1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/350788890): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include "url/gurl.h"
11
12 #include <stddef.h>
13
14 #include <algorithm>
15 #include <memory>
16 #include <ostream>
17 #include <string_view>
18 #include <utility>
19
20 #include "base/check_op.h"
21 #include "base/no_destructor.h"
22 #include "base/notreached.h"
23 #include "base/strings/string_util.h"
24 #include "base/trace_event/base_tracing.h"
25 #include "base/trace_event/memory_usage_estimator.h"
26 #include "url/url_canon_stdstring.h"
27 #include "url/url_util.h"
28
GURL()29 GURL::GURL() : is_valid_(false) {
30 }
31
GURL(const GURL & other)32 GURL::GURL(const GURL& other)
33 : spec_(other.spec_),
34 is_valid_(other.is_valid_),
35 parsed_(other.parsed_) {
36 if (other.inner_url_)
37 inner_url_ = std::make_unique<GURL>(*other.inner_url_);
38 // Valid filesystem urls should always have an inner_url_.
39 DCHECK(!is_valid_ || !SchemeIsFileSystem() || inner_url_);
40 }
41
GURL(GURL && other)42 GURL::GURL(GURL&& other) noexcept
43 : spec_(std::move(other.spec_)),
44 is_valid_(other.is_valid_),
45 parsed_(other.parsed_),
46 inner_url_(std::move(other.inner_url_)) {
47 other.is_valid_ = false;
48 other.parsed_ = url::Parsed();
49 }
50
GURL(std::string_view url_string)51 GURL::GURL(std::string_view url_string) {
52 InitCanonical(url_string, true);
53 }
54
GURL(std::u16string_view url_string)55 GURL::GURL(std::u16string_view url_string) {
56 InitCanonical(url_string, true);
57 }
58
GURL(const std::string & url_string,RetainWhiteSpaceSelector)59 GURL::GURL(const std::string& url_string, RetainWhiteSpaceSelector) {
60 InitCanonical(url_string, false);
61 }
62
GURL(const char * canonical_spec,size_t canonical_spec_len,const url::Parsed & parsed,bool is_valid)63 GURL::GURL(const char* canonical_spec,
64 size_t canonical_spec_len,
65 const url::Parsed& parsed,
66 bool is_valid)
67 : spec_(canonical_spec, canonical_spec_len),
68 is_valid_(is_valid),
69 parsed_(parsed) {
70 InitializeFromCanonicalSpec();
71 }
72
GURL(std::string canonical_spec,const url::Parsed & parsed,bool is_valid)73 GURL::GURL(std::string canonical_spec, const url::Parsed& parsed, bool is_valid)
74 : spec_(std::move(canonical_spec)), is_valid_(is_valid), parsed_(parsed) {
75 InitializeFromCanonicalSpec();
76 }
77
78 template <typename T, typename CharT>
InitCanonical(T input_spec,bool trim_path_end)79 void GURL::InitCanonical(T input_spec, bool trim_path_end) {
80 url::StdStringCanonOutput output(&spec_);
81 is_valid_ = url::Canonicalize(
82 input_spec.data(), static_cast<int>(input_spec.length()), trim_path_end,
83 NULL, &output, &parsed_);
84
85 output.Complete(); // Must be done before using string.
86 if (is_valid_ && SchemeIsFileSystem()) {
87 inner_url_ = std::make_unique<GURL>(spec_.data(), parsed_.Length(),
88 *parsed_.inner_parsed(), true);
89 }
90 // Valid URLs always have non-empty specs.
91 DCHECK(!is_valid_ || !spec_.empty());
92 }
93
InitializeFromCanonicalSpec()94 void GURL::InitializeFromCanonicalSpec() {
95 if (is_valid_ && SchemeIsFileSystem()) {
96 inner_url_ = std::make_unique<GURL>(spec_.data(), parsed_.Length(),
97 *parsed_.inner_parsed(), true);
98 }
99
100 #ifndef NDEBUG
101 // For testing purposes, check that the parsed canonical URL is identical to
102 // what we would have produced. Skip checking for invalid URLs have no meaning
103 // and we can't always canonicalize then reproducibly.
