DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (d38398e5144e)

VCS Links

nsSecurityHeaderDirective

nsSecurityHeaderParser

Macros

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsSecurityHeaderParser_h
#define nsSecurityHeaderParser_h

#include "mozilla/LinkedList.h"
#include "nsCOMPtr.h"
#include "nsString.h"

// Utility class for handing back parsed directives and (optional) values
class nsSecurityHeaderDirective : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
public:
  nsCString mName;
  nsCString mValue;
};

// This class parses security-related HTTP headers like
// Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this
// header is reproduced below, for reference:
//
//   Strict-Transport-Security = "Strict-Transport-Security" ":"
//                               [ directive ]  *( ";" [ directive ] )
//
//   directive                 = directive-name [ "=" directive-value ]
//   directive-name            = token
//   directive-value           = token | quoted-string
//
//   where:
//
//   token          = <token, defined in [RFC2616], Section 2.2>
//   quoted-string  = <quoted-string, defined in [RFC2616], Section 2.2>/
//
// For further reference, see [RFC6797], Section 6.1

class nsSecurityHeaderParser {
public:
  // The input to this class must be null-terminated, and must have a lifetime
  // greater than or equal to the lifetime of the created nsSecurityHeaderParser.
  explicit nsSecurityHeaderParser(const nsCString& aHeader);
  ~nsSecurityHeaderParser();

  // Only call Parse once.
  nsresult Parse();
  // The caller does not take ownership of the memory returned here.
  mozilla::LinkedList<nsSecurityHeaderDirective> *GetDirectives();

private:
  bool Accept(char aChr);
  bool Accept(bool (*aClassifier) (signed char));
  void Expect(char aChr);
  void Advance();
  void Header();         // header = [ directive ] *( ";" [ directive ] )
  void Directive();      // directive = directive-name [ "=" directive-value ]
  void DirectiveName();  // directive-name = token
  void DirectiveValue(); // directive-value = token | quoted-string
  void Token();          // token = 1*<any CHAR except CTLs or separators>
  void QuotedString();   // quoted-string = (<"> *( qdtext | quoted-pair ) <">)
  void QuotedText();     // qdtext = <any TEXT except <"> and "\">
  void QuotedPair();     // quoted-pair = "\" CHAR

                         // LWS = [CRLF] 1*( SP | HT )
  void LWSMultiple();    // Handles *( LWS )
  void LWSCRLF();        // Handles the [CRLF] part of LWS
  void LWS();            // Handles the 1*( SP | HT ) part of LWS

  mozilla::LinkedList<nsSecurityHeaderDirective> mDirectives;
  const char *mCursor;
  nsSecurityHeaderDirective *mDirective;

  nsCString mOutput;
  bool mError;
};

#endif // nsSecurityHeaderParser_h