chrome/browser/resources/feedback/js/event_handler.js - Issue 942123004: Use sha hashes of extension ids to whitelist. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(45)

My Issues | Starred Open | Closed | All

Side by Side Diff: chrome/browser/resources/feedback/js/event_handler.js

Issue 942123004: Use sha hashes of extension ids to whitelist. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/resources/feedback/OWNERS ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 /**	5 /**

6 * @type {number}	6 * @type {number}

7 * @const	7 * @const

8 */	8 */

9 var FEEDBACK_WIDTH = 500;	9 var FEEDBACK_WIDTH = 500;

10 /**	10 /**

11 * @type {number}	11 * @type {number}

12 * @const	12 * @const

13 */	13 */

14 var FEEDBACK_HEIGHT = 585;	14 var FEEDBACK_HEIGHT = 585;

15	15

16 var initialFeedbackInfo = null;	16 var initialFeedbackInfo = null;

17	17

	18 // To generate a hashed extension ID, use a sha-256 hash, all in lower case.

	19 // Example:

	20 // echo -n 'abcdefghijklmnopqrstuvwxyzabcdef' \| sha256sum \| awk '{print $1}'

18 var whitelistedExtensionIds = [	21 var whitelistedExtensionIds = [

19 'bpmcpldpdmajfigpchkicefoigmkfalc', // QuickOffice	22 '0eeefaa87e292cd986dd0528e90f9128a936b1c4e1c53e7faa0244594c69df94', // QuickOf fice
	mednik 2015/02/20 23:48:03 This format looks different from that used to whit This format looks different from that used to whitelist hashes of extensions for APIs: https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... It would be really nice if these were the same so app developers who get whitelisted in that file can just dump the same hashes in here. rkc 2015/02/23 20:03:30 The current extensions system uses SHA1. I decided Show quoted text On 2015/02/20 23:48:03, mednik wrote: > This format looks different from that used to whitelist hashes of extensions for > APIs: > https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... > > It would be really nice if these were the same so app developers who get > whitelisted in that file can just dump the same hashes in here. The current extensions system uses SHA1. I decided to use SHA-256 due to Google eventually phasing out SHA1 due to insecurity. I spoke with the extension team about this and it seems that we get enough security with SHA1. If someone really wants to spend the time to break SHA1 on these IDs, we don't really care that much. So the decision is to use SHA1. Done.
20 'ehibbfinohgbchlgdbfpikodjaojhccn', // QuickOffice	23 '04c5c683bdbbda3120fdd1043e96e551185c57f38be14ee17b5993f6ad4c592f', // QuickOf fice

21 'gbkeegbaiigmenfmjfclcdgdpimamgkj', // QuickOffice	24 '5f81f9fe1f4f499490466bc3861653fe72de22e2ba8e4e5769ded9fb2c7ee2d0', // QuickOf fice

22 'efjnaogkjbogokcnohkmnjdojkikgobo', // G+ Photos	25 '4d4fc32a4150c7d9f8eb086d4e8b336600932492b84089fbae4f0f54e6c109ca', // G+ Phot os

23 'ebpbnabdhheoknfklmpddcdijjkmklkp', // G+ Photos	26 '83e306fdc741f89b40f04d53797eb720e5435b2e73fb5c8c3784442512b247c9', // G+ Phot os

24 'endkpmfloggdajndjpoekmkjnkolfdbf', // Feedback Extension	27 '674b9eabe65d268cd0f2c65e252ae442a09171fcd5d6a10ed9215208289975b2', // Feedbac k Extension

25 'mlocfejafidcakdddnndjdngfmncfbeg', // Connectivity Diagnostics	28 'b95301dd32b3aa23b0d117c32dc45f2e09d6f1664279598a48631e469e0abac9', // Connect ivity Diagnostics

26 'ganomidahfnpdchomfgdoppjmmedlhia', // Connectivity Diagnostics	29 '33b6334139f225192217454100cc628dc3570dbd34a10a8825345209cf77f719', // Connect ivity Diagnostics

