Use sha hashes of extension ids to whitelist.

Currently if an app needs to whitelist with feedback, it needs to put its original ID into the event_handler JS. We want apps to be able to keep their ids private and still be able to whitelist themselves. Hence we now check the sha-256 hash of the app id instead of the app id itself. R=arv@chromium.org BUG=453587 Review URL: https://codereview.chromium.org/942123004 Cr-Commit-Position: refs/heads/master@{#317679}

Use sha hashes of extension ids to whitelist.
Currently if an app needs to whitelist with feedback, it needs to put its original ID into the event_handler JS. We want apps to be able to keep their ids private and still be able to whitelist themselves. Hence we now check the sha-256 hash of the app id instead of the app id itself. R=arv@chromium.org BUG=453587 Review URL: https://codereview.chromium.org/942123004 Cr-Commit-Position: refs/heads/master@{#317679}
cca7ccbc · rkc · Commit bot · fca4379c · cca7ccbc · cca7ccbc
Commit cca7ccbc authored Feb 23, 2015 by rkc Committed by Commit bot Feb 23, 2015
Showing with 59 additions and 38 deletions

chrome/browser/resources/feedback/OWNERS chrome/browser/resources/feedback/OWNERS +1 -0

chrome/browser/resources/feedback/js/event_handler.js chrome/browser/resources/feedback/js/event_handler.js +58 -38

