chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java - Issue 2039303002: Sanitize JSON string before parsing it.

Side by Side Diff: chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java

Issue 2039303002: Sanitize JSON string before parsing it. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix deps Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 package org.chromium.chrome.browser.payments;	5 package org.chromium.chrome.browser.payments;

6	6

7 import android.app.Activity;	7 import android.app.Activity;

8 import android.graphics.Bitmap;	8 import android.graphics.Bitmap;

9 import android.os.Handler;	9 import android.os.Handler;

10 import android.text.TextUtils;	10 import android.text.TextUtils;

11	11

12 import org.chromium.base.Callback;	12 import org.chromium.base.Callback;

13 import org.chromium.base.Log;	13 import org.chromium.base.Log;

14 import org.chromium.chrome.browser.autofill.PersonalDataManager;	14 import org.chromium.chrome.browser.autofill.PersonalDataManager;

15 import org.chromium.chrome.browser.autofill.PersonalDataManager.AutofillProfile;	15 import org.chromium.chrome.browser.autofill.PersonalDataManager.AutofillProfile;

16 import org.chromium.chrome.browser.favicon.FaviconHelper;	16 import org.chromium.chrome.browser.favicon.FaviconHelper;

17 import org.chromium.chrome.browser.payments.ui.LineItem;	17 import org.chromium.chrome.browser.payments.ui.LineItem;

18 import org.chromium.chrome.browser.payments.ui.PaymentInformation;	18 import org.chromium.chrome.browser.payments.ui.PaymentInformation;

19 import org.chromium.chrome.browser.payments.ui.PaymentOption;	19 import org.chromium.chrome.browser.payments.ui.PaymentOption;

20 import org.chromium.chrome.browser.payments.ui.PaymentRequestUI;	20 import org.chromium.chrome.browser.payments.ui.PaymentRequestUI;

21 import org.chromium.chrome.browser.payments.ui.SectionInformation;	21 import org.chromium.chrome.browser.payments.ui.SectionInformation;

22 import org.chromium.chrome.browser.payments.ui.ShoppingCart;	22 import org.chromium.chrome.browser.payments.ui.ShoppingCart;

23 import org.chromium.chrome.browser.preferences.PreferencesLauncher;	23 import org.chromium.chrome.browser.preferences.PreferencesLauncher;

24 import org.chromium.chrome.browser.preferences.autofill.AutofillCreditCardEditor ;	24 import org.chromium.chrome.browser.preferences.autofill.AutofillCreditCardEditor ;

25 import org.chromium.chrome.browser.preferences.autofill.AutofillProfileEditor;	25 import org.chromium.chrome.browser.preferences.autofill.AutofillProfileEditor;

26 import org.chromium.chrome.browser.profiles.Profile;	26 import org.chromium.chrome.browser.profiles.Profile;

27 import org.chromium.chrome.browser.util.UrlUtilities;	27 import org.chromium.chrome.browser.util.UrlUtilities;

	28 import org.chromium.components.safejson.JsonSanitizer;

28 import org.chromium.content.browser.ContentViewCore;	29 import org.chromium.content.browser.ContentViewCore;

29 import org.chromium.content_public.browser.WebContents;	30 import org.chromium.content_public.browser.WebContents;

30 import org.chromium.mojo.system.MojoException;	31 import org.chromium.mojo.system.MojoException;

31 import org.chromium.mojom.payments.PaymentDetails;	32 import org.chromium.mojom.payments.PaymentDetails;

32 import org.chromium.mojom.payments.PaymentItem;	33 import org.chromium.mojom.payments.PaymentItem;

33 import org.chromium.mojom.payments.PaymentOptions;	34 import org.chromium.mojom.payments.PaymentOptions;

34 import org.chromium.mojom.payments.PaymentRequest;	35 import org.chromium.mojom.payments.PaymentRequest;

