1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/common/extensions/extension_file_util.h" 6 7 #include <map> 8 #include <vector> 9 10 #include "base/file_util.h" 11 #include "base/files/file_enumerator.h" 12 #include "base/files/file_path.h" 13 #include "base/files/scoped_temp_dir.h" 14 #include "base/json/json_file_value_serializer.h" 15 #include "base/logging.h" 16 #include "base/metrics/histogram.h" 17 #include "base/path_service.h" 18 #include "base/strings/stringprintf.h" 19 #include "base/strings/utf_string_conversions.h" 20 #include "base/threading/thread_restrictions.h" 21 #include "chrome/common/chrome_paths.h" 22 #include "chrome/common/extensions/api/extension_action/action_info.h" 23 #include "chrome/common/extensions/extension_icon_set.h" 24 #include "chrome/common/extensions/extension_l10n_util.h" 25 #include "chrome/common/extensions/extension_messages.h" 26 #include "chrome/common/extensions/manifest_handlers/icons_handler.h" 27 #include "chrome/common/extensions/manifest_handlers/theme_handler.h" 28 #include "chrome/common/extensions/message_bundle.h" 29 #include "extensions/common/constants.h" 30 #include "extensions/common/extension.h" 31 #include "extensions/common/extension_resource.h" 32 #include "extensions/common/install_warning.h" 33 #include "extensions/common/manifest.h" 34 #include "extensions/common/manifest_constants.h" 35 #include "extensions/common/manifest_handler.h" 36 #include "grit/generated_resources.h" 37 #include "net/base/file_stream.h" 38 #include "ui/base/l10n/l10n_util.h" 39 40 using extensions::Extension; 41 using extensions::ExtensionResource; 42 using extensions::Manifest; 43 44 namespace errors = extensions::manifest_errors; 45 46 namespace { 47 48 const base::FilePath::CharType kTempDirectoryName[] = FILE_PATH_LITERAL("Temp"); 49 50 // Add the image paths contained in the |icon_set| to |image_paths|. 51 void AddPathsFromIconSet(const ExtensionIconSet& icon_set, 52 std::set<base::FilePath>* image_paths) { 53 // TODO(viettrungluu): These |FilePath::FromUTF8Unsafe()| indicate that we're 54 // doing something wrong. 55 for (ExtensionIconSet::IconMap::const_iterator iter = icon_set.map().begin(); 56 iter != icon_set.map().end(); ++iter) { 57 image_paths->insert(base::FilePath::FromUTF8Unsafe(iter->second)); 58 } 59 } 60 61 } // namespace 62 63 namespace extension_file_util { 64 65 base::FilePath InstallExtension(const base::FilePath& unpacked_source_dir, 66 const std::string& id, 67 const std::string& version, 68 const base::FilePath& extensions_dir) { 69 base::FilePath extension_dir = extensions_dir.AppendASCII(id); 70 base::FilePath version_dir; 71 72 // Create the extension directory if it doesn't exist already. 73 if (!base::PathExists(extension_dir)) { 74 if (!base::CreateDirectory(extension_dir)) 75 return base::FilePath(); 76 } 77 78 // Get a temp directory on the same file system as the profile. 79 base::FilePath install_temp_dir = GetInstallTempDir(extensions_dir); 80 base::ScopedTempDir extension_temp_dir; 81 if (install_temp_dir.empty() || 82 !extension_temp_dir.CreateUniqueTempDirUnderPath(install_temp_dir)) { 83 LOG(ERROR) << "Creating of temp dir under in the profile failed."; 84 return base::FilePath(); 85 } 86 base::FilePath crx_temp_source = 87 extension_temp_dir.path().Append(unpacked_source_dir.BaseName()); 88 if (!base::Move(unpacked_source_dir, crx_temp_source)) { 89 LOG(ERROR) << "Moving extension from : " << unpacked_source_dir.value() 90 << " to : " << crx_temp_source.value() << " failed."; 91 return base::FilePath(); 92 } 93 94 // Try to find a free directory. There can be legitimate conflicts in the case 95 // of overinstallation of the same version. 