From d5e6ea6ebd0ab6361be507694f469b370fc0b4f4 Mon Sep 17 00:00:00 2001 From: "Jasper St. Pierre" Date: Mon, 12 Sep 2011 14:16:03 -0400 Subject: [PATCH] extensionSystem: Replace manifest system with a more direct approach For security reasons, we shouldn't allow the Shell to download and install any extension URL. https://bugzilla.gnome.org/show_bug.cgi?id=658612 --- js/ui/extensionSystem.js | 57 +++++++++++++--------------------------- js/ui/shellDBus.js | 8 +++--- 2 files changed, 22 insertions(+), 43 deletions(-) diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js index 5941d934a..3dd4e1d0f 100644 --- a/js/ui/extensionSystem.js +++ b/js/ui/extensionSystem.js @@ -11,6 +11,8 @@ const Soup = imports.gi.Soup; const Config = imports.misc.config; +const API_VERSION = 1; + const ExtensionState = { ENABLED: 1, DISABLED: 2, @@ -28,6 +30,10 @@ const ExtensionType = { PER_USER: 2 }; +const REPOSITORY_URL_BASE = 'https://extensions.gnome.org'; +const REPOSITORY_URL_DOWNLOAD = REPOSITORY_URL_BASE + '/download-extension/%s.shell-extension.zip'; +const REPOSITORY_URL_INFO = REPOSITORY_URL_BASE + '/extension-info/'; + const _httpSession = new Soup.SessionAsync(); // The unfortunate state of gjs, gobject-introspection and libsoup @@ -92,50 +98,23 @@ function versionCheck(required, current) { return false; } -function installExtensionFromManifestURL(uuid, url) { - _httpSession.queue_message( - Soup.Message.new('GET', url), - function(session, message) { - if (message.status_code != Soup.KnownStatusCode.OK) { - logExtensionError(uuid, 'downloading manifest: ' + message.status_code.toString()); - return; - } +function installExtensionFromUUID(uuid, version_tag) { + let meta = { uuid: uuid, + state: ExtensionState.DOWNLOADING, + error: '' }; - let manifest; - try { - manifest = JSON.parse(message.response_body.data); - } catch (e) { - logExtensionError(uuid, 'parsing: ' + e.toString()); - return; - } + extensionMeta[uuid] = meta; - if (uuid != manifest['uuid']) { - logExtensionError(uuid, 'manifest: manifest uuids do not match'); - return; - } + _signals.emit('extension-state-changed', meta); - let meta = extensionMeta[uuid] = { uuid: uuid, - state: ExtensionState.DOWNLOADING, - error: '' }; + let params = { version_tag: version_tag, + shell_version: Config.PACKAGE_VERSION, + api_version: API_VERSION.toString() }; - _signals.emit('extension-state-changed', meta); + let url = REPOSITORY_URL_DOWNLOAD.format(uuid); + let message = Soup.form_request_new_from_hash('GET', url, params); - installExtensionFromManifest(manifest, meta); - }); -} - -function installExtensionFromManifest(manifest, meta) { - let uuid = manifest['uuid']; - let name = manifest['name']; - - if (!versionCheck(manifest['shell-version'], Config.PACKAGE_VERSION)) { - meta.state = ExtensionState.OUT_OF_DATE; - logExtensionError(uuid, 'version: ' + name + ' is not compatible with current GNOME Shell version', meta.state); - return; - } - - let url = manifest['__installer']; - _httpSession.queue_message(Soup.Message.new('GET', url), + _httpSession.queue_message(message, function(session, message) { gotExtensionZipFile(session, message, uuid); }); diff --git a/js/ui/shellDBus.js b/js/ui/shellDBus.js index cf390349f..abc7466b9 100644 --- a/js/ui/shellDBus.js +++ b/js/ui/shellDBus.js @@ -46,7 +46,7 @@ const GnomeShellIface = { outSignature: '' }, { name: 'InstallRemoteExtension', - inSignature: 's', + inSignature: 'ss', outSignature: '' } ], @@ -174,8 +174,8 @@ GnomeShell.prototype = { global.settings.set_strv(ExtensionSystem.ENABLED_EXTENSIONS_KEY, enabledExtensions); }, - InstallRemoteExtension: function(uuid, url) { - ExtensionSystem.installExtensionFromManifestURL(uuid, url); + InstallRemoteExtension: function(uuid, version_tag) { + ExtensionSystem.installExtensionFromUUID(uuid, version_tag); }, get OverviewActive() { @@ -189,7 +189,7 @@ GnomeShell.prototype = { Main.overview.hide(); }, - ApiVersion: 1, + ApiVersion: ExtensionSystem.API_VERSION, ShellVersion: Config.PACKAGE_VERSION,