Project import generated by Copybara.
PiperOrigin-RevId: 237361882
Change-Id: I109a68f44db867b20f8c6a7732b0ce657133e52a
diff --git a/quic/core/http/spdy_utils.cc b/quic/core/http/spdy_utils.cc
new file mode 100644
index 0000000..7022ae2
--- /dev/null
+++ b/quic/core/http/spdy_utils.cc
@@ -0,0 +1,353 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/third_party/quiche/src/quic/core/http/spdy_utils.h"
+
+#include <memory>
+#include <vector>
+
+#include "url/gurl.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_flag_utils.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_map_util.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_string.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_text_utils.h"
+#include "net/third_party/quiche/src/spdy/core/spdy_frame_builder.h"
+#include "net/third_party/quiche/src/spdy/core/spdy_framer.h"
+#include "net/third_party/quiche/src/spdy/core/spdy_protocol.h"
+
+using spdy::SpdyHeaderBlock;
+
+namespace quic {
+
+// static
+bool SpdyUtils::ExtractContentLengthFromHeaders(int64_t* content_length,
+ SpdyHeaderBlock* headers) {
+ auto it = headers->find("content-length");
+ if (it == headers->end()) {
+ return false;
+ } else {
+ // Check whether multiple values are consistent.
+ QuicStringPiece content_length_header = it->second;
+ std::vector<QuicStringPiece> values =
+ QuicTextUtils::Split(content_length_header, '\0');
+ for (const QuicStringPiece& value : values) {
+ uint64_t new_value;
+ if (!QuicTextUtils::StringToUint64(value, &new_value)) {
+ QUIC_DLOG(ERROR)
+ << "Content length was either unparseable or negative.";
+ return false;
+ }
+ if (*content_length < 0) {
+ *content_length = new_value;
+ continue;
+ }
+ if (new_value != static_cast<uint64_t>(*content_length)) {
+ QUIC_DLOG(ERROR)
+ << "Parsed content length " << new_value << " is "
+ << "inconsistent with previously detected content length "
+ << *content_length;
+ return false;
+ }
+ }
+ return true;
+ }
+}
+
+bool SpdyUtils::CopyAndValidateHeaders(const QuicHeaderList& header_list,
+ int64_t* content_length,
+ SpdyHeaderBlock* headers) {
+ for (const auto& p : header_list) {
+ const QuicString& name = p.first;
+ if (name.empty()) {
+ QUIC_DLOG(ERROR) << "Header name must not be empty.";
+ return false;
+ }
+
+ if (QuicTextUtils::ContainsUpperCase(name)) {
+ QUIC_DLOG(ERROR) << "Malformed header: Header name " << name
+ << " contains upper-case characters.";
+ return false;
+ }
+
+ headers->AppendValueOrAddHeader(name, p.second);
+ }
+
+ if (QuicContainsKey(*headers, "content-length") &&
+ !ExtractContentLengthFromHeaders(content_length, headers)) {
+ return false;
+ }
+
+ QUIC_DVLOG(1) << "Successfully parsed headers: " << headers->DebugString();
+ return true;
+}
+
+bool SpdyUtils::CopyAndValidateTrailers(const QuicHeaderList& header_list,
+ size_t* final_byte_offset,
+ SpdyHeaderBlock* trailers) {
+ bool found_final_byte_offset = false;
+ for (const auto& p : header_list) {
+ const QuicString& name = p.first;
+
+ // Pull out the final offset pseudo header which indicates the number of
+ // response body bytes expected.
+ if (!found_final_byte_offset && name == kFinalOffsetHeaderKey &&
+ QuicTextUtils::StringToSizeT(p.second, final_byte_offset)) {
+ found_final_byte_offset = true;
+ continue;
+ }
+
+ if (name.empty() || name[0] == ':') {
+ QUIC_DLOG(ERROR)
+ << "Trailers must not be empty, and must not contain pseudo-"
+ << "headers. Found: '" << name << "'";
+ return false;
+ }
+
+ if (QuicTextUtils::ContainsUpperCase(name)) {
+ QUIC_DLOG(ERROR) << "Malformed header: Header name " << name
+ << " contains upper-case characters.";
+ return false;
+ }
+
+ trailers->AppendValueOrAddHeader(name, p.second);
+ }
+
+ if (!found_final_byte_offset) {
+ QUIC_DLOG(ERROR) << "Required key '" << kFinalOffsetHeaderKey
+ << "' not present";
+ return false;
+ }
+
+ // TODO(rjshade): Check for other forbidden keys, following the HTTP/2 spec.
+
+ QUIC_DVLOG(1) << "Successfully parsed Trailers: " << trailers->DebugString();
+ return true;
+}
+
+// static
+QuicString SpdyUtils::GetPromisedUrlFromHeaders(
+ const SpdyHeaderBlock& headers) {
+ // RFC 7540, Section 8.1.2.3: All HTTP/2 requests MUST include exactly
+ // one valid value for the ":method", ":scheme", and ":path" pseudo-header
+ // fields, unless it is a CONNECT request.
