1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/utility/extensions/unpacker.h"
6
7 #include <set>
8
9 #include "base/file_util.h"
10 #include "base/files/file_enumerator.h"
11 #include "base/files/scoped_temp_dir.h"
12 #include "base/i18n/rtl.h"
13 #include "base/json/json_file_value_serializer.h"
14 #include "base/memory/scoped_handle.h"
15 #include "base/safe_numerics.h"
16 #include "base/strings/string_util.h"
17 #include "base/strings/utf_string_conversions.h"
18 #include "base/threading/thread.h"
19 #include "base/values.h"
20 #include "chrome/common/chrome_utility_messages.h"
21 #include "chrome/common/extensions/api/i18n/default_locale_handler.h"
22 #include "chrome/common/extensions/extension_file_util.h"
23 #include "chrome/common/extensions/extension_l10n_util.h"
24 #include "content/public/child/image_decoder_utils.h"
25 #include "content/public/common/common_param_traits.h"
26 #include "extensions/common/constants.h"
27 #include "extensions/common/extension.h"
28 #include "extensions/common/manifest.h"
29 #include "extensions/common/manifest_constants.h"
30 #include "grit/generated_resources.h"
31 #include "ipc/ipc_message_utils.h"
32 #include "net/base/file_stream.h"
33 #include "third_party/skia/include/core/SkBitmap.h"
34 #include "third_party/zlib/google/zip.h"
35 #include "ui/base/l10n/l10n_util.h"
36 #include "ui/gfx/size.h"
37
38 namespace extensions {
39
40 namespace {
41
42 namespace errors = manifest_errors;
43 namespace keys = manifest_keys;
44
45 // A limit to stop us passing dangerously large canvases to the browser.
46 const int kMaxImageCanvas = 4096 * 4096;
47
DecodeImage(const base::FilePath & path)48 SkBitmap DecodeImage(const base::FilePath& path) {
49 // Read the file from disk.
50 std::string file_contents;
51 if (!base::PathExists(path) ||
52 !base::ReadFileToString(path, &file_contents)) {
53 return SkBitmap();
54 }
55
56 // Decode the image using WebKit's image decoder.
57 const unsigned char* data =
58 reinterpret_cast<const unsigned char*>(file_contents.data());
59 SkBitmap bitmap = content::DecodeImage(data,
60 gfx::Size(),
61 file_contents.length());
62 Sk64 bitmap_size = bitmap.getSize64();
63 if (!bitmap_size.is32() || bitmap_size.get32() > kMaxImageCanvas)
64 return SkBitmap();
65 return bitmap;
66 }
67
PathContainsParentDirectory(const base::FilePath & path)68 bool PathContainsParentDirectory(const base::FilePath& path) {
69 const base::FilePath::StringType kSeparators(base::FilePath::kSeparators);
70 const base::FilePath::StringType kParentDirectory(
71 base::FilePath::kParentDirectory);
72 const size_t npos = base::FilePath::StringType::npos;
73 const base::FilePath::StringType& value = path.value();
74
75 for (size_t i = 0; i < value.length(); ) {
76 i = value.find(kParentDirectory, i);
77 if (i != npos) {
78 if ((i == 0 || kSeparators.find(value[i-1]) == npos) &&
79 (i+1 < value.length() || kSeparators.find(value[i+1]) == npos)) {
80 return true;
81 }
82 ++i;
83 }
84 }
85
86 return false;
87 }
88
WritePickle(const IPC::Message & pickle,const base::FilePath & dest_path)89 bool WritePickle(const IPC::Message& pickle, const base::FilePath& dest_path) {
90 int size = base::checked_numeric_cast<int>(pickle.size());
91 const char* data = static_cast<const char*>(pickle.data());
92 int bytes_written = file_util::WriteFile(dest_path, data, size);
93 return (bytes_written == size);
94 }
95
96 } // namespace
97
98 struct Unpacker::InternalData {
99 DecodedImages decoded_images;
100 };
101
Unpacker(const base::FilePath & extension_path,const std::string & extension_id,Manifest::Location location,int creation_flags)102 Unpacker::Unpacker(const base::FilePath& extension_path,
