| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/password_manager/content/browser/content_password_manager_d
river.h" | 5 #include "components/password_manager/content/browser/content_password_manager_d
river.h" |
| 6 | 6 |
| 7 #include "components/autofill/content/common/autofill_messages.h" | 7 #include "components/autofill/content/common/autofill_messages.h" |
| 8 #include "components/autofill/core/common/form_data.h" | 8 #include "components/autofill/core/common/form_data.h" |
| 9 #include "components/autofill/core/common/password_form.h" | 9 #include "components/autofill/core/common/password_form.h" |
| 10 #include "components/password_manager/content/browser/bad_message.h" |
| 10 #include "components/password_manager/content/browser/content_password_manager_d
river_factory.h" | 11 #include "components/password_manager/content/browser/content_password_manager_d
river_factory.h" |
| 11 #include "components/password_manager/core/browser/password_manager_client.h" | 12 #include "components/password_manager/core/browser/password_manager_client.h" |
| 12 #include "content/public/browser/browser_context.h" | 13 #include "content/public/browser/browser_context.h" |
| 14 #include "content/public/browser/child_process_security_policy.h" |
| 13 #include "content/public/browser/navigation_details.h" | 15 #include "content/public/browser/navigation_details.h" |
| 14 #include "content/public/browser/navigation_entry.h" | 16 #include "content/public/browser/navigation_entry.h" |
| 15 #include "content/public/browser/render_frame_host.h" | 17 #include "content/public/browser/render_frame_host.h" |
| 18 #include "content/public/browser/render_process_host.h" |
| 16 #include "content/public/browser/render_view_host.h" | 19 #include "content/public/browser/render_view_host.h" |
| 17 #include "content/public/browser/site_instance.h" | 20 #include "content/public/browser/site_instance.h" |
| 18 #include "content/public/browser/web_contents.h" | 21 #include "content/public/browser/web_contents.h" |
| 19 #include "content/public/common/ssl_status.h" | 22 #include "content/public/common/ssl_status.h" |
| 20 #include "ipc/ipc_message_macros.h" | 23 #include "ipc/ipc_message_macros.h" |
| 21 #include "net/cert/cert_status_flags.h" | 24 #include "net/cert/cert_status_flags.h" |
| 22 | 25 |
| 23 namespace password_manager { | 26 namespace password_manager { |
| 24 | 27 |
| 25 ContentPasswordManagerDriver::ContentPasswordManagerDriver( | 28 ContentPasswordManagerDriver::ContentPasswordManagerDriver( |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 144 PasswordAutofillManager::OnShowPasswordSuggestions) | 147 PasswordAutofillManager::OnShowPasswordSuggestions) |
| 145 IPC_MESSAGE_FORWARD(AutofillHostMsg_RecordSavePasswordProgress, client_, | 148 IPC_MESSAGE_FORWARD(AutofillHostMsg_RecordSavePasswordProgress, client_, |
| 146 PasswordManagerClient::LogSavePasswordProgress) | 149 PasswordManagerClient::LogSavePasswordProgress) |
| 147 IPC_MESSAGE_UNHANDLED(handled = false) | 150 IPC_MESSAGE_UNHANDLED(handled = false) |
| 148 IPC_END_MESSAGE_MAP() | 151 IPC_END_MESSAGE_MAP() |
| 149 return handled; | 152 return handled; |
| 150 } | 153 } |
| 151 | 154 |
| 152 void ContentPasswordManagerDriver::OnPasswordFormsParsed( | 155 void ContentPasswordManagerDriver::OnPasswordFormsParsed( |
| 153 const std::vector<autofill::PasswordForm>& forms) { | 156 const std::vector<autofill::PasswordForm>& forms) { |
| 157 for (const auto& form : forms) |
| 158 if (!CheckChildProcessSecurityPolicy( |
| 159 form.origin, BadMessageReason::CPMD_BAD_ORIGIN_FORMS_PARSED)) |
| 160 return; |
| 161 |
| 162 OnPasswordFormsParsedNoRenderCheck(forms); |
| 163 } |
| 164 |
| 165 void ContentPasswordManagerDriver::OnPasswordFormsParsedNoRenderCheck( |
| 166 const std::vector<autofill::PasswordForm>& forms) { |
| 154 GetPasswordManager()->OnPasswordFormsParsed(this, forms); | 167 GetPasswordManager()->OnPasswordFormsParsed(this, forms); |
| 155 } | 168 } |
| 156 | 169 |
| 157 void ContentPasswordManagerDriver::OnPasswordFormsRendered( | 170 void ContentPasswordManagerDriver::OnPasswordFormsRendered( |
| 158 const std::vector<autofill::PasswordForm>& visible_forms, | 171 const std::vector<autofill::PasswordForm>& visible_forms, |
| 159 bool did_stop_loading) { | 172 bool did_stop_loading) { |
| 173 for (const auto& form : visible_forms) |
