Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(747)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/extension_permission_set_unittest.cc

Issue 10649003: Move each permission classes to its own files in extensions/permissions (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Rebase on HEAD Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/features/permission_feature.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/common/extensions/extension_permission_set.h"
6
7 #include "base/command_line.h"
8 #include "base/json/json_file_value_serializer.h"
9 #include "base/logging.h"
10 #include "base/path_service.h"
11 #include "base/utf_string_conversions.h"
12 #include "chrome/common/chrome_paths.h"
13 #include "chrome/common/chrome_switches.h"
14 #include "chrome/common/extensions/extension.h"
15 #include "chrome/common/extensions/extension_manifest_constants.h"
16 #include "chrome/common/extensions/extension_error_utils.h"
17 #include "chrome/common/extensions/extension_permission_set.h"
18 #include "testing/gtest/include/gtest/gtest.h"
19
20 using extensions::Extension;
21
22 namespace errors = extension_manifest_errors;
23 namespace keys = extension_manifest_keys;
24 namespace values = extension_manifest_values;
25 namespace {
26
27 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
28 const std::string& test_file,
29 int extra_flags) {
30 FilePath path;
31 PathService::Get(chrome::DIR_TEST_DATA, &path);
32 path = path.AppendASCII("extensions")
33 .AppendASCII(dir)
34 .AppendASCII(test_file);
35
36 JSONFileValueSerializer serializer(path);
37 std::string error;
38 scoped_ptr<Value> result(serializer.Deserialize(NULL, &error));
39 if (!result.get()) {
40 EXPECT_EQ("", error);
41 return NULL;
42 }
43
44 scoped_refptr<Extension> extension = Extension::Create(
45 path.DirName(), Extension::INVALID,
46 *static_cast<DictionaryValue*>(result.get()), extra_flags, &error);
47 EXPECT_TRUE(extension) << error;
48 return extension;
49 }
50
51 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
52 const std::string& test_file) {
53 return LoadManifest(dir, test_file, Extension::NO_FLAGS);
54 }
55
56 void CompareLists(const std::vector<std::string>& expected,
57 const std::vector<std::string>& actual) {
58 ASSERT_EQ(expected.size(), actual.size());
59
60 for (size_t i = 0; i < expected.size(); ++i) {
61 EXPECT_EQ(expected[i], actual[i]);
62 }
63 }
64
65 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
66 int schemes = URLPattern::SCHEME_ALL;
67 extent->AddPattern(URLPattern(schemes, pattern));
68 }
69
70 static size_t IndexOf(const std::vector<string16>& warnings,
71 const std::string& warning) {
72 for (size_t i = 0; i < warnings.size(); ++i) {
73 if (warnings[i] == ASCIIToUTF16(warning))
74 return i;
75 }
76
77 return warnings.size();
78 }
79
80 static bool Contains(const std::vector<string16>& warnings,
81 const std::string& warning) {
82 return IndexOf(warnings, warning) != warnings.size();
83 }
84
85 } // namespace
86
87 class ExtensionPermissionsTest : public testing::Test {
88 };
89
90 // Tests GetByID.
91 TEST(ExtensionPermissionsTest, GetByID) {
92 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
93 ExtensionAPIPermissionSet ids = info->GetAll();
94 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
95 i != ids.end(); ++i) {
96 EXPECT_EQ(*i, info->GetByID(*i)->id());
97 }
98 }
99
100 // Tests that GetByName works with normal permission names and aliases.
101 TEST(ExtensionPermissionsTest, GetByName) {
102 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
103 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
104 EXPECT_EQ(ExtensionAPIPermission::kManagement,
105 info->GetByName("management")->id());
106 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
107 }
108
109 TEST(ExtensionPermissionsTest, GetAll) {
110 size_t count = 0;
111 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
112 ExtensionAPIPermissionSet apis = info->GetAll();
113 for (ExtensionAPIPermissionSet::iterator api = apis.begin();
114 api != apis.end(); ++api) {
115 // Make sure only the valid permission IDs get returned.
