Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Side by Side Diff: chrome/browser/extensions/external_extension_provider_impl.cc

Issue 6053008: Improve validation of external extension ids. (Closed) Base URL: http://git.chromium.org/git/chromium.git
Patch Set: Retest on win. Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/external_extension_provider_impl.h" 5 #include "chrome/browser/extensions/external_extension_provider_impl.h"
6 6
7 #include "app/app_paths.h" 7 #include "app/app_paths.h"
8 #include "base/file_path.h" 8 #include "base/file_path.h"
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/linked_ptr.h" 10 #include "base/linked_ptr.h"
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
62 if (!service_) return; 62 if (!service_) return;
63 63
64 prefs_.reset(prefs); 64 prefs_.reset(prefs);
65 ready_ = true; // Queries for extensions are allowed from this point. 65 ready_ = true; // Queries for extensions are allowed from this point.
66 66
67 // Notify ExtensionService about all the extensions this provider has. 67 // Notify ExtensionService about all the extensions this provider has.
68 for (DictionaryValue::key_iterator i = prefs_->begin_keys(); 68 for (DictionaryValue::key_iterator i = prefs_->begin_keys();
69 i != prefs_->end_keys(); ++i) { 69 i != prefs_->end_keys(); ++i) {
70 const std::string& extension_id = *i; 70 const std::string& extension_id = *i;
71 DictionaryValue* extension; 71 DictionaryValue* extension;
72 if (!prefs_->GetDictionaryWithoutPathExpansion(extension_id, &extension)) 72
73 if (!Extension::IdIsValid(extension_id)) {
74 LOG(WARNING) << "Malformed extension dictionary: key "
75 << extension_id.c_str() << " is not a valid id.";
73 continue; 76 continue;
77 }
78
79 if (!prefs_->GetDictionaryWithoutPathExpansion(extension_id, &extension)) {
80 LOG(WARNING) << "Malformed extension dictionary: key "
81 << extension_id.c_str()
82 << " has a value that is not a dictionary.";
83 continue;
84 }
74 85
75 FilePath::StringType external_crx; 86 FilePath::StringType external_crx;
76 std::string external_version; 87 std::string external_version;
77 std::string external_update_url; 88 std::string external_update_url;
78 89
79 bool has_external_crx = extension->GetString(kExternalCrx, &external_crx); 90 bool has_external_crx = extension->GetString(kExternalCrx, &external_crx);
80 bool has_external_version = extension->GetString(kExternalVersion, 91 bool has_external_version = extension->GetString(kExternalVersion,
81 &external_version); 92 &external_version);
82 bool has_external_update_url = extension->GetString(kExternalUpdateUrl, 93 bool has_external_update_url = extension->GetString(kExternalUpdateUrl,
83 &external_update_url); 94 &external_update_url);
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
131 } else { // if (has_external_update_url) 142 } else { // if (has_external_update_url)
132 CHECK(has_external_update_url); // Checking of keys above ensures this. 143 CHECK(has_external_update_url); // Checking of keys above ensures this.
133 if (download_location_ == Extension::INVALID) { 144 if (download_location_ == Extension::INVALID) {
134 LOG(WARNING) << "This provider does not support installing external " 145 LOG(WARNING) << "This provider does not support installing external "
135 << "extensions from update URLs."; 146 << "extensions from update URLs.";
136 continue; 147 continue;
137 } 148 }
138 GURL update_url(external_update_url); 149 GURL update_url(external_update_url);
139 if (!update_url.is_valid()) { 150 if (!update_url.is_valid()) {
140 LOG(WARNING) << "Malformed extension dictionary for extension: " 151 LOG(WARNING) << "Malformed extension dictionary for extension: "
141 << extension_id.c_str() << ". " << kExternalUpdateUrl 152 << extension_id.c_str() << ". Key " << kExternalUpdateUrl
142 << " must be a valid URL. Saw \"" << external_update_url 153 << " has value \"" << external_update_url
143 << "\"."; 154 << "\", which is not a valid URL.";
144 continue; 155 continue;
145 } 156 }
146 service_->OnExternalExtensionUpdateUrlFound( 157 service_->OnExternalExtensionUpdateUrlFound(
147 extension_id, update_url, download_location_); 158 extension_id, update_url, download_location_);
148 } 159 }
149 } 160 }
150 161
151 service_->OnExternalProviderReady(); 162 service_->OnExternalProviderReady();
152 } 163 }
153 164
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
224 Extension::INVALID))); 235 Extension::INVALID)));
225 #endif 236 #endif
226 provider_list->push_back( 237 provider_list->push_back(
227 linked_ptr<ExternalExtensionProviderInterface>( 238 linked_ptr<ExternalExtensionProviderInterface>(
228 new ExternalExtensionProviderImpl( 239 new ExternalExtensionProviderImpl(
229 service, 240 service,
230 new ExternalPolicyExtensionLoader(profile), 241 new ExternalPolicyExtensionLoader(profile),
231 Extension::INVALID, 242 Extension::INVALID,
232 Extension::EXTERNAL_POLICY_DOWNLOAD))); 243 Extension::EXTERNAL_POLICY_DOWNLOAD)));
233 } 244 }
OLDNEW
« no previous file with comments | « chrome/browser/extensions/extension_updater.cc ('k') | chrome/browser/extensions/external_extension_provider_interface.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698