103 const std::string& extension_id,
104 Manifest::Location location,
105 int creation_flags)
106 : extension_path_(extension_path),
107 extension_id_(extension_id),
108 location_(location),
109 creation_flags_(creation_flags) {
110 internal_data_.reset(new InternalData());
111 }
112
~Unpacker()113 Unpacker::~Unpacker() {
114 }
115
ReadManifest()116 base::DictionaryValue* Unpacker::ReadManifest() {
117 base::FilePath manifest_path =
118 temp_install_dir_.Append(kManifestFilename);
119 if (!base::PathExists(manifest_path)) {
120 SetError(errors::kInvalidManifest);
121 return NULL;
122 }
123
124 JSONFileValueSerializer serializer(manifest_path);
125 std::string error;
126 scoped_ptr<base::Value> root(serializer.Deserialize(NULL, &error));
127 if (!root.get()) {
128 SetError(error);
129 return NULL;
130 }
131
132 if (!root->IsType(base::Value::TYPE_DICTIONARY)) {
133 SetError(errors::kInvalidManifest);
134 return NULL;
135 }
136
137 return static_cast<base::DictionaryValue*>(root.release());
138 }
139
ReadAllMessageCatalogs(const std::string & default_locale)140 bool Unpacker::ReadAllMessageCatalogs(const std::string& default_locale) {
141 base::FilePath locales_path =
142 temp_install_dir_.Append(kLocaleFolder);
143
144 // Not all folders under _locales have to be valid locales.
145 base::FileEnumerator locales(locales_path,
146 false,
147 base::FileEnumerator::DIRECTORIES);
148
149 std::set<std::string> all_locales;
150 extension_l10n_util::GetAllLocales(&all_locales);
151 base::FilePath locale_path;
152 while (!(locale_path = locales.Next()).empty()) {
153 if (extension_l10n_util::ShouldSkipValidation(locales_path, locale_path,
154 all_locales))
155 continue;
156
157 base::FilePath messages_path = locale_path.Append(kMessagesFilename);
158
159 if (!ReadMessageCatalog(messages_path))
160 return false;
161 }
162
163 return true;
164 }
165
Run()166 bool Unpacker::Run() {
167 DVLOG(1) << "Installing extension " << extension_path_.value();
168
169 // <profile>/Extensions/CRX_INSTALL
170 temp_install_dir_ =
171 extension_path_.DirName().AppendASCII(kTempExtensionName);
172
173 if (!base::CreateDirectory(temp_install_dir_)) {
174 SetUTF16Error(
175 l10n_util::GetStringFUTF16(
176 IDS_EXTENSION_PACKAGE_DIRECTORY_ERROR,
177 base::i18n::GetDisplayStringInLTRDirectionality(
178 temp_install_dir_.LossyDisplayName())));
179 return false;
180 }
181
182 if (!zip::Unzip(extension_path_, temp_install_dir_)) {
183 SetUTF16Error(l10n_util::GetStringUTF16(IDS_EXTENSION_PACKAGE_UNZIP_ERROR));
184 return false;
185 }
186
187 // Parse the manifest.
188 parsed_manifest_.reset(ReadManifest());
189 if (!parsed_manifest_.get())
190 return false; // Error was already reported.
191
192 std::string error;
193 scoped_refptr<Extension> extension(Extension::Create(
194 temp_install_dir_,
195 location_,
196 *parsed_manifest_,
197 creation_flags_,
198 extension_id_,
199 &error));
200 if (!extension.get()) {
201 SetError(error);
202 return false;
203 }
204
205 std::vector<InstallWarning> warnings;
206 if (!extension_file_util::ValidateExtension(extension.get(),
207 &error, &warnings)) {
208 SetError(error);
209 return false;
210 }
211 extension->AddInstallWarnings(warnings);
212
213 // Decode any images that the browser needs to display.
214 std::set<base::FilePath> image_paths =
215 extension_file_util::GetBrowserImagePaths(extension.get());
216 for (std::set<base::FilePath>::iterator it = image_paths.begin();
217 it != image_paths.end();
218 ++it) {
219 if (!AddDecodedImage(*it))
220 return false; // Error was already reported.
221 }
222
223 // Parse all message catalogs (if any).
