Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / extensions / common / file_util.cc
blob53f2715426e93282b8074e4bbfe84d41e1e44234
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/common/file_util.h"
7 #include <map>
8 #include <set>
9 #include <string>
10 #include <utility>
11 #include <vector>
13 #include "base/files/file_enumerator.h"
14 #include "base/files/file_path.h"
15 #include "base/files/file_util.h"
16 #include "base/files/scoped_temp_dir.h"
17 #include "base/json/json_file_value_serializer.h"
18 #include "base/logging.h"
19 #include "base/memory/scoped_ptr.h"
20 #include "base/metrics/field_trial.h"
21 #include "base/metrics/histogram.h"
22 #include "base/strings/stringprintf.h"
23 #include "base/strings/utf_string_conversions.h"
24 #include "base/threading/thread_restrictions.h"
25 #include "base/time/time.h"
26 #include "extensions/common/constants.h"
27 #include "extensions/common/extension.h"
28 #include "extensions/common/extension_icon_set.h"
29 #include "extensions/common/extension_l10n_util.h"
30 #include "extensions/common/extension_set.h"
31 #include "extensions/common/install_warning.h"
32 #include "extensions/common/manifest.h"
33 #include "extensions/common/manifest_constants.h"
34 #include "extensions/common/manifest_handler.h"
35 #include "extensions/common/manifest_handlers/default_locale_handler.h"
36 #include "extensions/common/manifest_handlers/icons_handler.h"
37 #include "extensions/common/manifest_handlers/shared_module_info.h"
38 #include "grit/extensions_strings.h"
39 #include "net/base/escape.h"
40 #include "net/base/filename_util.h"
41 #include "ui/base/l10n/l10n_util.h"
42 #include "url/gurl.h"
44 namespace extensions {
45 namespace file_util {
46 namespace {
48 // Returns true if the given file path exists and is not zero-length.
49 bool ValidateFilePath(const base::FilePath& path) {
50 int64 size = 0;
51 if (!base::PathExists(path) ||
52 !base::GetFileSize(path, &size) ||
53 size == 0) {
54 return false;
57 return true;
60 // Returns true if the extension installation should flush all files and the
61 // directory.
62 bool UseSafeInstallation() {
63 const char kFieldTrialName[] = "ExtensionUseSafeInstallation";
64 const char kEnable[] = "Enable";
65 return base::FieldTrialList::FindFullName(kFieldTrialName) == kEnable;
68 enum FlushOneOrAllFiles {
69 ONE_FILE_ONLY,
70 ALL_FILES
73 // Flush all files in a directory or just one. When flushing all files, it
74 // makes sure every file is on disk. When flushing one file only, it ensures
75 // all parent directories are on disk.
76 void FlushFilesInDir(const base::FilePath& path,
77 FlushOneOrAllFiles one_or_all_files) {
78 if (!UseSafeInstallation()) {
79 return;
81 base::FileEnumerator temp_traversal(path,
82 true, // recursive
83 base::FileEnumerator::FILES);
84 for (base::FilePath current = temp_traversal.Next(); !current.empty();
85 current = temp_traversal.Next()) {
86 base::File currentFile(current,
87 base::File::FLAG_OPEN | base::File::FLAG_WRITE);
88 currentFile.Flush();
89 currentFile.Close();
90 if (one_or_all_files == ONE_FILE_ONLY) {
91 break;
96 } // namespace
98 const base::FilePath::CharType kTempDirectoryName[] = FILE_PATH_LITERAL("Temp");
100 base::FilePath InstallExtension(const base::FilePath& unpacked_source_dir,
101 const std::string& id,
102 const std::string& version,
103 const base::FilePath& extensions_dir) {
104 base::FilePath extension_dir = extensions_dir.AppendASCII(id);
105 base::FilePath version_dir;
107 // Create the extension directory if it doesn't exist already.
108 if (!base::PathExists(extension_dir)) {
109 if (!base::CreateDirectory(extension_dir))
110 return base::FilePath();
113 // Get a temp directory on the same file system as the profile.
114 base::FilePath install_temp_dir = GetInstallTempDir(extensions_dir);
115 base::ScopedTempDir extension_temp_dir;
116 if (install_temp_dir.empty() ||
117 !extension_temp_dir.CreateUniqueTempDirUnderPath(install_temp_dir)) {
118 LOG(ERROR) << "Creating of temp dir under in the profile failed.";
119 return base::FilePath();
121 base::FilePath crx_temp_source =
122 extension_temp_dir.path().Append(unpacked_source_dir.BaseName());
123 if (!base::Move(unpacked_source_dir, crx_temp_source)) {
124 LOG(ERROR) << "Moving extension from : " << unpacked_source_dir.value()
125 << " to : " << crx_temp_source.value() << " failed.";
126 return base::FilePath();
129 // Try to find a free directory. There can be legitimate conflicts in the case
130 // of overinstallation of the same version.
