Opera 12.15 Source Code
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. // -*- Mode: c++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  2. //
  3. // Copyright (C) Opera Software AS. All rights reserved.
  4. //
  5. // This file is part of the Opera web browser. It may not be distributed
  6. // under any circumstances.
  7. #ifndef DOCHAND_FRAUD_CHECK_H
  8. #define DOCHAND_FRAUD_CHECK_H
  9. #ifdef TRUST_RATING
  10. class XMLParser;
  11. #include "modules/xmlutils/xmltokenhandler.h"
  12. #include "modules/xmlutils/xmlparser.h"
  13. #include "modules/about/opgenerateddocument.h"
  14. #include "modules/url/url2.h"
  15. #include "modules/url/url_sn.h"
  16. #include "modules/pi/network/OpHostResolver.h"
  17. #include "modules/security_manager/include/security_manager.h"
  18. #define SITECHECK_HOST "sitecheck2.opera.com" ///< hostname of server to contact for sitecheck
  19. #define SITECHECK_HDN_SUFFIX "-Oscar0308" ///< suffix used for the hdn parametre of the check
  20. #define PHISHING_WARNING_URL "opera:site-warning" ///< URL of generated page used for warning agains phishing sites and sites distributing malware
  21. #define PHISHING_WARNING_URL_PATH "site-warning"
  22. #define FRAUD_CHECK_MINIMUM_GRACE_PERIOD (4 * 60 * 1000) // 4 minutes in milliseconds
  23. #define FRAUD_CHECK_MAXIMUM_GRACE_PERIOD (64 * 60 * 1000) // 64 minutes in milliseconds
  24. class TrustInfoParser;
  25. class ServerTrustChecker : public Link
  26. {
  27. public:
  28. ServerTrustChecker(UINT id, DocumentManager* docman);
  29. ~ServerTrustChecker();
  30. OP_STATUS Init(URL& url);
  31. OP_STATUS AddURL(URL& url);
  32. BOOL URLBelongsToThisServer(URL& url);
  33. BOOL IsCheckingURL(URL& url);
  34. OP_STATUS StartCheck(BOOL resolve_first);
  35. /// called by parser when it has the results. May block the page if
  36. /// one of the results is a fraud warning
  37. OP_STATUS CheckDone(BOOL check_succeeded);
  38. static OP_STATUS GetTrustRating(URL& url, TrustRating& rating, BOOL& needs_online_check);
  39. static OP_STATUS IsLocalURL(URL& url, BOOL& is_local, BOOL& need_to_resolve);
  40. UINT GetId() { return m_id; }
  41. protected:
  42. class URLCheck : public Link
  43. {
  44. public:
  45. URL url;
  46. unsigned type;
  47. };
  48. UINT m_id;
  49. URL m_initial_url;
  50. AutoDeleteHead m_checking_urls;
  51. TrustInfoParser* m_parser;
  52. ServerName* m_server_name;
  53. DocumentManager* m_docman;
  54. };
  55. class TrustInfoParser : public XMLTokenHandler, public XMLParser::Listener, public MessageObject
  56. {
  57. public:
  58. TrustInfoParser(ServerTrustChecker* checker, MessageHandler* mh);
  59. OP_STATUS Init();
  60. ~TrustInfoParser();
  61. /*
  62. * Public API - these static methods can safely be called from outside core
  63. * the other methods should not be called from outside core
  64. */
  65. /**
  66. * Generates the URL necessary for sending a request for checking a URL against
  67. * the sitecheck server.
  68. * @param url_to_check [in] The URL to be checked
  69. * @param request_url [out] The URL to sitecheck to use to check if the
  70. * first URL is a trusted site
  71. * @param request_info_page If TRUE the request will be one which returns
  72. * a HTML page with the result which can be displayed
  73. * in the UI. If FALSE the result will be a XML page
  74. * which this class can parse itself.
  75. * @param unused Unused parameter, will be removed
  76. * @return If the return status is OpStatus::OK then the request_url
  77. * is valid.
  78. */
  79. static OP_STATUS GenerateRequestURL(URL& url_to_check, URL& request_url, BOOL request_info_page=TRUE, const char* unused=NULL);
  80. /**
  81. * Generates a base64-encoded MD5-hash from the full path.
