Almost all actions in Declarative Web Request require all_urls host permissions

chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h"
 
 #include <limits>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
@@ skipping 363 matching lines @@
 
 base::LazyInstance<WebRequestActionFactory>::Leaky
     g_web_request_action_factory = LAZY_INSTANCE_INITIALIZER;
 
 }  // namespace
 
 //
 // WebRequestAction
 //
 
-WebRequestAction::WebRequestAction() {}
+WebRequestAction::WebRequestAction()
+    : host_permissions_strategy_(STRATEGY_DEFAULT) {}
+WebRequestAction::WebRequestAction(HostPermissionsStrategy strategy)
+    : host_permissions_strategy_(strategy) {}
 
 WebRequestAction::~WebRequestAction() {}
 
 int WebRequestAction::GetMinimumPriority() const {
   return std::numeric_limits<int>::min();
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestAction::GetHostPermissionsStrategy() const {
-  return STRATEGY_DEFAULT;
-}
-
 bool WebRequestAction::HasPermission(const ExtensionInfoMap* extension_info_map,
                                      const std::string& extension_id,
                                      const net::URLRequest* request,
                                      bool crosses_incognito) const {
   if (WebRequestPermissions::HideRequest(extension_info_map, request))
     return false;
 
   // In unit tests we don't have an extension_info_map object here and skip host
   // permission checks.
   if (!extension_info_map)
     return true;
 
-  HostPermissionsStrategy strategy = GetHostPermissionsStrategy();
-  if (strategy == STRATEGY_NONE || strategy == STRATEGY_DEFAULT) {
-    bool check_host_permissions = strategy != STRATEGY_NONE;
-    return WebRequestPermissions::CanExtensionAccessURL(
-        extension_info_map, extension_id, request->url(), crosses_incognito,
-        check_host_permissions);
+  WebRequestPermissions::HostPermissionsCheck permission_check;
+  switch (host_permissions_strategy()) {
+    case STRATEGY_NONE:
+      permission_check = WebRequestPermissions::DO_NOT_CHECK_HOST;
+      break;
+    case STRATEGY_DEFAULT:
+      permission_check = WebRequestPermissions::REQUIRE_ALL_URLS;
+      break;
+    case STRATEGY_HOST:
+      permission_check = WebRequestPermissions::REQUIRE_HOST_PERMISSION;
+      break;
   }
-  return true;
-}
-
-bool WebRequestAction::DeltaHasPermission(
-    const ExtensionInfoMap* extension_info_map,
-    const std::string& extension_id,
-    const net::URLRequest* request,
-    bool crosses_incognito,
-    const LinkedPtrEventResponseDelta& delta) const {
-  if (GetHostPermissionsStrategy() == STRATEGY_ALLOW_SAME_DOMAIN) {
-    return
-        net::RegistryControlledDomainService::SameDomainOrHost(
-            request->url(), delta->new_url) ||
-        WebRequestPermissions::CanExtensionAccessURL(
-            extension_info_map, extension_id, request->url(), crosses_incognito,
-            true);
-  }
-  return true;
+  return WebRequestPermissions::CanExtensionAccessURL(
+      extension_info_map, extension_id, request->url(), crosses_incognito,
+      permission_check);
 }
 
 // static
 scoped_ptr<WebRequestAction> WebRequestAction::Create(
     const base::Value& json_action,
     std::string* error,
     bool* bad_message) {
   *error = "";
   *bad_message = false;
 