131 const int kMaxAttempts = 100;
132 for (int i = 0; i < kMaxAttempts; ++i) {
133 base::FilePath candidate = extension_dir.AppendASCII(
134 base::StringPrintf("%s_%u", version.c_str(), i));
135 if (!base::PathExists(candidate)) {
136 version_dir = candidate;
137 break;
141 if (version_dir.empty()) {
142 LOG(ERROR) << "Could not find a home for extension " << id << " with "
143 << "version " << version << ".";
144 return base::FilePath();
147 base::TimeTicks start_time = base::TimeTicks::Now();
149 // Flush the source dir completely before moving to make sure everything is
150 // on disk. Otherwise a sudden power loss could cause the newly installed
151 // extension to be in a corrupted state. Note that empty sub-directories
152 // may still be lost.
153 FlushFilesInDir(crx_temp_source, ALL_FILES);
155 // The target version_dir does not exists yet, so base::Move() is using
156 // rename() on POSIX systems. It is atomic in the sense that it will
157 // either complete successfully or in the event of data loss be reverted.
158 if (!base::Move(crx_temp_source, version_dir)) {
159 LOG(ERROR) << "Installing extension from : " << crx_temp_source.value()
160 << " into : " << version_dir.value() << " failed.";
161 return base::FilePath();
164 // Flush one file in the new version_dir to make sure the dir move above is
165 // persisted on disk. This is guaranteed on POSIX systems. ExtensionPrefs
166 // is going to be updated with the new version_dir later. In the event of
167 // data loss ExtensionPrefs should be pointing to the previous version which
168 // is still fine.
169 FlushFilesInDir(version_dir, ONE_FILE_ONLY);
171 UMA_HISTOGRAM_TIMES("Extensions.FileInstallation",
172 base::TimeTicks::Now() - start_time);
174 return version_dir;
177 void UninstallExtension(const base::FilePath& extensions_dir,
178 const std::string& id) {
179 // We don't care about the return value. If this fails (and it can, due to
180 // plugins that aren't unloaded yet), it will get cleaned up by
181 // ExtensionGarbageCollector::GarbageCollectExtensions.
182 base::DeleteFile(extensions_dir.AppendASCII(id), true); // recursive.
185 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path,
186 Manifest::Location location,
187 int flags,
188 std::string* error) {
189 return LoadExtension(extension_path, std::string(), location, flags, error);
192 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path,
193 const std::string& extension_id,
194 Manifest::Location location,
195 int flags,
196 std::string* error) {
197 scoped_ptr<base::DictionaryValue> manifest(
198 LoadManifest(extension_path, error));
199 if (!manifest.get())
200 return NULL;
201 if (!extension_l10n_util::LocalizeExtension(
202 extension_path, manifest.get(), error)) {
203 return NULL;
206 scoped_refptr<Extension> extension(Extension::Create(
207 extension_path, location, *manifest, flags, extension_id, error));
208 if (!extension.get())
209 return NULL;
211 std::vector<InstallWarning> warnings;
212 if (!ValidateExtension(extension.get(), error, &warnings))
213 return NULL;
214 extension->AddInstallWarnings(warnings);
216 return extension;
219 base::DictionaryValue* LoadManifest(const base::FilePath& extension_path,
220 std::string* error) {
221 return LoadManifest(extension_path, kManifestFilename, error);
224 base::DictionaryValue* LoadManifest(
225 const base::FilePath& extension_path,
226 const base::FilePath::CharType* manifest_filename,
227 std::string* error) {
228 base::FilePath manifest_path = extension_path.Append(manifest_filename);
229 if (!base::PathExists(manifest_path)) {
230 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
231 return NULL;
234 JSONFileValueDeserializer deserializer(manifest_path);
235 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, error));
236 if (!root.get()) {
237 if (error->empty()) {
238 // If |error| is empty, than the file could not be read.
239 // It would be cleaner to have the JSON reader give a specific error
240 // in this case, but other code tests for a file error with
241 // error->empty(). For now, be consistent.
