1/****************************************************************************
2**
3** Copyright (C) 2016 Kurt Pattyn <pattyn.kurt@gmail.com>.
4** Contact: https://www.qt.io/licensing/
5**
6** This file is part of the QtWebSockets module of the Qt Toolkit.
7**
8** $QT_BEGIN_LICENSE:LGPL$
9** Commercial License Usage
10** Licensees holding valid commercial Qt licenses may use this file in
11** accordance with the commercial license agreement provided with the
12** Software or, alternatively, in accordance with the terms contained in
13** a written agreement between you and The Qt Company. For licensing terms
14** and conditions see https://www.qt.io/terms-conditions. For further
15** information use the contact form at https://www.qt.io/contact-us.
16**
17** GNU Lesser General Public License Usage
18** Alternatively, this file may be used under the terms of the GNU Lesser
19** General Public License version 3 as published by the Free Software
20** Foundation and appearing in the file LICENSE.LGPL3 included in the
21** packaging of this file. Please review the following information to
22** ensure the GNU Lesser General Public License version 3 requirements
23** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24**
25** GNU General Public License Usage
26** Alternatively, this file may be used under the terms of the GNU
27** General Public License version 2.0 or (at your option) the GNU General
28** Public license version 3 or any later version approved by the KDE Free
29** Qt Foundation. The licenses are as published by the Free Software
30** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31** included in the packaging of this file. Please review the following
32** information to ensure the GNU General Public License requirements will
33** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34** https://www.gnu.org/licenses/gpl-3.0.html.
35**
36** $QT_END_LICENSE$
37**
38****************************************************************************/
39/*!
40 \class QDefaultMaskGenerator
41
42 \inmodule QtWebSockets
43
44 \brief The QDefaultMaskGenerator class provides the default mask generator for QtWebSockets.
45
46 The WebSockets specification as outlined in \l {RFC 6455}
47 requires that all communication from client to server must be masked. This is to prevent
48 malicious scripts to attack bad behaving proxies.
49 For more information about the importance of good masking,
50 see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
51 The default mask generator uses the reasonably secure QRandomGenerator::global()->generate() function.
52 The best measure against attacks mentioned in the document above,
53 is to use QWebSocket over a secure connection (\e wss://).
54 In general, always be careful to not have 3rd party script access to
55 a QWebSocket in your application.
56
57 \internal
58*/
59
60#include "qdefaultmaskgenerator_p.h"
61#include <QRandomGenerator>
62
63QT_BEGIN_NAMESPACE
64
65/*!
66 Constructs a new QDefaultMaskGenerator with the given \a parent.
67
68 \internal
69*/
70QDefaultMaskGenerator::QDefaultMaskGenerator(QObject *parent) :
71 QMaskGenerator(parent)
72{
73}
74
75/*!
76 Destroys the QDefaultMaskGenerator object.
77
78 \internal
79*/
80QDefaultMaskGenerator::~QDefaultMaskGenerator()
81{
82}
83
84/*!
85 \internal
86*/
87bool QDefaultMaskGenerator::seed() Q_DECL_NOEXCEPT
88{
89 return true;
90}
91
92/*!
93 Generates a new random mask using the insecure QRandomGenerator::global()->generate() method.
94
95 \internal
96*/
97quint32 QDefaultMaskGenerator::nextMask() Q_DECL_NOEXCEPT
98{
99 quint32 value = QRandomGenerator::global()->generate();
100 while (Q_UNLIKELY(value == 0)) {
101 // a mask of zero has a special meaning
102 value = QRandomGenerator::global()->generate();
103 }
104 return value;
105}
106
107QT_END_NAMESPACE
108

source code of qtwebsockets/src/websockets/qdefaultmaskgenerator_p.cpp