Disable outdated plugins, block non-sandboxed plugins.

chrome/renderer/render_view.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/render_view.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 13 matching lines @@
 #include "base/time.h"
 #include "build/build_config.h"
 #include "chrome/common/appcache/appcache_dispatcher.h"
 #include "chrome/common/bindings_policy.h"
 #include "chrome/common/child_process_logging.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/jstemplate_builder.h"
+#include "chrome/common/notification_service.h"
 #include "chrome/common/page_zoom.h"
 #include "chrome/common/pepper_plugin_registry.h"
+#include "chrome/common/plugin_group.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/renderer_preferences.h"
 #include "chrome/common/thumbnail_score.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/common/window_container_type.h"
 #include "chrome/renderer/about_handler.h"
 #include "chrome/renderer/audio_message_filter.h"
 #include "chrome/renderer/blocked_plugin.h"
 #include "chrome/renderer/devtools_agent.h"
 #include "chrome/renderer/devtools_client.h"
@@ skipping 630 matching lines @@
     IPC_MESSAGE_HANDLER(ViewMsg_SetDOMUIProperty, OnSetDOMUIProperty)
     IPC_MESSAGE_HANDLER(ViewMsg_DragSourceEndedOrMoved,
                         OnDragSourceEndedOrMoved)
     IPC_MESSAGE_HANDLER(ViewMsg_DragSourceSystemDragEnded,
                         OnDragSourceSystemDragEnded)
     IPC_MESSAGE_HANDLER(ViewMsg_SetInitialFocus, OnSetInitialFocus)
     IPC_MESSAGE_HANDLER(ViewMsg_UpdateTargetURL_ACK, OnUpdateTargetURLAck)
     IPC_MESSAGE_HANDLER(ViewMsg_UpdateWebPreferences, OnUpdateWebPreferences)
     IPC_MESSAGE_HANDLER(ViewMsg_SetAltErrorPageURL, OnSetAltErrorPageURL)
     IPC_MESSAGE_HANDLER(ViewMsg_InstallMissingPlugin, OnInstallMissingPlugin)
+    IPC_MESSAGE_HANDLER(ViewMsg_LoadBlockedPlugins, OnLoadBlockedPlugins)
     IPC_MESSAGE_HANDLER(ViewMsg_RunFileChooserResponse, OnFileChooserResponse)
     IPC_MESSAGE_HANDLER(ViewMsg_EnableViewSourceMode, OnEnableViewSourceMode)
     IPC_MESSAGE_HANDLER(ViewMsg_GetAllSavableResourceLinksForCurrentPage,
                         OnGetAllSavableResourceLinksForCurrentPage)
     IPC_MESSAGE_HANDLER(
         ViewMsg_GetSerializedHtmlDataForCurrentPageWithLocalLinks,
         OnGetSerializedHtmlDataForCurrentPageWithLocalLinks)
     IPC_MESSAGE_HANDLER(ViewMsg_GetApplicationInfo, OnGetApplicationInfo)
     IPC_MESSAGE_HANDLER(ViewMsg_ShouldClose, OnShouldClose)
     IPC_MESSAGE_HANDLER(ViewMsg_ClosePage, OnClosePage)
@@ skipping 1594 matching lines @@
   if (RenderThread::current())  // Will be NULL during unit tests.
     RenderThread::current()->DoNotSuspendWebKitSharedTimer();
 
   SendAndRunNestedMessageLoop(new ViewHostMsg_RunModal(routing_id_));
 }
 
 // WebKit::WebFrameClient -----------------------------------------------------
 
 WebPlugin* RenderView::createPlugin(WebFrame* frame,
                                     const WebPluginParams& params) {
-  if (AllowContentType(CONTENT_SETTINGS_TYPE_PLUGINS))
-    return CreatePluginInternal(frame, params);
+  bool found = false;
+  WebPluginInfo info;
+  GURL url(params.url);
+  std::string mime_type(params.mimeType.utf8());
+  std::string actual_mime_type;
+  Send(new ViewHostMsg_GetPluginInfo(url,
+                                     frame->top()->url(),
+                                     mime_type,
+                                     &found,
+                                     &info,
+                                     &actual_mime_type));
 
-  didNotAllowPlugins(frame);
-  return CreatePluginPlaceholder(frame, params);
+  if (!found)
+    return NULL;
+
+  scoped_ptr<PluginGroup> group(PluginGroup::FindHardcodedPluginGroup(info));
+  group->AddPlugin(info, 0);
+
+  if (!info.enabled) {
+    if (group->IsVulnerable() && CommandLine::ForCurrentProcess()->HasSwitch(
+        switches::kDisableOutdatedPlugins)) {
+      Send(new ViewHostMsg_DisabledOutdatedPlugin(routing_id_,
+                                                  group->GetGroupName(),
+                                                  GURL(group->GetUpdateURL())));
+      return CreatePluginPlaceholder(frame, params, group.get());
+    }
+    return NULL;
+  }
+
+  if (info.path.value() != kDefaultPluginLibraryName) {
+    if (!AllowContentType(CONTENT_SETTINGS_TYPE_PLUGINS)) {
+      didNotAllowPlugins(frame);
+      return CreatePluginPlaceholder(frame, params, NULL);
+    }
+    scoped_refptr<pepper::PluginModule> pepper_module =
+        PepperPluginRegistry::GetInstance()->GetModule(info.path);
+    if (pepper_module) {
+      return CreatePepperPlugin(pepper_module.get(), params);
+    }
+    if (CommandLine::ForCurrentProcess()->HasSwitch(
+        switches::kBlockNonSandboxedPlugins)) {
+      Send(new ViewHostMsg_NonSandboxedPluginBlocked(routing_id_,
+                                                     group->GetGroupName()));
+      return CreatePluginPlaceholder(frame, params, NULL);
+    }
+  }
+  return CreateNPAPIPlugin(frame, params, &info, actual_mime_type);
 }
 
