[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: [messagelib] webengineviewer/src/checkphishingurl: Continue to implement safe browsing support
From: Montel Laurent <montel () kde ! org>
Date: 2016-11-30 20:20:02
Message-ID: E1cCBMI-0002OC-72 () code ! kde ! org
[Download RAW message or body]
Git commit 31eda8911e2f58cbec5a905bedd1f6d5bf757310 by Montel Laurent.
Committed on 30/11/2016 at 20:19.
Pushed by mlaurent into branch 'master'.
Continue to implement safe browsing support
M +3 -2 webengineviewer/src/checkphishingurl/autotests/localdatabasefiletest.cpp
M +24 -16 webengineviewer/src/checkphishingurl/localdatabasefile.cpp
M +61 -0 webengineviewer/src/checkphishingurl/urlhashing.cpp
M +2 -0 webengineviewer/src/checkphishingurl/urlhashing.h
https://commits.kde.org/messagelib/31eda8911e2f58cbec5a905bedd1f6d5bf757310
diff --git a/webengineviewer/src/checkphishingurl/autotests/localdatabasefiletest.cpp \
b/webengineviewer/src/checkphishingurl/autotests/localdatabasefiletest.cpp index \
a02ee59..aee882a 100644
--- a/webengineviewer/src/checkphishingurl/autotests/localdatabasefiletest.cpp
+++ b/webengineviewer/src/checkphishingurl/autotests/localdatabasefiletest.cpp
@@ -58,10 +58,11 @@ void LocalDataBaseFileTest::shouldCheckHashBinaryFile_data()
QTest::addColumn<QByteArray>("hash");
QTest::addColumn<QByteArray>("resultHash");
QTest::addColumn<bool>("found");
- QTest::newRow("nohash") << QByteArrayLiteral("foo") << QByteArray() << false;
+ QTest::newRow("nohash") << QByteArrayLiteral("foo") << QByteArrayLiteral("efgh") \
<< true;
QTest::newRow("foundhash") << QByteArrayLiteral("1111") << \
QByteArrayLiteral("1111") << true;
QTest::newRow("foundhash1") << QByteArrayLiteral("11111") << \
QByteArrayLiteral("1111") << true;
- QTest::newRow("foundhash2") << QByteArrayLiteral("HGsse") << \
QByteArrayLiteral("1111") << true; + QTest::newRow("foundhash2") << \
QByteArrayLiteral("HGsse") << QByteArrayLiteral("54321") << true; + \
QTest::newRow("foundhash3") << QByteArrayLiteral("1112") << QByteArrayLiteral("1111") \
<< true; }
void LocalDataBaseFileTest::shouldCheckHashBinaryFile()
diff --git a/webengineviewer/src/checkphishingurl/localdatabasefile.cpp \
b/webengineviewer/src/checkphishingurl/localdatabasefile.cpp index 064f328..154ec2f \
100644
--- a/webengineviewer/src/checkphishingurl/localdatabasefile.cpp
+++ b/webengineviewer/src/checkphishingurl/localdatabasefile.cpp
@@ -142,23 +142,31 @@ QByteArray LocalDataBaseFile::searchHash(const QByteArray \
&hashToSearch) const int numHash = getUint64(4);
int begin = 0;
int end = numHash - 1;
- //QByteArray previousValue;
- while (begin <= end) {
- const int medium = (begin + end) / 2;
- const int off = posListOffset + 8 * medium;
- const int hashOffset = getUint64(off);
- const char *hashCharStar = getCharStar(hashOffset);
- const int cmp = qstrcmp(hashCharStar, hashToSearch.constData());
- qCWarning(WEBENGINEVIEWER_LOG) << "search " << hashToSearch << " begin " << \
begin << " end " << end << " hashCharStar" <<hashCharStar;
- if (cmp < 0) {
- begin = medium + 1;
- } else if (cmp > 0) {
- end = medium - 1;
- } else {
- return QByteArray(hashCharStar);
- }
+ QByteArray previousValue;
+ if (end > 0) {
+ QByteArray currentValue;
+ do {
+ previousValue = currentValue;
+ const int medium = (begin + end) / 2;
+ const int off = posListOffset + 8 * medium;
+ const int hashOffset = getUint64(off);
+ const char *hashCharStar = getCharStar(hashOffset);
+ const int cmp = qstrcmp(hashCharStar, hashToSearch.constData());
+ currentValue = QByteArray(hashCharStar);
+ qCWarning(WEBENGINEVIEWER_LOG) << "search " << hashToSearch << " begin " \
