1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/extensions/api/messaging/native_messaging_host_manifest.h"
6
7 #include <stddef.h>
8
9 #include "base/check.h"
10 #include "base/json/json_file_value_serializer.h"
11 #include "base/strings/string_util.h"
12 #include "base/values.h"
13 #include "chrome/common/chrome_features.h"
14
15 namespace extensions {
16
~NativeMessagingHostManifest()17 NativeMessagingHostManifest::~NativeMessagingHostManifest() {}
18
19 // static
IsValidName(const std::string & name)20 bool NativeMessagingHostManifest::IsValidName(const std::string& name) {
21 if (name.empty()) {
22 return false;
23 }
24
25 for (size_t i = 0; i < name.size(); ++i) {
26 char c = name[i];
27
28 // Verify that only the following characters are used: [a-z0-9._].
29 if (!(base::IsAsciiLower(c) || base::IsAsciiDigit(c) || c == '.' ||
30 c == '_')) {
31 return false;
32 }
33
34 // Verify that dots are separated by other characters and that string
35 // doesn't begin or end with a dot.
36 if (c == '.' && (i == 0 || name[i - 1] == '.' || i == name.size() - 1)) {
37 return false;
38 }
39 }
40
41 return true;
42 }
43
44 // static
Load(const base::FilePath & file_path,std::string * error_message)45 std::unique_ptr<NativeMessagingHostManifest> NativeMessagingHostManifest::Load(
46 const base::FilePath& file_path,
47 std::string* error_message) {
48 DCHECK(error_message);
49
50 JSONFileValueDeserializer deserializer(file_path);
51 std::unique_ptr<base::Value> parsed =
52 deserializer.Deserialize(NULL, error_message);
53 if (!parsed) {
54 return std::unique_ptr<NativeMessagingHostManifest>();
55 }
56
57 base::DictionaryValue* dictionary;
58 if (!parsed->GetAsDictionary(&dictionary)) {
59 *error_message = "Invalid manifest file.";
60 return std::unique_ptr<NativeMessagingHostManifest>();
61 }
62
63 std::unique_ptr<NativeMessagingHostManifest> result(
64 new NativeMessagingHostManifest());
65 if (!result->Parse(dictionary, error_message)) {
66 return std::unique_ptr<NativeMessagingHostManifest>();
67 }
68
69 return result;
70 }
71
NativeMessagingHostManifest()72 NativeMessagingHostManifest::NativeMessagingHostManifest() {
73 }
74
Parse(base::DictionaryValue * dictionary,std::string * error_message)75 bool NativeMessagingHostManifest::Parse(base::DictionaryValue* dictionary,
76 std::string* error_message) {
77 if (!dictionary->GetString("name", &name_) ||
78 !IsValidName(name_)) {
79 *error_message = "Invalid value for name.";
80 return false;
81 }
82
83 if (!dictionary->GetString("description", &description_) ||
84 description_.empty()) {
85 *error_message = "Invalid value for description.";
86 return false;
87 }
88
89 std::string type;
90 // stdio is the only host type that's currently supported.
91 if (!dictionary->GetString("type", &type) ||
92 type != "stdio") {
93 *error_message = "Invalid value for type.";
94 return false;
95 }
96 interface_ = HOST_INTERFACE_STDIO;
97
98 std::string path;
99 // JSON parsed checks that all strings are valid UTF8.
100 if (!dictionary->GetString("path", &path) ||
101 (path_ = base::FilePath::FromUTF8Unsafe(path)).empty()) {
102 *error_message = "Invalid value for path.";
103 return false;
104 }
105
106 const base::ListValue* allowed_origins_list;
107 if (!dictionary->GetList("allowed_origins", &allowed_origins_list)) {
108 *error_message =
109 "Invalid value for allowed_origins. Expected a list of strings.";
110 return false;
111 }
112 allowed_origins_.ClearPatterns();
113 for (auto it = allowed_origins_list->begin();
114 it != allowed_origins_list->end(); ++it) {
115 std::string pattern_string;
116 if (!it->GetAsString(&pattern_string)) {
117 *error_message = "allowed_origins must be list of strings.";
118 return false;
119 }
120
121 URLPattern pattern(URLPattern::SCHEME_EXTENSION);
122 URLPattern::ParseResult result = pattern.Parse(pattern_string);
123 if (result != URLPattern::ParseResult::kSuccess) {
124 *error_message = "Failed to parse pattern \"" + pattern_string +
125 "\": " + URLPattern::GetParseResultString(result);
126 return false;
127 }
128
129 // Disallow patterns that are too broad. Set of allowed origins must be a
130 // fixed list of extensions.
131 if (pattern.match_all_urls() || pattern.match_subdomains()) {
132 *error_message = "Pattern \"" + pattern_string + "\" is not allowed.";
133 return false;
134 }
135
136 allowed_origins_.AddPattern(pattern);
137 }
138
139 if (base::FeatureList::IsEnabled(features::kOnConnectNative)) {
140 if (const base::Value* supports_native_initiated_connections =
141 dictionary->FindKey("supports_native_initiated_connections")) {
142 if (!supports_native_initiated_connections->is_bool()) {
143 *error_message =
144 "supports_native_initiated_connections must be a boolean.";
145 return false;
146 }
147 supports_native_initiated_connections_ =
148 supports_native_initiated_connections->GetBool();
149 }
150 }
151
152 return true;
153 }
154
155 } // namespace extensions
156