242 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
243 } else {
244 *error = base::StringPrintf(
245 "%s %s", manifest_errors::kManifestParseError, error->c_str());
247 return NULL;
250 if (!root->IsType(base::Value::TYPE_DICTIONARY)) {
251 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID);
252 return NULL;
255 return static_cast<base::DictionaryValue*>(root.release());
258 bool ValidateExtension(const Extension* extension,
259 std::string* error,
260 std::vector<InstallWarning>* warnings) {
261 // Ask registered manifest handlers to validate their paths.
262 if (!ManifestHandler::ValidateExtension(extension, error, warnings))
263 return false;
265 // Check children of extension root to see if any of them start with _ and is
266 // not on the reserved list. We only warn, and do not block the loading of the
267 // extension.
268 std::string warning;
269 if (!CheckForIllegalFilenames(extension->path(), &warning))
270 warnings->push_back(InstallWarning(warning));
272 // Check that the extension does not include any Windows reserved filenames.
273 std::string windows_reserved_warning;
274 if (!CheckForWindowsReservedFilenames(extension->path(),
275 &windows_reserved_warning)) {
276 warnings->push_back(InstallWarning(windows_reserved_warning));
279 // Check that extensions don't include private key files.
280 std::vector<base::FilePath> private_keys =
281 FindPrivateKeyFiles(extension->path());
282 if (extension->creation_flags() & Extension::ERROR_ON_PRIVATE_KEY) {
283 if (!private_keys.empty()) {
284 // Only print one of the private keys because l10n_util doesn't have a way
285 // to translate a list of strings.
286 *error =
287 l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTAINS_PRIVATE_KEY,
288 private_keys.front().LossyDisplayName());
289 return false;
291 } else {
292 for (size_t i = 0; i < private_keys.size(); ++i) {
293 warnings->push_back(InstallWarning(
294 l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTAINS_PRIVATE_KEY,
295 private_keys[i].LossyDisplayName())));
297 // Only warn; don't block loading the extension.
299 return true;
302 std::vector<base::FilePath> FindPrivateKeyFiles(
303 const base::FilePath& extension_dir) {
304 std::vector<base::FilePath> result;
305 // Pattern matching only works at the root level, so filter manually.
306 base::FileEnumerator traversal(
307 extension_dir, /*recursive=*/true, base::FileEnumerator::FILES);
308 for (base::FilePath current = traversal.Next(); !current.empty();
309 current = traversal.Next()) {
310 if (!current.MatchesExtension(kExtensionKeyFileExtension))
311 continue;
313 std::string key_contents;
314 if (!base::ReadFileToString(current, &key_contents)) {
315 // If we can't read the file, assume it's not a private key.
316 continue;
318 std::string key_bytes;
319 if (!Extension::ParsePEMKeyBytes(key_contents, &key_bytes)) {
320 // If we can't parse the key, assume it's ok too.
321 continue;
324 result.push_back(current);
326 return result;
329 bool CheckForIllegalFilenames(const base::FilePath& extension_path,
330 std::string* error) {
331 // Reserved underscore names.
332 static const base::FilePath::CharType* reserved_names[] = {
333 kLocaleFolder, kPlatformSpecificFolder, FILE_PATH_LITERAL("__MACOSX"), };
334 CR_DEFINE_STATIC_LOCAL(
335 std::set<base::FilePath::StringType>,
336 reserved_underscore_names,
337 (reserved_names, reserved_names + arraysize(reserved_names)));
339 // Enumerate all files and directories in the extension root.
340 // There is a problem when using pattern "_*" with FileEnumerator, so we have
341 // to cheat with find_first_of and match all.
342 const int kFilesAndDirectories =
343 base::FileEnumerator::DIRECTORIES | base::FileEnumerator::FILES;
344 base::FileEnumerator all_files(extension_path, false, kFilesAndDirectories);
346 base::FilePath file;
347 while (!(file = all_files.Next()).empty()) {
348 base::FilePath::StringType filename = file.BaseName().value();
350 // Skip all that don't start with "_".
