Added ability to set whitelisted IP addresses to IEDriverServer

The list of IP addresses is a comma-delimited list passed to the
/whitelisted-ips command-line argument. Defaults to local loopback
address only. Also improved logging to show executable version and
rchitecture in driver log.

Signed-off-by: Jim Evans <james.h.evans.jr@gmail.com>

Author: lsowen

cpp/iedriver/IEServer.cpp

@@ -26,9 +26,10 @@ IEServer::IEServer(int port,
                    const std::string& log_level,
                    const std::string& log_file,
                    const std::string& version,
-                   const std::string& driver_implementation) : Server(port, host, log_level, log_file) {
+                   const std::string& driver_implementation,
+                   const std::string& acl) : Server(port, host, log_level, log_file, acl) {
   LOG(TRACE) << "Entering IEServer::IEServer";
-
+  LOG(INFO) << "Driver version: " << version;
   this->version_ = version;
   this->driver_implementation_ = driver_implementation;
 }

cpp/iedriver/IEServer.h

@@ -30,7 +30,8 @@ class IEServer : public Server {
            const std::string& log_level,
            const std::string& log_file,
            const std::string& version,
-           const std::string& driver_implementation);
+           const std::string& driver_implementation,
+           const std::string& acl);
   virtual ~IEServer(void);
 
  protected:

cpp/iedriver/WebDriver.cpp

@@ -22,7 +22,8 @@ webdriver::Server* StartServer(int port,
                                const std::wstring& log_level,
                                const std::wstring& log_file,
                                const std::wstring& version,
-                               const std::wstring& driver_engine) {
+                               const std::wstring& driver_engine,
+                               const std::wstring& whitelist) {
   LOG(TRACE) << "Entering StartServer";
   if (server == NULL) {
     LOG(DEBUG) << "Instantiating webdriver server";
@@ -32,12 +33,14 @@ webdriver::Server* StartServer(int port,
     std::string converted_log_file = webdriver::StringUtilities::ToString(log_file);
     std::string converted_version = webdriver::StringUtilities::ToString(version);
     std::string converted_engine = webdriver::StringUtilities::ToString(driver_engine);
+    std::string converted_acl = webdriver::StringUtilities::ToString(whitelist);
     server = new webdriver::IEServer(port,
                                      converted_host,
                                      converted_log_level,
                                      converted_log_file,
                                      converted_version,
-                                     converted_engine);
+                                     converted_engine,
+                                     converted_acl);
     if (!server->Start()) {
       LOG(TRACE) << "Starting of IEServer is failed";
       delete server;

cpp/iedriver/WebDriver.h

@@ -32,7 +32,8 @@ EXPORT webdriver::Server* StartServer(int port,
                                       const std::wstring& log_level,
                                       const std::wstring& log_file,
                                       const std::wstring& version,
-                                      const std::wstring& driver_engine);
+                                      const std::wstring& driver_engine,
+                                      const std::wstring& whitelist);
 EXPORT void StopServer(void);
 
 #ifdef __cplusplus

cpp/iedriverserver/CHANGELOG

@@ -9,6 +9,14 @@ available via the project downloads page. Changes in "revision" field indicate
 private releases checked into the prebuilts directory of the source tree, but
 not made generally available on the downloads page.
 
+v2.48.0.4
+=========
+ * Added ability to set whitelisted IP addresses to access IE driver server.
+   The list of IP addresses is a comma-delimited list passed to the
+   /whitelisted-ips command-line argument. Defaults to local loopback address
+   only. Also improved logging to show executable version and architecture in
+   driver log. Patch provided by lsowen.
+
 v2.48.0.3
 =========
  * Updates to JavaScript automation atoms.

cpp/iedriverserver/IEDriverServer.cpp

@@ -29,7 +29,7 @@
 // by the .dll produced by the IEDriver project in this solution.
 // The definitions of these functions can be found in WebDriver.h
 // in that project.
-typedef void* (__cdecl *STARTSERVERPROC)(int, const std::wstring&, const std::wstring&, const std::wstring&, const std::wstring&, const std::wstring&);
+typedef void* (__cdecl *STARTSERVERPROC)(int, const std::wstring&, const std::wstring&, const std::wstring&, const std::wstring&, const std::wstring&, const std::wstring&);
 typedef void (__cdecl *STOPSERVERPROC)(void);
 
