Return-Path: X-Original-To: apmail-cordova-commits-archive@www.apache.org Delivered-To: apmail-cordova-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CF07210A29 for ; Thu, 11 Jul 2013 18:12:28 +0000 (UTC) Received: (qmail 64639 invoked by uid 500); 11 Jul 2013 18:12:28 -0000 Delivered-To: apmail-cordova-commits-archive@cordova.apache.org Received: (qmail 64617 invoked by uid 500); 11 Jul 2013 18:12:28 -0000 Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list commits@cordova.apache.org Received: (qmail 64532 invoked by uid 99); 11 Jul 2013 18:12:28 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Jul 2013 18:12:28 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 026E088FA7C; Thu, 11 Jul 2013 18:12:27 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ian@apache.org To: commits@cordova.apache.org Date: Thu, 11 Jul 2013 18:12:28 -0000 Message-Id: <668db9722f504234a6044228a0418cc2@git.apache.org> In-Reply-To: <595572a86297421bb44448e8f6116dd1@git.apache.org> References: <595572a86297421bb44448e8f6116dd1@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [2/2] android commit: [CB-4151] Extract whitelist from Config class for testability [CB-4151] Extract whitelist from Config class for testability Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/3ae28b30 Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/3ae28b30 Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/3ae28b30 Branch: refs/heads/master Commit: 3ae28b3085cbea91bd93105a54a9218012278924 Parents: b5df9dd Author: Ian Clelland Authored: Thu Jul 11 14:01:23 2013 -0400 Committer: Ian Clelland Committed: Thu Jul 11 14:11:37 2013 -0400 ---------------------------------------------------------------------- framework/src/org/apache/cordova/Config.java | 100 +--------------- framework/src/org/apache/cordova/Whitelist.java | 119 +++++++++++++++++++ 2 files changed, 123 insertions(+), 96 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-android/blob/3ae28b30/framework/src/org/apache/cordova/Config.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/Config.java b/framework/src/org/apache/cordova/Config.java index 1a522de..6e0c147 100644 --- a/framework/src/org/apache/cordova/Config.java +++ b/framework/src/org/apache/cordova/Config.java @@ -21,9 +21,6 @@ package org.apache.cordova; import java.io.IOException; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; import java.util.Locale; import java.util.regex.Matcher; @@ -44,8 +41,7 @@ public class Config { public static final String TAG = "Config"; - private ArrayList whiteList = new ArrayList(); - private HashMap whiteListCache = new HashMap(); + private Whitelist whitelist = new Whitelist(); private String startUrl; private static Config self = null; @@ -92,7 +88,7 @@ public class Config { String origin = xml.getAttributeValue(null, "origin"); String subdomains = xml.getAttributeValue(null, "subdomains"); if (origin != null) { - this._addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); + whitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); } } else if (strNode.equals("log")) { @@ -200,79 +196,9 @@ public class Config { if (self == null) { return; } - - self._addWhiteListEntry(origin, subdomains); + self.whitelist.addWhiteListEntry(origin, subdomains); } - /* - * Trying to figure out how to match * is a pain - * So, we don't use a regex here - */ - - private boolean originHasWildcard(String origin){ - //First, check for a protocol, then split it if it has one. - if(origin.contains("//")) - { - origin = origin.split("//")[1]; - } - return origin.startsWith("*"); - } - - private void _addWhiteListEntry(String origin, boolean subdomains) { - try { - // Unlimited access to network resources - if (origin.compareTo("*") == 0) { - LOG.d(TAG, "Unlimited access to network resources"); - this.whiteList.add(Pattern.compile(".*")); - } - else { // specific access - // check if subdomains should be included - if(originHasWildcard(origin)) - { - subdomains = true; - //Remove the wildcard so this works properly - origin = origin.replace("*.", ""); - } - - // TODO: we should not add more domains if * has already been added - Pattern schemeRegex = Pattern.compile("^[a-z-]+://"); - Matcher matcher = schemeRegex.matcher(origin); - if (subdomains) { - // Check for http or https protocols - if (origin.startsWith("http")) { - this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?"))); - } - // Check for other protocols - else if(matcher.find()){ - this.whiteList.add(Pattern.compile("^" + origin.replaceFirst("//", "//(.*\\.)