 WebWorker* RenderView::createWorker(WebFrame* frame, WebWorkerClient* client) {
   WebApplicationCacheHostImpl* appcache_host =
       WebApplicationCacheHostImpl::FromFrame(frame);
   int appcache_host_id = appcache_host ? appcache_host->host_id() : 0;
   return new WebWorkerProxy(client, RenderThread::current(), routing_id_,
                             appcache_host_id);
 }
 
@@ skipping 1405 matching lines @@
     content_blocked_[settings_type] = true;
     Send(new ViewHostMsg_ContentBlocked(routing_id_, settings_type));
   }
 }
 
 void RenderView::ClearBlockedContentSettings() {
   for (size_t i = 0; i < arraysize(content_blocked_); ++i)
     content_blocked_[i] = false;
 }
 
-WebPlugin* RenderView::CreatePluginInternal(WebFrame* frame,
-                                            const WebPluginParams& params) {
-  FilePath path;
-  std::string actual_mime_type;
-  render_thread_->Send(new ViewHostMsg_GetPluginPath(
-      params.url, frame->top()->url(), params.mimeType.utf8(), &path,
-      &actual_mime_type));
-  if (path.value().empty())
+WebPlugin* RenderView::CreatePepperPlugin(pepper::PluginModule* pepper_module,
+                                          const WebPluginParams& params) {
+  return new pepper::WebPluginImpl(pepper_module, params,
+                                   pepper_delegate_.AsWeakPtr());
+}
+
+
+WebPlugin* RenderView::CreateNPAPIPlugin(WebFrame* frame,
+                                         const WebPluginParams& params,
+                                         WebPluginInfo* plugin_info,
+                                         const std::string& mime_type) {
+  std::string actual_mime_type(mime_type);
+  WebPluginInfo plugin;
+  if (plugin_info != NULL) {
+    plugin = *plugin_info;
+  } else {
+    bool found;
+    std::string actual_mime_type(mime_type);
+    Send(new ViewHostMsg_GetPluginInfo(
+        params.url, frame->top()->url(), params.mimeType.utf8(), &found,
+        &plugin, &actual_mime_type));
+    if (!found)
+      plugin.enabled = false;
+  }
+  if (!plugin.enabled)
     return NULL;
 
   if (actual_mime_type.empty())
     actual_mime_type = params.mimeType.utf8();
-
-  scoped_refptr<pepper::PluginModule> pepper_module =
-      PepperPluginRegistry::GetInstance()->GetModule(path);
-  if (pepper_module) {
-    return new pepper::WebPluginImpl(pepper_module, params,
-                                     pepper_delegate_.AsWeakPtr());
-  }
-
-  return new webkit_glue::WebPluginImpl(frame, params, path, actual_mime_type,
-                                        AsWeakPtr());
+  return new webkit_glue::WebPluginImpl(frame, params, plugin.path,
+                                        actual_mime_type, AsWeakPtr());
 }
 
 WebPlugin* RenderView::CreatePluginPlaceholder(WebFrame* frame,
-                                               const WebPluginParams& params) {
+                                               const WebPluginParams& params,
+                                               PluginGroup* group) {
   // |blocked_plugin| will delete itself when the WebViewPlugin is destroyed.
-  BlockedPlugin* blocked_plugin = new BlockedPlugin(this, frame, params);
+  BlockedPlugin* blocked_plugin = new BlockedPlugin(this, frame, params, group);
   WebViewPlugin* plugin = blocked_plugin->plugin();
-  webkit_preferences_.Apply(plugin->web_view());
+  WebView* web_view = plugin->web_view();
+  webkit_preferences_.Apply(web_view);
   return plugin;
 }
 
 void RenderView::OnZoom(PageZoom::Function function) {
   if (!webview())  // Not sure if this can happen, but no harm in being safe.
     return;
 
   webview()->hidePopups();
 
   int zoom_level = webview()->zoomLevel();
@@ skipping 234 matching lines @@
 void RenderView::OnRevertTranslation(int page_id) {
   translate_helper_.RevertTranslation(page_id);
 }
 
 void RenderView::OnInstallMissingPlugin() {
   // This could happen when the first default plugin is deleted.
   if (first_default_plugin_)
     first_default_plugin_->InstallMissingPlugin();
 }
 
+void RenderView::OnLoadBlockedPlugins() {
+  NotificationService::current()->Notify(NotificationType::SHOULD_LOAD_PLUGINS,
+                                         Source<RenderView>(this),
+                                         NotificationService::NoDetails());
+}
+
 void RenderView::OnFileChooserResponse(const std::vector<FilePath>& paths) {
   // This could happen if we navigated to a different page before the user
   // closed the chooser.
   if (file_chooser_completions_.empty())
     return;
 
   WebVector<WebString> ws_file_names(paths.size());
   for (size_t i = 0; i < paths.size(); ++i)
     ws_file_names[i] = webkit_glue::FilePathToWebString(paths[i]);
 
@@ skipping 1322 matching lines @@
   webkit_glue::FormData form;
   const WebInputElement element = node.toConst<WebInputElement>();
   if (!form_manager_.FindFormWithFormControlElement(
           element, FormManager::REQUIRE_NONE, &form))
     return;
 
   autofill_action_ = action;
   Send(new ViewHostMsg_FillAutoFillFormData(
       routing_id_, autofill_query_id_, form, value, label, unique_id));
 }