| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/manifest_handlers/externally_connectable.h" | 5 #include "chrome/common/extensions/manifest_handlers/externally_connectable.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 | 51 |
| 52 ExternallyConnectableHandler::ExternallyConnectableHandler() {} | 52 ExternallyConnectableHandler::ExternallyConnectableHandler() {} |
| 53 | 53 |
| 54 ExternallyConnectableHandler::~ExternallyConnectableHandler() {} | 54 ExternallyConnectableHandler::~ExternallyConnectableHandler() {} |
| 55 | 55 |
| 56 bool ExternallyConnectableHandler::Parse(Extension* extension, | 56 bool ExternallyConnectableHandler::Parse(Extension* extension, |
| 57 string16* error) { | 57 string16* error) { |
| 58 const base::Value* externally_connectable = NULL; | 58 const base::Value* externally_connectable = NULL; |
| 59 CHECK(extension->manifest()->Get(keys::kExternallyConnectable, | 59 CHECK(extension->manifest()->Get(keys::kExternallyConnectable, |
| 60 &externally_connectable)); | 60 &externally_connectable)); |
| 61 std::vector<InstallWarning> install_warnings; |
| 61 scoped_ptr<ExternallyConnectableInfo> info = | 62 scoped_ptr<ExternallyConnectableInfo> info = |
| 62 ExternallyConnectableInfo::FromValue(*externally_connectable, error); | 63 ExternallyConnectableInfo::FromValue(*externally_connectable, |
| 64 &install_warnings, |
| 65 error); |
| 63 if (!info) | 66 if (!info) |
| 64 return false; | 67 return false; |
| 65 if (!info->matches.is_empty()) { | 68 if (!info->matches.is_empty()) { |
| 66 PermissionsData::GetInitialAPIPermissions(extension)->insert( | 69 PermissionsData::GetInitialAPIPermissions(extension)->insert( |
| 67 APIPermission::kWebConnectable); | 70 APIPermission::kWebConnectable); |
| 68 } | 71 } |
| 72 extension->AddInstallWarnings(install_warnings); |
| 69 extension->SetManifestData(keys::kExternallyConnectable, info.release()); | 73 extension->SetManifestData(keys::kExternallyConnectable, info.release()); |
| 70 return true; | 74 return true; |
| 71 } | 75 } |
| 72 | 76 |
| 73 const std::vector<std::string> ExternallyConnectableHandler::Keys() const { | 77 const std::vector<std::string> ExternallyConnectableHandler::Keys() const { |
| 74 return SingleKey(keys::kExternallyConnectable); | 78 return SingleKey(keys::kExternallyConnectable); |
| 75 } | 79 } |
| 76 | 80 |
| 77 // static | 81 // static |
| 78 ExternallyConnectableInfo* ExternallyConnectableInfo::Get( | 82 ExternallyConnectableInfo* ExternallyConnectableInfo::Get( |
| 79 const Extension* extension) { | 83 const Extension* extension) { |
| 80 return static_cast<ExternallyConnectableInfo*>( | 84 return static_cast<ExternallyConnectableInfo*>( |
| 81 extension->GetManifestData(keys::kExternallyConnectable)); | 85 extension->GetManifestData(keys::kExternallyConnectable)); |
| 82 } | 86 } |
| 83 | 87 |
| 84 // static | 88 // static |
| 85 scoped_ptr<ExternallyConnectableInfo> ExternallyConnectableInfo::FromValue( | 89 scoped_ptr<ExternallyConnectableInfo> ExternallyConnectableInfo::FromValue( |
| 86 const base::Value& value, | 90 const base::Value& value, |
| 91 std::vector<InstallWarning>* install_warnings, |
| 87 string16* error) { | 92 string16* error) { |
| 88 scoped_ptr<ExternallyConnectable> externally_connectable = | 93 scoped_ptr<ExternallyConnectable> externally_connectable = |
| 89 ExternallyConnectable::FromValue(value); | 94 ExternallyConnectable::FromValue(value); |
| 90 if (!externally_connectable) { | 95 if (!externally_connectable) { |
| 91 *error = UTF8ToUTF16(errors::kErrorInvalid); | 96 *error = UTF8ToUTF16(errors::kErrorInvalid); |
| 92 return scoped_ptr<ExternallyConnectableInfo>(); | 97 return scoped_ptr<ExternallyConnectableInfo>(); |
| 93 } | 98 } |
| 94 | 99 |
| 95 URLPatternSet matches; | 100 URLPatternSet matches; |
| 96 | 101 |
| 97 if (externally_connectable->matches) { | 102 if (externally_connectable->matches) { |
| 98 for (std::vector<std::string>::iterator it = | 103 for (std::vector<std::string>::iterator it = |
| 99 externally_connectable->matches->begin(); | 104 externally_connectable->matches->begin(); |
| 100 it != externally_connectable->matches->end(); ++it) { | 105 it != externally_connectable->matches->end(); ++it) { |
| 101 // Safe to use SCHEME_ALL here; externally_connectable gives a page -> | 106 // Safe to use SCHEME_ALL here; externally_connectable gives a page -> |
| 102 // extension communication path, not the other way. | 107 // extension communication path, not the other way. |
| 103 URLPattern pattern(URLPattern::SCHEME_ALL); | 108 URLPattern pattern(URLPattern::SCHEME_ALL); |
| 104 if (pattern.Parse(*it) != URLPattern::PARSE_SUCCESS) { | 109 if (pattern.Parse(*it) != URLPattern::PARSE_SUCCESS) { |
