diff options
| author | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-02 00:42:39 +0000 |
|---|---|---|
| committer | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-02 00:42:39 +0000 |
| commit | a466a0c5b21e3ecf2b5ff3f37260e167fe1b017f (patch) | |
| tree | 98761cf267cf1be613e420da8e251d8cfdcf403a /webkit/glue | |
| parent | 10575ccb63ed99277da1b9663a71ede2be497708 (diff) | |
| download | chromium_src-a466a0c5b21e3ecf2b5ff3f37260e167fe1b017f.zip chromium_src-a466a0c5b21e3ecf2b5ff3f37260e167fe1b017f.tar.gz chromium_src-a466a0c5b21e3ecf2b5ff3f37260e167fe1b017f.tar.bz2 | |
Don't load plugins on the UI thread for pref and group policy disabling.
BUG=57425
Review URL: http://codereview.chromium.org/3584007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61271 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue')
| -rw-r--r-- | webkit/glue/plugins/plugin_group.cc | 426 | ||||
| -rw-r--r-- | webkit/glue/plugins/plugin_group.h | 183 | ||||
| -rw-r--r-- | webkit/glue/plugins/plugin_group_unittest.cc | 187 | ||||
| -rw-r--r-- | webkit/glue/plugins/plugin_list.cc | 132 | ||||
| -rw-r--r-- | webkit/glue/plugins/plugin_list.h | 33 | ||||
| -rw-r--r-- | webkit/glue/webkit_glue.gypi | 2 |
6 files changed, 953 insertions, 10 deletions
diff --git a/webkit/glue/plugins/plugin_group.cc b/webkit/glue/plugins/plugin_group.cc new file mode 100644 index 0000000..2639b8f --- /dev/null +++ b/webkit/glue/plugins/plugin_group.cc @@ -0,0 +1,426 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "webkit/glue/plugins/plugin_group.h" + +#include "base/linked_ptr.h" +#include "base/string_util.h" +#include "base/sys_string_conversions.h" +#include "base/utf_string_conversions.h" +#include "base/values.h" +#include "base/version.h" +#include "webkit/glue/plugins/plugin_list.h" +#include "webkit/glue/plugins/webplugininfo.h" + +#if defined(OS_MACOSX) +// Plugin Groups for Mac. +// Plugins are listed here as soon as vulnerabilities and solutions +// (new versions) are published. +// TODO(panayiotis): Get the Real Player version on Mac, somehow. +static const PluginGroupDefinition kGroupDefinitions[] = { + { "apple-quicktime", "Quicktime", "QuickTime Plug-in", "", "", "7.6.6", + "http://www.apple.com/quicktime/download/" }, + { "java-runtime-environment", "Java", "Java", "", "", "", + "http://support.apple.com/kb/HT1338" }, + { "adobe-flash-player", "Flash", "Shockwave Flash", "", "", "10.1.82", + "http://get.adobe.com/flashplayer/" }, + { "silverlight-3", "Silverlight 3", "Silverlight", "0", "4", "3.0.50106.0", + "http://go.microsoft.com/fwlink/?LinkID=185927" }, + { "silverlight-4", "Silverlight 4", "Silverlight", "4", "5", "", + "http://go.microsoft.com/fwlink/?LinkID=185927" }, + { "flip4mac", "Flip4Mac", "Flip4Mac", "", "", "2.2.1", + "http://www.telestream.net/flip4mac-wmv/overview.htm" }, + { "shockwave", "Shockwave", "Shockwave for Director", "", "", "11.5.8.612", + "http://www.adobe.com/shockwave/download/" } +}; + +#elif defined(OS_WIN) +// TODO(panayiotis): We should group "RealJukebox NS Plugin" with the rest of +// the RealPlayer files. +static const PluginGroupDefinition kGroupDefinitions[] = { + { "apple-quicktime", "Quicktime", "QuickTime Plug-in", "", "", "7.6.7", + "http://www.apple.com/quicktime/download/" }, + { "java-runtime-environment", "Java 6", "Java", "", "6", "6.0.200", + "http://www.java.com/" }, + { "adobe-reader", "Adobe Reader 9", "Adobe Acrobat", "9", "10", "9.3.3", + "http://get.adobe.com/reader/" }, + { "adobe-reader-8", "Adobe Reader 8", "Adobe Acrobat", "0", "9", "8.2.3", + "http://get.adobe.com/reader/" }, + { "adobe-flash-player", "Flash", "Shockwave Flash", "", "", "10.1.82", + "http://get.adobe.com/flashplayer/" }, + { "silverlight-3", "Silverlight 3", "Silverlight", "0", "4", "3.0.50106.0", + "http://go.microsoft.com/fwlink/?LinkID=185927" }, + { "silverlight-4", "Silverlight 4", "Silverlight", "4", "5", "", + "http://go.microsoft.com/fwlink/?LinkID=185927" }, + { "shockwave", "Shockwave", "Shockwave for Director", "", "", "11.5.8.612", + "http://www.adobe.com/shockwave/download/" }, + { "divx-player", "DivX Player", "DivX Web Player", "", "", "1.4.3.4", + "http://download.divx.com/divx/autoupdate/player/" + "DivXWebPlayerInstaller.exe" }, + // These are here for grouping, no vulnerabilies known. + { "windows-media-player", "Windows Media Player", "Windows Media Player", + "", "", "", "" }, + { "microsoft-office", "Microsoft Office", "Microsoft Office", + "", "", "", "" }, + // TODO(panayiotis): The vulnerable versions are + // (v >= 6.0.12.1040 && v <= 6.0.12.1663) + // || v == 6.0.12.1698 || v == 6.0.12.1741 + { "realplayer", "RealPlayer", "RealPlayer", "", "", "", + "http://www.adobe.com/shockwave/download/" }, +}; + +#else +static const PluginGroupDefinition kGroupDefinitions[] = {}; +#endif + +/*static*/ +std::set<string16>* PluginGroup::policy_disabled_plugin_patterns_; + +/*static*/ +const PluginGroupDefinition* PluginGroup::GetPluginGroupDefinitions() { + return kGroupDefinitions; +} + +/*static*/ +size_t PluginGroup::GetPluginGroupDefinitionsSize() { + // TODO(viettrungluu): |arraysize()| doesn't work with zero-size arrays. + return ARRAYSIZE_UNSAFE(kGroupDefinitions); +} + +/*static*/ +void PluginGroup::SetPolicyDisabledPluginPatterns( + const std::set<string16>& set) { + if (!policy_disabled_plugin_patterns_) + policy_disabled_plugin_patterns_ = new std::set<string16>(set); + else + *policy_disabled_plugin_patterns_ = set; +} + +/*static*/ +bool PluginGroup::IsPluginNameDisabledByPolicy(const string16& plugin_name) { + if (!policy_disabled_plugin_patterns_) + return false; + + std::set<string16>::const_iterator pattern( + policy_disabled_plugin_patterns_->begin()); + while (pattern != policy_disabled_plugin_patterns_->end()) { + if (MatchPattern(plugin_name, *pattern)) + return true; + ++pattern; + } + + return false; +} + +/*static*/ +bool PluginGroup::IsPluginPathDisabledByPolicy(const FilePath& plugin_path) { + std::vector<WebPluginInfo> plugins; + NPAPI::PluginList::Singleton()->GetPlugins(false, &plugins); + for (std::vector<WebPluginInfo>::const_iterator it = plugins.begin(); + it != plugins.end(); + ++it) { + if (FilePath::CompareEqualIgnoreCase(it->path.value(), + plugin_path.value()) && IsPluginNameDisabledByPolicy(it->name)) { + return true; + } + } + return false; +} + +PluginGroup::PluginGroup(const string16& group_name, + const string16& name_matcher, + const std::string& version_range_low, + const std::string& version_range_high, + const std::string& min_version, + const std::string& update_url, + const std::string& identifier) + : identifier_(identifier), + group_name_(group_name), + name_matcher_(name_matcher), + version_range_low_str_(version_range_low), + version_range_high_str_(version_range_high), + update_url_(update_url), + enabled_(false), + min_version_str_(min_version), + version_(Version::GetVersionFromString("0")) { + if (!version_range_low.empty()) + version_range_low_.reset(Version::GetVersionFromString(version_range_low)); + if (!version_range_high.empty()) { + version_range_high_.reset( + Version::GetVersionFromString(version_range_high)); + } + if (!min_version.empty()) + min_version_.reset(Version::GetVersionFromString(min_version)); +} + +PluginGroup* PluginGroup::FromPluginGroupDefinition( + const PluginGroupDefinition& definition) { + return new PluginGroup(ASCIIToUTF16(definition.name), + ASCIIToUTF16(definition.name_matcher), + definition.version_matcher_low, + definition.version_matcher_high, + definition.min_version, + definition.update_url, + definition.identifier); +} + +PluginGroup::~PluginGroup() { } + +PluginGroup* PluginGroup::FromWebPluginInfo(const WebPluginInfo& wpi) { + // Create a matcher from the name of this plugin. +#if defined(OS_POSIX) + std::string identifier = wpi.path.BaseName().value(); +#elif defined(OS_WIN) + std::string identifier = base::SysWideToUTF8(wpi.path.BaseName().value()); +#endif + return new PluginGroup(wpi.name, wpi.name, std::string(), std::string(), + std::string(), std::string(), identifier); +} + +PluginGroup* PluginGroup::CopyOrCreatePluginGroup( + const WebPluginInfo& info) { + static PluginMap* hardcoded_plugin_groups = NULL; + if (!hardcoded_plugin_groups) { + PluginMap* groups = new PluginMap(); + const PluginGroupDefinition* definitions = GetPluginGroupDefinitions(); + for (size_t i = 0; i < GetPluginGroupDefinitionsSize(); ++i) { + PluginGroup* definition_group = PluginGroup::FromPluginGroupDefinition( + definitions[i]); + std::string identifier = definition_group->identifier(); + DCHECK(groups->find(identifier) == groups->end()); + (*groups)[identifier] = linked_ptr<PluginGroup>(definition_group); + } + hardcoded_plugin_groups = groups; + } + + // See if this plugin matches any of the hardcoded groups. + PluginGroup* hardcoded_group = FindGroupMatchingPlugin( + *hardcoded_plugin_groups, info); + if (hardcoded_group) { + // Make a copy. + return hardcoded_group->Copy(); + } else { + // Not found in our hardcoded list, create a new one. + return PluginGroup::FromWebPluginInfo(info); + } +} + +PluginGroup* PluginGroup::FindGroupMatchingPlugin( + const PluginMap& plugin_groups, + const WebPluginInfo& plugin) { + for (std::map<std::string, linked_ptr<PluginGroup> >::const_iterator it = + plugin_groups.begin(); + it != plugin_groups.end(); + ++it) { + if (it->second->Match(plugin)) + return it->second.get(); + } + return NULL; +} + +bool PluginGroup::Match(const WebPluginInfo& plugin) const { + if (name_matcher_.empty()) { + return false; + } + + // Look for the name matcher anywhere in the plugin name. + if (plugin.name.find(name_matcher_) == string16::npos) { + return false; + } + + if (version_range_low_.get() == NULL || + version_range_high_.get() == NULL) { + return true; + } + + // There's a version range, we must be in it. + scoped_ptr<Version> plugin_version( + Version::GetVersionFromString(UTF16ToWide(plugin.version))); + if (plugin_version.get() == NULL) { + // No version could be extracted, assume we don't match the range. + return false; + } + + // We match if we are in the range: [low, high) + return (version_range_low_->CompareTo(*plugin_version) <= 0 && + version_range_high_->CompareTo(*plugin_version) > 0); +} + +Version* PluginGroup::CreateVersionFromString(const string16& version_string) { + // Remove spaces and ')' from the version string, + // Replace any instances of 'r', ',' or '(' with a dot. + std::wstring version = UTF16ToWide(version_string); + RemoveChars(version, L") ", &version); + std::replace(version.begin(), version.end(), 'r', '.'); + std::replace(version.begin(), version.end(), ',', '.'); + std::replace(version.begin(), version.end(), '(', '.'); + + return Version::GetVersionFromString(version); +} + +void PluginGroup::UpdateActivePlugin(const WebPluginInfo& plugin) { + // A group is enabled if any of the files are enabled. + if (plugin.enabled) { + if (!enabled_) { + // If this is the first enabled plugin, use its description. + enabled_ = true; + UpdateDescriptionAndVersion(plugin); + } + } else { + // If this is the first plugin and it's disabled, + // use its description for now. + if (description_.empty()) + UpdateDescriptionAndVersion(plugin); + } +} + +void PluginGroup::UpdateDescriptionAndVersion(const WebPluginInfo& plugin) { + description_ = plugin.desc; + if (Version* new_version = CreateVersionFromString(plugin.version)) + version_.reset(new_version); + else + version_.reset(Version::GetVersionFromString("0")); +} + +void PluginGroup::AddPlugin(const WebPluginInfo& plugin, int position) { + web_plugin_infos_.push_back(plugin); + // The position of this plugin relative to the global list of plugins. + web_plugin_positions_.push_back(position); + UpdateActivePlugin(plugin); +} + +string16 PluginGroup::GetGroupName() const { + if (!group_name_.empty()) + return group_name_; + DCHECK_EQ(1u, web_plugin_infos_.size()); + FilePath::StringType path = + web_plugin_infos_[0].path.BaseName().RemoveExtension().value(); +#if defined(OS_POSIX) + return UTF8ToUTF16(path); +#elif defined(OS_WIN) + return WideToUTF16(path); +#endif +} + +DictionaryValue* PluginGroup::GetSummary() const { + DictionaryValue* result = new DictionaryValue(); + result->SetString("name", GetGroupName()); + result->SetBoolean("enabled", enabled_); + return result; +} + +DictionaryValue* PluginGroup::GetDataForUI() const { + string16 name = GetGroupName(); + DictionaryValue* result = new DictionaryValue(); + result->SetString("name", name); + result->SetString("description", description_); + result->SetString("version", version_->GetString()); + result->SetString("update_url", update_url_); + result->SetBoolean("critical", IsVulnerable()); + + bool group_disabled_by_policy = IsPluginNameDisabledByPolicy(name); + ListValue* plugin_files = new ListValue(); + bool all_plugins_disabled_by_policy = true; + for (size_t i = 0; i < web_plugin_infos_.size(); ++i) { + const WebPluginInfo& web_plugin = web_plugin_infos_[i]; + int priority = web_plugin_positions_[i]; + DictionaryValue* plugin_file = new DictionaryValue(); + plugin_file->SetString("name", web_plugin.name); + plugin_file->SetString("description", web_plugin.desc); + plugin_file->SetString("path", web_plugin.path.value()); + plugin_file->SetString("version", web_plugin.version); + bool plugin_disabled_by_policy = group_disabled_by_policy || + IsPluginNameDisabledByPolicy(web_plugin.name); + if (plugin_disabled_by_policy) { + plugin_file->SetString("enabledMode", "disabledByPolicy"); + } else { + all_plugins_disabled_by_policy = false; + plugin_file->SetString("enabledMode", + web_plugin.enabled ? "enabled" : "disabledByUser"); + } + plugin_file->SetInteger("priority", priority); + + ListValue* mime_types = new ListValue(); + for (std::vector<WebPluginMimeType>::const_iterator type_it = + web_plugin.mime_types.begin(); + type_it != web_plugin.mime_types.end(); + ++type_it) { + DictionaryValue* mime_type = new DictionaryValue(); + mime_type->SetString("mimeType", type_it->mime_type); + mime_type->SetString("description", type_it->description); + + ListValue* file_extensions = new ListValue(); + for (std::vector<std::string>::const_iterator ext_it = + type_it->file_extensions.begin(); + ext_it != type_it->file_extensions.end(); + ++ext_it) { + file_extensions->Append(new StringValue(*ext_it)); + } + mime_type->Set("fileExtensions", file_extensions); + + mime_types->Append(mime_type); + } + plugin_file->Set("mimeTypes", mime_types); + + plugin_files->Append(plugin_file); + } + + if (group_disabled_by_policy || all_plugins_disabled_by_policy) { + result->SetString("enabledMode", "disabledByPolicy"); + } else { + result->SetString("enabledMode", enabled_ ? "enabled" : "disabledByUser"); + } + result->Set("plugin_files", plugin_files); + + return result; +} + +// Returns true if the latest version of this plugin group is vulnerable. +bool PluginGroup::IsVulnerable() const { + if (min_version_.get() == NULL || version_->GetString() == "0") { + return false; + } + return version_->CompareTo(*min_version_) < 0; +} + +void PluginGroup::DisableOutdatedPlugins() { + if (!min_version_.get()) + return; + + description_ = string16(); + enabled_ = false; + + for (std::vector<WebPluginInfo>::iterator it = + web_plugin_infos_.begin(); + it != web_plugin_infos_.end(); ++it) { + scoped_ptr<Version> version(CreateVersionFromString(it->version)); + if (version.get() && version->CompareTo(*min_version_) < 0) { + it->enabled = false; + NPAPI::PluginList::Singleton()->DisablePlugin(it->path); + } + UpdateActivePlugin(*it); + } +} + +void PluginGroup::Enable(bool enable) { + for (std::vector<WebPluginInfo>::const_iterator it = + web_plugin_infos_.begin(); + it != web_plugin_infos_.end(); ++it) { + if (enable && !IsPluginNameDisabledByPolicy(it->name)) { + NPAPI::PluginList::Singleton()->EnablePlugin(it->path); + } else { + NPAPI::PluginList::Singleton()->DisablePlugin(it->path); + } + } +} + +std::vector<FilePath> PluginGroup::GetPaths() const { + std::vector<FilePath> rv; + for (std::vector<WebPluginInfo>::const_iterator it = + web_plugin_infos_.begin(); + it != web_plugin_infos_.end(); ++it) { + rv.push_back(it->path); + } + return rv; +} diff --git a/webkit/glue/plugins/plugin_group.h b/webkit/glue/plugins/plugin_group.h new file mode 100644 index 0000000..43640fd --- /dev/null +++ b/webkit/glue/plugins/plugin_group.h @@ -0,0 +1,183 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef WEBKIT_GLUE_PLUGINS_PLUGIN_GROUP_H_ +#define WEBKIT_GLUE_PLUGINS_PLUGIN_GROUP_H_ +#pragma once + +#include <map> +#include <set> +#include <vector> + +#include "base/gtest_prod_util.h" +#include "base/scoped_ptr.h" +#include "base/string16.h" + +class DictionaryValue; +class FilePath; +class Version; +struct WebPluginInfo; + +namespace NPAPI { + class PluginList; +}; + +template <typename T> +class linked_ptr; + +// Hard-coded definitions of plugin groups. +struct PluginGroupDefinition { + const char* identifier; // Unique identifier for this group. + const char* name; // Name of this group. + const char* name_matcher; // Substring matcher for the plugin name. + const char* version_matcher_low; // Matchers for the plugin version. + const char* version_matcher_high; + const char* min_version; // Minimum secure version. + const char* update_url; // Location of latest secure version. +}; + +// A PluginGroup can match a range of versions of a specific plugin (as defined +// by matching a substring of its name). +// It contains all WebPluginInfo structs (at least one) matching its definition. +// In addition, it knows about a security "baseline", i.e. the minimum version +// of a plugin that is needed in order not to exhibit known security +// vulnerabilities. + +class PluginGroup { + public: + typedef std::map<std::string, linked_ptr<PluginGroup> > PluginMap; + + // Creates a PluginGroup from a PluginGroupDefinition. + static PluginGroup* FromPluginGroupDefinition( + const PluginGroupDefinition& definition); + + ~PluginGroup(); + + // Creates a PluginGroup from a WebPluginInfo -- when no hard-coded + // definition is found. + static PluginGroup* FromWebPluginInfo(const WebPluginInfo& wpi); + + // Find a plugin group matching |info| in the list of hardcoded plugins and + // returns a copy of it if found, or a new group matching exactly this plugin + // otherwise. + // The caller should take ownership of the return PluginGroup. + static PluginGroup* CopyOrCreatePluginGroup(const WebPluginInfo& info); + + // Configures the set of plugin name patterns for disabling plugins via + // enterprise configuration management. + static void SetPolicyDisabledPluginPatterns(const std::set<string16>& set); + + // Tests to see if a plugin is on the blacklist using its name as + // the lookup key. + static bool IsPluginNameDisabledByPolicy(const string16& plugin_name); + + // Tests to see if a plugin is on the blacklist using its path as + // the lookup key. + static bool IsPluginPathDisabledByPolicy(const FilePath& plugin_path); + + // Find the PluginGroup matching a Plugin in a list of plugin groups. Returns + // NULL if no matching PluginGroup is found. + static PluginGroup* FindGroupMatchingPlugin( + const std::map<std::string, linked_ptr<PluginGroup> >& plugin_groups, + const WebPluginInfo& plugin); + + // Creates a copy of this plugin group. + PluginGroup* Copy() { + return new