+
+ // RFC 7540, Section 8.2.1: The header fields in PUSH_PROMISE and any
+ // subsequent CONTINUATION frames MUST be a valid and complete set of request
+ // header fields (Section 8.1.2.3). The server MUST include a method in the
+ // ":method" pseudo-header field that is safe and cacheable.
+ //
+ // RFC 7231, Section 4.2.1: Of the request methods defined by this
+ // specification, the GET, HEAD, OPTIONS, and TRACE methods are defined to be
+ // safe.
+ //
+ // RFC 7231, Section 4.2.1: ... this specification defines GET, HEAD, and
+ // POST as cacheable, ...
+ //
+ // So the only methods allowed in a PUSH_PROMISE are GET and HEAD.
+ SpdyHeaderBlock::const_iterator it = headers.find(":method");
+ if (it == headers.end() || (it->second != "GET" && it->second != "HEAD")) {
+ return QuicString();
+ }
+
+ it = headers.find(":scheme");
+ if (it == headers.end() || it->second.empty()) {
+ return QuicString();
+ }
+ QuicStringPiece scheme = it->second;
+
+ // RFC 7540, Section 8.2: The server MUST include a value in the
+ // ":authority" pseudo-header field for which the server is authoritative
+ // (see Section 10.1).
+ it = headers.find(":authority");
+ if (it == headers.end() || it->second.empty()) {
+ return QuicString();
+ }
+ QuicStringPiece authority = it->second;
+
+ // RFC 7540, Section 8.1.2.3 requires that the ":path" pseudo-header MUST
+ // NOT be empty for "http" or "https" URIs;
+ //
+ // However, to ensure the scheme is consistently canonicalized, that check
+ // is deferred to implementations in QuicUrlUtils::GetPushPromiseUrl().
+ it = headers.find(":path");
+ if (it == headers.end()) {
+ return QuicString();
+ }
+ QuicStringPiece path = it->second;
+
+ return GetPushPromiseUrl(scheme, authority, path);
+}
+
+// static
+QuicString SpdyUtils::GetPromisedHostNameFromHeaders(
+ const SpdyHeaderBlock& headers) {
+ // TODO(fayang): Consider just checking out the value of the ":authority" key
+ // in headers.
+ return GURL(GetPromisedUrlFromHeaders(headers)).host();
+}
+
+// static
+bool SpdyUtils::PromisedUrlIsValid(const SpdyHeaderBlock& headers) {
+ QuicString url(GetPromisedUrlFromHeaders(headers));
+ return !url.empty() && GURL(url).is_valid();
+}
+
+// static
+bool SpdyUtils::PopulateHeaderBlockFromUrl(const QuicString url,
+ SpdyHeaderBlock* headers) {
+ (*headers)[":method"] = "GET";
+ size_t pos = url.find("://");
+ if (pos == QuicString::npos) {
+ return false;
+ }
+ (*headers)[":scheme"] = url.substr(0, pos);
+ size_t start = pos + 3;
+ pos = url.find("/", start);
+ if (pos == QuicString::npos) {
+ (*headers)[":authority"] = url.substr(start);
+ (*headers)[":path"] = "/";
+ return true;
+ }
+ (*headers)[":authority"] = url.substr(start, pos - start);
+ (*headers)[":path"] = url.substr(pos);
+ return true;
+}
+
+// static
+QuicString SpdyUtils::GetPushPromiseUrl(QuicStringPiece scheme,
+ QuicStringPiece authority,
+ QuicStringPiece path) {
+ // RFC 7540, Section 8.1.2.3: The ":path" pseudo-header field includes the
+ // path and query parts of the target URI (the "path-absolute" production
+ // and optionally a '?' character followed by the "query" production (see
+ // Sections 3.3 and 3.4 of RFC3986). A request in asterisk form includes the
+ // value '*' for the ":path" pseudo-header field.
+ //
+ // This pseudo-header field MUST NOT be empty for "http" or "https" URIs;
+ // "http" or "https" URIs that do not contain a path MUST include a value of
+ // '/'. The exception to this rule is an OPTIONS request for an "http" or
+ // "https" URI that does not include a path component; these MUST include a
+ // ":path" pseudo-header with a value of '*' (see RFC7230, Section 5.3.4).
+ //
+ // In addition to the above restriction from RFC 7540, note that RFC3986
+ // defines the "path-absolute" construction as starting with "/" but not "//".
+ //
+ // RFC 7540, Section 8.2.1: The header fields in PUSH_PROMISE and any
+ // subsequent CONTINUATION frames MUST be a valid and complete set of request
+ // header fields (Section 8.1.2.3). The server MUST include a method in the
+ // ":method" pseudo-header field that is safe and cacheable.
