qhsts_p.h source code [qtbase/src/network/access/qhsts_p.h]

1	// Copyright (C) 2017 The Qt Company Ltd.
2	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3	// Qt-Security score:critical reason:data-parser
4
5	#ifndef QHSTS_P_H
6	#define QHSTS_P_H
7
8	//
9	// W A R N I N G
10	// -------------
11	//
12	// This file is not part of the Qt API. It exists for the convenience
13	// of the Network Access API. This header file may change from
14	// version to version without notice, or even be removed.
15	//
16	// We mean it.
17	//
18
19	#include <QtNetwork/private/qtnetworkglobal_p.h>
20
21	#include <QtNetwork/qhstspolicy.h>
22
23	#include <QtCore/qbytearray.h>
24	#include <QtCore/qdatetime.h>
25	#include <QtCore/qstring.h>
26	#include <QtCore/qurl.h>
27	#include <QtCore/qcontainerfwd.h>
28
29	#include <map>
30
31	QT_BEGIN_NAMESPACE
32
33	class QHttpHeaders;
34
35	class Q_AUTOTEST_EXPORT QHstsCache
36	{
37	public:
38
39	void updateFromHeaders(const QHttpHeaders &headers,
40	const QUrl &url);
41	void updateFromPolicies(const QList<QHstsPolicy> &hosts);
42	void updateKnownHost(const QUrl &url, const QDateTime &expires,
43	bool includeSubDomains);
44	bool isKnownHost(const QUrl &url) const;
45	void clear();
46
47	QList<QHstsPolicy> policies() const;
48
49	#if QT_CONFIG(settings)
50	void setStore(class QHstsStore *store);
51	#endif // QT_CONFIG(settings)
52
53	private:
54
55	void updateKnownHost(const QString &hostName, const QDateTime &expires,
56	bool includeSubDomains);
57
58	struct HostName
59	{
60	explicit HostName(const QString &n) : name (n) { }
61	explicit HostName(QStringView r) : fragment (r) { }
62
63	bool operator < (const HostName &rhs) const
64	{
65	if (fragment.size()) {
66	if (rhs.fragment.size())
67	return fragment < rhs.fragment;
68	return fragment < QStringView {rhs.name};
69	}
70
71	if (rhs.fragment.size())
72	return QStringView {name} < rhs.fragment;
73	return name < rhs.name;
74	}
75
76	// We use 'name' for a HostName object contained in our dictionary;
77	// we use 'fragment' only during lookup, when chopping the complete host
78	// name, removing subdomain names (such HostName object is 'transient', it
79	// must not outlive the original QString object.
80	QString name;
81	QStringView fragment;
82	};
83
84	mutable std::map<HostName, QHstsPolicy> knownHosts;
85	#if QT_CONFIG(settings)
86	QHstsStore hstsStore = nullptr*;
87	#endif // QT_CONFIG(settings)
88	};
89
90	class Q_AUTOTEST_EXPORT QHstsHeaderParser
91	{
92	public:
93
94	bool parse(const QHttpHeaders &headers);
95
96	QDateTime expirationDate() const { return expiry; }
97	bool includeSubDomains() const { return subDomainsFound; }
98
99	private:
100
101	bool parseSTSHeader();
102	bool parseDirective();
103	bool processDirective(const QByteArray &name, const QByteArray &value);
104	bool nextToken();
105
106	QByteArray header;
107	QByteArray token;
108
109	QDateTime expiry;
110	int tokenPos = `0`;
111	bool maxAgeFound = false;
112	qint64 maxAge = `0`;
113	bool subDomainsFound = false;
114	};
115
116	QT_END_NAMESPACE
117
118	#endif
119

source code of qtbase/src/network/access/qhsts_p.h