| 174 if (!CheckChildProcessSecurityPolicy( |
| 175 form.origin, BadMessageReason::CPMD_BAD_ORIGIN_FORMS_RENDERED)) |
| 176 return; |
| 160 GetPasswordManager()->OnPasswordFormsRendered(this, visible_forms, | 177 GetPasswordManager()->OnPasswordFormsRendered(this, visible_forms, |
| 161 did_stop_loading); | 178 did_stop_loading); |
| 162 } | 179 } |
| 163 | 180 |
| 164 void ContentPasswordManagerDriver::OnPasswordFormSubmitted( | 181 void ContentPasswordManagerDriver::OnPasswordFormSubmitted( |
| 165 const autofill::PasswordForm& password_form) { | 182 const autofill::PasswordForm& password_form) { |
| 183 if (!CheckChildProcessSecurityPolicy( |
| 184 password_form.origin, |
| 185 BadMessageReason::CPMD_BAD_ORIGIN_FORM_SUBMITTED)) |
| 186 return; |
| 166 GetPasswordManager()->OnPasswordFormSubmitted(this, password_form); | 187 GetPasswordManager()->OnPasswordFormSubmitted(this, password_form); |
| 167 } | 188 } |
| 168 | 189 |
| 169 void ContentPasswordManagerDriver::OnFocusedPasswordFormFound( | 190 void ContentPasswordManagerDriver::OnFocusedPasswordFormFound( |
| 170 const autofill::PasswordForm& password_form) { | 191 const autofill::PasswordForm& password_form) { |
| 192 if (!CheckChildProcessSecurityPolicy( |
| 193 password_form.origin, |
| 194 BadMessageReason::CPMD_BAD_ORIGIN_FOCUSED_PASSWORD_FORM_FOUND)) |
| 195 return; |
| 171 GetPasswordManager()->OnPasswordFormForceSaveRequested(this, password_form); | 196 GetPasswordManager()->OnPasswordFormForceSaveRequested(this, password_form); |
| 172 } | 197 } |
| 173 | 198 |
| 174 void ContentPasswordManagerDriver::DidNavigateFrame( | 199 void ContentPasswordManagerDriver::DidNavigateFrame( |
| 175 const content::LoadCommittedDetails& details, | 200 const content::LoadCommittedDetails& details, |
| 176 const content::FrameNavigateParams& params) { | 201 const content::FrameNavigateParams& params) { |
| 177 // Clear page specific data after main frame navigation. | 202 // Clear page specific data after main frame navigation. |
| 178 if (!render_frame_host_->GetParent() && !details.is_in_page) { | 203 if (!render_frame_host_->GetParent() && !details.is_in_page) { |
| 179 GetPasswordManager()->DidNavigateMainFrame(); | 204 GetPasswordManager()->DidNavigateMainFrame(); |
| 180 GetPasswordAutofillManager()->DidNavigateMainFrame(); | 205 GetPasswordAutofillManager()->DidNavigateMainFrame(); |
| 181 } | 206 } |
| 182 } | 207 } |
| 183 | 208 |
| 184 void ContentPasswordManagerDriver::OnInPageNavigation( | 209 void ContentPasswordManagerDriver::OnInPageNavigation( |
| 185 const autofill::PasswordForm& password_form) { | 210 const autofill::PasswordForm& password_form) { |
| 211 if (!CheckChildProcessSecurityPolicy( |
| 212 password_form.origin, |
| 213 BadMessageReason::CPMD_BAD_ORIGIN_IN_PAGE_NAVIGATION)) |
| 214 return; |
| 186 GetPasswordManager()->OnInPageNavigation(this, password_form); | 215 GetPasswordManager()->OnInPageNavigation(this, password_form); |
| 187 } | 216 } |
| 188 | 217 |
| 189 void ContentPasswordManagerDriver::OnPasswordNoLongerGenerated( | 218 void ContentPasswordManagerDriver::OnPasswordNoLongerGenerated( |
| 190 const autofill::PasswordForm& password_form) { | 219 const autofill::PasswordForm& password_form) { |
| 220 if (!CheckChildProcessSecurityPolicy( |
| 221 password_form.origin, |
| 222 BadMessageReason::CPMD_BAD_ORIGIN_PASSWORD_NO_LONGER_GENERATED)) |
| 223 return; |
| 191 GetPasswordManager()->SetHasGeneratedPasswordForForm(this, password_form, | 224 GetPasswordManager()->SetHasGeneratedPasswordForForm(this, password_form, |
| 192 false); | 225 false); |
| 193 } | 226 } |
| 194 | 227 |
| 228 bool ContentPasswordManagerDriver::CheckChildProcessSecurityPolicy( |
| 229 const GURL& url, |
| 230 BadMessageReason reason) { |
| 231 content::ChildProcessSecurityPolicy* policy = |
| 232 content::ChildProcessSecurityPolicy::GetInstance(); |
| 233 if (!policy->CanAccessDataForOrigin(render_frame_host_->GetProcess()->GetID(), |
| 234 url)) { |
| 235 bad_message::ReceivedBadMessage(render_frame_host_->GetProcess(), reason); |
| 236 return false; |
| 237 } |
| 238 |
| 239 return true; |
| 240 } |
| 241 |
| 195 } // namespace password_manager | 242 } // namespace password_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1212163007:
Kill renderers for bad password forms in --site-per-process. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master