1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/extension_protocols.h"
11 #include "base/base64.h"
12 #include "base/compiler_specific.h"
13 #include "base/files/file_path.h"
14 #include "base/files/file_util.h"
15 #include "base/format_macros.h"
16 #include "base/logging.h"
17 #include "base/memory/weak_ptr.h"
18 #include "base/message_loop/message_loop.h"
19 #include "base/metrics/field_trial.h"
20 #include "base/metrics/histogram.h"
21 #include "base/metrics/sparse_histogram.h"
22 #include "base/sha1.h"
23 #include "base/strings/string_number_conversions.h"
24 #include "base/strings/string_util.h"
25 #include "base/strings/stringprintf.h"
26 #include "base/strings/utf_string_conversions.h"
27 #include "base/threading/sequenced_worker_pool.h"
28 #include "base/threading/thread_restrictions.h"
29 #include "base/timer/elapsed_timer.h"
30 #include "build/build_config.h"
31 #include "content/public/browser/browser_thread.h"
32 #include "content/public/browser/resource_request_info.h"
33 #include "crypto/secure_hash.h"
34 #include "crypto/sha2.h"
35 #include "extensions/browser/content_verifier.h"
36 #include "extensions/browser/content_verify_job.h"
37 #include "extensions/browser/extensions_browser_client.h"
38 #include "extensions/browser/info_map.h"
39 #include "extensions/browser/url_request_util.h"
40 #include "extensions/common/constants.h"
41 #include "extensions/common/extension.h"
42 #include "extensions/common/extension_resource.h"
43 #include "extensions/common/file_util.h"
44 #include "extensions/common/manifest_handlers/background_info.h"
45 #include "extensions/common/manifest_handlers/csp_info.h"
46 #include "extensions/common/manifest_handlers/icons_handler.h"
47 #include "extensions/common/manifest_handlers/incognito_info.h"
48 #include "extensions/common/manifest_handlers/shared_module_info.h"
49 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
50 #include "net/base/io_buffer.h"
51 #include "net/base/net_errors.h"
52 #include "net/http/http_request_headers.h"
53 #include "net/http/http_response_headers.h"
54 #include "net/http/http_response_info.h"
55 #include "net/url_request/url_request_error_job.h"
56 #include "net/url_request/url_request_file_job.h"
57 #include "net/url_request/url_request_simple_job.h"
58 #include "url/url_util.h"
60 using content::BrowserThread
;
61 using content::ResourceRequestInfo
;
62 using content::ResourceType
;
63 using extensions::Extension
;
64 using extensions::SharedModuleInfo
;
66 namespace extensions
{
69 class GeneratedBackgroundPageJob
: public net::URLRequestSimpleJob
{
71 GeneratedBackgroundPageJob(net::URLRequest
* request
,
72 net::NetworkDelegate
* network_delegate
,
73 const scoped_refptr
<const Extension
> extension
,
74 const std::string
& content_security_policy
)
75 : net::URLRequestSimpleJob(request
, network_delegate
),
76 extension_(extension
) {
77 const bool send_cors_headers
= false;
78 // Leave cache headers out of generated background page jobs.