351 if (filename.find_first_of(FILE_PATH_LITERAL("_")) != 0)
352 continue;
353 if (reserved_underscore_names.find(filename) ==
354 reserved_underscore_names.end()) {
355 *error = base::StringPrintf(
356 "Cannot load extension with file or directory name %s. "
357 "Filenames starting with \"_\" are reserved for use by the system.",
358 file.BaseName().AsUTF8Unsafe().c_str());
359 return false;
363 return true;
366 bool CheckForWindowsReservedFilenames(const base::FilePath& extension_dir,
367 std::string* error) {
368 const int kFilesAndDirectories =
369 base::FileEnumerator::DIRECTORIES | base::FileEnumerator::FILES;
370 base::FileEnumerator traversal(extension_dir, true, kFilesAndDirectories);
372 for (base::FilePath current = traversal.Next(); !current.empty();
373 current = traversal.Next()) {
374 base::FilePath::StringType filename = current.BaseName().value();
375 bool is_reserved_filename = net::IsReservedNameOnWindows(filename);
376 if (is_reserved_filename) {
377 *error = base::StringPrintf(
378 "Cannot load extension with file or directory name %s. "
379 "The filename is illegal.",
380 current.BaseName().AsUTF8Unsafe().c_str());
381 return false;
385 return true;
388 base::FilePath GetInstallTempDir(const base::FilePath& extensions_dir) {
389 // We do file IO in this function, but only when the current profile's
390 // Temp directory has never been used before, or in a rare error case.
391 // Developers are not likely to see these situations often, so do an
392 // explicit thread check.
393 base::ThreadRestrictions::AssertIOAllowed();
395 // Create the temp directory as a sub-directory of the Extensions directory.
396 // This guarantees it is on the same file system as the extension's eventual
397 // install target.
398 base::FilePath temp_path = extensions_dir.Append(kTempDirectoryName);
399 if (base::PathExists(temp_path)) {
400 if (!base::DirectoryExists(temp_path)) {
401 DLOG(WARNING) << "Not a directory: " << temp_path.value();
402 return base::FilePath();
404 if (!base::PathIsWritable(temp_path)) {
405 DLOG(WARNING) << "Can't write to path: " << temp_path.value();
406 return base::FilePath();
408 // This is a directory we can write to.
409 return temp_path;
412 // Directory doesn't exist, so create it.
413 if (!base::CreateDirectory(temp_path)) {
414 DLOG(WARNING) << "Couldn't create directory: " << temp_path.value();
415 return base::FilePath();
417 return temp_path;
420 void DeleteFile(const base::FilePath& path, bool recursive) {
421 base::DeleteFile(path, recursive);
424 base::FilePath ExtensionURLToRelativeFilePath(const GURL& url) {
425 std::string url_path = url.path();
426 if (url_path.empty() || url_path[0] != '/')
427 return base::FilePath();
429 // Drop the leading slashes and convert %-encoded UTF8 to regular UTF8.
430 std::string file_path = net::UnescapeURLComponent(url_path,
431 net::UnescapeRule::SPACES | net::UnescapeRule::URL_SPECIAL_CHARS);
432 size_t skip = file_path.find_first_not_of("/\\");
433 if (skip != file_path.npos)
434 file_path = file_path.substr(skip);
436 base::FilePath path = base::FilePath::FromUTF8Unsafe(file_path);
438 // It's still possible for someone to construct an annoying URL whose path
439 // would still wind up not being considered relative at this point.
440 // For example: chrome-extension://id/c:////foo.html
441 if (path.IsAbsolute())
442 return base::FilePath();
444 return path;
447 base::FilePath ExtensionResourceURLToFilePath(const GURL& url,
448 const base::FilePath& root) {
449 std::string host = net::UnescapeURLComponent(url.host(),
450 net::UnescapeRule::SPACES | net::UnescapeRule::URL_SPECIAL_CHARS);
451 if (host.empty())
452 return base::FilePath();
454 base::FilePath relative_path = ExtensionURLToRelativeFilePath(url);
455 if (relative_path.empty())
456 return base::FilePath();
458 base::FilePath path = root.AppendASCII(host).Append(relative_path);
459 if (!base::PathExists(path))
460 return base::FilePath();
461 path = base::MakeAbsoluteFilePath(path);
462 if (path.empty() || !root.IsParent(path))
463 return base::FilePath();
464 return path;
467 bool ValidateExtensionIconSet(const ExtensionIconSet& icon_set,
468 const Extension* extension,
469 int error_message_id,
470 std::string* error) {
471 for (ExtensionIconSet::IconMap::const_iterator iter = icon_set.map().begin();
472 iter != icon_set.map().end();
473 ++iter) {
474 const base::FilePath path =
475 extension->GetResource(iter->second).GetFilePath();
476 if (!ValidateFilePath(path)) {
477 *error = l10n_util::GetStringFUTF8(error_message_id,
478 base::UTF8ToUTF16(iter->second));
479 return false;
482 return true;
485 MessageBundle* LoadMessageBundle(
486 const base::FilePath& extension_path,
487 const std::string& default_locale,
488 std::string* error) {
489 error->clear();
490 // Load locale information if available.
