From ab55c2b682d9770de2b46cc85b00bcc79c4ea315 Mon Sep 17 00:00:00 2001
From: "jyasskin@chromium.org"
 <jyasskin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 1 Jun 2012 23:55:03 +0000
Subject: Prevent developers from accidentally including their private keys in
 extensions.

This puts a warning on chrome://extensions in developer mode when an
unpacked extension includes a parsable .pem file, and fails an attempt
to pack such an extension.

This doesn't yet identify when an extension includes its own private
key because RSAPrivateKey currently requires loading from the
filesystem on Mac, and the utility process that first loads an
extension is prohibited from doing that.

BUG=130140

TEST=unit_tests --gtest_filter=Extension*;
Manually ran chrome and tried to load and pack an extension containing
a private key.


Review URL: https://chromiumcodereview.appspot.com/10451086

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140128 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/extensions/extension_creator.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'chrome/browser/extensions/extension_creator.cc')

diff --git a/chrome/browser/extensions/extension_creator.cc b/chrome/browser/extensions/extension_creator.cc
index ea03d3a..61e0134 100644
--- a/chrome/browser/extensions/extension_creator.cc
+++ b/chrome/browser/extensions/extension_creator.cc
@@ -107,7 +107,7 @@ bool ExtensionCreator::ValidateManifest(const FilePath& extension_dir,
           extension_dir,
           extension_id,
           Extension::INTERNAL,
-          Extension::FOLLOW_SYMLINKS_ANYWHERE,
+          Extension::FOLLOW_SYMLINKS_ANYWHERE | Extension::ERROR_ON_PRIVATE_KEY,
           &error_message_));
   return !!extension.get();
 }
-- 
cgit v1.1