Disable environment variable override of API keys on official builds.

robertshield · Commit Bot · commit 156c7095f41e · 2017-06-20T21:26:51.000Z
BUG=710575 Review-Url: https://codereview.chromium.org/2939403002 Cr-Commit-Position: refs/heads/master@{#480962}
diff --git a/google_apis/google_api_keys.cc b/google_apis/google_api_keys.cc
@@ -233,7 +233,8 @@ class APIKeyCache {
   // Gets a value for a key.  In priority order, this will be the value
   // provided via a command-line switch, the value provided via an
   // environment variable, or finally a value baked into the build.
-  // |command_line_switch| may be NULL.
+  // |command_line_switch| may be NULL. Official Google Chrome builds will not
+  // use the value provided by an environment variable.
   static std::string CalculateKeyValue(const char* baked_in_value,
                                        const char* environment_variable_name,
                                        const char* command_line_switch,
@@ -252,11 +253,17 @@ class APIKeyCache {
               << " with value " << key_value << " from Info.plist.";
     }
 #endif
+
+#if !defined(GOOGLE_CHROME_BUILD)
+    // Don't allow using the environment to override API keys for official
+    // Google Chrome builds. There have been reports of mangled environments
+    // affecting users (crbug.com/710575).
     if (environment->GetVar(environment_variable_name, &temp)) {
       key_value = temp;
       VLOG(1) << "Overriding API key " << environment_variable_name
               << " with value " << key_value << " from environment variable.";
     }
+#endif
 
     if (command_line_switch && command_line->HasSwitch(command_line_switch)) {
       key_value = command_line->GetSwitchValueASCII(command_line_switch);
diff --git a/google_apis/google_api_keys_unittest.cc b/google_apis/google_api_keys_unittest.cc
@@ -394,6 +394,8 @@ TEST_F(GoogleAPIKeysTest, OverrideAllKeys) {
   EXPECT_EQ("SECRET_REMOTING_HOST", secret_remoting_host);
 }
 
+#if !defined(GOOGLE_CHROME_BUILD)
+
 // Override all keys using both preprocessor defines and environment
 // variables.  The environment variables should win.
 namespace override_all_keys_env {
@@ -481,6 +483,8 @@ TEST_F(GoogleAPIKeysTest, OverrideAllKeysUsingEnvironment) {
   EXPECT_EQ("env-SECRET_REMOTING_HOST", secret_remoting_host);
 }
 
+#endif  // !defined(GOOGLE_CHROME_BUILD)
+
 #if defined(OS_IOS)
 // Override all keys using both preprocessor defines and setters.
 // Setters should win.
