// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/common/extensions/extension_file_util.h"
#include <map>
#include <vector>
#include "base/file_util.h"
#include "base/logging.h"
#include "base/memory/scoped_temp_dir.h"
#include "base/metrics/histogram.h"
#include "base/path_service.h"
#include "base/threading/thread_restrictions.h"
#include "base/utf_string_conversions.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/common/extensions/extension.h"
#include "chrome/common/extensions/extension_action.h"
#include "chrome/common/extensions/extension_l10n_util.h"
#include "chrome/common/extensions/extension_constants.h"
#include "chrome/common/extensions/extension_resource.h"
#include "chrome/common/extensions/extension_sidebar_defaults.h"
#include "content/common/json_value_serializer.h"
#include "grit/generated_resources.h"
#include "net/base/escape.h"
#include "net/base/file_stream.h"
#include "ui/base/l10n/l10n_util.h"
namespace errors = extension_manifest_errors;
namespace extension_file_util {
// Validates locale info. Doesn't check if messages.json files are valid.
static bool ValidateLocaleInfo(const Extension& extension, std::string* error);
// Returns false and sets the error if script file can't be loaded,
// or if it's not UTF-8 encoded.
static bool IsScriptValid(const FilePath& path, const FilePath& relative_path,
int message_id, std::string* error);
const char kInstallDirectoryName[] = "Extensions";
FilePath InstallExtension(const FilePath& unpacked_source_dir,
const std::string& id,
const std::string& version,
const FilePath& all_extensions_dir) {
FilePath extension_dir = all_extensions_dir.AppendASCII(id);
FilePath version_dir;
// Create the extension directory if it doesn't exist already.
if (!file_util::PathExists(extension_dir)) {
if (!file_util::CreateDirectory(extension_dir))
return FilePath();
}
// Try to find a free directory. There can be legitimate conflicts in the case
// of overinstallation of the same version.
const int kMaxAttempts = 100;
for (int i = 0; i < kMaxAttempts; ++i) {
FilePath candidate = extension_dir.AppendASCII(
base::StringPrintf("%s_%u", version.c_str(), i));
if (!file_util::PathExists(candidate)) {
version_dir = candidate;
break;
}
}
if (version_dir.empty()) {
LOG(ERROR) << "Could not find a home for extension " << id << " with "
<< "version " << version << ".";
return FilePath();
}
if (!file_util::Move(unpacked_source_dir, version_dir))
return FilePath();
return version_dir;
}
void UninstallExtension(const FilePath& extensions_dir,
const std::string& id) {
// We don't care about the return value. If this fails (and it can, due to
// plugins that aren't unloaded yet, it will get cleaned up by
// ExtensionService::GarbageCollectExtensions).
file_util::Delete(extensions_dir.AppendASCII(id), true); // recursive.
}
scoped_refptr<Extension> LoadExtension(const FilePath& extension_path,
Extension::Location location,
int flags,
std::string* error) {
FilePath manifest_path =
extension_path.Append(Extension::kManifestFilename);
if (!file_util::PathExists(manifest_path)) {
*error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
return NULL;
}
JSONFileValueSerializer serializer(manifest_path);
scoped_ptr<Value> root(serializer.Deserialize(NULL, error));
if (!root.get()) {
if (error->empty()) {
// If |error| is empty, than the file could not be read.
// It would be cleaner to have the JSON reader give a specific error
// in this case, but other code tests for a file error with
// error->empty(). For now, be consistent.
