Commit | Line | Data |
---|---|---|
09ca2cbf JR |
1 | /* |
2 | The software in this package is distributed under the GNU General | |
3 | Public License version 2 (with a special exception described below). | |
4 | ||
5 | A copy of GNU General Public License (GPL) is included in this distribution, | |
6 | in the file COPYING.GPL. | |
7 | ||
8 | As a special exception, if other files instantiate templates or use macros | |
9 | or inline functions from this file, or you compile this file and link it | |
10 | with other works to produce a work based on this file, this file | |
11 | does not by itself cause the resulting work to be covered | |
12 | by the GNU General Public License. | |
13 | ||
14 | However the source code for this file must still be made available | |
15 | in accordance with section (3) of the GNU General Public License. | |
16 | ||
17 | This exception does not invalidate any other reasons why a work based | |
18 | on this file might be covered by the GNU General Public License. | |
19 | */ | |
20 | /** @file | |
21 | * @brief restricts html messages to an allowed group of tags. | |
22 | * | |
23 | * @copyright © Copyright 2017 Intra2net AG | |
24 | * | |
25 | */ | |
26 | ||
27 | #include <string> | |
a93685ca JR |
28 | #include <sstream> |
29 | #include <iomanip> | |
09ca2cbf JR |
30 | |
31 | #include <stringfunc.hxx> | |
32 | #include <restricted_html.hpp> | |
d87beebd C |
33 | #include <pcrecpp.h> |
34 | #include <fstream> | |
35 | #include "crypto.hxx" | |
36 | #include "filefunc.hxx" | |
09ca2cbf JR |
37 | |
38 | using namespace std; | |
39 | ||
40 | ||
41 | namespace I2n | |
42 | { | |
43 | ||
44 | ||
45 | ||
a93685ca JR |
46 | /** |
47 | * @brief Replace all "+" characters found in s to spaces (" "). | |
48 | * | |
49 | * @param s string that will be modified. | |
50 | */ | |
51 | static void unescape_space(string &s) | |
52 | { | |
53 | string::size_type pos; | |
54 | while ((pos=s.find('+')) != string::npos) | |
55 | s[pos]=' '; | |
56 | } | |
57 | ||
58 | /** | |
59 | * @brief Converts a hexadecimal sequence to its respective character. | |
60 | * | |
61 | * @param s string of size 2. Example: "77" | |
62 | * @return respective character represented by the hex sequence. | |
63 | */ | |
64 | static char x2c(const string& s) | |
65 | { | |
66 | char digit; | |
67 | digit=(s[0]>='A' ? ((s[0] & 0xdf)-'A')+10 : (s[0]-'0')); | |
68 | digit*=16; | |
69 | digit+=(s[1]>='A' ? ((s[1] & 0xdf)-'A')+10 : (s[1]-'0')); | |
70 | return digit; | |
71 | } | |
72 | ||
73 | /** | |
74 | * @brief Scan a string to find escaped hex chars in the format "%HH" and replace | |
75 | * for their respective character. | |
76 | * Example: "www%2E" becomes "www." | |
77 | * | |
78 | * @param s String that will be modified. | |
79 | */ | |
80 | static void unescape_hex(string& s) | |
81 | { | |
82 | static char hex_escape='%'; | |
83 | string::size_type escape_pos; | |
84 | string hex_seq; | |
85 | string rest=s; | |
86 | for (s=""; ((escape_pos=rest.find(hex_escape)) != string::npos);) | |
87 | { | |
88 | if (escape_pos+2<static_cast<unsigned int>(rest.length()) | |
89 | && ::isalnum(rest[escape_pos+1]) && ::isalnum(rest[escape_pos+2])) | |
90 | { | |
91 | hex_seq=rest.substr(escape_pos+1,2); | |
92 | s=s+rest.substr(0,escape_pos)+x2c(hex_seq); | |
93 | rest=rest.erase(0,escape_pos+3); | |
94 | } | |
95 | else | |
96 | { | |
97 | s=s+rest.substr(0,escape_pos+1); | |
98 | rest=rest.erase(0,escape_pos+1); | |
99 | } | |
100 | } | |
101 | s+=rest; | |
102 | } | |
103 | ||
104 | /** | |
105 | * @brief Decode url that contains percent-encoding. Replace space " " with "+". | |
106 | * Example: "%77%77%77%2E" becomes "www." | |
107 | * | |
108 | * @param s url string. | |
109 | * @return the decoded string. | |
110 | */ | |
111 | string decode_url(string s) | |
112 | { | |
113 | unescape_space (s); | |
114 | unescape_hex (s); | |
115 | return (s); | |
116 | } | |
117 | ||
118 | /** | |
119 | * @brief Verify if the parameter character requires encoding, If it is non | |
120 | * alphanumeric or valid ascii signs. | |