?"))); - } - // XXX making it stupid friendly for people who forget to include protocol/SSL - else { - this.whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin)); - } - LOG.d(TAG, "Origin to allow with subdomains: %s", origin); - } else { - // Check for http or https protocols - if (origin.startsWith("http")) { - this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://"))); - } - // Check for other protocols - else if(matcher.find()){ - this.whiteList.add(Pattern.compile("^" + origin)); - } - // XXX making it stupid friendly for people who forget to include protocol/SSL - else { - this.whiteList.add(Pattern.compile("^https?://" + origin)); - } - LOG.d(TAG, "Origin to allow: %s", origin); - } - } - } catch (Exception e) { - LOG.d(TAG, "Failed to add origin %s", origin); - } - } - - /** * Determine if URL is in approved list of URLs to load. * @@ -283,25 +209,7 @@ public class Config { if (self == null) { return false; } - - // Check to see if we have matched url previously - if (self.whiteListCache.get(url) != null) { - return true; - } - - // Look for match in white list - Iterator pit = self.whiteList.iterator(); - while (pit.hasNext()) { - Pattern p = pit.next(); - Matcher m = p.matcher(url); - - // If match found, then cache it to speed up subsequent comparisons - if (m.find()) { - self.whiteListCache.put(url, true); - return true; - } - } - return false; + return self.whitelist.isUrlWhiteListed(url); } public static String getStartUrl() { http://git-wip-us.apache.org/repos/asf/cordova-android/blob/3ae28b30/framework/src/org/apache/cordova/Whitelist.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/Whitelist.java b/framework/src/org/apache/cordova/Whitelist.java new file mode 100644 index 0000000..736e5a7 --- /dev/null +++ b/framework/src/org/apache/cordova/Whitelist.java @@ -0,0 +1,119 @@ +package org.apache.cordova; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.cordova.LOG; + +public class Whitelist { + private ArrayList whiteList; + private HashMap whiteListCache; + + public static final String TAG = "Whitelist"; + + public Whitelist() { + this.whiteList = new ArrayList(); + this.whiteListCache = new HashMap(); + } + + /* + * Trying to figure out how to match * is a pain + * So, we don't use a regex here + */ + + private boolean originHasWildcard(String origin){ + //First, check for a protocol, then split it if it has one. + if(origin.contains("//")) + { + origin = origin.split("//")[1]; + } + return origin.startsWith("*"); + } + + public void addWhiteListEntry(String origin, boolean subdomains) { + try { + // Unlimited access to network resources + if (origin.compareTo("*") == 0) { + LOG.d(TAG, "Unlimited access to network resources"); + whiteList.add(Pattern.compile(".*")); + } + else { // specific access + // check if subdomains should be included + if(originHasWildcard(origin)) + { + subdomains = true; + //Remove the wildcard so this works properly + origin = origin.replace("*.", ""); + } + + // TODO: we should not add more domains if * has already been added + Pattern schemeRegex = Pattern.compile("^[a-z-]+://"); + Matcher matcher = schemeRegex.matcher(origin); + if (subdomains) { + // Check for http or https protocols + if (origin.startsWith("http")) { + whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?"))); + } + // Check for other protocols + else if(matcher.find()){ + whiteList.add(Pattern.compile("^" + origin.replaceFirst("//", "//(.*\\.)?"))); + } + // XXX making it stupid friendly for people who forget to include protocol/SSL + else { + whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin)); + } + LOG.d(TAG, "Origin to allow with subdomains: %s", origin); + } else { + // Check for http or https protocols + if (origin.startsWith("http")) { + whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://"))); + } + // Check for other protocols + else if(matcher.find()){ + whiteList.add(Pattern.compile("^" + origin)); + } + // XXX making it stupid friendly for people who forget to include protocol/SSL + else { + whiteList.add(Pattern.compile("^https?://" + origin)); + } + LOG.d(TAG, "Origin to allow: %s", origin); + } + } + } catch (Exception e) { + LOG.d(TAG, "Failed to add origin %s", origin); + } + } + + + /** + * Determine if URL is in approved list of URLs to load. + * + * @param url + * @return + */ + public boolean isUrlWhiteListed(String url) { + + // Check to see if we have matched url previously + if (whiteListCache.get(url) != null) { + return true; + } + + // Look for match in white list + Iterator pit = whiteList.iterator(); + while (pit.hasNext()) { + Pattern p = pit.next(); + Matcher m = p.matcher(url); + + // If match found, then cache it to speed up subsequent comparisons + if (m.find()) { + whiteListCache.put(url, true); + return true; + } + } + return false; + } + +}