chrome/browser/devtools/devtools_ui_bindings.cc - Issue 2302873005: DevTools: allow devtools front-end to show certificate viewer.

Side by Side Diff: chrome/browser/devtools/devtools_ui_bindings.cc

Issue 2302873005: DevTools: allow devtools front-end to show certificate viewer. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/devtools/devtools_ui_bindings.h"	5 #include "chrome/browser/devtools/devtools_ui_bindings.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <utility>	9 #include <utility>

10	10

(...skipping 23 matching lines...) Expand all Loading...
34 #include "chrome/common/chrome_switches.h"	34 #include "chrome/common/chrome_switches.h"

35 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"	35 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"

36 #include "chrome/common/pref_names.h"	36 #include "chrome/common/pref_names.h"

37 #include "chrome/common/url_constants.h"	37 #include "chrome/common/url_constants.h"

38 #include "chrome/grit/generated_resources.h"	38 #include "chrome/grit/generated_resources.h"

39 #include "components/infobars/core/confirm_infobar_delegate.h"	39 #include "components/infobars/core/confirm_infobar_delegate.h"

40 #include "components/infobars/core/infobar.h"	40 #include "components/infobars/core/infobar.h"

41 #include "components/prefs/scoped_user_pref_update.h"	41 #include "components/prefs/scoped_user_pref_update.h"

42 #include "components/syncable_prefs/pref_service_syncable.h"	42 #include "components/syncable_prefs/pref_service_syncable.h"

43 #include "components/zoom/page_zoom.h"	43 #include "components/zoom/page_zoom.h"

	44 #include "content/public/browser/cert_store.h"

44 #include "content/public/browser/devtools_external_agent_proxy.h"	45 #include "content/public/browser/devtools_external_agent_proxy.h"

45 #include "content/public/browser/devtools_external_agent_proxy_delegate.h"	46 #include "content/public/browser/devtools_external_agent_proxy_delegate.h"

46 #include "content/public/browser/navigation_controller.h"	47 #include "content/public/browser/navigation_controller.h"

47 #include "content/public/browser/navigation_entry.h"	48 #include "content/public/browser/navigation_entry.h"

48 #include "content/public/browser/notification_source.h"	49 #include "content/public/browser/notification_source.h"

49 #include "content/public/browser/render_frame_host.h"	50 #include "content/public/browser/render_frame_host.h"

	51 #include "content/public/browser/render_process_host.h"

50 #include "content/public/browser/render_view_host.h"	52 #include "content/public/browser/render_view_host.h"

51 #include "content/public/browser/user_metrics.h"	53 #include "content/public/browser/user_metrics.h"

52 #include "content/public/browser/web_contents.h"	54 #include "content/public/browser/web_contents.h"

53 #include "content/public/browser/web_contents_observer.h"	55 #include "content/public/browser/web_contents_observer.h"

54 #include "content/public/common/renderer_preferences.h"	56 #include "content/public/common/renderer_preferences.h"

55 #include "content/public/common/url_constants.h"	57 #include "content/public/common/url_constants.h"

56 #include "extensions/browser/extension_registry.h"	58 #include "extensions/browser/extension_registry.h"

57 #include "extensions/common/permissions/permissions_data.h"	59 #include "extensions/common/permissions/permissions_data.h"

58 #include "ipc/ipc_channel.h"	60 #include "ipc/ipc_channel.h"

59 #include "net/base/io_buffer.h"	61 #include "net/base/io_buffer.h"

60 #include "net/base/net_errors.h"	62 #include "net/base/net_errors.h"

	63 #include "net/cert/x509_certificate.h"

61 #include "net/http/http_response_headers.h"	64 #include "net/http/http_response_headers.h"

62 #include "net/url_request/url_fetcher.h"	65 #include "net/url_request/url_fetcher.h"

63 #include "net/url_request/url_fetcher_response_writer.h"	66 #include "net/url_request/url_fetcher_response_writer.h"

64 #include "ui/base/l10n/l10n_util.h"	67 #include "ui/base/l10n/l10n_util.h"

65 #include "ui/base/page_transition_types.h"	68 #include "ui/base/page_transition_types.h"

66	69

67 using base::DictionaryValue;	70 using base::DictionaryValue;

68 using content::BrowserThread;	71 using content::BrowserThread;

69	72

70 namespace content {	73 namespace content {

(...skipping 597 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
668 Bind(&DevToolsUIBindings::SearchCompleted,	671 Bind(&DevToolsUIBindings::SearchCompleted,

669 weak_factory_.GetWeakPtr(),	672 weak_factory_.GetWeakPtr(),

670 search_request_id,	673 search_request_id,

671 file_system_path));	674 file_system_path));

672 }	675 }

673	676

674 void DevToolsUIBindings::SetWhitelistedShortcuts(const std::string& message) {	677 void DevToolsUIBindings::SetWhitelistedShortcuts(const std::string& message) {

675 delegate_->SetWhitelistedShortcuts(message);	678 delegate_->SetWhitelistedShortcuts(message);

676 }	679 }

677	680

	681 void DevToolsUIBindings::ShowCertificateViewer(const std::string& cert_chain) {

	682 std::unique_ptr<base::Value> value =

	683 base::JSONReader::Read(cert_chain);

	684 if (!value \|\| value->GetType() != base::Value::TYPE_LIST)

	685 return;

	686

	687 std::unique_ptr<base::ListValue> list =

	688 base::ListValue::From(std::move(value));

	689 std::vector<base::StringPiece> cert_string_piece;

	690 for (size_t i = 0; i < list->GetSize(); ++i) {

	691 std::string item;

	692 if (list->GetString(i, &item))

