WebRequest: Signal end of request if start signaled

Sensitive requests are not usually signaled to extension event handlers
via events like onBeforeRequest.
This is checked by WebRequestPermissions::HideRequest(request).
However, a request might become sensitive after redirect. In that case
it could have been signaled via, e.g., onBeforeRequest, but not any more
via onErrorOcurred or onCompleted.
This causes problems (see BUG for more discussion).

This patch changes the processing of onErrorOccurred and onCompleted so
that even sensitive requests are signaled if they were signaled before.
This is a safe change, because onErrorOccurred and onCompleted handlers
cannot modify the request.

BUG=139982
TEST=Use the extension attached to BUG to log starts and ends of requests. Go to http://goo.gl/fKDKJ which redirects to a sensitive https://chrome.google.com/webstore, and observe that request's start and end being signaled. In general, every request's start and end should be signaled.


Review URL: https://chromiumcodereview.appspot.com/10837164

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150552 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/api/web_request/web_request_api.cc

@@ -812,7 +812,11 @@ void ExtensionWebRequestEventRouter::OnCompleted(
     ExtensionInfoMap* extension_info_map,
     net::URLRequest* request) {
   // We hide events from the system context as well as sensitive requests.
-  if (!profile || WebRequestPermissions::HideRequest(request))
+  // However, if the request first became sensitive after redirecting we have
+  // already signaled it and thus we have to signal the end of it. This is
+  // risk-free because the handler cannot modify the request now.
+  if (!profile ||
+      (WebRequestPermissions::HideRequest(request) && !WasSignaled(*request)))
     return;
 
   request_time_tracker_->LogRequestEndTime(request->identifier(),
@@ -861,7 +865,11 @@ void ExtensionWebRequestEventRouter::OnErrorOccurred(
     net::URLRequest* request,
     bool started) {
   // We hide events from the system context as well as sensitive requests.
-  if (!profile || WebRequestPermissions::HideRequest(request))
+  // However, if the request first became sensitive after redirecting we have
+  // already signaled it and thus we have to signal the end of it. This is
+  // risk-free because the handler cannot modify the request now.
+  if (!profile ||
+      (WebRequestPermissions::HideRequest(request) && !WasSignaled(*request)))
     return;
 
   request_time_tracker_->LogRequestEndTime(request->identifier(),
@@ -1096,6 +1104,13 @@ void* ExtensionWebRequestEventRouter::GetCrossProfile(void* profile) const {
   return cross_profile->second;
 }
 
+bool ExtensionWebRequestEventRouter::WasSignaled(
+    const net::URLRequest& request) const {
+  SignaledRequestMap::const_iterator flag =
+      signaled_requests_.find(request.identifier());
+  return (flag != signaled_requests_.end()) && (flag->second != 0);
+}
+
 void ExtensionWebRequestEventRouter::GetMatchingListenersImpl(
     void* profile,
     ExtensionInfoMap* extension_info_map,

chrome/browser/extensions/api/web_request/web_request_api.h

@@ -371,6 +371,9 @@ class ExtensionWebRequestEventRouter
   // OTR and vice versa).
   void* GetCrossProfile(void* profile) const;
 
+  // Returns true if |request| was already signaled to some event handlers.
+  bool WasSignaled(const net::URLRequest& request) const;
+
   // A map for each profile that maps an event name to a set of extensions that
   // are listening to that event.
   ListenerMap listeners_;