Do not accept invalid value of install-location

Change-Id: I1fcc1314097897f7c09af5556be5242d2b7f89c1

diff --git a/src/tpk_manifest_handlers/package_handler.cc b/src/tpk_manifest_handlers/package_handler.cc
index 79551fc9f648cab1fe283ae1528dba7dd16dd823..8890f954c5e6c0c466099345da65a0afa6ac89c7 100644 (file)
--- a/src/tpk_manifest_handlers/package_handler.cc
+++ b/src/tpk_manifest_handlers/package_handler.cc
@@ -6,6 +6,7 @@
 
 #include <cassert>
 #include <map>
+#include <set>
 #include <utility>
 
 #include "manifest_parser/manifest_util.h"
@@ -31,8 +32,10 @@ const char kLabelKey[] = "label";
 const char kLabelLangKey[] = "@lang";
 const char kLabelTextKey[] = "#text";
 const char kPreload[] = "@preload";
+const std::set<std::string> kInstallLocationAllowedValues =
+    {"auto", "internal-only", "prefer-external"};
 
-void ParsePackageAndStore(
+bool ParsePackageAndStore(
     const parser::DictionaryValue& manifest_dict,
     PackageInfo* pkg_info) {
   std::string xmlns;
@@ -63,6 +66,9 @@ void ParsePackageAndStore(
   if (install_location.empty()) {
     pkg_info->set_install_location(kAutoInstallLocation);
   } else {
+    if (kInstallLocationAllowedValues.find(install_location) ==
+        kInstallLocationAllowedValues.end())
+      return false;
     pkg_info->set_install_location(install_location);
   }
 
@@ -73,6 +79,7 @@ void ParsePackageAndStore(
     label_dict->GetString(kLabelTextKey, &text);
     pkg_info->AddLabel(lang, text);
   }
+  return true;
 }
 
 }  // namespace
@@ -96,7 +103,10 @@ bool PackageHandler::Parse(
   if (value->GetType() == parser::Value::TYPE_DICTIONARY) {
     const parser::DictionaryValue* dict = nullptr;
     value->GetAsDictionary(&dict);
-    ParsePackageAndStore(*dict, pkg_info.get());
+    if (!ParsePackageAndStore(*dict, pkg_info.get())) {
+      *error = "Cannot parse manifest element";
+      return false;
+    }
   } else {
     *error = "Cannot parse manifest element";
     return false;