match_type =
86 URLQueryElementMatcherCondition::QUERY_VALUE_MATCH_PREFIX;
88 query_value_match_type =
89 URLQueryElementMatcherCondition::QUERY_VALUE_MATCH_EXACT;
91 query_conditions->insert(
92 URLQueryElementMatcherCondition(query.substr(key.begin, key.len),
93 query.substr(value.begin, value.len),
94 query_value_match_type,
103 struct URLBlacklist::FilterComponents {
104 FilterComponents() : port(0), match_subdomains(true), allow(true) {}
105 ~FilterComponents() {}
112 int number_of_key_value_pairs;
113 bool match_subdomains;
117 URLBlacklist::URLBlacklist(SegmentURLCallback segment_url)
118 : segment_url_(segment_url), id_(0), url_matcher_(new URLMatcher) {}
120 URLBlacklist::~URLBlacklist() {}
122 void URLBlacklist::AddFilters(bool allow,
123 const base::ListValue* list) {
124 URLMatcherConditionSet::Vector all_conditions;
125 size_t size = std::min(kMaxFiltersPerPolicy, list->GetSize());
126 for (size_t i = 0; i < size; ++i) {
128 bool success = list->GetString(i, &pattern);
130 FilterComponents components;
131 components.allow = allow;
132 if (!FilterToComponents(segment_url_,
136 &components.match_subdomains,
139 &components.query)) {
140 LOG(ERROR) << "Invalid pattern " << pattern;
144 scoped_refptr<URLMatcherConditionSet> condition_set =
145 CreateConditionSet(url_matcher_.get(),
149 components.match_subdomains,
154 components.number_of_key_value_pairs =
155 condition_set->query_conditions().size();
156 all_conditions.push_back(condition_set);
157 filters_[id_] = components;
159 url_matcher_->AddConditionSets(all_conditions);
162 void URLBlacklist::Block(const base::ListValue* filters) {
163 AddFilters(false, filters);
166 void URLBlacklist::Allow(const base::ListValue* filters) {
167 AddFilters(true, filters);
170 bool URLBlacklist::IsURLBlocked(const GURL& url) const {
171 std::set<URLMatcherConditionSet::ID> matching_ids =
172 url_matcher_->MatchURL(url);
174 const FilterComponents* max = NULL;
175 for (std::set<URLMatcherConditionSet::ID>::iterator id = matching_ids.begin();
176 id != matching_ids.end(); ++id) {
177 std::map<int, FilterComponents>::const_iterator it = filters_.find(*id);
178 DCHECK(it != filters_.end());
179 const FilterComponents& filter = it->second;
180 if (!max || FilterTakesPrecedence(filter, *max))
191 size_t URLBlacklist::Size() const {
192 return filters_.size();
196 bool URLBlacklist::FilterToComponents(SegmentURLCallback segment_url,
197 const std::string& filter,
200 bool* match_subdomains,
203 std::string* query) {
206 if (segment_url(filter, &parsed) == kFileScheme) {
207 base::FilePath file_path;
208 if (!net::FileURLToFilePath(GURL(filter), &file_path))
211 *scheme = kFileScheme;
213 *match_subdomains = true;
215 // Special path when the |filter| is 'file://*'.
216 *path = (filter == "file://*") ? "" : file_path.AsUTF8Unsafe();
217 #if defined(FILE_PATH_USES_WIN_SEPARATORS)
218 // Separators have to be canonicalized on Windows.
219 std::replace(path->begin(), path->end(), '\\', '/');
225 if (!parsed.host.is_nonempty())
228 if (parsed.scheme.is_nonempty())
229 scheme->assign(filter, parsed.scheme.begin, parsed.scheme.len);
233 host->assign(filter, parsed.host.begin, parsed.host.len);
234 // Special '*' host, matches all hosts.