 #define ERR_DLL_EXTRACT_FAIL 1
@@ -49,6 +49,7 @@ typedef void (__cdecl *STOPSERVERPROC)(void);
 #define SILENT_COMMAND_LINE_ARG L"silent"
 #define EXTRACTPATH_COMMAND_LINE_ARG L"extract-path"
 #define IMPLEMENTATION_COMMAND_LINE_ARG L"implementation"
+#define ACL_COMMAND_LINE_ARG L"whitelisted-ips"
 #define BOOLEAN_COMMAND_LINE_ARG_MISSING_VALUE L"value-not-specified"
 
 bool ExtractResource(unsigned short resource_id,
@@ -157,11 +158,13 @@ std::wstring GetExecutableVersion() {
   return static_cast<wchar_t*>(value);
 }
 
+
 void ShowUsage(void) {
   std::wcout << L"Launches the WebDriver server for the Internet Explorer driver" << std::endl
              << std::endl
              << L"IEDriverServer [/port=<port>] [/host=<host>] [/log-level=<level>]" << std::endl
              << L"               [/log-file=<file>] [/extract-path=<path>] [/silent]" << std::endl
+             << L"               [/whitelisted-ips=<whitelisted-ips>]" << std::endl
              << std::endl
              << L"  /port=<port>  Specifies the port on which the server will listen for" << std::endl
              << L"                commands. Defaults to 5555 if not specified." << std::endl
@@ -182,7 +185,10 @@ void ShowUsage(void) {
              << L"                Specifies the full path to the directory used to extract" << std::endl
              << L"                supporting files used by the server. Defaults to the TEMP" << std::endl
              << L"                directory if not specified." << std::endl
-             << L"  /silent       Suppresses diagnostic output when the server is started." << std::endl;
+             << L"  /silent       Suppresses diagnostic output when the server is started." << std::endl
+             << L"  /whitelisted-ips=<whitelisted-ips>" << std::endl
+             << L"                Comma-separated whitelist of remote IPv4 addresses which" << std::endl
+             << L"                are allowed to connect to the WebDriver server." << std::endl;
 }
 
 int _tmain(int argc, _TCHAR* argv[]) {
@@ -241,8 +247,10 @@ int _tmain(int argc, _TCHAR* argv[]) {
   bool silent = args.GetValue(SILENT_COMMAND_LINE_ARG,
       BOOLEAN_COMMAND_LINE_ARG_MISSING_VALUE).size() == 0;
   std::wstring executable_version = GetExecutableVersion();
+  std::wstring executable_architecture = GetProcessArchitectureDescription();
   std::wstring implementation = args.GetValue(IMPLEMENTATION_COMMAND_LINE_ARG,
                                               L"");
+  std::wstring whitelist = args.GetValue(ACL_COMMAND_LINE_ARG, L"");
 
   // coerce log level and implementation to uppercase, making the values
   // case-insensitive, to match expected values.
@@ -255,23 +263,26 @@ int _tmain(int argc, _TCHAR* argv[]) {
                  implementation.begin(),
                  toupper);
 
+
   void* server_value = start_server_ex_proc(port,
                                             host_address,
                                             log_level,
                                             log_file,
-                                            executable_version,
-                                            implementation);
+                                            executable_version + L" (" + executable_architecture + L")",
+                                            implementation,
+                                            whitelist);
   if (server_value == NULL) {
     std::wcout << L"Failed to start the server with: "
                << L"port = '" << port << L"', "
                << L"host = '" << host_address << L"', "
                << L"log level = '" << log_level << L"', "
-               << L"log file = '" << log_file << L"'.";
+               << L"log file = '" << log_file << L"', "
+               << L"whitelisted ips = '" << whitelist << L"'.";
     return ERR_SERVER_START;
   }
   if (!silent) {
     std::wcout << L"Started InternetExplorerDriver server"
-               << L" (" << GetProcessArchitectureDescription() << L")"
+               << L" (" << executable_architecture << L")"
                << std::endl;
     std::wcout << executable_version
                << std::endl;
@@ -301,6 +312,14 @@ int _tmain(int argc, _TCHAR* argv[]) {
                  << extraction_path_arg
                  << std::endl;
     }
+    if (whitelist.size() > 0) {
+      std::wcout << L"IP addresses allowed to connect are "
+                 << whitelist
+                 << std::endl;
+    } else {
+      std::wcout << L"Only local connections are allowed"
+                 << std::endl;
+    }
   }
 
