blob: 2b5597271fb5706b493a92035db5ddfd4eaf8f59 [file] [log] [blame]
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "extensions/browser/api/declarative_net_request/utils.h"
#include <algorithm>
#include <memory>
#include <set>
#include <string_view>
#include <utility>
#include "base/auto_reset.h"
#include "base/files/file.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/hash/hash.h"
#include "base/metrics/histogram_functions.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "components/url_pattern_index/url_pattern_index.h"
#include "components/version_info/channel.h"
#include "components/web_cache/browser/web_cache_manager.h"
#include "content/public/browser/browser_thread.h"
#include "extensions/browser/api/declarative_net_request/composite_matcher.h"
#include "extensions/browser/api/declarative_net_request/constants.h"
#include "extensions/browser/api/declarative_net_request/flat/extension_ruleset_generated.h"
#include "extensions/browser/api/declarative_net_request/ruleset_matcher.h"
#include "extensions/browser/api/web_request/web_request_info.h"
#include "extensions/browser/api/web_request/web_request_resource_type.h"
#include "extensions/browser/extensions_browser_client.h"
#include "extensions/common/api/declarative_net_request/constants.h"
#include "extensions/common/api/declarative_net_request/dnr_manifest_data.h"
#include "extensions/common/error_utils.h"
#include "extensions/common/extension_features.h"
#include "extensions/common/features/feature_channel.h"
#include "extensions/common/permissions/api_permission.h"
#include "extensions/common/permissions/permissions_data.h"
#include "third_party/flatbuffers/src/include/flatbuffers/flatbuffers.h"
namespace extensions::declarative_net_request {
namespace {
namespace dnr_api = api::declarative_net_request;
namespace flat_rule = url_pattern_index::flat;
// The ruleset format version of the flatbuffer schema. Increment this whenever
// making an incompatible change to the schema at extension_ruleset.fbs or
// url_pattern_index.fbs. Whenever an extension with an indexed ruleset format
// version different from the one currently used by Chrome is loaded, the
// extension ruleset will be reindexed.
constexpr int kIndexedRulesetFormatVersion = 36;
// This static assert is meant to catch cases where
// url_pattern_index::kUrlPatternIndexFormatVersion is incremented without
// updating kIndexedRulesetFormatVersion.
static_assert(url_pattern_index::kUrlPatternIndexFormatVersion == 16,
"kUrlPatternIndexFormatVersion has changed, make sure you've "
"also updated kIndexedRulesetFormatVersion above.");
constexpr int kInvalidIndexedRulesetFormatVersion = -1;
int g_indexed_ruleset_format_version_for_testing =
kInvalidIndexedRulesetFormatVersion;
constexpr int kInvalidOverrideChecksumForTest = -1;
int g_override_checksum_for_test = kInvalidOverrideChecksumForTest;
constexpr int kInvalidRuleLimit = -1;
int g_static_guaranteed_minimum_for_testing = kInvalidRuleLimit;
int g_global_static_rule_limit_for_testing = kInvalidRuleLimit;
int g_regex_rule_limit_for_testing = kInvalidRuleLimit;
int g_dynamic_rule_limit_for_testing = kInvalidRuleLimit;
int g_unsafe_dynamic_rule_limit_for_testing = kInvalidRuleLimit;
int g_session_rule_limit_for_testing = kInvalidRuleLimit;
int g_unsafe_session_rule_limit_for_testing = kInvalidRuleLimit;
int g_disabled_static_rule_limit_for_testing = kInvalidRuleLimit;
int GetIndexedRulesetFormatVersion() {
return g_indexed_ruleset_format_version_for_testing ==
kInvalidIndexedRulesetFormatVersion
? kIndexedRulesetFormatVersion
: g_indexed_ruleset_format_version_for_testing;
}
// Returns the header to be used for indexed rulesets. This depends on the
// current ruleset format version.
std::string GetVersionHeader() {
return base::StringPrintf("---------Version=%d",
GetIndexedRulesetFormatVersion());
}
// Helper to ensure pointers to string literals can be used with
// base::JoinString.
std::string JoinString(base::span<const char* const> parts) {
std::vector<std::string_view> parts_piece;
for (const char* part : parts) {
parts_piece.push_back(part);
}
return base::JoinString(parts_piece, ", ");
}
} // namespace
std::string GetVersionHeaderForTesting() {
return GetVersionHeader();
}
int GetIndexedRulesetFormatVersionForTesting() {
return GetIndexedRulesetFormatVersion();
}
ScopedIncrementRulesetVersion CreateScopedIncrementRulesetVersionForTesting() {
return base::AutoReset<int>(&g_indexed_ruleset_format_version_for_testing,
GetIndexedRulesetFormatVersion() + 1);
}
bool StripVersionHeaderAndParseVersion(std::string* ruleset_data) {
DCHECK(ruleset_data);
const std::string version_header = GetVersionHeader();
if (!base::StartsWith(*ruleset_data, version_header,
base::CompareCase::SENSITIVE)) {
return false;
}
// Strip the header from |ruleset_data|.
