forked from CenterEdge/Positron
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request CenterEdge#6 from CenterEdge/resourcefiltering
Allow customization of resource filtering for security
- Loading branch information
Showing
9 changed files
with
190 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
|
||
namespace Positron.UI | ||
{ | ||
/// <summary> | ||
/// Base class for a resource request filter that filters based on scheme and host. | ||
/// </summary> | ||
public abstract class HostResourceRequestFilter : IResourceRequestFilter | ||
{ | ||
/// <summary> | ||
/// List of valid schemes, i.e. "http" and "https". | ||
/// </summary> | ||
public abstract HashSet<string> ValidSchemes { get; } | ||
|
||
/// <summary> | ||
/// List of valid hosts, i.e. "positron" or "google.com". | ||
/// </summary> | ||
public abstract HashSet<string> ValidHosts { get; } | ||
|
||
/// <inheritdoc cref="IResourceRequestFilter"/> | ||
public virtual Task<bool> CanLoadResourceAsync(ResourceRequestContext context) | ||
{ | ||
if (context == null) | ||
{ | ||
throw new ArgumentNullException(nameof(context)); | ||
} | ||
if (context.Url == null) | ||
{ | ||
throw new ArgumentException("ResourceRequestContext.Url may not be null.", nameof(context)); | ||
} | ||
if (!context.Url.IsAbsoluteUri) | ||
{ | ||
throw new ArgumentException("ResourceRequestContext.Url must be absolute.", nameof(context)); | ||
} | ||
|
||
var result = ValidSchemes.Contains(context.Url.Scheme) && ValidHosts.Contains(context.Url.Host); | ||
|
||
if (!result) | ||
{ | ||
OnResourceRejection(context); | ||
} | ||
|
||
return Task.FromResult(result); | ||
} | ||
|
||
/// <summary> | ||
/// Called when a resource is rejected to permit logging. | ||
/// </summary> | ||
/// <param name="context"><see cref="ResourceRequestContext"/> of the resource being rejected.</param> | ||
public virtual void OnResourceRejection(ResourceRequestContext context) | ||
{ | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
|
||
namespace Positron.UI | ||
{ | ||
/// <summary> | ||
/// Filter requests for resource load to provide application security | ||
/// </summary> | ||
public interface IResourceRequestFilter | ||
{ | ||
/// <summary> | ||
/// Evaluates a request and returns true if the resource may be safely loaded in Chromium. | ||
/// </summary> | ||
/// <param name="context"><see cref="ResourceRequestContext"/> to evaluate.</param> | ||
/// <returns>True if the resource may be safely loaded in Chromium.</returns> | ||
Task<bool> CanLoadResourceAsync(ResourceRequestContext context); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
src/Positron.UI/Internal/PositronOnlyResourceRequestFilter.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
using CefSharp; | ||
using Microsoft.Extensions.Logging; | ||
|
||
namespace Positron.UI.Internal | ||
{ | ||
internal class PositronOnlyResourceRequestFilter : HostResourceRequestFilter | ||
{ | ||
private readonly ILogger<PositronOnlyResourceRequestFilter> _logger; | ||
|
||
public override HashSet<string> ValidSchemes { get; } = new HashSet<string> {"http"}; | ||
public override HashSet<string> ValidHosts { get; } = new HashSet<string> {"positron"}; | ||
|
||
public PositronOnlyResourceRequestFilter(ILogger<PositronOnlyResourceRequestFilter> logger) | ||
{ | ||
_logger = logger; | ||
} | ||
|
||
public override void OnResourceRejection(ResourceRequestContext context) | ||
{ | ||
_logger.LogWarning(LoggerEventIds.ExternalResource, "Preventing load of external resource '{0}'", context.Url); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
|
||
namespace Positron.UI | ||
{ | ||
/// <summary> | ||
/// Information about a Chromium request before it is processed. | ||
/// </summary> | ||
public class ResourceRequestContext | ||
{ | ||
/// <summary> | ||
/// Request method, i.e. "GET" or "POST". | ||
/// </summary> | ||
public string Method { get; set; } | ||
|
||
/// <summary> | ||
/// <see cref="Uri"/> of the referrer, if any. | ||
/// </summary> | ||
public Uri Referrer { get; set; } | ||
|
||
/// <summary> | ||
/// <see cref="Uri"/> being requested. Should be an absolute Uri. | ||
/// </summary> | ||
public Uri Url { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters