chrome/browser/extensions/api/web_request/web_request_permissions.cc - Issue 10831008: Refactor and fix declarative webRequest API permissions

Side by Side Diff: chrome/browser/extensions/api/web_request/web_request_permissions.cc

Issue 10831008: Refactor and fix declarative webRequest API permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixed license headers Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « chrome/browser/extensions/api/web_request/web_request_permissions.h ('k') | chrome/browser/extensions/api/web_request/web_request_permissions_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h"

	6

	7 #include "base/string_util.h"

	8 #include "base/stringprintf.h"

	9 #include "chrome/browser/extensions/extension_info_map.h"

	10 #include "chrome/common/extensions/extension.h"

	11 #include "chrome/common/url_constants.h"

	12 #include "googleurl/src/gurl.h"

	13 #include "net/url_request/url_request.h"

	14

	15 namespace {

	16

	17 // Returns true if the URL is sensitive and requests to this URL must not be

	18 // modified/canceled by extensions, e.g. because it is targeted to the webstore

	19 // to check for updates, extension blacklisting, etc.

	20 bool IsSensitiveURL(const GURL& url) {

	21 // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and

	22 // Extension::CanExecuteScriptOnPage into one function.

	23 bool is_webstore_gallery_url =

	24 StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true);

	25 bool sensitive_chrome_url = false;

	26 if (EndsWith(url.host(), "google.com", true)) {

	27 sensitive_chrome_url \|= (url.host() == "www.google.com") &&

	28 StartsWithASCII(url.path(), "/chrome", true);

	29 sensitive_chrome_url \|= (url.host() == "chrome.google.com");

	30 if (StartsWithASCII(url.host(), "client", true)) {

	31 for (int i = 0; i < 10; ++i) {

	32 sensitive_chrome_url \|=

	33 (StringPrintf("client%d.google.com", i) == url.host());

	34 }

	35 }

	36 }

	37 GURL::Replacements replacements;

	38 replacements.ClearQuery();

	39 replacements.ClearRef();

	40 GURL url_without_query = url.ReplaceComponents(replacements);

	41 return is_webstore_gallery_url \|\| sensitive_chrome_url \|\|

	42 extension_urls::IsWebstoreUpdateUrl(url_without_query) \|\|

	43 extension_urls::IsBlacklistUpdateUrl(url);

	44 }

	45

	46 // Returns true if the scheme is one we want to allow extensions to have access

	47 // to. Extensions still need specific permissions for a given URL, which is

	48 // covered by CanExtensionAccessURL.

	49 bool HasWebRequestScheme(const GURL& url) {

	50 return (url.SchemeIs(chrome::kAboutScheme) \|\|

	51 url.SchemeIs(chrome::kFileScheme) \|\|

	52 url.SchemeIs(chrome::kFileSystemScheme) \|\|

	53 url.SchemeIs(chrome::kFtpScheme) \|\|

	54 url.SchemeIs(chrome::kHttpScheme) \|\|

	55 url.SchemeIs(chrome::kHttpsScheme) \|\|

	56 url.SchemeIs(chrome::kExtensionScheme));

	57 }

	58

	59 } // namespace

	60

	61 // static

	62 bool WebRequestPermissions::HideRequest(const net::URLRequest* request) {

	63 const GURL& url = request->url();

	64 const GURL& first_party_url = request->first_party_for_cookies();

	65 bool hide = false;

	66 if (first_party_url.is_valid()) {

	67 hide = IsSensitiveURL(first_party_url) \|\|

	68 !HasWebRequestScheme(first_party_url);

	69 }

	70 if (!hide)

	71 hide = IsSensitiveURL(url) \|\| !HasWebRequestScheme(url);

	72 return hide;

	73 }

	74

	75 // static

	76 bool WebRequestPermissions::CanExtensionAccessURL(

	77 const ExtensionInfoMap* extension_info_map,

	78 const std::string& extension_id,

	79 const GURL& url,

	80 bool crosses_incognito,

	81 bool enforce_host_permissions) {

	82 // extension_info_map can be NULL in testing.

	83 if (!extension_info_map)

	84 return true;

	85

	86 const extensions::Extension* extension =

	87 extension_info_map->extensions().GetByID(extension_id);

	88 if (!extension)

	89 return false;

	90

	91 // Check if this event crosses incognito boundaries when it shouldn't.

	92 if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))

	93 return false;

	94

	95 if (enforce_host_permissions) {

	96 // about: URLs are not covered in host permissions, but are allowed anyway.

	97 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) \|\|

	98 extension->HasHostPermission(url) \|\|

	99 url.GetOrigin() == extension->url());

	100 if (!host_permissions_ok)

	101 return false;

	102 }

	103

	104 return true;

	105 }

OLD	NEW