96 const int kMaxAttempts = 100; 97 for (int i = 0; i < kMaxAttempts; ++i) { 98 base::FilePath candidate = extension_dir.AppendASCII( 99 base::StringPrintf("%s_%u", version.c_str(), i)); 100 if (!base::PathExists(candidate)) { 101 version_dir = candidate; 102 break; 103 } 104 } 105 106 if (version_dir.empty()) { 107 LOG(ERROR) << "Could not find a home for extension " << id << " with " 108 << "version " << version << "."; 109 return base::FilePath(); 110 } 111 112 if (!base::Move(crx_temp_source, version_dir)) { 113 LOG(ERROR) << "Installing extension from : " << crx_temp_source.value() 114 << " into : " << version_dir.value() << " failed."; 115 return base::FilePath(); 116 } 117 118 return version_dir; 119 } 120 121 void UninstallExtension(const base::FilePath& extensions_dir, 122 const std::string& id) { 123 // We don't care about the return value. If this fails (and it can, due to 124 // plugins that aren't unloaded yet), it will get cleaned up by 125 // ExtensionService::GarbageCollectExtensions. 126 base::DeleteFile(extensions_dir.AppendASCII(id), true); // recursive. 127 } 128 129 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path, 130 Manifest::Location location, 131 int flags, 132 std::string* error) { 133 return LoadExtension(extension_path, std::string(), location, flags, error); 134 } 135 136 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path, 137 const std::string& extension_id, 138 Manifest::Location location, 139 int flags, 140 std::string* error) { 141 scoped_ptr<base::DictionaryValue> manifest( 142 LoadManifest(extension_path, error)); 143 if (!manifest.get()) 144 return NULL; 145 if (!extension_l10n_util::LocalizeExtension(extension_path, manifest.get(), 146 error)) { 147 return NULL; 148 } 149 150 scoped_refptr<Extension> extension(Extension::Create(extension_path, 151 location, 152 *manifest, 153 flags, 154 extension_id, 155 error)); 156 if (!extension.get()) 157 return NULL; 158 159 std::vector<extensions::InstallWarning> warnings; 160 if (!ValidateExtension(extension.get(), error, &warnings)) 161 return NULL; 162 extension->AddInstallWarnings(warnings); 163 164 return extension; 165 } 166 167 base::DictionaryValue* LoadManifest(const base::FilePath& extension_path, 168 std::string* error) { 169 base::FilePath manifest_path = 170 extension_path.Append(extensions::kManifestFilename); 171 if (!base::PathExists(manifest_path)) { 172 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE); 173 return NULL; 174 } 175 176 JSONFileValueSerializer serializer(manifest_path); 177 scoped_ptr<base::Value> root(serializer.Deserialize(NULL, error)); 178 if (!root.get()) { 179 if (error->empty()) { 180 // If |error| is empty, than the file could not be read. 181 // It would be cleaner to have the JSON reader give a specific error 182 // in this case, but other code tests for a file error with 183 // error->empty(). For now, be consistent. 184 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE); 185 } else { 186 *error = base::StringPrintf("%s %s", 187 errors::kManifestParseError, 188 error->c_str()); 189 } 190 return NULL; 191 } 192 193 if (!root->IsType(base::Value::TYPE_DICTIONARY)) { 194 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID); 195 return NULL; 196 } 197 198 return static_cast<base::DictionaryValue*>(root.release()); 199 } 200 201 std::vector<base::FilePath> FindPrivateKeyFiles( 202 const base::FilePath& extension_dir) { 203 std::vector<base::FilePath> result; 204 // Pattern matching only works at the root level, so filter manually. 