104 if (is_valid_) {
105 DCHECK(!spec_.empty());
106 url::Component scheme;
107 // We can't do this check on the inner_url of a filesystem URL, as
108 // canonical_spec actually points to the start of the outer URL, so we'd
109 // end up with infinite recursion in this constructor.
110 if (!url::FindAndCompareScheme(spec_.data(), spec_.length(),
111 url::kFileSystemScheme, &scheme) ||
112 scheme.begin == parsed_.scheme.begin) {
113 // We need to retain trailing whitespace on path URLs, as the |parsed_|
114 // spec we originally received may legitimately contain trailing white-
115 // space on the path or components e.g. if the #ref has been
116 // removed from a "foo:hello #ref" URL (see http://crbug.com/291747).
117 GURL test_url(spec_, RETAIN_TRAILING_PATH_WHITEPACE);
118
119 DCHECK_EQ(test_url.is_valid_, is_valid_);
120 DCHECK_EQ(test_url.spec_, spec_);
121
122 DCHECK_EQ(test_url.parsed_.scheme, parsed_.scheme);
123 DCHECK_EQ(test_url.parsed_.username, parsed_.username);
124 DCHECK_EQ(test_url.parsed_.password, parsed_.password);
125 DCHECK_EQ(test_url.parsed_.host, parsed_.host);
126 DCHECK_EQ(test_url.parsed_.port, parsed_.port);
127 DCHECK_EQ(test_url.parsed_.path, parsed_.path);
128 DCHECK_EQ(test_url.parsed_.query, parsed_.query);
129 DCHECK_EQ(test_url.parsed_.ref, parsed_.ref);
130 }
131 }
132 #endif
133 }
134
135 GURL::~GURL() = default;
136
operator =(const GURL & other)137 GURL& GURL::operator=(const GURL& other) {
138 spec_ = other.spec_;
139 is_valid_ = other.is_valid_;
140 parsed_ = other.parsed_;
141
142 if (!other.inner_url_)
143 inner_url_.reset();
144 else if (inner_url_)
145 *inner_url_ = *other.inner_url_;
146 else
147 inner_url_ = std::make_unique<GURL>(*other.inner_url_);
148
149 return *this;
150 }
151
operator =(GURL && other)152 GURL& GURL::operator=(GURL&& other) noexcept {
153 spec_ = std::move(other.spec_);
154 is_valid_ = other.is_valid_;
155 parsed_ = other.parsed_;
156 inner_url_ = std::move(other.inner_url_);
157
158 other.is_valid_ = false;
159 other.parsed_ = url::Parsed();
160 return *this;
161 }
162
spec() const163 const std::string& GURL::spec() const {
164 if (is_valid_ || spec_.empty())
165 return spec_;
166
167 // TODO(crbug.com/40580068): Make sure this no longer hits before making
168 // NOTREACHED();
169 DUMP_WILL_BE_NOTREACHED() << "Trying to get the spec of an invalid URL!";
170 return base::EmptyString();
171 }
172
173 // Note: code duplicated below (it's inconvenient to use a template here).
Resolve(std::string_view relative) const174 GURL GURL::Resolve(std::string_view relative) const {
175 // Not allowed for invalid URLs.
176 if (!is_valid_)
177 return GURL();
178
179 GURL result;
180 url::StdStringCanonOutput output(&result.spec_);
181 if (!url::ResolveRelative(spec_.data(), static_cast<int>(spec_.length()),
182 parsed_, relative.data(),
183 static_cast<int>(relative.length()),
184 nullptr, &output, &result.parsed_)) {
185 // Error resolving, return an empty URL.
