src/chrome/browser/extensions/active_script_controller.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/extensions/active_script_controller.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "base/memory/scoped_ptr.h"
  10 #include "base/metrics/histogram.h"
  11 #include "base/stl_util.h"
  12 #include "chrome/browser/extensions/active_tab_permission_granter.h"
  13 #include "chrome/browser/extensions/api/extension_action/extension_action_api.h"
  14 #include "chrome/browser/extensions/extension_action.h"
  15 #include "chrome/browser/extensions/extension_action_manager.h"
  16 #include "chrome/browser/extensions/extension_util.h"
  17 #include "chrome/browser/extensions/permissions_updater.h"
  18 #include "chrome/browser/extensions/tab_helper.h"
  19 #include "chrome/browser/profiles/profile.h"
  20 #include "chrome/browser/sessions/session_tab_helper.h"
  21 #include "chrome/common/extensions/api/extension_action/action_info.h"
  22 #include "components/crx_file/id_util.h"
  23 #include "content/public/browser/navigation_controller.h"
  24 #include "content/public/browser/navigation_details.h"
  25 #include "content/public/browser/navigation_entry.h"
  26 #include "content/public/browser/render_view_host.h"
  27 #include "content/public/browser/web_contents.h"
  28 #include "extensions/browser/extension_registry.h"
  29 #include "extensions/common/extension.h"
  30 #include "extensions/common/extension_messages.h"
  31 #include "extensions/common/extension_set.h"
  32 #include "extensions/common/feature_switch.h"
  33 #include "extensions/common/manifest.h"
  34 #include "extensions/common/permissions/permission_set.h"
  35 #include "extensions/common/permissions/permissions_data.h"
  36 #include "ipc/ipc_message_macros.h"
  37
  38 namespace extensions {
  39
  40 namespace {
  41
  42 // Returns true if the extension should be regarded as a "permitted" extension
  43 // for the case of metrics. We need this because we only actually withhold
  44 // permissions if the switch is enabled, but want to record metrics in all
  45 // cases.
  46 // "ExtensionWouldHaveHadHostPermissionsWithheldIfSwitchWasOn()" would be
  47 // more accurate, but too long.
  48 bool ShouldRecordExtension(const Extension* extension) {
  49   return extension->ShouldDisplayInExtensionSettings() &&
  50          !Manifest::IsPolicyLocation(extension->location()) &&
  51          !Manifest::IsComponentLocation(extension->location()) &&
  52          !PermissionsData::CanExecuteScriptEverywhere(extension) &&
  53          extension->permissions_data()
  54              ->active_permissions()
  55              ->ShouldWarnAllHosts();
  56 }
  57
  58 }  // namespace
  59
  60 ActiveScriptController::ActiveScriptController(
  61     content::WebContents* web_contents)
  62     : content::WebContentsObserver(web_contents),
  63       enabled_(FeatureSwitch::scripts_require_action()->IsEnabled()),
  64       extension_registry_observer_(this) {
  65   CHECK(web_contents);
  66   extension_registry_observer_.Add(
  67       ExtensionRegistry::Get(web_contents->GetBrowserContext()));
  68 }
  69
  70 ActiveScriptController::~ActiveScriptController() {
  71   LogUMA();
  72 }
  73
  74 // static
  75 ActiveScriptController* ActiveScriptController::GetForWebContents(
  76     content::WebContents* web_contents) {
  77   if (!web_contents)
  78     return NULL;
  79   TabHelper* tab_helper = TabHelper::FromWebContents(web_contents);
  80   return tab_helper ? tab_helper->active_script_controller() : NULL;
  81 }
  82
  83 void ActiveScriptController::OnActiveTabPermissionGranted(
  84     const Extension* extension) {
  85   RunPendingForExtension(extension);
  86 }
  87
  88 void ActiveScriptController::OnAdInjectionDetected(
  89     const std::set<std::string>& ad_injectors) {
  90   // We're only interested in data if there are ad injectors detected.
  91   if (ad_injectors.empty())
  92     return;
  93
  94   size_t num_preventable_ad_injectors =
  95       base::STLSetIntersection<std::set<std::string> >(
  96           ad_injectors, permitted_extensions_).size();
  97
  98   UMA_HISTOGRAM_COUNTS_100(
  99       "Extensions.ActiveScriptController.PreventableAdInjectors",
 100       num_preventable_ad_injectors);
 101   UMA_HISTOGRAM_COUNTS_100(
 102       "Extensions.ActiveScriptController.UnpreventableAdInjectors",
 103       ad_injectors.size() - num_preventable_ad_injectors);
 104 }
 105
 106 void ActiveScriptController::AlwaysRunOnVisibleOrigin(
 107     const Extension* extension) {
 108   const GURL& url = web_contents()->GetVisibleURL();
 109   URLPatternSet new_explicit_hosts;
 110   URLPatternSet new_scriptable_hosts;
 111
 112   scoped_refptr<const PermissionSet> withheld_permissions =
 113       extension->permissions_data()->withheld_permissions();
 114   if (withheld_permissions->explicit_hosts().MatchesURL(url)) {
 115     new_explicit_hosts.AddOrigin(UserScript::ValidUserScriptSchemes(),
 116                                  url.GetOrigin());
 117   }
 118   if (withheld_permissions->scriptable_hosts().MatchesURL(url)) {
 119     new_scriptable_hosts.AddOrigin(UserScript::ValidUserScriptSchemes(),
 120                                    url.GetOrigin());
 121   }
 122
 123   scoped_refptr<PermissionSet> new_permissions =
 124       new PermissionSet(APIPermissionSet(),
 125                         ManifestPermissionSet(),
 126                         new_explicit_hosts,
 127                         new_scriptable_hosts);
 128
 129   // Update permissions for the session. This adds |new_permissions| to active
 130   // permissions and granted permissions.
