[epiphany/mcatanzaro/#1612: 2/14] Add secure output encoding functions




commit 31768a0e73f183cc29c1837f158d41b423d3ffef
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Tue Dec 14 16:41:00 2021 -0600

    Add secure output encoding functions
    
    If we fail to use these when required, malicious web content could XSS
    Epiphany's internal pages.
    
    (As you might guess, the fact that these functions don't exist already
    indicates that is currently possible in various places.)
    
    Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045>

 lib/ephy-output-encoding.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++
 lib/ephy-output-encoding.h | 38 ++++++++++++++++++++++++
 lib/meson.build            |  1 +
 3 files changed, 113 insertions(+)
---
diff --git a/lib/ephy-output-encoding.c b/lib/ephy-output-encoding.c
new file mode 100644
index 000000000..7256059ed
--- /dev/null
+++ b/lib/ephy-output-encoding.c
@@ -0,0 +1,74 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ *  Copyright © Red Hat Inc.
+ *
+ *  This file is part of Epiphany.
+ *
+ *  Epiphany is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Epiphany is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Epiphany.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "config.h"
+#include "ephy-output-encoding.h"
+
+#include <glib.h>
+
+char *
+ephy_encode_for_html_entity (const char *input)
+{
+  GString *str = g_string_new (input);
+
+  g_string_replace (str, "&", "&amp;", 0);
+  g_string_replace (str, "<", "&lt;", 0);
+  g_string_replace (str, ">", "&gt;", 0);
+  g_string_replace (str, "\"", "&quot;", 0);
+  g_string_replace (str, "'", "&#x27;", 0);
+  g_string_replace (str, "/", "&#x2F;", 0);
+
+  return g_string_free (str, FALSE);
+}
+
+static char *
+encode_all_except_alnum (const char *input,
+                         const char *format)
+{
+  GString *str;
+  const char *c = input;
+
+  if (!g_utf8_validate (input, -1, NULL))
+    return g_strdup ("");
+
+  str = g_string_new (NULL);
+  do {
+    gunichar u = g_utf8_get_char (c);
+    if (g_unichar_isalnum (u))
+      g_string_append_unichar (str, u);
+    else
+      g_string_append_printf (str, format, u);
+    c = g_utf8_next_char (c);
+  } while (*c);
+
+  return g_string_free (str, FALSE);
+}
+
+char *
+ephy_encode_for_html_attribute (const char *input)
+{
+  return encode_all_except_alnum (input, "&#x%02x;");
+}
+
+char *
+ephy_encode_for_javascript (const char *input)
+{
+  return encode_all_except_alnum (input, "\\u%04u;");
+}
diff --git a/lib/ephy-output-encoding.h b/lib/ephy-output-encoding.h
new file mode 100644
index 000000000..7ff6a33bd
--- /dev/null
+++ b/lib/ephy-output-encoding.h
@@ -0,0 +1,38 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ *  Copyright © 2021 Red Hat Inc.
+ *
+ *  This file is part of Epiphany.
+ *
+ *  Epiphany is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Epiphany is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Epiphany.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <glib.h>
+
+G_BEGIN_DECLS
+
+/* These functions implement the OWASP XSS prevention output encoding rules:
+ * 
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary
+ *
+ * You must *carefully* read that document to safely inject untrusted data into
+ * web content. Here be dragons.
+ */
+
+char *ephy_encode_for_html_entity    (const char *input);
+char *ephy_encode_for_html_attribute (const char *input);
+char *ephy_encode_for_javascript     (const char *input);
+
+G_END_DECLS
diff --git a/lib/meson.build b/lib/meson.build
index 894589a1a..264f9c5fb 100644
--- a/lib/meson.build
+++ b/lib/meson.build
@@ -20,6 +20,7 @@ libephymisc_sources = [
   'ephy-langs.c',
   'ephy-notification.c',
   'ephy-notification-container.c',
+  'ephy-output-encoding.c',
   'ephy-permissions-manager.c',
   'ephy-profile-utils.c',
   'ephy-search-engine-manager.c',


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]