Make <all_urls> and file:///* in permissions trigger "Allow file access"

chrome/common/extensions/extension.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/basictypes.h"
@@ skipping 246 matching lines @@
 const size_t Extension::kNumHostedAppPermissions =
     arraysize(Extension::kHostedAppPermissionNames);
 
 // We purposefully don't put this into kPermissionNames.
 const char Extension::kOldUnlimitedStoragePermission[] = "unlimited_storage";
 
 const int Extension::kValidWebExtentSchemes =
     URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS;
 
 const int Extension::kValidHostPermissionSchemes =
-    (UserScript::kValidUserScriptSchemes |
-     URLPattern::SCHEME_CHROMEUI) & ~URLPattern::SCHEME_FILE;
+    UserScript::kValidUserScriptSchemes | URLPattern::SCHEME_CHROMEUI;
 
 //
 // Extension
 //
 
 // static
 scoped_refptr<Extension> Extension::Create(const FilePath& path,
                                            Location location,
                                            const DictionaryValue& value,
                                            int flags,
@@ skipping 270 matching lines @@
   *output = StringToLowerASCII(base::HexEncode(hash, sizeof(hash)));
   ConvertHexadecimalToIDAlphabet(output);
 
   return true;
 }
 
 // Helper method that loads a UserScript object from a dictionary in the
 // content_script list of the manifest.
 bool Extension::LoadUserScriptHelper(const DictionaryValue* content_script,
                                      int definition_index,
-                                     URLPattern::ParseOption parse_strictness,
+                                     int flags,
                                      std::string* error,
                                      UserScript* result) {
+  // When strict error checks are enabled, make URL pattern parsing strict.
+  URLPattern::ParseOption parse_strictness =
+      (flags & STRICT_ERROR_CHECKS ? URLPattern::PARSE_STRICT
+                                   : URLPattern::PARSE_LENIENT);
+
   // run_at
   if (content_script->HasKey(keys::kRunAt)) {
     std::string run_location;
     if (!content_script->GetString(keys::kRunAt, &run_location)) {
       *error = ExtensionErrorUtils::FormatErrorMessage(errors::kInvalidRunAt,
           base::IntToString(definition_index));
       return false;
     }
 
     if (run_location == values::kRunAtDocumentStart) {
@@ skipping 37 matching lines @@
     std::string match_str;
     if (!matches->GetString(j, &match_str)) {
       *error = ExtensionErrorUtils::FormatErrorMessage(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           errors::kExpectString);
       return false;
     }
 
-    URLPattern pattern(UserScript::kValidUserScriptSchemes);
-    if (CanExecuteScriptEverywhere())
-      pattern.set_valid_schemes(URLPattern::SCHEME_ALL);
+    InitWantsFileAccess(match_str, parse_strictness);
 
+    int valid_user_script_schemes = CanExecuteScriptEverywhere() ?
+        URLPattern::SCHEME_ALL : UserScript::kValidUserScriptSchemes;
+    if (flags & ALLOW_FILE_ACCESS)
+      valid_user_script_schemes |= URLPattern::SCHEME_FILE;

[Aaron Boodman, 2011/03/31 16:04:57]

It seems weird to OR SCHEME_ALL with one of the other values.

[Mihai Parparita -not on Chrome, 2011/03/31 21:56:31]

Should be a noop, but OK, re-wrote this to only |= SCHEME_FILE if we're not
allowed to execute scripts everywhere.

+
+    URLPattern pattern(valid_user_script_schemes);
     URLPattern::ParseResult parse_result = pattern.Parse(match_str,
                                                          parse_strictness);
     if (parse_result != URLPattern::PARSE_SUCCESS) {
+      // Normally invalid URL patterns result in errors, but if a script is
+      // requesting file:/// access before it has been granted, we silently
+      // skip over that pattern.
+      if (parse_result == URLPattern::PARSE_ERROR_INVALID_SCHEME &&
+          !(flags & ALLOW_FILE_ACCESS)) {
+        URLPattern temp_pattern(URLPattern::SCHEME_FILE);
+        URLPattern::ParseResult temp_parse_result =
+            temp_pattern.Parse(match_str, parse_strictness);
+        if (temp_parse_result == URLPattern::PARSE_SUCCESS)
+          continue;
+      }
+
       *error = ExtensionErrorUtils::FormatErrorMessage(
           errors::kInvalidMatch,
           base::IntToString(definition_index),
           base::IntToString(j),
           URLPattern::GetParseResultString(parse_result));
       return false;
     }
 
     result->add_url_pattern(pattern);
   }
@@ skipping 569 matching lines @@
 
 Extension::Extension(const FilePath& path, Location location)
     : incognito_split_mode_(false),
       location_(location),
       converted_from_user_script_(false),
       is_theme_(false),
       is_app_(false),
       is_storage_isolated_(false),
       launch_container_(extension_misc::LAUNCH_TAB),
       launch_width_(0),
-      launch_height_(0) {
+      launch_height_(0),
+      wants_file_access_(false) {
   DCHECK(path.IsAbsolute());
   path_ = MaybeNormalizePath(path);
 }
 Extension::~Extension() {
 }
 ExtensionResource Extension::GetResource(
     const std::string& relative_path) const {
 #if defined(OS_POSIX)
   FilePath relative_file_path(relative_path);
 #elif defined(OS_WIN)
@@ skipping 541 matching lines @@
 
     for (size_t i = 0; i < list_value->GetSize(); ++i) {
       DictionaryValue* content_script;
       if (!list_value->GetDictionary(i, &content_script)) {
         *error = ExtensionErrorUtils::FormatErrorMessage(
             errors::kInvalidContentScript, base::IntToString(i));
         return false;
       }
 