*error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
} else {
*error = base::StringPrintf("%s %s",
errors::kManifestParseError,
error->c_str());
}
return NULL;
}
if (!root->IsType(Value::TYPE_DICTIONARY)) {
*error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID);
return NULL;
}
DictionaryValue* manifest = static_cast<DictionaryValue*>(root.get());
if (!extension_l10n_util::LocalizeExtension(extension_path, manifest, error))
return NULL;
scoped_refptr<Extension> extension(Extension::Create(
extension_path,
location,
*manifest,
flags,
error));
if (!extension.get())
return NULL;
if (!ValidateExtension(extension.get(), error))
return NULL;
return extension;
}
bool ValidateExtension(Extension* extension, std::string* error) {
// Validate icons exist.
for (ExtensionIconSet::IconMap::const_iterator iter =
extension->icons().map().begin();
iter != extension->icons().map().end();
++iter) {
const FilePath path = extension->GetResource(iter->second).GetFilePath();
if (!file_util::PathExists(path)) {
*error =
l10n_util::GetStringFUTF8(IDS_EXTENSION_LOAD_ICON_FAILED,
UTF8ToUTF16(iter->second));
return false;
}
}
// Theme resource validation.
if (extension->is_theme()) {
DictionaryValue* images_value = extension->GetThemeImages();
if (images_value) {
for (DictionaryValue::key_iterator iter = images_value->begin_keys();
iter != images_value->end_keys(); ++iter) {
std::string val;
if (images_value->GetStringWithoutPathExpansion(*iter, &val)) {
FilePath image_path = extension->path().AppendASCII(val);
if (!file_util::PathExists(image_path)) {
*error =
l10n_util::GetStringFUTF8(IDS_EXTENSION_INVALID_IMAGE_PATH,
image_path.LossyDisplayName());
return false;
}
}
}
}
// Themes cannot contain other extension types.
return true;
}
// Validate that claimed script resources actually exist,
// and are UTF-8 encoded.
for (size_t i = 0; i < extension->content_scripts().size(); ++i) {
const UserScript& script = extension->content_scripts()[i];
for (size_t j = 0; j < script.js_scripts().size(); j++) {
const UserScript::File& js_script = script.js_scripts()[j];
const FilePath& path = ExtensionResource::GetFilePath(
js_script.extension_root(), js_script.relative_path());
if (!IsScriptValid(path, js_script.relative_path(),
IDS_EXTENSION_LOAD_JAVASCRIPT_FAILED, error))
return false;
}
for (size_t j = 0; j < script.css_scripts().size(); j++) {
const UserScript::File& css_script = script.css_scripts()[j];
const FilePath& path = ExtensionResource::GetFilePath(
css_script.extension_root(), css_script.relative_path());
if (!IsScriptValid(path, css_script.relative_path(),
IDS_EXTENSION_LOAD_CSS_FAILED, error))
return false;
}
}
// Validate claimed plugin paths.
for (size_t i = 0; i < extension->plugins().size(); ++i) {
const Extension::PluginInfo& plugin = extension->plugins()[i];
if (!file_util::PathExists(plugin.path)) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_PLUGIN_PATH_FAILED,
plugin.path.LossyDisplayName());
return false;
}
}
// Validate icon location for page actions.
ExtensionAction* page_action = extension->page_action();
if (page_action) {
std::vector<std::string> icon_paths(*page_action->icon_paths());
if (!page_action->default_icon_path().empty())
icon_paths.push_back(page_action->default_icon_path());
for (std::vector<std::string>::iterator iter = icon_paths.begin();
iter != icon_paths.end(); ++iter) {
if (!file_util::PathExists(extension->GetResource(*iter).GetFilePath())) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_ICON_FOR_PAGE_ACTION_FAILED,
UTF8ToUTF16(*iter));
return false;
}
}
}
// Validate icon location for browser actions.
// Note: browser actions don't use the icon_paths().
