[libi2ncommon] / src / restricted_html.cpp

/*
The software in this package is distributed under the GNU General
Public License version 2 (with a special exception described below).

A copy of GNU General Public License (GPL) is included in this distribution,
in the file COPYING.GPL.

As a special exception, if other files instantiate templates or use macros
or inline functions from this file, or you compile this file and link it
with other works to produce a work based on this file, this file
does not by itself cause the resulting work to be covered
by the GNU General Public License.

However the source code for this file must still be made available
in accordance with section (3) of the GNU General Public License.

This exception does not invalidate any other reasons why a work based
on this file might be covered by the GNU General Public License.
*/
/** @file
 * @brief restricts html messages to an allowed group of tags.
 *
 * @copyright &copy; Copyright 2017 Intra2net AG
 *
 */

#include <string>
#include <sstream>
#include <iomanip>

#include <stringfunc.hxx>
#include <restricted_html.hpp>
#include <pcrecpp.h>
#include <fstream>
#include "crypto.hxx"
#include "filefunc.hxx"

using namespace std;


namespace I2n
{


/**
 * @brief Replace all "+" characters found in s to spaces (" ").
 *
 * @param s string that will be modified.
 */
static void unescape_space(string &s)
{
    string::size_type pos;
    while ((pos=s.find('+')) != string::npos)
        s[pos]=' ';
}

/**
 * @brief Converts a hexadecimal sequence to its respective character.
 *
 * @param s string of size 2. Example: "77"
 * @return respective character represented by the hex sequence.
 */
static char x2c(const string& s)
{
    char digit;
    digit=(s[0]>='A' ? ((s[0] & 0xdf)-'A')+10 : (s[0]-'0'));
    digit*=16;
    digit+=(s[1]>='A' ? ((s[1] & 0xdf)-'A')+10 : (s[1]-'0'));
    return digit;
}

/**
 * @brief Scan a string to find escaped hex chars in the format "%HH" and replace
 * for their respective character.
 * Example: "www%2E" becomes "www."
 *
 * @param s String that will be modified.
 */
static void unescape_hex(string& s)
{
    static char hex_escape='%';
    string::size_type escape_pos;
    string hex_seq;
    string rest=s;
    for (s=""; ((escape_pos=rest.find(hex_escape)) != string::npos);)
    {
        if (escape_pos+2<static_cast<unsigned int>(rest.length())
            && ::isalnum(rest[escape_pos+1]) && ::isalnum(rest[escape_pos+2]))
        {
            hex_seq=rest.substr(escape_pos+1,2);
            s=s+rest.substr(0,escape_pos)+x2c(hex_seq);
            rest=rest.erase(0,escape_pos+3);
        }
        else
        {
            s=s+rest.substr(0,escape_pos+1);
            rest=rest.erase(0,escape_pos+1);
        }
    }
    s+=rest;
}

/**
* @brief Decode url that contains percent-encoding. Replace space " " with "+".
* Example: "%77%77%77%2E" becomes "www."
*
* @param s url string.
* @return the decoded string.
*/
string decode_url(string s)
{
    unescape_space (s);
    unescape_hex (s);
    return (s);
}

/**
 * @brief Verify if the parameter character requires encoding, If it is non
 * alphanumeric or valid ascii signs.
 *
 * @param c character to be verified.
 * @return true if the character should be encoded.
 */
bool needs_encoding (const char &c)
{
    // some valid ascii signs
    if (c == '_' || c == '-')
        return false;

    // is digit?
    if (c > 47 && c < 58)
        return false;

    // is uppercase letter?
    if (c > 64 && c < 91)
        return false;

    // is lowercase letter?
    if (c > 96 && c < 123)
        return false;

    return true;
}

/**
* @brief Encode url with percent-encoding. Any non-alphanumeric character is
* converted to its hex value with the percent character (%) as prefix, except "_"
* and "-". Replace space " " with "+".
*
* @param s url string.
* @return the encoded url string.
*/
string encode_url(string s)
{
    // convert non-alphanumeric characters to hex, convert space to +
    ostringstream out;
    for (string::iterator pos2=s.begin(); pos2 != s.end(); pos2++)
    {
        if (*pos2 == ' ')
            out << '+';
        else if (needs_encoding (*pos2))
            out << '%' << std::uppercase << setw(2) << setfill('0') << \
                std::hex << (int)(unsigned char)*pos2;
        else
            out << (*pos2);
    }

    return out.str();
}

/**
* @brief Change the attribute Filename from which the SecretId is going
* to be read.
*
* @param s custom_filename string new filename.
*/
void RedirectHash::set_custom_filename(string custom_filename)
{
    Filename = custom_filename;
}

