diff options
4 files changed, 156 insertions, 0 deletions
diff --git a/Userland/Libraries/LibWeb/CMakeLists.txt b/Userland/Libraries/LibWeb/CMakeLists.txt index 1de1f4554e..4ae2d2db43 100644 --- a/Userland/Libraries/LibWeb/CMakeLists.txt +++ b/Userland/Libraries/LibWeb/CMakeLists.txt @@ -131,6 +131,7 @@ set(SOURCES Fetch/Infrastructure/HTTP/Requests.cpp Fetch/Infrastructure/HTTP/Responses.cpp Fetch/Infrastructure/HTTP/Statuses.cpp + Fetch/Infrastructure/PortBlocking.cpp Fetch/Infrastructure/URL.cpp Fetch/Request.cpp Fetch/Response.cpp diff --git a/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.cpp b/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.cpp new file mode 100644 index 0000000000..bdfc572c38 --- /dev/null +++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.cpp @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2022, Linus Groh <linusg@serenityos.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <AK/Array.h> +#include <AK/BinarySearch.h> +#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h> +#include <LibWeb/Fetch/Infrastructure/PortBlocking.h> +#include <LibWeb/Fetch/Infrastructure/URL.h> + +namespace Web::Fetch::Infrastructure { + +// https://fetch.spec.whatwg.org/#block-bad-port +RequestOrResponseBlocking block_bad_port(Request const& request) +{ + // 1. Let url be request’s current URL. + auto const& url = request.current_url(); + + // 2. If url’s scheme is an HTTP(S) scheme and url’s port is a bad port, then return blocked. + if (is_http_or_https_scheme(url.scheme()) && url.port().has_value() && is_bad_port(*url.port())) + return RequestOrResponseBlocking::Blocked; + + // 3. Return allowed. + return RequestOrResponseBlocking::Allowed; +} + +// https://fetch.spec.whatwg.org/#bad-port +bool is_bad_port(u16 port) +{ + // A port is a bad port if it is listed in the first column of the following table. + static constexpr auto bad_ports = Array { + 1, // tcpmux + 7, // echo + 9, // discard + 11, // systat + 13, // daytime + 15, // netstat + 17, // qotd + 19, // chargen + 20, // ftp-data + 21, // ftp + 22, // ssh + 23, // telnet + 25, // smtp + 37, // time + 42, // name + 43, // nicname + 53, // domain + 69, // tftp + 77, // — + 79, // finger + 87, // — + 95, // supdup + 101, // hostname + 102, // iso-tsap + 103, // gppitnp + 104, // acr-nema + 109, // pop2 + 110, // pop3 + 111, // sunrpc + 113, // auth + 115, // sftp + 117, // uucp-path + 119, // nntp + 123, // ntp + 135, // epmap + 137, // netbios-ns + 139, // netbios-ssn + 143, // imap + 161, // snmp + 179, // bgp + 389, // ldap + 427, // svrloc + 465, // submissions + 512, // exec + 513, // login + 514, // shell + 515, // printer + 526, // tempo + 530, // courier + 531, // chat + 532, // netnews + 540, // uucp + 548, // afp + 554, // rtsp + 556, // remotefs + 563, // nntps + 587, // submission + 601, // syslog-conn + 636, // ldaps + 989, // ftps-data + 990, // ftps + 993, // imaps + 995, // pop3s + 1719, // h323gatestat + 1720, // h323hostcall + 1723, // pptp + 2049, // nfs + 3659, // apple-sasl + 4045, // npp + 5060, // sip + 5061, // sips + 6000, // x11 + 6566, // sane-port + 6665, // ircu + 6666, // ircu + 6667, // ircu + 6668, // ircu + 6669, // ircu + 6697, // ircs-u + 10080, // amanda + }; + return binary_search(bad_ports.span(), port); +} + +} diff --git a/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.h b/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.h new file mode 100644 index 0000000000..c91bdd43ed --- /dev/null +++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/PortBlocking.h @@ -0,0 +1,18 @@ +/* + * Copyright (c) 2022, Linus Groh <linusg@serenityos.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include <AK/Forward.h> +#include <LibWeb/Fetch/Infrastructure/RequestOrResponseBlocking.h> +#include <LibWeb/Forward.h> + +namespace Web::Fetch::Infrastructure { + +[[nodiscard]] RequestOrResponseBlocking block_bad_port(Request const&); +[[nodiscard]] bool is_bad_port(u16); + +} diff --git a/Userland/Libraries/LibWeb/Fetch/Infrastructure/RequestOrResponseBlocking.h b/Userland/Libraries/LibWeb/Fetch/Infrastructure/RequestOrResponseBlocking.h new file mode 100644 index 0000000000..830f7fe4c6 --- /dev/null +++ b/Userland/Libraries/LibWeb/Fetch/Infrastructure/RequestOrResponseBlocking.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2022, Linus Groh <linusg@serenityos.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include <AK/Forward.h> +#include <LibWeb/Forward.h> + +namespace Web::Fetch::Infrastructure { + +enum class RequestOrResponseBlocking { + Blocked, + Allowed, +}; + +} |