ruleset_data->erase(0, version_header.size());
return true;
}
int GetChecksum(base::span<const uint8_t> data) {
if (g_override_checksum_for_test != kInvalidOverrideChecksumForTest) {
return g_override_checksum_for_test;
}
uint32_t hash = base::PersistentHash(data);
// Strip off the sign bit since this needs to be persisted in preferences
// which don't support unsigned ints.
return static_cast<int>(hash & 0x7fffffff);
}
void OverrideGetChecksumForTest(int checksum) {
g_override_checksum_for_test = checksum;
}
std::string GetIndexedRulesetData(base::span<const uint8_t> data) {
return base::StrCat(
{GetVersionHeader(),
std::string_view(reinterpret_cast<const char*>(data.data()),
data.size())});
}
bool PersistIndexedRuleset(const base::FilePath& path,
base::span<const uint8_t> data) {
// Create the directory corresponding to |path| if it does not exist.
if (!base::CreateDirectory(path.DirName())) {
return false;
}
// Unlike for dynamic rules, we don't use `ImportantFileWriter` here since it
// can be quite slow (and this will be called for the extension's indexed
// static rulesets). Also the file persisting logic here is simpler than for
// dynamic rules where we need to persist both the JSON and indexed rulesets
// and keep them in sync.
base::File ruleset_file(
path, base::File::FLAG_CREATE_ALWAYS | base::File::FLAG_WRITE);
if (!ruleset_file.IsValid()) {
return false;
}
// Write the version header.
if (!ruleset_file.WriteAtCurrentPosAndCheck(
base::as_byte_span(GetVersionHeader()))) {
return false;
}
// Write the flatbuffer ruleset.
if (!ruleset_file.WriteAtCurrentPosAndCheck(data)) {
return false;
}
return true;
}
void ClearRendererCacheOnNavigation() {
DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
extensions::ExtensionsBrowserClient::Get()->ClearBackForwardCache();
web_cache::WebCacheManager::GetInstance()->ClearCacheOnNavigation();
}
void LogReadDynamicRulesStatus(ReadJSONRulesResult::Status status) {
base::UmaHistogramEnumeration(kReadDynamicRulesJSONStatusHistogram, status);
}
// Maps WebRequestResourceType to dnr_api::ResourceType.
dnr_api::ResourceType GetDNRResourceType(WebRequestResourceType resource_type) {
switch (resource_type) {
case WebRequestResourceType::OTHER:
return dnr_api::ResourceType::kOther;
case WebRequestResourceType::MAIN_FRAME:
return dnr_api::ResourceType::kMainFrame;
case WebRequestResourceType::CSP_REPORT:
return dnr_api::ResourceType::kCspReport;
case WebRequestResourceType::SCRIPT:
return dnr_api::ResourceType::kScript;
case WebRequestResourceType::IMAGE:
return dnr_api::ResourceType::kImage;
case WebRequestResourceType::STYLESHEET:
return dnr_api::ResourceType::kStylesheet;
case WebRequestResourceType::OBJECT:
return dnr_api::ResourceType::kObject;
case WebRequestResourceType::XHR:
return dnr_api::ResourceType::kXmlhttprequest;
case WebRequestResourceType::SUB_FRAME:
return dnr_api::ResourceType::kSubFrame;
case WebRequestResourceType::PING:
return dnr_api::ResourceType::kPing;
case WebRequestResourceType::MEDIA:
return dnr_api::ResourceType::kMedia;
case WebRequestResourceType::FONT:
return dnr_api::ResourceType::kFont;
case WebRequestResourceType::WEB_SOCKET:
return dnr_api::ResourceType::kWebsocket;
case WebRequestResourceType::WEB_TRANSPORT:
return dnr_api::ResourceType::kWebtransport;
case WebRequestResourceType::WEBBUNDLE:
return dnr_api::ResourceType::kWebbundle;
}
NOTREACHED();
}
// Maps dnr_api::ResourceType to WebRequestResourceType.