116 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api);
117 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api);
118 count++;
119 }
120 EXPECT_EQ(count, info->get_permission_count());
121 }
122
123 TEST(ExtensionPermissionsTest, GetAllByName) {
124 std::set<std::string> names;
125 names.insert("background");
126 names.insert("management");
127
128 // This is an alias of kTab
129 names.insert("windows");
130
131 // This unknown name should get dropped.
132 names.insert("sdlkfjasdlkfj");
133
134 ExtensionAPIPermissionSet expected;
135 expected.insert(ExtensionAPIPermission::kBackground);
136 expected.insert(ExtensionAPIPermission::kManagement);
137 expected.insert(ExtensionAPIPermission::kTab);
138
139 EXPECT_EQ(expected,
140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names));
141 }
142
143 // Tests that the aliases are properly mapped.
144 TEST(ExtensionPermissionsTest, Aliases) {
145 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
146 // tabs: tabs, windows
147 std::string tabs_name = "tabs";
148 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name());
149 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
150 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id());
151
152 // unlimitedStorage: unlimitedStorage, unlimited_storage
153 std::string storage_name = "unlimitedStorage";
154 EXPECT_EQ(storage_name, info->GetByID(
155 ExtensionAPIPermission::kUnlimitedStorage)->name());
156 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
157 info->GetByName("unlimitedStorage")->id());
158 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
159 info->GetByName("unlimited_storage")->id());
160 }
161
162 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
163 scoped_refptr<Extension> extension;
164 scoped_refptr<const ExtensionPermissionSet> permissions;
165
166 extension = LoadManifest("effective_host_permissions", "empty.json");
167 permissions = extension->GetActivePermissions();
168 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
169 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
170 GURL("http://www.google.com")));
171 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
172
173 extension = LoadManifest("effective_host_permissions", "one_host.json");
174 permissions = extension->GetActivePermissions();
175 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
176 GURL("http://www.google.com")));
177 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
178 GURL("https://www.google.com")));
179 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
180
181 extension = LoadManifest("effective_host_permissions",
182 "one_host_wildcard.json");
183 permissions = extension->GetActivePermissions();
184 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
185 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
186 GURL("http://foo.google.com")));
187 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
188
189 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
190 permissions = extension->GetActivePermissions();
191 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
192 GURL("http://www.google.com")));
193 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
194 GURL("http://www.reddit.com")));
195 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
196
197 extension = LoadManifest("effective_host_permissions",
198 "https_not_considered.json");
199 permissions = extension->GetActivePermissions();
200 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
201 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
202 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
203
204 extension = LoadManifest("effective_host_permissions",
205 "two_content_scripts.json");
206 permissions = extension->GetActivePermissions();
207 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
208 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
209 GURL("http://www.reddit.com")));
210 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
211 GURL("http://news.ycombinator.com")));
212 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
213
214 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
215 permissions = extension->GetActivePermissions();
216 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
217 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
218 EXPECT_TRUE(
219 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
220 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
221
222 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
223 permissions = extension->GetActivePermissions();
224 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
225 EXPECT_TRUE(
226 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
227 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
228
229 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
230 permissions = extension->GetActivePermissions();
231 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
232 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
233 EXPECT_TRUE(
234 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
235 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
236 }
237
238 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) {
239 ExtensionAPIPermissionSet apis;
240 URLPatternSet explicit_hosts;
241 URLPatternSet scriptable_hosts;
242
243 AddPattern(&explicit_hosts, "http://*.google.com/*");
244 // The explicit host paths should get set to /*.
245 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
246
247 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
248 apis, explicit_hosts, scriptable_hosts);
249 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
250 GURL("http://www.google.com/")));
251 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
252 GURL("http://test.google.com/")));
253 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
254 GURL("http://www.example.com")));
255 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
256 GURL("http://www.example.com")));
257 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
258 GURL("http://test.example.com")));
259 }
260
261 TEST(ExtensionPermissionsTest, CreateUnion) {
262 ExtensionAPIPermissionSet apis1;
263 ExtensionAPIPermissionSet apis2;
264 ExtensionAPIPermissionSet expected_apis;
265
266 URLPatternSet explicit_hosts1;
267 URLPatternSet explicit_hosts2;
268 URLPatternSet expected_explicit_hosts;
269
270 URLPatternSet scriptable_hosts1;
271 URLPatternSet scriptable_hosts2;
272 URLPatternSet expected_scriptable_hosts;
273
274 ExtensionOAuth2Scopes scopes1;
275 ExtensionOAuth2Scopes scopes2;
276 ExtensionOAuth2Scopes expected_scopes;
277
278 URLPatternSet effective_hosts;
279
280 scoped_refptr<ExtensionPermissionSet> set1;
281 scoped_refptr<ExtensionPermissionSet> set2;
282 scoped_refptr<ExtensionPermissionSet> union_set;
283
284 // Union with an empty set.
