| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_ |
| #define NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_ |
| |
| #include <stddef.h> |
| |
| #include <vector> |
| |
| #include "base/macros.h" |
| #include "base/strings/string_piece.h" |
| #include "net/base/net_export.h" |
| |
| namespace net { |
| |
| class HttpStatusLineValidator { |
| public: |
| // RFC 7230 S3.1.2: |
| // status-line = HTTP-version SP status-code SP reason-phrase CRLF |
| // status-code = 3DIGIT |
| // reason-phrase = *( HTAB / SP / VCHAR / obs-text ) |
| // And from RFC 7230 S2.6: |
| // HTTP-version = HTTP-name "/" DIGIT "." DIGIT |
| // HTTP-name = "\x48\x54\x54\x50" ; ie, "HTTP" in uppercase |
| enum StatusLineStatus { |
| // No violations found. |
| STATUS_LINE_OK = 0, |
| // "" |
| STATUS_LINE_EMPTY = 1, |
| // "xyzzy" |
| STATUS_LINE_NOT_HTTP = 2, |
| // "HtTp/1.1 ..." |
| STATUS_LINE_HTTP_CASE_MISMATCH = 3, |
| // "HTTP" or "HTTP/" |
| STATUS_LINE_HTTP_NO_VERSION = 4, |
| // "HTTP/abc" or "HTTP/1" or "HTTP/1." |
| STATUS_LINE_INVALID_VERSION = 5, |
| // "HTTP/1.234 ..." |
| STATUS_LINE_MULTI_DIGIT_VERSION = 6, |
| // "HTTP/3.0 ..." |
| STATUS_LINE_UNKNOWN_VERSION = 7, |
| // "HTTP/0.9 ..." |
| STATUS_LINE_EXPLICIT_0_9 = 8, |
| // "HTTP/1.1" |
| STATUS_LINE_MISSING_STATUS_CODE = 9, |
| // "HTTP/1.1 abc" |
| STATUS_LINE_INVALID_STATUS_CODE = 10, |
| // "HTTP/1.1 123a" |
| STATUS_LINE_STATUS_CODE_TRAILING = 11, |
| // "HTTP/1.1 404", note that "HTTP/1.1 404 " is a valid empty reason phrase |
| STATUS_LINE_MISSING_REASON_PHRASE = 12, |
| // "HTTP/1.1 200 \x01" |
| STATUS_LINE_REASON_DISALLOWED_CHARACTER = 13, |
| // "HTTP/1.1 200 OK" |
| STATUS_LINE_EXCESS_WHITESPACE = 14, |
| // "HTTP/1.1 600 OK" |
| STATUS_LINE_RESERVED_STATUS_CODE = 15, |
| |
| STATUS_LINE_MAX |
| }; |
| |
| // Checks for violations of the RFC 7230 S3.1.2 status-line grammar, and |
| // returns the first violation found, or STATUS_LINE_OK if the status line |
| // looks conforming. |
| static StatusLineStatus NET_EXPORT_PRIVATE ValidateStatusLine( |
| const base::StringPiece& status_line); |
| |
| private: |
| static StatusLineStatus CheckHttpVersionSyntax( |
| const base::StringPiece& version); |
| static StatusLineStatus CheckStatusCodeSyntax( |
| const base::StringPiece& status_code); |
| // Checks |fields| against the reason-phrase syntax in RFC 7230 S3.1.2, ie: |
| // reason-phrase = *( HTAB / SP / VCHAR / obs-text ) |
| // Note that the HTTP stream parser ignores the reason-phrase entirely, so |
| // this check is needlessly pedantic. |
| static StatusLineStatus CheckReasonPhraseSyntax( |
| const std::vector<base::StringPiece>& fields, |
| size_t start_index); |
| |
| DISALLOW_IMPLICIT_CONSTRUCTORS(HttpStatusLineValidator); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_ |