WebRequestResourceType GetWebRequestResourceType(
dnr_api::ResourceType resource_type) {
switch (resource_type) {
case dnr_api::ResourceType::kOther:
return WebRequestResourceType::OTHER;
case dnr_api::ResourceType::kMainFrame:
return WebRequestResourceType::MAIN_FRAME;
case dnr_api::ResourceType::kCspReport:
return WebRequestResourceType::CSP_REPORT;
case dnr_api::ResourceType::kScript:
return WebRequestResourceType::SCRIPT;
case dnr_api::ResourceType::kImage:
return WebRequestResourceType::IMAGE;
case dnr_api::ResourceType::kStylesheet:
return WebRequestResourceType::STYLESHEET;
case dnr_api::ResourceType::kObject:
return WebRequestResourceType::OBJECT;
case dnr_api::ResourceType::kXmlhttprequest:
return WebRequestResourceType::XHR;
case dnr_api::ResourceType::kSubFrame:
return WebRequestResourceType::SUB_FRAME;
case dnr_api::ResourceType::kPing:
return WebRequestResourceType::PING;
case dnr_api::ResourceType::kMedia:
return WebRequestResourceType::MEDIA;
case dnr_api::ResourceType::kFont:
return WebRequestResourceType::FONT;
case dnr_api::ResourceType::kWebsocket:
return WebRequestResourceType::WEB_SOCKET;
case dnr_api::ResourceType::kWebtransport:
return WebRequestResourceType::WEB_TRANSPORT;
case dnr_api::ResourceType::kWebbundle:
return WebRequestResourceType::WEBBUNDLE;
case dnr_api::ResourceType::kNone:
NOTREACHED();
}
NOTREACHED();
}
dnr_api::RequestDetails CreateRequestDetails(const WebRequestInfo& request) {
dnr_api::RequestDetails details;
details.request_id = base::NumberToString(request.id);
details.url = request.url.spec();
if (request.initiator) {
details.initiator = request.initiator->Serialize();
}
details.method = request.method;
details.frame_id = request.frame_data.frame_id;
if (request.frame_data.document_id) {
details.document_id = request.frame_data.document_id.ToString();
}
details.parent_frame_id = request.frame_data.parent_frame_id;
if (request.frame_data.parent_document_id) {
details.parent_document_id =
request.frame_data.parent_document_id.ToString();
}
details.tab_id = request.frame_data.tab_id;
details.type = GetDNRResourceType(request.web_request_type);
details.frame_type = request.frame_data.frame_type;
details.document_lifecycle = request.frame_data.document_lifecycle;
return details;
}
re2::RE2::Options CreateRE2Options(bool is_case_sensitive,
bool require_capturing) {
re2::RE2::Options options;
// RE2 supports UTF-8 and Latin1 encoding. We only need to support ASCII, so
// use Latin1 encoding. This should also be more efficient than UTF-8.
// Note: Latin1 is an 8 bit extension to ASCII.
options.set_encoding(re2::RE2::Options::EncodingLatin1);
options.set_case_sensitive(is_case_sensitive);
// Don't capture unless needed, for efficiency.
options.set_never_capture(!require_capturing);
options.set_log_errors(false);
// Limit the maximum memory per regex.
options.set_max_mem(kRegexMaxMemKb << 10);
return options;
}
flat::ActionType ConvertToFlatActionType(dnr_api::RuleActionType action_type) {
switch (action_type) {
case dnr_api::RuleActionType::kBlock:
return flat::ActionType_block;
case dnr_api::RuleActionType::kAllow:
return flat::ActionType_allow;
case dnr_api::RuleActionType::kRedirect:
return flat::ActionType_redirect;
case dnr_api::RuleActionType::kModifyHeaders:
return flat::ActionType_modify_headers;
case dnr_api::RuleActionType::kUpgradeScheme:
return flat::ActionType_upgrade_scheme;
case dnr_api::RuleActionType::kAllowAllRequests:
return flat::ActionType_allow_all_requests;
case dnr_api::RuleActionType::kNone:
break;
}
NOTREACHED();
}
std::string GetPublicRulesetID(const Extension& extension,
RulesetID ruleset_id) {
if (ruleset_id == kDynamicRulesetID) {
return dnr_api::DYNAMIC_RULESET_ID;
}
if (ruleset_id == kSessionRulesetID) {
return dnr_api::SESSION_RULESET_ID;
}
DCHECK_GE(ruleset_id, kMinValidStaticRulesetID);
return DNRManifestData::GetRuleset(extension, ruleset_id).manifest_id;
}
std::vector<std::string> GetPublicRulesetIDs(const Extension& extension,
const CompositeMatcher& matcher) {
std::vector<std::string> ids;
ids.reserve(matcher.matchers().size());
for (const std::unique_ptr<RulesetMatcher>& ruleset_matcher :
matcher.matchers())
ids.push_back(GetPublicRulesetID(extension, ruleset_matcher->id()));
return ids;
}
int GetStaticGuaranteedMinimumRuleCount() {
return g_static_guaranteed_minimum_for_testing == kInvalidRuleLimit