285 apis1.insert(ExtensionAPIPermission::kTab);
286 apis1.insert(ExtensionAPIPermission::kBackground);
287 expected_apis.insert(ExtensionAPIPermission::kTab);
288 expected_apis.insert(ExtensionAPIPermission::kBackground);
289
290 AddPattern(&explicit_hosts1, "http://*.google.com/*");
291 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
292 AddPattern(&effective_hosts, "http://*.google.com/*");
293
294 scopes1.insert("first-scope");
295 scopes1.insert("second-scope");
296 expected_scopes.insert("first-scope");
297 expected_scopes.insert("second-scope");
298
299 set1 = new ExtensionPermissionSet(
300 apis1, explicit_hosts1, scriptable_hosts1, scopes1);
301 set2 = new ExtensionPermissionSet(
302 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
303 union_set = ExtensionPermissionSet::CreateUnion(set1.get(), set2.get());
304 EXPECT_TRUE(set1->Contains(*set2));
305 EXPECT_TRUE(set1->Contains(*union_set));
306 EXPECT_FALSE(set2->Contains(*set1));
307 EXPECT_FALSE(set2->Contains(*union_set));
308 EXPECT_TRUE(union_set->Contains(*set1));
309 EXPECT_TRUE(union_set->Contains(*set2));
310
311 EXPECT_FALSE(union_set->HasEffectiveFullAccess());
312 EXPECT_EQ(expected_apis, union_set->apis());
313 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
314 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
315 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts());
316 EXPECT_EQ(expected_scopes, union_set->scopes());
317
318 // Now use a real second set.
319 apis2.insert(ExtensionAPIPermission::kTab);
320 apis2.insert(ExtensionAPIPermission::kProxy);
321 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
322 apis2.insert(ExtensionAPIPermission::kPlugin);
323 expected_apis.insert(ExtensionAPIPermission::kTab);
324 expected_apis.insert(ExtensionAPIPermission::kProxy);
325 expected_apis.insert(ExtensionAPIPermission::kClipboardWrite);
326 expected_apis.insert(ExtensionAPIPermission::kPlugin);
327
328 AddPattern(&explicit_hosts2, "http://*.example.com/*");
329 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
330 AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
331 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
332
333 scopes2.insert("real-scope");
334 scopes2.insert("anotherscope");
335 expected_scopes.insert("real-scope");
336 expected_scopes.insert("anotherscope");
337
338 URLPatternSet::CreateUnion(
339 explicit_hosts2, scriptable_hosts2, &effective_hosts);
340
341 set2 = new ExtensionPermissionSet(
342 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
343 union_set = ExtensionPermissionSet::CreateUnion(set1.get(), set2.get());
344
345 EXPECT_FALSE(set1->Contains(*set2));
346 EXPECT_FALSE(set1->Contains(*union_set));
347 EXPECT_FALSE(set2->Contains(*set1));
348 EXPECT_FALSE(set2->Contains(*union_set));
349 EXPECT_TRUE(union_set->Contains(*set1));
350 EXPECT_TRUE(union_set->Contains(*set2));
351
352 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
353 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
354 EXPECT_EQ(expected_apis, union_set->apis());
355 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
356 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
357 EXPECT_EQ(expected_scopes, union_set->scopes());
358 EXPECT_EQ(effective_hosts, union_set->effective_hosts());
359 }
360
361 TEST(ExtensionPermissionsTest, CreateIntersection) {
362 ExtensionAPIPermissionSet apis1;
363 ExtensionAPIPermissionSet apis2;
364 ExtensionAPIPermissionSet expected_apis;
365
366 URLPatternSet explicit_hosts1;
367 URLPatternSet explicit_hosts2;
368 URLPatternSet expected_explicit_hosts;
369
370 URLPatternSet scriptable_hosts1;
371 URLPatternSet scriptable_hosts2;
372 URLPatternSet expected_scriptable_hosts;
373
374 URLPatternSet effective_hosts;
375
376 scoped_refptr<ExtensionPermissionSet> set1;
377 scoped_refptr<ExtensionPermissionSet> set2;
378 scoped_refptr<ExtensionPermissionSet> new_set;
379
380 // Intersection with an empty set.
