PDF checks for blocking should use proper tab origin

Fix brave/brave-browser#1033
brave · Nov 27, 2018 · 6ecd3e4 · 6ecd3e4
1 parent 34ccefc
commit 6ecd3e4
Show file tree

Hide file tree

Showing 7 changed files with 152 additions and 2 deletions.
diff --git a/browser/net/url_context.cc b/browser/net/url_context.cc
@@ -7,6 +7,7 @@
 
 #include <string>
 
+#include "brave/common/url_util.h"
 #include "brave/components/brave_shields/browser/brave_shields_util.h"
 #include "brave/components/brave_shields/common/brave_shield_constants.h"
 #include "content/public/browser/resource_request_info.h"
@@ -23,7 +24,7 @@ void BraveRequestInfo::FillCTXFromRequest(const net::URLRequest* request,
     std::shared_ptr<brave::BraveRequestInfo> ctx) {
   ctx->request_identifier = request->identifier();
   ctx->request_url = request->url();
-  ctx->tab_origin = request->site_for_cookies().GetOrigin();
+  ctx->tab_origin = brave::GetURLOrPDFURL(request->site_for_cookies()).GetOrigin();
   auto* request_info = content::ResourceRequestInfo::ForRequest(request);
   if (request_info) {
     ctx->resource_type = request_info->GetResourceType();

diff --git a/browser/net/url_context_unittest.cc b/browser/net/url_context_unittest.cc
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/browser/net/url_context.h"
+#include "chrome/test/base/chrome_render_view_host_test_harness.h"
+#include "content/public/test/test_browser_thread_bundle.h"
+#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
+#include "net/url_request/url_request_test_util.h"
+#include "url/gurl.h"
+
+namespace {
+
+class URLContextTest: public testing::Test {
+ public:
+  URLContextTest() :
+      thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP),
+      context_(new net::TestURLRequestContext(true)) {
+  }
+
+  ~URLContextTest() override {}
+
+  void SetUp() override {
+    context_->Init();
+  }
+
+  net::TestURLRequestContext* context() { return context_.get(); }
+
+ protected:
+
+ private:
+  content::TestBrowserThreadBundle thread_bundle_;
+  std::unique_ptr<net::TestURLRequestContext> context_;
+};
+
+TEST_F(URLContextTest, TabHostResolvesProperlyForTabContext) {
+  GURL url("https://www.brave.com/prime_numbers/127");
+  net::TestDelegate test_delegate;
+  std::unique_ptr<net::URLRequest> request =
+      context()->CreateRequest(url, net::IDLE, &test_delegate,
+                             TRAFFIC_ANNOTATION_FOR_TESTS);
+  request->set_site_for_cookies(GURL("https://be.brave.com/test.html"));
+
+  std::shared_ptr<brave::BraveRequestInfo>
+      brave_request_info(new brave::BraveRequestInfo());
+  brave::BraveRequestInfo::FillCTXFromRequest(request.get(), brave_request_info);
+  ASSERT_EQ(brave_request_info->tab_origin, "https://be.brave.com/");
+}
+
+TEST_F(URLContextTest, PDFJSTabHostResolvesProperlyForTabContext) {
+  GURL url("https://www.brave.com/prime_numbers/131");
+  net::TestDelegate test_delegate;
+  std::unique_ptr<net::URLRequest> request =
+      context()->CreateRequest(url, net::IDLE, &test_delegate,
+                             TRAFFIC_ANNOTATION_FOR_TESTS);
+  request->set_site_for_cookies(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://example.com/test.pdf"));
+
+  std::shared_ptr<brave::BraveRequestInfo>
+      brave_request_info(new brave::BraveRequestInfo());
+  brave::BraveRequestInfo::FillCTXFromRequest(request.get(), brave_request_info);
+  ASSERT_EQ(brave_request_info->tab_origin, "https://example.com/");
+}
+
+}  // namespace
+
diff --git a/common/BUILD.gn b/common/BUILD.gn
@@ -49,6 +49,8 @@ source_set("common") {
       "shield_exceptions.h",
       "url_constants.cc",
       "url_constants.h",
+      "url_util.cc",
+      "url_util.h",
     ]
 
