Introduce IPAddressSpace utility library.

Part of the library is unused for now. It will come in handy for CORS-RFC1918. Bug: 986744 Change-Id: Ic5081003d3df470104f1e115da9dbe358a271e90 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2260422 Commit-Queue: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Cr-Commit-Position: refs/heads/master@{#786223}

Introduce IPAddressSpace utility library.
Part of the library is unused for now. It will come in handy for CORS-RFC1918. Bug: 986744 Change-Id: Ic5081003d3df470104f1e115da9dbe358a271e90 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2260422 Commit-Queue: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Cr-Commit-Position: refs/heads/master@{#786223}
acd073d1 · Titouan Rigoudy · Commit Bot · e1b870a7 · acd073d1 · acd073d1
Commit acd073d1 authored Jul 08, 2020 by Titouan Rigoudy Committed by Commit Bot Jul 08, 2020
5 changed files
--- a/content/browser/frame_host/navigation_request.cc
+++ b/content/browser/frame_host/navigation_request.cc
@@ -103,6 +103,7 @@
 #include "services/network/public/cpp/content_security_policy/content_security_policy.h"
 #include "services/network/public/cpp/cross_origin_resource_policy.h"
 #include "services/network/public/cpp/features.h"
+#include "services/network/public/cpp/ip_address_space_util.h"
 #include "services/network/public/cpp/is_potentially_trustworthy.h"
 #include "services/network/public/cpp/resource_request_body.h"
 #include "services/network/public/cpp/url_loader_completion_status.h"
@@ -574,16 +575,7 @@ network::mojom::IPAddressSpace CalculateIPAddressSpace(
    return network::mojom::IPAddressSpace::kPublic;

  // Otherwise, calculate the address space via the provided IP address.
-  if (!ip.IsValid())
-    return network::mojom::IPAddressSpace::kUnknown;
-
-  if (ip.IsLoopback())
-    return network::mojom::IPAddressSpace::kLocal;
-
-  if (!ip.IsPubliclyRoutable())
-    return network::mojom::IPAddressSpace::kPrivate;
-
-  return network::mojom::IPAddressSpace::kPublic;
+  return network::IPAddressToIPAddressSpace(ip);
 }

 // Convert the navigation type to the appropriate cross-document one.

--- a/services/network/public/cpp/BUILD.gn
+++ b/services/network/public/cpp/BUILD.gn
@@ -59,6 +59,8 @@ jumbo_component("cpp") {
    "header_util.h",
    "initiator_lock_compatibility.cc",
    "initiator_lock_compatibility.h",
+    "ip_address_space_util.cc",
+    "ip_address_space_util.h",
    "is_potentially_trustworthy.cc",
    "is_potentially_trustworthy.h",
    "load_info_util.cc",
@@ -290,6 +292,7 @@ source_set("tests") {
    "host_resolver_mojom_traits_unittest.cc",
    "initiator_lock_compatibility_unittest.cc",
    "ip_address_mojom_traits_unittest.cc",
+    "ip_address_space_util_unittest.cc",
    "is_potentially_trustworthy_unittest.cc",
    "isolation_info_mojom_traits_unittest.cc",
    "mutable_network_traffic_annotation_tag_mojom_traits_unittest.cc",

