Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/common/csp_validator.cc

Issue 481643002: Disallow non-subdomain wildcards in the extension's CSP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html ('k') | extensions/common/csp_validator_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/common/csp_validator.h" 5 #include "extensions/common/csp_validator.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/strings/string_split.h" 9 #include "base/strings/string_split.h"
10 #include "base/strings/string_tokenizer.h" 10 #include "base/strings/string_tokenizer.h"
(...skipping 26 matching lines...) Expand all
37 bool seen_in_policy; 37 bool seen_in_policy;
38 bool is_secure; 38 bool is_secure;
39 }; 39 };
40 40
41 bool HasOnlySecureTokens(base::StringTokenizer& tokenizer, 41 bool HasOnlySecureTokens(base::StringTokenizer& tokenizer,
42 Manifest::Type type) { 42 Manifest::Type type) {
43 while (tokenizer.GetNext()) { 43 while (tokenizer.GetNext()) {
44 std::string source = tokenizer.token(); 44 std::string source = tokenizer.token();
45 base::StringToLowerASCII(&source); 45 base::StringToLowerASCII(&source);
46 46
47 // Don't alow whitelisting of all hosts. This boils down to: 47 // Don't allow whitelisting of all hosts. This boils down to:
48 // 1. Maximum of 2 '*' characters. 48 // 1. Maximum of 2 '*' characters.
49 // 2. Each '*' is either followed by a '.' or preceded by a ':' 49 // 2. Each '*' is either followed by a '.' or preceded by a ':'
50 int wildcards = 0; 50 int wildcards = 0;
51 size_t length = source.length(); 51 size_t length = source.length();
52 for (size_t i = 0; i < length; ++i) { 52 for (size_t i = 0; i < length; ++i) {
53 if (source[i] == L'*') { 53 if (source[i] == L'*') {
54 wildcards++; 54 wildcards++;
55 if (wildcards > 2) 55 if (wildcards > 2)
56 return false; 56 return false;
57 57
58 bool isWildcardPort = i > 0 && source[i - 1] == L':'; 58 bool isWildcardPort = i > 0 && source[i - 1] == L':';
59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.'; 59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.';
60 if (!isWildcardPort && !isWildcardSubdomain) 60 if (!isWildcardPort && !isWildcardSubdomain)
61 return false; 61 return false;
62 } 62 }
63 } 63 }
64 64
65 // We might need to relax this whitelist over time. 65 // We might need to relax this whitelist over time.
66 if (source == "'self'" || 66 if (source == "'self'" ||
67 source == "'none'" || 67 source == "'none'" ||
68 source == "http://127.0.0.1" || 68 source == "http://127.0.0.1" ||
69 LowerCaseEqualsASCII(source, "blob:") || 69 LowerCaseEqualsASCII(source, "blob:") ||
70 LowerCaseEqualsASCII(source, "filesystem:") || 70 LowerCaseEqualsASCII(source, "filesystem:") ||
71 LowerCaseEqualsASCII(source, "http://localhost") || 71 LowerCaseEqualsASCII(source, "http://localhost") ||
72 StartsWithASCII(source, "http://127.0.0.1:", false) || 72 StartsWithASCII(source, "http://127.0.0.1:", false) ||
73 StartsWithASCII(source, "http://localhost:", false) || 73 StartsWithASCII(source, "http://localhost:", false) ||
74 StartsWithASCII(source, "https://", true) || 74 (StartsWithASCII(source, "https://", true) && source.length() > 8) ||
not at google - send to devlin 2014/08/18 17:17:18 what is 8?
robwu 2014/08/18 19:50:05 The length of "https://".
not at google - send to devlin 2014/08/18 19:53:40 I think that (StartsWithASCII(source, "https://")
robwu 2014/08/18 21:08:18 Done. See the bug report and the other CL at the l
75 StartsWithASCII(source, "chrome://", true) || 75 StartsWithASCII(source, "chrome://", true) ||
76 StartsWithASCII(source, 76 StartsWithASCII(source,
77 std::string(extensions::kExtensionScheme) + 77 std::string(extensions::kExtensionScheme) +
78 url::kStandardSchemeSeparator, 78 url::kStandardSchemeSeparator,
79 true) || 79 true) ||
80 StartsWithASCII(source, "chrome-extension-resource:", true)) { 80 StartsWithASCII(source, "chrome-extension-resource:", true)) {
81 continue; 81 continue;
82 } 82 }
83 83
84 // crbug.com/146487 84 // crbug.com/146487
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 } 198 }
199 } 199 }
200 } 200 }
201 201
202 return seen_sandbox; 202 return seen_sandbox;
203 } 203 }
204 204
205 } // namespace csp_validator 205 } // namespace csp_validator
206 206
207 } // namespace extensions 207 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html ('k') | extensions/common/csp_validator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698