+ //
+ // RFC 7231, Section 4.2.1:
+ // ... this specification defines GET, HEAD, and POST as cacheable, ...
+ //
+ // Since the OPTIONS method is not cacheable, it cannot be the method of a
+ // PUSH_PROMISE. Therefore, the exception mentioned in RFC 7540, Section
+ // 8.1.2.3 about OPTIONS requests does not apply here (i.e. ":path" cannot be
+ // "*").
+ if (path.empty() || path[0] != '/' || (path.size() >= 2 && path[1] == '/')) {
+ return QuicString();
+ }
+
+ // Validate the scheme; this is to ensure a scheme of "foo://bar" is not
+ // parsed as a URL of "foo://bar://baz" when combined with a host of "baz".
+ std::string canonical_scheme;
+ url::StdStringCanonOutput canon_scheme_output(&canonical_scheme);
+ url::Component canon_component;
+ url::Component scheme_component(0, scheme.size());
+
+ if (!url::CanonicalizeScheme(scheme.data(), scheme_component,
+ &canon_scheme_output, &canon_component) ||
+ !canon_component.is_nonempty() || canon_component.begin != 0) {
+ return QuicString();
+ }
+ canonical_scheme.resize(canon_component.len + 1);
+
+ // Validate the authority; this is to ensure an authority such as
+ // "host/path" is not accepted, as when combined with a scheme like
+ // "http://", could result in a URL of "http://host/path".
+ url::Component auth_component(0, authority.size());
+ url::Component username_component;
+ url::Component password_component;
+ url::Component host_component;
+ url::Component port_component;
+
+ url::ParseAuthority(authority.data(), auth_component, &username_component,
+ &password_component, &host_component, &port_component);
+
+ // RFC 7540, Section 8.1.2.3: The authority MUST NOT include the deprecated
+ // "userinfo" subcomponent for "http" or "https" schemed URIs.
+ //
+ // Note: Although |canonical_scheme| has not yet been checked for that, as
+ // it is performed later in processing, only "http" and "https" schemed
+ // URIs are supported for PUSH.
+ if (username_component.is_valid() || password_component.is_valid()) {
+ return QuicString();
+ }
+
+ // Failed parsing or no host present. ParseAuthority() will ensure that
+ // host_component + port_component cover the entire string, if
+ // username_component and password_component are not present.
+ if (!host_component.is_nonempty()) {
+ return QuicString();
+ }
+
+ // Validate the port (if present; it's optional).
+ int parsed_port_number = url::PORT_INVALID;
+ if (port_component.is_nonempty()) {
+ parsed_port_number = url::ParsePort(authority.data(), port_component);
+ if (parsed_port_number < 0 && parsed_port_number != url::PORT_UNSPECIFIED) {
+ return QuicString();
+ }
+ }
+
+ // Validate the host by attempting to canonicalize it. Invalid characters
+ // will result in a canonicalization failure (e.g. '/')
+ std::string canon_host;
+ url::StdStringCanonOutput canon_host_output(&canon_host);
+ canon_component.reset();
+ if (!url::CanonicalizeHost(authority.data(), host_component,
+ &canon_host_output, &canon_component) ||
+ !canon_component.is_nonempty() || canon_component.begin != 0) {
+ return QuicString();
+ }
+
+ // At this point, "authority" has been validated to either be of the form
+ // 'host:port' or 'host', with 'host' being a valid domain or IP address,
+ // and 'port' (if present), being a valid port. Attempt to construct a
+ // URL of just the (scheme, host, port), which should be safe and will not
+ // result in ambiguous parsing.
+ //
+ // This also enforces that all PUSHed URLs are either HTTP or HTTPS-schemed
+ // URIs, consistent with the other restrictions enforced above.
+ //
+ // Note: url::CanonicalizeScheme() will have added the ':' to
+ // |canonical_scheme|.
+ GURL origin_url(canonical_scheme + "//" + std::string(authority));
+ if (!origin_url.is_valid() || !origin_url.SchemeIsHTTPOrHTTPS() ||
+ // The following checks are merely defense in depth.
+ origin_url.has_username() || origin_url.has_password() ||
+ (origin_url.has_path() && origin_url.path_piece() != "/") ||
+ origin_url.has_query() || origin_url.has_ref()) {
+ return QuicString();
+ }
+
+ // Attempt to parse the path.
+ std::string spec = origin_url.GetWithEmptyPath().spec();
+ spec.pop_back(); // Remove the '/', as ":path" must contain it.
+ spec.append(std::string(path));
+
+ // Attempt to parse the full URL, with the path as well. Ensure there is no
+ // fragment to the query.
+ GURL full_url(spec);
+ if (!full_url.is_valid() || full_url.has_ref()) {
+ return QuicString();
+ }
+
+ return full_url.spec();
+}
+
+} // namespace quic
