Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / renderer / security_filter_peer.cc
blobe8ca8367fe2cd0ac0deeed2e027a9e8803c4ecb9
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/renderer/security_filter_peer.h"
7 #include <string>
9 #include "base/memory/scoped_ptr.h"
10 #include "base/strings/stringprintf.h"
11 #include "chrome/grit/generated_resources.h"
12 #include "content/public/child/fixed_received_data.h"
13 #include "net/base/net_errors.h"
14 #include "net/http/http_response_headers.h"
15 #include "ui/base/l10n/l10n_util.h"
17 SecurityFilterPeer::SecurityFilterPeer(content::RequestPeer* peer)
18 : original_peer_(peer) {
21 SecurityFilterPeer::~SecurityFilterPeer() {
24 // static
25 SecurityFilterPeer*
26 SecurityFilterPeer::CreateSecurityFilterPeerForDeniedRequest(
27 content::ResourceType resource_type,
28 content::RequestPeer* peer,
29 int os_error) {
30 // Create a filter for SSL and CERT errors.
31 switch (os_error) {
32 case net::ERR_SSL_PROTOCOL_ERROR:
33 case net::ERR_CERT_COMMON_NAME_INVALID:
34 case net::ERR_CERT_DATE_INVALID:
35 case net::ERR_CERT_AUTHORITY_INVALID:
36 case net::ERR_CERT_CONTAINS_ERRORS:
37 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
38 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
39 case net::ERR_CERT_REVOKED:
40 case net::ERR_CERT_INVALID:
41 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
42 case net::ERR_CERT_WEAK_KEY:
43 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
44 case net::ERR_INSECURE_RESPONSE:
45 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
46 if (content::IsResourceTypeFrame(resource_type))
47 return CreateSecurityFilterPeerForFrame(peer, os_error);
48 // Any other content is entirely filtered-out.
49 return new ReplaceContentPeer(peer, std::string(), std::string());
50 default:
51 // For other errors, we use our normal error handling.
52 return NULL;
56 // static
57 SecurityFilterPeer* SecurityFilterPeer::CreateSecurityFilterPeerForFrame(
58 content::RequestPeer* peer,
59 int os_error) {
60 // TODO(jcampan): use a different message when getting a phishing/malware
61 // error.
62 std::string html = base::StringPrintf(
63 "<html><meta charset='UTF-8'>"
64 "<body style='background-color:#990000;color:white;'>"
65 "%s</body></html>",
66 l10n_util::GetStringUTF8(IDS_UNSAFE_FRAME_MESSAGE).c_str());
67 return new ReplaceContentPeer(peer, "text/html", html);
70 void SecurityFilterPeer::OnUploadProgress(uint64 position, uint64 size) {
71 original_peer_->OnUploadProgress(position, size);
74 bool SecurityFilterPeer::OnReceivedRedirect(
75 const net::RedirectInfo& redirect_info,
76 const content::ResourceResponseInfo& info) {
77 NOTREACHED();
78 return false;
81 // static
82 void ProcessResponseInfo(const content::ResourceResponseInfo& info_in,
83 content::ResourceResponseInfo* info_out,
84 const std::string& mime_type) {
85 DCHECK(info_out);
86 *info_out = info_in;
87 info_out->mime_type = mime_type;
88 // Let's create our own HTTP headers.
89 std::string raw_headers;
90 raw_headers.append("HTTP/1.1 200 OK");
91 raw_headers.push_back('\0');
92 // Don't cache the data we are serving, it is not the real data for that URL
93 // (if the filtered resource were to make it into the WebCore cache, then the
94 // same URL loaded in a safe scenario would still return the filtered
95 // resource).
96 raw_headers.append("cache-control: no-cache");
97 raw_headers.push_back('\0');
98 if (!mime_type.empty()) {
99 raw_headers.append("content-type: ");
100 raw_headers.append(mime_type);
101 raw_headers.push_back('\0');
103 raw_headers.push_back('\0');
104 net::HttpResponseHeaders* new_headers =
105 new net::HttpResponseHeaders(raw_headers);
106 info_out->headers = new_headers;
109 ////////////////////////////////////////////////////////////////////////////////
110 // BufferedPeer
112 BufferedPeer::BufferedPeer(content::RequestPeer* peer,
113 const std::string& mime_type)
114 : SecurityFilterPeer(peer), mime_type_(mime_type) {}
116 BufferedPeer::~BufferedPeer() {
119 void BufferedPeer::OnReceivedResponse(
120 const content::ResourceResponseInfo& info) {
121 ProcessResponseInfo(info, &response_info_, mime_type_);
124 void BufferedPeer::OnReceivedData(scoped_ptr<ReceivedData> data) {
125 data_.append(data->payload(), data->length());
128 void BufferedPeer::OnCompletedRequest(int error_code,
129 bool was_ignored_by_handler,
130 bool stale_copy_in_cache,
131 const std::string& security_info,
132 const base::TimeTicks& completion_time,
133 int64 total_transfer_size) {
134 // Make sure we delete ourselves at the end of this call.