381 apis1.insert(ExtensionAPIPermission::kTab);
382 apis1.insert(ExtensionAPIPermission::kBackground);
383
384 AddPattern(&explicit_hosts1, "http://*.google.com/*");
385 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
386
387 set1 = new ExtensionPermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
388 set2 = new ExtensionPermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
389 new_set = ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get());
390 EXPECT_TRUE(set1->Contains(*new_set));
391 EXPECT_TRUE(set2->Contains(*new_set));
392 EXPECT_TRUE(set1->Contains(*set2));
393 EXPECT_FALSE(set2->Contains(*set1));
394 EXPECT_FALSE(new_set->Contains(*set1));
395 EXPECT_TRUE(new_set->Contains(*set2));
396
397 EXPECT_TRUE(new_set->IsEmpty());
398 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
399 EXPECT_EQ(expected_apis, new_set->apis());
400 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
401 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
402 EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts());
403
404 // Now use a real second set.
405 apis2.insert(ExtensionAPIPermission::kTab);
406 apis2.insert(ExtensionAPIPermission::kProxy);
407 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
408 apis2.insert(ExtensionAPIPermission::kPlugin);
409 expected_apis.insert(ExtensionAPIPermission::kTab);
410
411 AddPattern(&explicit_hosts2, "http://*.example.com/*");
412 AddPattern(&explicit_hosts2, "http://*.google.com/*");
413 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
414 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
415
416 effective_hosts.ClearPatterns();
417 AddPattern(&effective_hosts, "http://*.google.com/*");
418
419 set2 = new ExtensionPermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
420 new_set = ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get());
421
422 EXPECT_TRUE(set1->Contains(*new_set));
423 EXPECT_TRUE(set2->Contains(*new_set));
424 EXPECT_FALSE(set1->Contains(*set2));
425 EXPECT_FALSE(set2->Contains(*set1));
426 EXPECT_FALSE(new_set->Contains(*set1));
427 EXPECT_FALSE(new_set->Contains(*set2));
428
429 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
430 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
431 EXPECT_EQ(expected_apis, new_set->apis());
432 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
433 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
434 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
435 }
436
437 TEST(ExtensionPermissionsTest, CreateDifference) {
438 ExtensionAPIPermissionSet apis1;
439 ExtensionAPIPermissionSet apis2;
440 ExtensionAPIPermissionSet expected_apis;
441
442 URLPatternSet explicit_hosts1;
443 URLPatternSet explicit_hosts2;
444 URLPatternSet expected_explicit_hosts;
445
446 URLPatternSet scriptable_hosts1;
447 URLPatternSet scriptable_hosts2;
448 URLPatternSet expected_scriptable_hosts;
449
450 ExtensionOAuth2Scopes scopes1;
451 ExtensionOAuth2Scopes scopes2;
452 ExtensionOAuth2Scopes expected_scopes;
453
454 URLPatternSet effective_hosts;
455
456 scoped_refptr<ExtensionPermissionSet> set1;
457 scoped_refptr<ExtensionPermissionSet> set2;
458 scoped_refptr<ExtensionPermissionSet> new_set;
459
460 // Difference with an empty set.
461 apis1.insert(ExtensionAPIPermission::kTab);
462 apis1.insert(ExtensionAPIPermission::kBackground);
463
464 AddPattern(&explicit_hosts1, "http://*.google.com/*");
465 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
466
467 scopes1.insert("my-scope");
468 scopes1.insert("other-scope");
469
470 set1 = new ExtensionPermissionSet(
471 apis1, explicit_hosts1, scriptable_hosts1, scopes1);
472 set2 = new ExtensionPermissionSet(
473 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
474 new_set = ExtensionPermissionSet::CreateDifference(set1.get(), set2.get());
475 EXPECT_EQ(*set1, *new_set);
476
477 // Now use a real second set.