ExtensionAction* browser_action = extension->browser_action();
if (browser_action) {
std::string path = browser_action->default_icon_path();
if (!path.empty() &&
!file_util::PathExists(extension->GetResource(path).GetFilePath())) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_ICON_FOR_BROWSER_ACTION_FAILED,
UTF8ToUTF16(path));
return false;
}
}
// Validate background page location, except for hosted apps, which should use
// an external URL. Background page for hosted apps are verified when the
// extension is created (in Extension::InitFromValue)
if (!extension->background_url().is_empty() && !extension->is_hosted_app()) {
FilePath page_path = ExtensionURLToRelativeFilePath(
extension->background_url());
const FilePath path = extension->GetResource(page_path).GetFilePath();
if (path.empty() || !file_util::PathExists(path)) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_BACKGROUND_PAGE_FAILED,
page_path.LossyDisplayName());
return false;
}
}
// Validate path to the options page. Don't check the URL for hosted apps,
// because they are expected to refer to an external URL.
if (!extension->options_url().is_empty() && !extension->is_hosted_app()) {
const FilePath options_path = ExtensionURLToRelativeFilePath(
extension->options_url());
const FilePath path = extension->GetResource(options_path).GetFilePath();
if (path.empty() || !file_util::PathExists(path)) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_OPTIONS_PAGE_FAILED,
options_path.LossyDisplayName());
return false;
}
}
// Validate sidebar default page location.
ExtensionSidebarDefaults* sidebar_defaults = extension->sidebar_defaults();
if (sidebar_defaults && sidebar_defaults->default_page().is_valid()) {
FilePath page_path = ExtensionURLToRelativeFilePath(
sidebar_defaults->default_page());
const FilePath path = extension->GetResource(page_path).GetFilePath();
if (path.empty() || !file_util::PathExists(path)) {
*error =
l10n_util::GetStringFUTF8(
IDS_EXTENSION_LOAD_SIDEBAR_PAGE_FAILED,
page_path.LossyDisplayName());
return false;
}
}
// Validate locale info.
if (!ValidateLocaleInfo(*extension, error))
return false;
// Check children of extension root to see if any of them start with _ and is
// not on the reserved list.
if (!CheckForIllegalFilenames(extension->path(), error)) {
return false;
}
return true;
}
void GarbageCollectExtensions(
const FilePath& install_directory,
const std::map<std::string, FilePath>& extension_paths) {
// Nothing to clean up if it doesn't exist.
if (!file_util::DirectoryExists(install_directory))
return;
VLOG(1) << "Garbage collecting extensions...";
file_util::FileEnumerator enumerator(install_directory,
false, // Not recursive.
file_util::FileEnumerator::DIRECTORIES);
FilePath extension_path;
for (extension_path = enumerator.Next(); !extension_path.value().empty();
extension_path = enumerator.Next()) {
std::string extension_id;
FilePath basename = extension_path.BaseName();
if (IsStringASCII(basename.value())) {
extension_id = UTF16ToASCII(basename.LossyDisplayName());
if (!Extension::IdIsValid(extension_id))
extension_id.clear();
}
// Delete directories that aren't valid IDs.
if (extension_id.empty()) {
LOG(WARNING) << "Invalid extension ID encountered in extensions "
"directory: " << basename.value();
VLOG(1) << "Deleting invalid extension directory "
<< extension_path.value() << ".";
file_util::Delete(extension_path, true); // Recursive.
continue;
}
std::map<std::string, FilePath>::const_iterator iter =
extension_paths.find(extension_id);
// If there is no entry in the prefs file, just delete the directory and
// move on. This can legitimately happen when an uninstall does not
// complete, for example, when a plugin is in use at uninstall time.
if (iter == extension_paths.end()) {
VLOG(1) << "Deleting unreferenced install for directory "
<< extension_path.LossyDisplayName() << ".";
file_util::Delete(extension_path, true); // Recursive.
continue;
}
// Clean up old version directories.
file_util::FileEnumerator versions_enumerator(
extension_path,
false, // Not recursive.
file_util::FileEnumerator::DIRECTORIES);
for (FilePath version_dir = versions_enumerator.Next();
!version_dir.value().empty();
version_dir = versions_enumerator.Next()) {
if (version_dir.BaseName() != iter->second.BaseName()) {
VLOG(1) << "Deleting old version for directory "
<< version_dir.LossyDisplayName() << ".";
file_util::Delete(version_dir, true); // Recursive.