PluginGroup(group_name_, name_matcher_, version_range_low_str_, + version_range_high_str_, min_version_str_, + update_url_, identifier_); + } + + // Returns true if the given plugin matches this group. + bool Match(const WebPluginInfo& plugin) const; + + // Adds the given plugin to this group. Provide the position of the + // plugin as given by PluginList so we can display its priority. + void AddPlugin(const WebPluginInfo& plugin, int position); + + // Enables/disables this group. This enables/disables all plugins in the + // group. + void Enable(bool enable); + + // Returns whether the plugin group is enabled or not. + bool Enabled() const { return enabled_; } + + // Returns a unique identifier for this group, if one is defined, or the empty + // string otherwise. + const std::string& identifier() const { return identifier_; } + + // Returns this group's name, or the filename without extension if the name + // is empty. + string16 GetGroupName() const; + + // Returns the description of the highest-priority plug-in in the group. + const string16& description() const { return description_; } + + // Returns a DictionaryValue with data to display in the UI. + DictionaryValue* GetDataForUI() const; + + // Returns a DictionaryValue with data to save in the preferences. + DictionaryValue* GetSummary() const; + + // Returns the update URL. + std::string GetUpdateURL() const { return update_url_; } + + // Returns true if the highest-priority plugin in this group has known + // security problems. + bool IsVulnerable() const; + + // Disables all plugins in this group that are older than the + // minimum version. + void DisableOutdatedPlugins(); + + protected: + friend class NPAPI::PluginList; + std::vector<FilePath> GetPaths() const; + + private: + FRIEND_TEST_ALL_PREFIXES(PluginGroupTest, PluginGroupDefinition); + + static const PluginGroupDefinition* GetPluginGroupDefinitions(); + static size_t GetPluginGroupDefinitionsSize(); + + PluginGroup(const string16& group_name, + const string16& name_matcher, + const std::string& version_range_low, + const std::string& version_range_high, + const std::string& min_version, + const std::string& update_url, + const std::string& identifier); + + Version* CreateVersionFromString(const string16& version_string); + + // Set the description and version for this plugin group from the + // given plug-in. + void UpdateDescriptionAndVersion(const WebPluginInfo& plugin); + + // Updates the active plugin in the group. The active plugin is the first + // enabled one, or if all plugins are disabled, simply the first one. + void UpdateActivePlugin(const WebPluginInfo& plugin); + + static std::set<string16>* policy_disabled_plugin_patterns_; + + std::string identifier_; + string16 group_name_; + string16 name_matcher_; + std::string version_range_low_str_; + std::string version_range_high_str_; + scoped_ptr<Version> version_range_low_; + scoped_ptr<Version> version_range_high_; + string16 description_; + std::string update_url_; + bool enabled_; + std::string min_version_str_; + scoped_ptr<Version> min_version_; + scoped_ptr<Version> version_; + std::vector<WebPluginInfo> web_plugin_infos_; + std::vector<int> web_plugin_positions_; + + DISALLOW_COPY_AND_ASSIGN(PluginGroup); +}; + +#endif // WEBKIT_GLUE_PLUGINS_PLUGIN_GROUP_H_ diff --git a/webkit/glue/plugins/plugin_group_unittest.cc b/webkit/glue/plugins/plugin_group_unittest.cc new file mode 100644 index 0000000..a523c73 --- /dev/null +++ b/webkit/glue/plugins/plugin_group_unittest.cc @@ -0,0 +1,187 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "webkit/glue/plugins/plugin_group.h" + +#include <string> +#include <vector> + +#include "base/scoped_ptr.h" +#include "base/string_util.h" +#include "base/utf_string_conversions.h" +#include "base/values.h" +#include "base/version.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "webkit/glue/plugins/webplugininfo.h" + +static const PluginGroupDefinition kPluginDef = { + "myplugin", "MyPlugin", "MyPlugin", "", "", "3.0.44", "http://latest/" }; +static const PluginGroupDefinition kPluginDef3 = { + "myplugin-3", "MyPlugin 3", "MyPlugin", "0", "4", "3.0.44", "http://latest" }; +static const PluginGroupDefinition kPluginDef4 = { + "myplugin-4", "MyPlugin 4", "MyPlugin", "4", "5", "4.0.44", "http://latest" }; +static const PluginGroupDefinition kPluginDefNotVulnerable = { + "myplugin-latest", "MyPlugin", "MyPlugin", "", "", "", "http://latest" }; + +// name, path, version, desc, mime_types, enabled. +static WebPluginInfo kPlugin2043 = { + ASCIIToUTF16("MyPlugin"), FilePath(), ASCIIToUTF16("2.0.43"), + ASCIIToUTF16("MyPlugin version 2.0.43"), + std::vector<WebPluginMimeType>(), true }; +static WebPluginInfo kPlugin3043 = { + ASCIIToUTF16("MyPlugin"), FilePath(), ASCIIToUTF16("3.0.43"), + ASCIIToUTF16("MyPlugin version 