Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(652)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/common/manifest_handlers/externally_connectable.cc

Issue 2456643005: Reduce buggy usage of the registry controlled domain service. (Closed)
Patch Set: Fix Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | extensions/common/permissions/permission_message_util.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/common/manifest_handlers/externally_connectable.h" 5 #include "extensions/common/manifest_handlers/externally_connectable.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
11 11
12 #include "base/memory/ptr_util.h" 12 #include "base/memory/ptr_util.h"
13 #include "base/stl_util.h" 13 #include "base/stl_util.h"
14 #include "base/strings/utf_string_conversions.h" 14 #include "base/strings/utf_string_conversions.h"
15 #include "components/crx_file/id_util.h" 15 #include "components/crx_file/id_util.h"
16 #include "extensions/common/api/extensions_manifest_types.h" 16 #include "extensions/common/api/extensions_manifest_types.h"
17 #include "extensions/common/error_utils.h" 17 #include "extensions/common/error_utils.h"
18 #include "extensions/common/manifest_constants.h" 18 #include "extensions/common/manifest_constants.h"
19 #include "extensions/common/manifest_handlers/permissions_parser.h" 19 #include "extensions/common/manifest_handlers/permissions_parser.h"
20 #include "extensions/common/permissions/api_permission_set.h" 20 #include "extensions/common/permissions/api_permission_set.h"
21 #include "extensions/common/url_pattern.h" 21 #include "extensions/common/url_pattern.h"
22 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" 22 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
23 #include "net/base/url_util.h"
23 #include "url/gurl.h" 24 #include "url/gurl.h"
24 25
25 namespace rcd = net::registry_controlled_domains; 26 namespace rcd = net::registry_controlled_domains;
26 27
27 namespace extensions { 28 namespace extensions {
28 29
29 namespace externally_connectable_errors { 30 namespace externally_connectable_errors {
30 const char kErrorInvalidMatchPattern[] = "Invalid match pattern '*'"; 31 const char kErrorInvalidMatchPattern[] = "Invalid match pattern '*'";
31 const char kErrorInvalidId[] = "Invalid ID '*'"; 32 const char kErrorInvalidId[] = "Invalid ID '*'";
32 const char kErrorNothingSpecified[] = 33 const char kErrorNothingSpecified[] =
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 if (pattern.host().empty()) { 133 if (pattern.host().empty()) {
133 // Warning not error for forwards compatibility. 134 // Warning not error for forwards compatibility.
134 install_warnings->push_back( 135 install_warnings->push_back(
135 InstallWarning(ErrorUtils::FormatErrorMessage( 136 InstallWarning(ErrorUtils::FormatErrorMessage(
136 errors::kErrorWildcardHostsNotAllowed, *it), 137 errors::kErrorWildcardHostsNotAllowed, *it),
137 keys::kExternallyConnectable, 138 keys::kExternallyConnectable,
138 *it)); 139 *it));
139 continue; 140 continue;
140 } 141 }
141 142
143 url::CanonHostInfo host_info;
144 std::string canonical_host =
145 net::CanonicalizeHost(pattern.host(), &host_info);
146 if (canonical_host.empty()) {
147 // CanonicalizeHost returns empty string on error. The URL parsing
148 // combined with host().empty() should have caught this above.
149 *error = ErrorUtils::FormatErrorMessageUTF16(
150 errors::kErrorInvalidMatchPattern, *it);
151 return std::unique_ptr<ExternallyConnectableInfo>();
152 }
153
142 // Wildcards on subdomains of a TLD are not allowed. 154 // Wildcards on subdomains of a TLD are not allowed.
143 size_t registry_length = rcd::GetRegistryLength( 155 bool has_registry = rcd::HostHasRegistryControlledDomain(
144 pattern.host(), 156 canonical_host,
145 // This means that things that look like TLDs - the foobar in 157 // This means that things that look like TLDs - the foobar in
146 // http://google.foobar - count as TLDs. 158 // http://google.foobar - count as TLDs.
147 rcd::INCLUDE_UNKNOWN_REGISTRIES, 159 rcd::INCLUDE_UNKNOWN_REGISTRIES,
148 // This means that effective TLDs like appspot.com count as TLDs; 160 // This means that effective TLDs like appspot.com count as TLDs;
149 // codereview.appspot.com and evil.appspot.com are different. 161 // codereview.appspot.com and evil.appspot.com are different.
150 rcd::INCLUDE_PRIVATE_REGISTRIES); 162 rcd::INCLUDE_PRIVATE_REGISTRIES);
151 163
152 if (registry_length == std::string::npos) {
153 // The URL parsing combined with host().empty() should have caught this.
154 NOTREACHED() << *it;
155 *error = ErrorUtils::FormatErrorMessageUTF16(
156 errors::kErrorInvalidMatchPattern, *it);
157 return std::unique_ptr<ExternallyConnectableInfo>();
158 }
159
160 // Broad match patterns like "*.com", "*.co.uk", and even "*.appspot.com" 164 // Broad match patterns like "*.com", "*.co.uk", and even "*.appspot.com"
161 // are not allowed. However just "appspot.com" is ok. 165 // are not allowed. However just "appspot.com" is ok.
162 if (registry_length == 0 && pattern.match_subdomains()) { 166 if (!has_registry && pattern.match_subdomains()) {
163 // Warning not error for forwards compatibility. 167 // Warning not error for forwards compatibility.
164 install_warnings->push_back( 168 install_warnings->push_back(
165 InstallWarning(ErrorUtils::FormatErrorMessage( 169 InstallWarning(ErrorUtils::FormatErrorMessage(
166 errors::kErrorTopLevelDomainsNotAllowed, 170 errors::kErrorTopLevelDomainsNotAllowed,
167 pattern.host().c_str(), 171 pattern.host().c_str(),
168 *it), 172 *it),
169 keys::kExternallyConnectable, 173 keys::kExternallyConnectable,
170 *it)); 174 *it));
171 continue; 175 continue;
172 } 176 }
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
222 } 226 }
223 227
224 bool ExternallyConnectableInfo::IdCanConnect(const std::string& id) { 228 bool ExternallyConnectableInfo::IdCanConnect(const std::string& id) {
225 if (all_ids) 229 if (all_ids)
226 return true; 230 return true;
227 DCHECK(base::STLIsSorted(ids)); 231 DCHECK(base::STLIsSorted(ids));
228 return std::binary_search(ids.begin(), ids.end(), id); 232 return std::binary_search(ids.begin(), ids.end(), id);
229 } 233 }
230 234
231 } // namespace extensions 235 } // namespace extensions
OLDNEW
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | extensions/common/permissions/permission_message_util.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698