blob: 615d4474f669796c90274c7a0d904148bfcd085f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
// Copyright (C) 2017 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:critical reason:data-parser
#ifndef QHSTS_P_H
#define QHSTS_P_H
//
// W A R N I N G
// -------------
//
// This file is not part of the Qt API. It exists for the convenience
// of the Network Access API. This header file may change from
// version to version without notice, or even be removed.
//
// We mean it.
//
#include <QtNetwork/private/qtnetworkglobal_p.h>
#include <QtNetwork/qhstspolicy.h>
#include <QtCore/qbytearray.h>
#include <QtCore/qdatetime.h>
#include <QtCore/qstring.h>
#include <QtCore/qurl.h>
#include <QtCore/qcontainerfwd.h>
#include <map>
QT_BEGIN_NAMESPACE
class QHttpHeaders;
class Q_AUTOTEST_EXPORT QHstsCache
{
public:
void updateFromHeaders(const QHttpHeaders &headers,
const QUrl &url);
void updateFromPolicies(const QList<QHstsPolicy> &hosts);
void updateKnownHost(const QUrl &url, const QDateTime &expires,
bool includeSubDomains);
bool isKnownHost(const QUrl &url) const;
void clear();
QList<QHstsPolicy> policies() const;
#if QT_CONFIG(settings)
void setStore(class QHstsStore *store);
#endif // QT_CONFIG(settings)
private:
void updateKnownHost(const QString &hostName, const QDateTime &expires,
bool includeSubDomains);
struct HostName
{
explicit HostName(const QString &n) : name(n) { }
explicit HostName(QStringView r) : fragment(r) { }
bool operator < (const HostName &rhs) const
{
if (fragment.size()) {
if (rhs.fragment.size())
return fragment < rhs.fragment;
return fragment < QStringView{rhs.name};
}
if (rhs.fragment.size())
return QStringView{name} < rhs.fragment;
return name < rhs.name;
}
// We use 'name' for a HostName object contained in our dictionary;
// we use 'fragment' only during lookup, when chopping the complete host
// name, removing subdomain names (such HostName object is 'transient', it
// must not outlive the original QString object.
QString name;
QStringView fragment;
};
mutable std::map<HostName, QHstsPolicy> knownHosts;
#if QT_CONFIG(settings)
QHstsStore *hstsStore = nullptr;
#endif // QT_CONFIG(settings)
};
class Q_AUTOTEST_EXPORT QHstsHeaderParser
{
public:
bool parse(const QHttpHeaders &headers);
QDateTime expirationDate() const { return expiry; }
bool includeSubDomains() const { return subDomainsFound; }
private:
bool parseSTSHeader();
bool parseDirective();
bool processDirective(const QByteArray &name, const QByteArray &value);
bool nextToken();
QByteArray header;
QByteArray token;
QDateTime expiry;
int tokenPos = 0;
bool maxAgeFound = false;
qint64 maxAge = 0;
bool subDomainsFound = false;
};
QT_END_NAMESPACE
#endif
|