79 response_info_
.headers
= BuildHttpHeaders(content_security_policy
,
84 // Overridden from URLRequestSimpleJob:
85 int GetData(std::string
* mime_type
,
88 const net::CompletionCallback
& callback
) const override
{
89 *mime_type
= "text/html";
92 *data
= "<!DOCTYPE html>\n<body>\n";
93 const std::vector
<std::string
>& background_scripts
=
94 extensions::BackgroundInfo::GetBackgroundScripts(extension_
.get());
95 for (size_t i
= 0; i
< background_scripts
.size(); ++i
) {
96 *data
+= "<script src=\"";
97 *data
+= background_scripts
[i
];
98 *data
+= "\"></script>\n";
104 void GetResponseInfo(net::HttpResponseInfo
* info
) override
{
105 *info
= response_info_
;
109 ~GeneratedBackgroundPageJob() override
{}
111 scoped_refptr
<const Extension
> extension_
;
112 net::HttpResponseInfo response_info_
;
115 base::Time
GetFileLastModifiedTime(const base::FilePath
& filename
) {
116 if (base::PathExists(filename
)) {
117 base::File::Info info
;
118 if (base::GetFileInfo(filename
, &info
))
119 return info
.last_modified
;
124 base::Time
GetFileCreationTime(const base::FilePath
& filename
) {
125 if (base::PathExists(filename
)) {
126 base::File::Info info
;
127 if (base::GetFileInfo(filename
, &info
))
128 return info
.creation_time
;
133 void ReadResourceFilePathAndLastModifiedTime(
134 const extensions::ExtensionResource
& resource
,
135 const base::FilePath
& directory
,
136 base::FilePath
* file_path
,
137 base::Time
* last_modified_time
) {
138 *file_path
= resource
.GetFilePath();
139 *last_modified_time
= GetFileLastModifiedTime(*file_path
);
140 // While we're here, log the delta between extension directory
141 // creation time and the resource's last modification time.
142 base::ElapsedTimer query_timer
;
143 base::Time dir_creation_time
= GetFileCreationTime(directory
);
144 UMA_HISTOGRAM_TIMES("Extensions.ResourceDirectoryTimestampQueryLatency",
145 query_timer
.Elapsed());
146 int64 delta_seconds
= (*last_modified_time
- dir_creation_time
).InSeconds();
147 if (delta_seconds
>= 0) {
148 UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedDelta",
151 base::TimeDelta::FromDays(30).InSeconds(),
154 UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedNegativeDelta",
157 base::TimeDelta::FromDays(30).InSeconds(),
162 class URLRequestExtensionJob
: public net::URLRequestFileJob
{
164 URLRequestExtensionJob(net::URLRequest
* request
,
165 net::NetworkDelegate
* network_delegate
,
166 const std::string
& extension_id
,
167 const base::FilePath
& directory_path
,
168 const base::FilePath
& relative_path
,
169 const std::string
& content_security_policy
,
170 bool send_cors_header
,
171 bool follow_symlinks_anywhere
,
172 ContentVerifyJob
* verify_job
)
173 : net::URLRequestFileJob(
177 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior(
178 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN
)),
179 verify_job_(verify_job
),
182 directory_path_(directory_path
),
183 // TODO(tc): Move all of these files into resources.pak so we don't
184 // break when updating on Linux.
185 resource_(extension_id
, directory_path
, relative_path
),
186 content_security_policy_(content_security_policy
),
187 send_cors_header_(send_cors_header
),
188 weak_factory_(this) {
189 if (follow_symlinks_anywhere
) {
190 resource_
.set_follow_symlinks_anywhere();
194 void GetResponseInfo(net::HttpResponseInfo
* info
) override
{
195 *info
= response_info_
;
198 // This always returns 200 because a URLRequestExtensionJob will only get
199 // created in MaybeCreateJob() if the file exists.
200 int GetResponseCode() const override
{ return 200; }
202 void Start() override
{
203 request_timer_
.reset(new base::ElapsedTimer());
204 base::FilePath
* read_file_path
= new base::FilePath
;
205 base::Time
* last_modified_time
= new base::Time();
206 bool posted
= BrowserThread::PostBlockingPoolTaskAndReply(
208 base::Bind(&ReadResourceFilePathAndLastModifiedTime
,
211 base::Unretained(read_file_path
),
212 base::Unretained(last_modified_time
)),
213 base::Bind(&URLRequestExtensionJob::OnFilePathAndLastModifiedTimeRead
,
214 weak_factory_
.GetWeakPtr(),
215 base::Owned(read_file_path
),
216 base::Owned(last_modified_time
)));
220 bool IsRedirectResponse(GURL
* location
, int* http_status_code
) override
{
224 void SetExtraRequestHeaders(const net::HttpRequestHeaders
& headers
) override
{
225 // TODO(asargent) - we'll need to add proper support for range headers.