478 apis2.insert(ExtensionAPIPermission::kTab);
479 apis2.insert(ExtensionAPIPermission::kProxy);
480 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
481 apis2.insert(ExtensionAPIPermission::kPlugin);
482 expected_apis.insert(ExtensionAPIPermission::kBackground);
483
484 AddPattern(&explicit_hosts2, "http://*.example.com/*");
485 AddPattern(&explicit_hosts2, "http://*.google.com/*");
486 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
487 AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
488
489 scopes2.insert("other-scope");
490 expected_scopes.insert("my-scope");
491
492 effective_hosts.ClearPatterns();
493 AddPattern(&effective_hosts, "http://www.reddit.com/*");
494
495 set2 = new ExtensionPermissionSet(
496 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
497 new_set = ExtensionPermissionSet::CreateDifference(set1.get(), set2.get());
498
499 EXPECT_TRUE(set1->Contains(*new_set));
500 EXPECT_FALSE(set2->Contains(*new_set));
501
502 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
503 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
504 EXPECT_EQ(expected_apis, new_set->apis());
505 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
506 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
507 EXPECT_EQ(expected_scopes, new_set->scopes());
508 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
509
510 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
511 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get());
512 EXPECT_TRUE(set1->IsEmpty());
513 }
514
515 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) {
516 const struct {
517 const char* base_name;
518 bool expect_increase;
519 } kTests[] = {
520 { "allhosts1", false }, // all -> all
521 { "allhosts2", false }, // all -> one
522 { "allhosts3", true }, // one -> all
523 { "hosts1", false }, // http://a,http://b -> http://a,http://b
524 { "hosts2", true }, // http://a,http://b -> https://a,http://*.b
525 { "hosts3", false }, // http://a,http://b -> http://a
526 { "hosts4", true }, // http://a -> http://a,http://b
527 { "hosts5", false }, // http://a,b,c -> http://a,b,c + https://a,b,c
528 { "hosts6", false }, // http://a.com -> http://a.com + http://a.co.uk
529 { "permissions1", false }, // tabs -> tabs
530 { "permissions2", true }, // tabs -> tabs,bookmarks
531 { "permissions3", true }, // http://a -> http://a,tabs
532 { "permissions5", true }, // bookmarks -> bookmarks,history
533 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation
534 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS
535 { "permissions4", false }, // plugin -> plugin,tabs
536 { "plugin1", false }, // plugin -> plugin
537 { "plugin2", false }, // plugin -> none
538 { "plugin3", true }, // none -> plugin
539 #endif
540 { "storage", false }, // none -> storage
541 { "notifications", false }, // none -> notifications
542 { "scopes1", true }, // scope1 -> scope1,scope2
543 { "scopes2", false }, // scope1,scope2 -> scope1
544 { "scopes3", true }, // none -> scope1
545 };
546
547 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
548 scoped_refptr<Extension> old_extension(
549 LoadManifest("allow_silent_upgrade",
550 std::string(kTests[i].base_name) + "_old.json"));
551 scoped_refptr<Extension> new_extension(
552 LoadManifest("allow_silent_upgrade",
553 std::string(kTests[i].base_name) + "_new.json"));
554
555 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
556 if (!new_extension.get())
557 continue;
558
559 scoped_refptr<const ExtensionPermissionSet> old_p(
560 old_extension->GetActivePermissions());
561 scoped_refptr<const ExtensionPermissionSet> new_p(
562 new_extension->GetActivePermissions());
563
564 EXPECT_EQ(kTests[i].expect_increase,
565 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name;
566 }
567 }
568
569 TEST(ExtensionPermissionsTest, PermissionMessages) {
570 // Ensure that all permissions that needs to show install UI actually have
571 // strings associated with them.
572 ExtensionAPIPermissionSet skip;
573
574 // These are considered "nuisance" or "trivial" permissions that don't need
575 // a prompt.
