OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" | 5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/string_util.h" | 7 #include "base/string_util.h" |
8 #include "base/stringprintf.h" | 8 #include "base/stringprintf.h" |
9 #include "chrome/browser/extensions/extension_info_map.h" | 9 #include "chrome/browser/extensions/extension_info_map.h" |
10 #include "chrome/common/extensions/extension.h" | 10 #include "chrome/common/extensions/extension.h" |
| 11 #include "chrome/common/extensions/extension_constants.h" |
11 #include "chrome/common/url_constants.h" | 12 #include "chrome/common/url_constants.h" |
| 13 #include "content/public/browser/resource_request_info.h" |
12 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
13 #include "net/url_request/url_request.h" | 15 #include "net/url_request/url_request.h" |
14 | 16 |
| 17 using content::ResourceRequestInfo; |
| 18 |
15 namespace { | 19 namespace { |
16 | 20 |
17 // Returns true if the URL is sensitive and requests to this URL must not be | 21 // Returns true if the URL is sensitive and requests to this URL must not be |
18 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 22 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
19 // to check for updates, extension blacklisting, etc. | 23 // to check for updates, extension blacklisting, etc. |
20 bool IsSensitiveURL(const GURL& url) { | 24 bool IsSensitiveURL(const GURL& url) { |
21 // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and | 25 // TODO(battre) Merge this, CanExtensionAccessURL and |
22 // Extension::CanExecuteScriptOnPage into one function. | 26 // Extension::CanExecuteScriptOnPage into one function. |
23 bool is_webstore_gallery_url = | |
24 StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true); | |
25 bool sensitive_chrome_url = false; | 27 bool sensitive_chrome_url = false; |
26 if (EndsWith(url.host(), "google.com", true)) { | 28 const std::string host = url.host(); |
27 sensitive_chrome_url |= (url.host() == "www.google.com") && | 29 const char kGoogleCom[] = ".google.com"; |
28 StartsWithASCII(url.path(), "/chrome", true); | 30 const char kClient[] = "clients"; |
29 sensitive_chrome_url |= (url.host() == "chrome.google.com"); | 31 if (EndsWith(host, kGoogleCom, true)) { |
30 if (StartsWithASCII(url.host(), "client", true)) { | 32 // Check for "clients[0-9]*.google.com" hosts. |
31 for (int i = 0; i < 10; ++i) { | 33 // This protects requests to several internal services such as sync, |
32 sensitive_chrome_url |= | 34 // extension update pings, captive portal detection, fraudulent certificate |
33 (StringPrintf("client%d.google.com", i) == url.host()); | 35 // reporting, autofill and others. |
| 36 if (StartsWithASCII(host, kClient, true)) { |
| 37 bool match = true; |
| 38 for (std::string::const_iterator i = host.begin() + strlen(kClient), |
| 39 end = host.end() - strlen(kGoogleCom); i != end; ++i) { |
| 40 if (!isdigit(*i)) |
| 41 match = false; |
34 } | 42 } |
| 43 sensitive_chrome_url = sensitive_chrome_url || match; |
35 } | 44 } |
| 45 // This protects requests to safe browsing, link doctor, and possibly |
| 46 // others. |
| 47 sensitive_chrome_url = sensitive_chrome_url || |
| 48 EndsWith(url.host(), ".clients.google.com", true) || |
| 49 url.host() == "sb-ssl.google.com"; |
36 } | 50 } |
37 GURL::Replacements replacements; | 51 GURL::Replacements replacements; |
38 replacements.ClearQuery(); | 52 replacements.ClearQuery(); |
39 replacements.ClearRef(); | 53 replacements.ClearRef(); |
40 GURL url_without_query = url.ReplaceComponents(replacements); | 54 GURL url_without_query = url.ReplaceComponents(replacements); |
41 return is_webstore_gallery_url || sensitive_chrome_url || | 55 return sensitive_chrome_url || |
42 extension_urls::IsWebstoreUpdateUrl(url_without_query) || | 56 extension_urls::IsWebstoreUpdateUrl(url_without_query) || |
