added support for the public suffix list

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@679322 13f79535-47bb-0310-9956-ffa450edef68
2008-07-24 09:22:30 +00:00 · 2008-07-24 09:22:30 +00:00 · 15a027f427
parent f87aaff0f1
commit 15a027f427
6 changed files with 302 additions and 0 deletions
--- a/module-client/src/main/java/org/apache/http/impl/cookie/PublicSuffixFilter.java
+++ b/module-client/src/main/java/org/apache/http/impl/cookie/PublicSuffixFilter.java
@ -0,0 +1,92 @@
+package org.apache.http.impl.cookie;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.http.client.utils.Punycode;
+import org.apache.http.cookie.Cookie;
+import org.apache.http.cookie.CookieAttributeHandler;
+import org.apache.http.cookie.CookieOrigin;
+import org.apache.http.cookie.MalformedCookieException;
+import org.apache.http.cookie.SetCookie;
+
+/**
+ * Wraps a CookieAttributeHandler and leverages its match method
+ * to never match a suffix from a black list. May be used to provide
+ * additional security for cross-site attack types by preventing
+ * cookies from apparent domains that are not publicly available.
+ * An uptodate list of suffixes can be obtained from 
+ * <a href="http://publicsuffix.org/">publicsuffix.org</a> 
+ * 
+ * @author Ortwin Glück
+ */
+public class PublicSuffixFilter implements CookieAttributeHandler {
+    private CookieAttributeHandler wrapped;
+    private Set<String> exceptions;
+    private Set<String> suffixes;
+
+    public PublicSuffixFilter(CookieAttributeHandler wrapped) {
+        this.wrapped = wrapped;
+    }
+   
+    /**
+     * Sets the suffix blacklist patterns.
+     * A pattern can be "com", "*.jp"
+     * TODO add support for patterns like "lib.*.us"
+     * @param suffixes
+     */
+    public void setPublicSuffixes(Collection<String> suffixes) {
+        this.suffixes = new HashSet<String>(suffixes);
+    }
+    
+    /**
+     * Sets the exceptions from the blacklist. Exceptions can not be patterns.
+     * TODO add support for patterns
+     * @param exceptions
+     */
+    public void setExceptions(Collection<String> exceptions) {
+        this.exceptions = new HashSet<String>(exceptions);
+    }
+
+    /**
+     * Never matches if the cookie's domain is from the blacklist.
+     */
+    public boolean match(Cookie cookie, CookieOrigin origin) {
+        if (isForPublicSuffix(cookie)) return false;
+        return wrapped.match(cookie, origin);
+    }
+
+    public void parse(SetCookie cookie, String value) throws MalformedCookieException {
+        wrapped.parse(cookie, value);
+    }
+
+    public void validate(Cookie cookie, CookieOrigin origin) throws MalformedCookieException {
+        wrapped.validate(cookie, origin);
+    }
+    
+    private boolean isForPublicSuffix(Cookie cookie) {
+        String domain = cookie.getDomain();
+        if (domain.startsWith(".")) domain = domain.substring(1);
+        domain = Punycode.toUnicode(domain);
+        
+        // An exception rule takes priority over any other matching rule.
+        if (this.exceptions != null) {
+            if (this.exceptions.contains(domain)) return false;
+        }
+
+        
+        if (this.suffixes == null) return false;
+        
+        do {
+            if (this.suffixes.contains(domain)) return true;
+            // patterns
+            if (domain.startsWith("*.")) domain = domain.substring(2);
+            int nextdot = domain.indexOf('.');
+            if (nextdot == -1) break;
+            domain = "*" + domain.substring(nextdot);
+        } while (domain.length() > 0);
+        
+        return false;
+    }
+}
--- a/module-client/src/main/java/org/apache/http/impl/cookie/PublicSuffixListParser.java
+++ b/module-client/src/main/java/org/apache/http/impl/cookie/PublicSuffixListParser.java
@ -0,0 +1,79 @@
+package org.apache.http.impl.cookie;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.Reader;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * Parses the list from <a href="http://publicsuffix.org/">publicsuffix.org</a>
+ * and configures a PublicSuffixFilter.
+ * 
+ * @author Ortwin Glück
+ */
+public class PublicSuffixListParser {
+    private static final int MAX_LINE_LEN = 256;
+    private PublicSuffixFilter filter;
+    
+    PublicSuffixListParser(PublicSuffixFilter filter) {
+        this.filter = filter;
+    }
+
+    /**
+     * Parses the public suffix list format.
+     * When creating the reader from the file, make sure to
+     * use the correct encoding (the original list is in UTF-8).
+     * 
+     * @param list the suffix list. The caller is responsible for closing the reader.
+     * @throws IOException on error while reading from list
+     */
+    public void parse(Reader list) throws IOException {
+        Collection<String> rules = new ArrayList<String>();
+        Collection<String> exceptions = new ArrayList<String>();
+        BufferedReader r = new BufferedReader(list);
+        StringBuilder sb = new StringBuilder(256);
+        boolean more = true;
+        while (more) {
+            more = readLine(r, sb);
+            String line = sb.toString();
+            if (line.length() == 0) continue;
+            if (line.startsWith("//")) continue; //entire lines can also be commented using //
+            if (line.startsWith(".")) line = line.substring(1); // A leading dot is optional
+            // An exclamation mark (!) at the start of a rule marks an exception to a previous wildcard rule
+            boolean isException = line.startsWith("!"); 
+            if (isException) line = line.substring(1);
+            
+            if (isException) {
+                exceptions.add(line);
+            } else {
+                rules.add(line);
+            }
+        }
+        
+        filter.setPublicSuffixes(rules);
+        filter.setExceptions(exceptions);
+    }
+    
+    /**
+     * 
+     * @param r
+     * @param sb
+     * @return false when the end of the stream is reached
+     * @throws IOException
+     */
+    private boolean readLine(Reader r, StringBuilder sb) throws IOException {
+        sb.setLength(0);
+        int b;
+        boolean hitWhitespace = false;
+        while ((b = r.read()) != -1) {
+            char c = (char) b;
+            if (c == '\n') break;
+            // Each line is only read up to the first whitespace
+            if (Character.isWhitespace(c)) hitWhitespace = true;
+            if (!hitWhitespace) sb.append(c);
+            if (sb.length() > MAX_LINE_LEN) throw new IOException("Line too long"); // prevent excess memory usage
+        }
+        return (b != -1);
+    }
+}
--- a/module-client/src/test/java/org/apache/http/impl/cookie/TestAllCookieImpl.java
+++ b/module-client/src/test/java/org/apache/http/impl/cookie/TestAllCookieImpl.java
@ -53,6 +53,7 @@ public class TestAllCookieImpl extends TestCase {
        suite.addTest(TestCookieRFC2109Spec.suite());
        suite.addTest(TestCookieRFC2965Spec.suite());
        suite.addTest(TestCookieBestMatchSpec.suite());
+        suite.addTest(TestPublicSuffixListParser.suite());
        return suite;
    }

