Revert "Revert "Allow all extensions, warn for unvetted, 1 component …

…updater only now"" This reverts commit 61f822d.
brave · Sep 5, 2018 · d07cb3e · d07cb3e
1 parent 5ba5ce7
commit d07cb3e
Show file tree

Hide file tree

Showing 27 changed files with 369 additions and 81 deletions.
diff --git a/app/brave_generated_resources.grd b/app/brave_generated_resources.grd
@@ -138,6 +138,10 @@ By installing this extension, you are agreeing to the Google Widevine Terms of U
       <message name="IDS_BLOCKED_AUTOPLAY_NO_ACTION" desc="Radio button choice to continue blocking a site from autoplay media, displayed in bubble when a page tries to autoplay media.">
         Continue blocking autoplay
       </message>
+      <!-- Extensions -->
+      <message name="IDS_UNVETTED_EXTENSION_INSTALL_PROMPT_TITLE" desc="Titlebar of the extension or app installation prompt which was not vetted by Brave. Asks the user if they want to install a particular extension or app.">
+        NOT A RECOMMENDED BRAVE EXTENSION! Add "<ph name="EXTENSION_NAME">$1<ex>Gmail Checker</ex></ph>"?
+      </message>
       <!-- Appearance -->
       <message name="IDS_SETTINGS_APPEARANCE_SETTINGS_BRAVE_THEMES" desc="The label for brave theme change setting options">
         Brave colors

diff --git a/app/brave_main_delegate.cc b/app/brave_main_delegate.cc
@@ -21,6 +21,7 @@
 #include "chrome/common/chrome_paths_internal.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/password_manager/core/common/password_manager_features.h"
+#include "extensions/common/extension_features.h"
 #include "ui/base/ui_base_features.h"
 
 #if !defined(CHROME_MULTIPLE_DLL_BROWSER)
@@ -119,7 +120,8 @@ bool BraveMainDelegate::BasicStartupComplete(int* exit_code) {
   std::stringstream enabled_features;
   enabled_features << features::kEnableEmojiContextMenu.name
     << "," << features::kDesktopPWAWindowing.name
-    << "," << password_manager::features::kFillOnAccountSelect.name;
+    << "," << password_manager::features::kFillOnAccountSelect.name
+    << "," << extensions::features::kNewExtensionUpdaterService.name;
   command_line.AppendSwitchASCII(switches::kEnableFeatures,
       enabled_features.str());
   return ChromeMainDelegate::BasicStartupComplete(exit_code);

diff --git a/browser/brave_browser_process_impl.cc b/browser/brave_browser_process_impl.cc
@@ -43,11 +43,9 @@ BraveBrowserProcessImpl::BraveBrowserProcessImpl()
 }
 
 component_updater::ComponentUpdateService*
-BraveBrowserProcessImpl::component_updater(
-    std::unique_ptr<component_updater::ComponentUpdateService> &component_updater,
-    bool use_brave_server) {
-  if (component_updater)
-    return component_updater.get();
+BraveBrowserProcessImpl::component_updater() {
+  if (component_updater_)
+    return component_updater_.get();
 
   if (!BrowserThread::CurrentlyOn(BrowserThread::UI))
     return nullptr;
@@ -64,23 +62,13 @@ BraveBrowserProcessImpl::component_updater(
   if (!scheduler)
     scheduler = std::make_unique<component_updater::TimerUpdateScheduler>();
 
-  component_updater = component_updater::ComponentUpdateServiceFactory(
+  component_updater_ = component_updater::ComponentUpdateServiceFactory(
       component_updater::MakeBraveComponentUpdaterConfigurator(
           base::CommandLine::ForCurrentProcess(),
-          g_browser_process->local_state(), use_brave_server),
+          g_browser_process->local_state()),
       std::move(scheduler));
 
-  return component_updater.get();
-}
-
-component_updater::ComponentUpdateService*
-BraveBrowserProcessImpl::component_updater() {
-  return component_updater(component_updater_, true);
-}
-
-component_updater::ComponentUpdateService*
-BraveBrowserProcessImpl::google_component_updater() {
-  return component_updater(google_component_updater_, false);
+  return component_updater_.get();
 }
 
 brave_shields::AdBlockService*

diff --git a/browser/brave_browser_process_impl.h b/browser/brave_browser_process_impl.h
@@ -31,7 +31,6 @@ class BraveBrowserProcessImpl : public BrowserProcessImpl {
 