<< begin << " end " << end << " hashCharStar" <<hashCharStar; + if (end == \
begin) { + return currentValue;
+ }
+ if (cmp < 0) {
+ begin = medium + 1;
+ } else if (cmp > 0) {
+ end = medium - 1;
+ } else {
+ return currentValue;
+ }
+ } while (begin <= end);
}
- return QByteArray();
+ return previousValue;
}
bool LocalDataBaseFile::shouldCheck() const
diff --git a/webengineviewer/src/checkphishingurl/urlhashing.cpp \
b/webengineviewer/src/checkphishingurl/urlhashing.cpp index e9bf7a4..8887b25 100644
--- a/webengineviewer/src/checkphishingurl/urlhashing.cpp
+++ b/webengineviewer/src/checkphishingurl/urlhashing.cpp
@@ -18,6 +18,7 @@
*/
#include "urlhashing.h"
+#include <QDebug>
using namespace WebEngineViewer;
@@ -37,9 +38,34 @@ QString UrlHashing::canonicalizeUrl()
if (mUrl.isEmpty()) {
return {};
}
+ QString path = mUrl.path();
if (mUrl.path().isEmpty()) {
mUrl.setPath(QStringLiteral("/"));
+ } else {
+ // First, remove tab (0x09), CR (0x0d), and LF (0x0a) characters from the \
URL. Do not remove escape sequences for these characters (e.g. '%0a'). + \
path.remove(QLatin1Char('\t')); + path.remove(QLatin1Char('\r'));
+ path.remove(QLatin1Char('\n'));
+ mUrl.setPath(path);
}
+ // Remove all leading and trailing dots.
+#if 0
+ QString hostname = mUrl.host();
+ qDebug() << " hostname" << hostname;
+ while(!hostname.isEmpty() && hostname.at(0) == QLatin1Char('.')) {
+ hostname.remove(0, 1);
+ }
+ qDebug() << "111111 hostname" << hostname;
+ for (int i = hostname.length(); i >= 0; --i) {
+ if (hostname.at(i) == QLatin1Char('.')) {
+ hostname.remove(i);
+ } else {
+ break;
+ }
+ }
+ qDebug() << "2222222 hostname" << hostname;
+ mUrl.setHost(hostname);
+#endif
mUrl.setPort(-1);
return QString::fromLatin1(mUrl.toEncoded(QUrl::RemoveFragment|QUrl::NormalizePathSegments|QUrl::EncodeUnicode));
@@ -54,3 +80,38 @@ QStringList UrlHashing::generateHostsToCheck()
{
return {};
}
+
+QByteArray UrlHashing::hashComputation()
+{
+#if 0
+ Unit Test (in pseudo-C)
+
+ // Example B1 from FIPS-180-2
+ string input1 = "abc";
+ string output1 = TruncatedSha256Prefix(input1, 32);
+ int expected1[] = { 0xba, 0x78, 0x16, 0xbf };
+ assert(output1.size() == 4); // 4 bytes == 32 bits
+ for (int i = 0; i < output1.size(); i++) assert(output1[i] == expected1[i]);
+
+ // Example B2 from FIPS-180-2
+ string input2 = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+ string output2 = TruncatedSha256Prefix(input2, 48);
+ int expected2[] = { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06 };
+ assert(output2.size() == 6);
+ for (int i = 0; i < output2.size(); i++) assert(output2[i] == expected2[i]);
+
+ // Example B3 from FIPS-180-2
+ string input3(1000000, 'a'); // 'a' repeated a million times
+ string output3 = TruncatedSha256Prefix(input3, 96);
+ int expected3[] = { 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92,
+ 0x81, 0xa1, 0xc7, 0xe2 };
+ assert(output3.size() == 12);
+ for (int i = 0; i < output3.size(); i++) assert(output3[i] == expected3[i]);
+#endif
+ return {};
+}
+
+QByteArray UrlHashing::hashPrefixComputation()
+{
+ return {};
+}
diff --git a/webengineviewer/src/checkphishingurl/urlhashing.h \
b/webengineviewer/src/checkphishingurl/urlhashing.h index 607fc35..3ad7e4c 100644
--- a/webengineviewer/src/checkphishingurl/urlhashing.h
+++ b/webengineviewer/src/checkphishingurl/urlhashing.h
@@ -36,6 +36,8 @@ public:
QStringList generatePathsToCheck();
QStringList generateHostsToCheck();
+ QByteArray hashComputation();
+ QByteArray hashPrefixComputation();
private:
QUrl mUrl;
};
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic