Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ package org.apache.shindig.gadgets.parse.caja; import org.apache.commons.lang.StringUtils; import org.apache.shindig.common.uri.Uri; import org.apache.shindig.gadgets.GadgetContext; import org.apache.shindig.gadgets.GadgetException; import org.apache.shindig.gadgets.rewrite.DomWalker; import org.apache.shindig.gadgets.uri.ProxyUriManager; import com.google.caja.lang.css.CssSchema; import com.google.caja.parser.AbstractParseTreeNode; import com.google.caja.parser.AncestorChain; import com.google.caja.parser.Visitor; import com.google.caja.parser.css.CssTree; import com.google.caja.reporting.SimpleMessageQueue; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; import org.w3c.dom.Element; import java.util.List; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; /** * Sanitize a CSS tree using Caja. Strip properties and functions that represent * ways to execute script. Specifically * * - Use Caja's CSS property whitelist * - Use Caja's CSS function whitelist * - Force @import through the proxy and require sanitization. If they cant be parsed, remove them * - Force @url references to have the HTTP/HTTPS protocol */ public class CajaCssSanitizer { private static final Logger LOG = Logger.getLogger(CajaCssSanitizer.class.getName()); private static final Set<String> ALLOWED_URI_SCHEMES = ImmutableSet.of("http", "https"); private final CajaCssParser parser; private final CssSchema schema; @Inject public CajaCssSanitizer(CajaCssParser parser) { this.parser = parser; schema = CssSchema.getDefaultCss21Schema(new SimpleMessageQueue()); } /** * Sanitize the CSS content of a style tag. * @param content to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy * @return Sanitized css. */ public String sanitize(String content, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { try { CssTree.StyleSheet stylesheet = parser.parseDom(content, linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element return parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); return ""; } } /** * Sanitize the CSS content of a style tag. * @param styleElem to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy */ public void sanitize(Element styleElem, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { String content = null; try { CssTree.StyleSheet stylesheet = parser.parseDom(styleElem.getTextContent(), linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element content = parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); } if (StringUtils.isEmpty(content)) { // Remove the owning node styleElem.getParentNode().removeChild(styleElem); } else { styleElem.setTextContent(content); } } /** * Sanitize the given CSS tree in-place by removing all non-whitelisted function calls * @param css DOM root * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite links to sanitizing proxy * @param imageRewriter to rewrite links to the sanitizing proxy */ public void sanitize(CssTree css, final Uri linkContext, final GadgetContext gadgetContext, final ProxyUriManager importRewriter, final ProxyUriManager imageRewriter) { css.acceptPreOrder(new Visitor() { public boolean visit(AncestorChain<?> ancestorChain) { if (ancestorChain.node instanceof CssTree.Property) { if (!schema.isPropertyAllowed(((CssTree.Property) ancestorChain.node).getPropertyName())) { // Remove offending property if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Removing property " + ((CssTree.Property) ancestorChain.node).getPropertyName()); } clean(ancestorChain); } } else if (ancestorChain.node instanceof CssTree.FunctionCall) { if (!schema.isFunctionAllowed(((CssTree.FunctionCall) ancestorChain.node).getName())) { // Remove offending node if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Removing function " + ((CssTree.FunctionCall) ancestorChain.node).getName()); } clean(ancestorChain); } } else if (ancestorChain.node instanceof CssTree.UriLiteral && !(ancestorChain.getParentNode() instanceof CssTree.Import)) { String uri = ((CssTree.UriLiteral) ancestorChain.node).getValue(); if (isValidUri(uri)) { // Assume the URI is for an image. Rewrite it using the image link rewriter ((CssTree.UriLiteral) ancestorChain.node) .setValue(rewriteUri(imageRewriter, uri, linkContext, gadgetContext)); } else { // Remove offending node if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Removing invalid URI " + uri); } clean(ancestorChain); } } else if (ancestorChain.node instanceof CssTree.Import) { CssTree.Import importDecl = (CssTree.Import) ancestorChain.node; String uri = importDecl.getUri().getValue(); if (isValidUri(uri)) { importDecl.getUri().setValue(rewriteUri(importRewriter, uri, linkContext, gadgetContext)); } else { if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Removing invalid URI " + uri); } clean(ancestorChain); } } return true; } }, null); } private static String rewriteUri(ProxyUriManager proxyUriManager, String input, final Uri context, GadgetContext gadgetContext) { Uri inboundUri = null; try { inboundUri = Uri.parse(input); } catch (IllegalArgumentException e) { // Don't rewrite at all. return input; } if (context != null) { inboundUri = context.resolve(inboundUri); } List<ProxyUriManager.ProxyUri> uris = ImmutableList .of(new ProxyUriManager.ProxyUri(DomWalker.makeGadget(new GadgetContext(gadgetContext) { @Override public Uri getUrl() { return context; } }), inboundUri)); List<Uri> rewritten = proxyUriManager.make(uris, null); return rewritten.get(0).toString(); } private boolean isValidUri(String uri) { try { String scheme = Uri.parse(uri).getScheme(); return StringUtils.isEmpty(scheme) || ALLOWED_URI_SCHEMES.contains(scheme.toLowerCase()); } catch (RuntimeException re) { if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Failed to parse URI in CSS " + uri, re); } } return false; } /** * recurse up through chain to find a safe clean point * @param chain chain of nodes */ private static void clean(AncestorChain<?> chain) { if (chain.node instanceof CssTree.Declaration || chain.node instanceof CssTree.Import) { if (chain.getParentNode() instanceof CssTree.UserAgentHack) { clean(chain.parent); } else { // Remove the entire subtree ((AbstractParseTreeNode) chain.getParentNode()).removeChild(chain.node); } } else { clean(chain.parent); } } }