 131   // TODO(devlin): Make sure that the permission is removed from
 132   // withheld_permissions if appropriate.
 133   PermissionsUpdater(web_contents()->GetBrowserContext())
 134       .AddPermissions(extension, new_permissions.get());
 135
 136   // Allow current tab to run injection.
 137   OnClicked(extension);
 138 }
 139
 140 void ActiveScriptController::OnClicked(const Extension* extension) {
 141   DCHECK(ContainsKey(pending_requests_, extension->id()));
 142   RunPendingForExtension(extension);
 143 }
 144
 145 bool ActiveScriptController::WantsToRun(const Extension* extension) {
 146   return enabled_ && pending_requests_.count(extension->id()) > 0;
 147 }
 148
 149 PermissionsData::AccessType
 150 ActiveScriptController::RequiresUserConsentForScriptInjection(
 151     const Extension* extension,
 152     UserScript::InjectionType type) {
 153   CHECK(extension);
 154
 155   // If the feature is not enabled, we automatically allow all extensions to
 156   // run scripts.
 157   if (!enabled_)
 158     permitted_extensions_.insert(extension->id());
 159
 160   // Allow the extension if it's been explicitly granted permission.
 161   if (permitted_extensions_.count(extension->id()) > 0)
 162     return PermissionsData::ACCESS_ALLOWED;
 163
 164   GURL url = web_contents()->GetVisibleURL();
 165   int tab_id = SessionTabHelper::IdForTab(web_contents());
 166   switch (type) {
 167     case UserScript::CONTENT_SCRIPT:
 168       return extension->permissions_data()->GetContentScriptAccess(
 169           extension, url, url, tab_id, -1, NULL);
 170     case UserScript::PROGRAMMATIC_SCRIPT:
 171       return extension->permissions_data()->GetPageAccess(
 172           extension, url, url, tab_id, -1, NULL);
 173   }
 174
 175   NOTREACHED();
 176   return PermissionsData::ACCESS_DENIED;
 177 }
 178
 179 void ActiveScriptController::RequestScriptInjection(
 180     const Extension* extension,
 181     const base::Closure& callback) {
 182   CHECK(extension);
 183   PendingRequestList& list = pending_requests_[extension->id()];
 184   list.push_back(callback);
 185
 186   // If this was the first entry, notify the location bar that there's a new
 187   // icon.
 188   if (list.size() == 1u) {
 189     ExtensionActionAPI::Get(web_contents()->GetBrowserContext())->
 190         NotifyPageActionsChanged(web_contents());
 191   }
 192 }
 193
 194 void ActiveScriptController::RunPendingForExtension(
 195     const Extension* extension) {
 196   DCHECK(extension);
 197
 198   content::NavigationEntry* visible_entry =
 199       web_contents()->GetController().GetVisibleEntry();
 200   // Refuse to run if there's no visible entry, because we have no idea of
 201   // determining if it's the proper page. This should rarely, if ever, happen.
 202   if (!visible_entry)
 203     return;
 204
 205   // We add this to the list of permitted extensions and erase pending entries
 206   // *before* running them to guard against the crazy case where running the
 207   // callbacks adds more entries.
 208   permitted_extensions_.insert(extension->id());
 209
 210   PendingRequestMap::iterator iter = pending_requests_.find(extension->id());
 211   if (iter == pending_requests_.end())
 212     return;
 213
 214   PendingRequestList requests;
 215   iter->second.swap(requests);
 216   pending_requests_.erase(extension->id());
 217
 218   // Clicking to run the extension counts as granting it permission to run on
 219   // the given tab.
 220   // The extension may already have active tab at this point, but granting
 221   // it twice is essentially a no-op.
 222   TabHelper::FromWebContents(web_contents())->
 223       active_tab_permission_granter()->GrantIfRequested(extension);
 224
 225   // Run all pending injections for the given extension.
 226   for (PendingRequestList::iterator request = requests.begin();
 227        request != requests.end();
 228        ++request) {
 229     request->Run();
 230   }
 231
 232   // Inform the location bar that the action is now gone.