? dnr_api::GUARANTEED_MINIMUM_STATIC_RULES
: g_static_guaranteed_minimum_for_testing;
}
int GetGlobalStaticRuleLimit() {
return g_global_static_rule_limit_for_testing == kInvalidRuleLimit
? kMaxStaticRulesPerProfile
: g_global_static_rule_limit_for_testing;
}
int GetMaximumRulesPerRuleset() {
return GetStaticGuaranteedMinimumRuleCount() + GetGlobalStaticRuleLimit();
}
int GetDynamicRuleLimit() {
if (!base::FeatureList::IsEnabled(
extensions_features::kDeclarativeNetRequestSafeRuleLimits)) {
return GetUnsafeDynamicRuleLimit();
}
return g_dynamic_rule_limit_for_testing == kInvalidRuleLimit
? dnr_api::MAX_NUMBER_OF_DYNAMIC_RULES
: g_dynamic_rule_limit_for_testing;
}
int GetUnsafeDynamicRuleLimit() {
return g_unsafe_dynamic_rule_limit_for_testing == kInvalidRuleLimit
? dnr_api::MAX_NUMBER_OF_UNSAFE_DYNAMIC_RULES
: g_unsafe_dynamic_rule_limit_for_testing;
}
int GetSessionRuleLimit() {
if (!base::FeatureList::IsEnabled(
extensions_features::kDeclarativeNetRequestSafeRuleLimits)) {
return GetUnsafeSessionRuleLimit();
}
return g_session_rule_limit_for_testing == kInvalidRuleLimit
? dnr_api::MAX_NUMBER_OF_SESSION_RULES
: g_session_rule_limit_for_testing;
}
int GetUnsafeSessionRuleLimit() {
return g_unsafe_session_rule_limit_for_testing == kInvalidRuleLimit
? dnr_api::MAX_NUMBER_OF_UNSAFE_SESSION_RULES
: g_unsafe_session_rule_limit_for_testing;
}
int GetRegexRuleLimit() {
return g_regex_rule_limit_for_testing == kInvalidRuleLimit
? dnr_api::MAX_NUMBER_OF_REGEX_RULES
: g_regex_rule_limit_for_testing;
}
int GetDisabledStaticRuleLimit() {
return g_disabled_static_rule_limit_for_testing == kInvalidRuleLimit
? kMaxDisabledStaticRules
: g_disabled_static_rule_limit_for_testing;
}
ScopedRuleLimitOverride CreateScopedStaticGuaranteedMinimumOverrideForTesting(
int minimum) {
return base::AutoReset<int>(&g_static_guaranteed_minimum_for_testing,
minimum);
}
ScopedRuleLimitOverride CreateScopedGlobalStaticRuleLimitOverrideForTesting(
int limit) {
return base::AutoReset<int>(&g_global_static_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride CreateScopedRegexRuleLimitOverrideForTesting(
int limit) {
return base::AutoReset<int>(&g_regex_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride
CreateScopedDynamicRuleLimitOverrideForTesting( // IN-TEST
int limit) {
return base::AutoReset<int>(&g_dynamic_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride
CreateScopedUnsafeDynamicRuleLimitOverrideForTesting( // IN-TEST
int limit) {
return base::AutoReset<int>(&g_unsafe_dynamic_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride
CreateScopedSessionRuleLimitOverrideForTesting( // IN-TEST
int limit) {
return base::AutoReset<int>(&g_session_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride
CreateScopedUnsafeSessionRuleLimitOverrideForTesting( // IN-TEST
int limit) {
return base::AutoReset<int>(&g_unsafe_session_rule_limit_for_testing, limit);
}
ScopedRuleLimitOverride CreateScopedDisabledStaticRuleLimitOverrideForTesting(
int limit) {
return base::AutoReset<int>(&g_disabled_static_rule_limit_for_testing, limit);
}
size_t GetEnabledStaticRuleCount(const CompositeMatcher* composite_matcher) {
if (!composite_matcher) {
return 0;
}
size_t enabled_static_rule_count = 0;
for (const std::unique_ptr<RulesetMatcher>& matcher :
composite_matcher->matchers()) {
if (matcher->id() == kDynamicRulesetID) {
continue;
}
enabled_static_rule_count += matcher->GetRulesCount();
}
return enabled_static_rule_count;
}
bool HasAnyDNRPermission(const Extension& extension) {
const PermissionsData* permissions = extension.permissions_data();
return permissions->HasAPIPermission(
mojom::APIPermissionID::kDeclarativeNetRequest) ||
permissions->HasAPIPermission(
mojom::APIPermissionID::kDeclarativeNetRequestWithHostAccess);
}
bool HasDNRFeedbackPermission(const Extension* extension,
const std::optional<int>& tab_id) {
const PermissionsData* permissions_data = extension->permissions_data();
return tab_id.has_value()
? permissions_data->HasAPIPermissionForTab(
*tab_id,
mojom::APIPermissionID::kDeclarativeNetRequestFeedback)
: permissions_data->HasAPIPermission(
mojom::APIPermissionID::kDeclarativeNetRequestFeedback);
}
// TODO(crbug.com/40869593): Add a parameter that allows more specific strings
// for error messages that can pinpoint the error within a single rule.