     public_deps = [

diff --git a/common/url_util.cc b/common/url_util.cc
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/common/extensions/extension_constants.h"
+#include "brave/common/url_util.h"
+#include "url/gurl.h"
+
+namespace brave {
+
+GURL GetURLOrPDFURL(const GURL& url) {
+  if (url.SchemeIs("chrome-extension") &&
+      url.host() == pdfjs_extension_id) {
+    static size_t pdfjs_substring_len = (std::string("chrome-extension://") +
+        pdfjs_extension_id + "/").length();
+    size_t http_pos = url.spec().find(std::string("chrome-extension://") +
+        pdfjs_extension_id + "/http://");
+    size_t https_pos = url.spec().find(std::string("chrome-extension://") +
+        pdfjs_extension_id + "/https://");
+    if (http_pos != std::string::npos || https_pos != std::string::npos) {
+      return GURL(url.spec().substr(pdfjs_substring_len,
+          url.spec().length() - pdfjs_substring_len));
+    }
+  }
+  return url;
+}
+
+}  // namespace brave
diff --git a/common/url_util.h b/common/url_util.h
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_COMMON_URL_UTIL_H_
+#define BRAVE_COMMON_URL_UTIL_H_
+
+class GURL;
+
+namespace brave {
+
+// Returns the location of the PDF if this URL is a PDFJS extension URL.
+// Otherwise simply just returns the same URL as passed in.
+GURL GetURLOrPDFURL(const GURL& url);
+
+}  // namespace brave
+
+#endif  // BRAVE_COMMON_URL_UTIL_H_
diff --git a/common/url_util_unittest.cc b/common/url_util_unittest.cc
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/common/url_util.h"
+#include "chrome/test/base/chrome_render_view_host_test_harness.h"
+#include "url/gurl.h"
+
+typedef testing::Test BraveUrlUtilTest;
+
+namespace brave {
+
+TEST_F(BraveUrlUtilTest, GetURLOrPDFURL) {
+  std::vector<GURL> unchanged_urls({
+    // PDFJS URL but not to a PDF
+    GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/test.html"),
+    // PDFJS ID but not chrome-extension scheme
+    GURL("chrome://oemmndcbldboiebfnladdacbdfmadadm/https://test.html"),
+    // Not PDFJS ID but format of a PDFJS PDF URL
+    GURL("chrome-extension://aaamndcbldboiebfnladdacbdfmadaaa/https://example.com/test.html"),
+    // Random other URL
+    GURL("https://example.com")
+  });
+  std::for_each(unchanged_urls.begin(), unchanged_urls.end(),
+      [this](GURL url){
+    EXPECT_EQ(brave::GetURLOrPDFURL(url), url);
+  });
+  EXPECT_EQ(brave::GetURLOrPDFURL(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/http://example.com?test")),
+      GURL("http://example.com?test"));
+  EXPECT_EQ(brave::GetURLOrPDFURL(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://example.com?test")),
+      GURL("https://example.com?test"));
+}
+
+}  // namespace
diff --git a/test/BUILD.gn b/test/BUILD.gn
@@ -33,6 +33,7 @@ test("brave_unit_tests") {
     "//brave/browser/brave_resources_util_unittest.cc",
     "//brave/browser/brave_stats_updater_unittest.cc",
     "//brave/browser/download/brave_download_item_model_unittest.cc",
+    "//brave/browser/net/url_context_unittest.cc",
     "//brave/browser/tor/mock_tor_profile_service_impl.cc",
     "//brave/browser/tor/mock_tor_profile_service_impl.h",
     "//brave/browser/tor/mock_tor_profile_service_factory.cc",
@@ -50,7 +51,7 @@ test("brave_unit_tests") {
     "//brave/browser/resources/settings/reset_report_uploader_unittest.cc",
     "//brave/chromium_src/chrome/browser/external_protocol/external_protocol_handler_unittest.cc",
     "//brave/chromium_src/chrome/browser/signin/account_consistency_disabled_unittest.cc",
-    "//brave\chromium_src/chrome/browser/ui/bookmarks/brave_bookmark_context_menu_controller_unittest.cc",
+    "//brave/chromium_src/chrome/browser/ui/bookmarks/brave_bookmark_context_menu_controller_unittest.cc",
     "//brave/chromium_src/components/search_engines/brave_template_url_prepopulate_data_unittest.cc",
     "//brave/chromium_src/components/search_engines/brave_template_url_service_util_unittest.cc",
     "//brave/chromium_src/components/version_info/brave_version_info_unittest.cc",
@@ -59,6 +60,7 @@ test("brave_unit_tests") {
     "//brave/common/shield_exceptions_unittest.cc",
     "//brave/common/tor/tor_test_constants.cc",
     "//brave/common/tor/tor_test_constants.h",
+    "//brave/common/url_util_unittest.cc",
     "//brave/components/assist_ranker/ranker_model_loader_impl_unittest.cc",
     "//brave/components/brave_shields/browser/ad_block_regional_service_unittest.cc",
     "//brave/components/brave_sync/bookmark_order_util_unittest.cc",