blob: bf5b9010ccc0f16adf5ed59f563c73a326893088 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "webkit/database/database_util.h"
#include "base/string_util.h"
#include "third_party/WebKit/WebKit/chromium/public/WebSecurityOrigin.h"
#include "third_party/WebKit/WebKit/chromium/public/WebString.h"
#include "webkit/database/database_tracker.h"
#include "webkit/database/vfs_backend.h"
namespace webkit_database {
bool DatabaseUtil::CrackVfsFileName(const string16& vfs_file_name,
string16* origin_identifier,
string16* database_name,
string16* sqlite_suffix) {
// 'vfs_file_name' is of the form <origin_identifier>/<db_name>#<suffix>.
// <suffix> is optional.
DCHECK(!vfs_file_name.empty());
size_t first_slash_index = vfs_file_name.find('/');
size_t last_pound_index = vfs_file_name.rfind('#');
// '/' and '#' must be present in the string. Also, the string cannot start
// with a '/' (origin_identifier cannot be empty) and '/' must come before '#'
if ((first_slash_index == string16::npos) ||
(last_pound_index == string16::npos) ||
(first_slash_index == 0) ||
(first_slash_index > last_pound_index)) {
return false;
}
if (origin_identifier)
*origin_identifier = vfs_file_name.substr(0, first_slash_index);
if (database_name) {
*database_name = vfs_file_name.substr(
first_slash_index + 1, last_pound_index - first_slash_index - 1);
}
if (sqlite_suffix) {
*sqlite_suffix = vfs_file_name.substr(
last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1);
}
return true;
}
FilePath DatabaseUtil::GetFullFilePathForVfsFile(
DatabaseTracker* db_tracker, const string16& vfs_file_name) {
string16 origin_identifier;
string16 database_name;
string16 sqlite_suffix;
if (!CrackVfsFileName(vfs_file_name, &origin_identifier,
&database_name, &sqlite_suffix)) {
return FilePath(); // invalid vfs_file_name
}
FilePath full_path = db_tracker->GetFullDBFilePath(
origin_identifier, database_name);
if (!full_path.empty() && !sqlite_suffix.empty()) {
full_path = FilePath::FromWStringHack(
full_path.ToWStringHack() + UTF16ToWide(sqlite_suffix));
}
// Watch out for directory traversal attempts from a compromised renderer.
if (full_path.value().find(FILE_PATH_LITERAL("..")) !=
FilePath::StringType::npos)
return FilePath();
return full_path;
}
string16 DatabaseUtil::GetOriginIdentifier(const GURL& url) {
string16 spec = UTF8ToUTF16(url.spec());
return WebKit::WebSecurityOrigin::createFromString(spec).databaseIdentifier();
}
} // namespace webkit_database
|