// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "net/cookies/cookie_util.h" #include <cstdio> #include <cstdlib> #include <string> #include <string_view> #include <utility> #include "base/check.h" #include "base/command_line.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" #include "base/notreached.h" #include "base/strings/strcat.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" #include "base/types/optional_util.h" #include "build/build_config.h" #include "net/base/features.h" #include "net/base/isolation_info.h" #include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/base/url_util.h" #include "net/cookies/cookie_access_delegate.h" #include "net/cookies/cookie_constants.h" #include "net/cookies/cookie_inclusion_status.h" #include "net/cookies/cookie_monster.h" #include "net/cookies/cookie_options.h" #include "net/cookies/cookie_switches.h" #include "net/cookies/parsed_cookie.h" #include "net/first_party_sets/first_party_set_metadata.h" #include "net/first_party_sets/first_party_sets_cache_filter.h" #include "net/http/http_util.h" #include "url/gurl.h" #include "url/url_constants.h" namespace net::cookie_util { namespace { ContextType; ContextMetadata; base::Time MinNonNullTime() { … } // Tries to assemble a base::Time given a base::Time::Exploded representing a // UTC calendar date. // // If the date falls outside of the range supported internally by // FromUTCExploded() on the current platform, then the result is: // // * Time(1) if it's below the range FromUTCExploded() supports. // * Time::Max() if it's above the range FromUTCExploded() supports. bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded, base::Time* out) { … } // Tests that a cookie has the attributes for a valid __Host- prefix without // testing that the prefix is in the cookie name. bool HasValidHostPrefixAttributes(const GURL& url, bool secure, const std::string& domain, const std::string& path) { … } struct ComputeSameSiteContextResult { … }; CookieOptions::SameSiteCookieContext MakeSameSiteCookieContext( const ComputeSameSiteContextResult& result, const ComputeSameSiteContextResult& schemeful_result) { … } ContextMetadata::ContextRedirectTypeBug1221316 ComputeContextRedirectTypeBug1221316(bool url_chain_is_length_one, bool same_site_initiator, bool site_for_cookies_is_same_site, bool same_site_redirect_chain) { … } // This function consolidates the common logic for computing SameSite cookie // access context in various situations (HTTP vs JS; get vs set). // // `is_http` is whether the current cookie access request is associated with a // network request (as opposed to a non-HTTP API, i.e., JavaScript). // // `compute_schemefully` is whether the current computation is for a // schemeful_context, i.e. whether scheme should be considered when comparing // two sites. // // See documentation of `ComputeSameSiteContextForRequest` for explanations of // other parameters. ComputeSameSiteContextResult ComputeSameSiteContext( const std::vector<GURL>& url_chain, const SiteForCookies& site_for_cookies, const std::optional<url::Origin>& initiator, bool is_http, bool is_main_frame_navigation, bool compute_schemefully) { … } // Setting any SameSite={Strict,Lax} cookie only requires a LAX context, so // normalize any strictly same-site contexts to Lax for cookie writes. void NormalizeStrictToLaxForSet(ComputeSameSiteContextResult& result) { … } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSet( const std::vector<GURL>& url_chain, const SiteForCookies& site_for_cookies, const std::optional<url::Origin>& initiator, bool is_http, bool is_main_frame_navigation) { … } bool CookieWithAccessResultSorter(const CookieWithAccessResult& a, const CookieWithAccessResult& b) { … } } // namespace void FireStorageAccessHistogram(StorageAccessResult result) { … } bool DomainIsHostOnly(const std::string& domain_string) { … } std::string CookieDomainAsHost(const std::string& cookie_domain) { … } std::string GetEffectiveDomain(const std::string& scheme, const std::string& host) { … } bool GetCookieDomainWithString(const GURL& url, const std::string& domain_string, CookieInclusionStatus& status, std::string* result) { … } // Parse a cookie expiration time. We try to be lenient, but we need to // assume some order to distinguish the fields. The