1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "extensions/renderer/activity_log_converter_strategy.h"
6
7 #include "base/logging.h"
8 #include "base/values.h"
9 #include "extensions/common/ad_injection_constants.h"
10 #include "v8/include/v8.h"
11
12 namespace extensions {
13
14 namespace {
15
16 typedef ActivityLogConverterStrategy::FromV8ValueCallback FromV8ValueCallback;
17
18 namespace constants = ad_injection_constants;
19 namespace keys = constants::keys;
20
21 const char kFirstChildProperty[] = "firstElementChild";
22 const char kNextElementSiblingProperty[] = "nextElementSibling";
23
24 scoped_ptr<base::DictionaryValue> ParseV8Object(
25 v8::Isolate* isolate,
26 v8::Object* object,
27 const FromV8ValueCallback& callback);
28
29 // Get a property from a V8 object without entering javascript. We use this
30 // in order to examine the objects, while ensuring that we don't cause any
31 // change in the running program.
SafeGetProperty(v8::Isolate * isolate,v8::Object * object,const char * key)32 v8::Local<v8::Value> SafeGetProperty(v8::Isolate* isolate,
33 v8::Object* object,
34 const char* key) {
35 v8::TryCatch try_catch;
36 v8::Isolate::DisallowJavascriptExecutionScope scope(
37 isolate, v8::Isolate::DisallowJavascriptExecutionScope::THROW_ON_FAILURE);
38 v8::Local<v8::String> key_string = v8::String::NewFromUtf8(isolate, key);
39 v8::Local<v8::Value> value = object->Get(key_string);
40 if (try_catch.HasCaught() || value.IsEmpty() || value->IsUndefined() ||
41 value->IsNull()) {
42 return v8::Local<v8::Value>();
43 }
44 return value;
45 }
46
47 // Append a property to the given |dict| from the given |object| if the
48 // property exists on |object| and can be accessed safely (i.e., without
49 // triggering any javascript execution).
MaybeAppendV8Property(v8::Isolate * isolate,v8::Object * object,const char * property_name,base::DictionaryValue * dict,const FromV8ValueCallback & callback)50 void MaybeAppendV8Property(v8::Isolate* isolate,
51 v8::Object* object,
52 const char* property_name,
53 base::DictionaryValue* dict,
54 const FromV8ValueCallback& callback) {
55 v8::Handle<v8::Value> value = SafeGetProperty(isolate, object, property_name);
56 if (!value.IsEmpty()) {
57 scoped_ptr<base::Value> parsed_value(callback.Run(value, isolate));
58 if (parsed_value.get())
59 dict->Set(property_name, parsed_value.release());
60 }
61 }
62
63 // Parse the children of a V8 |object| and return them as a list. This will
64 // return an empty scoped_ptr if no children are present, or if the children
65 // cannot be read safely (without triggering javascript).
MaybeParseV8Children(v8::Isolate * isolate,v8::Object * object,const FromV8ValueCallback & callback)66 scoped_ptr<base::ListValue> MaybeParseV8Children(
67 v8::Isolate* isolate,
68 v8::Object* object,
69 const FromV8ValueCallback& callback) {
70 scoped_ptr<base::ListValue> parsed_children(new base::ListValue());
71 v8::Local<v8::Value> child_value =
72 SafeGetProperty(isolate, object, kFirstChildProperty);
73 size_t checked_children = 0u;
74 while (!child_value.IsEmpty() &&
75 child_value->IsObject() &&
76 checked_children < constants::kMaximumChildrenToCheck) {
77 ++checked_children;
78 v8::Handle<v8::Object> child_object = child_value->ToObject();
79 scoped_ptr<base::Value> parsed_child(
80 callback.Run(child_object, isolate));
81 if (parsed_child.get())
82 parsed_children->Append(parsed_child.release());
83 child_value =
84 SafeGetProperty(isolate, *child_object, kNextElementSiblingProperty);
85 }
86
87 return parsed_children->GetSize() > 0 ? parsed_children.Pass()
88 : scoped_ptr<base::ListValue>();
89 }
90
91 // Parse a V8 |object| into a DictionaryValue. This will examine the object
92 // for a few important properties, including:
93 // - href
94 // - src
95 // - children
96 // These properties are necessary to analyze whether or not the object contains
97 // ads, which may have been injected.
