diff options
| author | cdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-20 22:25:00 +0000 |
|---|---|---|
| committer | cdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-20 22:25:00 +0000 |
| commit | f59a805a41a6cb660bec99b266630ffe38987139 (patch) | |
| tree | 7ad034f21737f48ef7275739402e2b800fc7c9a8 /chrome/common | |
| parent | 0472723445df8160a71cf7b7e98d7d52267471f8 (diff) | |
| download | chromium_src-f59a805a41a6cb660bec99b266630ffe38987139.zip chromium_src-f59a805a41a6cb660bec99b266630ffe38987139.tar.gz chromium_src-f59a805a41a6cb660bec99b266630ffe38987139.tar.bz2 | |
Allow wildcards in web_accessible_resources and sandbox pages for extension manifests.
BUG=133162
TEST=ExtensionManifestTest.WebAccessibleResources, ExtensionManifestTest.SandboxedPages
Review URL: https://chromiumcodereview.appspot.com/10577027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143278 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common')
4 files changed, 65 insertions, 21 deletions
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc index 6af4a6d..cf48af4 100644 --- a/chrome/common/extensions/extension.cc +++ b/chrome/common/extensions/extension.cc @@ -37,6 +37,7 @@ #include "chrome/common/extensions/features/simple_feature_provider.h" #include "chrome/common/extensions/file_browser_handler.h" #include "chrome/common/extensions/manifest.h" +#include "chrome/common/extensions/url_pattern_set.h" #include "chrome/common/extensions/user_script.h" #include "chrome/common/url_constants.h" #include "crypto/sha2.h" @@ -516,6 +517,12 @@ GURL Extension::GetBackgroundURL() const { } } +bool Extension::ResourceMatches(const URLPatternSet& pattern_set, + const std::string& resource) const { + GURL url = extension_url_.Resolve(resource); + return pattern_set.MatchesURL(url); +} + bool Extension::IsResourceWebAccessible(const std::string& relative_path) const { // For old manifest versions which do not specify web_accessible_resources @@ -523,11 +530,7 @@ bool Extension::IsResourceWebAccessible(const std::string& relative_path) if (manifest_version_ < 2 && !HasWebAccessibleResources()) return true; - if (web_accessible_resources_.find(relative_path) != - web_accessible_resources_.end()) - return true; - - return false; + return ResourceMatches(web_accessible_resources_, relative_path); } bool Extension::HasWebAccessibleResources() const { @@ -538,7 +541,7 @@ bool Extension::HasWebAccessibleResources() const { } bool Extension::IsSandboxedPage(const std::string& relative_path) const { - return sandboxed_pages_.find(relative_path) != sandboxed_pages_.end(); + return ResourceMatches(sandboxed_pages_, relative_path); } @@ -1604,9 +1607,12 @@ bool Extension::LoadWebAccessibleResources(string16* error) { errors::kInvalidWebAccessibleResource, base::IntToString(i)); return false; } - if (relative_path[0] != '/') - relative_path = '/' + relative_path; - web_accessible_resources_.insert(relative_path); + URLPattern pattern(URLPattern::SCHEME_EXTENSION); + pattern.Parse(extension_url_.spec()); + while (relative_path[0] == '/') + relative_path = relative_path.substr(1, relative_path.length() - 1); + pattern.SetPath(pattern.path() + relative_path); + web_accessible_resources_.AddPattern(pattern); } return true; @@ -1628,9 +1634,12 @@ bool Extension::LoadSandboxedPages(string16* error) { errors::kInvalidSandboxedPage, base::IntToString(i)); return false; } - if (relative_path[0] != '/') - relative_path = '/' + relative_path; - sandboxed_pages_.insert(relative_path); + URLPattern pattern(URLPattern::SCHEME_EXTENSION); + pattern.Parse(extension_url_.spec()); + while (relative_path[0] == '/') + relative_path = relative_path.substr(1, relative_path.length() - 1); + pattern.SetPath(pattern.path() + relative_path); + sandboxed_pages_.AddPattern(pattern); } if (manifest_->HasPath(keys::kSandboxedPagesCSP)) { diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h index 92d95c0..d6f78e4 100644 --- a/chrome/common/extensions/extension.h +++ b/chrome/common/extensions/extension.h @@ -346,6 +346,10 @@ class Extension : public base::RefCountedThreadSafe<Extension> { return GetResourceURL(url(), relative_path); } + // Returns true if the resource matches a pattern in the pattern_set. + bool ResourceMatches(const URLPatternSet& pattern_set, + const std::string& resource) const; + // Returns true if the specified resource is web accessible. bool IsResourceWebAccessible(const std::string& relative_path) const; @@ -1003,11 +1007,11 @@ class Extension : public base::RefCountedThreadSafe<Extension> { extensions::CommandMap named_commands_; // Optional