extensions/browser/api/web_request/web_request_permissions.cc - Issue 2489233003: [extensions] Remove unnecessary checks in IsSensitiveURL

Side by Side Diff: extensions/browser/api/web_request/web_request_permissions.cc

Issue 2489233003: [extensions] Remove unnecessary checks in IsSensitiveURL (Closed)

Patch Set: Fix up code and write unit tests Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « extensions/browser/api/web_request/web_request_permissions.h ('k') | extensions/browser/api/web_request/web_request_permissions_unittest.cc » ('j') | extensions/test/test_extensions_client.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "extensions/browser/api/web_request/web_request_permissions.h"	5 #include "extensions/browser/api/web_request/web_request_permissions.h"

6	6

	7 #include "base/strings/string_piece.h"

7 #include "base/strings/string_util.h"	8 #include "base/strings/string_util.h"

8 #include "base/strings/stringprintf.h"	9 #include "base/strings/stringprintf.h"

9 #include "content/public/browser/resource_request_info.h"	10 #include "content/public/browser/resource_request_info.h"

10 #include "extensions/browser/extension_navigation_ui_data.h"	11 #include "extensions/browser/extension_navigation_ui_data.h"

11 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"	12 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"

12 #include "extensions/browser/info_map.h"	13 #include "extensions/browser/info_map.h"

13 #include "extensions/common/constants.h"	14 #include "extensions/common/constants.h"

14 #include "extensions/common/extension.h"	15 #include "extensions/common/extension.h"

15 #include "extensions/common/extension_urls.h"	16 #include "extensions/common/extension_urls.h"

16 #include "extensions/common/permissions/permissions_data.h"	17 #include "extensions/common/permissions/permissions_data.h"

17 #include "net/url_request/url_request.h"	18 #include "net/url_request/url_request.h"

18 #include "url/gurl.h"	19 #include "url/gurl.h"

19 #include "url/origin.h"	20 #include "url/origin.h"

20	21

21 using content::ResourceRequestInfo;	22 using content::ResourceRequestInfo;

22 using extensions::PermissionsData;	23 using extensions::PermissionsData;

23	24

24 namespace {	25 namespace {

25	26

	27 // Returns true if the scheme is one we want to allow extensions to have access

	28 // to. Extensions still need specific permissions for a given URL, which is

	29 // covered by CanExtensionAccessURL.

	30 bool HasWebRequestScheme(const GURL& url) {

	31 return (url.SchemeIs(url::kAboutScheme) \|\| url.SchemeIs(url::kFileScheme) \|\|

	32 url.SchemeIs(url::kFileSystemScheme) \|\|

	33 url.SchemeIs(url::kFtpScheme) \|\| url.SchemeIs(url::kHttpScheme) \|\|

	34 url.SchemeIs(url::kHttpsScheme) \|\|

	35 url.SchemeIs(extensions::kExtensionScheme));

	36 }

	37

	38 } // namespace

	39

26 // Returns true if the URL is sensitive and requests to this URL must not be	40 // Returns true if the URL is sensitive and requests to this URL must not be

27 // modified/canceled by extensions, e.g. because it is targeted to the webstore	41 // modified/canceled by extensions, e.g. because it is targeted to the webstore

28 // to check for updates, extension blacklisting, etc.	42 // to check for updates, extension blacklisting, etc.

29 bool IsSensitiveURL(const GURL& url) {	43 bool IsSensitiveURL(const GURL& url) {

30 // TODO(battre) Merge this, CanExtensionAccessURL and	44 // TODO(battre) Merge this, CanExtensionAccessURL and

31 // PermissionsData::CanAccessPage into one function.	45 // PermissionsData::CanAccessPage into one function.

32 bool sensitive_chrome_url = false;	46 bool sensitive_chrome_url = false;

33 const std::string host = url.host();	47 const base::StringPiece& host = url.host_piece();

34 const char kGoogleCom[] = ".google.com";	48 const char kGoogleCom[] = "google.com";

35 const char kClient[] = "clients";	49 const char kClient[] = "clients";

36 if (base::EndsWith(host, kGoogleCom, base::CompareCase::SENSITIVE)) {	50 if (url.DomainIs(kGoogleCom)) {

37 // Check for "clients[0-9]*.google.com" hosts.	51 // Check for "clients[0-9]*.google.com" hosts.

38 // This protects requests to several internal services such as sync,	52 // This protects requests to several internal services such as sync,

39 // extension update pings, captive portal detection, fraudulent certificate	53 // extension update pings, captive portal detection, fraudulent certificate

40 // reporting, autofill and others.	54 // reporting, autofill and others.