237 *match_subdomains = true;
238 } else if ((*host)[0] == '.') {
239 // A leading dot in the pattern syntax means that we don't want to match
242 *match_subdomains = false;
244 url::RawCanonOutputT<char> output;
245 url::CanonHostInfo host_info;
246 url::CanonicalizeHostVerbose(filter.c_str(), parsed.host, &output,
248 if (host_info.family == url::CanonHostInfo::NEUTRAL) {
249 // We want to match subdomains. Add a dot in front to make sure we only
250 // match at domain component boundaries.
252 *match_subdomains = true;
254 *match_subdomains = false;
258 if (parsed.port.is_nonempty()) {
260 if (!base::StringToInt(filter.substr(parsed.port.begin, parsed.port.len),
264 if (int_port <= 0 || int_port > kuint16max)
272 if (parsed.path.is_nonempty())
273 path->assign(filter, parsed.path.begin, parsed.path.len);
278 if (parsed.query.is_nonempty())
279 query->assign(filter, parsed.query.begin, parsed.query.len);
288 scoped_refptr<URLMatcherConditionSet> URLBlacklist::CreateConditionSet(
289 URLMatcher* url_matcher,
291 const std::string& scheme,
292 const std::string& host,
293 bool match_subdomains,
295 const std::string& path,
296 const std::string& query,
298 URLMatcherConditionFactory* condition_factory =
299 url_matcher->condition_factory();
300 std::set<URLMatcherCondition> conditions;
301 conditions.insert(match_subdomains ?
302 condition_factory->CreateHostSuffixPathPrefixCondition(host, path) :
303 condition_factory->CreateHostEqualsPathPrefixCondition(host, path));
305 std::set<URLQueryElementMatcherCondition> query_conditions;
306 if (!query.empty()) {
307 ProcessQueryToConditions(
308 condition_factory, query, allow, &query_conditions);
311 scoped_ptr<URLMatcherSchemeFilter> scheme_filter;
313 scheme_filter.reset(new URLMatcherSchemeFilter(scheme));
315 scoped_ptr<URLMatcherPortFilter> port_filter;
317 std::vector<URLMatcherPortFilter::Range> ranges;
318 ranges.push_back(URLMatcherPortFilter::CreateRange(port));
319 port_filter.reset(new URLMatcherPortFilter(ranges));
322 return new URLMatcherConditionSet(id,
325 scheme_filter.Pass(),
330 bool URLBlacklist::FilterTakesPrecedence(const FilterComponents& lhs,
331 const FilterComponents& rhs) {
332 if (lhs.match_subdomains && !rhs.match_subdomains)
334 if (!lhs.match_subdomains && rhs.match_subdomains)
337 size_t host_length = lhs.host.length();
338 size_t other_host_length = rhs.host.length();
339 if (host_length != other_host_length)
340 return host_length > other_host_length;
342 size_t path_length = lhs.path.length();
343 size_t other_path_length = rhs.path.length();
344 if (path_length != other_path_length)
345 return path_length > other_path_length;
347 if (lhs.number_of_key_value_pairs != rhs.number_of_key_value_pairs)
348 return lhs.number_of_key_value_pairs > rhs.number_of_key_value_pairs;
350 if (lhs.allow && !rhs.allow)
356 URLBlacklistManager::URLBlacklistManager(
357 PrefService* pref_service,
358 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
359 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
360 URLBlacklist::SegmentURLCallback segment_url,
361 OverrideBlacklistCallback override_blacklist)
362 : ui_weak_ptr_factory_(this),
363 pref_service_(pref_service),
364 background_task_runner_(background_task_runner),
365 io_task_runner_(io_task_runner),
366 segment_url_(segment_url),
367 override_blacklist_(override_blacklist),
368 io_weak_ptr_factory_(this),
369 ui_task_runner_(base::MessageLoopProxy::current()),
370 blacklist_(new URLBlacklist(segment_url)) {
371 pref_change_registrar_.Init(pref_service_);
372 base::Closure callback = base::Bind(&URLBlacklistManager::ScheduleUpdate,
373 base::Unretained(this));
374 pref_change_registrar_.Add(policy_prefs::kUrlBlacklist, callback);
375 pref_change_registrar_.Add(policy_prefs::kUrlWhitelist, callback);
377 // Start enforcing the policies without a delay when they are present at
379 if (pref_service_->HasPrefPath(policy_prefs::kUrlBlacklist))
383 void URLBlacklistManager::ShutdownOnUIThread() {
384 DCHECK(ui_task_runner_->RunsTasksOnCurrentThread());
385 // Cancel any pending updates, and stop listening for pref change updates.
