extensions/common/manifest_handlers/sandboxed_page_info.cc - chromium/src.git - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "extensions/common/manifest_handlers/sandboxed_page_info.h"

 #include <stddef.h>

 #include <memory>

 #include "base/lazy_instance.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "extensions/common/csp_validator.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/url_pattern.h"

 namespace extensions {

 namespace {

 namespace keys = extensions::manifest_keys;
 namespace errors = manifest_errors;

 const char kDefaultSandboxedPageContentSecurityPolicy[] =
     "sandbox allow-scripts allow-forms allow-popups allow-modals; "
     "script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";

 static base::LazyInstance<SandboxedPageInfo>::DestructorAtExit
     g_empty_sandboxed_info = LAZY_INSTANCE_INITIALIZER;

 const SandboxedPageInfo& GetSandboxedPageInfo(const Extension* extension) {
   SandboxedPageInfo* info = static_cast<SandboxedPageInfo*>(
       extension->GetManifestData(keys::kSandboxedPages));
   return info ? *info : g_empty_sandboxed_info.Get();
 }

 }  // namespace

 SandboxedPageInfo::SandboxedPageInfo() {
 }

 SandboxedPageInfo::~SandboxedPageInfo() {
 }

 const std::string& SandboxedPageInfo::GetContentSecurityPolicy(
     const Extension* extension) {
   return GetSandboxedPageInfo(extension).content_security_policy;
 }

 const URLPatternSet& SandboxedPageInfo::GetPages(const Extension* extension) {
   return GetSandboxedPageInfo(extension).pages;
 }

 bool SandboxedPageInfo::IsSandboxedPage(const Extension* extension,
                                     const std::string& relative_path) {
   return extension->ResourceMatches(GetPages(extension), relative_path);
 }

 SandboxedPageHandler::SandboxedPageHandler() {
 }

 SandboxedPageHandler::~SandboxedPageHandler() {
 }

 bool SandboxedPageHandler::Parse(Extension* extension, base::string16* error) {
   std::unique_ptr<SandboxedPageInfo> sandboxed_info(new SandboxedPageInfo);

   const base::ListValue* list_value = NULL;
   if (!extension->manifest()->GetList(keys::kSandboxedPages, &list_value)) {
     *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesList);
     return false;
   }

   for (size_t i = 0; i < list_value->GetSize(); ++i) {
     std::string relative_path;
     if (!list_value->GetString(i, &relative_path)) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidSandboxedPage, base::SizeTToString(i));
       return false;
     }
     URLPattern pattern(URLPattern::SCHEME_EXTENSION);
     if (pattern.Parse(extension->url().spec()) != URLPattern::PARSE_SUCCESS) {
       *error = ErrorUtils::FormatErrorMessageUTF16(
           errors::kInvalidURLPatternError, extension->url().spec());
       return false;
     }
     while (relative_path[0] == '/')
       relative_path = relative_path.substr(1, relative_path.length() - 1);
     pattern.SetPath(pattern.path() + relative_path);
     sandboxed_info->pages.AddPattern(pattern);
   }

   if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) {
     std::string content_security_policy;
     if (!extension->manifest()->GetString(keys::kSandboxedPagesCSP,
                                           &content_security_policy)) {
       *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
       return false;
     }

     if (!csp_validator::ContentSecurityPolicyIsLegal(content_security_policy) ||
         !csp_validator::ContentSecurityPolicyIsSandboxed(
             content_security_policy, extension->GetType())) {
       *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
       return false;
     }

     std::vector<InstallWarning> warnings;
     sandboxed_info->content_security_policy =
         csp_validator::GetEffectiveSandoxedPageCSP(content_security_policy,
                                                    &warnings);
     extension->AddInstallWarnings(warnings);
   } else {
     sandboxed_info->content_security_policy =
         kDefaultSandboxedPageContentSecurityPolicy;
   }
   CHECK(csp_validator::ContentSecurityPolicyIsSandboxed(
       sandboxed_info->content_security_policy, extension->GetType()));

   extension->SetManifestData(keys::kSandboxedPages, std::move(sandboxed_info));
   return true;
 }

 const std::vector<std::string> SandboxedPageHandler::Keys() const {
   return SingleKey(keys::kSandboxedPages);
 }

 }  // namespace extensions
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "extensions/common/manifest_handlers/sandboxed_page_info.h"