/**
* @brief Reads the file Filename and loads the data into SecretId.
*/
void RedirectHash::load_secret_id()
{
    SecretId = read_file(Filename);

    if (SecretId.empty())
        throw runtime_error("Inexistent file or empty");
}

/**
* @brief Hashes the given url with the SecretId and returns a base64 hash.
*
* @param s &url string.
*
* @return base64 raw hash
*/
string RedirectHash::hash_url(const string &url)
{
    if (SecretId.empty())
        load_secret_id();

    return base64_encode(hash_data_raw(url + SecretId, MD5));
}

/**
* @brief Reads a HTML file, removes all ##BEGIN_URL## and ##END_URL## tags and
* adds urlauth param to the url in between these tags.
*
* @param s &html string.
*
* @return new html with the urls signed
*/
string RedirectHash::sign_urls(const string &html)
{
    string ret(html);
    string url;
    string re = "##BEGIN_URL##(.*?)##END_URL##";
    pcrecpp::RE re_match(re);
    while (re_match.PartialMatch(ret, &url))
    {
        string hashed_url = hash_url(url);

        replace_all(ret,
                    "##BEGIN_URL##" + url + "##END_URL##",
                    encode_url(url) + "&urlauth=" + encode_url(hashed_url));
    }
    return ret;
}

/**
* @brief Validates if the given url is the correspondent url to the given
* authtag hash.
*
* @param s &url string;
*          &authtag string hash;
*
* @return bool true if the given url is the correspondent url to the
* authtag hash, else returns false
*/
bool RedirectHash::validate_redirect_authtag(const string &url,
                                             const string &authtag)
{
    return authtag == hash_url(url);
}

