File: fetcher_config.cc

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (203 lines) | stat: -rw-r--r-- 6,128 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/supervised_user/core/browser/fetcher_config.h"

#include <memory>
#include <string>
#include <string_view>
#include <variant>
#include <vector>

#include "base/feature_list.h"
#include "base/notreached.h"
#include "base/strings/strcat.h"
#include "base/strings/string_split.h"
#include "base/strings/stringprintf.h"
#include "net/http/http_request_headers.h"
#include "net/traffic_annotation/network_traffic_annotation.h"

namespace supervised_user {

BASE_FEATURE(kSupervisedUserProtoFetcherConfig,
             "SupervisedUserProtoFetcherConfig",
             base::FEATURE_DISABLED_BY_DEFAULT);

namespace annotations {

net::NetworkTrafficAnnotationTag ClassifyUrlTag() {
  return net::DefineNetworkTrafficAnnotation("supervised_user_classify_url",
                                             R"(
semantics {
  sender: "Supervised Users"
  description:
    "Checks whether a given URL (or set of URLs) is considered safe by "
    "a Google Family Link web restrictions API."
  trigger:
    "If the parent enabled this feature for the child account, this is "
    "sent for every navigation."
  data:
    "An OAuth2 access token identifying and authenticating the "
    "Google account, and the URL to be checked."
  destination: GOOGLE_OWNED_SERVICE
  internal {
    contacts {
      email: "chrome-kids-eng@google.com"
    }
  }
  user_data {
    type: NONE
  }
  last_reviewed: "2023-05-15"
}
policy {
  cookies_allowed: NO
  setting:
    "This feature is only used in child accounts and cannot be "
    "disabled by settings. Parent accounts can disable it in the "
    "family dashboard."
  policy_exception_justification:
    "Enterprise admins don't have control over this feature "
    "because it can't be enabled on enterprise environments."
  })");
}

net::NetworkTrafficAnnotationTag ListFamilyMembersTag() {
  return net::DefineNetworkTrafficAnnotation(
      "supervised_user_list_family_members",
      R"(
semantics {
  sender: "Supervised Users"
  description:
    "Fetches information about the user's family group from the Google "
    "Family API."
  trigger:
    "Triggered in regular intervals to update profile information."
  data:
    "The request is authenticated with an OAuth2 access token "
    "identifying the Google account. No other information is sent."
  destination: GOOGLE_OWNED_SERVICE
  user_data {
    type: NONE
  }
  internal {
    contacts {
      email: "chrome-kids-eng@google.com"
    }
  }
  last_reviewed: "2023-05-02"
}
policy {
  cookies_allowed: NO
  setting:
    "This feature cannot be disabled in settings and is only enabled "
    "for child accounts. If sign-in is restricted to accounts from a "
    "managed domain, those accounts are not going to be child accounts."
  chrome_policy {
    RestrictSigninToPattern {
      policy_options {mode: MANDATORY}
      RestrictSigninToPattern: "*@manageddomain.com"
    }
  }
})");
}

net::NetworkTrafficAnnotationTag CreatePermissionRequestTag() {
  return net::DefineNetworkTrafficAnnotation(
      "supervised_user_request_blocked_site_permission",
      R"(
semantics {
  sender: "Supervised Users"
  description:
    "Requests permission for the user to access a blocked site."
  trigger:
    "Initiated by the user, through the Remote Approval option "
    " from the supervised user intersitial page."
  data:
    "The request is authenticated with an OAuth2 access token "
    "that identifies the Google account and contains the URL that "
    "the user requests access to."
  destination: GOOGLE_OWNED_SERVICE
  user_data {
    type: NONE
  }
  internal {
    contacts {
      email: "chrome-kids-eng@google.com"
    }
  }
  last_reviewed: "2023-06-06"
}
policy {
  cookies_allowed: NO
  setting:
    "This feature cannot be disabled in settings and is only enabled "
    "for child accounts. If sign-in is restricted to accounts from a "
    "managed domain, those accounts are not going to be child accounts."
  chrome_policy {
    RestrictSigninToPattern {
      policy_options {mode: MANDATORY}
      RestrictSigninToPattern: "*@manageddomain.com"
    }
  }
})");
}
}  // namespace annotations

std::string FetcherConfig::GetHttpMethod() const {
  switch (method) {
    case Method::kGet:
      return net::HttpRequestHeaders::kGetMethod;
    case Method::kPost:
      return net::HttpRequestHeaders::kPostMethod;
    default:
      NOTREACHED();
  }
}

std::string_view FetcherConfig::StaticServicePath() const {
  return std::get<std::string_view>(service_path);
}

std::string FetcherConfig::ServicePath(const PathArgs& args) const {
  const std::string_view* static_path =
      std::get_if<std::string_view>(&service_path);
  if (static_path != nullptr) {
    CHECK(args.empty()) << "Args are not empty but service_path type variant "
                           "is not FetcherConfig::PathTemplate.";
    return std::string(*static_path);
  }

  const PathTemplate path_template = std::get<PathTemplate>(service_path);
  CHECK(!path_template.value().empty()) << "Service path is required";

  // Implementation detail: Placeholders are not substituted, but used to split
  // template and put in between as many args as possible. Outstanding args are
  // concatenated at the end.
  std::vector<std::string_view> pieces = base::SplitStringPieceUsingSubstr(
      path_template.value(), "{}", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);

  std::vector<std::string_view> target;
  auto piece_it = pieces.begin();
  auto args_it = args.begin();

  for (; piece_it != pieces.end() || args_it != args.end();) {
    if (piece_it != pieces.end()) {
      target.push_back(*piece_it++);
    }
    if (args_it != args.end()) {
      target.push_back(*args_it++);
    }
  }

  return base::StrCat(target);
}

std::unique_ptr<net::BackoffEntry> FetcherConfig::BackoffEntry() const {
  if (!backoff_policy.has_value()) {
    return nullptr;
  }
  return std::make_unique<net::BackoffEntry>(&backoff_policy.value());
}
}  // namespace supervised_user