}
}
}
}
ExtensionMessageBundle* LoadExtensionMessageBundle(
const FilePath& extension_path,
const std::string& default_locale,
std::string* error) {
error->clear();
// Load locale information if available.
FilePath locale_path = extension_path.Append(Extension::kLocaleFolder);
if (!file_util::PathExists(locale_path))
return NULL;
std::set<std::string> locales;
if (!extension_l10n_util::GetValidLocales(locale_path, &locales, error))
return NULL;
if (default_locale.empty() ||
locales.find(default_locale) == locales.end()) {
*error = l10n_util::GetStringUTF8(
IDS_EXTENSION_LOCALES_NO_DEFAULT_LOCALE_SPECIFIED);
return NULL;
}
ExtensionMessageBundle* message_bundle =
extension_l10n_util::LoadMessageCatalogs(
locale_path,
default_locale,
extension_l10n_util::CurrentLocaleOrDefault(),
locales,
error);
return message_bundle;
}
static bool ValidateLocaleInfo(const Extension& extension, std::string* error) {
// default_locale and _locales have to be both present or both missing.
const FilePath path = extension.path().Append(Extension::kLocaleFolder);
bool path_exists = file_util::PathExists(path);
std::string default_locale = extension.default_locale();
// If both default locale and _locales folder are empty, skip verification.
if (default_locale.empty() && !path_exists)
return true;
if (default_locale.empty() && path_exists) {
*error = l10n_util::GetStringUTF8(
IDS_EXTENSION_LOCALES_NO_DEFAULT_LOCALE_SPECIFIED);
return false;
} else if (!default_locale.empty() && !path_exists) {
*error = errors::kLocalesTreeMissing;
return false;
}
// Treat all folders under _locales as valid locales.
file_util::FileEnumerator locales(path,
false,
file_util::FileEnumerator::DIRECTORIES);
std::set<std::string> all_locales;
extension_l10n_util::GetAllLocales(&all_locales);
const FilePath default_locale_path = path.AppendASCII(default_locale);
bool has_default_locale_message_file = false;
FilePath locale_path;
while (!(locale_path = locales.Next()).empty()) {
if (extension_l10n_util::ShouldSkipValidation(path, locale_path,
all_locales))
continue;
FilePath messages_path =
locale_path.Append(Extension::kMessagesFilename);
if (!file_util::PathExists(messages_path)) {
*error = base::StringPrintf(
"%s %s", errors::kLocalesMessagesFileMissing,
UTF16ToUTF8(messages_path.LossyDisplayName()).c_str());
return false;
}
if (locale_path == default_locale_path)
has_default_locale_message_file = true;
}
// Only message file for default locale has to exist.
if (!has_default_locale_message_file) {
*error = errors::kLocalesNoDefaultMessages;
return false;
}
return true;
}
static bool IsScriptValid(const FilePath& path,
const FilePath& relative_path,
int message_id,
std::string* error) {
std::string content;
if (!file_util::PathExists(path) ||
!file_util::ReadFileToString(path, &content)) {
*error = l10n_util::GetStringFUTF8(
message_id,
relative_path.LossyDisplayName());
return false;
}
if (!IsStringUTF8(content)) {
*error = l10n_util::GetStringFUTF8(
IDS_EXTENSION_BAD_FILE_ENCODING,
relative_path.LossyDisplayName());
return false;
}
return true;
}
bool CheckForIllegalFilenames(const FilePath& extension_path,
std::string* error) {
// Reserved underscore names.
static const FilePath::CharType* reserved_names[] = {
Extension::kLocaleFolder,
FILE_PATH_LITERAL("__MACOSX"),
};
static std::set<FilePath::StringType> reserved_underscore_names(
reserved_names, reserved_names + arraysize(reserved_names));
// Enumerate all files and directories in the extension root.
