chrome/browser/extensions/api/web_request/web_request_permissions.cc - Issue 10831008: Refactor and fix declarative webRequest API permissions

Side by Side Diff: chrome/browser/extensions/api/web_request/web_request_permissions.cc

Issue 10831008: Refactor and fix declarative webRequest API permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Nits Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/extensions/api/web_request/web_request_permissions.h ('K') | « chrome/browser/extensions/api/web_request/web_request_permissions.h ('k') | chrome/browser/extensions/api/web_request/web_request_permissions_unittest.cc » ('j') | chrome/browser/extensions/extension_service.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h"

	6

	7 #include "base/string_util.h"

	8 #include "base/stringprintf.h"

	9 #include "chrome/browser/extensions/extension_info_map.h"

	10 #include "chrome/common/extensions/extension.h"

	11 #include "chrome/common/url_constants.h"

	12 #include "googleurl/src/gurl.h"

	13 #include "net/url_request/url_request.h"

	14

	15 namespace {

	16

	17 // Returns true if the URL is sensitive and requests to this URL must not be

	18 // modified/canceled by extensions, e.g. because it is targeted to the webstore

	19 // to check for updates, extension blacklisting, etc.

	20 bool IsSensitiveURL(const GURL& url) {

	21 // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and

	22 // Extension::CanExecuteScriptOnPage into one function.

	23 bool is_webstore_gallery_url =

	24 StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true);

	25 bool sensitive_chrome_url = false;

	26 if (EndsWith(url.host(), "google.com", true)) {

	27 sensitive_chrome_url \|= (url.host() == "www.google.com") &&

	28 StartsWithASCII(url.path(), "/chrome", true);

	29 sensitive_chrome_url \|= (url.host() == "chrome.google.com");

	30 if (StartsWithASCII(url.host(), "client", true)) {

	31 for (int i = 0; i < 10; ++i) {

	32 sensitive_chrome_url \|=

	33 (StringPrintf("client%d.google.com", i) == url.host());

	34 }

	35 }

	36 }

	37 GURL::Replacements replacements;

	38 replacements.ClearQuery();

	39 replacements.ClearRef();

	40 GURL url_without_query = url.ReplaceComponents(replacements);

	41 return is_webstore_gallery_url \|\| sensitive_chrome_url \|\|

	42 extension_urls::IsWebstoreUpdateUrl(url_without_query) \|\|

	43 extension_urls::IsBlacklistUpdateUrl(url);

	44 }

	45

	46 // Returns true if the scheme is one we want to allow extensions to have access

	47 // to. Extensions still need specific permissions for a given URL, which is

	48 // covered by CanExtensionAccessURL.

	49 bool HasWebRequestScheme(const GURL& url) {

	50 return (url.SchemeIs(chrome::kAboutScheme) \|\|

	51 url.SchemeIs(chrome::kFileScheme) \|\|

	52 url.SchemeIs(chrome::kFileSystemScheme) \|\|

	53 url.SchemeIs(chrome::kFtpScheme) \|\|

	54 url.SchemeIs(chrome::kHttpScheme) \|\|

	55 url.SchemeIs(chrome::kHttpsScheme) \|\|

	56 url.SchemeIs(chrome::kExtensionScheme));

	57 }

	58

	59 } // namespace

	60

	61 WebRequestPermissions::WebRequestPermissions() {}

	62

	63 WebRequestPermissions::~WebRequestPermissions() {}

	64

	65 // static

	66 bool WebRequestPermissions::HideRequest(const net::URLRequest* request) {

	67 const GURL& url = request->url();

	68 const GURL& first_party_url = request->first_party_for_cookies();

	69 bool hide = false;

	70 if (first_party_url.is_valid()) {

	71 hide = IsSensitiveURL(first_party_url) \|\|

	72 !HasWebRequestScheme(first_party_url);

	73 }

	74 if (!hide)

	75 hide = IsSensitiveURL(url) \|\| !HasWebRequestScheme(url);

	76 return hide;

	77 }

	78

	79 void WebRequestPermissions::OnOTRProfileCreated(

	80 void* original_profile, void* otr_profile) {

	81 cross_profile_map_[original_profile] = otr_profile;

	82 cross_profile_map_[otr_profile] = original_profile;

	83 }

	84

	85 void WebRequestPermissions::OnOTRProfileDestroyed(

	86 void* original_profile, void* otr_profile) {

	87 cross_profile_map_.erase(otr_profile);

	88 cross_profile_map_.erase(original_profile);

	89 }

	90

	91 void* WebRequestPermissions::GetCrossProfile(void* profile) const {

	92 CrossProfileMap::const_iterator cross_profile =

	93 cross_profile_map_.find(profile);

	94 if (cross_profile == cross_profile_map_.end())

	95 return NULL;

	96 return cross_profile->second;

	97 }

	98

	99 bool WebRequestPermissions::CanExtensionAccessURL(
	Matt Perry 2012/07/25 21:27:56 This method can be static. This method can be static. battre 2012/07/26 16:38:43 Done. Show quoted text On 2012/07/25 21:27:56, Matt Perry wrote: > This method can be static. Done.
	100 const ExtensionInfoMap* extension_info_map,

	101 const std::string& extension_id,

	102 const GURL& url,

	103 bool crosses_incognito,

	104 bool enforce_host_permissions) const {

	105 // extension_info_map can be NULL if this is a system-level request.

	106 if (!extension_info_map)

	107 return false;

	108

	109 const extensions::Extension* extension =

	110 extension_info_map->extensions().GetByID(extension_id);

	111 if (!extension)

	112 return false;

	113

	114 // Check if this event crosses incognito boundaries when it shouldn't.

	115 if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))

	116 return false;

	117

	118 if (enforce_host_permissions) {

	119 // about: URLs are not covered in host permissions, but are allowed anyway.

	120 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) \|\|

	121 extension->HasHostPermission(url) \|\|

	122 url.GetOrigin() == extension->url());

	123 if (!host_permissions_ok)

	124 return false;

	125 }

	126

	127 return true;

	128 }

OLD	NEW