OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/plugin_list.h" | 5 #include "content/common/plugin_list.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/strings/string_split.h" | 12 #include "base/strings/string_split.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/sys_string_conversions.h" | 14 #include "base/strings/sys_string_conversions.h" |
15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
16 #include "net/base/mime_util.h" | 16 #include "net/base/mime_util.h" |
17 #include "url/gurl.h" | 17 #include "url/gurl.h" |
18 #include "webkit/plugins/plugin_switches.h" | 18 #include "webkit/plugins/plugin_switches.h" |
19 | 19 |
20 #if defined(OS_WIN) | 20 #if defined(OS_WIN) |
21 #include "content/common/plugin_constants_win.h" | 21 #include "content/common/plugin_constants_win.h" |
22 #endif | 22 #endif |
23 | 23 |
24 namespace content { | 24 namespace content { |
25 | 25 |
26 namespace { | 26 namespace { |
27 | 27 |
28 const char kApplicationOctetStream[] = "application/octet-stream"; | |
29 | |
30 base::LazyInstance<PluginList> g_singleton = LAZY_INSTANCE_INITIALIZER; | 28 base::LazyInstance<PluginList> g_singleton = LAZY_INSTANCE_INITIALIZER; |
31 | 29 |
32 bool AllowMimeTypeMismatch(const std::string& orig_mime_type, | |
33 const std::string& actual_mime_type) { | |
34 if (orig_mime_type == actual_mime_type) { | |
35 NOTREACHED(); | |
36 return true; | |
37 } | |
38 | |
39 // We do not permit URL-sniff based plug-in MIME type overrides aside from | |
40 // the case where the "type" was initially missing or generic | |
41 // (application/octet-stream). | |
42 // We collected stats to determine this approach isn't a major compat issue, | |
43 // and we defend against content confusion attacks in various cases, such | |
44 // as when the user doesn't have the Flash plug-in enabled. | |
45 bool allow = orig_mime_type.empty() || | |
46 orig_mime_type == kApplicationOctetStream; | |
47 LOG_IF(INFO, !allow) << "Ignoring plugin with unexpected MIME type " | |
48 << actual_mime_type << " (expected " << orig_mime_type | |
49 << ")"; | |
50 return allow; | |
51 } | |
52 | |
53 } // namespace | 30 } // namespace |
54 | 31 |
55 // static | 32 // static |
56 PluginList* PluginList::Singleton() { | 33 PluginList* PluginList::Singleton() { |
57 return g_singleton.Pointer(); | 34 return g_singleton.Pointer(); |
58 } | 35 } |
59 | 36 |
60 // static | 37 // static |
61 bool PluginList::DebugPluginLoading() { | 38 bool PluginList::DebugPluginLoading() { |
62 return CommandLine::ForCurrentProcess()->HasSwitch( | 39 return CommandLine::ForCurrentProcess()->HasSwitch( |
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
358 base::FilePath path = plugins_list_[i].path; | 335 base::FilePath path = plugins_list_[i].path; |
359 if (visited_plugins.insert(path).second) { | 336 if (visited_plugins.insert(path).second) { |
360 info->push_back(plugins_list_[i]); | 337 info->push_back(plugins_list_[i]); |
361 if (actual_mime_types) | 338 if (actual_mime_types) |
362 actual_mime_types->push_back(mime_type); | 339 actual_mime_types->push_back(mime_type); |
363 } | 340 } |
364 } | 341 } |
365 } | 342 } |
366 | 343 |
367 // Add in plugins by url. | 344 // Add in plugins by url. |
| 345 // We do not permit URL-sniff based plug-in MIME type overrides aside from |
| 346 // the case where the "type" was initially missing. |
| 347 // We collected stats to determine this approach isn't a major compat issue, |
| 348 // and we defend against content confusion attacks in various cases, such |
| 349 // as when the user doesn't have the Flash plug-in enabled. |
368 std::string path = url.path(); | 350 std::string path = url.path(); |
369 std::string::size_type last_dot = path.rfind('.'); | 351 std::string::size_type last_dot = path.rfind('.'); |
370 if (last_dot != std::string::npos) { | 352 if (last_dot != std::string::npos && mime_type.empty()) { |
371 std::string extension = StringToLowerASCII(std::string(path, last_dot+1)); | 353 std::string extension = StringToLowerASCII(std::string(path, last_dot+1)); |
372 std::string actual_mime_type; | 354 std::string actual_mime_type; |
373 for (size_t i = 0; i < plugins_list_.size(); ++i) { | 355 for (size_t i = 0; i < plugins_list_.size(); ++i) { |
374 if (SupportsExtension(plugins_list_[i], extension, &actual_mime_type)) { | 356 if (SupportsExtension(plugins_list_[i], extension, &actual_mime_type)) { |
375 base::FilePath path = plugins_list_[i].path; | 357 base::FilePath path = plugins_list_[i].path; |
376 if (visited_plugins.insert(path).second && | 358 if (visited_plugins.insert(path).second) { |
377 AllowMimeTypeMismatch(mime_type, actual_mime_type)) { | |
378 info->push_back(plugins_list_[i]); | 359 info->push_back(plugins_list_[i]); |
379 if (actual_mime_types) | 360 if (actual_mime_types) |
380 actual_mime_types->push_back(actual_mime_type); | 361 actual_mime_types->push_back(actual_mime_type); |
381 } | 362 } |
382 } | 363 } |
383 } | 364 } |
384 } | 365 } |
385 } | 366 } |
386 | 367 |
387 bool PluginList::SupportsType(const WebPluginInfo& plugin, | 368 bool PluginList::SupportsType(const WebPluginInfo& plugin, |
(...skipping 28 matching lines...) Expand all Loading... |
416 } | 397 } |
417 } | 398 } |
418 return false; | 399 return false; |
419 } | 400 } |
420 | 401 |
421 PluginList::~PluginList() { | 402 PluginList::~PluginList() { |
422 } | 403 } |
423 | 404 |
424 | 405 |
425 } // namespace content | 406 } // namespace content |
OLD | NEW |