186 return GURL();
187 }
188
189 output.Complete();
190 result.is_valid_ = true;
191 if (result.SchemeIsFileSystem()) {
192 result.inner_url_ =
193 std::make_unique<GURL>(result.spec_.data(), result.parsed_.Length(),
194 *result.parsed_.inner_parsed(), true);
195 }
196 return result;
197 }
198
199 // Note: code duplicated above (it's inconvenient to use a template here).
Resolve(std::u16string_view relative) const200 GURL GURL::Resolve(std::u16string_view relative) const {
201 // Not allowed for invalid URLs.
202 if (!is_valid_)
203 return GURL();
204
205 GURL result;
206 url::StdStringCanonOutput output(&result.spec_);
207 if (!url::ResolveRelative(spec_.data(), static_cast<int>(spec_.length()),
208 parsed_, relative.data(),
209 static_cast<int>(relative.length()),
210 nullptr, &output, &result.parsed_)) {
211 // Error resolving, return an empty URL.
212 return GURL();
213 }
214
215 output.Complete();
216 result.is_valid_ = true;
217 if (result.SchemeIsFileSystem()) {
218 result.inner_url_ =
219 std::make_unique<GURL>(result.spec_.data(), result.parsed_.Length(),
220 *result.parsed_.inner_parsed(), true);
221 }
222 return result;
223 }
224
225 // Note: code duplicated below (it's inconvenient to use a template here).
ReplaceComponents(const Replacements & replacements) const226 GURL GURL::ReplaceComponents(const Replacements& replacements) const {
227 GURL result;
228
229 // Not allowed for invalid URLs.
230 if (!is_valid_)
231 return GURL();
232
233 url::StdStringCanonOutput output(&result.spec_);
234 result.is_valid_ = url::ReplaceComponents(
235 spec_.data(), static_cast<int>(spec_.length()), parsed_, replacements,
236 NULL, &output, &result.parsed_);
237
238 output.Complete();
239
240 result.ProcessFileSystemURLAfterReplaceComponents();
241 return result;
242 }
243
244 // Note: code duplicated above (it's inconvenient to use a template here).
ReplaceComponents(const ReplacementsW & replacements) const245 GURL GURL::ReplaceComponents(const ReplacementsW& replacements) const {
246 GURL result;
247
248 // Not allowed for invalid URLs.
249 if (!is_valid_)
250 return GURL();
251
252 url::StdStringCanonOutput output(&result.spec_);
253 result.is_valid_ = url::ReplaceComponents(
254 spec_.data(), static_cast<int>(spec_.length()), parsed_, replacements,
255 NULL, &output, &result.parsed_);
256
257 output.Complete();
258
259 result.ProcessFileSystemURLAfterReplaceComponents();
260
261 return result;
262 }
263
ProcessFileSystemURLAfterReplaceComponents()264 void GURL::ProcessFileSystemURLAfterReplaceComponents() {
265 if (!is_valid_)
266 return;
267 if (SchemeIsFileSystem()) {
268 inner_url_ = std::make_unique<GURL>(spec_.data(), parsed_.Length(),
269 *parsed_.inner_parsed(), true);
270 }
271 }
272
DeprecatedGetOriginAsURL() const273 GURL GURL::DeprecatedGetOriginAsURL() const {
274 // This doesn't make sense for invalid or nonstandard URLs, so return
275 // the empty URL.