@@ skipping 17 matching lines @@
 void WebRequestAction::Apply(const std::string& extension_id,
                              base::Time extension_install_time,
                              ApplyInfo* apply_info) const {
   if (!HasPermission(apply_info->extension_info_map, extension_id,
                      apply_info->request_data.request,
                      apply_info->crosses_incognito))
     return;
   if (GetStages() & apply_info->request_data.stage) {
     LinkedPtrEventResponseDelta delta = CreateDelta(
         apply_info->request_data, extension_id, extension_install_time);
-    if (delta.get()) {
-      if (DeltaHasPermission(apply_info->extension_info_map, extension_id,
-                             apply_info->request_data.request,
-                             apply_info->crosses_incognito,
-                             delta))
-        apply_info->deltas->push_back(delta);
-    }
+    if (delta.get())
+      apply_info->deltas->push_back(delta);
     if (GetType() == WebRequestAction::ACTION_IGNORE_RULES) {
       const WebRequestIgnoreRulesAction* ignore_action =
           static_cast<const WebRequestIgnoreRulesAction*>(this);
       if (!ignore_action->ignore_tag().empty())
         apply_info->ignored_tags->insert(ignore_action->ignore_tag());
     }
   }
 }
 
 
 //
 // WebRequestCancelAction
 //
 
-WebRequestCancelAction::WebRequestCancelAction() {}
+WebRequestCancelAction::WebRequestCancelAction()
+    : WebRequestAction(STRATEGY_NONE) {}
 
 WebRequestCancelAction::~WebRequestCancelAction() {}
 
 int WebRequestCancelAction::GetStages() const {
   return ON_BEFORE_REQUEST | ON_BEFORE_SEND_HEADERS | ON_HEADERS_RECEIVED |
       ON_AUTH_REQUIRED;
 }
 
 WebRequestAction::Type WebRequestCancelAction::GetType() const {
   return WebRequestAction::ACTION_CANCEL_REQUEST;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestCancelAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_NONE;
-}
-
 LinkedPtrEventResponseDelta WebRequestCancelAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   LinkedPtrEventResponseDelta result(
       new helpers::EventResponseDelta(extension_id, extension_install_time));
   result->cancel = true;
   return result;
 }
 
 //
 // WebRequestRedirectAction
 //
 
 WebRequestRedirectAction::WebRequestRedirectAction(const GURL& redirect_url)
     : redirect_url_(redirect_url) {}
 
 WebRequestRedirectAction::~WebRequestRedirectAction() {}
 
 int WebRequestRedirectAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type WebRequestRedirectAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_REQUEST;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestRedirectAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_ALLOW_SAME_DOMAIN;
-}
-
 LinkedPtrEventResponseDelta WebRequestRedirectAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   if (request_data.request->url() == redirect_url_)
     return LinkedPtrEventResponseDelta(NULL);
   LinkedPtrEventResponseDelta result(
       new helpers::EventResponseDelta(extension_id, extension_install_time));
   result->new_url = redirect_url_;
   return result;
 }
 
 //
 // WebRequestRedirectToTransparentImageAction
 //
 
 WebRequestRedirectToTransparentImageAction::
-WebRequestRedirectToTransparentImageAction() {}
+    WebRequestRedirectToTransparentImageAction()
+    : WebRequestAction(STRATEGY_NONE) {}
 
 WebRequestRedirectToTransparentImageAction::
 ~WebRequestRedirectToTransparentImageAction() {}
 
 int WebRequestRedirectToTransparentImageAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type
 WebRequestRedirectToTransparentImageAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_TO_TRANSPARENT_IMAGE;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestRedirectToTransparentImageAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_NONE;
-}
-
 LinkedPtrEventResponseDelta
 WebRequestRedirectToTransparentImageAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   LinkedPtrEventResponseDelta result(
       new helpers::EventResponseDelta(extension_id, extension_install_time));
   result->new_url = GURL(kTransparentImageUrl);
   return result;
 }
 
 //
 // WebRequestRedirectToEmptyDocumentAction
 //
 
 WebRequestRedirectToEmptyDocumentAction::
-WebRequestRedirectToEmptyDocumentAction() {}
+    WebRequestRedirectToEmptyDocumentAction()
+    : WebRequestAction(STRATEGY_NONE) {}
 