std::string GetParseError(ParseResult error_reason, int rule_id) {
switch (error_reason) {
case ParseResult::NONE:
break;
case ParseResult::SUCCESS:
break;
case ParseResult::ERROR_REQUEST_METHOD_DUPLICATED:
return ErrorUtils::FormatErrorMessage(kErrorRequestMethodDuplicated,
base::NumberToString(rule_id));
case ParseResult::ERROR_RESOURCE_TYPE_DUPLICATED:
return ErrorUtils::FormatErrorMessage(kErrorResourceTypeDuplicated,
base::NumberToString(rule_id));
case ParseResult::ERROR_INVALID_RULE_ID:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidRuleKey, base::NumberToString(rule_id), kIDKey,
base::NumberToString(kMinValidID));
case ParseResult::ERROR_INVALID_RULE_PRIORITY:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidRuleKey, base::NumberToString(rule_id), kPriorityKey,
base::NumberToString(kMinValidPriority));
case ParseResult::ERROR_NO_APPLICABLE_RESOURCE_TYPES:
return ErrorUtils::FormatErrorMessage(kErrorNoApplicableResourceTypes,
base::NumberToString(rule_id));
case ParseResult::ERROR_EMPTY_DOMAINS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kDomainsKey);
case ParseResult::ERROR_EMPTY_INITIATOR_DOMAINS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kInitiatorDomainsKey);
case ParseResult::ERROR_EMPTY_REQUEST_DOMAINS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kRequestDomainsKey);
case ParseResult::ERROR_EMPTY_TOP_DOMAINS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kTopDomainsKey);
case ParseResult::ERROR_DOMAINS_AND_INITIATOR_DOMAINS_BOTH_SPECIFIED:
return ErrorUtils::FormatErrorMessage(
kErrorDomainsAndInitiatorDomainsBothSpecified,
base::NumberToString(rule_id), kDomainsKey, kInitiatorDomainsKey);
case ParseResult::
ERROR_EXCLUDED_DOMAINS_AND_EXCLUDED_INITIATOR_DOMAINS_BOTH_SPECIFIED:
return ErrorUtils::FormatErrorMessage(
kErrorDomainsAndInitiatorDomainsBothSpecified,
base::NumberToString(rule_id), kExcludedDomainsKey,
kExcludedInitiatorDomainsKey);
case ParseResult::ERROR_EMPTY_RESOURCE_TYPES_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kResourceTypesKey);
case ParseResult::ERROR_EMPTY_REQUEST_METHODS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kRequestMethodsKey);
case ParseResult::ERROR_EMPTY_URL_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyKey, base::NumberToString(rule_id), kUrlFilterKey);
case ParseResult::ERROR_INVALID_REDIRECT_URL:
return ErrorUtils::FormatErrorMessage(kErrorInvalidRedirectUrl,
base::NumberToString(rule_id),
kRedirectUrlPath);
case ParseResult::ERROR_DUPLICATE_IDS:
return ErrorUtils::FormatErrorMessage(kErrorDuplicateIDs,
base::NumberToString(rule_id));
case ParseResult::ERROR_NON_ASCII_URL_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kUrlFilterKey);
case ParseResult::ERROR_NON_ASCII_DOMAIN:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kDomainsKey);
case ParseResult::ERROR_NON_ASCII_EXCLUDED_DOMAIN:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kExcludedDomainsKey);
case ParseResult::ERROR_NON_ASCII_INITIATOR_DOMAIN:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kInitiatorDomainsKey);
case ParseResult::ERROR_NON_ASCII_EXCLUDED_INITIATOR_DOMAIN:
return ErrorUtils::FormatErrorMessage(kErrorNonAscii,
base::NumberToString(rule_id),
kExcludedInitiatorDomainsKey);
case ParseResult::ERROR_NON_ASCII_REQUEST_DOMAIN:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kRequestDomainsKey);
case ParseResult::ERROR_NON_ASCII_EXCLUDED_REQUEST_DOMAIN:
return ErrorUtils::FormatErrorMessage(kErrorNonAscii,
base::NumberToString(rule_id),
kExcludedRequestDomainsKey);
case ParseResult::ERROR_NON_ASCII_TOP_DOMAIN:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kTopDomainsKey);
case ParseResult::ERROR_NON_ASCII_EXCLUDED_TOP_DOMAIN:
return ErrorUtils::FormatErrorMessage(kErrorNonAscii,
base::NumberToString(rule_id),
kExcludedTopDomainsKey);
case ParseResult::ERROR_INVALID_URL_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kUrlFilterKey);
case ParseResult::ERROR_INVALID_REDIRECT:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kRedirectPath);
case ParseResult::ERROR_INVALID_EXTENSION_PATH:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kExtensionPathPath);
