220 lines
6.9 KiB
C#
220 lines
6.9 KiB
C#
/*
|
|
* Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
using System;
|
|
using System.IO;
|
|
using System.Net;
|
|
using System.Text.RegularExpressions;
|
|
using CefSharp;
|
|
using SafeExamBrowser.Browser.Contracts.Filters;
|
|
using SafeExamBrowser.Browser.Events;
|
|
using SafeExamBrowser.Configuration.Contracts;
|
|
using SafeExamBrowser.Logging.Contracts;
|
|
using SafeExamBrowser.Settings.Browser;
|
|
using SafeExamBrowser.Settings.Browser.Filter;
|
|
using BrowserSettings = SafeExamBrowser.Settings.Browser.BrowserSettings;
|
|
using Request = SafeExamBrowser.Browser.Contracts.Filters.Request;
|
|
|
|
namespace SafeExamBrowser.Browser.Handlers
|
|
{
|
|
internal class RequestHandler : CefSharp.Handler.RequestHandler
|
|
{
|
|
private readonly AppConfig appConfig;
|
|
private readonly IRequestFilter filter;
|
|
private readonly ILogger logger;
|
|
private readonly ResourceHandler resourceHandler;
|
|
private readonly WindowSettings windowSettings;
|
|
private readonly BrowserSettings settings;
|
|
|
|
private string quitUrlPattern;
|
|
|
|
internal event UrlEventHandler QuitUrlVisited;
|
|
internal event UrlEventHandler RequestBlocked;
|
|
|
|
internal RequestHandler(
|
|
AppConfig appConfig,
|
|
IRequestFilter filter,
|
|
ILogger logger,
|
|
ResourceHandler resourceHandler,
|
|
BrowserSettings settings,
|
|
WindowSettings windowSettings)
|
|
{
|
|
this.appConfig = appConfig;
|
|
this.filter = filter;
|
|
this.logger = logger;
|
|
this.resourceHandler = resourceHandler;
|
|
this.settings = settings;
|
|
this.windowSettings = windowSettings;
|
|
}
|
|
|
|
protected override bool GetAuthCredentials(IWebBrowser webBrowser, IBrowser browser, string originUrl, bool isProxy, string host, int port, string realm, string scheme, IAuthCallback callback)
|
|
{
|
|
if (isProxy)
|
|
{
|
|
foreach (var proxy in settings.Proxy.Proxies)
|
|
{
|
|
if (proxy.RequiresAuthentication && host?.Equals(proxy.Host, StringComparison.OrdinalIgnoreCase) == true && port == proxy.Port)
|
|
{
|
|
callback.Continue(proxy.Username, proxy.Password);
|
|
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return base.GetAuthCredentials(webBrowser, browser, originUrl, isProxy, host, port, realm, scheme, callback);
|
|
}
|
|
|
|
protected override IResourceRequestHandler GetResourceRequestHandler(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, bool isNavigation, bool isDownload, string requestInitiator, ref bool disableDefaultHandling)
|
|
{
|
|
return resourceHandler;
|
|
}
|
|
|
|
protected override bool OnBeforeBrowse(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, bool userGesture, bool isRedirect)
|
|
{
|
|
if (IsQuitUrl(request))
|
|
{
|
|
QuitUrlVisited?.Invoke(request.Url);
|
|
|
|
return true;
|
|
}
|
|
|
|
if (Block(request))
|
|
{
|
|
if (request.ResourceType == ResourceType.MainFrame)
|
|
{
|
|
RequestBlocked?.Invoke(request.Url);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
if (IsConfigurationFile(request, out var downloadUrl))
|
|
{
|
|
browser.GetHost().StartDownload(downloadUrl);
|
|
|
|
return true;
|
|
}
|
|
|
|
return base.OnBeforeBrowse(webBrowser, browser, frame, request, userGesture, isRedirect);
|
|
}
|
|
|
|
protected override bool OnOpenUrlFromTab(IWebBrowser webBrowser, IBrowser browser, IFrame frame, string targetUrl, WindowOpenDisposition targetDisposition, bool userGesture)
|
|
{
|
|
switch (targetDisposition)
|
|
{
|
|