276 if (!is_valid_ || !IsStandard())
277 return GURL();
278
279 if (SchemeIsFileSystem())
280 return inner_url_->DeprecatedGetOriginAsURL();
281
282 Replacements replacements;
283 replacements.ClearUsername();
284 replacements.ClearPassword();
285 replacements.ClearPath();
286 replacements.ClearQuery();
287 replacements.ClearRef();
288
289 return ReplaceComponents(replacements);
290 }
291
GetAsReferrer() const292 GURL GURL::GetAsReferrer() const {
293 if (!is_valid() || !IsReferrerScheme(spec_.data(), parsed_.scheme))
294 return GURL();
295
296 if (!has_ref() && !has_username() && !has_password())
297 return GURL(*this);
298
299 Replacements replacements;
300 replacements.ClearRef();
301 replacements.ClearUsername();
302 replacements.ClearPassword();
303 return ReplaceComponents(replacements);
304 }
305
GetWithEmptyPath() const306 GURL GURL::GetWithEmptyPath() const {
307 // This doesn't make sense for invalid or nonstandard URLs, so return
308 // the empty URL.
309 if (!is_valid_ || !IsStandard())
310 return GURL();
311
312 // We could optimize this since we know that the URL is canonical, and we are
313 // appending a canonical path, so avoiding re-parsing.
314 GURL other(*this);
315 if (parsed_.path.len == 0)
316 return other;
317
318 // Clear everything after the path.
319 other.parsed_.query.reset();
320 other.parsed_.ref.reset();
321
322 // Set the path, since the path is longer than one, we can just set the
323 // first character and resize.
324 other.spec_[other.parsed_.path.begin] = '/';
325 other.parsed_.path.len = 1;
326 other.spec_.resize(other.parsed_.path.begin + 1);
327 return other;
328 }
329
GetWithoutFilename() const330 GURL GURL::GetWithoutFilename() const {
331 return Resolve(".");
332 }
333
GetWithoutRef() const334 GURL GURL::GetWithoutRef() const {
335 if (!has_ref())
336 return GURL(*this);
337
338 Replacements replacements;
339 replacements.ClearRef();
340 return ReplaceComponents(replacements);
341 }
342
IsStandard() const343 bool GURL::IsStandard() const {
344 return url::IsStandard(spec_.data(), parsed_.scheme);
345 }
346
IsAboutBlank() const347 bool GURL::IsAboutBlank() const {
348 return IsAboutUrl(url::kAboutBlankPath);
349 }
350
IsAboutSrcdoc() const351 bool GURL::IsAboutSrcdoc() const {
352 return IsAboutUrl(url::kAboutSrcdocPath);
353 }
354
SchemeIs(std::string_view lower_ascii_scheme) const355 bool GURL::SchemeIs(std::string_view lower_ascii_scheme) const {
356 DCHECK(base::IsStringASCII(lower_ascii_scheme));
357 DCHECK(base::ToLowerASCII(lower_ascii_scheme) == lower_ascii_scheme);
358
359 if (!has_scheme())
360 return lower_ascii_scheme.empty();
361 return scheme_piece() == lower_ascii_scheme;
362 }
363
SchemeIsHTTPOrHTTPS() const364 bool GURL::SchemeIsHTTPOrHTTPS() const {
365 return SchemeIs(url::kHttpsScheme) || SchemeIs(url::kHttpScheme);
366 }
367
SchemeIsWSOrWSS() const368 bool GURL::SchemeIsWSOrWSS() const {
369 return SchemeIs(url::kWsScheme) || SchemeIs(url::kWssScheme);
370 }
371
SchemeIsCryptographic() const372 bool GURL::SchemeIsCryptographic() const {
373 if (!has_scheme())
374 return false;
375 return SchemeIsCryptographic(scheme_piece());
376 }
377
SchemeIsCryptographic(std::string_view lower_ascii_scheme)378 bool GURL::SchemeIsCryptographic(std::string_view lower_ascii_scheme) {
379 DCHECK(base::IsStringASCII(lower_ascii_scheme));
380 DCHECK(base::ToLowerASCII(lower_ascii_scheme) == lower_ascii_scheme);
381
382 return lower_ascii_scheme == url::kHttpsScheme ||
383 lower_ascii_scheme == url::kWssScheme;
384 }
385
SchemeIsLocal() const386 bool GURL::SchemeIsLocal() const {
387 // The `filesystem:` scheme is not in the Fetch spec, but Chromium still
388 // supports it in large part. It should be treated as a local scheme too.
