1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "chrome/browser/extensions/api/messaging/native_messaging_host_manifest.h"
6 
7 #include <stddef.h>
8 
9 #include "base/check.h"
10 #include "base/json/json_file_value_serializer.h"
11 #include "base/strings/string_util.h"
12 #include "base/values.h"
13 #include "chrome/common/chrome_features.h"
14 
15 namespace extensions {
16 
~NativeMessagingHostManifest()17 NativeMessagingHostManifest::~NativeMessagingHostManifest() {}
18 
19 // static
IsValidName(const std::string & name)20 bool NativeMessagingHostManifest::IsValidName(const std::string& name) {
21   if (name.empty()) {
22     return false;
23   }
24 
25   for (size_t i = 0; i < name.size(); ++i) {
26     char c = name[i];
27 
28     // Verify that only the following characters are used: [a-z0-9._].
29     if (!(base::IsAsciiLower(c) || base::IsAsciiDigit(c) || c == '.' ||
30           c == '_')) {
31       return false;
32     }
33 
34     // Verify that dots are separated by other characters and that string
35     // doesn't begin or end with a dot.
36     if (c == '.' && (i == 0 || name[i - 1] == '.' || i == name.size() - 1)) {
37       return false;
38     }
39   }
40 
41   return true;
42 }
43 
44 // static
Load(const base::FilePath & file_path,std::string * error_message)45 std::unique_ptr<NativeMessagingHostManifest> NativeMessagingHostManifest::Load(
46     const base::FilePath& file_path,
47     std::string* error_message) {
48   DCHECK(error_message);
49 
50   JSONFileValueDeserializer deserializer(file_path);
51   std::unique_ptr<base::Value> parsed =
52       deserializer.Deserialize(NULL, error_message);
53   if (!parsed) {
54     return std::unique_ptr<NativeMessagingHostManifest>();
55   }
56 
57   base::DictionaryValue* dictionary;
58   if (!parsed->GetAsDictionary(&dictionary)) {
59     *error_message = "Invalid manifest file.";
60     return std::unique_ptr<NativeMessagingHostManifest>();
61   }
62 
63   std::unique_ptr<NativeMessagingHostManifest> result(
64       new NativeMessagingHostManifest());
65   if (!result->Parse(dictionary, error_message)) {
66     return std::unique_ptr<NativeMessagingHostManifest>();
67   }
68 
69   return result;
70 }
71 
NativeMessagingHostManifest()72 NativeMessagingHostManifest::NativeMessagingHostManifest() {
73 }
74 
Parse(base::DictionaryValue * dictionary,std::string * error_message)75 bool NativeMessagingHostManifest::Parse(base::DictionaryValue* dictionary,
76                                         std::string* error_message) {
77   if (!dictionary->GetString("name", &name_) ||
78       !IsValidName(name_)) {
79     *error_message = "Invalid value for name.";
80     return false;
81   }
82 
83   if (!dictionary->GetString("description", &description_) ||
84       description_.empty()) {
85     *error_message = "Invalid value for description.";
86     return false;
87   }
88 
89   std::string type;
90   // stdio is the only host type that's currently supported.
91   if (!dictionary->GetString("type", &type) ||
92       type != "stdio") {
93     *error_message = "Invalid value for type.";
94     return false;
95   }
96   interface_ = HOST_INTERFACE_STDIO;
97 
98   std::string path;
99   // JSON parsed checks that all strings are valid UTF8.
100   if (!dictionary->GetString("path", &path) ||
101       (path_ = base::FilePath::FromUTF8Unsafe(path)).empty()) {
102     *error_message = "Invalid value for path.";
103     return false;
104   }
105 
106   const base::ListValue* allowed_origins_list;
107   if (!dictionary->GetList("allowed_origins", &allowed_origins_list)) {
108     *error_message =
109         "Invalid value for allowed_origins. Expected a list of strings.";
110     return false;
111   }
112   allowed_origins_.ClearPatterns();
113   for (auto it = allowed_origins_list->begin();
114        it != allowed_origins_list->end(); ++it) {
115     std::string pattern_string;
116     if (!it->GetAsString(&pattern_string)) {
117       *error_message = "allowed_origins must be list of strings.";
118       return false;
119     }
120 
121     URLPattern pattern(URLPattern::SCHEME_EXTENSION);
122     URLPattern::ParseResult result = pattern.Parse(pattern_string);
123     if (result != URLPattern::ParseResult::kSuccess) {
124       *error_message = "Failed to parse pattern \"" + pattern_string +
125           "\": " + URLPattern::GetParseResultString(result);
126       return false;
127     }
128 
129     // Disallow patterns that are too broad. Set of allowed origins must be a
130     // fixed list of extensions.
131     if (pattern.match_all_urls() || pattern.match_subdomains()) {
132       *error_message = "Pattern \"" + pattern_string + "\" is not allowed.";
133       return false;
134     }
135 
136     allowed_origins_.AddPattern(pattern);
137   }
138 
139   if (base::FeatureList::IsEnabled(features::kOnConnectNative)) {
140     if (const base::Value* supports_native_initiated_connections =
141             dictionary->FindKey("supports_native_initiated_connections")) {
142       if (!supports_native_initiated_connections->is_bool()) {
143         *error_message =
144             "supports_native_initiated_connections must be a boolean.";
145         return false;
146       }
147       supports_native_initiated_connections_ =
148           supports_native_initiated_connections->GetBool();
149     }
150   }
151 
152   return true;
153 }
154 
155 }  // namespace extensions
156