43 extension_urls::IsBlacklistUpdateUrl(url); | 57 extension_urls::IsBlacklistUpdateUrl(url); |
44 } | 58 } |
45 | 59 |
46 // Returns true if the scheme is one we want to allow extensions to have access | 60 // Returns true if the scheme is one we want to allow extensions to have access |
47 // to. Extensions still need specific permissions for a given URL, which is | 61 // to. Extensions still need specific permissions for a given URL, which is |
48 // covered by CanExtensionAccessURL. | 62 // covered by CanExtensionAccessURL. |
49 bool HasWebRequestScheme(const GURL& url) { | 63 bool HasWebRequestScheme(const GURL& url) { |
50 return (url.SchemeIs(chrome::kAboutScheme) || | 64 return (url.SchemeIs(chrome::kAboutScheme) || |
51 url.SchemeIs(chrome::kFileScheme) || | 65 url.SchemeIs(chrome::kFileScheme) || |
52 url.SchemeIs(chrome::kFileSystemScheme) || | 66 url.SchemeIs(chrome::kFileSystemScheme) || |
53 url.SchemeIs(chrome::kFtpScheme) || | 67 url.SchemeIs(chrome::kFtpScheme) || |
54 url.SchemeIs(chrome::kHttpScheme) || | 68 url.SchemeIs(chrome::kHttpScheme) || |
55 url.SchemeIs(chrome::kHttpsScheme) || | 69 url.SchemeIs(chrome::kHttpsScheme) || |
56 url.SchemeIs(chrome::kExtensionScheme)); | 70 url.SchemeIs(chrome::kExtensionScheme)); |
57 } | 71 } |
58 | 72 |
59 } // namespace | 73 } // namespace |
60 | 74 |
61 // static | 75 // static |
62 bool WebRequestPermissions::HideRequest(const net::URLRequest* request) { | 76 bool WebRequestPermissions::HideRequest( |
| 77 const ExtensionInfoMap* extension_info_map, |
| 78 const net::URLRequest* request) { |
| 79 // Hide requests from the Chrome WebStore App. |
| 80 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); |
| 81 if (info && extension_info_map) { |
| 82 int process_id = info->GetChildID(); |
| 83 const extensions::ProcessMap& process_map = |
| 84 extension_info_map->process_map(); |
| 85 if (process_map.Contains(extension_misc::kWebStoreAppId, process_id)) |
| 86 return true; |
| 87 } |
| 88 |
63 const GURL& url = request->url(); | 89 const GURL& url = request->url(); |
64 const GURL& first_party_url = request->first_party_for_cookies(); | 90 return IsSensitiveURL(url) || !HasWebRequestScheme(url); |
65 bool hide = false; | |
66 if (first_party_url.is_valid()) { | |
67 hide = IsSensitiveURL(first_party_url) || | |
68 !HasWebRequestScheme(first_party_url); | |
69 } | |
70 if (!hide) | |
71 hide = IsSensitiveURL(url) || !HasWebRequestScheme(url); | |
72 return hide; | |
73 } | 91 } |
74 | 92 |
75 // static | 93 // static |
76 bool WebRequestPermissions::CanExtensionAccessURL( | 94 bool WebRequestPermissions::CanExtensionAccessURL( |
77 const ExtensionInfoMap* extension_info_map, | 95 const ExtensionInfoMap* extension_info_map, |
78 const std::string& extension_id, | 96 const std::string& extension_id, |
79 const GURL& url, | 97 const GURL& url, |
80 bool crosses_incognito, | 98 bool crosses_incognito, |
81 bool enforce_host_permissions) { | 99 bool enforce_host_permissions) { |
82 // extension_info_map can be NULL in testing. | 100 // extension_info_map can be NULL in testing. |
(...skipping 13 matching lines...) Expand all Loading... |
96 // about: URLs are not covered in host permissions, but are allowed anyway. | 114 // about: URLs are not covered in host permissions, but are allowed anyway. |
97 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) || | 115 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) || |
98 extension->HasHostPermission(url) || | 116 extension->HasHostPermission(url) || |
99 url.GetOrigin() == extension->url()); | 117 url.GetOrigin() == extension->url()); |
100 if (!host_permissions_ok) | 118 if (!host_permissions_ok) |
101 return false; | 119 return false; |
102 } | 120 } |
103 | 121 |
104 return true; | 122 return true; |
105 } | 123 } |
OLD | NEW |