Chromium Code Reviews Chromium Code Reviews
Issue 8773028:
Allow extenions to override the default content_security_policy, but require (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension.h" | 5 #include "chrome/common/extensions/extension.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/file_path.h" | 12 #include "base/file_path.h" |
| 13 #include "base/file_util.h" | 13 #include "base/file_util.h" |
| 14 #include "base/i18n/rtl.h" | 14 #include "base/i18n/rtl.h" |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "base/memory/singleton.h" | 16 #include "base/memory/singleton.h" |
| 17 #include "base/stl_util.h" | 17 #include "base/stl_util.h" |
| 18 #include "base/string16.h" | 18 #include "base/string16.h" |
| 19 #include "base/string_number_conversions.h" | 19 #include "base/string_number_conversions.h" |
| 20 #include "base/string_util.h" | 20 #include "base/string_util.h" |
| 21 #include "base/utf_string_conversions.h" | 21 #include "base/utf_string_conversions.h" |
| 22 #include "base/values.h" | 22 #include "base/values.h" |
| 23 #include "base/version.h" | 23 #include "base/version.h" |
| 24 #include "crypto/sha2.h" | 24 #include "crypto/sha2.h" |
| 25 #include "chrome/common/chrome_constants.h" | 25 #include "chrome/common/chrome_constants.h" |
| 26 #include "chrome/common/chrome_switches.h" | 26 #include "chrome/common/chrome_switches.h" |
| 27 #include "chrome/common/chrome_version_info.h" | 27 #include "chrome/common/chrome_version_info.h" |
| 28 #include "chrome/common/extensions/csp_validator.h" | |
| 28 #include "chrome/common/extensions/extension_action.h" | 29 #include "chrome/common/extensions/extension_action.h" |
| 29 #include "chrome/common/extensions/extension_constants.h" | 30 #include "chrome/common/extensions/extension_constants.h" |
| 30 #include "chrome/common/extensions/extension_error_utils.h" | 31 #include "chrome/common/extensions/extension_error_utils.h" |
| 31 #include "chrome/common/extensions/extension_l10n_util.h" | 32 #include "chrome/common/extensions/extension_l10n_util.h" |
| 32 #include "chrome/common/extensions/extension_resource.h" | 33 #include "chrome/common/extensions/extension_resource.h" |
| 33 #include "chrome/common/extensions/extension_sidebar_defaults.h" | 34 #include "chrome/common/extensions/extension_sidebar_defaults.h" |
| 34 #include "chrome/common/extensions/extension_sidebar_utils.h" | 35 #include "chrome/common/extensions/extension_sidebar_utils.h" |
| 35 #include "chrome/common/extensions/file_browser_handler.h" | 36 #include "chrome/common/extensions/file_browser_handler.h" |
| 36 #include "chrome/common/extensions/user_script.h" | 37 #include "chrome/common/extensions/user_script.h" |
| 37 #include "chrome/common/url_constants.h" | 38 #include "chrome/common/url_constants.h" |
| 38 #include "googleurl/src/url_util.h" | 39 #include "googleurl/src/url_util.h" |
| 39 #include "grit/chromium_strings.h" | 40 #include "grit/chromium_strings.h" |
| 40 #include "grit/generated_resources.h" | 41 #include "grit/generated_resources.h" |
| 41 #include "grit/theme_resources.h" | 42 #include "grit/theme_resources.h" |
| 42 #include "net/base/registry_controlled_domain.h" | 43 #include "net/base/registry_controlled_domain.h" |
| 43 #include "third_party/skia/include/core/SkBitmap.h" | 44 #include "third_party/skia/include/core/SkBitmap.h" |
| 44 #include "ui/base/l10n/l10n_util.h" | 45 #include "ui/base/l10n/l10n_util.h" |
| 45 #include "ui/base/resource/resource_bundle.h" | 46 #include "ui/base/resource/resource_bundle.h" |
| 46 #include "webkit/glue/image_decoder.h" | 47 #include "webkit/glue/image_decoder.h" |
| 47 #include "webkit/glue/web_intent_service_data.h" | 48 #include "webkit/glue/web_intent_service_data.h" |
| 48 | 49 |
| 49 namespace keys = extension_manifest_keys; | 50 namespace keys = extension_manifest_keys; |
| 50 namespace values = extension_manifest_values; | 51 namespace values = extension_manifest_values; |
| 51 namespace errors = extension_manifest_errors; | 52 namespace errors = extension_manifest_errors; |
| 52 | 53 |
| 54 using extension_csp_validator::ContentSecurityPolicyIsLegal; | |
| 55 using extension_csp_validator::ContentSecurityPolicyIsSecure; | |
| 56 | |
| 53 namespace { | 57 namespace { |
| 54 | 58 |
| 55 const int kModernManifestVersion = 1; | 59 const int kModernManifestVersion = 1; |
| 56 const int kPEMOutputColumns = 65; | 60 const int kPEMOutputColumns = 65; |