135 scoped_ptr<BufferedPeer> this_deleter(this);
137 // Give sub-classes a chance at altering the data.
138 if (error_code != net::OK || !DataReady()) {
139 // Pretend we failed to load the resource.
140 original_peer_->OnReceivedCompletedResponse(
141 response_info_, nullptr, net::ERR_ABORTED, false, stale_copy_in_cache,
142 security_info, completion_time, total_transfer_size);
143 return;
146 scoped_ptr<content::FixedReceivedData> data_to_pass(
147 data_.empty() ? nullptr : new content::FixedReceivedData(
148 data_.data(), data_.size(), -1));
149 original_peer_->OnReceivedCompletedResponse(
150 response_info_, data_to_pass.Pass(), error_code, was_ignored_by_handler,
151 stale_copy_in_cache, security_info, completion_time, total_transfer_size);
154 void BufferedPeer::OnReceivedCompletedResponse(
155 const content::ResourceResponseInfo& info,
156 scoped_ptr<ReceivedData> data,
157 int error_code,
158 bool was_ignored_by_handler,
159 bool stale_copy_in_cache,
160 const std::string& security_info,
161 const base::TimeTicks& completion_time,
162 int64 total_transfer_size) {
163 // Make sure we delete ourselves at the end of this call.
164 scoped_ptr<BufferedPeer> this_deleter(this);
165 original_peer_->OnReceivedCompletedResponse(
166 info, data.Pass(), error_code, was_ignored_by_handler,
167 stale_copy_in_cache, security_info, completion_time, total_transfer_size);
170 ////////////////////////////////////////////////////////////////////////////////
171 // ReplaceContentPeer
173 ReplaceContentPeer::ReplaceContentPeer(content::RequestPeer* peer,
174 const std::string& mime_type,
175 const std::string& data)
176 : SecurityFilterPeer(peer),
177 mime_type_(mime_type),
178 data_(data) {}
180 ReplaceContentPeer::~ReplaceContentPeer() {
183 void ReplaceContentPeer::OnReceivedResponse(
184 const content::ResourceResponseInfo& info) {
185 // Ignore this, we'll serve some alternate content in OnCompletedRequest.
188 void ReplaceContentPeer::OnReceivedData(scoped_ptr<ReceivedData> data) {
189 // Ignore this, we'll serve some alternate content in OnCompletedRequest.
192 void ReplaceContentPeer::OnCompletedRequest(
193 int error_code,
194 bool was_ignored_by_handler,
195 bool stale_copy_in_cache,
196 const std::string& security_info,
197 const base::TimeTicks& completion_time,
198 int64 total_transfer_size) {
199 // Make sure we delete ourselves at the end of this call.
200 scoped_ptr<ReplaceContentPeer> this_deleter(this);
202 content::ResourceResponseInfo info;
203 ProcessResponseInfo(info, &info, mime_type_);
204 info.security_info = security_info;
205 info.content_length = static_cast<int>(data_.size());
207 scoped_ptr<content::FixedReceivedData> data_to_pass(
208 data_.empty() ? nullptr : new content::FixedReceivedData(
209 data_.data(), data_.size(), -1));
210 original_peer_->OnReceivedCompletedResponse(
211 response_info_, data_to_pass.Pass(), net::OK, false, stale_copy_in_cache,
212 security_info, completion_time, total_transfer_size);
215 void ReplaceContentPeer::OnReceivedCompletedResponse(
216 const content::ResourceResponseInfo& info,
217 scoped_ptr<ReceivedData> data,
218 int error_code,
219 bool was_ignored_by_handler,
220 bool stale_copy_in_cache,
221 const std::string& security_info,
222 const base::TimeTicks& completion_time,
223 int64 total_transfer_size) {
224 // Make sure we delete ourselves at the end of this call.
225 scoped_ptr<ReplaceContentPeer> this_deleter(this);
227 original_peer_->OnReceivedCompletedResponse(
228 info, data.Pass(), error_code, was_ignored_by_handler,
229 stale_copy_in_cache, security_info, completion_time, total_transfer_size);