// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/browser/extension_protocols.h" #include #include #include #include #include #include "base/base64.h" #include "base/compiler_specific.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/format_macros.h" #include "base/logging.h" #include "base/macros.h" #include "base/memory/weak_ptr.h" #include "base/message_loop/message_loop.h" #include "base/metrics/field_trial.h" #include "base/metrics/histogram.h" #include "base/metrics/sparse_histogram.h" #include "base/sha1.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "base/threading/sequenced_worker_pool.h" #include "base/threading/thread_restrictions.h" #include "base/timer/elapsed_timer.h" #include "build/build_config.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/resource_request_info.h" #include "crypto/secure_hash.h" #include "crypto/sha2.h" #include "extensions/browser/content_verifier.h" #include "extensions/browser/content_verify_job.h" #include "extensions/browser/extensions_browser_client.h" #include "extensions/browser/info_map.h" #include "extensions/browser/url_request_util.h" #include "extensions/common/constants.h" #include "extensions/common/extension.h" #include "extensions/common/extension_resource.h" #include "extensions/common/file_util.h" #include "extensions/common/manifest_handlers/background_info.h" #include "extensions/common/manifest_handlers/csp_info.h" #include "extensions/common/manifest_handlers/icons_handler.h" #include "extensions/common/manifest_handlers/incognito_info.h" #include "extensions/common/manifest_handlers/shared_module_info.h" #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/http/http_request_headers.h" #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" #include "net/url_request/url_request_error_job.h" #include "net/url_request/url_request_file_job.h" #include "net/url_request/url_request_simple_job.h" #include "url/url_util.h" using content::BrowserThread; using content::ResourceRequestInfo; using content::ResourceType; using extensions::Extension; using extensions::SharedModuleInfo; namespace extensions { namespace { class GeneratedBackgroundPageJob : public net::URLRequestSimpleJob { public: GeneratedBackgroundPageJob(net::URLRequest* request, net::NetworkDelegate* network_delegate, const scoped_refptr extension, const std::string& content_security_policy) : net::URLRequestSimpleJob(request, network_delegate), extension_(extension) { const bool send_cors_headers = false; // Leave cache headers out of generated background page jobs. response_info_.headers = BuildHttpHeaders(content_security_policy, send_cors_headers, base::Time()); } // Overridden from URLRequestSimpleJob: int GetData(std::string* mime_type, std::string* charset, std::string* data, const net::CompletionCallback& callback) const override { *mime_type = "text/html"; *charset = "utf-8"; *data = "\n\n"; const std::vector& background_scripts = extensions::BackgroundInfo::GetBackgroundScripts(extension_.get()); for (size_t i = 0; i < background_scripts.size(); ++i) { *data += "\n"; } return net::OK; } void GetResponseInfo(net::HttpResponseInfo* info) override { *info = response_info_; } private: ~GeneratedBackgroundPageJob() override {} scoped_refptr extension_; net::HttpResponseInfo response_info_; }; base::Time GetFileLastModifiedTime(const base::FilePath& filename) { if (base::PathExists(filename)) { base::File::Info info; if (base::GetFileInfo(filename, &info)) return info.last_modified; } return base::Time(); } base::Time GetFileCreationTime(const base::FilePath& filename) { if (base::PathExists(filename)) { base::File::Info info; if (base::GetFileInfo(filename, &info)) return info.creation_time; } return base::Time(); } void ReadResourceFilePathAndLastModifiedTime( const extensions::ExtensionResource& resource, const base::FilePath& directory, base::FilePath* file_path, base::Time* last_modified_time) { *file_path = resource.GetFilePath(); *last_modified_time = GetFileLastModifiedTime(*file_path); // While we're here, log the delta between extension directory // creation time and the resource's last modification time. base::ElapsedTimer query_timer; base::Time dir_creation_time = GetFileCreationTime(directory); UMA_HISTOGRAM_TIMES("Extensions.ResourceDirectoryTimestampQueryLatency", query_timer.Elapsed()); int64_t delta_seconds = (*last_modified_time - dir_creation_time).InSeconds(); if (delta_seconds >= 0) { UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedDelta", delta_seconds, 0, base::TimeDelta::FromDays(30).InSeconds(), 