389 return SchemeIs(url::kAboutScheme) || SchemeIs(url::kBlobScheme) ||
390 SchemeIs(url::kDataScheme) || SchemeIs(url::kFileSystemScheme);
391 }
392
IntPort() const393 int GURL::IntPort() const {
394 if (parsed_.port.is_nonempty())
395 return url::ParsePort(spec_.data(), parsed_.port);
396 return url::PORT_UNSPECIFIED;
397 }
398
EffectiveIntPort() const399 int GURL::EffectiveIntPort() const {
400 int int_port = IntPort();
401 if (int_port == url::PORT_UNSPECIFIED && IsStandard())
402 return url::DefaultPortForScheme(std::string_view(
403 spec_.data() + parsed_.scheme.begin, parsed_.scheme.len));
404 return int_port;
405 }
406
ExtractFileName() const407 std::string GURL::ExtractFileName() const {
408 url::Component file_component;
409 url::ExtractFileName(spec_.data(), parsed_.path, &file_component);
410 return ComponentString(file_component);
411 }
412
PathForRequestPiece() const413 std::string_view GURL::PathForRequestPiece() const {
414 DCHECK(parsed_.path.is_nonempty())
415 << "Canonical path for requests should be non-empty";
416 if (parsed_.ref.is_valid()) {
417 // Clip off the reference when it exists. The reference starts after the
418 // #-sign, so we have to subtract one to also remove it.
419 return std::string_view(spec_).substr(
420 parsed_.path.begin, parsed_.ref.begin - parsed_.path.begin - 1);
421 }
422 // Compute the actual path length, rather than depending on the spec's
423 // terminator. If we're an inner_url, our spec continues on into our outer
424 // URL's path/query/ref.
425 int path_len = parsed_.path.len;
426 if (parsed_.query.is_valid())
427 path_len = parsed_.query.end() - parsed_.path.begin;
428
429 return std::string_view(spec_).substr(parsed_.path.begin, path_len);
430 }
431
PathForRequest() const432 std::string GURL::PathForRequest() const {
433 return std::string(PathForRequestPiece());
434 }
435
HostNoBrackets() const436 std::string GURL::HostNoBrackets() const {
437 return std::string(HostNoBracketsPiece());
438 }
439
HostNoBracketsPiece() const440 std::string_view GURL::HostNoBracketsPiece() const {
441 // If host looks like an IPv6 literal, strip the square brackets.
442 url::Component h(parsed_.host);
443 if (h.len >= 2 && spec_[h.begin] == '[' && spec_[h.end() - 1] == ']') {
444 h.begin++;
445 h.len -= 2;
446 }
447 return ComponentStringPiece(h);
448 }
449
GetContent() const450 std::string GURL::GetContent() const {
451 return std::string(GetContentPiece());
452 }
453
GetContentPiece() const454 std::string_view GURL::GetContentPiece() const {
455 if (!is_valid_)
456 return std::string_view();
457 url::Component content_component = parsed_.GetContent();
458 if (!SchemeIs(url::kJavaScriptScheme) && parsed_.ref.is_valid())
459 content_component.len -= parsed_.ref.len + 1;
460 return ComponentStringPiece(content_component);
461 }
462
HostIsIPAddress() const463 bool GURL::HostIsIPAddress() const {
464 return is_valid_ && url::HostIsIPAddress(host_piece());
465 }
466
EmptyGURL()467 const GURL& GURL::EmptyGURL() {
468 static base::NoDestructor<GURL> empty_gurl;
469 return *empty_gurl;
470 }
471
DomainIs(std::string_view canonical_domain) const472 bool GURL::DomainIs(std::string_view canonical_domain) const {
473 if (!is_valid_)
474 return false;
475
476 // FileSystem URLs have empty host_piece, so check this first.