   // Create the shutdown event and wait for it to be signaled.

cpp/iedriverserver/IEDriverServer.rc

@@ -23,6 +23,8 @@
 #include "logging.h"
 
 #define SERVER_DEFAULT_PAGE "<html><head><title>WebDriver</title></head><body><p id='main'>This is the initial start page for the WebDriver server.</p></body></html>"
+#define SERVER_DEFAULT_WHITELIST "127.0.0.1"
+#define SERVER_DEFAULT_BLACKLIST "-0.0.0.0/0"
 #define HTML_CONTENT_TYPE "text/html"
 #define JSON_CONTENT_TYPE "application/json"
 
@@ -44,18 +46,26 @@ inline int wd_snprintf(char* str, size_t size, const char* format, ...) {
 namespace webdriver {
 
 Server::Server(const int port) {
-  this->Initialize(port, "", "", "");
+  this->Initialize(port, "", "", "", SERVER_DEFAULT_WHITELIST);
 }
 
 Server::Server(const int port, const std::string& host) {
-  this->Initialize(port, host, "", "");
+  this->Initialize(port, host, "", "", SERVER_DEFAULT_WHITELIST);
 }
 
 Server::Server(const int port,
                const std::string& host,
                const std::string& log_level,
                const std::string& log_file) {
-  this->Initialize(port, host, log_level, log_file);
+  this->Initialize(port, host, log_level, log_file, SERVER_DEFAULT_WHITELIST);
+}
+
+Server::Server(const int port,
+               const std::string& host,
+               const std::string& log_level,
+               const std::string& log_file,
+               const std::string& acl) {
+    this->Initialize(port, host, log_level, log_file, acl);
 }
 
 Server::~Server(void) {
@@ -69,16 +79,36 @@ Server::~Server(void) {
 void Server::Initialize(const int port,
                         const std::string& host,
                         const std::string& log_level,
-                        const std::string& log_file) {
+                        const std::string& log_file,
+                        const std::string& acl) {
   LOG::Level(log_level);
   LOG::File(log_file);
   LOG(INFO) << "Starting WebDriver server on port: '"
             << port << "' on host: '" << host << "'";
   this->port_ = port;
   this->host_ = host;
+  if (acl.size() > 0) {
+    this->ProcessWhitelist(acl);
+  } else {
+    this->whitelist_.push_back(SERVER_DEFAULT_WHITELIST);
+  }
   this->PopulateCommandRepository();
 }
 
+void Server::ProcessWhitelist(const std::string& whitelist) {
+  std::string input_copy = whitelist;
+  while (input_copy.size() > 0) {
+    size_t delimiter_pos = input_copy.find(",");
+    std::string token = input_copy.substr(0, delimiter_pos);
+    if (delimiter_pos == std::string::npos) {
+      input_copy = "";
+    } else {
+      input_copy = input_copy.substr(delimiter_pos + 1);
+    }
+    this->whitelist_.push_back(token);
+  }
+}
+
 int Server::OnNewHttpRequest(struct mg_connection* conn) {
   mg_context* context = mg_get_context(conn);
   Server* current_server = reinterpret_cast<Server*>(mg_get_user_data(context));
@@ -109,7 +139,12 @@ bool Server::Start() {
            this->host_.c_str(),
            this->port_);
 
-  std::string acl = "-0.0.0.0/0,+127.0.0.1";
+  std::string acl = SERVER_DEFAULT_BLACKLIST;
+  for (std::vector<std::string>::const_iterator it = this->whitelist_.begin();
+       it < this->whitelist_.end();
+       ++it) {
+    acl.append(",+").append(*it);
+  }
   LOG(DEBUG) << "Civetweb ACL is " << acl;
 
   const char* options[] = { "listening_ports", listening_ports_buffer,