   // BrowserProcess implementation.
   component_updater::ComponentUpdateService* component_updater() override;
-  component_updater::ComponentUpdateService* google_component_updater();
 
   brave_shields::AdBlockService* ad_block_service();
   brave_shields::AdBlockRegionalService* ad_block_regional_service();
@@ -49,15 +48,6 @@ class BraveBrowserProcessImpl : public BrowserProcessImpl {
       https_everywhere_service_;
   std::unique_ptr<brave::BraveStatsUpdater> brave_stats_updater_;
   std::unique_ptr<extensions::BraveTorClientUpdater> tor_client_updater_;
-
-  component_updater::ComponentUpdateService* component_updater(
-      std::unique_ptr<component_updater::ComponentUpdateService>&,
-      bool use_brave_server);
-  std::unique_ptr<component_updater::ComponentUpdateService>
-      google_component_updater_;
-  std::unique_ptr<component_updater::ComponentUpdateService>
-      brave_component_updater_;
-
   std::unique_ptr<ProfileCreationMonitor> profile_creation_monitor_;
 
   DISALLOW_COPY_AND_ASSIGN(BraveBrowserProcessImpl);

diff --git a/browser/component_updater/brave_component_updater_configurator.cc b/browser/component_updater/brave_component_updater_configurator.cc
@@ -12,7 +12,6 @@
 
 #include "base/strings/sys_string_conversions.h"
 #include "base/version.h"
-#include "brave/common/network_constants.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/net/system_network_context_manager.h"
@@ -39,8 +38,7 @@ namespace {
 class BraveConfigurator : public update_client::Configurator {
  public:
   BraveConfigurator(const base::CommandLine* cmdline,
-                    PrefService* pref_service,
-                    bool use_brave_server);
+                    PrefService* pref_service);
 
   // update_client::Configurator overrides.
   int InitialDelay() const override;
@@ -75,7 +73,6 @@ class BraveConfigurator : public update_client::Configurator {
 
   ConfiguratorImpl configurator_impl_;
   PrefService* pref_service_;  // This member is not owned by this class.
-  bool use_brave_server_;
 
   ~BraveConfigurator() override {}
 };
@@ -85,22 +82,14 @@ class BraveConfigurator : public update_client::Configurator {
 // a custom message signing protocol and it does not depend on using HTTPS.
 BraveConfigurator::BraveConfigurator(
     const base::CommandLine* cmdline,
-    PrefService* pref_service,
-    bool use_brave_server)
+    PrefService* pref_service)
     : configurator_impl_(ComponentUpdaterCommandLineConfigPolicy(cmdline), false),
-      pref_service_(pref_service),
-      use_brave_server_(use_brave_server) {
+      pref_service_(pref_service) {
   DCHECK(pref_service_);
 }
 
 int BraveConfigurator::InitialDelay() const {
-  if (use_brave_server_) {
-    return configurator_impl_.InitialDelay();
-  }
-  // This just makes it so as soon as the Google component update
-  // is used it checks for Widevine, which is currently the only
-  // place we use it.
-  return 10;
+  return configurator_impl_.InitialDelay();
 }
 
 int BraveConfigurator::NextCheckDelay() const {
@@ -116,10 +105,6 @@ int BraveConfigurator::UpdateDelay() const {
 }
 
 std::vector<GURL> BraveConfigurator::UpdateUrl() const {
-  if (use_brave_server_) {
-    return std::vector<GURL>
-        {GURL(kBraveUpdatesExtensionsEndpoint)};
-  }
   return configurator_impl_.UpdateUrl();
 }
 
@@ -190,10 +175,7 @@ bool BraveConfigurator::EnabledBackgroundDownloader() const {
 }
 
 bool BraveConfigurator::EnabledCupSigning() const {
-  if (use_brave_server_) {
-    return false;
-  }
-  return configurator_impl_.EnabledCupSigning();
+  return false;
 }
 
 PrefService* BraveConfigurator::GetPrefService() const {
@@ -228,9 +210,8 @@ void RegisterPrefsForBraveComponentUpdaterConfigurator(
 scoped_refptr<update_client::Configurator>
 MakeBraveComponentUpdaterConfigurator(
     const base::CommandLine* cmdline,
-    PrefService* pref_service,
-    bool use_brave_server) {
-  return base::MakeRefCounted<BraveConfigurator>(cmdline, pref_service, use_brave_server);
+    PrefService* pref_service) {
+  return base::MakeRefCounted<BraveConfigurator>(cmdline, pref_service);
 }
 
 }  // namespace component_updater
diff --git a/browser/component_updater/brave_component_updater_configurator.h b/browser/component_updater/brave_component_updater_configurator.h
@@ -31,8 +31,7 @@ void RegisterPrefsForBraveComponentUpdaterConfigurator(
 scoped_refptr<update_client::Configurator>
 MakeBraveComponentUpdaterConfigurator(
     const base::CommandLine* cmdline,
-    PrefService* pref_service,
-    bool use_brave_server);
+    PrefService* pref_service);
 