227 std::string range_header
;
228 if (headers
.GetHeader(net::HttpRequestHeaders::kRange
, &range_header
)) {
229 if (verify_job_
.get())
232 URLRequestFileJob::SetExtraRequestHeaders(headers
);
235 void OnSeekComplete(int64 result
) override
{
236 DCHECK_EQ(seek_position_
, 0);
237 seek_position_
= result
;
238 // TODO(asargent) - we'll need to add proper support for range headers.
240 if (result
> 0 && verify_job_
.get())
244 void OnReadComplete(net::IOBuffer
* buffer
, int result
) override
{
246 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.OnReadCompleteResult", result
);
248 UMA_HISTOGRAM_SPARSE_SLOWLY("ExtensionUrlRequest.OnReadCompleteError",
251 bytes_read_
+= result
;
252 if (verify_job_
.get()) {
253 verify_job_
->BytesRead(result
, buffer
->data());
254 if (!remaining_bytes())
255 verify_job_
->DoneReading();
261 ~URLRequestExtensionJob() override
{
262 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.TotalKbRead", bytes_read_
/ 1024);
263 UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.SeekPosition", seek_position_
);
264 if (request_timer_
.get())
265 UMA_HISTOGRAM_TIMES("ExtensionUrlRequest.Latency",
266 request_timer_
->Elapsed());
269 void OnFilePathAndLastModifiedTimeRead(base::FilePath
* read_file_path
,
270 base::Time
* last_modified_time
) {
271 file_path_
= *read_file_path
;
272 response_info_
.headers
= BuildHttpHeaders(
273 content_security_policy_
,
275 *last_modified_time
);
276 URLRequestFileJob::Start();
279 scoped_refptr
<ContentVerifyJob
> verify_job_
;
281 scoped_ptr
<base::ElapsedTimer
> request_timer_
;
283 // The position we seeked to in the file.
284 int64 seek_position_
;
286 // The number of bytes of content we read from the file.
289 net::HttpResponseInfo response_info_
;
290 base::FilePath directory_path_
;
291 extensions::ExtensionResource resource_
;
292 std::string content_security_policy_
;
293 bool send_cors_header_
;
294 base::WeakPtrFactory
<URLRequestExtensionJob
> weak_factory_
;
297 bool ExtensionCanLoadInIncognito(const ResourceRequestInfo
* info
,
298 const std::string
& extension_id
,
299 extensions::InfoMap
* extension_info_map
) {
300 if (!extension_info_map
->IsIncognitoEnabled(extension_id
))
303 // Only allow incognito toplevel navigations to extension resources in
304 // split mode. In spanning mode, the extension must run in a single process,
305 // and an incognito tab prevents that.
306 if (info
->GetResourceType() == content::RESOURCE_TYPE_MAIN_FRAME
) {
307 const Extension
* extension
=
308 extension_info_map
->extensions().GetByID(extension_id
);
309 return extension
&& extensions::IncognitoInfo::IsSplitMode(extension
);
315 // Returns true if an chrome-extension:// resource should be allowed to load.
316 // Pass true for |is_incognito| only for incognito profiles and not Chrome OS
317 // guest mode profiles.
318 // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
319 // first need to find a way to get CanLoadInIncognito state into the renderers.
320 bool AllowExtensionResourceLoad(net::URLRequest
* request
,
322 const Extension
* extension
,
323 extensions::InfoMap
* extension_info_map
) {
324 const ResourceRequestInfo
* info
= ResourceRequestInfo::ForRequest(request
);
326 // We have seen crashes where info is NULL: crbug.com/52374.
328 LOG(ERROR
) << "Allowing load of " << request
->url().spec()
329 << "from unknown origin. Could not find user data for "
334 if (is_incognito
&& !ExtensionCanLoadInIncognito(
335 info
, request
->url().host(), extension_info_map
)) {
339 // The following checks are meant to replicate similar set of checks in the
340 // renderer process, performed by ResourceRequestPolicy::CanRequestResource.