3.0.43"), + std::vector<WebPluginMimeType>(), true }; +static WebPluginInfo kPlugin3044 = { + ASCIIToUTF16("MyPlugin"), FilePath(), ASCIIToUTF16("3.0.44"), + ASCIIToUTF16("MyPlugin version 3.0.44"), + std::vector<WebPluginMimeType>(), true }; +static WebPluginInfo kPlugin3045 = { + ASCIIToUTF16("MyPlugin"), FilePath(), ASCIIToUTF16("3.0.45"), + ASCIIToUTF16("MyPlugin version 3.0.45"), + std::vector<WebPluginMimeType>(), true }; +static WebPluginInfo kPlugin4043 = { + ASCIIToUTF16("MyPlugin"), FilePath(), ASCIIToUTF16("4.0.43"), + ASCIIToUTF16("MyPlugin version 4.0.43"), + std::vector<WebPluginMimeType>(), true }; + +class PluginGroupTest : public testing::Test { + protected: + virtual void TearDown() { + PluginGroup::SetPolicyDisabledPluginPatterns(std::set<string16>()); + } +}; + +TEST(PluginGroupTest, PluginGroupMatch) { + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + EXPECT_TRUE(group->Match(kPlugin3045)); + group->AddPlugin(kPlugin3045, 0); + EXPECT_FALSE(group->IsVulnerable()); +} + +TEST(PluginGroupTest, PluginGroupMatchCorrectVersion) { + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + EXPECT_TRUE(group->Match(kPlugin2043)); + EXPECT_TRUE(group->Match(kPlugin3043)); + EXPECT_FALSE(group->Match(kPlugin4043)); + + group.reset(PluginGroup::FromPluginGroupDefinition(kPluginDef4)); + EXPECT_FALSE(group->Match(kPlugin2043)); + EXPECT_FALSE(group->Match(kPlugin3043)); + EXPECT_TRUE(group->Match(kPlugin4043)); +} + +TEST(PluginGroupTest, PluginGroupDescription) { + string16 desc3043(ASCIIToUTF16("MyPlugin version 3.0.43")); + string16 desc3045(ASCIIToUTF16("MyPlugin version 3.0.45")); + WebPluginInfo plugin3043(kPlugin3043); + WebPluginInfo plugin3045(kPlugin3045); + + { + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + EXPECT_TRUE(group->Match(plugin3043)); + group->AddPlugin(plugin3043, 0); + EXPECT_EQ(desc3043, group->description()); + EXPECT_TRUE(group->IsVulnerable()); + EXPECT_TRUE(group->Match(plugin3045)); + group->AddPlugin(plugin3045, 1); + EXPECT_EQ(desc3043, group->description()); + EXPECT_TRUE(group->IsVulnerable()); + } + + { + // Disable the first plugin. + plugin3043.enabled = false; + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + EXPECT_TRUE(group->Match(plugin3043)); + group->AddPlugin(plugin3043, 0); + EXPECT_EQ(desc3043, group->description()); + EXPECT_TRUE(group->IsVulnerable()); + EXPECT_TRUE(group->Match(plugin3045)); + group->AddPlugin(plugin3045, 1); + EXPECT_EQ(desc3045, group->description()); + EXPECT_FALSE(group->IsVulnerable()); + } + + { + // Disable the second plugin. + plugin3045.enabled = false; + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + EXPECT_TRUE(group->Match(plugin3043)); + group->AddPlugin(plugin3043, 1); + EXPECT_EQ(desc3043, group->description()); + EXPECT_TRUE(group->IsVulnerable()); + EXPECT_TRUE(group->Match(plugin3045)); + group->AddPlugin(plugin3045, 0); + EXPECT_EQ(desc3043, group->description()); + EXPECT_TRUE(group->IsVulnerable()); + } +} + +TEST(PluginGroupTest, PluginGroupDefinition) { + const PluginGroupDefinition* definitions = + PluginGroup::GetPluginGroupDefinitions(); + for (size_t i = 0; i < PluginGroup::GetPluginGroupDefinitionsSize(); ++i) { + scoped_ptr<PluginGroup> def_group( + PluginGroup::FromPluginGroupDefinition(definitions[i])); + ASSERT_TRUE(def_group.get() != NULL); + EXPECT_FALSE(def_group->Match(kPlugin2043)); + } +} + +TEST(PluginGroupTest, DisableOutdated) { + scoped_ptr<PluginGroup> group(PluginGroup::FromPluginGroupDefinition( + kPluginDef3)); + group->AddPlugin(kPlugin3043, 0); + group->AddPlugin(kPlugin3045, 1); + EXPECT_EQ(ASCIIToUTF16("MyPlugin version 3.0.43"), group->description()); + EXPECT_TRUE(group->IsVulnerable()); + + group->DisableOutdatedPlugins(); + EXPECT_EQ(ASCIIToUTF16("MyPlugin version 3.0.45"), group->description()); + EXPECT_FALSE(group->IsVulnerable()); +} + +TEST(PluginGroupTest, VersionExtraction) { + // Some real-world plugin versions (spaces, commata, parentheses, 'r', oh my) + const char* versions[][2] = { + { "7.6.6 (1671)", "7.6.6.1671" }, // Quicktime + { "2, 0, 0, 254", "2.0.0.254" }, // DivX + { "3, 0, 0, 0", "3.0.0.0" }, // Picasa + { "1, 0, 0, 1", "1.0.0.1" }, // Earth + { "10,0,45,2", "10.0.45.2" }, // Flash + { "11.5.7r609", "11.5.7.609"} // Shockwave + }; + + for (size_t i = 0; i < arraysize(versions); i++) { + const WebPluginInfo plugin = { + ASCIIToUTF16("Blah Plugin"), FilePath(), ASCIIToUTF16(versions[i][0]), + string16(),std::vector<WebPluginMimeType>(), true }; + scoped_ptr<PluginGroup> group(PluginGroup::FromWebPluginInfo(plugin)); + EXPECT_TRUE(group->Match(plugin)); + group->AddPlugin(plugin, 0); + scoped_ptr<DictionaryValue> data(group->GetDataForUI()); + std::string version; + data->GetString("version", &version); + EXPECT_EQ(versions[i][1], version); + } +} + +TEST(PluginGroupTest, DisabledByPolicy) { + std::set<string16> disabled_plugins; + disabled_plugins.insert(ASCIIToUTF16("Disable