search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / extensions / browser / extension_protocols.cc
blobe1d7b44a806bcae4c61dab758cd7513d5a8c9a06
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "extensions/browser/extension_protocols.h"
6
7 #include <algorithm>
8 #include <string>
9 #include <vector>
10
11 #include "base/base64.h"
12 #include "base/compiler_specific.h"
13 #include "base/file_util.h"
14 #include "base/files/file_path.h"
15 #include "base/format_macros.h"
16 #include "base/logging.h"
17 #include "base/memory/weak_ptr.h"
18 #include "base/message_loop/message_loop.h"
19 #include "base/metrics/field_trial.h"
20 #include "base/metrics/histogram.h"
21 #include "base/metrics/sparse_histogram.h"
22 #include "base/path_service.h"
23 #include "base/sha1.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/string_util.h"
26 #include "base/strings/stringprintf.h"
27 #include "base/strings/utf_string_conversions.h"
28 #include "base/threading/sequenced_worker_pool.h"
29 #include "base/threading/thread_restrictions.h"
30 #include "base/timer/elapsed_timer.h"
31 #include "build/build_config.h"
32 #include "content/public/browser/browser_thread.h"
33 #include "content/public/browser/resource_request_info.h"
34 #include "crypto/secure_hash.h"
35 #include "crypto/sha2.h"
36 #include "extensions/browser/content_verifier.h"
37 #include "extensions/browser/content_verify_job.h"
38 #include "extensions/browser/extensions_browser_client.h"
39 #include "extensions/browser/info_map.h"
40 #include "extensions/common/constants.h"
41 #include "extensions/common/extension.h"
42 #include "extensions/common/extension_resource.h"
43 #include "extensions/common/file_util.h"
44 #include "extensions/common/manifest_handlers/background_info.h"
45 #include "extensions/common/manifest_handlers/csp_info.h"
46 #include "extensions/common/manifest_handlers/icons_handler.h"
47 #include "extensions/common/manifest_handlers/incognito_info.h"
48 #include "extensions/common/manifest_handlers/shared_module_info.h"
49 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
50 #include "net/base/io_buffer.h"
51 #include "net/base/net_errors.h"
52 #include "net/http/http_request_headers.h"
53 #include "net/http/http_response_headers.h"
54 #include "net/http/http_response_info.h"
55 #include "net/url_request/url_request_error_job.h"
56 #include "net/url_request/url_request_file_job.h"
57 #include "net/url_request/url_request_simple_job.h"
58 #include "url/url_util.h"
59
60 using content::BrowserThread;
61 using content::ResourceRequestInfo;
62 using content::ResourceType;
63 using extensions::Extension;
64 using extensions::SharedModuleInfo;
65
66 namespace extensions {
67 namespace {
68
69 class GeneratedBackgroundPageJob : public net::URLRequestSimpleJob {
70 public:
71 GeneratedBackgroundPageJob(net::URLRequest* request,
72 net::NetworkDelegate* network_delegate,
73 const scoped_refptr<const Extension> extension,
74 const std::string& content_security_policy)
75 : net::URLRequestSimpleJob(request, network_delegate),
76 extension_(extension) {
77 const bool send_cors_headers = false;
78 // Leave cache headers out of generated background page jobs.
79 response_info_.headers = BuildHttpHeaders(content_security_policy,
80 send_cors_headers,
81 base::Time());
82 }
83
84 // Overridden from URLRequestSimpleJob:
85 virtual int GetData(std::string* mime_type,
86 std::string* charset,
87 std::string* data,
88 const net::CompletionCallback& callback) const OVERRIDE {
89 *mime_type = "text/html";
90 *charset = "utf-8";
91
92 *data = "<!DOCTYPE html>\n<body>\n";
93 const std::vector<std::string>& background_scripts =
94 extensions::BackgroundInfo::GetBackgroundScripts(extension_.get());
95 for (size_t i = 0; i < background_scripts.size(); ++i) {
96 *data += "<script src=\"";
97 *data += background_scripts[i];
98 *data += "\"></script>\n";
99 }
100
101 return net::OK;
102 }
103
104 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
105 *info = response_info_;
106 }
107
108 private:
109 virtual ~GeneratedBackgroundPageJob() {}
110
111 scoped_refptr<const Extension> extension_;
112 net::HttpResponseInfo response_info_;
113 };
114
115 base::Time GetFileLastModifiedTime(const base::FilePath& filename) {
116 if (base::PathExists(filename)) {
117 base::File::Info info;
118 if (base::GetFileInfo(filename, &info))
119 return info.last_modified;
120 }
121 return base::Time();
122 }
123
124 base::Time GetFileCreationTime(const base::FilePath& filename) {
125 if (base::PathExists(filename)) {
126 base::File::Info info;
127 if (base::GetFileInfo(filename, &info))
128 return info.creation_time;
129 }
130 return base::Time();
131 }
132
133 void ReadResourceFilePathAndLastModifiedTime(
134 const extensions::ExtensionResource& resource,
135 const base::FilePath& directory,
136 base::FilePath* file_path,
137 base::Time* last_modified_time) {
138 *file_path = resource.GetFilePath();
139 *last_modified_time = GetFileLastModifiedTime(*file_path);
140 // While we're here, log the delta between extension directory
141 // creation time and the resource's last modification time.