	693 cert_string_piece.push_back(item);
	Ryan Sleevi 2016/09/02 18:20:30 SECURITY BUG: This is a use-after-free. You're cre SECURITY BUG: This is a use-after-free. You're creating a StringPiece from a string that you deallocate each iteration in this loop, invalidating the memory the StringPiece is pointing to. You need to keep the actual string alive for as long as you keep the stringpiece alive. pfeldman 2016/09/02 18:54:43 Good catch. I did not even pay attention to the fa Good catch. I did not even pay attention to the fact that it used string pieces as I was taking code from jam@'s context. He was using it right, I was not. thanks.
	694 }

	695 scoped_refptr<net::X509Certificate> cert =

	696 net::X509Certificate::CreateFromDERCertChain(cert_string_piece);

	697 DCHECK(cert);
	dgozman 2016/09/02 18:12:55 if (!cert) return; if (!cert) return; Ryan Sleevi 2016/09/02 18:20:30 SECURITY BUG: Why this DCHECK()? You're taking unt SECURITY BUG: Why this DCHECK()? You're taking untrusted input that may be a completely invalid certificate, and potentially causing StoreCert to do a NULL de-ref. Because this is the point untrusted input is ingested, you likely need to decide to either gracefully handle it (if (!cert)), or signal a fatal abort (CHECK(cert)) pfeldman 2016/09/02 18:54:43 Done. Show quoted text On 2016/09/02 18:20:30, Ryan Sleevi (slow) wrote: > SECURITY BUG: Why this DCHECK()? You're taking untrusted input that may be a > completely invalid certificate, and potentially causing StoreCert to do a NULL > de-ref. > > Because this is the point untrusted input is ingested, you likely need to decide > to either gracefully handle it (if (!cert)), or signal a fatal abort > (CHECK(cert)) Done.
	698

	699 // TODO(jam): temporarily add the certificate to the cert store to get an ID

	700 // so that we don't have to change the WCD method signature

	701 // (will be done in followups).

	702 if (!agent_host_ \|\| !agent_host_->GetWebContents())

	703 return;

	704 content::WebContents* inspected_wc = agent_host_->GetWebContents();

	705 int cert_id = content::CertStore::GetInstance()->StoreCert(
	pfeldman 2016/09/02 18:03:30 This is temporary, John removes it in a follow up. This is temporary, John removes it in a follow up. We are putting certificate back just to get the ID. I'm using that renderer's process ID as I'm storing the certificate. This code will be replaced with the call on the viewer that would simply view x509 certs, would not touch the store. That would enable us to support remote debugging scenarios.
	706 cert.get(), inspected_wc->GetRenderProcessHost()->GetID());
	Ryan Sleevi 2016/09/02 18:20:30 Is it guaranteed that inspected_wc will have an RP Is it guaranteed that inspected_wc will have an RPH? Is there any TOCTOU/lifetime issues here? pfeldman 2016/09/02 18:54:43 It is not. Done. Show quoted text On 2016/09/02 18:20:30, Ryan Sleevi (slow) wrote: > Is it guaranteed that inspected_wc will have an RPH? Is there any > TOCTOU/lifetime issues here? It is not. Done. Ryan Sleevi 2016/09/02 19:27:40 Apologies for not being clearer. The TOCTOU issue Show quoted text On 2016/09/02 18:54:43, pfeldman wrote: > On 2016/09/02 18:20:30, Ryan Sleevi (slow) wrote: > > Is it guaranteed that inspected_wc will have an RPH? Is there any > > TOCTOU/lifetime issues here? > > It is not. Done. Apologies for not being clearer. The TOCTOU issue was wonderning if GetWebContents()' value can change (between lines 702 and 704) The issue with RPH was a null check - that is, if rph can be NULL (if a WebContents doesn't have an RPH), then GetID() would be a null-deref. If the timing is fine, then I think you'd want line 705 to be if (!agent_host_ \|\| !agent_host_->GetWebContents() \|\| !agent_host_->GetWebContents()->GetRenderProcessHost()) return;
	707 web_contents_->GetDelegate()->ShowCertificateViewerInDevTools(

	708 web_contents_, cert_id);

	709 }

	710

678 void DevToolsUIBindings::ZoomIn() {	711 void DevToolsUIBindings::ZoomIn() {

679 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_IN);	712 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_IN);

680 }	713 }

681	714

682 void DevToolsUIBindings::ZoomOut() {	715 void DevToolsUIBindings::ZoomOut() {

683 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_OUT);	716 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_OUT);

684 }	717 }

685	718

686 void DevToolsUIBindings::ResetZoom() {	719 void DevToolsUIBindings::ResetZoom() {

687 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_RESET);	720 zoom::PageZoom::Zoom(web_contents(), content::PAGE_ZOOM_RESET);

(...skipping 411 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1099 void DevToolsUIBindings::FrontendLoaded() {	1132 void DevToolsUIBindings::FrontendLoaded() {

1100 if (frontend_loaded_)	1133 if (frontend_loaded_)

1101 return;	1134 return;

1102 frontend_loaded_ = true;	1135 frontend_loaded_ = true;

1103	1136

1104 // Call delegate first - it seeds importants bit of information.	1137 // Call delegate first - it seeds importants bit of information.

1105 delegate_->OnLoadCompleted();	1138 delegate_->OnLoadCompleted();

1106	1139

1107 AddDevToolsExtensionsToClient();	1140 AddDevToolsExtensionsToClient();

1108 }	1141 }

OLD	NEW

« no previous file with comments | « chrome/browser/devtools/devtools_ui_bindings.h ('k') | third_party/WebKit/Source/devtools/front_end/devtools.js » ('j') | no next file with comments »