case ParseResult::ERROR_INVALID_TRANSFORM_SCHEME:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidTransformScheme, base::NumberToString(rule_id),
kTransformSchemePath,
JoinString(base::span<const char* const>(kAllowedTransformSchemes)));
case ParseResult::ERROR_INVALID_TRANSFORM_PORT:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kTransformPortPath);
case ParseResult::ERROR_INVALID_TRANSFORM_QUERY:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kTransformQueryPath);
case ParseResult::ERROR_INVALID_TRANSFORM_FRAGMENT:
return ErrorUtils::FormatErrorMessage(kErrorInvalidKey,
base::NumberToString(rule_id),
kTransformFragmentPath);
case ParseResult::ERROR_QUERY_AND_TRANSFORM_BOTH_SPECIFIED:
return ErrorUtils::FormatErrorMessage(
kErrorQueryAndTransformBothSpecified, base::NumberToString(rule_id),
kTransformQueryPath, kTransformQueryTransformPath);
case ParseResult::ERROR_JAVASCRIPT_REDIRECT:
return ErrorUtils::FormatErrorMessage(kErrorJavascriptRedirect,
base::NumberToString(rule_id),
kRedirectUrlPath);
case ParseResult::ERROR_EMPTY_REGEX_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyKey, base::NumberToString(rule_id), kRegexFilterKey);
case ParseResult::ERROR_NON_ASCII_REGEX_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorNonAscii, base::NumberToString(rule_id), kRegexFilterKey);
case ParseResult::ERROR_INVALID_REGEX_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidKey, base::NumberToString(rule_id), kRegexFilterKey);
case ParseResult::ERROR_NO_HEADERS_TO_MODIFY_SPECIFIED:
return ErrorUtils::FormatErrorMessage(
kErrorNoHeaderListsSpecified, base::NumberToString(rule_id),
kModifyRequestHeadersPath, kModifyResponseHeadersPath);
case ParseResult::ERROR_EMPTY_MODIFY_REQUEST_HEADERS_LIST:
return ErrorUtils::FormatErrorMessage(kErrorEmptyList,
base::NumberToString(rule_id),
kModifyRequestHeadersPath);
case ParseResult::ERROR_EMPTY_MODIFY_RESPONSE_HEADERS_LIST:
return ErrorUtils::FormatErrorMessage(kErrorEmptyList,
base::NumberToString(rule_id),
kModifyResponseHeadersPath);
case ParseResult::ERROR_INVALID_HEADER_TO_MODIFY_NAME:
return ErrorUtils::FormatErrorMessage(kErrorInvalidModifyHeaderName,
base::NumberToString(rule_id));
case ParseResult::ERROR_INVALID_HEADER_TO_MODIFY_VALUE:
return ErrorUtils::FormatErrorMessage(kErrorInvalidModifyHeaderValue,
base::NumberToString(rule_id));
case ParseResult::ERROR_HEADER_VALUE_NOT_SPECIFIED:
return ErrorUtils::FormatErrorMessage(kErrorNoHeaderValueSpecified,
base::NumberToString(rule_id));
case ParseResult::ERROR_HEADER_VALUE_PRESENT:
return ErrorUtils::FormatErrorMessage(kErrorHeaderValuePresent,
base::NumberToString(rule_id));
case ParseResult::ERROR_APPEND_INVALID_REQUEST_HEADER:
return ErrorUtils::FormatErrorMessage(kErrorAppendInvalidRequestHeader,
base::NumberToString(rule_id));
case ParseResult::ERROR_REGEX_TOO_LARGE:
return ErrorUtils::FormatErrorMessage(
kErrorRegexTooLarge, base::NumberToString(rule_id), kRegexFilterKey);
case ParseResult::ERROR_MULTIPLE_FILTERS_SPECIFIED:
return ErrorUtils::FormatErrorMessage(kErrorMultipleFilters,
base::NumberToString(rule_id),
kUrlFilterKey, kRegexFilterKey);
case ParseResult::ERROR_REGEX_SUBSTITUTION_WITHOUT_FILTER:
return ErrorUtils::FormatErrorMessage(
kErrorRegexSubstitutionWithoutFilter, base::NumberToString(rule_id),
kRegexSubstitutionKey, kRegexFilterKey);
case ParseResult::ERROR_INVALID_REGEX_SUBSTITUTION:
return ErrorUtils::FormatErrorMessage(kErrorInvalidKey,
base::NumberToString(rule_id),
kRegexSubstitutionPath);
case ParseResult::ERROR_INVALID_ALLOW_ALL_REQUESTS_RESOURCE_TYPE:
return ErrorUtils::FormatErrorMessage(
kErrorInvalidAllowAllRequestsResourceType,
base::NumberToString(rule_id));
case ParseResult::ERROR_EMPTY_TAB_IDS_LIST:
return ErrorUtils::FormatErrorMessage(
kErrorEmptyList, base::NumberToString(rule_id), kTabIdsKey);
case ParseResult::ERROR_TAB_IDS_ON_NON_SESSION_RULE:
return ErrorUtils::FormatErrorMessage(kErrorTabIdsOnNonSessionRule,
base::NumberToString(rule_id),
kTabIdsKey, kExcludedTabIdsKey);
case ParseResult::ERROR_TAB_ID_DUPLICATED:
return ErrorUtils::FormatErrorMessage(kErrorTabIdDuplicated,
