net/http/http_status_line_validator.h - chromium/src.git - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_
 #define NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_

 #include <stddef.h>

 #include <vector>

 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"

 namespace net {

 class HttpStatusLineValidator {
  public:
   // RFC 7230 S3.1.2:
   //   status-line = HTTP-version SP status-code SP reason-phrase CRLF
   //   status-code = 3DIGIT
   //   reason-phrase = *( HTAB / SP / VCHAR / obs-text )
   // And from RFC 7230 S2.6:
   //   HTTP-version = HTTP-name "/" DIGIT "." DIGIT
   //   HTTP-name = "\x48\x54\x54\x50" ; ie, "HTTP" in uppercase
   enum StatusLineStatus {
     // No violations found.
     STATUS_LINE_OK = 0,
     // ""
     STATUS_LINE_EMPTY = 1,
     // "xyzzy"
     STATUS_LINE_NOT_HTTP = 2,
     // "HtTp/1.1 ..."
     STATUS_LINE_HTTP_CASE_MISMATCH = 3,
     // "HTTP" or "HTTP/"
     STATUS_LINE_HTTP_NO_VERSION = 4,
     // "HTTP/abc" or "HTTP/1" or "HTTP/1."
     STATUS_LINE_INVALID_VERSION = 5,
     // "HTTP/1.234 ..."
     STATUS_LINE_MULTI_DIGIT_VERSION = 6,
     // "HTTP/3.0 ..."
     STATUS_LINE_UNKNOWN_VERSION = 7,
     // "HTTP/0.9 ..."
     STATUS_LINE_EXPLICIT_0_9 = 8,
     // "HTTP/1.1"
     STATUS_LINE_MISSING_STATUS_CODE = 9,
     // "HTTP/1.1 abc"
     STATUS_LINE_INVALID_STATUS_CODE = 10,
     // "HTTP/1.1 123a"
     STATUS_LINE_STATUS_CODE_TRAILING = 11,
     // "HTTP/1.1 404", note that "HTTP/1.1 404 " is a valid empty reason phrase
     STATUS_LINE_MISSING_REASON_PHRASE = 12,
     // "HTTP/1.1 200 \x01"
     STATUS_LINE_REASON_DISALLOWED_CHARACTER = 13,
     // "HTTP/1.1   200 OK"
     STATUS_LINE_EXCESS_WHITESPACE = 14,
     // "HTTP/1.1 600 OK"
     STATUS_LINE_RESERVED_STATUS_CODE = 15,

     STATUS_LINE_MAX
   };

   // Checks for violations of the RFC 7230 S3.1.2 status-line grammar, and
   // returns the first violation found, or STATUS_LINE_OK if the status line
   // looks conforming.
   static StatusLineStatus NET_EXPORT_PRIVATE ValidateStatusLine(
       const base::StringPiece& status_line);

  private:
   static StatusLineStatus CheckHttpVersionSyntax(
       const base::StringPiece& version);
   static StatusLineStatus CheckStatusCodeSyntax(
       const base::StringPiece& status_code);
   // Checks |fields| against the reason-phrase syntax in RFC 7230 S3.1.2, ie:
   //   reason-phrase = *( HTAB / SP / VCHAR / obs-text )
   // Note that the HTTP stream parser ignores the reason-phrase entirely, so
   // this check is needlessly pedantic.
   static StatusLineStatus CheckReasonPhraseSyntax(
       const std::vector<base::StringPiece>& fields,
       size_t start_index);

   DISALLOW_IMPLICIT_CONSTRUCTORS(HttpStatusLineValidator);
 };

 }  // namespace net

 #endif  // NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_
	#define NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_

	#include <stddef.h>

	#include <vector>

	#include "base/macros.h"
	#include "base/strings/string_piece.h"
	#include "net/base/net_export.h"

	namespace net {

	class HttpStatusLineValidator {
	public:
	// RFC 7230 S3.1.2:
	// status-line = HTTP-version SP status-code SP reason-phrase CRLF
	// status-code = 3DIGIT
	// reason-phrase = *( HTAB / SP / VCHAR / obs-text )
	// And from RFC 7230 S2.6:
	// HTTP-version = HTTP-name "/" DIGIT "." DIGIT
	// HTTP-name = "\x48\x54\x54\x50" ; ie, "HTTP" in uppercase
	enum StatusLineStatus {
	// No violations found.
	STATUS_LINE_OK = 0,
	// ""
	STATUS_LINE_EMPTY = 1,
	// "xyzzy"
	STATUS_LINE_NOT_HTTP = 2,
	// "HtTp/1.1 ..."
	STATUS_LINE_HTTP_CASE_MISMATCH = 3,
	// "HTTP" or "HTTP/"
	STATUS_LINE_HTTP_NO_VERSION = 4,
	// "HTTP/abc" or "HTTP/1" or "HTTP/1."
	STATUS_LINE_INVALID_VERSION = 5,
	// "HTTP/1.234 ..."
	STATUS_LINE_MULTI_DIGIT_VERSION = 6,
	// "HTTP/3.0 ..."
	STATUS_LINE_UNKNOWN_VERSION = 7,
	// "HTTP/0.9 ..."
	STATUS_LINE_EXPLICIT_0_9 = 8,
	// "HTTP/1.1"
	STATUS_LINE_MISSING_STATUS_CODE = 9,
	// "HTTP/1.1 abc"
	STATUS_LINE_INVALID_STATUS_CODE = 10,
	// "HTTP/1.1 123a"
	STATUS_LINE_STATUS_CODE_TRAILING = 11,
	// "HTTP/1.1 404", note that "HTTP/1.1 404 " is a valid empty reason phrase
	STATUS_LINE_MISSING_REASON_PHRASE = 12,
	// "HTTP/1.1 200 \x01"
	STATUS_LINE_REASON_DISALLOWED_CHARACTER = 13,
	// "HTTP/1.1 200 OK"
	STATUS_LINE_EXCESS_WHITESPACE = 14,
	// "HTTP/1.1 600 OK"
	STATUS_LINE_RESERVED_STATUS_CODE = 15,

	STATUS_LINE_MAX
	};

	// Checks for violations of the RFC 7230 S3.1.2 status-line grammar, and
	// returns the first violation found, or STATUS_LINE_OK if the status line
	// looks conforming.
	static StatusLineStatus NET_EXPORT_PRIVATE ValidateStatusLine(
	const base::StringPiece& status_line);

	private:
	static StatusLineStatus CheckHttpVersionSyntax(
	const base::StringPiece& version);
	static StatusLineStatus CheckStatusCodeSyntax(
	const base::StringPiece& status_code);
	// Checks \|fields\| against the reason-phrase syntax in RFC 7230 S3.1.2, ie:
	// reason-phrase = *( HTAB / SP / VCHAR / obs-text )
	// Note that the HTTP stream parser ignores the reason-phrase entirely, so
	// this check is needlessly pedantic.
	static StatusLineStatus CheckReasonPhraseSyntax(
	const std::vector<base::StringPiece>& fields,
	size_t start_index);

	DISALLOW_IMPLICIT_CONSTRUCTORS(HttpStatusLineValidator);
	};

	} // namespace net

	#endif // NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_