50); } else { UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions.ResourceLastModifiedNegativeDelta", -delta_seconds, 1, base::TimeDelta::FromDays(30).InSeconds(), 50); } } class URLRequestExtensionJob : public net::URLRequestFileJob { public: URLRequestExtensionJob(net::URLRequest* request, net::NetworkDelegate* network_delegate, const std::string& extension_id, const base::FilePath& directory_path, const base::FilePath& relative_path, const std::string& content_security_policy, bool send_cors_header, bool follow_symlinks_anywhere, ContentVerifyJob* verify_job) : net::URLRequestFileJob( request, network_delegate, base::FilePath(), BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)), verify_job_(verify_job), seek_position_(0), bytes_read_(0), directory_path_(directory_path), // TODO(tc): Move all of these files into resources.pak so we don't // break when updating on Linux. resource_(extension_id, directory_path, relative_path), content_security_policy_(content_security_policy), send_cors_header_(send_cors_header), weak_factory_(this) { if (follow_symlinks_anywhere) { resource_.set_follow_symlinks_anywhere(); } } void GetResponseInfo(net::HttpResponseInfo* info) override { *info = response_info_; } // This always returns 200 because a URLRequestExtensionJob will only get // created in MaybeCreateJob() if the file exists. int GetResponseCode() const override { return 200; } void Start() override { request_timer_.reset(new base::ElapsedTimer()); base::FilePath* read_file_path = new base::FilePath; base::Time* last_modified_time = new base::Time(); bool posted = BrowserThread::PostBlockingPoolTaskAndReply( FROM_HERE, base::Bind(&ReadResourceFilePathAndLastModifiedTime, resource_, directory_path_, base::Unretained(read_file_path), base::Unretained(last_modified_time)), base::Bind(&URLRequestExtensionJob::OnFilePathAndLastModifiedTimeRead, weak_factory_.GetWeakPtr(), base::Owned(read_file_path), base::Owned(last_modified_time))); DCHECK(posted); } bool IsRedirectResponse(GURL* location, int* http_status_code) override { return false; } void SetExtraRequestHeaders(const net::HttpRequestHeaders& headers) override { // TODO(asargent) - we'll need to add proper support for range headers. // crbug.com/369895. std::string range_header; if (headers.GetHeader(net::HttpRequestHeaders::kRange, &range_header)) { if (verify_job_.get()) verify_job_ = NULL; } URLRequestFileJob::SetExtraRequestHeaders(headers); } void OnSeekComplete(int64_t result) override { DCHECK_EQ(seek_position_, 0); seek_position_ = result; // TODO(asargent) - we'll need to add proper support for range headers. // crbug.com/369895. if (result > 0 && verify_job_.get()) verify_job_ = NULL; } void OnReadComplete(net::IOBuffer* buffer, int result) override { if (result >= 0) UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.OnReadCompleteResult", result); else UMA_HISTOGRAM_SPARSE_SLOWLY("ExtensionUrlRequest.OnReadCompleteError", -result); if (result > 0) { bytes_read_ += result; if (verify_job_.get()) { verify_job_->BytesRead(result, buffer->data()); if (!remaining_bytes()) verify_job_->DoneReading(); } } } private: ~URLRequestExtensionJob() override { UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.TotalKbRead", bytes_read_ / 1024); UMA_HISTOGRAM_COUNTS("ExtensionUrlRequest.SeekPosition", seek_position_); if (request_timer_.get()) UMA_HISTOGRAM_TIMES("ExtensionUrlRequest.Latency", request_timer_->Elapsed()); } void OnFilePathAndLastModifiedTimeRead(base::FilePath* read_file_path, base::Time* last_modified_time) { file_path_ = *read_file_path; response_info_.headers = BuildHttpHeaders( content_security_policy_, send_cors_header_, *last_modified_time); URLRequestFileJob::Start(); } scoped_refptr verify_job_; scoped_ptr request_timer_; // The position we seeked to in the file. int64_t seek_position_; // The number of bytes of content we read from the file. int bytes_read_; net::HttpResponseInfo response_info_; base::FilePath directory_path_; extensions::ExtensionResource resource_; std::string content_security_policy_; bool send_cors_header_; base::WeakPtrFactory weak_factory_; }; bool ExtensionCanLoadInIncognito(const ResourceRequestInfo* info, const std::string& extension_id, extensions::InfoMap* extension_info_map) { if (!extension_info_map->IsIncognitoEnabled(extension_id)) return false; // Only allow incognito toplevel navigations to extension resources in // split mode. In spanning mode, the extension must run in a single process, // and an incognito tab