142 base::ElapsedTimer query_timer;
143 base::Time dir_creation_time = GetFileCreationTime(directory);
144 UMA_HISTOGRAM_TIMES("Extensions.ResourceDirectoryTimestampQueryLatency",
145 query_timer.Elapsed());
146 int64 delta_seconds = (*last_modified_time - dir_creation_time).InSeconds();
147 if (delta_seconds >= 0) {
148 UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedDelta",
149 delta_seconds,
150 0,
151 base::TimeDelta::FromDays(30).InSeconds(),
152 50);
153 } else {
154 UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedNegativeDelta",
155 -delta_seconds,
156 1,
157 base::TimeDelta::FromDays(30).InSeconds(),
158 50);
159 }
160 }
161
162 class URLRequestExtensionJob : public net::URLRequestFileJob {
163 public:
164 URLRequestExtensionJob(net::URLRequest* request,
165 net::NetworkDelegate* network_delegate,
166 const std::string& extension_id,
167 const base::FilePath& directory_path,
168 const base::FilePath& relative_path,
169 const std::string& content_security_policy,
170 bool send_cors_header,
171 bool follow_symlinks_anywhere,
172 ContentVerifyJob* verify_job)
173 : net::URLRequestFileJob(
174 request,
175 network_delegate,
176 base::FilePath(),
177 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior(
178 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)),
179 verify_job_(verify_job),
180 seek_position_(0),
181 bytes_read_(0),
182 directory_path_(directory_path),
183 // TODO(tc): Move all of these files into resources.pak so we don't
184 // break when updating on Linux.
185 resource_(extension_id, directory_path, relative_path),
186 content_security_policy_(content_security_policy),
187 send_cors_header_(send_cors_header),
188 weak_factory_(this) {
189 if (follow_symlinks_anywhere) {
190 resource_.set_follow_symlinks_anywhere();
191 }
192 }
193
194 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
195 *info = response_info_;
196 }
197
198 virtual void Start() OVERRIDE {
199 request_timer_.reset(new base::ElapsedTimer());
200 base::FilePath* read_file_path = new base::FilePath;
201 base::Time* last_modified_time = new base::Time();
202 bool posted = BrowserThread::PostBlockingPoolTaskAndReply(
203 FROM_HERE,
204 base::Bind(&ReadResourceFilePathAndLastModifiedTime,
205 resource_,
206 directory_path_,
207 base::Unretained(read_file_path),
208 base::Unretained(last_modified_time)),
209 base::Bind(&URLRequestExtensionJob::OnFilePathAndLastModifiedTimeRead,
210 weak_factory_.GetWeakPtr(),
211 base::Owned(read_file_path),
212 base::Owned(last_modified_time)));
213 DCHECK(posted);
214 }
215
216 virtual void SetExtraRequestHeaders(
217 const net::HttpRequestHeaders& headers) OVERRIDE {
218 // TODO(asargent) - we'll need to add proper support for range headers.
219 // crbug.com/369895.
220 std::string range_header;
221 if (headers.GetHeader(net::HttpRequestHeaders::kRange, &range_header)) {
222 if (verify_job_.get())
223 verify_job_ = NULL;
224 }
225 URLRequestFileJob::SetExtraRequestHeaders(headers);
226 }
227
228 virtual void OnSeekComplete(int64 result) OVERRIDE {
229 DCHECK_EQ(seek_position_, 0);
230 seek_position_ = result;
231 // TODO(asargent) - we'll need to add proper support for range headers.
