Add verification that google URL has a valid TLD.

There are a number of privacy-sensitive checks that we make using this function. In order to ensure that the URLs really belong to Google, add a check that TLD has been registered by Google. BUG=665624 Review-Url: https://codereview.chromium.org/2498113003 Cr-Commit-Position: refs/heads/master@{#441421}

Add verification that google URL has a valid TLD.
There are a number of privacy-sensitive checks that we make using this function. In order to ensure that the URLs really belong to Google, add a check that TLD has been registered by Google. BUG=665624 Review-Url: https://codereview.chromium.org/2498113003 Cr-Commit-Position: refs/heads/master@{#441421}
a2719116 · mariakhomenko · Commit bot · 832f5996 · a2719116 · a2719116
Commit a2719116 authored Jan 04, 2017 by mariakhomenko Committed by Commit bot Jan 04, 2017
4 changed files
--- a/components/google/core/browser/BUILD.gn
+++ b/components/google/core/browser/BUILD.gn
@@ -8,6 +8,7 @@ static_library("browser") {
    "google_pref_names.h",
    "google_switches.cc",
    "google_switches.h",
+    "google_tld_list.h",
    "google_url_tracker.cc",
    "google_url_tracker.h",
    "google_url_tracker_client.cc",

--- a/components/google/core/browser/google_tld_list.h
+++ b/components/google/core/browser/google_tld_list.h
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_GOOGLE_CORE_BROWSER_GOOGLE_TLD_LIST_H_
+#define COMPONENTS_GOOGLE_CORE_BROWSER_GOOGLE_TLD_LIST_H_
+
+// DO NOT EDIT. This file is generated by a script. See crbug.com/674712
+// for details.
+
+#define GOOGLE_TLD_LIST "ac", "ad", "ae", "af", "ag", "al", "am", "as", "at", \
+"aw", "az", "ba", "be", "bf", "bg", "bi", "biz", "bj", "bm", "bn", "bo", "bs", \
+"bt", "by", "bz", "ca", "cat", "cc", "cd", "cf", "cg", "ch", "ci", "cl", "cm", \
+"cn", "co", "co.ao", "co.at", "co.ba", "co.bi", "co.bw", "co.ci", "co.ck", \
+"co.cr", "co.gg", "co.gl", "co.gy", "co.hu", "co.id", "co.il", "co.im", \
+"co.in", "co.it", "co.je", "co.jp", "co.ke", "co.kr", "co.ls", "co.ma", \
+"co.mu", "co.mw", "co.mz", "co.nz", "co.pn", "co.rs", "co.th", "co.tt", \
+"co.tz", "co.ua", "co.ug", "co.uk", "co.uz", "co.ve", "co.vi", "co.za", \
+"co.zm", "co.zw", "com", "com.af", "com.ag", "com.ai", "com.ar", "com.au", \
+"com.az", "com.bd", "com.bh", "com.bi", "com.bn", "com.bo", "com.br", \
+"com.bs", "com.by", "com.bz", "com.cn", "com.co", "com.cu", "com.cy", \
+"com.do", "com.dz", "com.ec", "com.eg", "com.er", "com.et", "com.fj", \
+"com.ge", "com.gh", "com.gi", "com.gl", "com.gp", "com.gr", "com.gt", \
+"com.gy", "com.hk", "com.hn", "com.hr", "com.ht", "com.iq", "com.jm", \
+"com.jo", "com.kg", "com.kh", "com.ki", "com.kw", "com.kz", "com.lb", \
+"com.lc", "com.lk", "com.lv", "com.ly", "com.mk", "com.mm", "com.mt", \
+"com.mu", "com.mw", "com.mx", "com.my", "com.na", "com.nc", "com.nf", \
+"com.ng", "com.ni", "com.np", "com.nr", "com.om", "com.pa", "com.pe", \
+"com.pg", "com.ph", "com.pk", "com.pl", "com.pr", "com.ps", "com.pt", \
+"com.py", "com.qa", "com.ru", "com.sa", "com.sb", "com.sc", "com.sg", \
+"com.sl", "com.sv", "com.tj", "com.tm", "com.tn", "com.tr", "com.tt", \
+"com.tw", "com.ua", "com.uy", "com.uz", "com.vc", "com.ve", "com.vi", \
+"com.vn", "com.ws", "cv", "cx", "cz", "de", "dj", "dk", "dm", "do", "dz", \
+"ec", "ee", "es", "eu", "fi", "fm", "fr", "ga", "gd", "ge", "gf", "gg", "gl", \
+"gm", "gp", "gr", "gw", "gy", "hk", "hn", "hr", "ht", "hu", "ie", "im", "in", \
+"in.rs", "info", "io", "iq", "is", "it", "it.ao", "je", "jo", "jobs", "jp", \
+"kg", "ki", "kids.us", "km", "kn", "kr", "kz", "la", "li", "lk", "lt", "lu", \
+"lv", "ma", "md", "me", "mg", "mh", "mk", "ml", "mn", "mobi", "mr", "ms", \
+"mu", "mv", "mw", "mx", "name", "ne", "ne.jp", "net", "net.in", "net.nz", \
+"nf", "ng", "nl", "no", "nom.es", "nr", "nu", "off.ai", "org", "org.af", \
+"org.es", "org.in", "org.nz", "org.uk", "pf", "ph", "pk", "pl", "pn", "pr", \
+"pro", "ps", "pt", "qa", "re", "ro", "rs", "ru", "rw", "sc", "se", "sg", "sh", \
+"si", "sk", "sl", "sm", "sn", "so", "sr", "st", "sz", "td", "tel", "tg", "tk", \
+"tl", "tm", "tn", "to", "tt", "tv", "tw", "ua", "ug", "us", "uz", "vc", "vg", \
+"vn", "vu", "ws", "yt"
+
+#endif  // COMPONENTS_GOOGLE_CORE_BROWSER_GOOGLE_TLD_LIST_H_
+
--- a/components/google/core/browser/google_util.cc
+++ b/components/google/core/browser/google_util.cc
@@ -17,6 +17,7 @@
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/google/core/browser/google_switches.h"
+#include "components/google/core/browser/google_tld_list.h"
 #include "components/google/core/browser/google_url_tracker.h"
 #include "components/url_formatter/url_fixer.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
@@ -46,13 +47,16 @@ bool IsPathHomePageBase(base::StringPiece path) {

