ContentVerifier: Fix forced verification of JS/HTML resources.

ContentVerifier::ShouldVerifyAnyPaths forces verification of JavaScript and html files by checking the extension of the resource (.js or .html/.htm) as they are considered sensitive resources. However, it didn't used to take case variants of extension into account, this CL fixes that by turning comparison of extension of files case-insensitive on all platforms. Added unit test for the behavior change. Bug: 1051396 Test: See bug description Change-Id: I0fed253ad5241db5b89c8abf6d0ab445dd403b0f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2071486 Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org> Reviewed-by: Oleg Davydov <burunduk@chromium.org> Cr-Commit-Position: refs/heads/master@{#744744}

ContentVerifier: Fix forced verification of JS/HTML resources.
ContentVerifier::ShouldVerifyAnyPaths forces verification of JavaScript and html files by checking the extension of the resource (.js or .html/.htm) as they are considered sensitive resources. However, it didn't used to take case variants of extension into account, this CL fixes that by turning comparison of extension of files case-insensitive on all platforms. Added unit test for the behavior change. Bug: 1051396 Test: See bug description Change-Id: I0fed253ad5241db5b89c8abf6d0ab445dd403b0f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2071486 Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org> Reviewed-by: Oleg Davydov <burunduk@chromium.org> Cr-Commit-Position: refs/heads/master@{#744744}
c2800fbb · Istiaque Ahmed · Commit Bot · 92887480 · c2800fbb · c2800fbb
Commit c2800fbb authored Feb 26, 2020 by Istiaque Ahmed Committed by Commit Bot Feb 26, 2020
3 changed files
--- a/extensions/browser/content_verifier.cc
+++ b/extensions/browser/content_verifier.cc
@@ -70,13 +70,13 @@ base::FilePath NormalizeRelativePath(const base::FilePath& path) {
 }
 bool HasScriptFileExt(const base::FilePath& requested_path) {
-  return requested_path.Extension() == FILE_PATH_LITERAL(".js");
+  return requested_path.MatchesExtension(FILE_PATH_LITERAL(".js"));
 }
 bool HasPageFileExt(const base::FilePath& requested_path) {
  base::FilePath::StringType file_extension = requested_path.Extension();
-  return file_extension == FILE_PATH_LITERAL(".html") ||
+  return requested_path.MatchesExtension(FILE_PATH_LITERAL(".html")) ||
-         file_extension == FILE_PATH_LITERAL(".htm");
+         requested_path.MatchesExtension(FILE_PATH_LITERAL(".htm"));
 }
 std::unique_ptr<ContentVerifierIOData::ExtensionData> CreateIOData(
@@ -771,4 +771,12 @@ base::FilePath ContentVerifier::NormalizeRelativePathForTesting(
  return NormalizeRelativePath(path);
 }
+bool ContentVerifier::ShouldVerifyAnyPathsForTesting(
+    const std::string& extension_id,
+    const base::FilePath& extension_root,
+    const std::set<base::FilePath>& relative_unix_paths) {
+  return ShouldVerifyAnyPaths(extension_id, extension_root,
+                              relative_unix_paths);
+}
 }  // namespace extensions
--- a/extensions/browser/content_verifier.h
+++ b/extensions/browser/content_verifier.h
@@ -134,8 +134,12 @@ class ContentVerifier : public base::RefCountedThreadSafe<ContentVerifier>,
  static base::FilePath NormalizeRelativePathForTesting(
      const base::FilePath& path);
+  bool ShouldVerifyAnyPathsForTesting(
+      const std::string& extension_id,
+      const base::FilePath& extension_root,
+      const std::set<base::FilePath>& relative_unix_paths);
 private:
-  friend class ContentVerifierTest;
  friend class base::RefCountedThreadSafe<ContentVerifier>;
  friend class HashHelper;
  ~ContentVerifier() override;

