Merge pull request #208 from Aaditesh2307/ThirdPartyCrx_FIX

Third party crx fix

src/chrome/android/java/src/org/chromium/chrome/browser/extensions/Extensions.java

@@ -9,6 +9,9 @@
 import org.json.JSONObject;
 import java.util.List;
 import java.util.ArrayList;
+import android.content.Context;
+import android.widget.Toast;
+import org.chromium.base.ContextUtils;
 
 import org.jni_zero.CalledByNative;
 import org.jni_zero.NativeMethods;
@@ -21,7 +24,15 @@ public static ArrayList<ExtensionInfo> getExtensionsInfo() {
             JSONArray array = new JSONArray(jsonString);
             for (int i = 0; i < array.length(); i++) {
                 JSONObject obj = array.getJSONObject(i);
-
+
+                // Validate the url
+                // String popupUrl = obj.getString("popup_url");
+                // Log.w("Extensions", "popupUrl: " + popupUrl);
+                // if (!isUrlfromOfficialStore(popupUrl)) {
+                //     Log.w("Extensions", "Invalid popup url: " + popupUrl);
+                //     continue;
+                // }
+
                 // Decode base64 icon
                 String iconBase64 = obj.getString("icon_base64");
                 Bitmap icon = null;
@@ -30,27 +41,41 @@ public static ArrayList<ExtensionInfo> getExtensionsInfo() {
                     icon = BitmapFactory.decodeByteArray(iconBytes, 0, iconBytes.length);
                 }
                 result.add(new ExtensionInfo(
-                    obj.getString("id"),
-                    obj.getString("name"),
-                    obj.getString("description"),
-                    obj.getString("popup_url"),
-                    obj.getString("widget_url"),
-                    icon
-                ));
+                        obj.getString("id"),
+                        obj.getString("name"),
+                        obj.getString("description"),
+                        obj.getString("popup_url"),
+                        obj.getString("widget_url"),
+                        icon));
             }
         } catch (JSONException e) {
             Log.e("ExtensionInfo", "Error parsing JSON", e);
         }
         return result;
     }
 
+    public static boolean isUrlfromOfficialStore(String url) {
+        return url.contains("github.com/wootzapp/ext-store");
+    }
+
+    public static void installExtension(String url) {
+        Log.w("Extensions", "url: " + url);
+        if (!isUrlfromOfficialStore(url)) {
+            Context context = ContextUtils.getApplicationContext();
+            Toast.makeText(context, "Install from official store", Toast.LENGTH_SHORT).show();
+            return;
+        }
+        ExtensionsJni.get().installExtension(url);
+    }
+
     public static void uninstallExtension(String extensionId) {
         ExtensionsJni.get().uninstallExtension(extensionId);
     }
 
     @NativeMethods
     interface Natives {
         String getExtensionsInfo();
+        void installExtension(String url);
         void uninstallExtension(String extensionId);
     }
-}
+}

src/chrome/browser/download/download_crx_util_android.cc

@@ -5,88 +5,59 @@
 // Download code which handles CRX files (extensions, themes, apps, ...).
 
 #include "chrome/browser/download/download_crx_util.h"
-#include "extensions/common/extension.h"
+
+#include "base/strings/string_util.h"
 #include "components/download/public/common/download_item.h"
-#include "net/http/http_response_headers.h"
-#include "content/public/browser/web_contents.h"
 #include "content/public/browser/download_item_utils.h"
-#include "base/strings/string_util.h"
+#include "content/public/browser/web_contents.h"
+#include "extensions/common/extension.h"
+#include "net/http/http_response_headers.h"
 
