Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3657)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc

Issue 380213003: Harden WebNavigation API against invalid navigation callbacks (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/api/web_navigation/web_navigation_api.cc » ('j') | tools/metrics/actions/actions.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc
diff --git a/chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc b/chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc
index d8e6c7c2c45509bbd023d65d3ca1fae8edbfde75..0c64ff75ec08d312c926481d1926ccec8087d665 100644
--- a/chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc
+++ b/chrome/browser/extensions/api/web_navigation/frame_navigation_state.cc
@@ -5,6 +5,7 @@
#include "chrome/browser/extensions/api/web_navigation/frame_navigation_state.h"
#include "base/logging.h"
+#include "base/metrics/user_metrics.h"
#include "chrome/common/url_constants.h"
#include "extensions/common/constants.h"
@@ -24,6 +25,12 @@ const char* kValidSchemes[] = {
url::kFileSystemScheme,
};
+void ReportInvalidFrameID() {
+ base::RecordAction(
+ base::UserMetricsAction("Extensions.WebNavigation.InvalidFrameID"));
+ NOTREACHED();
+}
+
} // namespace
FrameNavigationState::FrameID::FrameID()
@@ -70,6 +77,8 @@ bool FrameNavigationState::CanSendEvents(FrameID frame_id) const {
frame_state_map_.find(frame_id);
if (frame_state == frame_state_map_.end() ||
frame_state->second.error_occurred) {
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return false;
}
return IsValidUrl(frame_state->second.url);
@@ -116,8 +125,10 @@ void FrameNavigationState::TrackFrame(FrameID frame_id,
void FrameNavigationState::FrameDetached(FrameID frame_id) {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
- if (frame_state == frame_state_map_.end())
+ if (frame_state == frame_state_map_.end()) {
+ ReportInvalidFrameID();
return;
+ }
if (frame_id == main_frame_id_)
main_frame_id_ = FrameID();
frame_state_map_.erase(frame_id);
@@ -157,7 +168,7 @@ void FrameNavigationState::StopTrackingFramesInRVH(
void FrameNavigationState::UpdateFrame(FrameID frame_id, const GURL& url) {
FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
if (frame_state == frame_state_map_.end()) {
- NOTREACHED();
+ ReportInvalidFrameID();
return;
}
frame_state->second.url = url;
@@ -173,7 +184,7 @@ GURL FrameNavigationState::GetUrl(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
if (frame_state == frame_state_map_.end()) {
- NOTREACHED();
+ ReportInvalidFrameID();
return GURL();
}
if (frame_state->second.is_iframe_srcdoc)
@@ -184,6 +195,8 @@ GURL FrameNavigationState::GetUrl(FrameID frame_id) const {
bool FrameNavigationState::IsMainFrame(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state != frame_state_map_.end() &&
frame_state->second.is_main_frame);
}
@@ -197,7 +210,7 @@ FrameNavigationState::FrameID FrameNavigationState::GetParentFrameID(
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
if (frame_state == frame_state_map_.end()) {
- NOTREACHED();
+ ReportInvalidFrameID();
return FrameID();
}
return FrameID(frame_state->second.parent_frame_num,
@@ -205,63 +218,89 @@ FrameNavigationState::FrameID FrameNavigationState::GetParentFrameID(
}
void FrameNavigationState::SetErrorOccurredInFrame(FrameID frame_id) {
- DCHECK(frame_state_map_.find(frame_id) != frame_state_map_.end());
- frame_state_map_[frame_id].error_occurred = true;
+ FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
+ else
+ frame_state->second.error_occurred = true;
}
bool FrameNavigationState::GetErrorOccurredInFrame(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state == frame_state_map_.end() ||
frame_state->second.error_occurred);
}
void FrameNavigationState::SetNavigationCompleted(FrameID frame_id) {
- DCHECK(frame_state_map_.find(frame_id) != frame_state_map_.end());
- frame_state_map_[frame_id].is_navigating = false;
+ FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
+ else
+ frame_state->second.is_navigating = false;
}
bool FrameNavigationState::GetNavigationCompleted(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state == frame_state_map_.end() ||
!frame_state->second.is_navigating);
}
void FrameNavigationState::SetParsingFinished(FrameID frame_id) {
- DCHECK(frame_state_map_.find(frame_id) != frame_state_map_.end());
- frame_state_map_[frame_id].is_parsing = false;
+ FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
+ else
+ frame_state->second.is_parsing = false;
}
bool FrameNavigationState::GetParsingFinished(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state == frame_state_map_.end() ||
!frame_state->second.is_parsing);
}
void FrameNavigationState::SetNavigationCommitted(FrameID frame_id) {
- DCHECK(frame_state_map_.find(frame_id) != frame_state_map_.end());
- frame_state_map_[frame_id].is_committed = true;
- if (frame_state_map_[frame_id].is_main_frame)
- main_frame_id_ = frame_id;
+ FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end()) {
+ ReportInvalidFrameID();
+ } else {
+ frame_state->second.is_committed = true;
+ if (frame_state->second.is_main_frame)
+ main_frame_id_ = frame_id;
+ }
}
bool FrameNavigationState::GetNavigationCommitted(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state != frame_state_map_.end() &&
frame_state->second.is_committed);
}
void FrameNavigationState::SetIsServerRedirected(FrameID frame_id) {
- DCHECK(frame_state_map_.find(frame_id) != frame_state_map_.end());
- frame_state_map_[frame_id].is_server_redirected = true;
+ FrameIdToStateMap::iterator frame_state = frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
+ else
+ frame_state->second.is_server_redirected = true;
}
bool FrameNavigationState::GetIsServerRedirected(FrameID frame_id) const {
FrameIdToStateMap::const_iterator frame_state =
frame_state_map_.find(frame_id);
+ if (frame_state == frame_state_map_.end())
+ ReportInvalidFrameID();
return (frame_state != frame_state_map_.end() &&
frame_state->second.is_server_redirected);
}
« no previous file with comments | « no previous file | chrome/browser/extensions/api/web_navigation/web_navigation_api.cc » ('j') | tools/metrics/actions/actions.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698