// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/browser/script_injection_tracker.h" #include "base/check_is_test.h" #include "base/containers/contains.h" #include "base/memory/ptr_util.h" #include "base/memory/raw_ref.h" #include "base/ranges/algorithm.h" #include "base/strings/string_number_conversions.h" #include "base/trace_event/typed_macros.h" #include "components/sessions/content/session_tab_helper.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/global_routing_id.h" #include "content/public/browser/navigation_handle.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_process_host.h" #include "content/public/browser/web_contents.h" #include "extensions/browser/browser_frame_context_data.h" #include "extensions/browser/extension_registry.h" #include "extensions/browser/extension_system.h" #include "extensions/browser/url_loader_factory_manager.h" #include "extensions/browser/user_script_manager.h" #include "extensions/common/constants.h" #include "extensions/common/content_script_injection_url_getter.h" #include "extensions/common/extension.h" #include "extensions/common/manifest_handlers/content_scripts_handler.h" #include "extensions/common/permissions/permissions_data.h" #include "extensions/common/trace_util.h" #include "extensions/common/user_script.h" #include "services/metrics/public/cpp/metrics_utils.h" #include "services/metrics/public/cpp/ukm_builders.h" #if BUILDFLAG(ENABLE_GUEST_VIEW) #include "components/guest_view/browser/guest_view_base.h" #include "extensions/browser/guest_view/web_view/web_view_content_script_manager.h" #endif ChromeTrackEvent; namespace extensions { namespace { // Helper for lazily attaching ExtensionIdSet to a RenderProcessHost. Used to // track the set of extensions which have injected a JS script into a // RenderProcessHost. // // We track script injection per-RenderProcessHost: // 1. This matches the real security boundary that Site Isolation uses (the // boundary of OS processes) and follows the precedent of // content::ChildProcessSecurityPolicy. // 2. This robustly handles initial empty documents (see the *InitialEmptyDoc* // tests in //script_injection_tracker_browsertest.cc) and isn't impacted // by ReadyToCommit races associated with DocumentUserData. // For more information see: // https://docs.google.com/document/d/1MFprp2ss2r9RNamJ7Jxva1bvRZvec3rzGceDGoJ6vW0/edit# class RenderProcessHostUserData : public base::SupportsUserData::Data { … }; const char* RenderProcessHostUserData::kUserDataKey = …; std::vector<const UserScript*> GetVectorFromScriptList( const UserScriptList& scripts) { … } // Returns all the loaded dynamic scripts with `source` of `extension_id` on // `frame`. std::vector<const UserScript*> GetLoadedDynamicScripts( const ExtensionId& extension_id, UserScript::Source source, content::RenderProcessHost& process) { … } // This function approximates ScriptContext::GetEffectiveDocumentURLForInjection // from the renderer side. GURL GetEffectiveDocumentURL( content::RenderFrameHost* frame, const GURL& document_url, MatchOriginAsFallbackBehavior match_origin_as_fallback) { … } // Returns whether the extension's scripts can run on `frame`. bool CanExtensionScriptsAffectFrame(content::RenderFrameHost& frame, const Extension& extension) { … } // Returns whether `extension` will inject any of `scripts` JavaScript content // into the `frame` / `url`. Note that this function ignores CSS content // scripts. This function approximates a subset of checks from // UserScriptSet::GetInjectionForScript (which runs in the renderer process). // Unlike the renderer version, the code below doesn't consider ability to // create an injection host, nor the results of // ScriptInjector::CanExecuteOnFrame, nor the path of `url_patterns`. // Additionally the `effective_url` calculations are also only an approximation. // This is okay, because the top-level doc comment for ScriptInjectionTracker // documents that false positives are expected and why they are okay. bool DoesScriptMatch(const Extension& extension, const UserScript& script, content::RenderFrameHost& frame, const GURL& url) { … } void HandleProgrammaticScriptInjection( base::PassKey<ScriptInjectionTracker> pass_key, ScriptInjectionTracker::ScriptType script_type, content::RenderFrameHost* frame, const Extension& extension) { … } // Returns whether ``extension` will inject any of `scripts` JavaScript content // into the `frame` / `url`. bool DoScriptsMatch(const Extension& extension, const std::vector<const UserScript*>& scripts, content::RenderFrameHost& frame, const GURL& url) { … } // Returns whether an `extension` can inject JavaScript web view scripts into // the `frame` / `url`. bool DoWebViewScripstMatch(const Extension& extension, content::RenderFrameHost& frame) { … } // Returns whether an `extension` can inject JavaScript static content scripts // into the `frame` / `url`. The `url` might be either the last committed URL // of `frame` or the target of a ReadyToCommit navigation in `frame`. bool DoStaticContentScriptsMatch(const Extension& extension, content::RenderFrameHost& frame, const GURL& url) { … } // Returns whether an `extension` can inject JavaScript dynamic content scripts // into the `frame` / `url`. The `url` might be either the last committed // URL of `frame` or the target of a ReadyToCommit navigation in `frame`. bool DoDynamicContentScriptsMatch(const Extension& extension, content::RenderFrameHost& frame, const GURL& url) { … } // Returns whether an `extension` can inject JavaScript dynamic user scripts // into the `frame` / `url`. The `url` might be either the last committed URL // of `frame` or the target of a ReadyToCommit navigation in `frame`. bool DoUserScriptsMatch(const Extension& extension, content::RenderFrameHost& frame, const GURL& url) { … } // Returns all the extensions injecting content scripts into the `frame` / // `url`. std::vector<const Extension*> GetExtensionsInjectingContentScripts( const ExtensionSet& extensions, content::RenderFrameHost& frame, const GURL& url) { … } // Adds all scripts from `extension` that matches the `process` renderers to the // process data. void AddMatchingScriptsToProcess(const Extension& extension, content::RenderProcessHost& process) { … } // Returns all the extensions injecting user scripts into the `frame` / `url`. std::vector<const Extension*> GetExtensionsInjectingUserScripts( const ExtensionSet& extensions, content::RenderFrameHost& frame, const GURL& url) { … } void RecordUkm(content::NavigationHandle* navigation, int extensions_injecting_content_script_count) { … } const Extension* FindExtensionByHostId(content::BrowserContext* browser_context, const mojom::HostID& host_id) { … } // Stores extensions injecting scripts with `script_type` in `process` data. void StoreExtensionsInjectingScripts( const std::vector<const Extension*>& extensions, ScriptInjectionTracker::ScriptType script_type, content::RenderProcessHost& process) { … } bool DidProcessRunScriptFromExtension( ScriptInjectionTracker::ScriptType script_type, const content::RenderProcessHost& process, const ExtensionId& extension_id) { … } } // namespace // static ExtensionIdSet ScriptInjectionTracker::GetExtensionsThatRanContentScriptsInProcess( const content::RenderProcessHost& process) { … } // static bool ScriptInjectionTracker::DidProcessRunContentScriptFromExtension( const content::RenderProcessHost& process, const ExtensionId& extension_id) { … } // static bool ScriptInjectionTracker::DidProcessRunUserScriptFromExtension( const content::RenderProcessHost& process, const ExtensionId& extension_id) { … } // static void ScriptInjectionTracker::ReadyToCommitNavigation( base::PassKey<ExtensionWebContentsObserver> pass_key, content::NavigationHandle* navigation) { … } // static void ScriptInjectionTracker::DidFinishNavigation( base::PassKey<ExtensionWebContentsObserver> pass_key, content::NavigationHandle* navigation) { … } // static void ScriptInjectionTracker::WillExecuteCode( base::PassKey<ScriptExecutor> pass_key, ScriptType script_type, content::RenderFrameHost* frame, const mojom::HostID& host_id) { … } // static void ScriptInjectionTracker::WillExecuteCode( base::PassKey<RequestContentScript> pass_key, content::RenderFrameHost* frame, const Extension& extension) { … } // static void ScriptInjectionTracker::WillGrantActiveTab( base::PassKey<ActiveTabPermissionGranter> pass_key, const Extension& extension, content::RenderProcessHost& process) { … } // static void ScriptInjectionTracker::DidUpdateScriptsInRenderer( base::PassKey<UserScriptLoader> pass_key, const mojom::HostID& host_id, content::RenderProcessHost& process) { … } // static void ScriptInjectionTracker::DidUpdatePermissionsInRenderer( base::PassKey<PermissionsUpdater> pass_key, const Extension& extension, content::RenderProcessHost& process) { … } // static bool ScriptInjectionTracker::DoStaticContentScriptsMatchForTesting( const Extension& extension, content::RenderFrameHost* frame, const GURL& url) { … } namespace debug { namespace { base::debug::CrashKeyString* GetRegistryStatusCrashKey() { … } std::string GetRegistryStatusValue(const ExtensionId& extension_id, content::BrowserContext& browser_context) { … } base::debug::CrashKeyString* GetIsIncognitoCrashKey() { … } base::debug::CrashKeyString* GetLastCommittedOriginCrashKey() { … } base::debug::CrashKeyString* GetLastCommittedUrlCrashKey() { … } base::debug::CrashKeyString* GetLifecycleStateCrashKey() { … } #if BUILDFLAG(ENABLE_GUEST_VIEW) base::debug::CrashKeyString* GetIsGuestCrashKey() { … } #endif base::debug::CrashKeyString* GetDoWebViewScriptsMatchCrashKey() { … } base::debug::CrashKeyString* GetDoStaticContentScriptsMatchCrashKey() { … } base::debug::CrashKeyString* GetDoDynamicContentScriptsMatchCrashKey() { … } base::debug::CrashKeyString* GetDoUserScriptsMatchCrashKey() { … } const char* BoolToCrashKeyValue(bool value) { … } } // namespace ScopedScriptInjectionTrackerFailureCrashKeys:: ScopedScriptInjectionTrackerFailureCrashKeys( content::BrowserContext& browser_context, const ExtensionId& extension_id) : … { … } ScopedScriptInjectionTrackerFailureCrashKeys:: ScopedScriptInjectionTrackerFailureCrashKeys( content::RenderFrameHost& frame, const ExtensionId& extension_id) : … { … } ScopedScriptInjectionTrackerFailureCrashKeys:: ~ScopedScriptInjectionTrackerFailureCrashKeys() = default; } // namespace debug } // namespace extensions
Codebase Browser
chromium