| 105 *error = ErrorUtils::FormatErrorMessageUTF16( | 110 *error = ErrorUtils::FormatErrorMessageUTF16( |
| 106 errors::kErrorInvalidMatchPattern, *it); | 111 errors::kErrorInvalidMatchPattern, *it); |
| 107 return scoped_ptr<ExternallyConnectableInfo>(); | 112 return scoped_ptr<ExternallyConnectableInfo>(); |
| 108 } | 113 } |
| 109 | 114 |
| 110 // Wildcard hosts are not allowed. | 115 // Wildcard hosts are not allowed. |
| 111 if (pattern.host().empty()) { | 116 if (pattern.host().empty()) { |
| 112 *error = ErrorUtils::FormatErrorMessageUTF16( | 117 // Warning not error for forwards compatibility. |
| 113 errors::kErrorWildcardHostsNotAllowed, *it); | 118 install_warnings->push_back( |
| 114 return scoped_ptr<ExternallyConnectableInfo>(); | 119 InstallWarning::Text(ErrorUtils::FormatErrorMessage( |
| 120 errors::kErrorWildcardHostsNotAllowed, *it))); |
| 121 continue; |
| 115 } | 122 } |
| 116 | 123 |
| 117 // Wildcards on subdomains of a TLD are not allowed. | 124 // Wildcards on subdomains of a TLD are not allowed. |
| 118 size_t registry_length = rcd::GetRegistryLength( | 125 size_t registry_length = rcd::GetRegistryLength( |
| 119 pattern.host(), | 126 pattern.host(), |
| 120 // This means that things that look like TLDs - the foobar in | 127 // This means that things that look like TLDs - the foobar in |
| 121 // http://google.foobar - count as TLDs. | 128 // http://google.foobar - count as TLDs. |
| 122 rcd::INCLUDE_UNKNOWN_REGISTRIES, | 129 rcd::INCLUDE_UNKNOWN_REGISTRIES, |
| 123 // This means that effective TLDs like appspot.com count as TLDs; | 130 // This means that effective TLDs like appspot.com count as TLDs; |
| 124 // codereview.appspot.com and evil.appspot.com are different. | 131 // codereview.appspot.com and evil.appspot.com are different. |
| 125 rcd::INCLUDE_PRIVATE_REGISTRIES); | 132 rcd::INCLUDE_PRIVATE_REGISTRIES); |
| 126 | 133 |
| 127 if (registry_length == std::string::npos) { | 134 if (registry_length == std::string::npos) { |
| 128 // The URL parsing combined with host().empty() should have caught this. | 135 // The URL parsing combined with host().empty() should have caught this. |
| 129 NOTREACHED() << *it; | 136 NOTREACHED() << *it; |
| 130 *error = ErrorUtils::FormatErrorMessageUTF16( | 137 *error = ErrorUtils::FormatErrorMessageUTF16( |
| 131 errors::kErrorInvalidMatchPattern, *it); | 138 errors::kErrorInvalidMatchPattern, *it); |
| 132 return scoped_ptr<ExternallyConnectableInfo>(); | 139 return scoped_ptr<ExternallyConnectableInfo>(); |
| 133 } | 140 } |
| 134 | 141 |
| 135 // Broad match patterns like "*.com", "*.co.uk", and even "*.appspot.com" | 142 // Broad match patterns like "*.com", "*.co.uk", and even "*.appspot.com" |
| 136 // are not allowed. However just "appspot.com" is ok. | 143 // are not allowed. However just "appspot.com" is ok. |
| 137 if (registry_length == 0 && pattern.match_subdomains()) { | 144 if (registry_length == 0 && pattern.match_subdomains()) { |
| 138 *error = ErrorUtils::FormatErrorMessageUTF16( | 145 // Warning not error for forwards compatibility. |
| 139 errors::kErrorTopLevelDomainsNotAllowed, | 146 install_warnings->push_back(InstallWarning::Text( |
| 140 pattern.host().c_str(), | 147 ErrorUtils::FormatErrorMessage( |
| 141 *it); | 148 errors::kErrorTopLevelDomainsNotAllowed, |
| 142 return scoped_ptr<ExternallyConnectableInfo>(); | 149 pattern.host().c_str(), |
| 150 *it))); |
| 151 continue; |
| 143 } | 152 } |
| 144 | 153 |
| 145 matches.AddPattern(pattern); | 154 matches.AddPattern(pattern); |
| 146 } | 155 } |
| 147 } | 156 } |
| 148 | 157 |
| 149 std::vector<std::string> ids; | 158 std::vector<std::string> ids; |
| 150 bool all_ids = false; | 159 bool all_ids = false; |
| 151 | 160 |
| 152 if (externally_connectable->ids) { | 161 if (externally_connectable->ids) { |
| (...skipping 25 matching lines...) Expand all Loading... |
| 178 : matches(matches), ids(Sorted(ids)), all_ids(all_ids) {} | 187 : matches(matches), ids(Sorted(ids)), all_ids(all_ids) {} |
| 179 | 188 |
| 180 bool ExternallyConnectableInfo::IdCanConnect(const std::string& id) { | 189 bool ExternallyConnectableInfo::IdCanConnect(const std::string& id) { |
| 181 if (all_ids) | 190 if (all_ids) |
| 182 return true; | 191 return true; |
| 183 DCHECK(base::STLIsSorted(ids)); | 192 DCHECK(base::STLIsSorted(ids)); |
| 184 return std::binary_search(ids.begin(), ids.end(), id); | 193 return std::binary_search(ids.begin(), ids.end(), id); |
| 185 } | 194 } |
| 186 | 195 |
| 187 } // namespace extensions | 196 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16464004:
Turn disallowed URL patterns such as <all_urls> for externally_connectable into (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src