// There is a problem when using pattern "_*" with FileEnumerator, so we have
// to cheat with find_first_of and match all.
file_util::FileEnumerator all_files(
extension_path,
false,
static_cast<file_util::FileEnumerator::FILE_TYPE>(
file_util::FileEnumerator::DIRECTORIES |
file_util::FileEnumerator::FILES));
FilePath file;
while (!(file = all_files.Next()).empty()) {
FilePath::StringType filename = file.BaseName().value();
// Skip all that don't start with "_".
if (filename.find_first_of(FILE_PATH_LITERAL("_")) != 0) continue;
if (reserved_underscore_names.find(filename) ==
reserved_underscore_names.end()) {
*error = base::StringPrintf(
"Cannot load extension with file or directory name %s. "
"Filenames starting with \"_\" are reserved for use by the system.",
filename.c_str());
return false;
}
}
return true;
}
FilePath ExtensionURLToRelativeFilePath(const GURL& url) {
std::string url_path = url.path();
if (url_path.empty() || url_path[0] != '/')
return FilePath();
// Drop the leading slashes and convert %-encoded UTF8 to regular UTF8.
std::string file_path = UnescapeURLComponent(url_path,
UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS);
size_t skip = file_path.find_first_not_of("/\\");
if (skip != file_path.npos)
file_path = file_path.substr(skip);
FilePath path =
#if defined(OS_POSIX)
FilePath(file_path);
#elif defined(OS_WIN)
FilePath(UTF8ToWide(file_path));
#else
FilePath();
NOTIMPLEMENTED();
#endif
// It's still possible for someone to construct an annoying URL whose path
// would still wind up not being considered relative at this point.
// For example: chrome-extension://id/c:////foo.html
if (path.IsAbsolute())
return FilePath();
return path;
}
FilePath GetUserDataTempDir() {
// We do file IO in this function, but only when the current profile's
// Temp directory has never been used before, or in a rare error case.
// Developers are not likely to see these situations often, so do an
// explicit thread check.
base::ThreadRestrictions::AssertIOAllowed();
// Getting chrome::DIR_USER_DATA_TEMP is failing. Use histogram to see why.
// TODO(skerner): Fix the problem, and remove this code. crbug.com/70056
enum DirectoryCreationResult {
SUCCESS = 0,
CANT_GET_PARENT_PATH,
CANT_GET_UDT_PATH,
NOT_A_DIRECTORY,
CANT_CREATE_DIR,
CANT_WRITE_TO_PATH,
UNSET,
NUM_DIRECTORY_CREATION_RESULTS
};
// All paths should set |result|.
DirectoryCreationResult result = UNSET;
FilePath temp_path;
if (!PathService::Get(chrome::DIR_USER_DATA_TEMP, &temp_path)) {
FilePath parent_path;
if (!PathService::Get(chrome::DIR_USER_DATA, &parent_path))
result = CANT_GET_PARENT_PATH;
else
result = CANT_GET_UDT_PATH;
} else if (file_util::PathExists(temp_path)) {
// Path exists. Check that it is a directory we can write to.
if (!file_util::DirectoryExists(temp_path)) {
result = NOT_A_DIRECTORY;
} else if (!file_util::PathIsWritable(temp_path)) {
result = CANT_WRITE_TO_PATH;
} else {
// Temp is a writable directory.
result = SUCCESS;
}
} else if (!file_util::CreateDirectory(temp_path)) {
// Path doesn't exist, and we failed to create it.
result = CANT_CREATE_DIR;
} else {
// Successfully created the Temp directory.
result = SUCCESS;
}
UMA_HISTOGRAM_ENUMERATION("Extensions.GetUserDataTempDir",
result,
NUM_DIRECTORY_CREATION_RESULTS);
if (result == SUCCESS)
return temp_path;
return FilePath();
}
void DeleteFile(const FilePath& path, bool recursive) {
file_util::Delete(path, recursive);
}
} // namespace extension_file_util