232 // crbug.com/369895.
233 if (result > 0 && verify_job_.get())
234 verify_job_ = NULL;
235 }
236
237 virtual void OnReadComplete(net::IOBuffer* buffer, int result) OVERRIDE {
238 if (result >= 0)
239 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.OnReadCompleteResult", result);
240 else
241 UMA_HISTOGRAM_SPARSE_SLOWLY("ExtensionUrlRequest.OnReadCompleteError",
242 -result);
243 if (result > 0) {
244 bytes_read_ += result;
245 if (verify_job_.get()) {
246 verify_job_->BytesRead(result, buffer->data());
247 if (!remaining_bytes())
248 verify_job_->DoneReading();
249 }
250 }
251 }
252
253 private:
254 virtual ~URLRequestExtensionJob() {
255 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.TotalKbRead", bytes_read_ / 1024);
256 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.SeekPosition", seek_position_);
257 if (request_timer_.get())
258 UMA_HISTOGRAM_TIMES("ExtensionUrlRequest.Latency",
259 request_timer_->Elapsed());
260 }
261
262 void OnFilePathAndLastModifiedTimeRead(base::FilePath* read_file_path,
263 base::Time* last_modified_time) {
264 file_path_ = *read_file_path;
265 response_info_.headers = BuildHttpHeaders(
266 content_security_policy_,
267 send_cors_header_,
268 *last_modified_time);
269 URLRequestFileJob::Start();
270 }
271
272 scoped_refptr<ContentVerifyJob> verify_job_;
273
274 scoped_ptr<base::ElapsedTimer> request_timer_;
275
276 // The position we seeked to in the file.
277 int64 seek_position_;
278
279 // The number of bytes of content we read from the file.
280 int bytes_read_;
281
282 net::HttpResponseInfo response_info_;
283 base::FilePath directory_path_;
284 extensions::ExtensionResource resource_;
285 std::string content_security_policy_;
286 bool send_cors_header_;
287 base::WeakPtrFactory<URLRequestExtensionJob> weak_factory_;
288 };
289
290 bool ExtensionCanLoadInIncognito(const ResourceRequestInfo* info,
291 const std::string& extension_id,
292 extensions::InfoMap* extension_info_map) {
293 if (!extension_info_map->IsIncognitoEnabled(extension_id))
294 return false;
295
296 // Only allow incognito toplevel navigations to extension resources in
297 // split mode. In spanning mode, the extension must run in a single process,
298 // and an incognito tab prevents that.
299 if (info->GetResourceType() == content::RESOURCE_TYPE_MAIN_FRAME) {
300 const Extension* extension =
301 extension_info_map->extensions().GetByID(extension_id);
302 return extension && extensions::IncognitoInfo::IsSplitMode(extension);
303 }
304
305 return true;
306 }
307
308 // Returns true if an chrome-extension:// resource should be allowed to load.
309 // Pass true for |is_incognito| only for incognito profiles and not Chrome OS
310 // guest mode profiles.
311 // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
312 // first need to find a way to get CanLoadInIncognito state into the renderers.
313 bool AllowExtensionResourceLoad(net::URLRequest* request,
314 bool is_incognito,
315 const Extension* extension,
316 extensions::InfoMap* extension_info_map) {
317 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
318
319 // We have seen crashes where info is NULL: crbug.com/52374.
320 if (!info) {
321 LOG(ERROR) << "Allowing load of " << request->url().spec()
322 << "from unknown origin. Could not find user data for "
323 << "request.";
324 return true;
325 }
326
327 if (is_incognito && !ExtensionCanLoadInIncognito(
328 info, request->url().host(), extension_info_map)) {
329 return false;
330 }
331
332 // The following checks are meant to replicate similar set of checks in the
333 // renderer process, performed by ResourceRequestPolicy::CanRequestResource.
334 // These are not exactly equivalent, because we don't have the same bits of
335 // information. The two checks need to be kept in sync as much as possible, as
336 // an exploited renderer can bypass the checks in ResourceRequestPolicy.
337
338 // Check if the extension for which this request is made is indeed loaded in
339 // the process sending the request. If not, we need to explicitly check if
340 // the resource is explicitly accessible or fits in a set of exception cases.
341 // Note: This allows a case where two extensions execute in the same renderer
342 // process to request each other's resources. We can't do a more precise
343 // check, since the renderer can lie about which extension has made the
344 // request.