ParseV8Object(v8::Isolate * isolate,v8::Object * object,const FromV8ValueCallback & callback)98 scoped_ptr<base::DictionaryValue> ParseV8Object(
99 v8::Isolate* isolate,
100 v8::Object* object,
101 const FromV8ValueCallback& callback) {
102 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
103
104 dict->SetString(keys::kType,
105 *v8::String::Utf8Value(object->GetConstructorName()));
106
107 MaybeAppendV8Property(isolate, object, keys::kHref, dict.get(), callback);
108 MaybeAppendV8Property(isolate, object, keys::kSrc, dict.get(), callback);
109
110 scoped_ptr<base::ListValue> maybe_children =
111 MaybeParseV8Children(isolate, object, callback);
112 if (maybe_children.get())
113 dict->Set(keys::kChildren, maybe_children.release());
114
115 return dict.Pass();
116 }
117
118 // Summarize a V8 value. This performs a shallow conversion in all cases, and
119 // returns only a string with a description of the value (e.g.,
120 // "[HTMLElement]").
SummarizeV8Value(v8::Isolate * isolate,v8::Handle<v8::Object> object)121 scoped_ptr<base::Value> SummarizeV8Value(v8::Isolate* isolate,
122 v8::Handle<v8::Object> object) {
123 v8::TryCatch try_catch;
124 v8::Isolate::DisallowJavascriptExecutionScope scope(
125 isolate, v8::Isolate::DisallowJavascriptExecutionScope::THROW_ON_FAILURE);
126 v8::Local<v8::String> name = v8::String::NewFromUtf8(isolate, "[");
127 if (object->IsFunction()) {
128 name =
129 v8::String::Concat(name, v8::String::NewFromUtf8(isolate, "Function"));
130 v8::Local<v8::Value> fname =
131 v8::Handle<v8::Function>::Cast(object)->GetName();
132 if (fname->IsString() && v8::Handle<v8::String>::Cast(fname)->Length()) {
133 name = v8::String::Concat(name, v8::String::NewFromUtf8(isolate, " "));
134 name = v8::String::Concat(name, v8::Handle<v8::String>::Cast(fname));
135 name = v8::String::Concat(name, v8::String::NewFromUtf8(isolate, "()"));
136 }
137 } else {
138 name = v8::String::Concat(name, object->GetConstructorName());
139 }
140 name = v8::String::Concat(name, v8::String::NewFromUtf8(isolate, "]"));
141
142 if (try_catch.HasCaught()) {
143 return scoped_ptr<base::Value>(
144 new base::StringValue("[JS Execution Exception]"));
145 }
146
147 return scoped_ptr<base::Value>(
148 new base::StringValue(std::string(*v8::String::Utf8Value(name))));
149 }
150
151 } // namespace
152
ActivityLogConverterStrategy()153 ActivityLogConverterStrategy::ActivityLogConverterStrategy()
154 : enable_detailed_parsing_(false) {}
155
~ActivityLogConverterStrategy()156 ActivityLogConverterStrategy::~ActivityLogConverterStrategy() {}
157
FromV8Object(v8::Handle<v8::Object> value,base::Value ** out,v8::Isolate * isolate,const FromV8ValueCallback & callback) const158 bool ActivityLogConverterStrategy::FromV8Object(
159 v8::Handle<v8::Object> value,
160 base::Value** out,
161 v8::Isolate* isolate,
162 const FromV8ValueCallback& callback) const {
163 return FromV8Internal(value, out, isolate, callback);
164 }
165
FromV8Array(v8::Handle<v8::Array> value,base::Value ** out,v8::Isolate * isolate,const FromV8ValueCallback & callback) const166 bool ActivityLogConverterStrategy::FromV8Array(
167 v8::Handle<v8::Array> value,
168 base::Value** out,
169 v8::Isolate* isolate,
170 const FromV8ValueCallback& callback) const {
171 return FromV8Internal(value, out, isolate, callback);
172 }
173
FromV8Internal(v8::Handle<v8::Object> value,base::Value ** out,v8::Isolate * isolate,const FromV8ValueCallback & callback) const174 bool ActivityLogConverterStrategy::FromV8Internal(
175 v8::Handle<v8::Object> value,
176 base::Value** out,
177 v8::Isolate* isolate,
178 const FromV8ValueCallback& callback) const {
179 scoped_ptr<base::Value> parsed_value;
180 if (enable_detailed_parsing_)
181 parsed_value = ParseV8Object(isolate, *value, callback);
182 if (!parsed_value.get())
183 parsed_value = SummarizeV8Value(isolate, value);
184 *out = parsed_value.release();
185
186 return true;
187 }
188
189 } // namespace extensions
190