 // True if the given canonical |host| is "[www.]<domain_in_lower_case>.<TLD>"
 // with a valid TLD. If |subdomain_permission| is ALLOW_SUBDOMAIN, we check
-// against host "*.<domain_in_lower_case>.<TLD>" instead.
+// against host "*.<domain_in_lower_case>.<TLD>" instead. Will return the TLD
+// string in |tld|, if specified and the |host| can be parsed.
 bool IsValidHostName(base::StringPiece host,
                     base::StringPiece domain_in_lower_case,
-                     SubdomainPermission subdomain_permission) {
+                     SubdomainPermission subdomain_permission,
+                     base::StringPiece* tld) {
  // Fast path to avoid searching the registry set.
  if (host.find(domain_in_lower_case) == base::StringPiece::npos)
    return false;
+
  size_t tld_length =
      net::registry_controlled_domains::GetCanonicalHostRegistryLength(
          host, net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
@@ -63,6 +67,10 @@ bool IsValidHostName(base::StringPiece host,
  // Removes the tld and the preceding dot.
  base::StringPiece host_minus_tld =
      host.substr(0, host.length() - tld_length - 1);
+
+  if (tld)
+    *tld = host.substr(host.length() - tld_length);
+
  if (base::LowerCaseEqualsASCII(host_minus_tld, domain_in_lower_case))
    return true;

@@ -92,7 +100,13 @@ bool IsCanonicalHostGoogleHostname(base::StringPiece canonical_host,
  if (base_url.is_valid() && (canonical_host == base_url.host_piece()))
    return true;

-  return IsValidHostName(canonical_host, "google", subdomain_permission);
+  base::StringPiece tld;
+  if (!IsValidHostName(canonical_host, "google", subdomain_permission, &tld))
+    return false;
+
+  CR_DEFINE_STATIC_LOCAL(std::set<std::string>, google_tlds,
+                         ({GOOGLE_TLD_LIST}));
+  return base::ContainsKey(google_tlds, tld.as_string());
 }

 }  // namespace
@@ -233,7 +247,8 @@ bool IsYoutubeDomainUrl(const GURL& url,
                        SubdomainPermission subdomain_permission,
                        PortPermission port_permission) {
  return IsValidURL(url, port_permission) &&
-      IsValidHostName(url.host_piece(), "youtube", subdomain_permission);
+      IsValidHostName(url.host_piece(), "youtube", subdomain_permission,
+                      nullptr);
 }

 }  // namespace google_util
--- a/components/google/core/browser/google_util_unittest.cc
+++ b/components/google/core/browser/google_util_unittest.cc
@@ -239,7 +239,7 @@ TEST(GoogleUtilTest, GoogleDomains) {
  EXPECT_TRUE(IsGoogleDomainUrl(GURL("http://www.google.ca"),
                                google_util::ALLOW_SUBDOMAIN,
                                google_util::DISALLOW_NON_STANDARD_PORTS));
-  EXPECT_TRUE(IsGoogleDomainUrl(GURL("http://www.google.biz.tj"),
+  EXPECT_TRUE(IsGoogleDomainUrl(GURL("http://www.google.off.ai"),
                                google_util::ALLOW_SUBDOMAIN,
                                google_util::DISALLOW_NON_STANDARD_PORTS));
  EXPECT_TRUE(IsGoogleDomainUrl(GURL("http://www.google.com/search?q=thing"),
@@ -249,16 +249,22 @@ TEST(GoogleUtilTest, GoogleDomains) {
                                google_util::ALLOW_SUBDOMAIN,
                                google_util::DISALLOW_NON_STANDARD_PORTS));

-  // Test some bad Google domains (invalid TLDs).
+  // Test some bad Google domains (invalid/non-Google TLDs).
  EXPECT_FALSE(IsGoogleDomainUrl(GURL("http://www.google.notrealtld"),
                                 google_util::ALLOW_SUBDOMAIN,
                                 google_util::DISALLOW_NON_STANDARD_PORTS));
+  EXPECT_FALSE(IsGoogleDomainUrl(GURL("http://www.google.sd"),
+                                 google_util::ALLOW_SUBDOMAIN,
+                                 google_util::DISALLOW_NON_STANDARD_PORTS));
  EXPECT_FALSE(IsGoogleDomainUrl(GURL("http://www.google.faketld/search?q=q"),
                                 google_util::ALLOW_SUBDOMAIN,
                                 google_util::DISALLOW_NON_STANDARD_PORTS));
  EXPECT_FALSE(IsGoogleDomainUrl(GURL("http://www.yahoo.com"),
                                 google_util::ALLOW_SUBDOMAIN,
                                 google_util::DISALLOW_NON_STANDARD_PORTS));
+  EXPECT_FALSE(IsGoogleDomainUrl(GURL("http://www.google.biz.tj"),
+                                 google_util::ALLOW_SUBDOMAIN,
+                                 google_util::DISALLOW_NON_STANDARD_PORTS));

  // Test subdomain checks.
  EXPECT_TRUE(IsGoogleDomainUrl(GURL("http://images.google.com"),