base::NumberToString(rule_id));
case ParseResult::ERROR_EMPTY_RESPONSE_HEADER_MATCHING_LIST:
return ErrorUtils::FormatErrorMessage(kErrorEmptyList,
base::NumberToString(rule_id),
kMatchResponseHeadersPath);
case ParseResult::ERROR_EMPTY_EXCLUDED_RESPONSE_HEADER_MATCHING_LIST:
return ErrorUtils::FormatErrorMessage(kErrorEmptyList,
base::NumberToString(rule_id),
kMatchExcludedResponseHeadersPath);
case ParseResult::ERROR_INVALID_MATCHING_RESPONSE_HEADER_NAME:
return ErrorUtils::FormatErrorMessage(kErrorInvalidMatchingHeaderName,
base::NumberToString(rule_id),
kMatchResponseHeadersPath);
case ParseResult::ERROR_INVALID_MATCHING_EXCLUDED_RESPONSE_HEADER_NAME:
return ErrorUtils::FormatErrorMessage(kErrorInvalidMatchingHeaderName,
base::NumberToString(rule_id),
kMatchExcludedResponseHeadersPath);
case ParseResult::ERROR_INVALID_MATCHING_RESPONSE_HEADER_VALUE:
return ErrorUtils::FormatErrorMessage(kErrorInvalidMatchingHeaderValue,
base::NumberToString(rule_id),
kMatchResponseHeadersPath);
case ParseResult::ERROR_MATCHING_RESPONSE_HEADER_DUPLICATED:
return ErrorUtils::FormatErrorMessage(kErrorResponseHeaderDuplicated,
base::NumberToString(rule_id));
case ParseResult::ERROR_RESPONSE_HEADER_RULE_CANNOT_MODIFY_REQUEST_HEADERS:
return ErrorUtils::FormatErrorMessage(
kErrorResponseHeaderRuleCannotModifyRequestHeaders,
base::NumberToString(rule_id));
}
NOTREACHED();
}
flat_rule::ElementType GetElementType(WebRequestResourceType web_request_type) {
switch (web_request_type) {
case WebRequestResourceType::OTHER:
return flat_rule::ElementType_OTHER;
case WebRequestResourceType::MAIN_FRAME:
return flat_rule::ElementType_MAIN_FRAME;
case WebRequestResourceType::CSP_REPORT:
return flat_rule::ElementType_CSP_REPORT;
case WebRequestResourceType::SCRIPT:
return flat_rule::ElementType_SCRIPT;
case WebRequestResourceType::IMAGE:
return flat_rule::ElementType_IMAGE;
case WebRequestResourceType::STYLESHEET:
return flat_rule::ElementType_STYLESHEET;
case WebRequestResourceType::OBJECT:
return flat_rule::ElementType_OBJECT;
case WebRequestResourceType::XHR:
return flat_rule::ElementType_XMLHTTPREQUEST;
case WebRequestResourceType::SUB_FRAME:
return flat_rule::ElementType_SUBDOCUMENT;
case WebRequestResourceType::PING:
return flat_rule::ElementType_PING;
case WebRequestResourceType::MEDIA:
return flat_rule::ElementType_MEDIA;
case WebRequestResourceType::FONT:
return flat_rule::ElementType_FONT;
case WebRequestResourceType::WEBBUNDLE:
return flat_rule::ElementType_WEBBUNDLE;
case WebRequestResourceType::WEB_SOCKET:
return flat_rule::ElementType_WEBSOCKET;
case WebRequestResourceType::WEB_TRANSPORT:
return flat_rule::ElementType_WEBTRANSPORT;
}
NOTREACHED();
}
flat_rule::ElementType GetElementType(dnr_api::ResourceType resource_type) {
switch (resource_type) {
case dnr_api::ResourceType::kNone:
return flat_rule::ElementType_NONE;
case dnr_api::ResourceType::kMainFrame:
return flat_rule::ElementType_MAIN_FRAME;
case dnr_api::ResourceType::kSubFrame:
return flat_rule::ElementType_SUBDOCUMENT;
case dnr_api::ResourceType::kStylesheet:
return flat_rule::ElementType_STYLESHEET;
case dnr_api::ResourceType::kScript:
return flat_rule::ElementType_SCRIPT;
case dnr_api::ResourceType::kImage:
return flat_rule::ElementType_IMAGE;
case dnr_api::ResourceType::kFont:
return flat_rule::ElementType_FONT;
case dnr_api::ResourceType::kObject:
return flat_rule::ElementType_OBJECT;
case dnr_api::ResourceType::kXmlhttprequest:
return flat_rule::ElementType_XMLHTTPREQUEST;
case dnr_api::ResourceType::kPing:
return flat_rule::ElementType_PING;
case dnr_api::ResourceType::kCspReport:
return flat_rule::ElementType_CSP_REPORT;
case dnr_api::ResourceType::kMedia:
return flat_rule::ElementType_MEDIA;
case dnr_api::ResourceType::kWebsocket:
return flat_rule::ElementType_WEBSOCKET;
case dnr_api::ResourceType::kWebtransport:
return flat_rule::ElementType_WEBTRANSPORT;
case dnr_api::ResourceType::kWebbundle:
return flat_rule::ElementType_WEBBUNDLE;
case dnr_api::ResourceType::kOther:
return flat_rule::ElementType_OTHER;
}
NOTREACHED();
}
// Maps an HTTP request method string to flat_rule::RequestMethod.