121 | * | |
122 | * @param c character to be verified. | |
123 | * @return true if the character should be encoded. | |
124 | */ | |
125 | bool needs_encoding (const char &c) | |
126 | { | |
127 | // some valid ascii signs | |
128 | if (c == '_' || c == '-') | |
129 | return false; | |
130 | ||
131 | // is digit? | |
132 | if (c > 47 && c < 58) | |
133 | return false; | |
134 | ||
135 | // is uppercase letter? | |
136 | if (c > 64 && c < 91) | |
137 | return false; | |
138 | ||
139 | // is lowercase letter? | |
140 | if (c > 96 && c < 123) | |
141 | return false; | |
142 | ||
143 | return true; | |
144 | } | |
145 | ||
146 | /** | |
147 | * @brief Encode url with percent-encoding. Any non-alphanumeric character is | |
148 | * converted to its hex value with the percent character (%) as prefix, except "_" | |
149 | * and "-". Replace space " " with "+". | |
150 | * | |
151 | * @param s url string. | |
152 | * @return the encoded url string. | |
153 | */ | |
154 | string encode_url(string s) | |
155 | { | |
156 | // convert non-alphanumeric characters to hex, convert space to + | |
157 | ostringstream out; | |
158 | for (string::iterator pos2=s.begin(); pos2 != s.end(); pos2++) | |
159 | { | |
160 | if (*pos2 == ' ') | |
161 | out << '+'; | |
162 | else if (needs_encoding (*pos2)) | |
163 | out << '%' << std::uppercase << setw(2) << setfill('0') << \ | |
164 | std::hex << (int)(unsigned char)*pos2; | |
165 | else | |
166 | out << (*pos2); | |
167 | } | |
168 | ||
169 | return out.str(); | |
170 | } | |
d87beebd C |
171 | |
172 | /** | |
173 | * @brief Change the attribute Filename from which the SecretId is going | |
174 | * to be read. | |
175 | * | |
176 | * @param s custom_filename string new filename. | |
177 | */ | |
178 | void RedirectHash::set_custom_filename(string custom_filename) | |
179 | { | |
180 | Filename = custom_filename; | |
181 | } | |
182 | ||
183 | /** | |
184 | * @brief Reads the file Filename and loads the data into SecretId. | |
185 | */ | |
186 | void RedirectHash::load_secret_id() | |
187 | { | |
188 | SecretId = read_file(Filename); | |
189 | ||
190 | if (SecretId.empty()) | |
191 | throw runtime_error("Inexistent file or empty"); | |
192 | } | |
193 | ||
194 | /** | |
195 | * @brief Hashes the given url with the SecretId and returns a base64 hash. | |
196 | * | |
197 | * @param s &url string. | |
198 | * | |
199 | * @return base64 raw hash | |
200 | */ | |
201 | string RedirectHash::hash_url(const string &url) | |
202 | { | |
203 | if (SecretId.empty()) | |
204 | load_secret_id(); | |
205 | ||
206 | return base64_encode(hash_data_raw(url + SecretId, MD5)); | |
207 | } | |
208 | ||
209 | /** | |
210 | * @brief Reads a HTML file, removes all ##BEGIN_URL## and ##END_URL## tags and | |
211 | * adds urlauth param to the url in between these tags. | |
212 | * | |
213 | * @param s &html string. | |
214 | * | |
215 | * @return new html with the urls signed | |
216 | */ | |
217 | string RedirectHash::sign_urls(const string &html) | |
218 | { | |
219 | string ret(html); | |
220 | string url; | |
221 | string re = "##BEGIN_URL##(.*?)##END_URL##"; | |
222 | pcrecpp::RE re_match(re); | |
223 | while (re_match.PartialMatch(ret, &url)) | |
224 | { | |
225 | string hashed_url = hash_url(url); | |
226 | ||
227 | replace_all(ret, | |
228 | "##BEGIN_URL##" + url + "##END_URL##", | |
229 | encode_url(url) + "&urlauth=" + encode_url(hashed_url)); | |
230 | } | |
231 | return ret; | |
232 | } | |
233 | ||
234 | /** | |
235 | * @brief Validates if the given url is the correspondent url to the given | |
236 | * authtag hash. | |
237 | * | |
238 | * @param s &url string; | |
239 | * &authtag string hash; | |
240 | * | |
241 | * @return bool true if the given url is the correspondent url to the | |
242 | * authtag hash, else returns false | |
243 | */ | |
244 | bool RedirectHash::validate_redirect_authtag(const string &url, | |
245 | const string &authtag) | |
246 | { | |
247 | return authtag == hash_url(url); | |
248 | } | |
249 | ||
09ca2cbf | 250 | } // eo namespace I2n |