27 'eemlkeanncmjljgehlbplemhmdmalhdc', // Connectivity Diagnostics	30 '6e0b83d8e9a5072ad869622f18f79162c9bf93918fa9e6d6157421aaf37a6f5a', // Connect ivity Diagnostics

28 'kodldpbjkkmmnilagfdheibampofhaom', // Connectivity Diagnostics	31 'e34c1ed72d48e4a61c16b69e27b6299ed60f76852d82bd7923ad9d1bd12f3d02', // Connect ivity Diagnostics

29 'kkebgepbbgbcmghedmmdfcbdcodlkngh', // Chrome OS Recovery Tool	32 '0716d7e784e7cd26f5aad07b4fb1cb61d5461dd4327b1ab99cc7820b754f0136', // Chrome OS Recovery Tool

30 'jndclpdbaamdhonoechobihbbiimdgai', // Chrome OS Recovery Tool	33 'e69face7a7e30f74687249987aa339b47816e25a0d9316a3c0a698b02d1ddefc', // Chrome OS Recovery Tool

31 'ljoammodoonkhnehlncldjelhidljdpi', // GetHelp app.	34 'ee9cc86a9c05427a9c1403aa62fe264720f1f340d1ac0e0cb2cf780afa180023', // GetHelp app.

32 'ljacajndfccfgnfohlgkdphmbnpkjflk', // Chrome Remote Desktop Dev	35 'e703d4328e2d81899dfbeaaafdfb5175af10a3bda050176cb7b9bab352164126', // Chrome Remote Desktop Dev

33 'gbchcmhmhahfdphkhkmpfmihenigjmpp', // Chrome Remote Desktop Stable	36 '767c6e409da494634a4e7dd17871c6c6b719d07340c41893742117345d98dd9e', // Chrome Remote Desktop Stable

34 'odkaodonbgfohohmklejpjiejmcipmib', // Chrome Remote Desktop QA	37 '22b52c2dd867c39b74ba7b8472ff5c27672f6c597045628ba9b0b20062741171', // Chrome Remote Desktop QA

35 'dokpleeekgeeiehdhmdkeimnkmoifgdd', // Chrome Remote Desktop QA backup	38 '286cbfc2e16a6578815e9c8c17978bfe5629b3737fa154b2ed71d55ffc41cfbd', // Chrome Remote Desktop QA backup

36 'ajoainacpilcemgiakehflpbkbfipojk', // Chrome Remote Desktop Apps V2	39 '3ccad7148e402a5920ca63077d14de50dda93d347d9e5b4129a711f9bf0d7271', // Chrome Remote Desktop Apps V2

37 'llohocloplkbhgcfnplnoficdkiechcn', // Play Movies Dev	40 'a078d80697a121207e78a41d6b3dabe9545fe5b3ecc91cd221c8f802d0fa304b', // Play Mo vies Dev

38 'icljpnebmoleodmchaaajbkpoipfoahp', // Play Movies Nightly	41 '927ed9fcbbedda70b79cccb0f76edb7d36c1e48b1049ff8c2bba78b4ed971d2e', // Play Mo vies Nightly

39 'mjekoljodoiapgkggnlmbecndfpbbcch', // Play Movies Beta	42 'eca389c5ef975c1c9e07dfd50c59925d64632c3b09c418e7ecfcba3ada13ca6d', // Play Mo vies Beta

40 'gdijeikdkaembjbdobgfkoidjkpbmlkd', // Play Movies Stable	43 'f203e23f6450b65ef0fd9f6ca4006bded3c77151b567352d99c5ca82714a2b85', // Play Mo vies Stable

41 'andfmajejfpjojledngpdaibbhkffipo', // Hangouts Extension	44 'cb57437ae9890149f2631062a2be585eb57296d94ae7d603797cdcba026d0939', // Hangout s Extension

42 'jfjjdfefebklmdbmenmlehlopoocnoeh', // Hangouts Extension	45 'e8486d0e4c57480bf87a3ce500627a67cf47dda03b85872c3b531e17393b2abd', // Hangout s Extension

