/proc/self/cwd/src/check_audience.cc

Source (jump to first uncovered line)
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include "jwt_verify_lib/check_audience.h"

#include "absl/strings/match.h"

namespace google {
namespace jwt_verify {
namespace {

// HTTP Protocol scheme prefix in JWT aud claim.
constexpr absl::string_view HTTPSchemePrefix("http://");

// HTTPS Protocol scheme prefix in JWT aud claim.
constexpr absl::string_view HTTPSSchemePrefix("https://");

std::string sanitizeAudience(const std::string& aud) {
  if (aud.empty()) {
    return aud;
  }

  size_t beg_pos = 0;
  bool sanitized = false;
  // Point beg to first character after protocol scheme prefix in audience.
  if (absl::StartsWith(aud, HTTPSchemePrefix)) {
    beg_pos = HTTPSchemePrefix.size();
    sanitized = true;
  } else if (absl::StartsWith(aud, HTTPSSchemePrefix)) {
    beg_pos = HTTPSSchemePrefix.size();
    sanitized = true;
  }

  // Point end to trailing slash in aud.
  size_t end_pos = aud.length();
  if (aud[end_pos - 1] == '/') {
    --end_pos;
    sanitized = true;
  }
  if (sanitized) {
    return aud.substr(beg_pos, end_pos - beg_pos);
  }
  return aud;
}

}  // namespace

CheckAudience::CheckAudience(const std::vector<std::string>& config_audiences) {
  for (const auto& aud : config_audiences) {
    config_audiences_.insert(sanitizeAudience(aud));
  }
}

bool CheckAudience::areAudiencesAllowed(
    const std::vector<std::string>& jwt_audiences) const {
  if (config_audiences_.empty()) {
    return true;
  }
  for (const auto& aud : jwt_audiences) {
    if (config_audiences_.find(sanitizeAudience(aud)) !=
        config_audiences_.end()) {
      return true;
    }
  }
  return false;
}

}  // namespace jwt_verify
}  // namespace google

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2018 Google LLC
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include "jwt_verify_lib/check_audience.h"
16
17		#include "absl/strings/match.h"
18
19		namespace google {
20		namespace jwt_verify {
21		namespace {
22
23		// HTTP Protocol scheme prefix in JWT aud claim.
24		constexpr absl::string_view HTTPSchemePrefix("http://");
25
26		// HTTPS Protocol scheme prefix in JWT aud claim.
27		constexpr absl::string_view HTTPSSchemePrefix("https://");
28
29	0	std::string sanitizeAudience(const std::string& aud) {
30	0	if (aud.empty()) {
31	0	return aud;
32	0	}
33
34	0	size_t beg_pos = 0;
35	0	bool sanitized = false;
36		// Point beg to first character after protocol scheme prefix in audience.
37	0	if (absl::StartsWith(aud, HTTPSchemePrefix)) {
38	0	beg_pos = HTTPSchemePrefix.size();
39	0	sanitized = true;
40	0	} else if (absl::StartsWith(aud, HTTPSSchemePrefix)) {
41	0	beg_pos = HTTPSSchemePrefix.size();
42	0	sanitized = true;
43	0	}
44
45		// Point end to trailing slash in aud.
46	0	size_t end_pos = aud.length();
47	0	if (aud[end_pos - 1] == '/') {
48	0	--end_pos;
49	0	sanitized = true;
50	0	}
51	0	if (sanitized) {
52	0	return aud.substr(beg_pos, end_pos - beg_pos);
53	0	}
54	0	return aud;
55	0	}
56
57		} // namespace
58
59	0	CheckAudience::CheckAudience(const std::vector<std::string>& config_audiences) {
60	0	for (const auto& aud : config_audiences) {
61	0	config_audiences_.insert(sanitizeAudience(aud));
62	0	}
63	0	}
64
65		bool CheckAudience::areAudiencesAllowed(
66	0	const std::vector<std::string>& jwt_audiences) const {
67	0	if (config_audiences_.empty()) {
68	0	return true;
69	0	}
70	0	for (const auto& aud : jwt_audiences) {
71	0	if (config_audiences_.find(sanitizeAudience(aud)) !=
72	0	config_audiences_.end()) {
73	0	return true;
74	0	}
75	0	}
76	0	return false;
77	0	}
78
79		} // namespace jwt_verify
80		} // namespace google

Coverage Report

Created: 2023-06-07 07:04