205 base::FileEnumerator traversal(extension_dir, /*recursive=*/true, 206 base::FileEnumerator::FILES); 207 for (base::FilePath current = traversal.Next(); !current.empty(); 208 current = traversal.Next()) { 209 if (!current.MatchesExtension(extensions::kExtensionKeyFileExtension)) 210 continue; 211 212 std::string key_contents; 213 if (!base::ReadFileToString(current, &key_contents)) { 214 // If we can't read the file, assume it's not a private key. 215 continue; 216 } 217 std::string key_bytes; 218 if (!Extension::ParsePEMKeyBytes(key_contents, &key_bytes)) { 219 // If we can't parse the key, assume it's ok too. 220 continue; 221 } 222 223 result.push_back(current); 224 } 225 return result; 226 } 227 228 bool ValidateFilePath(const base::FilePath& path) { 229 int64 size = 0; 230 if (!base::PathExists(path) || 231 !base::GetFileSize(path, &size) || 232 size == 0) { 233 return false; 234 } 235 236 return true; 237 } 238 239 bool ValidateExtensionIconSet(const ExtensionIconSet& icon_set, 240 const Extension* extension, 241 int error_message_id, 242 std::string* error) { 243 for (ExtensionIconSet::IconMap::const_iterator iter = icon_set.map().begin(); 244 iter != icon_set.map().end(); 245 ++iter) { 246 const base::FilePath path = 247 extension->GetResource(iter->second).GetFilePath(); 248 if (!ValidateFilePath(path)) { 249 *error = l10n_util::GetStringFUTF8(error_message_id, 250 UTF8ToUTF16(iter->second)); 251 return false; 252 } 253 } 254 return true; 255 } 256 257 bool ValidateExtension(const Extension* extension, 258 std::string* error, 259 std::vector<extensions::InstallWarning>* warnings) { 260 // Ask registered manifest handlers to validate their paths. 261 if (!extensions::ManifestHandler::ValidateExtension( 262 extension, error, warnings)) 263 return false; 264 265 // Check children of extension root to see if any of them start with _ and is 266 // not on the reserved list. We only warn, and do not block the loading of the 267 // extension. 268 std::string warning; 269 if (!CheckForIllegalFilenames(extension->path(), &warning)) 270 warnings->push_back(extensions::InstallWarning(warning)); 271 272 // Check that extensions don't include private key files. 273 std::vector<base::FilePath> private_keys = 274 FindPrivateKeyFiles(extension->path()); 275 if (extension->creation_flags() & Extension::ERROR_ON_PRIVATE_KEY) { 276 if (!private_keys.empty()) { 277 // Only print one of the private keys because l10n_util doesn't have a way 278 // to translate a list of strings. 279 *error = l10n_util::GetStringFUTF8( 280 IDS_EXTENSION_CONTAINS_PRIVATE_KEY, 281 private_keys.front().LossyDisplayName()); 282 return false; 283 } 284 } else { 285 for (size_t i = 0; i < private_keys.size(); ++i) { 286 warnings->push_back(extensions::InstallWarning( 287 l10n_util::GetStringFUTF8( 288 IDS_EXTENSION_CONTAINS_PRIVATE_KEY, 289 private_keys[i].LossyDisplayName()))); 290 } 291 // Only warn; don't block loading the extension. 292 } 293 return true; 294 } 295 296 std::set<base::FilePath> GetBrowserImagePaths(const Extension* extension) { 297 std::set<base::FilePath> image_paths; 298 299 AddPathsFromIconSet(extensions::IconsInfo::GetIcons(extension), &image_paths); 300 301 // Theme images 302 const base::DictionaryValue* theme_images = 303 extensions::ThemeInfo::GetImages(extension); 304 if (theme_images) { 305 for (base::DictionaryValue::Iterator it(*theme_images); !it.IsAtEnd(); 306 it.Advance()) { 307 base::FilePath::StringType path; 308 if (it.value().GetAsString(&path)) 309 image_paths.insert(base::FilePath(path)); 310 } 311 } 312 313 const extensions::ActionInfo* page_action = 314 extensions::ActionInfo::GetPageActionInfo(extension); 315 if (page_action && !page_action->default_icon.empty()) 316 AddPathsFromIconSet(page_action->default_icon, &image_paths); 317 318 const extensions::ActionInfo* browser_action = 319 extensions::ActionInfo::GetBrowserActionInfo(extension); 320 if (browser_action && !browser_action->default_icon.empty()) 321 AddPathsFromIconSet(browser_action->default_icon, &image_paths); 322 323 return image_paths; 324 } 325 326 void GarbageCollectExtensions( 327 const base::FilePath& install_directory, 328 const std::multimap<std::string, base::FilePath>& extension_paths) { 329 // Nothing to clean up if it doesn't exist. 