	#include <stddef.h>

	#include <memory>

	#include "base/lazy_instance.h"
	#include "base/strings/string_number_conversions.h"
	#include "base/strings/utf_string_conversions.h"
	#include "base/values.h"
	#include "extensions/common/csp_validator.h"
	#include "extensions/common/error_utils.h"
	#include "extensions/common/manifest_constants.h"
	#include "extensions/common/url_pattern.h"

	namespace extensions {

	namespace {

	namespace keys = extensions::manifest_keys;
	namespace errors = manifest_errors;

	const char kDefaultSandboxedPageContentSecurityPolicy[] =
	"sandbox allow-scripts allow-forms allow-popups allow-modals; "
	"script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";

	static base::LazyInstance<SandboxedPageInfo>::DestructorAtExit
	g_empty_sandboxed_info = LAZY_INSTANCE_INITIALIZER;

	const SandboxedPageInfo& GetSandboxedPageInfo(const Extension* extension) {
	SandboxedPageInfo* info = static_cast<SandboxedPageInfo*>(
	extension->GetManifestData(keys::kSandboxedPages));
	return info ? *info : g_empty_sandboxed_info.Get();
	}

	} // namespace

	SandboxedPageInfo::SandboxedPageInfo() {
	}

	SandboxedPageInfo::~SandboxedPageInfo() {
	}

	const std::string& SandboxedPageInfo::GetContentSecurityPolicy(
	const Extension* extension) {
	return GetSandboxedPageInfo(extension).content_security_policy;
	}

	const URLPatternSet& SandboxedPageInfo::GetPages(const Extension* extension) {
	return GetSandboxedPageInfo(extension).pages;
	}

	bool SandboxedPageInfo::IsSandboxedPage(const Extension* extension,
	const std::string& relative_path) {
	return extension->ResourceMatches(GetPages(extension), relative_path);
	}

	SandboxedPageHandler::SandboxedPageHandler() {
	}

	SandboxedPageHandler::~SandboxedPageHandler() {
	}

	bool SandboxedPageHandler::Parse(Extension* extension, base::string16* error) {
	std::unique_ptr<SandboxedPageInfo> sandboxed_info(new SandboxedPageInfo);

	const base::ListValue* list_value = NULL;
	if (!extension->manifest()->GetList(keys::kSandboxedPages, &list_value)) {
	*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesList);
	return false;
	}

	for (size_t i = 0; i < list_value->GetSize(); ++i) {
	std::string relative_path;
	if (!list_value->GetString(i, &relative_path)) {
	*error = ErrorUtils::FormatErrorMessageUTF16(
	errors::kInvalidSandboxedPage, base::SizeTToString(i));
	return false;
	}
	URLPattern pattern(URLPattern::SCHEME_EXTENSION);
	if (pattern.Parse(extension->url().spec()) != URLPattern::PARSE_SUCCESS) {
	*error = ErrorUtils::FormatErrorMessageUTF16(
	errors::kInvalidURLPatternError, extension->url().spec());
	return false;
	}
	while (relative_path[0] == '/')
	relative_path = relative_path.substr(1, relative_path.length() - 1);
	pattern.SetPath(pattern.path() + relative_path);
	sandboxed_info->pages.AddPattern(pattern);
	}

	if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) {
	std::string content_security_policy;
	if (!extension->manifest()->GetString(keys::kSandboxedPagesCSP,
	&content_security_policy)) {
	*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
	return false;
	}

	if (!csp_validator::ContentSecurityPolicyIsLegal(content_security_policy) \|\|
	!csp_validator::ContentSecurityPolicyIsSandboxed(
	content_security_policy, extension->GetType())) {
	*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
	return false;
	}

	std::vector<InstallWarning> warnings;
	sandboxed_info->content_security_policy =
	csp_validator::GetEffectiveSandoxedPageCSP(content_security_policy,
	&warnings);
	extension->AddInstallWarnings(warnings);
	} else {
	sandboxed_info->content_security_policy =
	kDefaultSandboxedPageContentSecurityPolicy;
	}
	CHECK(csp_validator::ContentSecurityPolicyIsSandboxed(
	sandboxed_info->content_security_policy, extension->GetType()));

	extension->SetManifestData(keys::kSandboxedPages, std::move(sandboxed_info));
	return true;
	}

	const std::vector<std::string> SandboxedPageHandler::Keys() const {
	return SingleKey(keys::kSandboxedPages);
	}

	} // namespace extensions