345 if (extension_info_map->process_map().Contains(
346 request->url().host(), info->GetChildID())) {
347 return true;
348 }
349
350 // Allow the extension module embedder to grant permission for loads.
351 if (ExtensionsBrowserClient::Get()->AllowCrossRendererResourceLoad(
352 request, is_incognito, extension, extension_info_map)) {
353 return true;
354 }
355
356 // No special exceptions for cross-process loading. Block the load.
357 return false;
358 }
359
360 // Returns true if the given URL references an icon in the given extension.
361 bool URLIsForExtensionIcon(const GURL& url, const Extension* extension) {
362 DCHECK(url.SchemeIs(extensions::kExtensionScheme));
363
364 if (!extension)
365 return false;
366
367 std::string path = url.path();
368 DCHECK_EQ(url.host(), extension->id());
369 DCHECK(path.length() > 0 && path[0] == '/');
370 path = path.substr(1);
371 return extensions::IconsInfo::GetIcons(extension).ContainsPath(path);
372 }
373
374 class ExtensionProtocolHandler
375 : public net::URLRequestJobFactory::ProtocolHandler {
376 public:
377 ExtensionProtocolHandler(bool is_incognito,
378 extensions::InfoMap* extension_info_map)
379 : is_incognito_(is_incognito), extension_info_map_(extension_info_map) {}
380
381 virtual ~ExtensionProtocolHandler() {}
382
383 virtual net::URLRequestJob* MaybeCreateJob(
384 net::URLRequest* request,
385 net::NetworkDelegate* network_delegate) const OVERRIDE;
386
387 private:
388 const bool is_incognito_;
389 extensions::InfoMap* const extension_info_map_;
390 DISALLOW_COPY_AND_ASSIGN(ExtensionProtocolHandler);
391 };
392
393 // Creates URLRequestJobs for extension:// URLs.
394 net::URLRequestJob*
395 ExtensionProtocolHandler::MaybeCreateJob(
396 net::URLRequest* request, net::NetworkDelegate* network_delegate) const {
397 // chrome-extension://extension-id/resource/path.js
398 std::string extension_id = request->url().host();
399 const Extension* extension =
400 extension_info_map_->extensions().GetByID(extension_id);
401
402 // TODO(mpcomplete): better error code.
403 if (!AllowExtensionResourceLoad(
404 request, is_incognito_, extension, extension_info_map_)) {
405 return new net::URLRequestErrorJob(
406 request, network_delegate, net::ERR_ADDRESS_UNREACHABLE);
407 }
408
409 // If this is a disabled extension only allow the icon to load.
410 base::FilePath directory_path;
411 if (extension)
412 directory_path = extension->path();
413 if (directory_path.value().empty()) {
414 const Extension* disabled_extension =
415 extension_info_map_->disabled_extensions().GetByID(extension_id);
416 if (URLIsForExtensionIcon(request->url(), disabled_extension))
417 directory_path = disabled_extension->path();
418 if (directory_path.value().empty()) {
419 LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id;
420 return NULL;
421 }
422 }
423
424 // Set up content security policy.
425 std::string content_security_policy;
426 bool send_cors_header = false;
427 bool follow_symlinks_anywhere = false;
428
429 if (extension) {
430 std::string resource_path = request->url().path();
431
432 // Use default CSP for <webview>.
433 if (!ExtensionsBrowserClient::Get()->IsWebViewRequest(request)) {
434 content_security_policy =
435 extensions::CSPInfo::GetResourceContentSecurityPolicy(extension,
436 resource_path);
437 }
438
439 if ((extension->manifest_version() >= 2 ||
440 extensions::WebAccessibleResourcesInfo::HasWebAccessibleResources(
441 extension)) &&
442 extensions::WebAccessibleResourcesInfo::IsResourceWebAccessible(
443 extension, resource_path)) {
444 send_cors_header = true;
445 }
446
447 follow_symlinks_anywhere =
448 (extension->creation_flags() & Extension::FOLLOW_SYMLINKS_ANYWHERE)
449 != 0;
450 }
451
452 // Create a job for a generated background page.
453 std::string path = request->url().path();
454 if (path.size() > 1 &&
455 path.substr(1) == extensions::kGeneratedBackgroundPageFilename) {
456 return new GeneratedBackgroundPageJob(
457 request, network_delegate, extension, content_security_policy);
458 }
459
460 // Component extension resources may be part of the embedder's resource files,
461 // for example component_extension_resources.pak in Chrome.