224 parsed_catalogs_.reset(new base::DictionaryValue);
225 if (!LocaleInfo::GetDefaultLocale(extension.get()).empty()) {
226 if (!ReadAllMessageCatalogs(LocaleInfo::GetDefaultLocale(extension.get())))
227 return false; // Error was already reported.
228 }
229
230 return true;
231 }
232
DumpImagesToFile()233 bool Unpacker::DumpImagesToFile() {
234 IPC::Message pickle; // We use a Message so we can use WriteParam.
235 IPC::WriteParam(&pickle, internal_data_->decoded_images);
236
237 base::FilePath path = extension_path_.DirName().AppendASCII(
238 kDecodedImagesFilename);
239 if (!WritePickle(pickle, path)) {
240 SetError("Could not write image data to disk.");
241 return false;
242 }
243
244 return true;
245 }
246
DumpMessageCatalogsToFile()247 bool Unpacker::DumpMessageCatalogsToFile() {
248 IPC::Message pickle;
249 IPC::WriteParam(&pickle, *parsed_catalogs_.get());
250
251 base::FilePath path = extension_path_.DirName().AppendASCII(
252 kDecodedMessageCatalogsFilename);
253 if (!WritePickle(pickle, path)) {
254 SetError("Could not write message catalogs to disk.");
255 return false;
256 }
257
258 return true;
259 }
260
AddDecodedImage(const base::FilePath & path)261 bool Unpacker::AddDecodedImage(const base::FilePath& path) {
262 // Make sure it's not referencing a file outside the extension's subdir.
263 if (path.IsAbsolute() || PathContainsParentDirectory(path)) {
264 SetUTF16Error(
265 l10n_util::GetStringFUTF16(
266 IDS_EXTENSION_PACKAGE_IMAGE_PATH_ERROR,
267 base::i18n::GetDisplayStringInLTRDirectionality(
268 path.LossyDisplayName())));
269 return false;
270 }
271
272 SkBitmap image_bitmap = DecodeImage(temp_install_dir_.Append(path));
273 if (image_bitmap.isNull()) {
274 SetUTF16Error(
275 l10n_util::GetStringFUTF16(
276 IDS_EXTENSION_PACKAGE_IMAGE_ERROR,
277 base::i18n::GetDisplayStringInLTRDirectionality(
278 path.BaseName().LossyDisplayName())));
279 return false;
280 }
281
282 internal_data_->decoded_images.push_back(MakeTuple(image_bitmap, path));
283 return true;
284 }
285
ReadMessageCatalog(const base::FilePath & message_path)286 bool Unpacker::ReadMessageCatalog(const base::FilePath& message_path) {
287 std::string error;
288 JSONFileValueSerializer serializer(message_path);
289 scoped_ptr<base::DictionaryValue> root(static_cast<base::DictionaryValue*>(
290 serializer.Deserialize(NULL, &error)));
291 if (!root.get()) {
292 string16 messages_file = message_path.LossyDisplayName();
293 if (error.empty()) {
294 // If file is missing, Deserialize will fail with empty error.
295 SetError(base::StringPrintf("%s %s", errors::kLocalesMessagesFileMissing,
296 UTF16ToUTF8(messages_file).c_str()));
297 } else {
298 SetError(base::StringPrintf("%s: %s",
299 UTF16ToUTF8(messages_file).c_str(),
300 error.c_str()));
301 }
302 return false;
303 }
304
305 base::FilePath relative_path;
306 // message_path was created from temp_install_dir. This should never fail.
307 if (!temp_install_dir_.AppendRelativePath(message_path, &relative_path)) {
308 NOTREACHED();
309 return false;
310 }
311
312 std::string dir_name = relative_path.DirName().MaybeAsASCII();
313 if (dir_name.empty()) {
314 NOTREACHED();
315 return false;
316 }
317 parsed_catalogs_->Set(dir_name, root.release());
318
319 return true;
320 }
321
SetError(const std::string & error)322 void Unpacker::SetError(const std::string &error) {
323 SetUTF16Error(UTF8ToUTF16(error));
324 }
325
SetUTF16Error(const string16 & error)326 void Unpacker::SetUTF16Error(const string16 &error) {
327 error_message_ = error;
328 }
329
330 } // namespace extensions
331