 233   ExtensionActionAPI::Get(web_contents()->GetBrowserContext())->
 234       NotifyPageActionsChanged(web_contents());
 235 }
 236
 237 void ActiveScriptController::OnRequestScriptInjectionPermission(
 238     const std::string& extension_id,
 239     UserScript::InjectionType script_type,
 240     int64 request_id) {
 241   if (!crx_file::id_util::IdIsValid(extension_id)) {
 242     NOTREACHED() << "'" << extension_id << "' is not a valid id.";
 243     return;
 244   }
 245
 246   const Extension* extension =
 247       ExtensionRegistry::Get(web_contents()->GetBrowserContext())
 248           ->enabled_extensions().GetByID(extension_id);
 249   // We shouldn't allow extensions which are no longer enabled to run any
 250   // scripts. Ignore the request.
 251   if (!extension)
 252     return;
 253
 254   // If the request id is -1, that signals that the content script has already
 255   // ran (because this feature is not enabled). Add the extension to the list of
 256   // permitted extensions (for metrics), and return immediately.
 257   if (request_id == -1) {
 258     if (ShouldRecordExtension(extension)) {
 259       DCHECK(!enabled_);
 260       permitted_extensions_.insert(extension->id());
 261     }
 262     return;
 263   }
 264
 265   switch (RequiresUserConsentForScriptInjection(extension, script_type)) {
 266     case PermissionsData::ACCESS_ALLOWED:
 267       PermitScriptInjection(request_id);
 268       break;
 269     case PermissionsData::ACCESS_WITHHELD:
 270       // This base::Unretained() is safe, because the callback is only invoked
 271       // by this object.
 272       RequestScriptInjection(
 273           extension,
 274           base::Bind(&ActiveScriptController::PermitScriptInjection,
 275                      base::Unretained(this),
 276                      request_id));
 277       break;
 278     case PermissionsData::ACCESS_DENIED:
 279       // We should usually only get a "deny access" if the page changed (as the
 280       // renderer wouldn't have requested permission if the answer was always
 281       // "no"). Just let the request fizzle and die.
 282       break;
 283   }
 284 }
 285
 286 void ActiveScriptController::PermitScriptInjection(int64 request_id) {
 287   // This only sends the response to the renderer - the process of adding the
 288   // extension to the list of |permitted_extensions_| is done elsewhere.
 289   content::RenderViewHost* render_view_host =
 290       web_contents()->GetRenderViewHost();
 291   if (render_view_host) {
 292     render_view_host->Send(new ExtensionMsg_PermitScriptInjection(
 293         render_view_host->GetRoutingID(), request_id));
 294   }
 295 }
 296
 297 void ActiveScriptController::LogUMA() const {
 298   UMA_HISTOGRAM_COUNTS_100(
 299       "Extensions.ActiveScriptController.ShownActiveScriptsOnPage",
 300       pending_requests_.size());
 301
 302   // We only log the permitted extensions metric if the feature is enabled,
 303   // because otherwise the data will be boring (100% allowed).
 304   if (enabled_) {
 305     UMA_HISTOGRAM_COUNTS_100(
 306         "Extensions.ActiveScriptController.PermittedExtensions",
 307         permitted_extensions_.size());
 308     UMA_HISTOGRAM_COUNTS_100(
 309         "Extensions.ActiveScriptController.DeniedExtensions",
 310         pending_requests_.size());
 311   }
 312 }
 313
 314 bool ActiveScriptController::OnMessageReceived(const IPC::Message& message) {
 315   bool handled = true;
 316   IPC_BEGIN_MESSAGE_MAP(ActiveScriptController, message)
 317     IPC_MESSAGE_HANDLER(ExtensionHostMsg_RequestScriptInjectionPermission,
 318                         OnRequestScriptInjectionPermission)
 319     IPC_MESSAGE_UNHANDLED(handled = false)
 320   IPC_END_MESSAGE_MAP()
 321   return handled;
 322 }
 323
 324 void ActiveScriptController::DidNavigateMainFrame(
 325     const content::LoadCommittedDetails& details,
 326     const content::FrameNavigateParams& params) {
 327   if (details.is_in_page)
 328     return;
 329
 330   LogUMA();
 331   permitted_extensions_.clear();
 332   pending_requests_.clear();
 333 }
 334
 335 void ActiveScriptController::OnExtensionUnloaded(
 336     content::BrowserContext* browser_context,
 337     const Extension* extension,
 338     UnloadedExtensionInfo::Reason reason) {
 339   PendingRequestMap::iterator iter = pending_requests_.find(extension->id());
 340   if (iter != pending_requests_.end()) {
 341     pending_requests_.erase(iter);
 342     ExtensionActionAPI::Get(web_contents()->GetBrowserContext())->
 343         NotifyPageActionsChanged(web_contents());
 344   }
 345 }
 346
 347 }  // namespace extensions