 }  // namespace component_updater
 

diff --git a/browser/extensions/BUILD.gn b/browser/extensions/BUILD.gn
@@ -12,6 +12,8 @@ source_set("extensions") {
     "brave_component_extension_resource_manager.h",
     "brave_component_loader.cc",
     "brave_component_loader.h",
+    "brave_extension_install_prompt.cc",
+    "brave_extension_install_prompt.h",
     "brave_extension_management.cc",
     "brave_extension_management.h",
     "brave_extension_provider.cc",

diff --git a/browser/extensions/brave_extension_install_prompt.cc b/browser/extensions/brave_extension_install_prompt.cc
@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/browser/extensions/brave_extension_install_prompt.h"
+
+#include "base/strings/utf_string_conversions.h"
+#include "brave/browser/extensions/brave_extension_provider.h"
+#include "brave/grit/brave_generated_resources.h"
+#include "extensions/common/extension_id.h"
+#include "ui/base/l10n/l10n_util.h"
+
+BravePrompt::BravePrompt(ExtensionInstallPrompt::PromptType type) :
+    ExtensionInstallPrompt::Prompt(type) {
+}
+
+BravePrompt::~BravePrompt() {
+}
+
+base::string16 BravePrompt::GetDialogTitle() const {
+  if (!extensions::BraveExtensionProvider::IsVetted(extension())) {
+    if (type_ == ExtensionInstallPrompt::INSTALL_PROMPT ||
+        type_ == ExtensionInstallPrompt::INLINE_INSTALL_PROMPT) {
+      return l10n_util::GetStringFUTF16(IDS_UNVETTED_EXTENSION_INSTALL_PROMPT_TITLE,
+          base::UTF8ToUTF16(extension_->name()));
+    }
+  }
+  return ExtensionInstallPrompt::Prompt::GetDialogTitle();
+}
diff --git a/browser/extensions/brave_extension_install_prompt.h b/browser/extensions/brave_extension_install_prompt.h
@@ -0,0 +1,20 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_BROWSER_EXTENSIONS_BRAVE_EXTENSION_INSTALL_PROMPT_H_
+#define BRAVE_BROWSER_EXTENSIONS_BRAVE_EXTENSION_INSTALL_PROMPT_H_
+
+#include "chrome/browser/extensions/extension_install_prompt.h"
+
+class BravePrompt : public ExtensionInstallPrompt::Prompt {
+ public:
+  explicit BravePrompt(ExtensionInstallPrompt::PromptType type);
+  ~BravePrompt() override;
+
+  base::string16 GetDialogTitle() const override;
+
+  DISALLOW_COPY_AND_ASSIGN(BravePrompt);
+};
+
+#endif  // BRAVE_BROWSER_EXTENSIONS_BRAVE_EXTENSION_INSTALL_PROMPT_H_
diff --git a/browser/extensions/brave_extension_provider.cc b/browser/extensions/brave_extension_provider.cc
@@ -15,12 +15,21 @@
 
 namespace {
 
-bool IsWhitelisted(const extensions::Extension* extension) {
-  // Allow PWAs to run
-  if (extension->GetType() == extensions::Manifest::TYPE_HOSTED_APP) {
-    return true;
-  }
-  static std::vector<std::string> whitelist({
+bool IsBlacklisted(const extensions::Extension* extension) {
+  // This is a hardcoded list of extensions to block.
+  // Typically instead you can just use the brave/go-updater to list
+  // a blacklisted extension that you want to block for existing clients.
+  // mlklomjnahgiddgfdgjhibinlfibfffc is used for tests, it corresponds to
+  // brave/test/data/should-be-blocked-extension
+  return extension->id() == "mlklomjnahgiddgfdgjhibinlfibfffc";
+}
+
+}  // namespace
+
+namespace extensions {
+
+bool BraveExtensionProvider::IsVetted(const Extension* extension) {
+  static std::vector<std::string> vetted_extensions({
     brave_extension_id,
     brave_webtorrent_extension_id,
     pdfjs_extension_id,
@@ -83,14 +92,10 @@ bool IsWhitelisted(const extensions::Extension* extension) {
     // Test ID: Brave Tor Client Updater
     "ngicbhhaldfdgmjhilmnleppfpmkgbbk"
   });
-  return std::find(whitelist.begin(), whitelist.end(),
-      extension->id()) != whitelist.end();
+  return std::find(vetted_extensions.begin(), vetted_extensions.end(),
+      extension->id()) != vetted_extensions.end();
 }
 
-}  // namespace
-
-namespace extensions {
-
 BraveExtensionProvider::BraveExtensionProvider() {
 }
 