 namespace download_crx_util {
 
 bool IsExtensionDownload(const download::DownloadItem& download_item) {
-    // std::string content_disposition = download_item.GetContentDisposition();
-    // if (content_disposition.find("filename=") != std::string::npos &&
-    //     content_disposition.find(".crx") != std::string::npos) {
-    //     return true;
-    // }
-
-    // if (download_item.GetMimeType() == extensions::Extension::kMimeType) {
-    //     return true; 
-    // }
-
-    // std::string url = download_item.GetURL().spec();
-    // if (url.ends_with(".crx")) {
-    //     return true;
-    // }
-
-    // return false;
-
-
-    std::string content_disposition = download_item.GetContentDisposition();
-    LOG(INFO) << "IsExtensionDownload checking:";
-    LOG(INFO) << "  Content disposition: " << content_disposition;
-
-    std::string url = download_item.GetURL().spec();
-    LOG(INFO) << "  Download URL: " << url;
-
-    // Check the page URL where download was initiated
-    content::WebContents* web_contents = 
-        content::DownloadItemUtils::GetWebContents(&download_item);
-    if (web_contents) {
-        GURL page_url = web_contents->GetLastCommittedURL();
-        LOG(INFO) << "  Page URL: " << page_url.spec();
-
-        // Check if from trusted repo
-        const char* TRUSTED_REPO = "github.com/wootzapp/ext-store";
-        if (page_url.spec().find(TRUSTED_REPO) != std::string::npos) {
-            LOG(INFO) << "  Found trusted repo";
-
-            // Check for CRX file pattern in page URL
-            if ((page_url.spec().find("/blob/main/") != std::string::npos || 
-                 page_url.spec().find("/blob/master/") != std::string::npos) &&
-                base::EndsWith(page_url.spec(), ".crx", 
-                             base::CompareCase::INSENSITIVE_ASCII)) {
-                LOG(INFO) << "  Detected trusted CRX download";
-                return true;
-            }
-        }
-    }
-
-    // Fallback to regular extension checks
-    if (content_disposition.find("filename=") != std::string::npos &&
-        content_disposition.find(".crx") != std::string::npos) {
-        return true;
-    }
-
-    if (download_item.GetMimeType() == extensions::Extension::kMimeType) {
-        return true;
-    }
+  std::string content_disposition = download_item.GetContentDisposition();
+  LOG(INFO) << "IsExtensionDownload checking:";
+  LOG(INFO) << "  Content disposition: " << content_disposition;
+
+  std::string url = download_item.GetURL().spec();
+  LOG(INFO) << "  Download URL: " << url;
+
+  // Only allow downloads from the trusted extension store
+  content::WebContents* web_contents =
+      content::DownloadItemUtils::GetWebContents(&download_item);
+  if (!web_contents) {
+    LOG(INFO) << "No web contents found, rejecting CRX";
+    return false;
+  }
 
-    base::FilePath target_path = download_item.GetTargetFilePath();
-    if (target_path.MatchesExtension(FILE_PATH_LITERAL(".crx"))) {
-        LOG(INFO) << "Detected CRX via target path extension";
-        return true;
-    }
+  GURL page_url = web_contents->GetLastCommittedURL();
+  LOG(INFO) << "  Page URL: " << page_url.spec();
 
-    LOG(INFO) << "Not a CRX file";
+  // Only allow from our trusted repo
+  const char* TRUSTED_REPO = "github.com/wootzapp/ext-store";
+  if (page_url.spec().find(TRUSTED_REPO) == std::string::npos) {
+    LOG(INFO) << "Not from trusted repo, rejecting CRX";
     return false;
-}
-
-bool IsTrustedExtensionDownload(Profile* profile,
-                                const download::DownloadItem& item) {
-  // Webstore exts are not supported
+  }
+
+  // Verify it's a CRX file from the correct path structure
+  if ((page_url.spec().find("/blob/main/") != std::string::npos ||
+       page_url.spec().find("/blob/master/") != std::string::npos) &&
+      base::EndsWith(page_url.spec(), ".crx",
+                     base::CompareCase::INSENSITIVE_ASCII)) {
+    LOG(INFO) << "Detected trusted CRX download";
+    return true;
+  }
+
+  LOG(INFO) << "Not a valid CRX file path";
   return false;
 }
 
+// bool IsTrustedExtensionDownload(Profile* profile,
+//                                 const download::DownloadItem& item) {
+//   // Webstore exts are not supported
+//   return false;
+// }
+
 }  // namespace download_crx_util