--- a/extensions/browser/content_verifier_unittest.cc
+++ b/extensions/browser/content_verifier_unittest.cc
@@ -70,15 +70,15 @@ void TestContentVerifierDelegate::SetBrowserImagePaths(
 }  // namespace
-class ContentVerifierTest
+class ContentVerifierTest : public ExtensionsTest {
-    : public ExtensionsTest,
-      public testing::WithParamInterface<BackgroundManifestType> {
 public:
-  ContentVerifierTest() {}
+  ContentVerifierTest() = default;
+  ContentVerifierTest(const ContentVerifierTest&) = delete;
+  ContentVerifierTest& operator=(const ContentVerifierTest&) = delete;
  void SetUp() override {
    ExtensionsTest::SetUp();
-    background_manifest_type_ = GetParam();
    // Manually register handlers since the |ContentScriptsHandler| is not
    // usually registered in extensions_unittests.
@@ -116,16 +116,18 @@ class ContentVerifierTest
  }
  bool ShouldVerifySinglePath(const base::FilePath& path) {
-    std::set<base::FilePath> paths_to_verify;
+    return content_verifier_->ShouldVerifyAnyPathsForTesting(
-    paths_to_verify.insert(path);
+        extension_->id(), extension_->path(), {path});
-    return content_verifier_->ShouldVerifyAnyPaths(
-        extension_->id(), extension_->path(), paths_to_verify);
  }
  BackgroundManifestType GetBackgroundManifestType() {
    return background_manifest_type_;
  }
+ protected:
+  BackgroundManifestType background_manifest_type_ =
+      BackgroundManifestType::kNone;
 private:
  // Create a test extension with a content script and possibly a background
  // page or background script.
@@ -167,17 +169,28 @@ class ContentVerifierTest
    return extension;
  }
-  BackgroundManifestType background_manifest_type_;
  scoped_refptr<ContentVerifier> content_verifier_;
  scoped_refptr<Extension> extension_;
  TestContentVerifierDelegate* content_verifier_delegate_raw_;
+};
+class ContentVerifierTestWithBackgroundType
+    : public ContentVerifierTest,
+      public testing::WithParamInterface<BackgroundManifestType> {
+ public:
+  ContentVerifierTestWithBackgroundType() {
+    background_manifest_type_ = GetParam();
+  }
-  DISALLOW_COPY_AND_ASSIGN(ContentVerifierTest);
+  ContentVerifierTestWithBackgroundType(
+      const ContentVerifierTestWithBackgroundType&) = delete;
+  ContentVerifierTestWithBackgroundType& operator=(
+      const ContentVerifierTestWithBackgroundType&) = delete;
 };
 // Verifies that |ContentVerifier::ShouldVerifyAnyPaths| returns true for
 // some file paths even if those paths are specified as browser images.
-TEST_P(ContentVerifierTest, BrowserImagesShouldBeVerified) {
+TEST_P(ContentVerifierTestWithBackgroundType, BrowserImagesShouldBeVerified) {
  std::set<base::FilePath> files_to_be_verified = {
      kContentScriptPath, kScriptFilePath, kHTMLFilePath, kHTMFilePath};
  std::set<base::FilePath> files_not_to_be_verified{kIconPath,
@@ -213,12 +226,12 @@ TEST_P(ContentVerifierTest, BrowserImagesShouldBeVerified) {
 INSTANTIATE_TEST_SUITE_P(
    All,
-    ContentVerifierTest,
+    ContentVerifierTestWithBackgroundType,
    testing::Values(BackgroundManifestType::kNone,
                    BackgroundManifestType::kBackgroundScript,
                    BackgroundManifestType::kBackgroundPage));
-TEST(ContentVerifierTest, NormalizeRelativePath) {
+TEST_F(ContentVerifierTest, NormalizeRelativePath) {
 // This macro helps avoid wrapped lines in the test structs.
 #define FPL(x) FILE_PATH_LITERAL(x)
  struct TestData {
@@ -238,4 +251,25 @@ TEST(ContentVerifierTest, NormalizeRelativePath) {
  }
 }
+// Tests that JavaScript and html/htm files are always verified, even if their
+// extension case isn't lower cased or even if they are specified as browser
+// image paths.
+TEST_F(ContentVerifierTest, JSAndHTMLAlwaysVerified) {
+  std::vector<std::string> paths = {
+      "a.js",  "b.html", "c.htm",  "a.JS",  "b.HTML",
+      "c.HTM", "a.Js",   "b.Html", "c.Htm",
+  };
+  for (const auto& path_str : paths) {
+    const base::FilePath path = base::FilePath().AppendASCII(path_str);
+    UpdateBrowserImagePaths({});
+    // |path| would be treated as unclassified resource, so it gets verified.
+    EXPECT_TRUE(ShouldVerifySinglePath(path)) << "for path " << path;
+    // Even if |path| was specified as browser image, as |path| is JS/html
+    // (sensitive) resource, it would still get verified.
+    UpdateBrowserImagePaths({path});
+    EXPECT_TRUE(ShouldVerifySinglePath(path)) << "for path " << path;
+  }
+}
 }  // namespace extensions