--- a/module-client/src/test/java/org/apache/http/impl/cookie/TestBasicCookieAttribHandlers.java
+++ b/module-client/src/test/java/org/apache/http/impl/cookie/TestBasicCookieAttribHandlers.java
@ -32,6 +32,7 @@ package org.apache.http.impl.cookie;

 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.Locale;

@ -42,6 +43,16 @@ import junit.framework.TestSuite;
 import org.apache.http.cookie.CookieAttributeHandler;
 import org.apache.http.cookie.CookieOrigin;
 import org.apache.http.cookie.MalformedCookieException;
+import org.apache.http.impl.cookie.BasicClientCookie;
+import org.apache.http.impl.cookie.BasicCommentHandler;
+import org.apache.http.impl.cookie.BasicDomainHandler;
+import org.apache.http.impl.cookie.BasicExpiresHandler;
+import org.apache.http.impl.cookie.BasicMaxAgeHandler;
+import org.apache.http.impl.cookie.BasicPathHandler;
+import org.apache.http.impl.cookie.BasicSecureHandler;
+import org.apache.http.impl.cookie.DateUtils;
+import org.apache.http.impl.cookie.PublicSuffixFilter;
+import org.apache.http.impl.cookie.RFC2109DomainHandler;

 public class TestBasicCookieAttribHandlers extends TestCase {

@ -458,4 +469,26 @@ public class TestBasicCookieAttribHandlers extends TestCase {
        }
    }
    