--- a/services/network/public/cpp/ip_address_space_util.cc
+++ b/services/network/public/cpp/ip_address_space_util.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "services/network/public/cpp/ip_address_space_util.h"
+
+#include "net/base/ip_address.h"
+
+namespace network {
+
+using mojom::IPAddressSpace;
+
+IPAddressSpace IPAddressToIPAddressSpace(const net::IPAddress& address) {
+  if (!address.IsValid()) {
+    return IPAddressSpace::kUnknown;
+  }
+
+  if (address.IsLoopback()) {
+    return IPAddressSpace::kLocal;
+  }
+
+  if (!address.IsPubliclyRoutable()) {
+    return IPAddressSpace::kPrivate;
+  }
+
+  return IPAddressSpace::kPublic;
+}
+
+// For comparison purposes, we treat kUnknown the same as kPublic.
+IPAddressSpace CollapseUnknown(IPAddressSpace space) {
+  if (space == IPAddressSpace::kUnknown) {
+    return IPAddressSpace::kPublic;
+  }
+  return space;
+}
+
+bool IsLessPublicAddressSpace(IPAddressSpace lhs, IPAddressSpace rhs) {
+  // Apart from the special case for kUnknown, the built-in comparison operator
+  // works just fine. The comment on IPAddressSpace's definition notes that the
+  // enum values' ordering matters.
+  return CollapseUnknown(lhs) < CollapseUnknown(rhs);
+}
+
+}  // namespace network
--- a/services/network/public/cpp/ip_address_space_util.h
+++ b/services/network/public/cpp/ip_address_space_util.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_NETWORK_PUBLIC_CPP_IP_ADDRESS_SPACE_UTIL_H_
+#define SERVICES_NETWORK_PUBLIC_CPP_IP_ADDRESS_SPACE_UTIL_H_
+
+#include "services/network/public/mojom/ip_address_space.mojom.h"
+
+namespace net {
+
+class IPAddress;
+
+}  // namespace net
+
+namespace network {
+
+// Returns the IPAddressSpace from an IPAddress.
+//
+// This can be used as-is for subresource requests. For documents, also take
+// into account the 'treat-as-public-address' CSP directive.
+mojom::IPAddressSpace COMPONENT_EXPORT(NETWORK_CPP)
+    IPAddressToIPAddressSpace(const net::IPAddress& address);
+
+// Returns whether |lhs| is less public than |rhs|.
+//
+// This comparator is compatible with std::less.
+//
+// Address spaces go from most public to least public in the following order:
+//
+//  - public and unknown
+//  - private
+//  - local
+//
+bool COMPONENT_EXPORT(NETWORK_CPP)
+    IsLessPublicAddressSpace(mojom::IPAddressSpace lhs,
+                             mojom::IPAddressSpace rhs);
+
+}  // namespace network
+
+#endif  // SERVICES_NETWORK_PUBLIC_CPP_IP_ADDRESS_SPACE_UTIL_H_
--- a/services/network/public/cpp/ip_address_space_util_unittest.cc
+++ b/services/network/public/cpp/ip_address_space_util_unittest.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "services/network/public/cpp/ip_address_space_util.h"
+
+#include "net/base/ip_address.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace network {
+namespace {
+
+using mojom::IPAddressSpace;
+using net::IPAddress;
+using net::IPAddressBytes;
+
+TEST(IPAddressSpaceTest, IPAddressToIPAddressSpacev4) {
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress()), IPAddressSpace::kUnknown);
+
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(64, 233, 160, 0)),
+            IPAddressSpace::kPublic);
+
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(192, 168, 1, 1)),
+            IPAddressSpace::kPrivate);
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(10, 1, 1, 1)),
+            IPAddressSpace::kPrivate);
+
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(127, 0, 0, 1)),
+            IPAddressSpace::kLocal);
+}
+
+IPAddressBytes IPv6BytesWithPrefix(uint8_t prefix) {
+  IPAddressBytes bytes;
+  bytes.Resize(IPAddress::kIPv6AddressSize);
+  bytes.data()[0] = prefix;
+  return bytes;
+}
+
+TEST(IPAddressSpaceTest, IPAddressToAddressSpacev6) {
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(IPv6BytesWithPrefix(42))),
+            IPAddressSpace::kPublic);
+
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress(IPv6BytesWithPrefix(0xfd))),
+            IPAddressSpace::kPrivate);
+
+  EXPECT_EQ(IPAddressToIPAddressSpace(IPAddress::IPv6Localhost()),
+            IPAddressSpace::kLocal);
+}
+
+TEST(IPAddressSpaceTest, IsLessPublicAddressSpaceThanLocal) {
+  EXPECT_FALSE(
+      IsLessPublicAddressSpace(IPAddressSpace::kLocal, IPAddressSpace::kLocal));
+
+  EXPECT_TRUE(IsLessPublicAddressSpace(IPAddressSpace::kLocal,
+                                       IPAddressSpace::kPrivate));
+  EXPECT_TRUE(IsLessPublicAddressSpace(IPAddressSpace::kLocal,
+                                       IPAddressSpace::kPublic));
+  EXPECT_TRUE(IsLessPublicAddressSpace(IPAddressSpace::kLocal,
+                                       IPAddressSpace::kUnknown));
+}
+
+TEST(IPAddressSpaceTest, IsLessPublicAddressSpaceThanPrivate) {
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPrivate,
+                                        IPAddressSpace::kLocal));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPrivate,
+                                        IPAddressSpace::kPrivate));
+
+  EXPECT_TRUE(IsLessPublicAddressSpace(IPAddressSpace::kPrivate,
+                                       IPAddressSpace::kPublic));
+  EXPECT_TRUE(IsLessPublicAddressSpace(IPAddressSpace::kPrivate,
+                                       IPAddressSpace::kUnknown));
+}
+
+TEST(IPAddressSpaceTest, IsLessPublicAddressSpaceThanPublic) {
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPublic,
+                                        IPAddressSpace::kLocal));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPublic,
+                                        IPAddressSpace::kPrivate));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPublic,
+                                        IPAddressSpace::kPublic));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kPublic,
+                                        IPAddressSpace::kUnknown));
+}
+
+TEST(IPAddressSpaceTest, IsLessPublicAddressSpaceThanUnknown) {
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kUnknown,
+                                        IPAddressSpace::kLocal));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kUnknown,
+                                        IPAddressSpace::kPrivate));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kUnknown,
+                                        IPAddressSpace::kPublic));
+  EXPECT_FALSE(IsLessPublicAddressSpace(IPAddressSpace::kUnknown,
+                                        IPAddressSpace::kUnknown));
+}
+
+}  // namespace
+}  // namespace network