477 if (inner_url_ && SchemeIsFileSystem())
478 return inner_url_->DomainIs(canonical_domain);
479 return url::DomainIs(host_piece(), canonical_domain);
480 }
481
EqualsIgnoringRef(const GURL & other) const482 bool GURL::EqualsIgnoringRef(const GURL& other) const {
483 int ref_position = parsed_.CountCharactersBefore(url::Parsed::REF, true);
484 int ref_position_other =
485 other.parsed_.CountCharactersBefore(url::Parsed::REF, true);
486 return std::string_view(spec_).substr(0, ref_position) ==
487 std::string_view(other.spec_).substr(0, ref_position_other);
488 }
489
Swap(GURL * other)490 void GURL::Swap(GURL* other) {
491 spec_.swap(other->spec_);
492 std::swap(is_valid_, other->is_valid_);
493 std::swap(parsed_, other->parsed_);
494 inner_url_.swap(other->inner_url_);
495 }
496
EstimateMemoryUsage() const497 size_t GURL::EstimateMemoryUsage() const {
498 return base::trace_event::EstimateMemoryUsage(spec_) +
499 base::trace_event::EstimateMemoryUsage(inner_url_) +
500 (parsed_.inner_parsed() ? sizeof(url::Parsed) : 0);
501 }
502
IsAboutUrl(std::string_view allowed_path) const503 bool GURL::IsAboutUrl(std::string_view allowed_path) const {
504 if (!SchemeIs(url::kAboutScheme))
505 return false;
506
507 if (has_host() || has_username() || has_password() || has_port())
508 return false;
509
510 return IsAboutPath(path_piece(), allowed_path);
511 }
512
513 // static
IsAboutPath(std::string_view actual_path,std::string_view allowed_path)514 bool GURL::IsAboutPath(std::string_view actual_path,
515 std::string_view allowed_path) {
516 if (!base::StartsWith(actual_path, allowed_path))
517 return false;
518
519 if (actual_path.size() == allowed_path.size()) {
520 DCHECK_EQ(actual_path, allowed_path);
521 return true;
522 }
523
524 if ((actual_path.size() == allowed_path.size() + 1) &&
525 actual_path.back() == '/') {
526 DCHECK_EQ(actual_path, std::string(allowed_path) + '/');
527 return true;
528 }
529
530 return false;
531 }
532
WriteIntoTrace(perfetto::TracedValue context) const533 void GURL::WriteIntoTrace(perfetto::TracedValue context) const {
534 std::move(context).WriteString(possibly_invalid_spec());
535 }
536
operator <<(std::ostream & out,const GURL & url)537 std::ostream& operator<<(std::ostream& out, const GURL& url) {
538 return out << url.possibly_invalid_spec();
539 }
540
operator ==(const GURL & x,const GURL & y)541 bool operator==(const GURL& x, const GURL& y) {
542 return x.possibly_invalid_spec() == y.possibly_invalid_spec();
543 }
544
operator ==(const GURL & x,std::string_view spec)545 bool operator==(const GURL& x, std::string_view spec) {
546 DCHECK_EQ(GURL(spec).possibly_invalid_spec(), spec)
547 << "Comparisons of GURLs and strings must ensure as a precondition that "
548 "the string is fully canonicalized.";
549 return x.possibly_invalid_spec() == spec;
550 }
551
552 namespace url::debug {
553
ScopedUrlCrashKey(base::debug::CrashKeyString * crash_key,const GURL & url)554 ScopedUrlCrashKey::ScopedUrlCrashKey(base::debug::CrashKeyString* crash_key,
555 const GURL& url)
556 : scoped_string_value_(
557 crash_key,
558 url.is_empty() ? "<empty url>" : url.possibly_invalid_spec()) {}
559
560 ScopedUrlCrashKey::~ScopedUrlCrashKey() = default;
561
562 } // namespace url::debug
563