1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_POLICY_CORE_COMMON_SCHEMA_H_
#define COMPONENTS_POLICY_CORE_COMMON_SCHEMA_H_
#include <optional>
#include <string>
#include <variant>
#include <vector>
#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/types/expected.h"
#include "base/values.h"
#include "components/policy/policy_export.h"
namespace policy {
namespace internal {
struct POLICY_EXPORT SchemaData;
struct POLICY_EXPORT SchemaNode;
struct POLICY_EXPORT PropertyNode;
struct POLICY_EXPORT PropertiesNode;
} // namespace internal
// The error path, which leads to an error occurred. Members of the
// error path can either be ints in case of list items or strings in case of
// dictionary keys.
using PolicyErrorPath = std::vector<std::variant<int, std::string>>;
// Returns a formatted string for a given error path |error_path|, consisting
// of list indices and dict keys.
// For example, ErrorPathToString("TestPolicy", {4, "testField"}) will be
// encoded as "TestPolicy[4].testField"
POLICY_EXPORT std::string ErrorPathToString(const std::string& policy_name,
PolicyErrorPath error_path);
// Option flags passed to Schema::Validate() and Schema::Normalize(), describing
// the strategy to handle unknown properties or invalid values for dict type.
// Note that in Schema::Normalize() allowed errors will be dropped and thus
// ignored.
// Unknown error indicates that some value in a dictionary (may or may not be
// the one in root) have unknown property name according to schema.
// Invalid error indicates a validation failure against the schema. As
// validation is done recursively, a validation failure of dict properties or
// list items might be ignored (or dropped in Normalize()) or trigger whole
// dictionary/list validation failure.
enum SchemaOnErrorStrategy {
// No errors will be allowed. This should not be used for policies, since it
// basically prevents future changes to the policy (Server sends newField, but
// clients running older versions of Chrome reject the policy because they
// don't know newField). Prefer to use |SCHEMA_ALLOW_UNKNOWN| or
// |SCHEMA_ALLOW_UNKOWN_AND_INVALID_LIST_ENTRY| for policies
// instead.
SCHEMA_STRICT = 0,
// Unknown properties in any dictionary will be ignored.
SCHEMA_ALLOW_UNKNOWN,
// In addition to the previous, invalid list entries will be ignored for all
// lists in the schema. Should only be used in cases where dropping list items
// is safe. For example, can't be used if an empty list has a special meaning,
// like allowing everything.
SCHEMA_ALLOW_UNKNOWN_AND_INVALID_LIST_ENTRY,
// Same as |SCHEMA_ALLOW_UNKNOWN|, but unknown properties won't cause errors
// messages to be added. Used to allow adding extra fields to the policy
// internally, without adding those fields to the schema. This option should
// be avoided, since it suppresses the errors.
SCHEMA_ALLOW_UNKNOWN_WITHOUT_WARNING,
};
// Schema validation options for Schema::ParseToDictAndValidate().
constexpr int kSchemaOptionsNone = 0;
constexpr int kSchemaOptionsIgnoreUnknownAttributes = 1 << 0;
// String used to hide sensitive policy values.
// It should be consistent with the mask |NetworkConfigurationPolicyHandler|
// uses for network credential fields.
extern const char kSensitiveValueMask[];
class Schema;
typedef std::vector<Schema> SchemaList;
// Describes the expected type of one policy. Also recursively describes the
// types of inner elements, for structured types.
// Objects of this class refer to external, immutable data and are cheap to
// copy.
//
// See components/policy/core/common/json_schema_constants.h for a list of
// supported features and data types. Only these features and data-types are
// supported and enforced. For the full schema proposal see
// https://json-schema.org/understanding-json-schema/index.html.
//
// There are also these departures from the proposal:
// - "additionalProperties": false is not supported. The value of
// "additionalProperties" has to be a schema if present. Otherwise, the
// behavior for unknown attributes is controlled by |SchemaOnErrorStrategy|.
// - "sensitiveValue" (bool) marks a value to be sensitive. This is used to
// mask those values in the UI by calling |MaskSensitiveValues()|.
class POLICY_EXPORT Schema {
public:
// Used internally to store shared data.
class InternalStorage;
// Builds an empty, invalid schema.
Schema();
// Makes a copy of |schema| that shares the same internal storage.
Schema(const Schema& schema);
~Schema();
Schema& operator=(const Schema& schema);
// Returns a Schema that references static data. This can be used by
// the embedder to pass structures generated at compile time, which can then
// be quickly loaded at runtime.
static Schema Wrap(const internal::SchemaData* data);
// Parses a JSON schema. If the input `content` represents a valid schema,
// returns a Schema. Otherwise, returns an error message containing a reason
// for the failure.
static base::expected<Schema, std::string> Parse(const std::string& content);
// Verifies if |schema| is a valid JSON v3 schema. When this validation passes
// then |schema| is valid JSON that can be parsed into a Value::Dict which can
// be used to build a |Schema|. Returns the parsed Value::Dict when |schema|
// validated, otherwise returns an error description. For performance reasons,
// currently IsValidSchema() won't check the correctness of regular
// expressions used in "pattern" and "patternProperties" and in Validate()
// invalid regular expression don't accept any strings. |options| is a
// bitwise-OR combination of the options above (see |kSchemaOptions*| above).
static base::expected<base::Value::Dict, std::string> ParseToDictAndValidate(
const std::string& schema,
int options);
// Returns true if this Schema is valid. Schemas returned by the methods below
// may be invalid, and in those cases the other methods must not be used.
bool valid() const { return !!node_; }
base::Value::Type type() const;
// Validate |value| against current schema, |strategy| is the strategy to
// handle unknown properties or invalid values. Allowed errors will be
// ignored. |out_error_path| and |out_error| will contain the last error
// location and detailed message if |value| doesn't strictly conform to the
// schema. If |value| doesn't conform to the schema even within the allowance
// of |strategy|, false will be returned and |out_error_path| and |out_error|
// will contain the corresponding error that caused the failure.