list of web accessible extension resources. - base::hash_set<std::string> web_accessible_resources_; + URLPatternSet web_accessible_resources_; // Optional list of extension pages that are sandboxed (served from a unique // origin with a different Content Security Policy). - base::hash_set<std::string> sandboxed_pages_; + URLPatternSet sandboxed_pages_; // Content Security Policy that should be used to enforce the sandbox used // by sandboxed pages (guaranteed to have the "sandbox" directive without the diff --git a/chrome/common/extensions/manifest_tests/extension_manifests_sandboxed_unittest.cc b/chrome/common/extensions/manifest_tests/extension_manifests_sandboxed_unittest.cc index 5ae375a..14774ca 100644 --- a/chrome/common/extensions/manifest_tests/extension_manifests_sandboxed_unittest.cc +++ b/chrome/common/extensions/manifest_tests/extension_manifests_sandboxed_unittest.cc @@ -24,6 +24,14 @@ TEST_F(ExtensionManifestTest, SandboxedPages) { scoped_refptr<Extension> extension3( LoadAndExpectSuccess("sandboxed_pages_valid_3.json")); + // Sandboxed pages specified with wildcard, no custom CSP value. + scoped_refptr<Extension> extension4( + LoadAndExpectSuccess("sandboxed_pages_valid_4.json")); + + // Sandboxed pages specified with filename wildcard, no custom CSP value. + scoped_refptr<Extension> extension5( + LoadAndExpectSuccess("sandboxed_pages_valid_5.json")); + const char kSandboxedCSP[] = "sandbox allow-scripts allow-forms"; const char kDefaultCSP[] = "script-src 'self' chrome-extension-resource:; object-src 'self'"; @@ -37,6 +45,12 @@ TEST_F(ExtensionManifestTest, SandboxedPages) { EXPECT_EQ(kCustomSandboxedCSP, extension3->GetResourceContentSecurityPolicy("/test")); EXPECT_EQ(kDefaultCSP, extension3->GetResourceContentSecurityPolicy("/none")); + EXPECT_EQ(kSandboxedCSP, + extension4->GetResourceContentSecurityPolicy("/test")); + EXPECT_EQ(kSandboxedCSP, + extension5->GetResourceContentSecurityPolicy("/path/test.ext")); + EXPECT_EQ(kDefaultCSP, + extension5->GetResourceContentSecurityPolicy("/test")); Testcase testcases[] = { Testcase("sandboxed_pages_invalid_1.json", diff --git a/chrome/common/extensions/manifest_tests/extension_manifests_web_unittest.cc b/chrome/common/extensions/manifest_tests/extension_manifests_web_unittest.cc index 879c537..e6fc6e7 100644 --- a/chrome/common/extensions/manifest_tests/extension_manifests_web_unittest.cc +++ b/chrome/common/extensions/manifest_tests/extension_manifests_web_unittest.cc @@ -32,21 +32,38 @@ TEST_F(ExtensionManifestTest, WebAccessibleResources) { scoped_refptr<Extension> extension4( LoadAndExpectSuccess("web_accessible_resources_4.json")); + // Default manifest version with wildcard web accessible resource. + scoped_refptr<Extension> extension5( + LoadAndExpectSuccess("web_accessible_resources_5.json")); + + // Default manifest version with wildcard with specific path and extension. + scoped_refptr<Extension> extension6( + LoadAndExpectSuccess("web_accessible_resources_6.json")); + EXPECT_TRUE(extension1->HasWebAccessibleResources()); EXPECT_FALSE(extension2->HasWebAccessibleResources()); EXPECT_TRUE(extension3->HasWebAccessibleResources()); EXPECT_FALSE(extension4->HasWebAccessibleResources()); + EXPECT_TRUE(extension5->HasWebAccessibleResources()); + EXPECT_TRUE(extension6->HasWebAccessibleResources()); + + EXPECT_TRUE(extension1->IsResourceWebAccessible("test")); + EXPECT_FALSE(extension1->IsResourceWebAccessible("none")); + + EXPECT_FALSE(extension2->IsResourceWebAccessible("test")); - EXPECT_TRUE(extension1->IsResourceWebAccessible("/test")); - EXPECT_FALSE(extension1->IsResourceWebAccessible("/none")); + EXPECT_TRUE(extension3->IsResourceWebAccessible("test")); + EXPECT_FALSE(extension3->IsResourceWebAccessible("none")); - EXPECT_FALSE(extension2->IsResourceWebAccessible("/test")); + EXPECT_TRUE(extension4->IsResourceWebAccessible("test")); + EXPECT_TRUE(extension4->IsResourceWebAccessible("none")); - EXPECT_TRUE(extension3->IsResourceWebAccessible("/test")); - EXPECT_FALSE(extension3->IsResourceWebAccessible("/none")); + EXPECT_TRUE(extension5->IsResourceWebAccessible("anything")); + EXPECT_TRUE(extension5->IsResourceWebAccessible("path/anything")); - EXPECT_TRUE(extension4->IsResourceWebAccessible("/test")); - EXPECT_TRUE(extension4->IsResourceWebAccessible("/none")); + EXPECT_TRUE(extension6->IsResourceWebAccessible("path/anything.ext")); + EXPECT_FALSE(extension6->IsResourceWebAccessible("anything.ext")); + EXPECT_FALSE(extension6->IsResourceWebAccessible("path/anything.badext")); } TEST_F(ExtensionManifestTest, WebIntents) { |