Implement argument validation for chrome.cast.channel.{open,send}

chrome/browser/extensions/api/cast_channel/cast_channel_api.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/cast_channel/cast_channel_api.h"
 
 #include <limits>
 
 #include "base/json/json_writer.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 226 matching lines @@
   VLOG(2) << "IP: " << ip_address_str << " Port: " << port_str;
   int port;
   if (!base::StringToInt(port_str, &port))
     return false;
   connect_info->ip_address = ip_address_str;
   connect_info->port = port;
   connect_info->auth = auth_required ?
     cast_channel::CHANNEL_AUTH_TYPE_SSL_VERIFIED :
     cast_channel::CHANNEL_AUTH_TYPE_SSL;
   return true;
-};
+}
 
 net::IPEndPoint* CastChannelOpenFunction::ParseConnectInfo(
     const ConnectInfo& connect_info) {
   net::IPAddressNumber ip_address;
   if (!net::ParseIPLiteralToNumber(connect_info.ip_address, &ip_address)) {
     return NULL;
   }
   if (connect_info.port < 0 || connect_info.port >
       std::numeric_limits<unsigned short>::max()) {
     return NULL;
@@ skipping 15 matching lines @@
   EXTENSION_FUNCTION_VALIDATE(params_.get());
   // The connect_info parameter may be a string URL like cast:// or casts:// or
   // a ConnectInfo object.
   std::string cast_url;
   switch (params_->connect_info->GetType()) {
     case base::Value::TYPE_STRING:
       CHECK(params_->connect_info->GetAsString(&cast_url));
       connect_info_.reset(new ConnectInfo);
       if (!ParseChannelUrl(GURL(cast_url), connect_info_.get())) {
         connect_info_.reset();
+        SetError("Invalid Cast URL " + cast_url);
+        return false;
       }
       break;
     case base::Value::TYPE_DICTIONARY:
       connect_info_ = ConnectInfo::FromValue(*(params_->connect_info));
       break;
     default:
       break;
   }
-  if (connect_info_.get()) {
-    channel_auth_ = connect_info_->auth;
-    ip_endpoint_.reset(ParseConnectInfo(*connect_info_));
-    return ip_endpoint_.get() != NULL;
+  if (!connect_info_.get()) {
+    SetError("Invalid connect_info");
+    return false;
   }
-  return false;
+  channel_auth_ = connect_info_->auth;
+  ip_endpoint_.reset(ParseConnectInfo(*connect_info_));
+  if (!ip_endpoint_.get()) {
+    SetError("Invalid connect_info");

[Wez, 2014/07/16 22:42:33]

nit: May be helpful to be able to distinguish this error (bad ConnectInfo
parameters) from the previous error (malformed ConnectInfo)?

It looks like ConnectInfo::FromValue() mostly just parses the fields, except for
the auth-type, which it enforces cannot be NONE; ParseConnectInfo() enforces
values on the fields (including auth-type) and then returns an IPEndpoint for
it. Can we break the latter into IsValidConnectInfo() and
IpEndpointFromConnectInfo(), and remove the auth-type check from FromValue, to
keep parsing, verifying and fetching fields well encapsulated?

[mark a. foltz, 2014/07/17 19:26:51]

Done.
Done, at the expense of parsing the IP address twice.

+    return false;
+  }
+  return true;
 }
 
 void CastChannelOpenFunction::AsyncWorkStart() {
   DCHECK(api_);
   DCHECK(ip_endpoint_.get());
   scoped_ptr<CastSocket> socket = api_->CreateCastSocket(
       extension_->id(), *ip_endpoint_, channel_auth_);
   new_channel_id_ = AddSocket(socket.release());
   GetSocket(new_channel_id_)->Connect(
       base::Bind(&CastChannelOpenFunction::OnOpen, this));
 }
 
 void CastChannelOpenFunction::OnOpen(int result) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   SetResultFromSocket(new_channel_id_);
   AsyncWorkCompleted();
 }
 
 CastChannelSendFunction::CastChannelSendFunction() { }
 
 CastChannelSendFunction::~CastChannelSendFunction() { }
 
 bool CastChannelSendFunction::Prepare() {
   params_ = Send::Params::Create(*args_);
   EXTENSION_FUNCTION_VALIDATE(params_.get());
+  if (params_->message.namespace_.empty()) {
+    SetError("message_info.namespace_ is required");
+    return false;
+  }
+  if (params_->message.source_id.empty()) {
+    SetError("message_info.source_id is required");
+    return false;
+  }
+  if (params_->message.destination_id.empty()) {
+    SetError("message_info.destination_id is required");
+    return false;
+  }
+  switch (params_->message.data->GetType()) {
+    case base::Value::TYPE_STRING:
+    case base::Value::TYPE_BINARY:
+      break;
+    default:
+      SetError("Invalid type of message_info.data");
+      return false;
+  }
   return true;
 }
 
 void CastChannelSendFunction::AsyncWorkStart() {
   CastSocket* socket = GetSocketOrCompleteWithError(
       params_->channel.channel_id);
   if (socket)
     socket->SendMessage(params_->message,
                         base::Bind(&CastChannelSendFunction::OnSend, this));
 }
@@ skipping 32 matching lines @@
     SetResultFromError(cast_channel::CHANNEL_ERROR_SOCKET_ERROR);
   } else {
     int channel_id = params_->channel.channel_id;
     SetResultFromSocket(channel_id);
     RemoveSocket(channel_id);
   }
   AsyncWorkCompleted();
 }
 
 }  // namespace extensions