1 16 package com.google.gwt.dev.shell; 17 18 import com.google.gwt.core.ext.TreeLogger; 19 20 import java.util.HashSet ; 21 import java.util.Iterator ; 22 import java.util.Set ; 23 import java.util.regex.Pattern ; 24 import java.util.regex.PatternSyntaxException ; 25 26 29 public class BrowserWidgetHostChecker { 30 31 34 private static final Set alwaysValidHttpHosts = new HashSet (); 35 36 39 private static final Set invalidHttpHosts = new HashSet (); 40 41 private static String oldBlackList = null; 42 43 private static String oldWhiteList = null; 44 45 48 private static final Set validHttpHosts = new HashSet (); 49 50 static { 51 alwaysValidHttpHosts.add("^https?://localhost"); 52 alwaysValidHttpHosts.add("^file:"); 53 alwaysValidHttpHosts.add("^about:"); 54 alwaysValidHttpHosts.add("^res:"); 55 alwaysValidHttpHosts.add("^javascript:"); 56 alwaysValidHttpHosts.add("^([a-zA-Z][:])[/\\\\]"); 57 alwaysValidHttpHosts.add("^https?://localhost/"); 59 alwaysValidHttpHosts.add("^https?://localhost[.]localdomain/"); 60 alwaysValidHttpHosts.add("^https?://127[.]0[.]0[.]1/"); 61 alwaysValidHttpHosts.add("^https?://localhost$"); 62 alwaysValidHttpHosts.add("^https?://localhost[.]localdomain$"); 63 alwaysValidHttpHosts.add("^https?://127[.]0[.]0[.]1$"); 64 } 65 66 71 public static boolean blacklistRegexes(String regexes) { 72 return addRegex(regexes, false); 73 } 74 75 80 public static void blacklistURL(String url) { 81 String hostRegex = computeHostRegex(url); 82 blacklistRegexes(hostRegex); 83 } 84 85 92 public static String checkHost(String hostUnderConsideration, Set hosts) { 93 hostUnderConsideration = hostUnderConsideration.toLowerCase(); 94 for (Iterator i = hosts.iterator(); i.hasNext();) { 95 String rule = i.next().toString().toLowerCase(); 96 if (hostUnderConsideration.matches(".*" + rule + ".*")) { 98 return rule; 99 } 100 } 101 return null; 102 } 103 104 110 public static String computeHostRegex(String url) { 111 String raw = url.split("(?<![:/])/")[0]; 113 return "^" + escapeString(raw); 115 } 116 117 122 public static String formatBlackList() { 123 return formatRules(invalidHttpHosts); 124 } 125 126 132 public static String formatRules(Set hosts) { 133 StringBuffer out = new StringBuffer (); 134 for (Iterator i = hosts.iterator(); i.hasNext();) { 135 String rule = (String ) i.next(); 136 out.append(rule); 137 out.append(" "); 138 } 139 return out.toString(); 140 } 141 142 147 public static String formatWhiteList() { 148 return formatRules(validHttpHosts); 149 } 150 151 158 public static boolean isAlwaysWhitelisted(String url) { 159 String whitelistRuleFound; 160 whitelistRuleFound = checkHost(url, alwaysValidHttpHosts); 161 return whitelistRuleFound != null; 162 } 163 164 170 public static String matchBlacklisted(String url) { 171 oldBlackList = formatBlackList(); 172 return checkHost(url, invalidHttpHosts); 173 } 174 175 182 public static String matchWhitelisted(String url) { 183 oldWhiteList = formatWhiteList(); 184 return checkHost(url, validHttpHosts); 185 } 186 187 195 public static void notifyBlacklistedHost(String blacklistRuleFound, 196 String url, TreeLogger header, TreeLogger.Type msgType) { 197 TreeLogger reason = header.branch(msgType, "reason: " + url 198 + " is blacklisted", null); 199 reason.log(msgType, "To fix: remove \"" + blacklistRuleFound 200 + "\" from system property gwt.hosts.blacklist", null); 201 } 202 203 211 public static void notifyUntrustedHost(String url, TreeLogger header, 212 TreeLogger.Type msgType) { 213 String whiteListStr = oldWhiteList; 214 String blackListStr = oldBlackList; 215 String hostRegex = computeHostRegex(url); 216 TreeLogger reason = header.branch(msgType, "reason: " + url 217 + " is not in the whitelist", null); 218 reason.log(msgType, "whitelist: " + whiteListStr, null); 219 reason.log(msgType, "blacklist: " + blackListStr, null); 220 TreeLogger fix = header.branch(msgType, "To fix: add regex matching " 221 + "URL to -whitelist command line argument", null); 222 fix.log(msgType, "Example: -whitelist=\"" + whiteListStr + " " + hostRegex 223 + "\"", null); 224 TreeLogger reject = header.branch(msgType, 225 "To reject automatically: add regex matching " 226 + "URL to -blacklist command line argument", null); 227 reject.log(msgType, "Example: -blacklist=\"" + blackListStr + " " 228 + hostRegex + "\"", null); 229 } 230 231 237 public static boolean whitelistRegexes(String regexes) { 238 return addRegex(regexes, true); 239 } 240 241 246 public static void whitelistURL(String url) { 247 String hostRegex = computeHostRegex(url); 248 whitelistRegexes(hostRegex); 249 } 250 251 259 private static boolean addRegex(String regexes, boolean whitelist) { 260 if (regexes.equals("")) { 261 return true; } 263 String [] items = regexes.split("[ ,]"); 264 for (int i = 0; i < items.length; i++) { 265 try { 266 Pattern.compile(items[i]); 267 } catch (PatternSyntaxException e) { 268 System.err.println("The regex '" + items[i] + " has syntax errors."); 269 System.err.println(e.toString()); 270 return false; 271 } 272 if (whitelist) { 273 validHttpHosts.add(items[i]); 274 } else { 275 invalidHttpHosts.add(items[i]); 276 } 277 } 278 return true; 279 } 280 281 private static String escapeString(String raw) { 282 StringBuffer out = new StringBuffer (); 283 for (int i = 0; i < raw.length(); i++) { 284 char c = raw.charAt(i); 285 if (Character.isLetterOrDigit(c) || c == '-' || c == '_') { 286 out.append(c); 287 } else if (c == '\\') { 288 out.append("[\\\\]"); 289 } else if (c == ']') { 290 out.append("[\\]]"); 291 } else if (c == '^') { 292 out.append("[\\^]"); 293 } else if (c == '[') { 294 out.append("[\\[]"); 295 } else { 296 out.append("["); 297 out.append(c); 298 out.append("]"); 299 } 300 } 301 return out.toString(); 302 } 303 304 } 305 | Popular Tags |