this!")); + disabled_plugins.insert(ASCIIToUTF16("*Google*")); + PluginGroup::SetPolicyDisabledPluginPatterns(disabled_plugins); + + EXPECT_FALSE(PluginGroup::IsPluginNameDisabledByPolicy(ASCIIToUTF16("42"))); + EXPECT_TRUE(PluginGroup::IsPluginNameDisabledByPolicy( + ASCIIToUTF16("Disable this!"))); + EXPECT_TRUE(PluginGroup::IsPluginNameDisabledByPolicy( + ASCIIToUTF16("Google Earth"))); +} diff --git a/webkit/glue/plugins/plugin_list.cc b/webkit/glue/plugins/plugin_list.cc index a8d0534..c6ec882 100644 --- a/webkit/glue/plugins/plugin_list.cc +++ b/webkit/glue/plugins/plugin_list.cc @@ -11,6 +11,7 @@ #include "base/logging.h" #include "base/string_split.h" #include "base/string_util.h" +#include "base/sys_string_conversions.h" #include "base/utf_string_conversions.h" #include "googleurl/src/gurl.h" #include "net/base/mime_util.h" @@ -161,7 +162,9 @@ bool PluginList::CreateWebPluginInfo(const PluginVersionInfo& pvi, } PluginList::PluginList() - : plugins_loaded_(false), plugins_need_refresh_(false) { + : plugins_loaded_(false), + plugins_need_refresh_(false), + disable_outdated_plugins_(false) { PlatformInit(); } @@ -229,12 +232,43 @@ void PluginList::LoadPlugins(bool refresh) { // Only update the data now since loading plugins can take a while. AutoLock lock(lock_); - // Go through and mark new plugins in the disabled list as, well, disabled. - for (std::vector<WebPluginInfo>::iterator it = new_plugins.begin(); - it != new_plugins.end(); - ++it) { - if (disabled_plugins_.find(it->path) != disabled_plugins_.end()) - it->enabled = false; + // Mark disabled plugins as such. + for (size_t i = 0; i < new_plugins.size(); ++i) { + if (disabled_plugins_.count(new_plugins[i].path)) + new_plugins[i].enabled = false; + } + + // Disable all of the plugins and plugin groups that are disabled by policy. + // There's currenly a bug that makes it impossible to correctly re-enable + // plugins or plugin-groups to their original, "pre-policy" state, so + // plugins and groups are only changed to a more "safe" state after a policy + // change, i.e. from enabled to disabled. See bug 54681. + PluginMap plugin_groups; + GetPluginGroups(&new_plugins, &plugin_groups); + for (PluginMap::const_iterator it = plugin_groups.begin(); + it != plugin_groups.end(); ++it) { + string16 group_name = it->second->GetGroupName(); + if (PluginGroup::IsPluginNameDisabledByPolicy(group_name) && + !disabled_groups_.count(group_name)) { + disabled_groups_.insert(group_name); + } + + if (disabled_groups_.count(group_name)) { + // Disable the plugins manually instead of PluginGroup::Enable(false) + // since that will need to acquire a lock which we already have. + std::vector<FilePath> paths = it->second->GetPaths(); + for (size_t i = 0; i < paths.size(); ++i) { + for (size_t j = 0; j < new_plugins.size(); ++j) { + if (new_plugins[j].path == paths[i]) { + new_plugins[j].enabled = false; + break; + } + } + } + } + + if (disable_outdated_plugins_) + it->second->DisableOutdatedPlugins(); } plugins_ = new_plugins; @@ -420,6 +454,47 @@ bool PluginList::GetPluginInfoByPath(const FilePath& plugin_path, return false; } +void PluginList::GetPluginGroups(bool load_if_necessary, + PluginMap* plugin_groups) { + if (load_if_necessary) + LoadPlugins(false); + + AutoLock lock(lock_); + GetPluginGroups(&plugins_, plugin_groups); +} + +// static +void PluginList::GetPluginGroups(const std::vector<WebPluginInfo>* plugins, + PluginMap* plugin_groups) { + plugin_groups->clear(); + // We first search for an existing group that matches our name, + // and only create a new group if we can't find any. + for (size_t i = 0; i < plugins->size(); ++i) { + const WebPluginInfo& web_plugin = (*plugins)[i]; + PluginGroup* group = PluginGroup::FindGroupMatchingPlugin( + *plugin_groups, web_plugin); + if (!group) { + group = PluginGroup::CopyOrCreatePluginGroup(web_plugin); + std::string identifier = group->identifier(); + // If the identifier is not unique, use the full path. This means that we + // probably won't be able to search for this group by identifier, but at + // least it's going to be in the set of plugin groups, and if there + // is already a plug-in with the same filename, it's probably going to + // handle the same MIME types (and it has a higher priority), so this one + // is not going to run anyway. + if (plugin_groups->find(identifier) != plugin_groups->end()) +#if defined(OS_POSIX) + identifier = web_plugin.path.value(); +#elif defined(OS_WIN) + identifier = base::SysWideToUTF8(web_plugin.path.value()); +#endif + DCHECK(plugin_groups->find(identifier) == plugin_groups->end()); + (*plugin_groups)[identifier] = linked_ptr<PluginGroup>(group); + } + group->AddPlugin(web_plugin, i); + } +} + bool PluginList::EnablePlugin(const