// Returns `flat::RequestMethod_NON_HTTP` for non-HTTP(s) requests, and
// `flat::RequestMethod_OTHER_HTTP` for HTTP(s) requests with an unknown
// request method.
flat_rule::RequestMethod GetRequestMethod(bool http_or_https,
const std::string& method) {
if (!http_or_https) {
return flat_rule::RequestMethod_NON_HTTP;
}
using net::HttpRequestHeaders;
static const base::NoDestructor<
base::flat_map<std::string_view, flat_rule::RequestMethod>>
kRequestMethods(
{{HttpRequestHeaders::kDeleteMethod, flat_rule::RequestMethod_DELETE},
{HttpRequestHeaders::kGetMethod, flat_rule::RequestMethod_GET},
{HttpRequestHeaders::kHeadMethod, flat_rule::RequestMethod_HEAD},
{HttpRequestHeaders::kOptionsMethod,
flat_rule::RequestMethod_OPTIONS},
{HttpRequestHeaders::kPatchMethod, flat_rule::RequestMethod_PATCH},
{HttpRequestHeaders::kPostMethod, flat_rule::RequestMethod_POST},
{HttpRequestHeaders::kPutMethod, flat_rule::RequestMethod_PUT},
{HttpRequestHeaders::kConnectMethod,
flat_rule::RequestMethod_CONNECT}});
DCHECK(std::ranges::all_of(*kRequestMethods, [](const auto& key_value) {
return std::ranges::none_of(key_value.first, base::IsAsciiLower<char>);
}));
std::string normalized_method = base::ToUpperASCII(method);
auto it = kRequestMethods->find(normalized_method);
if (it == kRequestMethods->end()) {
return flat_rule::RequestMethod_OTHER_HTTP;
}
return it->second;
}
flat_rule::RequestMethod GetRequestMethod(
dnr_api::RequestMethod request_method) {
switch (request_method) {
case dnr_api::RequestMethod::kNone:
NOTREACHED();
case dnr_api::RequestMethod::kConnect:
return flat_rule::RequestMethod_CONNECT;
case dnr_api::RequestMethod::kDelete:
return flat_rule::RequestMethod_DELETE;
case dnr_api::RequestMethod::kGet:
return flat_rule::RequestMethod_GET;
case dnr_api::RequestMethod::kHead:
return flat_rule::RequestMethod_HEAD;
case dnr_api::RequestMethod::kOptions:
return flat_rule::RequestMethod_OPTIONS;
case dnr_api::RequestMethod::kOther:
return flat_rule::RequestMethod_OTHER_HTTP;
case dnr_api::RequestMethod::kPatch:
return flat_rule::RequestMethod_PATCH;
case dnr_api::RequestMethod::kPost:
return flat_rule::RequestMethod_POST;
case dnr_api::RequestMethod::kPut:
return flat_rule::RequestMethod_PUT;
}
NOTREACHED();
}
flat_rule::RequestMethod GetRequestMethod(
bool http_or_https,
dnr_api::RequestMethod request_method) {
if (!http_or_https) {
return flat_rule::RequestMethod_NON_HTTP;
}
return GetRequestMethod(request_method);
}
bool IsRuleSafe(const api::declarative_net_request::Rule& rule) {
// Each `dnr_api::RuleActionType` maps 1:1 to a corresponding
// `flat::ActionType` so both versions of IsRuleSafe must be kept in sync.
dnr_api::RuleActionType action_type = rule.action.type;
return action_type == dnr_api::RuleActionType::kBlock ||
action_type == dnr_api::RuleActionType::kAllow ||
action_type == dnr_api::RuleActionType::kAllowAllRequests ||
action_type == dnr_api::RuleActionType::kUpgradeScheme;
}
bool IsRuleSafe(const flat::UrlRuleMetadata& url_rule_metadata) {
// Each `flat::RuleActionType` maps 1:1 to a corresponding
// `dnr_api::ActionType` so both versions of IsRuleSafe must be kept in sync.
flat::ActionType action_type = url_rule_metadata.action();
return action_type == flat::ActionType_block ||
action_type == flat::ActionType_allow ||
action_type == flat::ActionType_allow_all_requests ||
action_type == flat::ActionType_upgrade_scheme;
}
bool IsResponseHeaderMatchingEnabled() {
// Response header matching is enabled if the feature flag is enabled.
// Note: This function still remains in case additional checks may need to be
// added back such as channel restrictions.
return base::FeatureList::IsEnabled(
extensions_features::kDeclarativeNetRequestResponseHeaderMatching);
}
bool IsHeaderSubstitutionEnabled() {
return base::FeatureList::IsEnabled(
extensions_features::kDeclarativeNetRequestHeaderSubstitution);
}
} // namespace extensions::declarative_net_request