// |out_error_path| and |out_error| can be nullptr and in that case no value
// will be returned.
bool Validate(const base::Value& value,
SchemaOnErrorStrategy strategy,
PolicyErrorPath* out_error_path,
std::string* out_error) const;
// Similar to Validate() but drop values with errors instead of ignoring them.
// |out_changed| is a pointer to a boolean value, and indicate whether |value|
// is changed or not (probably dropped properties or items). Be sure to set
// the bool that |out_changed| pointed to false before calling Normalize().
// |out_error_path|, |out_error| and |out_changed| can be nullptr and in that
// case no value will be set. This function will also take the ownership of
// dropped base::Value and destroy them.
bool Normalize(base::Value* value,
SchemaOnErrorStrategy strategy,
PolicyErrorPath* out_error_path,
std::string* out_error,
bool* out_changed) const;
// Modifies |value| in place - masks values that have been marked as sensitive
// ("sensitiveValue": true) in this Schema. Note that |value| may not be
// schema-valid according to this Schema after this function returns - the
// masking is performed by replacing values with string values, so the value
// types may not correspond to this Schema anymore.
void MaskSensitiveValues(base::Value* value) const;
// Used to iterate over the known properties of Type::DICT schemas.
class POLICY_EXPORT Iterator {
public:
Iterator(const scoped_refptr<const InternalStorage>& storage,
const internal::PropertiesNode* node);
Iterator(const Iterator& iterator);
~Iterator();
Iterator& operator=(const Iterator& iterator);
// The other methods must not be called if the iterator is at the end.
bool IsAtEnd() const;
// Advances the iterator to the next property.
void Advance();
// Returns the name of the current property.
const char* key() const;
// Returns the Schema for the current property. This Schema is always valid.
Schema schema() const;
private:
scoped_refptr<const InternalStorage> storage_;
raw_ptr<const internal::PropertyNode, AllowPtrArithmetic> it_;
raw_ptr<const internal::PropertyNode, AllowPtrArithmetic> end_;
};
// These methods should be called only if type() == Type::DICT,
// otherwise invalid memory will be read. A CHECK is currently enforcing this.
// Returns an iterator that goes over the named properties of this schema.
// The returned iterator is at the beginning.
Iterator GetPropertiesIterator() const;
// Returns the Schema for the property named |key|. If |key| is not a known
// property name then the returned Schema is not valid.
Schema GetKnownProperty(const std::string& key) const;
// Returns all Schemas from pattern properties that match |key|. May be empty.
SchemaList GetPatternProperties(const std::string& key) const;
// Returns this Schema's required properties. May be empty if the Schema has
// no required properties.
std::vector<std::string> GetRequiredProperties() const;
// Returns the Schema for additional properties. If additional properties are
// not allowed for this Schema then the Schema returned is not valid.
Schema GetAdditionalProperties() const;
// Returns the Schema for |key| if it is a known property, otherwise returns
// the Schema for additional properties.
// DEPRECATED: This function didn't consider patternProperties, use
// GetMatchingProperties() instead.
// TODO(binjin): Replace calls to this function with GetKnownProperty() or
// GetMatchingProperties() and remove this later.
Schema GetProperty(const std::string& key) const;
// Returns all Schemas that are supposed to be validated against for |key|.
// May be empty.
SchemaList GetMatchingProperties(const std::string& key) const;
// Returns the Schema for items of an array.
// This method should be called only if type() == Type::LIST,
// otherwise invalid memory will be read. A CHECK is currently enforcing this.
Schema GetItems() const;
// Gets the validation schema associated with this |schema| - or if there
// isn't one, returns an empty invalid schema. There are a few policies that
// contain embedded JSON - these policies have a schema for validating that
// JSON that is more complicated than the regular schema. For other policies
// it is not defined. To get the validation schema for a policy, call
// |chrome_schema.GetValidationSchema().GetKnownProperty(policy_name)|, where
// |chrome_schema| is the root schema that has all policies as children.
Schema GetValidationSchema() const;
// If this returns true, the value described by this schema should not be
// displayed on the UI.
bool IsSensitiveValue() const;
// If this returns true, the schema contains child elements that contain
// sensitive values.
bool HasSensitiveChildren() const;
private:
// Builds a schema pointing to the inner structure of |storage|,
// rooted at |node|.
Schema(const scoped_refptr<const InternalStorage>& storage,
const internal::SchemaNode* node);
bool ValidateIntegerRestriction(int index, int value) const;
bool ValidateStringRestriction(int index, const char* str) const;
void MaskSensitiveValuesRecursive(base::Value* value) const;
scoped_refptr<const InternalStorage> storage_;
raw_ptr<const internal::SchemaNode, DanglingUntriaged | AllowPtrArithmetic>
node_;
};
} // namespace policy
#endif // COMPONENTS_POLICY_CORE_COMMON_SCHEMA_H_
|