       UserScript script;
-      if (!LoadUserScriptHelper(content_script, i, parse_strictness, error,
-                                &script))
+      if (!LoadUserScriptHelper(content_script, i, flags, error, &script))
         return false;  // Failed to parse script context definition.
       script.set_extension_id(id());
       if (converted_from_user_script_) {
         script.set_emulate_greasemonkey(true);
         script.set_match_all_frames(true);  // Greasemonkey matches all frames.
       }
       content_scripts_.push_back(script);
     }
   }
 
@@ skipping 149 matching lines @@
         }
       } else {
         // Hosted apps only get access to a subset of the valid permissions.
         if (IsHostedAppPermission(permission_str)) {
           api_permissions_.insert(permission_str);
           continue;
         }
       }
 
       // Check if it's a host pattern permission.
-      URLPattern pattern = URLPattern(CanExecuteScriptEverywhere() ?
-          URLPattern::SCHEME_ALL : kValidHostPermissionSchemes);
+      int valid_host_permission_schemes = CanExecuteScriptEverywhere() ?
+          URLPattern::SCHEME_ALL : kValidHostPermissionSchemes;
+      if (flags & ALLOW_FILE_ACCESS)
+        valid_host_permission_schemes |= URLPattern::SCHEME_FILE;
 
+      URLPattern pattern = URLPattern(valid_host_permission_schemes);
       URLPattern::ParseResult parse_result = pattern.Parse(permission_str,
                                                            parse_strictness);
       if (parse_result == URLPattern::PARSE_SUCCESS) {
         if (!CanSpecifyHostPermission(pattern)) {
           *error = ExtensionErrorUtils::FormatErrorMessage(
               errors::kInvalidPermissionScheme, base::IntToString(i));
           return false;
         }
 
         // The path component is not used for host permissions, so we force it
         // to match all paths.
         pattern.SetPath("/*");
 
         host_permissions_.push_back(pattern);
       }
 
+      InitWantsFileAccess(permission_str, parse_strictness);
+
       // If it's not a host permission, then it's probably an unknown API
       // permission. Do not throw an error so extensions can retain
       // backwards compatability (http://crbug.com/42742).
       // TODO(jstritar): We can improve error messages by adding better
       // validation of API permissions here.
       // TODO(skerner): Consider showing the reason |permission_str| is not
       // a valid URL pattern if it is almost valid.  For example, if it has
       // a valid scheme, and failed to parse because it has a port, show an
       // error.
     }
@@ skipping 387 matching lines @@
 
 bool Extension::HasHostPermission(const GURL& url) const {
   for (URLPatternList::const_iterator host = host_permissions().begin();
        host != host_permissions().end(); ++host) {
     if (host->MatchesUrl(url))
       return true;
   }
   return false;
 }
 
+void Extension::InitWantsFileAccess(const std::string& host_str,
+                                    URLPattern::ParseOption parse_strictness) {
+  URLPattern pattern = URLPattern(URLPattern::SCHEME_ALL);
+  URLPattern::ParseResult parse_result = pattern.Parse(host_str,
+                                                       parse_strictness);
+  if (parse_result == URLPattern::PARSE_SUCCESS &&
+      pattern.MatchesScheme(chrome::kFileScheme)) {
+    wants_file_access_ = true;
+  }
+}
+
 void Extension::InitEffectiveHostPermissions() {
   for (URLPatternList::const_iterator host = host_permissions().begin();
        host != host_permissions().end(); ++host)
     effective_host_permissions_.AddPattern(*host);
 
   for (UserScriptList::const_iterator content_script =
            content_scripts().begin();
        content_script != content_scripts().end(); ++content_script) {
     UserScript::PatternList::const_iterator pattern =
         content_script->url_patterns().begin();
@@ skipping 11 matching lines @@
   if (browser_action())
     ++num_surfaces;
 
   if (is_app())
     ++num_surfaces;
 
   return num_surfaces > 1;
 }
 
 bool Extension::CanExecuteScriptOnPage(const GURL& page_url,
-                                       UserScript* script,
+                                       const UserScript* script,
                                        std::string* error) const {
   // The gallery is special-cased as a restricted URL for scripting to prevent
   // access to special JS bindings we expose to the gallery (and avoid things
   // like extensions removing the "report abuse" link).
   // TODO(erikkay): This seems like the wrong test.  Shouldn't we we testing
   // against the store app extent?
   if ((page_url.host() == GURL(Extension::ChromeStoreLaunchURL()).host()) &&
       !CanExecuteScriptEverywhere() &&
       !CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kAllowScriptingGallery)) {
@@ skipping 142 matching lines @@
 
 UninstalledExtensionInfo::~UninstalledExtensionInfo() {}
 
 
 UnloadedExtensionInfo::UnloadedExtensionInfo(
     const Extension* extension,
     Reason reason)
   : reason(reason),
     already_disabled(false),
     extension(extension) {}