File: json_sanitizer_android.cc

package info (click to toggle)
chromium-browser 57.0.2987.98-1~deb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 2,637,852 kB
  • ctags: 2,544,394
  • sloc: cpp: 12,815,961; ansic: 3,676,222; python: 1,147,112; asm: 526,608; java: 523,212; xml: 286,794; perl: 92,654; sh: 86,408; objc: 73,271; makefile: 27,698; cs: 18,487; yacc: 13,031; tcl: 12,957; pascal: 4,875; ml: 4,716; lex: 3,904; sql: 3,862; ruby: 1,982; lisp: 1,508; php: 1,368; exp: 404; awk: 325; csh: 117; jsp: 39; sed: 37
file content (125 lines) | stat: -rw-r--r-- 4,421 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/safe_json/json_sanitizer.h"

#include "base/android/jni_string.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/location.h"
#include "base/macros.h"
#include "base/memory/weak_ptr.h"
#include "base/strings/string_util.h"
#include "base/threading/sequenced_task_runner_handle.h"
#include "jni/JsonSanitizer_jni.h"

using base::android::JavaParamRef;

namespace safe_json {

namespace {

// An implementation of JsonSanitizer that calls into Java. It deals with
// malformed input (in particular malformed Unicode encodings) in the following
// steps:
// 1. The input string is checked for whether it is well-formed UTF-8. Malformed
//    UTF-8 is rejected.
// 2. The UTF-8 string is converted in native code to a Java String, which is
//    encoded as UTF-16.
// 2. The Java String is parsed as JSON in the memory-safe environment of the
//    Java VM and any string literals are unescaped.
// 3. The string literals themselves are now untrusted, so they are checked in
//    Java for whether they are valid UTF-16.
// 4. The parsed JSON with sanitized literals is encoded back into a Java
//    String and passed back to native code.
// 5. The Java String is converted back to UTF-8 in native code.
// This ensures that both invalid UTF-8 and invalid escaped UTF-16 will be
// rejected.
class JsonSanitizerAndroid : public JsonSanitizer {
 public:
  JsonSanitizerAndroid(const StringCallback& success_callback,
                       const StringCallback& error_callback);
  ~JsonSanitizerAndroid() {}

  void Sanitize(const std::string& unsafe_json);

  void OnSuccess(const std::string& json);
  void OnError(const std::string& error);

 private:
  StringCallback success_callback_;
  StringCallback error_callback_;

  DISALLOW_COPY_AND_ASSIGN(JsonSanitizerAndroid);
};

JsonSanitizerAndroid::JsonSanitizerAndroid(
    const StringCallback& success_callback,
    const StringCallback& error_callback)
    : success_callback_(success_callback),
      error_callback_(error_callback) {}

void JsonSanitizerAndroid::Sanitize(const std::string& unsafe_json) {
  // The JSON parser only accepts wellformed UTF-8.
  if (!base::IsStringUTF8(unsafe_json)) {
    OnError("Unsupported encoding");
    return;
  }

  JNIEnv* env = base::android::AttachCurrentThread();
  base::android::ScopedJavaLocalRef<jstring> unsafe_json_java =
      base::android::ConvertUTF8ToJavaString(env, unsafe_json);

  // This will synchronously call either OnSuccess() or OnError().
  Java_JsonSanitizer_sanitize(env, reinterpret_cast<jlong>(this),
                              unsafe_json_java);
}

void JsonSanitizerAndroid::OnSuccess(const std::string& json) {
  base::SequencedTaskRunnerHandle::Get()->PostTask(
      FROM_HERE, base::Bind(success_callback_, json));
}

void JsonSanitizerAndroid::OnError(const std::string& error) {
  base::SequencedTaskRunnerHandle::Get()->PostTask(
      FROM_HERE, base::Bind(error_callback_, error));
}

}  // namespace

void OnSuccess(JNIEnv* env,
               const JavaParamRef<jclass>& clazz,
               jlong jsanitizer,
               const JavaParamRef<jstring>& json) {
  JsonSanitizerAndroid* sanitizer =
      reinterpret_cast<JsonSanitizerAndroid*>(jsanitizer);
  sanitizer->OnSuccess(base::android::ConvertJavaStringToUTF8(env, json));
}

void OnError(JNIEnv* env,
             const JavaParamRef<jclass>& clazz,
             jlong jsanitizer,
             const JavaParamRef<jstring>& error) {
  JsonSanitizerAndroid* sanitizer =
      reinterpret_cast<JsonSanitizerAndroid*>(jsanitizer);
  sanitizer->OnError(base::android::ConvertJavaStringToUTF8(env, error));
}

// static
void JsonSanitizer::Sanitize(const std::string& unsafe_json,
                             const StringCallback& success_callback,
                             const StringCallback& error_callback) {
  // JsonSanitizerAndroid does all its work synchronously, but posts any
  // callbacks to the current message loop. This means it can be destroyed at
  // the end of this method.
  JsonSanitizerAndroid sanitizer(success_callback, error_callback);
  sanitizer.Sanitize(unsafe_json);
}

// static
bool JsonSanitizer::Register(JNIEnv* env) {
  return RegisterNativesImpl(env);
}

}  // namespace safe_json