} // eo namespace I2n
Commit	Line	Data
	1	/*
	2	The software in this package is distributed under the GNU General
	3	Public License version 2 (with a special exception described below).
	4
	5	A copy of GNU General Public License (GPL) is included in this distribution,
	6	in the file COPYING.GPL.
	7
	8	As a special exception, if other files instantiate templates or use macros
	9	or inline functions from this file, or you compile this file and link it
	10	with other works to produce a work based on this file, this file
	11	does not by itself cause the resulting work to be covered
	12	by the GNU General Public License.
	13
	14	However the source code for this file must still be made available
	15	in accordance with section (3) of the GNU General Public License.
	16
	17	This exception does not invalidate any other reasons why a work based
	18	on this file might be covered by the GNU General Public License.
	19	*/
	20	/** @file
	21	* @brief restricts html messages to an allowed group of tags.
	22	*
	23	* @copyright © Copyright 2017 Intra2net AG
	24	*
	25	*/
	26
	27	#include <string>
	28	#include <sstream>
	29	#include <iomanip>
	30
	31	#include <stringfunc.hxx>
	32	#include <restricted_html.hpp>
	33	#include <pcrecpp.h>
	34	#include <fstream>
	35	#include "crypto.hxx"
	36	#include "filefunc.hxx"
	37
	38	using namespace std;
	39
	40
	41	namespace I2n
	42	{
	43
	44
	45
	46	/**
	47	* @brief Replace all "+" characters found in s to spaces (" ").
	48	*
	49	* @param s string that will be modified.
	50	*/
	51	static void unescape_space(string &s)
	52	{
	53	string::size_type pos;
	54	while ((pos=s.find('+')) != string::npos)
	55	s[pos]=' ';
	56	}
	57
	58	/**
	59	* @brief Converts a hexadecimal sequence to its respective character.
	60	*
	61	* @param s string of size 2. Example: "77"
	62	* @return respective character represented by the hex sequence.
	63	*/
	64	static char x2c(const string& s)
	65	{
	66	char digit;
	67	digit=(s[0]>='A' ? ((s[0] & 0xdf)-'A')+10 : (s[0]-'0'));
	68	digit*=16;
	69	digit+=(s[1]>='A' ? ((s[1] & 0xdf)-'A')+10 : (s[1]-'0'));
	70	return digit;
	71	}
	72
	73	/**
	74	* @brief Scan a string to find escaped hex chars in the format "%HH" and replace
	75	* for their respective character.
	76	* Example: "www%2E" becomes "www."
	77	*
	78	* @param s String that will be modified.
	79	*/
	80	static void unescape_hex(string& s)
	81	{
	82	static char hex_escape='%';
	83	string::size_type escape_pos;
	84	string hex_seq;
	85	string rest=s;
	86	for (s=""; ((escape_pos=rest.find(hex_escape)) != string::npos);)
	87	{
	88	if (escape_pos+2<static_cast<unsigned int>(rest.length())
	89	&& ::isalnum(rest[escape_pos+1]) && ::isalnum(rest[escape_pos+2]))
	90	{
	91	hex_seq=rest.substr(escape_pos+1,2);
	92	s=s+rest.substr(0,escape_pos)+x2c(hex_seq);
	93	rest=rest.erase(0,escape_pos+3);
	94	}
	95	else
	96	{
	97	s=s+rest.substr(0,escape_pos+1);
	98	rest=rest.erase(0,escape_pos+1);
	99	}
	100	}
	101	s+=rest;
	102	}
	103
	104	/**
	105	* @brief Decode url that contains percent-encoding. Replace space " " with "+".
	106	* Example: "%77%77%77%2E" becomes "www."
	107	*
	108	* @param s url string.
	109	* @return the decoded string.
	110	*/
	111	string decode_url(string s)
	112	{
	113	unescape_space (s);
	114	unescape_hex (s);
	115	return (s);
	116	}
	117
	118	/**
	119	* @brief Verify if the parameter character requires encoding, If it is non
	120	* alphanumeric or valid ascii signs.
	121	*
	122	* @param c character to be verified.
	123	* @return true if the character should be encoded.
	124	*/
	125	bool needs_encoding (const char &c)
	126	{
	127	// some valid ascii signs
	128	if (c == '_' \|\| c == '-')
	129	return false;
	130
	131	// is digit?
	132	if (c > 47 && c < 58)
	133	return false;
	134
	135	// is uppercase letter?
	136	if (c > 64 && c < 91)
	137	return false;
	138
	139	// is lowercase letter?
	140	if (c > 96 && c < 123)
	141	return false;
	142
	143	return true;
	144	}
	145
	146	/**
	147	* @brief Encode url with percent-encoding. Any non-alphanumeric character is
	148	* converted to its hex value with the percent character (%) as prefix, except "_"
	149	* and "-". Replace space " " with "+".
	150	*
	151	* @param s url string.
	152	* @return the encoded url string.
	153	*/
	154	string encode_url(string s)
	155	{
	156	// convert non-alphanumeric characters to hex, convert space to +
	157	ostringstream out;
	158	for (string::iterator pos2=s.begin(); pos2 != s.end(); pos2++)
	159	{
	160	if (*pos2 == ' ')
	161	out << '+';
	162	else if (needs_encoding (*pos2))
	163	out << '%' << std::uppercase << setw(2) << setfill('0') << \
	164	std::hex << (int)(unsigned char)*pos2;
	165	else
	166	out << (*pos2);
	167	}
	168
	169	return out.str();
	170	}
	171
	172	/**
	173	* @brief Change the attribute Filename from which the SecretId is going
	174	* to be read.
	175	*
	176	* @param s custom_filename string new filename.
	177	*/
	178	void RedirectHash::set_custom_filename(string custom_filename)
	179	{
	180	Filename = custom_filename;
	181	}
	182
	183	/**
	184	* @brief Reads the file Filename and loads the data into SecretId.
	185	*/
	186	void RedirectHash::load_secret_id()
	187	{
	188	SecretId = read_file(Filename);
	189
	190	if (SecretId.empty())
	191	throw runtime_error("Inexistent file or empty");
	192	}
	193
	194	/**
	195	* @brief Hashes the given url with the SecretId and returns a base64 hash.
	196	*
	197	* @param s &url string.
	198	*
	199	* @return base64 raw hash
	200	*/
	201	string RedirectHash::hash_url(const string &url)
	202	{
	203	if (SecretId.empty())
	204	load_secret_id();
	205
	206	return base64_encode(hash_data_raw(url + SecretId, MD5));
	207	}
	208
	209	/**
	210	* @brief Reads a HTML file, removes all ##BEGIN_URL## and ##END_URL## tags and
	211	* adds urlauth param to the url in between these tags.
	212	*
	213	* @param s &html string.
	214	*
	215	* @return new html with the urls signed
	216	*/
	217	string RedirectHash::sign_urls(const string &html)
	218	{
	219	string ret(html);
	220	string url;
	221	string re = "##BEGIN_URL##(.*?)##END_URL##";
	222	pcrecpp::RE re_match(re);
	223	while (re_match.PartialMatch(ret, &url))
	224	{
	225	string hashed_url = hash_url(url);
	226
	227	replace_all(ret,
	228	"##BEGIN_URL##" + url + "##END_URL##",
	229	encode_url(url) + "&urlauth=" + encode_url(hashed_url));
	230	}
	231	return ret;
	232	}
	233
	234	/**
	235	* @brief Validates if the given url is the correspondent url to the given
	236	* authtag hash.
	237	*
	238	* @param s &url string;
	239	* &authtag string hash;
	240	*
	241	* @return bool true if the given url is the correspondent url to the
	242	* authtag hash, else returns false
	243	*/
	244	bool RedirectHash::validate_redirect_authtag(const string &url,
	245	const string &authtag)
	246	{
	247	return authtag == hash_url(url);
	248	}
	249
	250	} // eo namespace I2n