FilePath& filename) { AutoLock lock(lock_); @@ -445,9 +520,6 @@ bool PluginList::EnablePlugin(const FilePath& filename) { return did_enable; } -PluginList::~PluginList() { -} - bool PluginList::DisablePlugin(const FilePath& filename) { AutoLock lock(lock_); @@ -472,6 +544,46 @@ bool PluginList::DisablePlugin(const FilePath& filename) { return did_disable; } +bool PluginList::EnableGroup(bool enable, const string16& group_name) { + bool did_change = false; + { + AutoLock lock(lock_); + + std::set<string16>::iterator entry = disabled_groups_.find(group_name); + if (enable) { + if (entry == disabled_groups_.end()) + return did_change; // Early exit if group not in disabled list. + disabled_groups_.erase(entry); // Remove from disabled list. + } else { + if (entry != disabled_groups_.end()) + return did_change; // Early exit if group already in disabled list. + disabled_groups_.insert(group_name); + } + } + + PluginMap plugin_groups; + GetPluginGroups(false, &plugin_groups); + for (PluginMap::const_iterator it = plugin_groups.begin(); + it != plugin_groups.end(); ++it) { + if (it->second->GetGroupName() == group_name) { + if (it->second->Enabled() != enable) { + it->second->Enable(enable); + did_change = true; + break; + } + } + } + + return did_change; +} + +void PluginList::DisableOutdatedPluginGroups() { + disable_outdated_plugins_ = true; +} + +PluginList::~PluginList() { +} + void PluginList::Shutdown() { // TODO } diff --git a/webkit/glue/plugins/plugin_list.h b/webkit/glue/plugins/plugin_list.h index c0108ef..a67254f 100644 --- a/webkit/glue/plugins/plugin_list.h +++ b/webkit/glue/plugins/plugin_list.h @@ -5,6 +5,7 @@ #ifndef WEBKIT_GLUE_PLUGINS_PLUGIN_LIST_H_ #define WEBKIT_GLUE_PLUGINS_PLUGIN_LIST_H_ +#include <map> #include <set> #include <string> #include <vector> @@ -12,8 +13,10 @@ #include "base/basictypes.h" #include "base/file_path.h" +#include "base/linked_ptr.h" #include "base/lock.h" #include "third_party/npapi/bindings/nphostapi.h" +#include "webkit/glue/plugins/plugin_group.h" #include "webkit/glue/plugins/webplugininfo.h" class GURL; @@ -147,6 +150,14 @@ class PluginList { bool GetPluginInfoByPath(const FilePath& plugin_path, WebPluginInfo* info); + typedef std::map<std::string, linked_ptr<PluginGroup> > PluginMap; + + // Fill the map from identifier to plugin group for all plugin groups. If + // |load_if_necessary| is set, the plugins will be loaded if they haven't + // already been loaded, or if Refresh() has been called in the meantime; + // otherwise a possibly empty or stale list may be returned. + void GetPluginGroups(bool load_if_necessary, PluginMap* plugin_groups); + // Load a specific plugin with full path. void LoadPlugin(const FilePath& filename, std::vector<WebPluginInfo>* plugins); @@ -164,6 +175,19 @@ class PluginList { // will be disabled. bool DisablePlugin(const FilePath& filename); + // Enable/disable a plugin group, specified by group_name. Returns |true| iff + // a plugin currently in the plugin list was actually enabled/disabled as a + // result; regardless of return value, if a plugin is found in the future with + // the given name, it will be enabled/disabled. Note that plugins are enabled + // by default as far as |PluginList| is concerned. + bool EnableGroup(bool enable, const string16& name); + + // Disable all plugins groups that are known to be outdated, according to + // the information hardcoded in PluginGroup, to make sure that they can't + // be loaded on a web page and instead show a UI to update to the latest + // version. + void DisableOutdatedPluginGroups(); + ~PluginList(); private: @@ -205,6 +229,10 @@ class PluginList { std::string* actual_mime_type, WebPluginInfo* info); + // Like GetPluginGroups above, but works on a given vector of plugins. + static void GetPluginGroups(const std::vector<WebPluginInfo>* plugins, + PluginMap* plugin_groups); + // Returns true if the given WebPluginInfo supports "mime-type". // mime_type should be all lower case. static bool SupportsType(const WebPluginInfo& info, @@ -268,6 +296,11 @@ class PluginList { // Path names of plugins to disable (the default is to enable them all). std::set<FilePath> disabled_plugins_; + // Group names disable (the default is to enable them all). + std::set<string16> disabled_groups_; + + bool disable_outdated_plugins_; + // Need synchronization for the above members since this object can be // accessed on multiple threads. Lock lock_; diff --git a/webkit/glue/webkit_glue.gypi b/webkit/glue/webkit_glue.gypi index 836ec46..9c1f92e 100644 --- a/webkit/glue/webkit_glue.gypi +++ b/webkit/glue/webkit_glue.gypi @@ -251,6 +251,8 @@ 'plugins/pepper_widget.cc', 'plugins/pepper_widget.h', 'plugins/plugin_constants_win.h', + 'plugins/plugin_group.cc', + 'plugins/plugin_group.h', 'plugins/plugin_host.cc', 'plugins/plugin_host.h', 'plugins/plugin_instance.cc', |