+    public void testPublicSuffixFilter() throws Exception {
+        BasicClientCookie cookie = new BasicClientCookie("name", "value");
+        
+        PublicSuffixFilter h = new PublicSuffixFilter(new RFC2109DomainHandler());
+        h.setPublicSuffixes(Arrays.asList(new String[] { "co.uk", "com" }));
+        
+        cookie.setDomain(".co.uk");
+        assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false)));
+        
+        cookie.setDomain("co.uk");
+        assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false)));
+        
+        cookie.setDomain(".com");
+        assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false)));
+        
+        cookie.setDomain("com");
+        assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false)));        
+        
+        cookie.setDomain("localhost");
+        assertTrue(h.match(cookie, new CookieOrigin("localhost", 80, "/stuff", false)));        
+    }
+    
 }
--- a/module-client/src/test/java/org/apache/http/impl/cookie/TestPublicSuffixListParser.java
+++ b/module-client/src/test/java/org/apache/http/impl/cookie/TestPublicSuffixListParser.java
@ -0,0 +1,84 @@
+package org.apache.http.impl.cookie;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Reader;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.http.cookie.CookieOrigin;
+
+public class TestPublicSuffixListParser extends TestCase {
+    private static final String LIST_FILE = "suffixlist.txt";
+    private PublicSuffixFilter filter;
+    
+    public TestPublicSuffixListParser(String testName) {
+        super(testName);
+        try {
+            Reader r = new InputStreamReader(getClass().getResourceAsStream(LIST_FILE), "UTF-8");
+            filter = new PublicSuffixFilter(new RFC2109DomainHandler());
+            PublicSuffixListParser parser = new PublicSuffixListParser(filter);
+            parser.parse(r);
+        } catch (IOException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        }        
+    }
+
+    public static Test suite() {
+        return new TestSuite(TestPublicSuffixListParser.class);
+    }
+
+    public static void main(String args[]) {
+        String[] testCaseName = { TestPublicSuffixListParser.class.getName() };
+        junit.textui.TestRunner.main(testCaseName);
+    }    
+    
+    public void testParse() throws Exception {
+        BasicClientCookie cookie = new BasicClientCookie("name", "value");
+        
+        cookie.setDomain(".jp");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.jp", 80, "/stuff", false)));
+        
+        cookie.setDomain(".ac.jp");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.ac.jp", 80, "/stuff", false)));
+        
+        cookie.setDomain(".any.tokyo.jp");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.any.tokyo.jp", 80, "/stuff", false)));
+        
+        // exception
+        cookie.setDomain(".metro.tokyo.jp");
+        assertTrue(filter.match(cookie, new CookieOrigin("apache.metro.tokyo.jp", 80, "/stuff", false)));
+    }
+    
+    public void testUnicode() throws Exception {
+        BasicClientCookie cookie = new BasicClientCookie("name", "value");
+        
+        cookie.setDomain(".h\u00E5.no"); // \u00E5 is <aring>
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.h\u00E5.no", 80, "/stuff", false)));
+        
+        cookie.setDomain(".xn--h-2fa.no");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.xn--h-2fa.no", 80, "/stuff", false)));
+        
+        cookie.setDomain(".h\u00E5.no");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.xn--h-2fa.no", 80, "/stuff", false)));
+        
+        cookie.setDomain(".xn--h-2fa.no");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.h\u00E5.no", 80, "/stuff", false)));
+    }
+    
+    public void testWhitespace() throws Exception {
+        BasicClientCookie cookie = new BasicClientCookie("name", "value");
+        cookie.setDomain(".xx");
+        assertFalse(filter.match(cookie, new CookieOrigin("apache.xx", 80, "/stuff", false)));
+        
+        // yy appears after whitespace
+        cookie.setDomain(".yy");
+        assertTrue(filter.match(cookie, new CookieOrigin("apache.yy", 80, "/stuff", false)));
+        
+        // zz is commented
+        cookie.setDomain(".zz");
+        assertTrue(filter.match(cookie, new CookieOrigin("apache.zz", 80, "/stuff", false)));
+    }
+}
--- a/module-client/src/test/java/org/apache/http/impl/cookie/suffixlist.txt
+++ b/module-client/src/test/java/org/apache/http/impl/cookie/suffixlist.txt
@ -0,0 +1,13 @@
+jp
+ac.jp
+*.tokyo.jp
+!metro.tokyo.jp
+
+// unicode
+no
+hå.no
+
+
+// invalid
+xx yy
+//zz