| 57 | 61 |
| 58 // KEY MARKERS | 62 // KEY MARKERS |
| 59 const char kKeyBeginHeaderMarker[] = "-----BEGIN"; | 63 const char kKeyBeginHeaderMarker[] = "-----BEGIN"; |
| 60 const char kKeyBeginFooterMarker[] = "-----END"; | 64 const char kKeyBeginFooterMarker[] = "-----END"; |
| 61 const char kKeyInfoEndMarker[] = "KEY-----"; | 65 const char kKeyInfoEndMarker[] = "KEY-----"; |
| 62 const char kPublic[] = "PUBLIC"; | 66 const char kPublic[] = "PUBLIC"; |
| (...skipping 2170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2233 } | 2237 } |
| 2234 } | 2238 } |
| 2235 | 2239 |
| 2236 if (source.HasKey(keys::kContentSecurityPolicy)) { | 2240 if (source.HasKey(keys::kContentSecurityPolicy)) { |
| 2237 std::string content_security_policy; | 2241 std::string content_security_policy; |
| 2238 if (!source.GetString(keys::kContentSecurityPolicy, | 2242 if (!source.GetString(keys::kContentSecurityPolicy, |
| 2239 &content_security_policy)) { | 2243 &content_security_policy)) { |
| 2240 *error = errors::kInvalidContentSecurityPolicy; | 2244 *error = errors::kInvalidContentSecurityPolicy; |
| 2241 return false; | 2245 return false; |
| 2242 } | 2246 } |
| 2243 // We block these characters to prevent HTTP header injection when | 2247 if (!ContentSecurityPolicyIsLegal(content_security_policy)) { |
| 2244 // representing the content security policy as an HTTP header. | |
| 2245 const char kBadCSPCharacters[] = {'\r', '\n', '\0'}; | |
| 2246 if (content_security_policy.find_first_of(kBadCSPCharacters, 0, | |
| 2247 arraysize(kBadCSPCharacters)) != | |
| 2248 std::string::npos) { | |
| 2249 *error = errors::kInvalidContentSecurityPolicy; | 2248 *error = errors::kInvalidContentSecurityPolicy; |
| 2250 return false; | 2249 return false; |
| 2251 } | 2250 } |
| 2251 if (manifest_version_ >= 2 && | |
| 2252 !ContentSecurityPolicyIsSecure(content_security_policy)) { | |
| 2253 *error = errors::kInvalidContentSecurityPolicy; | |
| 2254 return false; | |
| 2255 } | |
| 2256 | |
| 2252 content_security_policy_ = content_security_policy; | 2257 content_security_policy_ = content_security_policy; |
| 2253 } else if (manifest_version_ >= 2) { | 2258 } else if (manifest_version_ >= 2) { |
| 2254 // Manifest version 2 introduced a default Content-Security-Policy. | 2259 // Manifest version 2 introduced a default Content-Security-Policy. |
| 2255 // TODO(abarth): Should we continue to let extensions override the | 2260 // TODO(abarth): Should we continue to let extensions override the |
| 2256 // default Content-Security-Policy? | 2261 // default Content-Security-Policy? |
| 2257 content_security_policy_ = kDefaultContentSecurityPolicy; | 2262 content_security_policy_ = kDefaultContentSecurityPolicy; |
| 2263 DCHECK(ContentSecurityPolicyIsSecure(content_security_policy_)); | |
|
Aaron Boodman
2011/12/02 05:51:42
The extension system prefers CHECK to DCHECK.
| |
| 2258 } | 2264 } |
| 2259 | 2265 |
| 2260 // Initialize devtools page url (optional). | 2266 // Initialize devtools page url (optional). |
| 2261 if (source.HasKey(keys::kDevToolsPage)) { | 2267 if (source.HasKey(keys::kDevToolsPage)) { |
| 2262 std::string devtools_str; | 2268 std::string devtools_str; |
| 2263 if (!source.GetString(keys::kDevToolsPage, &devtools_str)) { | 2269 if (!source.GetString(keys::kDevToolsPage, &devtools_str)) { |
| 2264 *error = errors::kInvalidDevToolsPage; | 2270 *error = errors::kInvalidDevToolsPage; |
| 2265 return false; | 2271 return false; |
| 2266 } | 2272 } |
| 2267 if (!api_permissions.count(ExtensionAPIPermission::kExperimental)) { | 2273 if (!api_permissions.count(ExtensionAPIPermission::kExperimental)) { |
| (...skipping 811 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3079 already_disabled(false), | 3085 already_disabled(false), |
| 3080 extension(extension) {} | 3086 extension(extension) {} |
| 3081 | 3087 |
| 3082 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo( | 3088 UpdatedExtensionPermissionsInfo::UpdatedExtensionPermissionsInfo( |
| 3083 const Extension* extension, | 3089 const Extension* extension, |
| 3084 const ExtensionPermissionSet* permissions, | 3090 const ExtensionPermissionSet* permissions, |
| 3085 Reason reason) | 3091 Reason reason) |
| 3086 : reason(reason), | 3092 : reason(reason), |
| 3087 extension(extension), | 3093 extension(extension), |
| 3088 permissions(permissions) {} | 3094 permissions(permissions) {} |
| OLD | NEW |
