// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef EXTENSIONS_BROWSER_SCRIPT_INJECTION_TRACKER_H_ #define EXTENSIONS_BROWSER_SCRIPT_INJECTION_TRACKER_H_ #include <optional> #include "base/debug/crash_logging.h" #include "base/types/pass_key.h" #include "extensions/common/extension_id.h" #include "extensions/common/mojom/context_type.mojom-forward.h" #include "extensions/common/mojom/host_id.mojom-forward.h" #include "url/gurl.h" namespace content { class BrowserContext; class NavigationHandle; class RenderFrameHost; class RenderProcessHost; } // namespace content namespace extensions { class ActiveTabPermissionGranter; class Extension; class ExtensionWebContentsObserver; class UserScriptLoader; class PermissionsUpdater; class RequestContentScript; class ScriptExecutor; // Class for // 1) observing when an extension script (content script or user script) gets // injected into a process, // 2) checking if an extension script (content script or user script) was ever // injected into a given process. // // WARNING: False positives might happen. This class is primarily meant to help // make security decisions. This focus means that it is known and // working-as-intended that false positives might happen - in some scenarios the // tracker might report that a content script was injected, when it actually // wasn't (e.g. because the tracker might not have access to all the // renderer-side information used to decide whether to run a content script). // // WARNING: This class ignores cases that don't currently need IPC verification: // - CSS content scripts (only JavaScript content scripts are tracked) // - WebUI content scripts (only content scripts injected by extensions are // tracked) // // This class may only be used on the UI thread. class ScriptInjectionTracker { … }; namespace debug { // Helper for adding a set of `ScriptInjectionTracker`-related crash keys. // // For example, the `extension_registry_status` crash key will log if the // affected extension has been enebled, and the // `do_static_content_scripts_match` crash key will log if the tracker thinks // that the affected frame matches the content script URL patterns from the // extension manifest. Search for the `Get...CrashKey` functions in the `.cc` // file for a comprehensive, up-to-date list of the generated crash keys and // of their names. class ScopedScriptInjectionTrackerFailureCrashKeys { … }; } // namespace debug } // namespace extensions #endif // EXTENSIONS_BROWSER_SCRIPT_INJECTION_TRACKER_H_
Codebase Browser
chromium