43 'dhcmpocobclokhifdkgcjbnfdaneoojd', // Hangouts Extension	46 '8ad2bccd6237a721b6a51bce833c38b659188ff98e5f2335c00992e4641b23ee', // Hangout s Extension

44 'ppleadejekpmccmnpjdimmlfljlkdfej', // Hangouts Extension	47 '686d6216be625dab0bb2bec4834181bdee81ff410639eaa55ce42bce2ca38ff8', // Hangout s Extension

45 'eggnbpckecmjlblplehfpjjdhhidfdoj', // Hangouts Extension	48 '0edec707b34d737e6808c1f49c75a41f85abb123eebf92bc16a4d933fb91c0cb', // Hangout s Extension

46 'ljclpkphhpbpinifbeabbhlfddcpfdde', // Hangouts Extension	49 '8e37e180c80468f45822ecaa66e22f831bcc84f2b169fe815d42d1b4791ea3e1', // Hangout s Extension

47 'nckgahadagoaajjgafhacjanaoiihapd', // Hangouts Extension	50 'ba5a008415c2a50120975b653517565579ecfba2682079eed8b7f5b10d9c79e2', // Hangout s Extension

48 'knipolnnllmklapflnccelgolnpehhpl', // Hangouts Extension	51 'e902e84eabdc1f3bd51bc2d86326a42575e0e59f0840339a300cf281fb28ad49', // Hangout s Extension

49 'dogkdgiahcdchbabhdmpbhlfoddjined', // GLS nightly	52 'f511aceaf81313f414f84dc0222f280fc3c323b7350e8a233d4bd78c36fdddad', // GLS nig htly

50 'khkjfddibboofomnlkndfedpoccieiee', // GLS stable	53 'a5655706f72a6d3e7a0031b6828ce1f24afebd7144f0d591ccc47b32961a2356', // GLS sta ble

51 ];	54 ];

52	55

	56

53 /**	57 /**

54 * Function to determine whether or not a given extension id is whitelisted to	58 * Function to determine whether or not a given extension id is whitelisted to

55 * invoke the feedback UI.	59 * invoke the feedback UI. If the extension is whitelisted, the callback to

	60 * start the Feedback UI will be called.

56 * @param {string} id the id of the sender extension.	61 * @param {string} id the id of the sender extension.

57 * @return {boolean} Whether or not this sender is whitelisted.	62 * @param {Function} startFeedbackCallback The callback function that will

	63 * will start the feedback UI.

	64 * @param {Object} feedbackInfo The feedback info object to pass to the

	65 * start feedback UI callback.

58 */	66 */

59 function senderWhitelisted(id) {	67 function senderWhitelisted(id, startFeedbackCallback, feedbackInfo) {

60 return id && whitelistedExtensionIds.indexOf(id) != -1;	68 crypto.subtle.digest('SHA-256', (new TextEncoder).encode(id)).then(
	arv (Not doing code reviews) 2015/02/20 23:28:20 new TextEncoder().encode(id) new TextEncoder().encode(id) rkc 2015/02/23 20:03:30 Throws an exception when I remove the parenthesis. Show quoted text On 2015/02/20 23:28:20, arv wrote: > new TextEncoder().encode(id) Throws an exception when I remove the parenthesis. "Error in event handler for runtime.onMessageExternal: TypeError: undefined is not a function at senderWhitelisted (chrome-extension://gfdkimpbcpahaombhbimeihdjnejgicl/js/event_handler.js:69:32)"
	69 function(hashBuffer) {

	70 var hashString = '';

	71 var hashView = new Uint8Array(hashBuffer);

	72 for (var i = 0; i < hashView.length; ++i) {

	73 var hex = hashView[i].toString(16);

	74 hex = '0'.substr(0, 2 - hex.length) + hex;
	arv (Not doing code reviews) 2015/02/20 23:28:20 No need to muck with substr here. var n = hashVie No need to muck with substr here. var n = hashView[i]; hashString += n < 0x10 ? '0' : n.toString(16); rkc 2015/02/23 20:03:30 Done (with the fixed version). Show quoted text On 2015/02/20 23:28:20, arv wrote: > No need to muck with substr here. > > var n = hashView[i]; > hashString += n < 0x10 ? '0' : n.toString(16); Done (with the fixed version).
	75 hashString += hex;