 WebRequestRedirectToEmptyDocumentAction::
 ~WebRequestRedirectToEmptyDocumentAction() {}
 
 int WebRequestRedirectToEmptyDocumentAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type
 WebRequestRedirectToEmptyDocumentAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_TO_EMPTY_DOCUMENT;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestRedirectToEmptyDocumentAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_NONE;
-}
-
 LinkedPtrEventResponseDelta
 WebRequestRedirectToEmptyDocumentAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   LinkedPtrEventResponseDelta result(
       new helpers::EventResponseDelta(extension_id, extension_install_time));
   result->new_url = GURL(kEmptyDocumentUrl);
   return result;
@@ skipping 65 matching lines @@
 }
 
 int WebRequestRedirectByRegExAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type WebRequestRedirectByRegExAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_BY_REGEX_DOCUMENT;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestRedirectByRegExAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_ALLOW_SAME_DOMAIN;
-}
-
 LinkedPtrEventResponseDelta WebRequestRedirectByRegExAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   CHECK(from_pattern_.get());
 
   const std::string& old_url = request_data.request->url().spec();
   std::string new_url = old_url;
   if (!RE2::Replace(&new_url, *from_pattern_, to_pattern_) ||
@@ skipping 169 matching lines @@
   return result;
 }
 
 //
 // WebRequestIgnoreRulesAction
 //
 
 WebRequestIgnoreRulesAction::WebRequestIgnoreRulesAction(
     int minimum_priority,
     const std::string& ignore_tag)
-    : minimum_priority_(minimum_priority),
-      ignore_tag_(ignore_tag) {
-}
+    : WebRequestAction(STRATEGY_NONE),
+      minimum_priority_(minimum_priority),
+      ignore_tag_(ignore_tag) {}
 
 WebRequestIgnoreRulesAction::~WebRequestIgnoreRulesAction() {}
 
 int WebRequestIgnoreRulesAction::GetStages() const {
   return ON_BEFORE_REQUEST | ON_BEFORE_SEND_HEADERS | ON_HEADERS_RECEIVED |
       ON_AUTH_REQUIRED;
 }
 
 WebRequestAction::Type WebRequestIgnoreRulesAction::GetType() const {
   return WebRequestAction::ACTION_IGNORE_RULES;
 }
 
 int WebRequestIgnoreRulesAction::GetMinimumPriority() const {
   return minimum_priority_;
 }
 
-WebRequestAction::HostPermissionsStrategy
-WebRequestIgnoreRulesAction::GetHostPermissionsStrategy() const {
-  return WebRequestAction::STRATEGY_NONE;
-}
-
 LinkedPtrEventResponseDelta WebRequestIgnoreRulesAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   return LinkedPtrEventResponseDelta(NULL);
 }
 
 //
 // WebRequestRequestCookieAction
@@ skipping 60 matching lines @@
       response_cookie_modification_);
   return result;
 }
 
 //
 // WebRequestSendMessageToExtensionAction
 //
 
 WebRequestSendMessageToExtensionAction::WebRequestSendMessageToExtensionAction(
     const std::string& message)
-    : message_(message) {
-}
+    : WebRequestAction(STRATEGY_HOST), message_(message) {}
 
 WebRequestSendMessageToExtensionAction::
 ~WebRequestSendMessageToExtensionAction() {}
 
 int WebRequestSendMessageToExtensionAction::GetStages() const {
   return ON_BEFORE_REQUEST | ON_BEFORE_SEND_HEADERS | ON_HEADERS_RECEIVED |
       ON_AUTH_REQUIRED;
 }
 
 WebRequestAction::Type WebRequestSendMessageToExtensionAction::GetType() const {
   return WebRequestAction::ACTION_SEND_MESSAGE_TO_EXTENSION;
 }
 
 LinkedPtrEventResponseDelta WebRequestSendMessageToExtensionAction::CreateDelta(
     const WebRequestData& request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_data.stage & GetStages());
   LinkedPtrEventResponseDelta result(
       new extension_web_request_api_helpers::EventResponseDelta(
           extension_id, extension_install_time));
   result->messages_to_extension.insert(message_);
   return result;
 }
 
 }  // namespace extensions