341 // These are not exactly equivalent, because we don't have the same bits of
342 // information. The two checks need to be kept in sync as much as possible, as
343 // an exploited renderer can bypass the checks in ResourceRequestPolicy.
345 // Check if the extension for which this request is made is indeed loaded in
346 // the process sending the request. If not, we need to explicitly check if
347 // the resource is explicitly accessible or fits in a set of exception cases.
348 // Note: This allows a case where two extensions execute in the same renderer
349 // process to request each other's resources. We can't do a more precise
350 // check, since the renderer can lie about which extension has made the
352 if (extension_info_map
->process_map().Contains(
353 request
->url().host(), info
->GetChildID())) {
357 // Allow the extension module embedder to grant permission for loads.
358 if (ExtensionsBrowserClient::Get()->AllowCrossRendererResourceLoad(
359 request
, is_incognito
, extension
, extension_info_map
)) {
363 // No special exceptions for cross-process loading. Block the load.
367 // Returns true if the given URL references an icon in the given extension.
368 bool URLIsForExtensionIcon(const GURL
& url
, const Extension
* extension
) {
369 DCHECK(url
.SchemeIs(extensions::kExtensionScheme
));
374 std::string path
= url
.path();
375 DCHECK_EQ(url
.host(), extension
->id());
376 DCHECK(path
.length() > 0 && path
[0] == '/');
377 path
= path
.substr(1);
378 return extensions::IconsInfo::GetIcons(extension
).ContainsPath(path
);
381 class ExtensionProtocolHandler
382 : public net::URLRequestJobFactory::ProtocolHandler
{
384 ExtensionProtocolHandler(bool is_incognito
,
385 extensions::InfoMap
* extension_info_map
)
386 : is_incognito_(is_incognito
), extension_info_map_(extension_info_map
) {}
388 ~ExtensionProtocolHandler() override
{}
390 net::URLRequestJob
* MaybeCreateJob(
391 net::URLRequest
* request
,
392 net::NetworkDelegate
* network_delegate
) const override
;
395 const bool is_incognito_
;
396 extensions::InfoMap
* const extension_info_map_
;
397 DISALLOW_COPY_AND_ASSIGN(ExtensionProtocolHandler
);
400 // Creates URLRequestJobs for extension:// URLs.
402 ExtensionProtocolHandler::MaybeCreateJob(
403 net::URLRequest
* request
, net::NetworkDelegate
* network_delegate
) const {
404 // chrome-extension://extension-id/resource/path.js
405 std::string extension_id
= request
->url().host();
406 const Extension
* extension
=
407 extension_info_map_
->extensions().GetByID(extension_id
);
409 // TODO(mpcomplete): better error code.
410 if (!AllowExtensionResourceLoad(
411 request
, is_incognito_
, extension
, extension_info_map_
)) {
412 return new net::URLRequestErrorJob(
413 request
, network_delegate
, net::ERR_ADDRESS_UNREACHABLE
);
416 // If this is a disabled extension only allow the icon to load.
417 base::FilePath directory_path
;
419 directory_path
= extension
->path();
420 if (directory_path
.value().empty()) {
421 const Extension
* disabled_extension
=
422 extension_info_map_
->disabled_extensions().GetByID(extension_id
);
423 if (URLIsForExtensionIcon(request
->url(), disabled_extension
))
424 directory_path
= disabled_extension
->path();
425 if (directory_path
.value().empty()) {
426 LOG(WARNING
) << "Failed to GetPathForExtension: " << extension_id
;
431 // Set up content security policy.
432 std::string content_security_policy
;
433 bool send_cors_header
= false;
434 bool follow_symlinks_anywhere
= false;
437 std::string resource_path
= request
->url().path();
439 // Use default CSP for <webview>.