330 if (!base::DirectoryExists(install_directory)) 331 return; 332 333 DVLOG(1) << "Garbage collecting extensions..."; 334 base::FileEnumerator enumerator(install_directory, 335 false, // Not recursive. 336 base::FileEnumerator::DIRECTORIES); 337 base::FilePath extension_path; 338 for (extension_path = enumerator.Next(); !extension_path.value().empty(); 339 extension_path = enumerator.Next()) { 340 std::string extension_id; 341 342 base::FilePath basename = extension_path.BaseName(); 343 // Clean up temporary files left if Chrome crashed or quit in the middle 344 // of an extension install. 345 if (basename.value() == kTempDirectoryName) { 346 base::DeleteFile(extension_path, true); // Recursive 347 continue; 348 } 349 350 // Parse directory name as a potential extension ID. 351 if (IsStringASCII(basename.value())) { 352 extension_id = UTF16ToASCII(basename.LossyDisplayName()); 353 if (!Extension::IdIsValid(extension_id)) 354 extension_id.clear(); 355 } 356 357 // Delete directories that aren't valid IDs. 358 if (extension_id.empty()) { 359 DLOG(WARNING) << "Invalid extension ID encountered in extensions " 360 "directory: " << basename.value(); 361 DVLOG(1) << "Deleting invalid extension directory " 362 << extension_path.value() << "."; 363 base::DeleteFile(extension_path, true); // Recursive. 364 continue; 365 } 366 367 typedef std::multimap<std::string, base::FilePath>::const_iterator Iter; 368 std::pair<Iter, Iter> iter_pair = extension_paths.equal_range(extension_id); 369 370 // If there is no entry in the prefs file, just delete the directory and 371 // move on. This can legitimately happen when an uninstall does not 372 // complete, for example, when a plugin is in use at uninstall time. 373 if (iter_pair.first == iter_pair.second) { 374 DVLOG(1) << "Deleting unreferenced install for directory " 375 << extension_path.LossyDisplayName() << "."; 376 base::DeleteFile(extension_path, true); // Recursive. 377 continue; 378 } 379 380 // Clean up old version directories. 381 base::FileEnumerator versions_enumerator( 382 extension_path, 383 false, // Not recursive. 384 base::FileEnumerator::DIRECTORIES); 385 for (base::FilePath version_dir = versions_enumerator.Next(); 386 !version_dir.value().empty(); 387 version_dir = versions_enumerator.Next()) { 388 bool knownVersion = false; 389 for (Iter it = iter_pair.first; it != iter_pair.second; ++it) 390 if (version_dir.BaseName() == it->second.BaseName()) { 391 knownVersion = true; 392 break; 393 } 394 if (!knownVersion) { 395 DVLOG(1) << "Deleting old version for directory " 396 << version_dir.LossyDisplayName() << "."; 397 base::DeleteFile(version_dir, true); // Recursive. 398 } 399 } 400 } 401 } 402 403 extensions::MessageBundle* LoadMessageBundle( 404 const base::FilePath& extension_path, 405 const std::string& default_locale, 406 std::string* error) { 407 error->clear(); 408 // Load locale information if available. 409 base::FilePath locale_path = extension_path.Append(extensions::kLocaleFolder); 410 if (!base::PathExists(locale_path)) 411 return NULL; 412 413 std::set<std::string> locales; 414 if (!extension_l10n_util::GetValidLocales(locale_path, &locales, error)) 415 return NULL; 416 417 if (default_locale.empty() || 418 locales.find(default_locale) == locales.end()) { 419 *error = l10n_util::GetStringUTF8( 420 IDS_EXTENSION_LOCALES_NO_DEFAULT_LOCALE_SPECIFIED); 421 return NULL; 422 } 423 424 extensions::MessageBundle* message_bundle = 425 extension_l10n_util::LoadMessageCatalogs( 426 locale_path, 427 default_locale, 428 extension_l10n_util::CurrentLocaleOrDefault(), 429 locales, 430 error); 431 432 return message_bundle; 433 } 434 435 SubstitutionMap* LoadMessageBundleSubstitutionMap( 436 const base::FilePath& extension_path, 437 const std::string& extension_id, 438 const std::string& default_locale) { 439 SubstitutionMap* returnValue = new SubstitutionMap(); 440 if (!default_locale.empty()) { 441 // Touch disk only if extension is localized. 