Support unrestricted ports usage for custom URI schemes

filipe-norte-red · magomez · commit 94674c9e2ef1 · 2024-06-19T09:07:53.000+02:00
Some custom URI schemes may assign a different meaning to the port of an
URI. Webkit restricts, by default, usage of certain ports. To bypass
the check, an env var allows specifying which protocols shall be
allowed unrestricted ports usage. Some network based protocols (e.g.
http, https, and others) are kept still restricted.
diff --git a/Source/WTF/wtf/URL.cpp b/Source/WTF/wtf/URL.cpp
@@ -996,6 +996,32 @@ const URL& aboutSrcDocURL()
     return staticSrcDocURL;
 }
 
+static bool protocolIsWhitelistedForAllPortsAcccess(StringView protocol)
+{
+    static Vector<String> s_protocolsWhitelisted;
+    static std::once_flag s_onceFlag;
+    std::call_once(s_onceFlag,
+        [] {
+            // The env var contains a comma separated list of protocols that need to have
+            // access to all ports.
+            // Example: WPE_WHITELIST_ALL_PORTS_FOR_PROTOCOLS="dvb,echo,custom"
+            String s(String::fromLatin1(std::getenv("WPE_WHITELIST_ALL_PORTS_FOR_PROTOCOLS")));
+            if (s.isEmpty())
+                return;
+
+            s_protocolsWhitelisted.appendVector(s.convertToASCIILowercase().split(','));
+
+            const Vector<String> excludeFromWhitelist( { "http"_s, "https"_s, "ws"_s, "wss"_s, "ftp"_s, "ftps"_s} );
+
+            // Ensure reserved protocols are not whitelisted
+            s_protocolsWhitelisted.removeAllMatching([&](const auto& protocol) {
+                return excludeFromWhitelist.contains(protocol);
+            });
+        });
+
+    return s_protocolsWhitelisted.contains(protocol.convertToASCIILowercase());
+}
+
 bool portAllowed(const URL& url)
 {
     std::optional<uint16_t> port = url.port();
@@ -1004,6 +1030,9 @@ bool portAllowed(const URL& url)
     if (!port)
         return true;
 
+    if (protocolIsWhitelistedForAllPortsAcccess(url.protocol()))
+        return true;
+
     // This blocked port list matches the port blocking that Mozilla implements.
     // See http://www.mozilla.org/projects/netlib/PortBanning.html for more information.
     static const uint16_t blockedPortList[] = {