440 if (!url_request_util::IsWebViewRequest(request
)) {
441 content_security_policy
=
442 extensions::CSPInfo::GetResourceContentSecurityPolicy(extension
,
446 if ((extension
->manifest_version() >= 2 ||
447 extensions::WebAccessibleResourcesInfo::HasWebAccessibleResources(
449 extensions::WebAccessibleResourcesInfo::IsResourceWebAccessible(
450 extension
, resource_path
)) {
451 send_cors_header
= true;
454 follow_symlinks_anywhere
=
455 (extension
->creation_flags() & Extension::FOLLOW_SYMLINKS_ANYWHERE
)
459 // Create a job for a generated background page.
460 std::string path
= request
->url().path();
461 if (path
.size() > 1 &&
462 path
.substr(1) == extensions::kGeneratedBackgroundPageFilename
) {
463 return new GeneratedBackgroundPageJob(
464 request
, network_delegate
, extension
, content_security_policy
);
467 // Component extension resources may be part of the embedder's resource files,
468 // for example component_extension_resources.pak in Chrome.
469 net::URLRequestJob
* resource_bundle_job
=
470 extensions::ExtensionsBrowserClient::Get()
471 ->MaybeCreateResourceBundleRequestJob(request
,
474 content_security_policy
,
476 if (resource_bundle_job
)
477 return resource_bundle_job
;
479 base::FilePath relative_path
=
480 extensions::file_util::ExtensionURLToRelativeFilePath(request
->url());
482 // Handle shared resources (extension A loading resources out of extension B).
483 if (SharedModuleInfo::IsImportedPath(path
)) {
484 std::string new_extension_id
;
485 std::string new_relative_path
;
486 SharedModuleInfo::ParseImportedPath(path
, &new_extension_id
,
488 const Extension
* new_extension
=
489 extension_info_map_
->extensions().GetByID(new_extension_id
);
491 if (SharedModuleInfo::ImportsExtensionById(extension
, new_extension_id
) &&
493 directory_path
= new_extension
->path();
494 extension_id
= new_extension_id
;
495 relative_path
= base::FilePath::FromUTF8Unsafe(new_relative_path
);
500 ContentVerifyJob
* verify_job
= NULL
;
501 ContentVerifier
* verifier
= extension_info_map_
->content_verifier();
504 verifier
->CreateJobFor(extension_id
, directory_path
, relative_path
);
509 return new URLRequestExtensionJob(request
,
514 content_security_policy
,
516 follow_symlinks_anywhere
,
522 net::HttpResponseHeaders
* BuildHttpHeaders(
523 const std::string
& content_security_policy
,
524 bool send_cors_header
,
525 const base::Time
& last_modified_time
) {
526 std::string raw_headers
;
527 raw_headers
.append("HTTP/1.1 200 OK");
528 if (!content_security_policy
.empty()) {
529 raw_headers
.append(1, '\0');
530 raw_headers
.append("Content-Security-Policy: ");
531 raw_headers
.append(content_security_policy
);
534 if (send_cors_header
) {
535 raw_headers
.append(1, '\0');
536 raw_headers
.append("Access-Control-Allow-Origin: *");
539 if (!last_modified_time
.is_null()) {
540 // Hash the time and make an etag to avoid exposing the exact
541 // user installation time of the extension.
543 base::StringPrintf("%" PRId64
, last_modified_time
.ToInternalValue());
544 hash
= base::SHA1HashString(hash
);
546 base::Base64Encode(hash
, &etag
);
547 raw_headers
.append(1, '\0');
548 raw_headers
.append("ETag: \"");
549 raw_headers
.append(etag
);
550 raw_headers
.append("\"");
551 // Also force revalidation.
552 raw_headers
.append(1, '\0');
553 raw_headers
.append("cache-control: no-cache");
556 raw_headers
.append(2, '\0');
557 return new net::HttpResponseHeaders(raw_headers
);
560 net::URLRequestJobFactory::ProtocolHandler
* CreateExtensionProtocolHandler(
562 extensions::InfoMap
* extension_info_map
) {
563 return new ExtensionProtocolHandler(is_incognito
, extension_info_map
);
566 } // namespace extensions