491 base::FilePath locale_path = extension_path.Append(kLocaleFolder);
492 if (!base::PathExists(locale_path))
493 return NULL;
495 std::set<std::string> chrome_locales;
496 extension_l10n_util::GetAllLocales(&chrome_locales);
498 base::FilePath default_locale_path = locale_path.AppendASCII(default_locale);
499 if (default_locale.empty() ||
500 chrome_locales.find(default_locale) == chrome_locales.end() ||
501 !base::PathExists(default_locale_path)) {
502 *error = l10n_util::GetStringUTF8(
503 IDS_EXTENSION_LOCALES_NO_DEFAULT_LOCALE_SPECIFIED);
504 return NULL;
507 MessageBundle* message_bundle =
508 extension_l10n_util::LoadMessageCatalogs(
509 locale_path,
510 default_locale,
511 extension_l10n_util::CurrentLocaleOrDefault(),
512 error);
514 return message_bundle;
517 MessageBundle::SubstitutionMap* LoadMessageBundleSubstitutionMap(
518 const base::FilePath& extension_path,
519 const std::string& extension_id,
520 const std::string& default_locale) {
521 MessageBundle::SubstitutionMap* return_value =
522 new MessageBundle::SubstitutionMap();
523 if (!default_locale.empty()) {
524 // Touch disk only if extension is localized.
525 std::string error;
526 scoped_ptr<MessageBundle> bundle(
527 LoadMessageBundle(extension_path, default_locale, &error));
529 if (bundle.get())
530 *return_value = *bundle->dictionary();
533 // Add @@extension_id reserved message here, so it's available to
534 // non-localized extensions too.
535 return_value->insert(
536 std::make_pair(MessageBundle::kExtensionIdKey, extension_id));
538 return return_value;
541 MessageBundle::SubstitutionMap* LoadMessageBundleSubstitutionMapWithImports(
542 const std::string& extension_id,
543 const ExtensionSet& extension_set) {
544 const Extension* extension = extension_set.GetByID(extension_id);
545 MessageBundle::SubstitutionMap* return_value =
546 new MessageBundle::SubstitutionMap();
548 // Add @@extension_id reserved message here, so it's available to
549 // non-localized extensions too.
550 return_value->insert(
551 std::make_pair(MessageBundle::kExtensionIdKey, extension_id));
553 base::FilePath extension_path;
554 std::string default_locale;
555 if (!extension) {
556 NOTREACHED() << "Missing extension " << extension_id;
557 return return_value;
560 // Touch disk only if extension is localized.
561 default_locale = LocaleInfo::GetDefaultLocale(extension);
562 if (default_locale.empty()) {
563 return return_value;
566 std::string error;
567 scoped_ptr<MessageBundle> bundle(
568 LoadMessageBundle(extension->path(), default_locale, &error));
570 if (bundle.get()) {
571 for (auto iter : *bundle->dictionary()) {
572 return_value->insert(std::make_pair(iter.first, iter.second));
576 auto imports = extensions::SharedModuleInfo::GetImports(extension);
577 // Iterate through the imports in reverse. This will allow later imported
578 // modules to override earlier imported modules, as the list order is
579 // maintained from the definition in manifest.json of the imports.
580 for (auto it = imports.rbegin(); it != imports.rend(); ++it) {
581 const extensions::Extension* imported_extension =
582 extension_set.GetByID(it->extension_id);
583 if (!imported_extension) {
584 NOTREACHED() << "Missing shared module " << it->extension_id;
585 continue;
587 scoped_ptr<MessageBundle> imported_bundle(
588 LoadMessageBundle(imported_extension->path(), default_locale, &error));
590 if (imported_bundle.get()) {
591 for (auto iter : *imported_bundle->dictionary()) {
592 // |insert| only adds new entries, and does not replace entries in
593 // the main extension or previously processed imports.
594 return_value->insert(std::make_pair(iter.first, iter.second));
599 return return_value;
602 base::FilePath GetVerifiedContentsPath(const base::FilePath& extension_path) {
603 return extension_path.Append(kMetadataFolder)
604 .Append(kVerifiedContentsFilename);
606 base::FilePath GetComputedHashesPath(const base::FilePath& extension_path) {
607 return extension_path.Append(kMetadataFolder).Append(kComputedHashesFilename);
610 } // namespace file_util
611 } // namespace extensions