prevents that. if (info->GetResourceType() == content::RESOURCE_TYPE_MAIN_FRAME) { const Extension* extension = extension_info_map->extensions().GetByID(extension_id); return extension && extensions::IncognitoInfo::IsSplitMode(extension); } return true; } // Returns true if an chrome-extension:// resource should be allowed to load. // Pass true for |is_incognito| only for incognito profiles and not Chrome OS // guest mode profiles. // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we // first need to find a way to get CanLoadInIncognito state into the renderers. bool AllowExtensionResourceLoad(net::URLRequest* request, bool is_incognito, const Extension* extension, extensions::InfoMap* extension_info_map) { const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); // We have seen crashes where info is NULL: crbug.com/52374. if (!info) { // SeviceWorker net requests created through ServiceWorkerWriteToCacheJob // do not have ResourceRequestInfo associated with them. So skip logging // spurious errors below. // TODO(falken): Either consider attaching ResourceRequestInfo to these or // finish refactoring ServiceWorkerWriteToCacheJob so that it doesn't spawn // a new URLRequest. if (!ResourceRequestInfo::OriginatedFromServiceWorker(request)) { LOG(ERROR) << "Allowing load of " << request->url().spec() << "from unknown origin. Could not find user data for " << "request."; } return true; } if (is_incognito && !ExtensionCanLoadInIncognito( info, request->url().host(), extension_info_map)) { return false; } // The following checks are meant to replicate similar set of checks in the // renderer process, performed by ResourceRequestPolicy::CanRequestResource. // These are not exactly equivalent, because we don't have the same bits of // information. The two checks need to be kept in sync as much as possible, as // an exploited renderer can bypass the checks in ResourceRequestPolicy. // Check if the extension for which this request is made is indeed loaded in // the process sending the request. If not, we need to explicitly check if // the resource is explicitly accessible or fits in a set of exception cases. // Note: This allows a case where two extensions execute in the same renderer // process to request each other's resources. We can't do a more precise // check, since the renderer can lie about which extension has made the // request. if (extension_info_map->process_map().Contains( request->url().host(), info->GetChildID())) { return true; } // Allow the extension module embedder to grant permission for loads. if (ExtensionsBrowserClient::Get()->AllowCrossRendererResourceLoad( request, is_incognito, extension, extension_info_map)) { return true; } // No special exceptions for cross-process loading. Block the load. return false; } // Returns true if the given URL references an icon in the given extension. bool URLIsForExtensionIcon(const GURL& url, const Extension* extension) { DCHECK(url.SchemeIs(extensions::kExtensionScheme)); if (!extension) return false; std::string path = url.path(); DCHECK_EQ(url.host(), extension->id()); DCHECK(path.length() > 0 && path[0] == '/'); path = path.substr(1); return extensions::IconsInfo::GetIcons(extension).ContainsPath(path); } class ExtensionProtocolHandler : public net::URLRequestJobFactory::ProtocolHandler { public: ExtensionProtocolHandler(bool is_incognito, extensions::InfoMap* extension_info_map) : is_incognito_(is_incognito), extension_info_map_(extension_info_map) {} ~ExtensionProtocolHandler() override {} net::URLRequestJob* MaybeCreateJob( net::URLRequest* request, net::NetworkDelegate* network_delegate) const override; private: const bool is_incognito_; extensions::InfoMap* const extension_info_map_; DISALLOW_COPY_AND_ASSIGN(ExtensionProtocolHandler); }; // Creates URLRequestJobs for extension:// URLs. net::URLRequestJob* ExtensionProtocolHandler::MaybeCreateJob( net::URLRequest* request, net::NetworkDelegate* network_delegate) const { // chrome-extension://extension-id/resource/path.js std::string extension_id = request->url().host(); const Extension* extension = extension_info_map_->extensions().GetByID(extension_id); // TODO(mpcomplete): better error code. if (!AllowExtensionResourceLoad( request, is_incognito_, extension, extension_info_map_)) { return new net::URLRequestErrorJob( request, network_delegate, net::ERR_ADDRESS_UNREACHABLE); } // If this is a disabled extension only allow the icon to load. base::FilePath directory_path; if (extension) directory_path = extension->path(); if (directory_path.value().empty()) { const Extension* disabled_extension = extension_info_map_->disabled_extensions().GetByID(extension_id); if (URLIsForExtensionIcon(request->url(), disabled_extension)) directory_path = disabled_extension->path(); if (directory_path.value().empty()) { LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id; return NULL; } } // Set up content security policy. std::string content_security_policy; bool send_cors_header = false; bool follow_symlinks_anywhere = false; if (extension) { std::string resource_path = request->url().path(); // Use default CSP for . if (!url_request_util::IsWebViewRequest(request)) { content_security_policy = extensions::CSPInfo::GetResourceContentSecurityPolicy(extension, resource_path); } if ((extension->manifest_version() >= 2 || extensions::WebAccessibleResourcesInfo::HasWebAccessibleResources( extension)) && extensions::WebAccessibleResourcesInfo::IsResourceWebAccessible( extension, resource_path)) { send_cors_header = true; } follow_symlinks_anywhere = (extension->creation_flags() & Extension::FOLLOW_SYMLINKS_ANYWHERE) != 0; } // Create a job for a generated background page. std::string path = request->url().path(); if (path.size() > 1 && path.substr(1) == extensions::kGeneratedBackgroundPageFilename) { return new GeneratedBackgroundPageJob( request, network_delegate, extension, content_security_policy); } // Component extension resources may be part of the embedder's resource files, // for example component_extension_resources.pak in Chrome. net::URLRequestJob* resource_bundle_job = extensions::ExtensionsBrowserClient::Get() ->MaybeCreateResourceBundleRequestJob(request, network_delegate, directory_path, content_security_policy, send_cors_header); if (resource_bundle_job) return resource_bundle_job; base::FilePath relative_path = extensions::file_util::ExtensionURLToRelativeFilePath(request->url()); // Do not allow requests for resources in the _metadata folder, since any // files there are internal implementation details that should not be // considered part of the extension. if (base::FilePath(kMetadataFolder).IsParent(relative_path)) return nullptr; // Handle shared resources (extension A loading resources out of extension B). if (SharedModuleInfo::IsImportedPath(path)) { std::string new_extension_id; std::string new_relative_path; SharedModuleInfo::ParseImportedPath(path, &new_extension_id, &new_relative_path); const Extension* new_extension = extension_info_map_->extensions().GetByID(new_extension_id); if (SharedModuleInfo::ImportsExtensionById(extension, new_extension_id) && new_extension) { directory_path = new_extension->path(); extension_id = new_extension_id; relative_path = base::FilePath::FromUTF8Unsafe(new_relative_path); } else { return NULL; } } ContentVerifyJob* verify_job = NULL; ContentVerifier* verifier = extension_info_map_->content_verifier(); if (verifier) { verify_job = verifier->CreateJobFor(extension_id, directory_path, relative_path); if (verify_job) verify_job->Start(); } return new URLRequestExtensionJob(request, network_delegate, extension_id, directory_path, relative_path, content_security_policy, send_cors_header, follow_symlinks_anywhere, verify_job); } } // namespace net::HttpResponseHeaders* BuildHttpHeaders( const std::string& content_security_policy, bool send_cors_header, const base::Time& last_modified_time) { std::string raw_headers; raw_headers.append("HTTP/1.1 200 OK"); if (!content_security_policy.empty()) { raw_headers.append(1, '\0'); raw_headers.append("Content-Security-Policy: "); raw_headers.append(content_security_policy); } if (send_cors_header) { raw_headers.append(1, '\0'); raw_headers.append("Access-Control-Allow-Origin: *"); } if (!last_modified_time.is_null()) { // Hash the time and make an etag to avoid exposing the exact // user installation time of the extension. std::string hash = base::StringPrintf("%" PRId64, last_modified_time.ToInternalValue()); hash = base::SHA1HashString(hash); std::string etag; base::Base64Encode(hash, &etag); raw_headers.append(1, '\0'); raw_headers.append("ETag: \""); raw_headers.append(etag); raw_headers.append("\""); // Also force revalidation. raw_headers.append(1, '\0'); raw_headers.append("cache-control: no-cache"); } raw_headers.append(2, '\0'); return new net::HttpResponseHeaders(raw_headers); } scoped_ptr CreateExtensionProtocolHandler(bool is_incognito, extensions::InfoMap* extension_info_map) { return make_scoped_ptr( new ExtensionProtocolHandler(is_incognito, extension_info_map)); } } // namespace extensions