386 ui_weak_ptr_factory_.InvalidateWeakPtrs();
387 pref_change_registrar_.RemoveAll();
390 URLBlacklistManager::~URLBlacklistManager() {
393 void URLBlacklistManager::ScheduleUpdate() {
394 DCHECK(ui_task_runner_->RunsTasksOnCurrentThread());
395 // Cancel pending updates, if any. This can happen if two preferences that
396 // change the blacklist are updated in one message loop cycle. In those cases,
397 // only rebuild the blacklist after all the preference updates are processed.
398 ui_weak_ptr_factory_.InvalidateWeakPtrs();
399 ui_task_runner_->PostTask(
401 base::Bind(&URLBlacklistManager::Update,
402 ui_weak_ptr_factory_.GetWeakPtr()));
405 void URLBlacklistManager::Update() {
406 DCHECK(ui_task_runner_->RunsTasksOnCurrentThread());
408 // The preferences can only be read on the UI thread.
409 scoped_ptr<base::ListValue> block(
410 pref_service_->GetList(policy_prefs::kUrlBlacklist)->DeepCopy());
411 scoped_ptr<base::ListValue> allow(
412 pref_service_->GetList(policy_prefs::kUrlWhitelist)->DeepCopy());
414 // Go through the IO thread to grab a WeakPtr to |this|. This is safe from
415 // here, since this task will always execute before a potential deletion of
416 // ProfileIOData on IO.
417 io_task_runner_->PostTask(FROM_HERE,
418 base::Bind(&URLBlacklistManager::UpdateOnIO,
419 base::Unretained(this),
420 base::Passed(&block),
421 base::Passed(&allow)));
424 void URLBlacklistManager::UpdateOnIO(scoped_ptr<base::ListValue> block,
425 scoped_ptr<base::ListValue> allow) {
426 DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
427 // The URLBlacklist is built on a worker thread. Once it's ready, it is passed
428 // to the URLBlacklistManager on IO.
429 base::PostTaskAndReplyWithResult(
430 background_task_runner_,
432 base::Bind(&BuildBlacklist,
433 base::Passed(&block),
434 base::Passed(&allow),
436 base::Bind(&URLBlacklistManager::SetBlacklist,
437 io_weak_ptr_factory_.GetWeakPtr()));
440 void URLBlacklistManager::SetBlacklist(scoped_ptr<URLBlacklist> blacklist) {
441 DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
442 blacklist_ = blacklist.Pass();
445 bool URLBlacklistManager::IsURLBlocked(const GURL& url) const {
446 DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
447 return blacklist_->IsURLBlocked(url);
450 bool URLBlacklistManager::IsRequestBlocked(
451 const net::URLRequest& request, int* reason) const {
452 DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
454 // TODO(joaodasilva): iOS doesn't set these flags. http://crbug.com/338283
455 int filter_flags = net::LOAD_MAIN_FRAME | net::LOAD_SUB_FRAME;
456 if ((request.load_flags() & filter_flags) == 0)
461 if (override_blacklist_.Run(request.url(), &block, reason))
464 *reason = net::ERR_BLOCKED_BY_ADMINISTRATOR;
465 return IsURLBlocked(request.url());
469 void URLBlacklistManager::RegisterProfilePrefs(
470 user_prefs::PrefRegistrySyncable* registry) {
471 registry->RegisterListPref(policy_prefs::kUrlBlacklist,
472 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
473 registry->RegisterListPref(policy_prefs::kUrlWhitelist,
474 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
477 } // namespace policy