	76 }

	77 if (whitelistedExtensionIds.indexOf(hashString) != -1)

	78 startFeedbackCallback(feedbackInfo);

	79 });

61 }	80 }

62	81

63 /**	82 /**

64 * Callback which gets notified once our feedback UI has loaded and is ready to	83 * Callback which gets notified once our feedback UI has loaded and is ready to

65 * receive its initial feedback info object.	84 * receive its initial feedback info object.

66 * @param {Object} request The message request object.	85 * @param {Object} request The message request object.

67 * @param {Object} sender The sender of the message.	86 * @param {Object} sender The sender of the message.

68 * @param {function(Object)} sendResponse Callback for sending a response.	87 * @param {function(Object)} sendResponse Callback for sending a response.

69 */	88 */

70 function feedbackReadyHandler(request, sender, sendResponse) {	89 function feedbackReadyHandler(request, sender, sendResponse) {

71 if (request.ready) {	90 if (request.ready) {

72 chrome.runtime.sendMessage(	91 chrome.runtime.sendMessage(

73 {sentFromEventPage: true, data: initialFeedbackInfo});	92 {sentFromEventPage: true, data: initialFeedbackInfo});

74 }	93 }

75 }	94 }

76	95

77	96

78 /**	97 /**

79 * Callback which gets notified if another extension is requesting feedback.	98 * Callback which gets notified if another extension is requesting feedback.

80 * @param {Object} request The message request object.	99 * @param {Object} request The message request object.

81 * @param {Object} sender The sender of the message.	100 * @param {Object} sender The sender of the message.

82 * @param {function(Object)} sendResponse Callback for sending a response.	101 * @param {function(Object)} sendResponse Callback for sending a response.

83 */	102 */

84 function requestFeedbackHandler(request, sender, sendResponse) {	103 function requestFeedbackHandler(request, sender, sendResponse) {

85 if (request.requestFeedback && senderWhitelisted(sender.id))	104 if (request.requestFeedback)

86 startFeedbackUI(request.feedbackInfo);	105 senderWhitelisted(sender.id, startFeedbackUI, request.feedbackInfo);

87 }	106 }

88	107

89 /**	108 /**

90 * Callback which starts up the feedback UI.	109 * Callback which starts up the feedback UI.

91 * @param {Object} feedbackInfo Object containing any initial feedback info.	110 * @param {Object} feedbackInfo Object containing any initial feedback info.

92 */	111 */

93 function startFeedbackUI(feedbackInfo) {	112 function startFeedbackUI(feedbackInfo) {

94 initialFeedbackInfo = feedbackInfo;	113 initialFeedbackInfo = feedbackInfo;

95 chrome.app.window.create('html/default.html', {	114 chrome.app.window.create('html/default.html', {

96 frame: 'none',	115 frame: 'none',

97 id: 'default_window',	116 id: 'default_window',

98 width: FEEDBACK_WIDTH,	117 width: FEEDBACK_WIDTH,

99 height: FEEDBACK_HEIGHT,	118 height: FEEDBACK_HEIGHT,

100 hidden: true,	119 hidden: true,

101 resizable: false },	120 resizable: false },

102 function(appWindow) {});	121 function(appWindow) {});

103 }	122 }

104	123

105 chrome.runtime.onMessage.addListener(feedbackReadyHandler);	124 chrome.runtime.onMessage.addListener(feedbackReadyHandler);

106 chrome.runtime.onMessageExternal.addListener(requestFeedbackHandler);	125 chrome.runtime.onMessageExternal.addListener(requestFeedbackHandler);

107 chrome.feedbackPrivate.onFeedbackRequested.addListener(startFeedbackUI);	126 chrome.feedbackPrivate.onFeedbackRequested.addListener(startFeedbackUI);

OLD	NEW

« no previous file with comments | « chrome/browser/resources/feedback/OWNERS ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698