442 std::string error; 443 scoped_ptr<extensions::MessageBundle> bundle( 444 LoadMessageBundle(extension_path, default_locale, &error)); 445 446 if (bundle.get()) 447 *returnValue = *bundle->dictionary(); 448 } 449 450 // Add @@extension_id reserved message here, so it's available to 451 // non-localized extensions too. 452 returnValue->insert( 453 std::make_pair(extensions::MessageBundle::kExtensionIdKey, extension_id)); 454 455 return returnValue; 456 } 457 458 bool CheckForIllegalFilenames(const base::FilePath& extension_path, 459 std::string* error) { 460 // Reserved underscore names. 461 static const base::FilePath::CharType* reserved_names[] = { 462 extensions::kLocaleFolder, 463 extensions::kPlatformSpecificFolder, 464 FILE_PATH_LITERAL("__MACOSX"), 465 }; 466 CR_DEFINE_STATIC_LOCAL( 467 std::set<base::FilePath::StringType>, reserved_underscore_names, 468 (reserved_names, reserved_names + arraysize(reserved_names))); 469 470 // Enumerate all files and directories in the extension root. 471 // There is a problem when using pattern "_*" with FileEnumerator, so we have 472 // to cheat with find_first_of and match all. 473 const int kFilesAndDirectories = 474 base::FileEnumerator::DIRECTORIES | base::FileEnumerator::FILES; 475 base::FileEnumerator all_files(extension_path, false, kFilesAndDirectories); 476 477 base::FilePath file; 478 while (!(file = all_files.Next()).empty()) { 479 base::FilePath::StringType filename = file.BaseName().value(); 480 // Skip all that don't start with "_". 481 if (filename.find_first_of(FILE_PATH_LITERAL("_")) != 0) continue; 482 if (reserved_underscore_names.find(filename) == 483 reserved_underscore_names.end()) { 484 *error = base::StringPrintf( 485 "Cannot load extension with file or directory name %s. " 486 "Filenames starting with \"_\" are reserved for use by the system.", 487 filename.c_str()); 488 return false; 489 } 490 } 491 492 return true; 493 } 494 495 base::FilePath GetInstallTempDir(const base::FilePath& extensions_dir) { 496 // We do file IO in this function, but only when the current profile's 497 // Temp directory has never been used before, or in a rare error case. 498 // Developers are not likely to see these situations often, so do an 499 // explicit thread check. 500 base::ThreadRestrictions::AssertIOAllowed(); 501 502 // Create the temp directory as a sub-directory of the Extensions directory. 503 // This guarantees it is on the same file system as the extension's eventual 504 // install target. 505 base::FilePath temp_path = extensions_dir.Append(kTempDirectoryName); 506 if (base::PathExists(temp_path)) { 507 if (!base::DirectoryExists(temp_path)) { 508 DLOG(WARNING) << "Not a directory: " << temp_path.value(); 509 return base::FilePath(); 510 } 511 if (!base::PathIsWritable(temp_path)) { 512 DLOG(WARNING) << "Can't write to path: " << temp_path.value(); 513 return base::FilePath(); 514 } 515 // This is a directory we can write to. 516 return temp_path; 517 } 518 519 // Directory doesn't exist, so create it. 520 if (!base::CreateDirectory(temp_path)) { 521 DLOG(WARNING) << "Couldn't create directory: " << temp_path.value(); 522 return base::FilePath(); 523 } 524 return temp_path; 525 } 526 527 void DeleteFile(const base::FilePath& path, bool recursive) { 528 base::DeleteFile(path, recursive); 529 } 530 531 } // namespace extension_file_util 532
