Allow extension function call quota to be un-throttled.

extensions/browser/quota_service.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // The QuotaService uses heuristics to limit abusive requests
 // made by extensions.  In this model 'items' (e.g individual bookmarks) are
 // represented by a 'Bucket' that holds state for that item for one single
 // interval of time.  The interval of time is defined as 'how long we need to
 // watch an item (for a particular heuristic) before making a decision about
 // quota violations'.  A heuristic is two functions: one mapping input
@@ skipping 46 matching lines @@
                      ExtensionFunction* function,
                      const base::ListValue* args,
                      const base::TimeTicks& event_time);
 
  private:
   typedef std::string ExtensionId;
   typedef std::string FunctionName;
   // All QuotaLimitHeuristic instances in this map are owned by us.
   typedef std::map<FunctionName, QuotaLimitHeuristics> FunctionHeuristicsMap;
 
-  // Purge resets all accumulated data (except |violation_errors_|) as if the
-  // service was just created. Called periodically so we don't consume an
-  // unbounded amount of memory while tracking quota.  Yes, this could mean an
-  // extension gets away with murder if it is timed right, but the extensions
-  // we are trying to limit are ones that consistently violate, so we'll
-  // converge to the correct set.
+  // Purge resets all accumulated data as if the service was just created.
+  // Called periodically so we don't consume an unbounded amount of memory
+  // while tracking quota.  Yes, this could mean an extension gets away with
+  // murder if it is timed right, but the extensions we are trying to limit are
+  // ones that consistently violate, so we'll converge to the correct set.

[Nicolas Zea, 2014/11/04 20:33:10]

Is this comment still accurate (particularly the last sentence)?

[not at google - send to devlin, 2014/11/04 22:07:25]

Good point, fixed. Of the last sentence: the last part isn't true anymore, which
means the first part doesn't make sense to say - and I don't think timing
"attacks" like this are interesting anyway.

   void Purge();
   void PurgeFunctionHeuristicsMap(FunctionHeuristicsMap* map);
   base::RepeatingTimer<QuotaService> purge_timer_;
 
   // Our quota tracking state for extensions that have invoked quota limited
   // functions.  Each extension is treated separately, so extension ids are the
   // key for the mapping.  As an extension invokes functions, the map keeps
   // track of which functions it has invoked and the heuristics for each one.
   // Each heuristic will be evaluated and ANDed together to get a final answer.
   std::map<ExtensionId, FunctionHeuristicsMap> function_heuristics_;
 
-  // For now, as soon as an extension violates quota, we don't allow it to
-  // make any more requests to quota limited functions.  This provides a quick
-  // lookup for these extensions that is only stored in memory.
-  typedef std::map<std::string, std::string> ViolationErrorMap;
-  ViolationErrorMap violation_errors_;
-
   DISALLOW_COPY_AND_ASSIGN(QuotaService);
 };
 
 // A QuotaLimitHeuristic is two things: 1, A heuristic to map extension
 // function arguments to corresponding Buckets for each input arg, and 2) a
 // heuristic for determining if a new event involving a particular item
 // (represented by its Bucket) constitutes a quota violation.
 class QuotaLimitHeuristic {
  public:
   // Parameters to configure the amount of tokens allotted to individual
@@ skipping 111 matching lines @@
 class QuotaService::TimedLimit : public QuotaLimitHeuristic {
  public:
   TimedLimit(const Config& config, BucketMapper* map, const std::string& name)
       : QuotaLimitHeuristic(config, map, name) {}
   bool Apply(Bucket* bucket, const base::TimeTicks& event_time) override;
 };
 
 }  // namespace extensions
 
 #endif  // EXTENSIONS_BROWSER_QUOTA_SERVICE_H_