576 skip.insert(ExtensionAPIPermission::kActiveTab);
577 skip.insert(ExtensionAPIPermission::kAlarms);
578 skip.insert(ExtensionAPIPermission::kAppNotifications);
579 skip.insert(ExtensionAPIPermission::kBrowsingData);
580 skip.insert(ExtensionAPIPermission::kContextMenus);
581 skip.insert(ExtensionAPIPermission::kDeclarative);
582 skip.insert(ExtensionAPIPermission::kIdle);
583 skip.insert(ExtensionAPIPermission::kNotification);
584 skip.insert(ExtensionAPIPermission::kUnlimitedStorage);
585 skip.insert(ExtensionAPIPermission::kStorage);
586 skip.insert(ExtensionAPIPermission::kTts);
587
588 // TODO(erikkay) add a string for this permission.
589 skip.insert(ExtensionAPIPermission::kBackground);
590
591 skip.insert(ExtensionAPIPermission::kClipboardWrite);
592
593 // The cookie permission does nothing unless you have associated host
594 // permissions.
595 skip.insert(ExtensionAPIPermission::kCookie);
596
597 // The ime, proxy, and webRequest permissions are warned as part of host
598 // permission checks.
599 skip.insert(ExtensionAPIPermission::kProxy);
600 skip.insert(ExtensionAPIPermission::kWebRequest);
601 skip.insert(ExtensionAPIPermission::kWebRequestBlocking);
602 skip.insert(ExtensionAPIPermission::kDeclarativeWebRequest);
603
604
605 // This permission requires explicit user action (context menu handler)
606 // so we won't prompt for it for now.
607 skip.insert(ExtensionAPIPermission::kFileBrowserHandler);
608
609 // This permission requires explicit user action (shortcut) so we don't
610 // prompt for it.
611 skip.insert(ExtensionAPIPermission::kKeybinding);
612
613 // If you've turned on the experimental command-line flag, we don't need
614 // to warn you further.
615 skip.insert(ExtensionAPIPermission::kExperimental);
616
617 // These are private.
618 skip.insert(ExtensionAPIPermission::kChromeAuthPrivate);
619 skip.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
620 skip.insert(ExtensionAPIPermission::kFileBrowserHandlerInternal);
621 skip.insert(ExtensionAPIPermission::kFileBrowserPrivate);
622 skip.insert(ExtensionAPIPermission::kInputMethodPrivate);
623 skip.insert(ExtensionAPIPermission::kManagedModePrivate);
624 skip.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
625 skip.insert(ExtensionAPIPermission::kMetricsPrivate);
626 skip.insert(ExtensionAPIPermission::kEchoPrivate);
627 skip.insert(ExtensionAPIPermission::kSystemPrivate);
628 skip.insert(ExtensionAPIPermission::kTerminalPrivate);
629 skip.insert(ExtensionAPIPermission::kWebRequestInternal);
630 skip.insert(ExtensionAPIPermission::kWebSocketProxyPrivate);
631 skip.insert(ExtensionAPIPermission::kWebstorePrivate);
632
633 // Warned as part of host permissions.
634 skip.insert(ExtensionAPIPermission::kDevtools);
635
636 // Platform apps. TODO(miket): must we skip?
637 skip.insert(ExtensionAPIPermission::kFileSystem);
638 skip.insert(ExtensionAPIPermission::kSocket);
639 skip.insert(ExtensionAPIPermission::kUsb);
640
641 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
642 ExtensionAPIPermissionSet permissions = info->GetAll();
643 for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin();
644 i != permissions.end(); ++i) {
645 ExtensionAPIPermission* permission = info->GetByID(*i);
646 EXPECT_TRUE(permission);
647 if (skip.count(*i)) {
648 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id())
649 << "unexpected message_id for " << permission->name();
650 } else {
651 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id())
652 << "missing message_id for " << permission->name();
653 }
654 }
655 }
656
657 // Tests the default permissions (empty API permission set).
658 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) {
659 const struct {
660 const char* permission_name;
661 bool expect_success;
662 } kTests[] = {
663 // Negative test.
664 { "non_existing_permission", false },
665 // Test default module/package permission.