  82. * @param to_generate_hash_from the URL path to generate a MD5-hash from
  83. * @param hash The string were the hash will be returned
  84. */
  85. static OP_STATUS GenerateURLHash(URL& to_generate_hash_from, OpString8& hash);
  86. static OP_STATUS GetNormalizedHostname(URL& url, OpString8& hostname);
  87. /** Calculates the MD5 hash of the buffer and writes it as a base64
  88. * encoded line
  89. * @param input The string to take make a hash value from
  90. * @param md5hash The resulting md5-hash. Will be newly allocated memory which
  91. * has to be delete[]-ed if the return status is OpStatus::OK
  92. * @param url_escape_hash If TRUE then pluses in the hash will be escaped as %2B,
  93. * safe for use in an URL.
  94. */
  95. static OP_STATUS CalculateMD5Hash(const char* input, char*& md5hash, BOOL url_escape_hash);
  96. static OP_STATUS CalculateMD5Hash(OpString& input, char*& md5hash, BOOL url_escape_hash);
  97. /*
  98. * End of public API
  99. * Don't call any of the methods below from outside core (and preferably not from outside doc or xmlparser)
  100. */
  101. /** Will escape all pluses with %2Bs in string.
  102. * If there are no characters to escape then it returns the same string
  103. *
  104. * Else it will return a new[]-ed string which is escaped (or NULL on OOM)
  105. * and *** string will be deleted[]! ***/
  106. static char* EscapePluses(char* string);
  107. OP_STATUS CheckURL(URL& url_to_check, const char* unused=NULL);
  108. static OP_BOOLEAN RegExpMatchUrl(const uni_char* reg_exp, const uni_char* url);
  109. /* Does this URL match one of the blacklisted URLs/regexps for this
  110. * server */
  111. static OP_BOOLEAN MatchesUntrustedURL(const uni_char* url_string, ServerName* server_name
  112. , const uni_char **matching_text = NULL);
  113. OP_STATUS ResolveThenCheckURL(URL& url_to_check, const char* full_path_hash);
  114. BOOL IsCheckingServerName(ServerName*);
  115. void SetId(UINT id);
  116. // Callbacks from XML parser
  117. Result HandleToken(XMLToken &token);
  118. void Continue(XMLParser* parser);
  119. void Stopped(XMLParser* parser);
  120. // Token handlers:
  121. OP_STATUS HandleTextToken(XMLToken &token);
  122. OP_STATUS HandleStartTagToken(XMLToken &token);
  123. OP_STATUS HandleEndTagToken(XMLToken &token);
  124. // Callback for MessageObject's MSG_COMM_LOADING_FAILED and MSG_COMM_NAMERESOLVED.
  125. void HandleCallback(OpMessage msg, MH_PARAM_1 par1, MH_PARAM_2 par2);
  126. void OnHostResolved(OpSocketAddress* address);
  127. class Advisory : public Link
  128. {
  129. public:
  130. Advisory() :
  131. homepage_url(NULL),
  132. advisory_url(NULL),
  133. text(NULL),
  134. type(0),
  135. id(0)
  136. {}
  137. ~Advisory()
  138. {
  139. OP_DELETEA(homepage_url);
  140. OP_DELETEA(advisory_url);
  141. OP_DELETEA(text);
  142. }
  143. uni_char *homepage_url;
  144. uni_char *advisory_url;
  145. uni_char *text;
  146. unsigned type;
  147. unsigned id;
  148. };
  149. class UrlListItem : public Link
  150. {
  151. public:
  152. UrlListItem() :
  153. url(NULL),
  154. src(0)
  155. {}
  156. ~UrlListItem()
  157. {
  158. OP_DELETEA(url);
  159. }
  160. uni_char *url;
  161. unsigned src;
  162. };
  163. Advisory* GetAdvisory(const uni_char *matching_text);
  164. const Head& GetAdvisoryList() const { return m_advisory_list; }
  165. protected:
  166. enum ElementType
  167. {
  168. TrustLevelElement,
  169. HostElement,
  170. PhElement,
  171. ClientExpireElement,
  172. RegExpElement,
  173. UrlElement,
  174. SourceElement,
  175. OtherElement
  176. };
  177. static OP_STATUS NormalizeURL(URL& url, OpString8& normalized_url, OpString8& normalized_hostname);
  178. ServerTrustChecker* m_checker;
  179. XMLParser* m_xml_parser;
  180. ElementType m_current_element;
  181. URL m_host_url;
  182. BOOL m_in_blacklist;
  183. MessageHandler* m_message_handler;
  184. OpSecurityState m_state;
  185. OpString8 m_full_path_hash;
  186. Advisory *m_current_advisory;
  187. UrlListItem *m_current_url;
  188. Head m_advisory_list;
  189. Head m_url_list;
  190. };
  191. #endif // TRUST_RATING
  192. #endif /*DOCHAND_FRAUD_CHECK_H*/