basic rules: // - The month name must be present and prefix the first 3 letters of the // full month name (jan for January, jun for June). // - If the year is <= 2 digits, it must occur after the day of month. // - The time must be of the format hh:mm:ss. // An average cookie expiration will look something like this: // Sat, 15-Apr-17 21:01:22 GMT base::Time ParseCookieExpirationTime(const std::string& time_string) { … } std::string CanonPathWithString(const GURL& url, const std::string& path_string) { … } GURL CookieDomainAndPathToURL(const std::string& domain, const std::string& path, const std::string& source_scheme) { … } GURL CookieDomainAndPathToURL(const std::string& domain, const std::string& path, bool is_https) { … } GURL CookieDomainAndPathToURL(const std::string& domain, const std::string& path, CookieSourceScheme source_scheme) { … } GURL CookieOriginToURL(const std::string& domain, bool is_https) { … } GURL SimulatedCookieSource(const CanonicalCookie& cookie, const std::string& source_scheme) { … } CookieAccessScheme ProvisionalAccessScheme(const GURL& source_url) { … } bool IsDomainMatch(const std::string& domain, const std::string& host) { … } bool IsOnPath(const std::string& cookie_path, const std::string& url_path) { … } CookiePrefix GetCookiePrefix(const std::string& name) { … } bool IsCookiePrefixValid(CookiePrefix prefix, const GURL& url, const ParsedCookie& parsed_cookie) { … } bool IsCookiePrefixValid(CookiePrefix prefix, const GURL& url, bool secure, const std::string& domain, const std::string& path) { … } bool IsCookiePartitionedValid(const GURL& url, const ParsedCookie& parsed_cookie, bool partition_has_nonce) { … } bool IsCookiePartitionedValid(const GURL& url, bool secure, bool is_partitioned, bool partition_has_nonce) { … } void ParseRequestCookieLine(const std::string& header_value, ParsedRequestCookies* parsed_cookies) { … } std::string SerializeRequestCookieLine( const ParsedRequestCookies& parsed_cookies) { … } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( const std::string& http_method, const std::vector<GURL>& url_chain, const SiteForCookies& site_for_cookies, const std::optional<url::Origin>& initiator, bool is_main_frame_navigation, bool force_ignore_site_for_cookies) { … } NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptGet(const GURL& url, const SiteForCookies& site_for_cookies, const std::optional<url::Origin>& initiator, bool force_ignore_site_for_cookies) { … } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse( const std::vector<GURL>& url_chain, const SiteForCookies& site_for_cookies, const std::optional<url::Origin>& initiator, bool is_main_frame_navigation, bool force_ignore_site_for_cookies) { … } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet( const GURL& url, const SiteForCookies& site_for_cookies, bool force_ignore_site_for_cookies) { … } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSubresource( const GURL& url, const SiteForCookies& site_for_cookies, bool force_ignore_site_for_cookies) { … } bool IsPortBoundCookiesEnabled() { … } bool IsSchemeBoundCookiesEnabled() { … } bool IsOriginBoundCookiesPartiallyEnabled() { … } bool IsTimeLimitedInsecureCookiesEnabled() { … } bool IsSchemefulSameSiteEnabled() { … } std::optional< std::pair<FirstPartySetMetadata, FirstPartySetsCacheFilter::MatchInfo>> ComputeFirstPartySetMetadataMaybeAsync( const SchemefulSite& request_site, const IsolationInfo& isolation_info, const CookieAccessDelegate* cookie_access_delegate, base::OnceCallback<void(FirstPartySetMetadata, FirstPartySetsCacheFilter::MatchInfo)> callback) { … } CookieOptions::SameSiteCookieContext::ContextMetadata::HttpMethod HttpMethodStringToEnum(const std::string& in) { … } bool IsCookieAccessResultInclude(CookieAccessResult cookie_access_result) { … } CookieList StripAccessResults( const CookieAccessResultList& cookie_access_results_list) { … } NET_EXPORT void RecordCookiePortOmniboxHistograms(const GURL& url) { … } NET_EXPORT void DCheckIncludedAndExcludedCookieLists( const CookieAccessResultList& included_cookies, const CookieAccessResultList& excluded_cookies) { … } NET_EXPORT bool IsForceThirdPartyCookieBlockingEnabled() { … } bool PartitionedCookiesDisabledByCommandLine() { … } } // namespace net::cookie_util
Codebase Browser
chromium