chrome/browser/download/download_extension_api.cc - Issue 10213002: Make downloads.download() respect host permissions

Side by Side Diff: chrome/browser/download/download_extension_api.cc

Issue 10213002: Make downloads.download() respect host permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: " Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/download/download_extension_api.h"	5 #include "chrome/browser/download/download_extension_api.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <cctype>	8 #include <cctype>

9 #include <iterator>	9 #include <iterator>

10 #include <set>	10 #include <set>

(...skipping 363 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
374 std::string url;	374 std::string url;

375 iodata_.reset(new IOData());	375 iodata_.reset(new IOData());

376 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &options));	376 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &options));

377 EXTENSION_FUNCTION_VALIDATE(options->GetString(kUrlKey, &url));	377 EXTENSION_FUNCTION_VALIDATE(options->GetString(kUrlKey, &url));

378 iodata_->url = GURL(url);	378 iodata_->url = GURL(url);

379 if (!iodata_->url.is_valid()) {	379 if (!iodata_->url.is_valid()) {

380 error_ = download_extension_errors::kInvalidURLError;	380 error_ = download_extension_errors::kInvalidURLError;

381 return false;	381 return false;

382 }	382 }

383	383

	384 if (!iodata_->url.SchemeIs("data") &&

	385 !iodata_->url.SchemeIs("filesystem") &&
	Aaron Boodman 2012/05/02 22:52:07 Isn't this a way to circumvent host permissions? T Isn't this a way to circumvent host permissions? The extension will be able to download filesystem:http://www.google.com, even if it doesn't have host permissions to google.com. That doesn't seem right? I'm not sure about blobs. Are blobs tied to an origin? Or are they globally unique ids? If the latter, I suppose the extension would have had already had to have access to an origin in order to get the blob URL in the first place, so it is fine. ericu 2012/05/02 23:26:32 Yeah, this isn't right. Just take !iodata_->url.S Show quoted text On 2012/05/02 22:52:07, Aaron Boodman wrote: > Isn't this a way to circumvent host permissions? The extension will be able to > download http://filesystem:http://www.google.com, even if it doesn't have host > permissions to http://google.com. That doesn't seem right? Yeah, this isn't right. Just take !iodata_->url.SchemeIs("filesystem") off the restriction list. Once https://chromiumcodereview.appspot.com/10224011/ lands, HasHostPermission will do the right thing with filesystem URLs. And before it's landed, this check as written would be a security hole, as Aaron points out. Show quoted text > I'm not sure about blobs. Are blobs tied to an origin? Or are they globally > unique ids? If the latter, I suppose the extension would have had already had to > have access to an origin in order to get the blob URL in the first place, so it > is fine. Blobs are tied to an origin, but I don't know if you can view them cross-origin or not. MichaelN says you can. I'd suggest checking with abarth if you want a security expert opinion.
	386 !iodata_->url.SchemeIs("blob") &&

	387 !GetExtension()->HasHostPermission(iodata_->url)) {

	388 error_ = download_extension_errors::kInvalidURLError;

	389 return false;

	390 }

	391

384 if (options->HasKey(kFilenameKey)) {	392 if (options->HasKey(kFilenameKey)) {

385 EXTENSION_FUNCTION_VALIDATE(options->GetString(	393 EXTENSION_FUNCTION_VALIDATE(options->GetString(

386 kFilenameKey, &iodata_->filename));	394 kFilenameKey, &iodata_->filename));

387 if (!ValidateFilename(iodata_->filename)) {	395 if (!ValidateFilename(iodata_->filename)) {

388 error_ = download_extension_errors::kGenericError;	396 error_ = download_extension_errors::kGenericError;

389 return false;	397 return false;

390 }	398 }

391 }	399 }

392	400

393 if (options->HasKey(kSaveAsKey)) {	401 if (options->HasKey(kSaveAsKey)) {

(...skipping 681 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1075 ListValue args;	1083 ListValue args;

1076 args.Append(arg);	1084 args.Append(arg);

1077 std::string json_args;	1085 std::string json_args;

1078 base::JSONWriter::Write(&args, &json_args);	1086 base::JSONWriter::Write(&args, &json_args);

1079 profile_->GetExtensionEventRouter()->DispatchEventToRenderers(	1087 profile_->GetExtensionEventRouter()->DispatchEventToRenderers(

1080 event_name,	1088 event_name,

1081 json_args,	1089 json_args,

1082 profile_,	1090 profile_,

1083 GURL());	1091 GURL());

1084 }	1092 }

OLD	NEW

« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/downloads/manifest.json » ('j') | no next file with comments »