@@ -108,7 +113,7 @@ std::string BraveExtensionProvider::GetDebugPolicyProviderName() const {
 
 bool BraveExtensionProvider::UserMayLoad(const Extension* extension,
                                          base::string16* error) const {
-  if (!IsWhitelisted(extension)) {
+  if (IsBlacklisted(extension)) {
     if (error) {
       *error =
         l10n_util::GetStringFUTF16(IDS_EXTENSION_CANT_INSTALL_ON_BRAVE,

diff --git a/browser/extensions/brave_extension_provider.h b/browser/extensions/brave_extension_provider.h
@@ -18,6 +18,7 @@ class BraveExtensionProvider : public ManagementPolicy::Provider {
                    base::string16* error) const override;
   bool MustRemainInstalled(const Extension* extension,
                            base::string16* error) const override;
+  static bool IsVetted(const extensions::Extension* extension);
  private:
   DISALLOW_COPY_AND_ASSIGN(BraveExtensionProvider);
 };

diff --git a/browser/net/BUILD.gn b/browser/net/BUILD.gn
@@ -3,6 +3,8 @@ import("//build/config/features.gni")
 source_set("net") {
   configs += [ "//brave/build/geolocation" ]
   sources = [
+    "brave_common_static_redirect_network_delegate_helper.cc",
+    "brave_common_static_redirect_network_delegate_helper.h",
     "brave_network_delegate_base.cc",
     "brave_network_delegate_base.h",
     "brave_httpse_network_delegate_helper.cc",

diff --git a/browser/net/brave_common_static_redirect_network_delegate_helper.cc b/browser/net/brave_common_static_redirect_network_delegate_helper.cc
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/browser/net/brave_common_static_redirect_network_delegate_helper.h"
+
+#include "brave/common/network_constants.h"
+#include "components/component_updater/component_updater_url_constants.h"
+#include "extensions/common/extension_urls.h"
+#include "extensions/common/url_pattern.h"
+#include "net/url_request/url_request.h"
+
+
+namespace brave {
+
+// Update server checks happen from the profile context for admin policy installed extensions.
+// Update server checks happen from the system context for normal update operations.
+bool IsUpdaterURL(const GURL& gurl) {
+  static std::vector<URLPattern> updater_patterns({
+      URLPattern(URLPattern::SCHEME_HTTPS, std::string(component_updater::kUpdaterDefaultUrl) + "*"),
+      URLPattern(URLPattern::SCHEME_HTTP, std::string(component_updater::kUpdaterFallbackUrl) + "*"),
+      URLPattern(URLPattern::SCHEME_HTTPS, std::string(extension_urls::kChromeWebstoreUpdateURL) + "*")
+  });
+  bool braveRedirect = gurl.query().find("braveRedirect=true") != std::string::npos;
+  return std::any_of(updater_patterns.begin(), updater_patterns.end(),
+      [&gurl, braveRedirect](URLPattern pattern) {
+        return !braveRedirect && pattern.MatchesURL(gurl);
+      });
+}
+
+int OnBeforeURLRequest_CommonStaticRedirectWork(
+    net::URLRequest* request,
+    GURL* new_url,
+    const ResponseCallback& next_callback,
+    std::shared_ptr<BraveRequestInfo> ctx) {
+  GURL::Replacements replacements;
+  if (IsUpdaterURL(request->url())) {
+    replacements.SetQueryStr(request->url().query_piece());
+    *new_url = GURL(kBraveUpdatesExtensionsEndpoint).ReplaceComponents(replacements);
+    return net::OK;
+  }
+  return net::OK;
+}
+
+}  // namespace brave
diff --git a/browser/net/brave_common_static_redirect_network_delegate_helper.h b/browser/net/brave_common_static_redirect_network_delegate_helper.h
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_BROWSER_NET_BRAVE_COMMON_STATIC_REDIRECT_NETWORK_DELEGATE_H_
+#define BRAVE_BROWSER_NET_BRAVE_COMMON_STATIC_REDIRECT_NETWORK_DELEGATE_H_
+
+#include "chrome/browser/net/chrome_network_delegate.h"
+#include "brave/browser/net/url_context.h"
+
+struct BraveRequestInfo;
+
+namespace net {
+class URLRequest;
+}
+
+namespace brave {
+
+int OnBeforeURLRequest_CommonStaticRedirectWork(
+    net::URLRequest* request,
+    GURL* new_url,
+    const ResponseCallback& next_callback,
+    std::shared_ptr<BraveRequestInfo> ctx);
+
+}  // namespace brave
+
+#endif  // BRAVE_BROWSER_NET_BRAVE_COMMON_STATIC_REDIRECT_NETWORK_DELEGATE_H_