666 { "browserAction", true },
667 { "devtools", true },
668 { "extension", true },
669 { "i18n", true },
670 { "pageAction", true },
671 { "pageActions", true },
672 { "test", true },
673 // Some negative tests.
674 { "bookmarks", false },
675 { "cookies", false },
676 { "history", false },
677 { "tabs.onUpdated", false },
678 // Make sure we find the module name after stripping '.' and '/'.
679 { "browserAction/abcd/onClick", true },
680 { "browserAction.abcd.onClick", true },
681 // Test Tabs functions.
682 { "tabs.create", true},
683 { "tabs.update", true},
684 { "tabs.getSelected", false},
685 };
686
687 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
688 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
689 EXPECT_EQ(kTests[i].expect_success,
690 empty->HasAccessToFunction(kTests[i].permission_name));
691 }
692 }
693
694 // Tests the default permissions (empty API permission set).
695 TEST(ExtensionPermissionSetTest, DefaultAnyAPIAccess) {
696 const struct {
697 const char* api_name;
698 bool expect_success;
699 } kTests[] = {
700 // Negative test.
701 { "non_existing_permission", false },
702 // Test default module/package permission.
703 { "browserAction", true },
704 { "devtools", true },
705 { "extension", true },
706 { "i18n", true },
707 { "pageAction", true },
708 { "pageActions", true },
709 { "test", true },
710 // Some negative tests.
711 { "bookmarks", false },
712 { "cookies", false },
713 { "history", false },
714 // Negative APIs that have positive individual functions.
715 { "management", true},
716 { "tabs", true},
717 };
718
719 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
720 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
721 EXPECT_EQ(kTests[i].expect_success,
722 empty->HasAnyAccessToAPI(kTests[i].api_name));
723 }
724 }
725
726 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) {
727 scoped_refptr<Extension> extension;
728
729 extension = LoadManifest("permissions", "many-hosts.json");
730 std::vector<string16> warnings =
731 extension->GetActivePermissions()->GetWarningMessages();
732 ASSERT_EQ(1u, warnings.size());
733 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
734 UTF16ToUTF8(warnings[0]));
735 }
736
737 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) {
738 scoped_refptr<Extension> extension;
739 scoped_refptr<ExtensionPermissionSet> permissions;
740
741 extension = LoadManifest("permissions", "plugins.json");
742 std::vector<string16> warnings =
743 extension->GetActivePermissions()->GetWarningMessages();
744 // We don't parse the plugins key on Chrome OS, so it should not ask for any
745 // permissions.
746 #if defined(OS_CHROMEOS)
747 ASSERT_EQ(0u, warnings.size());
748 #else
749 ASSERT_EQ(1u, warnings.size());
750 EXPECT_EQ("Access all data on your computer and the websites you visit",
751 UTF16ToUTF8(warnings[0]));
752 #endif
753 }
754
755 TEST(ExtensionPermissionsTest, GetWarningMessages_AudioVideo) {
756 // Both audio and video present.
757 scoped_refptr<Extension> extension =
758 LoadManifest("permissions", "audio-video.json");
759 ExtensionPermissionSet* set =
760 const_cast<ExtensionPermissionSet*>(
761 extension->GetActivePermissions().get());
762 std::vector<string16> warnings = set->GetWarningMessages();
763 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
764 EXPECT_FALSE(Contains(warnings, "Use your camera"));
765 EXPECT_TRUE(Contains(warnings, "Use your microphone and camera"));
766 size_t combined_index = IndexOf(warnings, "Use your microphone and camera");
767 size_t combined_size = warnings.size();
768
769 // Just audio present.
770 set->apis_.erase(ExtensionAPIPermission::kVideoCapture);
771 warnings = set->GetWarningMessages();
772 EXPECT_EQ(combined_size, warnings.size());
773 EXPECT_EQ(combined_index, IndexOf(warnings, "Use your microphone"));
774 EXPECT_FALSE(Contains(warnings, "Use your camera"));
775 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
776
777 // Just video present.