case WindowOpenDisposition.NewBackgroundTab:
|
|
case WindowOpenDisposition.NewPopup:
|
|
case WindowOpenDisposition.NewWindow:
|
|
case WindowOpenDisposition.SaveToDisk:
|
|
return true;
|
|
default:
|
|
return base.OnOpenUrlFromTab(webBrowser, browser, frame, targetUrl, targetDisposition, userGesture);
|
|
}
|
|
}
|
|
|
|
private bool IsConfigurationFile(IRequest request, out string downloadUrl)
|
|
{
|
|
var isValidUri = Uri.TryCreate(request.Url, UriKind.RelativeOrAbsolute, out var uri);
|
|
var hasFileExtension = string.Equals(appConfig.ConfigurationFileExtension, Path.GetExtension(uri.AbsolutePath), StringComparison.OrdinalIgnoreCase);
|
|
var isDataUri = request.Url.Contains(appConfig.ConfigurationFileMimeType);
|
|
var isConfigurationFile = isValidUri && (hasFileExtension || isDataUri);
|
|
|
|
downloadUrl = request.Url;
|
|
|
|
if (isConfigurationFile)
|
|
{
|
|
if (isDataUri)
|
|
{
|
|
if (uri.Scheme == appConfig.SebUriScheme)
|
|
{
|
|
downloadUrl = request.Url.Replace($"{appConfig.SebUriScheme}{Uri.SchemeDelimiter}", "data:");
|
|
}
|
|
else if (uri.Scheme == appConfig.SebUriSchemeSecure)
|
|
{
|
|
downloadUrl = request.Url.Replace($"{appConfig.SebUriSchemeSecure}{Uri.SchemeDelimiter}", "data:");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (uri.Scheme == appConfig.SebUriScheme)
|
|
{
|
|
downloadUrl = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttp }.Uri.AbsoluteUri;
|
|
}
|
|
else if (uri.Scheme == appConfig.SebUriSchemeSecure)
|
|
{
|
|
downloadUrl = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttps }.Uri.AbsoluteUri;
|
|
}
|
|
}
|
|
|
|
logger.Debug($"Detected configuration file {(windowSettings.UrlPolicy.CanLog() ? $"'{uri}'" : "")}.");
|
|
}
|
|
|
|
return isConfigurationFile;
|
|
}
|
|
|
|
private bool IsQuitUrl(IRequest request)
|
|
{
|
|
var isQuitUrl = false;
|
|
|
|
if (!string.IsNullOrWhiteSpace(settings.QuitUrl))
|
|
{
|
|
if (quitUrlPattern == default)
|
|
{
|
|
quitUrlPattern = $"^{Regex.Escape(settings.QuitUrl.TrimEnd('/'))}/?$";
|
|
}
|
|
|
|
isQuitUrl = Regex.IsMatch(request.Url, quitUrlPattern, RegexOptions.IgnoreCase);
|
|
|
|
if (isQuitUrl)
|
|
{
|
|
logger.Debug($"Detected quit URL{(windowSettings.UrlPolicy.CanLog() ? $"'{request.Url}'" : "")}.");
|
|
}
|
|
}
|
|
|
|
return isQuitUrl;
|
|
}
|
|
|
|
private bool Block(IRequest request)
|
|
{
|
|
var block = false;
|
|
var url = WebUtility.UrlDecode(request.Url);
|
|
var isValidUrl = Uri.TryCreate(url, UriKind.Absolute, out _);
|
|
|
|
if (settings.Filter.ProcessMainRequests && request.ResourceType == ResourceType.MainFrame && isValidUrl)
|
|
{
|
|
var result = filter.Process(new Request { Url = url });
|
|
|
|
// We apparently can't filter chrome extension requests, as this prevents the rendering of PDFs.
|
|
if (result == FilterResult.Block && !url.StartsWith("chrome-extension://"))
|
|
{
|
|
block = true;
|
|
logger.Info($"Blocked main request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
|
|
}
|
|
}
|
|
|
|
if (settings.Filter.ProcessContentRequests && request.ResourceType != ResourceType.MainFrame && isValidUrl)
|
|
{
|
|
var result = filter.Process(new Request { Url = url });
|
|
|
|
if (result == FilterResult.Block)
|
|
{
|
|
block = true;
|
|
logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
|
|
}
|
|
}
|
|
|
|
if (!isValidUrl)
|
|
{
|
|
logger.Warn($"Filter could not process request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType})!");
|
|
}
|
|
|
|
return block;
|
|
}
|
|
}
|
|
}
|