35 import org.chromium.mojom.payments.PaymentRequestClient;	36 import org.chromium.mojom.payments.PaymentRequestClient;

36 import org.chromium.mojom.payments.PaymentResponse;	37 import org.chromium.mojom.payments.PaymentResponse;

37 import org.chromium.mojom.payments.ShippingOption;	38 import org.chromium.mojom.payments.ShippingOption;

38 import org.chromium.ui.base.WindowAndroid;	39 import org.chromium.ui.base.WindowAndroid;

39 import org.json.JSONException;	40 import org.json.JSONException;

40 import org.json.JSONObject;	41 import org.json.JSONObject;

41	42

	43 import java.io.IOException;

42 import java.util.ArrayList;	44 import java.util.ArrayList;

43 import java.util.Arrays;	45 import java.util.Arrays;

44 import java.util.HashSet;	46 import java.util.HashSet;

45 import java.util.Iterator;	47 import java.util.Iterator;

46 import java.util.List;	48 import java.util.List;

47 import java.util.Locale;	49 import java.util.Locale;

48 import java.util.Set;	50 import java.util.Set;

49 import java.util.regex.Pattern;	51 import java.util.regex.Pattern;

50	52

51 /**	53 /**

(...skipping 407 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
459	461

460 return new SectionInformation(PaymentRequestUI.TYPE_SHIPPING_OPTIONS,	462 return new SectionInformation(PaymentRequestUI.TYPE_SHIPPING_OPTIONS,

461 result.size() == 1 ? 0 : SectionInformation.NO_SELECTION, result );	463 result.size() == 1 ? 0 : SectionInformation.NO_SELECTION, result );

462 }	464 }

463	465

464 private JSONObject getValidatedData(Set<String> supportedMethods, String str ingifiedData) {	466 private JSONObject getValidatedData(Set<String> supportedMethods, String str ingifiedData) {

465 if (TextUtils.isEmpty(stringifiedData)) return new JSONObject();	467 if (TextUtils.isEmpty(stringifiedData)) return new JSONObject();

466	468

467 JSONObject result;	469 JSONObject result;

468 try {	470 try {

469 result = new JSONObject(stringifiedData);	471 result = new JSONObject(JsonSanitizer.sanitize(stringifiedData));
	Robert Sesek 2016/06/07 19:10:06 I'm wondering if it'd be better to create a new cl I'm wondering if it'd be better to create a new class org.chromium.compoents.safejson.SafeJsonParser that mimics the C++ interface and returns a JSONObject. That way clients of the component don't have to understand the sanitization that's happening underneath. And it'd provide symmetry between C++ and Java interfaces.
470 } catch (JSONException e) {	472 } catch (JSONException \| IOException \| IllegalStateException e) {

471 // Payment method specific data should be a JSON object.	473 // Payment method specific data should be a valid JSON object.

472 return null;	474 return null;

473 }	475 }

474	476

475 Iterator<String> it = result.keys();	477 Iterator<String> it = result.keys();

476 while (it.hasNext()) {	478 while (it.hasNext()) {

477 String name = it.next();	479 String name = it.next();

478 // Each key should be one of the supported payment methods.	480 // Each key should be one of the supported payment methods.

479 if (!supportedMethods.contains(name)) return null;	481 if (!supportedMethods.contains(name)) return null;

480 // Each value should be a JSON object.	482 // Each value should be a JSON object.

481 if (result.optJSONObject(name) == null) return null;	483 if (result.optJSONObject(name) == null) return null;

(...skipping 232 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
714 }	716 }

715 mPaymentMethodsSection = null;	717 mPaymentMethodsSection = null;

716 }	718 }

717 }	719 }

718	720

719 private void closeClient() {	721 private void closeClient() {

720 if (mClient != null) mClient.close();	722 if (mClient != null) mClient.close();

721 mClient = null;	723 mClient = null;

722 }	724 }

723 }	725 }

OLD	NEW