No files found.
--- a/chrome/browser/resources/feedback/OWNERS
+++ b/chrome/browser/resources/feedback/OWNERS
+rkc@chromium.org
--- a/chrome/browser/resources/feedback/js/event_handler.js
+++ b/chrome/browser/resources/feedback/js/event_handler.js
@@ -15,49 +15,69 @@ var FEEDBACK_HEIGHT = 585;
 var initialFeedbackInfo = null;
+// To generate a hashed extension ID, use a sha-256 hash, all in lower case.
+// Example:
+//   echo -n 'abcdefghijklmnopqrstuvwxyzabcdef' | sha1sum | \
+//       awk '{print toupper($1)}'
 var whitelistedExtensionIds = [
-  'bpmcpldpdmajfigpchkicefoigmkfalc', // QuickOffice
+  '12E618C3C6E97495AAECF2AC12DEB082353241C6', // QuickOffice
-  'ehibbfinohgbchlgdbfpikodjaojhccn', // QuickOffice
+  '3727DD3E564B6055387425027AD74C58784ACC15', // QuickOffice
-  'gbkeegbaiigmenfmjfclcdgdpimamgkj', // QuickOffice
+  '2FC374607C2DF285634B67C64A2E356C607091C3', // QuickOffice
-  'efjnaogkjbogokcnohkmnjdojkikgobo', // G+ Photos
+  '2843C1E82A9B6C6FB49308FDDF4E157B6B44BC2B', // G+ Photos
-  'ebpbnabdhheoknfklmpddcdijjkmklkp', // G+ Photos
+  '5B5DA6D054D10DB917AF7D9EAE3C56044D1B0B03', // G+ Photos
-  'endkpmfloggdajndjpoekmkjnkolfdbf', // Feedback Extension
+  '986913085E3E3C3AFDE9B7A943149C4D3F4C937B', // Feedback Extension
-  'mlocfejafidcakdddnndjdngfmncfbeg', // Connectivity Diagnostics
+  '7AE714FFD394E073F0294CFA134C9F91DB5FBAA4', // Connectivity Diagnostics
-  'ganomidahfnpdchomfgdoppjmmedlhia', // Connectivity Diagnostics
+  'C7DA3A55C2355F994D3FDDAD120B426A0DF63843', // Connectivity Diagnostics
-  'eemlkeanncmjljgehlbplemhmdmalhdc', // Connectivity Diagnostics
+  '75E3CFFFC530582C583E4690EF97C70B9C8423B7', // Connectivity Diagnostics
-  'kodldpbjkkmmnilagfdheibampofhaom', // Connectivity Diagnostics
+  '32A1BA997F8AB8DE29ED1BA94AAF00CF2A3FEFA7', // Connectivity Diagnostics
-  'kkebgepbbgbcmghedmmdfcbdcodlkngh', // Chrome OS Recovery Tool
+  'A291B26E088FA6BA53FFD72F0916F06EBA7C585A', // Chrome OS Recovery Tool
-  'jndclpdbaamdhonoechobihbbiimdgai', // Chrome OS Recovery Tool
+  'D7986543275120831B39EF28D1327552FC343960', // Chrome OS Recovery Tool
-  'ljoammodoonkhnehlncldjelhidljdpi', // GetHelp app.
+  '8EBDF73405D0B84CEABB8C7513C9B9FA9F1DC2CE', // GetHelp app.
-  'ljacajndfccfgnfohlgkdphmbnpkjflk', // Chrome Remote Desktop Dev
+  '97B23E01B2AA064E8332EE43A7A85C628AADC3F2', // Chrome Remote Desktop Dev
-  'gbchcmhmhahfdphkhkmpfmihenigjmpp', // Chrome Remote Desktop Stable
+  '9E527CDA9D7C50844E8A5DB964A54A640AE48F98', // Chrome Remote Desktop Stable
-  'odkaodonbgfohohmklejpjiejmcipmib', // Chrome Remote Desktop QA
+  'DF52618D0B040D8A054D8348D2E84DDEEE5974E7', // Chrome Remote Desktop QA
-  'dokpleeekgeeiehdhmdkeimnkmoifgdd', // Chrome Remote Desktop QA backup
+  '269D721F163E587BC53C6F83553BF9CE2BB143CD', // Chrome Remote Desktop QA backup
-  'ajoainacpilcemgiakehflpbkbfipojk', // Chrome Remote Desktop Apps V2
+  'C449A798C495E6CF7D6AF10162113D564E67AD12', // Chrome Remote Desktop Apps V2
-  'llohocloplkbhgcfnplnoficdkiechcn', // Play Movies Dev
+  '981974CD1832B87BE6B21BE78F7249BB501E0DE6', // Play Movies Dev
-  'icljpnebmoleodmchaaajbkpoipfoahp', // Play Movies Nightly
+  '32FD7A816E47392C92D447707A89EB07EEDE6FF7', // Play Movies Nightly
-  'mjekoljodoiapgkggnlmbecndfpbbcch', // Play Movies Beta
+  '3F3CEC4B9B2B5DC2F820CE917AABDF97DB2F5B49', // Play Movies Beta
-  'gdijeikdkaembjbdobgfkoidjkpbmlkd', // Play Movies Stable
+  'F92FAC70AB68E1778BF62D9194C25979596AA0E6', // Play Movies Stable
-  'andfmajejfpjojledngpdaibbhkffipo', // Hangouts Extension
+  '0F585FB1D0FDFBEBCE1FEB5E9DFFB6DA476B8C9B', // Hangouts Extension
-  'jfjjdfefebklmdbmenmlehlopoocnoeh', // Hangouts Extension
+  '2D22CDB6583FD0A13758AEBE8B15E45208B4E9A7', // Hangouts Extension
-  'dhcmpocobclokhifdkgcjbnfdaneoojd', // Hangouts Extension
+  '49DA0B9CCEEA299186C6E7226FD66922D57543DC', // Hangouts Extension
-  'ppleadejekpmccmnpjdimmlfljlkdfej', // Hangouts Extension
+  'E7E2461CE072DF036CF9592740196159E2D7C089', // Hangouts Extension
-  'eggnbpckecmjlblplehfpjjdhhidfdoj', // Hangouts Extension
+  'A74A4D44C7CFCD8844830E6140C8D763E12DD8F3', // Hangouts Extension
-  'ljclpkphhpbpinifbeabbhlfddcpfdde', // Hangouts Extension
+  '312745D9BF916161191143F6490085EEA0434997', // Hangouts Extension
-  'nckgahadagoaajjgafhacjanaoiihapd', // Hangouts Extension
+  '53041A2FA309EECED01FFC751E7399186E860B2C', // Hangouts Extension
-  'knipolnnllmklapflnccelgolnpehhpl', // Hangouts Extension
+  '0F42756099D914A026DADFA182871C015735DD95', // Hangouts Extension
-  'dogkdgiahcdchbabhdmpbhlfoddjined', // GLS nightly
+  '1B7734733E207CCE5C33BFAA544CA89634BF881F', // GLS nightly
-  'khkjfddibboofomnlkndfedpoccieiee', // GLS stable
+  'E2ACA3D943A3C96310523BCDFD8C3AF68387E6B7', // GLS stable
 ];
 /**
 * Function to determine whether or not a given extension id is whitelisted to
- * invoke the feedback UI.
+ * invoke the feedback UI. If the extension is whitelisted, the callback to
+ * start the Feedback UI will be called.
 * @param {string} id the id of the sender extension.
- * @return {boolean} Whether or not this sender is whitelisted.
+ * @param {Function} startFeedbackCallback The callback function that will
+ *     will start the feedback UI.
+ * @param {Object} feedbackInfo The feedback info object to pass to the
+ *     start feedback UI callback.
 */
-function senderWhitelisted(id) {
+function senderWhitelisted(id, startFeedbackCallback, feedbackInfo) {
-  return id && whitelistedExtensionIds.indexOf(id) != -1;
+  crypto.subtle.digest('SHA-1', new TextEncoder().encode(id)).then(
+      function(hashBuffer) {
+    var hashString = '';
+    var hashView = new Uint8Array(hashBuffer);
+    for (var i = 0; i < hashView.length; ++i) {
+      var n = hashView[i];
+      hashString += n < 0x10 ? '0' : '';
+      hashString += n.toString(16);
+    }
+    if (whitelistedExtensionIds.indexOf(hashString.toUpperCase()) != -1)
+      startFeedbackCallback(feedbackInfo);
+  });
 }
 /**
@@ -82,8 +102,8 @@ function feedbackReadyHandler(request, sender, sendResponse) {
 * @param {function(Object)} sendResponse Callback for sending a response.
 */
 function requestFeedbackHandler(request, sender, sendResponse) {
-  if (request.requestFeedback && senderWhitelisted(sender.id))
+  if (request.requestFeedback)
-    startFeedbackUI(request.feedbackInfo);
+    senderWhitelisted(sender.id, startFeedbackUI, request.feedbackInfo);
 }
 /**