Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(512)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/chrome_manifest_url_handlers.cc

Issue 1977303004: [Extensions] Validate file existence for chrome url overrides (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/chrome_manifest_url_handlers.h ('k') | chrome/common/extensions/chrome_manifest_url_handlers_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/chrome_manifest_url_handlers.h" 5 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/files/file_util.h"
9 #include "base/lazy_instance.h" 10 #include "base/lazy_instance.h"
10 #include "base/strings/string_util.h" 11 #include "base/strings/string_util.h"
11 #include "base/strings/stringprintf.h" 12 #include "base/strings/stringprintf.h"
12 #include "base/strings/utf_string_conversions.h" 13 #include "base/strings/utf_string_conversions.h"
13 #include "base/values.h" 14 #include "base/values.h"
14 #include "build/build_config.h" 15 #include "build/build_config.h"
15 #include "chrome/common/chrome_constants.h" 16 #include "chrome/common/chrome_constants.h"
16 #include "chrome/common/url_constants.h" 17 #include "chrome/common/url_constants.h"
17 #include "extensions/common/error_utils.h" 18 #include "extensions/common/error_utils.h"
19 #include "extensions/common/file_util.h"
18 #include "extensions/common/manifest.h" 20 #include "extensions/common/manifest.h"
19 #include "extensions/common/manifest_constants.h" 21 #include "extensions/common/manifest_constants.h"
20 #include "extensions/common/manifest_handlers/permissions_parser.h" 22 #include "extensions/common/manifest_handlers/permissions_parser.h"
21 #include "extensions/common/manifest_handlers/shared_module_info.h" 23 #include "extensions/common/manifest_handlers/shared_module_info.h"
22 #include "extensions/common/manifest_url_handlers.h" 24 #include "extensions/common/manifest_url_handlers.h"
23 #include "extensions/common/permissions/api_permission.h" 25 #include "extensions/common/permissions/api_permission.h"
24 26
25 #if defined(USE_AURA) 27 #if defined(USE_AURA)
26 #include "ui/keyboard/content/keyboard_constants.h" // nogncheck 28 #include "ui/keyboard/content/keyboard_constants.h" // nogncheck
27 #endif 29 #endif
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
97 *error = base::ASCIIToUTF16(errors::kInvalidChromeURLOverrides); 99 *error = base::ASCIIToUTF16(errors::kInvalidChromeURLOverrides);
98 return false; 100 return false;
99 } 101 }
100 std::unique_ptr<URLOverrides> url_overrides(new URLOverrides); 102 std::unique_ptr<URLOverrides> url_overrides(new URLOverrides);
101 // Validate that the overrides are all strings 103 // Validate that the overrides are all strings
102 for (base::DictionaryValue::Iterator iter(*overrides); !iter.IsAtEnd(); 104 for (base::DictionaryValue::Iterator iter(*overrides); !iter.IsAtEnd();
103 iter.Advance()) { 105 iter.Advance()) {
104 std::string page = iter.key(); 106 std::string page = iter.key();
105 std::string val; 107 std::string val;
106 // Restrict override pages to a list of supported URLs. 108 // Restrict override pages to a list of supported URLs.
107 bool is_override = (page != chrome::kChromeUINewTabHost && 109 bool is_allowed_host = page == chrome::kChromeUINewTabHost ||
108 page != chrome::kChromeUIBookmarksHost && 110 page == chrome::kChromeUIBookmarksHost ||
109 page != chrome::kChromeUIHistoryHost); 111 page == chrome::kChromeUIHistoryHost;
110 #if defined(OS_CHROMEOS) 112 #if defined(OS_CHROMEOS)
111 is_override = 113 is_allowed_host = is_allowed_host ||
112 (is_override && page != chrome::kChromeUIActivationMessageHost); 114 page == chrome::kChromeUIActivationMessageHost ||
113 #endif 115 page == keyboard::kKeyboardHost;
114 #if defined(OS_CHROMEOS)
115 is_override = (is_override && page != keyboard::kKeyboardHost);
116 #endif 116 #endif
117 117
118 if (is_override || !iter.value().GetAsString(&val)) { 118 if (!is_allowed_host || !iter.value().GetAsString(&val)) {
119 *error = base::ASCIIToUTF16(errors::kInvalidChromeURLOverrides); 119 *error = base::ASCIIToUTF16(errors::kInvalidChromeURLOverrides);
120 return false; 120 return false;
121 } 121 }
122 // Replace the entry with a fully qualified chrome-extension:// URL. 122 // Replace the entry with a fully qualified chrome-extension:// URL.
123 url_overrides->chrome_url_overrides_[page] = extension->GetResourceURL(val); 123 url_overrides->chrome_url_overrides_[page] = extension->GetResourceURL(val);
124 124
125 // For component extensions, add override URL to extent patterns. 125 // For component extensions, add override URL to extent patterns.
126 if (extension->is_legacy_packaged_app() && 126 if (extension->is_legacy_packaged_app() &&
127 extension->location() == Manifest::COMPONENT) { 127 extension->location() == Manifest::COMPONENT) {
128 URLPattern pattern(URLPattern::SCHEME_CHROMEUI); 128 URLPattern pattern(URLPattern::SCHEME_CHROMEUI);
(...skipping 11 matching lines...) Expand all
140 // An extension may override at most one page. 140 // An extension may override at most one page.
141 if (overrides->size() > 1) { 141 if (overrides->size() > 1) {
142 *error = base::ASCIIToUTF16(errors::kMultipleOverrides); 142 *error = base::ASCIIToUTF16(errors::kMultipleOverrides);
143 return false; 143 return false;
144 } 144 }
145 extension->SetManifestData(keys::kChromeURLOverrides, 145 extension->SetManifestData(keys::kChromeURLOverrides,
146 url_overrides.release()); 146 url_overrides.release());
147 return true; 147 return true;
148 } 148 }
149 149
150 bool URLOverridesHandler::Validate(
151 const Extension* extension,
152 std::string* error,
153 std::vector<InstallWarning>* warnings) const {
154 const URLOverrides::URLOverrideMap& overrides =
155 URLOverrides::GetChromeURLOverrides(extension);
156 if (overrides.empty())
157 return true;
158
159 for (const auto& entry : overrides) {
160 base::FilePath relative_path =
161 file_util::ExtensionURLToRelativeFilePath(entry.second);
162 base::FilePath resource_path =
163 extension->GetResource(relative_path).GetFilePath();
164 if (resource_path.empty() || !base::PathExists(resource_path)) {
165 *error = ErrorUtils::FormatErrorMessage(errors::kFileNotFound,
166 relative_path.AsUTF8Unsafe());
167 return false;
168 }
169 }
170 return true;
171 }
172
150 const std::vector<std::string> URLOverridesHandler::Keys() const { 173 const std::vector<std::string> URLOverridesHandler::Keys() const {
151 return SingleKey(keys::kChromeURLOverrides); 174 return SingleKey(keys::kChromeURLOverrides);
152 } 175 }
153 176
154 } // namespace extensions 177 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/common/extensions/chrome_manifest_url_handlers.h ('k') | chrome/common/extensions/chrome_manifest_url_handlers_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698