462 net::URLRequestJob* resource_bundle_job =
463 extensions::ExtensionsBrowserClient::Get()
464 ->MaybeCreateResourceBundleRequestJob(request,
465 network_delegate,
466 directory_path,
467 content_security_policy,
468 send_cors_header);
469 if (resource_bundle_job)
470 return resource_bundle_job;
471
472 base::FilePath relative_path =
473 extensions::file_util::ExtensionURLToRelativeFilePath(request->url());
474
475 // Handle shared resources (extension A loading resources out of extension B).
476 if (SharedModuleInfo::IsImportedPath(path)) {
477 std::string new_extension_id;
478 std::string new_relative_path;
479 SharedModuleInfo::ParseImportedPath(path, &new_extension_id,
480 &new_relative_path);
481 const Extension* new_extension =
482 extension_info_map_->extensions().GetByID(new_extension_id);
483
484 bool first_party_in_import = false;
485 // NB: This first_party_for_cookies call is not for security, it is only
486 // used so an exported extension can limit the visible surface to the
487 // extension that imports it, more or less constituting its API.
488 const std::string& first_party_path =
489 request->first_party_for_cookies().path();
490 if (SharedModuleInfo::IsImportedPath(first_party_path)) {
491 std::string first_party_id;
492 std::string dummy;
493 SharedModuleInfo::ParseImportedPath(first_party_path, &first_party_id,
494 &dummy);
495 if (first_party_id == new_extension_id) {
496 first_party_in_import = true;
497 }
498 }
499
500 if (SharedModuleInfo::ImportsExtensionById(extension, new_extension_id) &&
501 new_extension &&
502 (first_party_in_import ||
503 SharedModuleInfo::IsExportAllowed(new_extension, new_relative_path))) {
504 directory_path = new_extension->path();
505 extension_id = new_extension_id;
506 relative_path = base::FilePath::FromUTF8Unsafe(new_relative_path);
507 } else {
508 return NULL;
509 }
510 }
511 ContentVerifyJob* verify_job = NULL;
512 ContentVerifier* verifier = extension_info_map_->content_verifier();
513 if (verifier) {
514 verify_job =
515 verifier->CreateJobFor(extension_id, directory_path, relative_path);
516 if (verify_job)
517 verify_job->Start();
518 }
519
520 return new URLRequestExtensionJob(request,
521 network_delegate,
522 extension_id,
523 directory_path,
524 relative_path,
525 content_security_policy,
526 send_cors_header,
527 follow_symlinks_anywhere,
528 verify_job);
529 }
530
531 } // namespace
532
533 net::HttpResponseHeaders* BuildHttpHeaders(
534 const std::string& content_security_policy,
535 bool send_cors_header,
536 const base::Time& last_modified_time) {
537 std::string raw_headers;
538 raw_headers.append("HTTP/1.1 200 OK");
539 if (!content_security_policy.empty()) {
540 raw_headers.append(1, '\0');
541 raw_headers.append("Content-Security-Policy: ");
542 raw_headers.append(content_security_policy);
543 }
544
545 if (send_cors_header) {
546 raw_headers.append(1, '\0');
547 raw_headers.append("Access-Control-Allow-Origin: *");
548 }
549
550 if (!last_modified_time.is_null()) {
551 // Hash the time and make an etag to avoid exposing the exact
552 // user installation time of the extension.
553 std::string hash =
554 base::StringPrintf("%" PRId64, last_modified_time.ToInternalValue());
555 hash = base::SHA1HashString(hash);
556 std::string etag;
557 base::Base64Encode(hash, &etag);
558 raw_headers.append(1, '\0');
559 raw_headers.append("ETag: \"");
560 raw_headers.append(etag);
561 raw_headers.append("\"");
562 // Also force revalidation.
563 raw_headers.append(1, '\0');
564 raw_headers.append("cache-control: no-cache");
565 }
566
567 raw_headers.append(2, '\0');
568 return new net::HttpResponseHeaders(raw_headers);
569 }
570
571 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler(
572 bool is_incognito,
573 extensions::InfoMap* extension_info_map) {
574 return new ExtensionProtocolHandler(is_incognito, extension_info_map);
575 }
576
577 } // namespace extensions