41 if (base::StartsWith(host, kClient, base::CompareCase::SENSITIVE)) {	55 if (base::StartsWith(host, kClient, base::CompareCase::SENSITIVE)) {

42 bool match = true;	56 bool match = true;

43 for (std::string::const_iterator i = host.begin() + strlen(kClient),	57 for (base::StringPiece::const_iterator

44 end = host.end() - strlen(kGoogleCom); i != end; ++i) {	58 i = host.begin() + strlen(kClient),

	59 end = host.end() - (strlen(kGoogleCom) + 1);

	60 i != end; ++i) {

45 if (!isdigit(*i)) {	61 if (!isdigit(*i)) {

46 match = false;	62 match = false;

47 break;	63 break;

48 }	64 }

49 }	65 }

50 sensitive_chrome_url = sensitive_chrome_url \|\| match;	66 sensitive_chrome_url = sensitive_chrome_url \|\| match;

51 }	67 }

52 // This protects requests to safe browsing, link doctor, and possibly	68 // This protects requests to safe browsing, link doctor, and possibly

53 // others.	69 // others.

54 sensitive_chrome_url =	70 sensitive_chrome_url = sensitive_chrome_url \|\|

55 sensitive_chrome_url \|\|	71 url.DomainIs("clients.google.com") \|\|

56 base::EndsWith(url.host(), ".clients.google.com",	72 url.host_piece() == "sb-ssl.google.com" \|\|
	Devlin 2016/11/10 22:26:39 hmm... maybe also just DomainIs() for these. It w hmm... maybe also just DomainIs() for these. It would mean that we filter out foo.sb-ssl.google.com and foo.chrome.google.com/webstore, but I think that's probably fine. WDYT? Otherwise, we need change the "==" to "base::StartsWith(), or similar. Charlie Harrison 2016/11/10 22:35:36 SGTM. Done. Show quoted text On 2016/11/10 22:26:39, Devlin (slow) wrote: > hmm... maybe also just DomainIs() for these. It would mean that we filter out > http://foo.sb-ssl.google.com and foo.chrome.google.com/webstore, but I think that's > probably fine. WDYT? Otherwise, we need change the "==" to > "base::StartsWith(), or similar. SGTM. Done.
57 base::CompareCase::SENSITIVE) \|\|	73 (url.host_piece() == "chrome.google.com" &&

58 url.host() == "sb-ssl.google.com" \|\|	74 base::StartsWith(url.path_piece(), "/webstore",

59 (url.host() == "chrome.google.com" &&	75 base::CompareCase::SENSITIVE));

60 base::StartsWith(url.path(), "/webstore",

61 base::CompareCase::SENSITIVE));

62 }	76 }

63 GURL::Replacements replacements;	77 return sensitive_chrome_url \|\| extension_urls::IsWebstoreUpdateUrl(url) \|\|

64 replacements.ClearQuery();	78 extension_urls::IsBlacklistUpdateUrl(url);

65 replacements.ClearRef();

66 GURL url_without_query = url.ReplaceComponents(replacements);

67 return sensitive_chrome_url \|\|

68 extension_urls::IsWebstoreUpdateUrl(url_without_query) \|\|

69 extension_urls::IsBlacklistUpdateUrl(url);

70 }	79 }

71	80

72 // Returns true if the scheme is one we want to allow extensions to have access

73 // to. Extensions still need specific permissions for a given URL, which is

74 // covered by CanExtensionAccessURL.

75 bool HasWebRequestScheme(const GURL& url) {

76 return (url.SchemeIs(url::kAboutScheme) \|\| url.SchemeIs(url::kFileScheme) \|\|

77 url.SchemeIs(url::kFileSystemScheme) \|\|

78 url.SchemeIs(url::kFtpScheme) \|\| url.SchemeIs(url::kHttpScheme) \|\|

79 url.SchemeIs(url::kHttpsScheme) \|\|

80 url.SchemeIs(extensions::kExtensionScheme));

81 }

82

83 } // namespace

84

85 // static	81 // static

86 bool WebRequestPermissions::HideRequest(	82 bool WebRequestPermissions::HideRequest(

87 const extensions::InfoMap* extension_info_map,	83 const extensions::InfoMap* extension_info_map,

88 const net::URLRequest* request,	84 const net::URLRequest* request,

89 extensions::ExtensionNavigationUIData* navigation_ui_data) {	85 extensions::ExtensionNavigationUIData* navigation_ui_data) {

90 // Hide requests from the Chrome WebStore App or signin process.	86 // Hide requests from the Chrome WebStore App or signin process.

91 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);	87 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);

92 if (info) {	88 if (info) {

93 int process_id = info->GetChildID();	89 int process_id = info->GetChildID();

94 // Never hide requests from guest processes.	90 // Never hide requests from guest processes.

(...skipping 52 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
147 break;	143 break;

148 case REQUIRE_ALL_URLS:	144 case REQUIRE_ALL_URLS:

149 if (extension->permissions_data()->HasEffectiveAccessToAllHosts())	145 if (extension->permissions_data()->HasEffectiveAccessToAllHosts())

150 access = PermissionsData::ACCESS_ALLOWED;	146 access = PermissionsData::ACCESS_ALLOWED;

151 // else ACCESS_DENIED	147 // else ACCESS_DENIED

152 break;	148 break;

153 }	149 }

154	150

155 return access;	151 return access;

156 }	152 }

OLD	NEW