778 set->apis_.erase(ExtensionAPIPermission::kAudioCapture);
779 set->apis_.insert(ExtensionAPIPermission::kVideoCapture);
780 warnings = set->GetWarningMessages();
781 EXPECT_EQ(combined_size, warnings.size());
782 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
783 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
784 EXPECT_TRUE(Contains(warnings, "Use your camera"));
785 }
786
787 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) {
788 scoped_refptr<ExtensionPermissionSet> perm_set;
789 ExtensionAPIPermissionSet empty_perms;
790 std::set<std::string> expected;
791 expected.insert("www.foo.com");
792 expected.insert("www.bar.com");
793 expected.insert("www.baz.com");
794 URLPatternSet explicit_hosts;
795 URLPatternSet scriptable_hosts;
796
797 {
798 SCOPED_TRACE("no dupes");
799
800 // Simple list with no dupes.
801 explicit_hosts.AddPattern(
802 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
803 explicit_hosts.AddPattern(
804 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
805 explicit_hosts.AddPattern(
806 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
807 perm_set = new ExtensionPermissionSet(
808 empty_perms, explicit_hosts, scriptable_hosts);
809 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
810 }
811
812 {
813 SCOPED_TRACE("two dupes");
814
815 // Add some dupes.
816 explicit_hosts.AddPattern(
817 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
818 explicit_hosts.AddPattern(
819 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
820 perm_set = new ExtensionPermissionSet(
821 empty_perms, explicit_hosts, scriptable_hosts);
822 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
823 }
824
825 {
826 SCOPED_TRACE("schemes differ");
827
828 // Add a pattern that differs only by scheme. This should be filtered out.
829 explicit_hosts.AddPattern(
830 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
831 perm_set = new ExtensionPermissionSet(
832 empty_perms, explicit_hosts, scriptable_hosts);
833 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
834 }
835
836 {
837 SCOPED_TRACE("paths differ");
838
839 // Add some dupes by path.
840 explicit_hosts.AddPattern(
841 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
842 perm_set = new ExtensionPermissionSet(
843 empty_perms, explicit_hosts, scriptable_hosts);
844 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
845 }
846
847 {
848 SCOPED_TRACE("subdomains differ");
849
850 // We don't do anything special for subdomains.
851 explicit_hosts.AddPattern(
852 URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
853 explicit_hosts.AddPattern(
854 URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
855
856 expected.insert("monkey.www.bar.com");
857 expected.insert("bar.com");
858
859 perm_set = new ExtensionPermissionSet(
860 empty_perms, explicit_hosts, scriptable_hosts);
861 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
862 }
863
864 {
865 SCOPED_TRACE("RCDs differ");
866
867 // Now test for RCD uniquing.
868 explicit_hosts.AddPattern(
869 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
870 explicit_hosts.AddPattern(
871 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
872 explicit_hosts.AddPattern(
873 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
874 explicit_hosts.AddPattern(
875 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
876 explicit_hosts.AddPattern(
877 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
878 explicit_hosts.AddPattern(
879 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
880
881 // This is an unknown RCD, which shouldn't be uniqued out.
882 explicit_hosts.AddPattern(
883 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
884 // But it should only occur once.
885 explicit_hosts.AddPattern(
886 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
887
888 expected.insert("www.foo.xyzzy");
889
890 perm_set = new ExtensionPermissionSet(
891 empty_perms, explicit_hosts, scriptable_hosts);
892 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
893 }
894
895 {
896 SCOPED_TRACE("wildcards");
897
898 explicit_hosts.AddPattern(
899 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
900
901 expected.insert("*.google.com");
902
903 perm_set = new ExtensionPermissionSet(
904 empty_perms, explicit_hosts, scriptable_hosts);
905 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
906 }
907
908 {
909 SCOPED_TRACE("scriptable hosts");
910 explicit_hosts.ClearPatterns();
911 scriptable_hosts.ClearPatterns();
912 expected.clear();
913
914 explicit_hosts.AddPattern(
915 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
916 scriptable_hosts.AddPattern(
917 URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*"));
918
919 expected.insert("*.google.com");
920 expected.insert("*.example.com");
921
922 perm_set = new ExtensionPermissionSet(
923 empty_perms, explicit_hosts, scriptable_hosts);
924 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
925 }
926
927 {
928 // We don't display warnings for file URLs because they are off by default.
929 SCOPED_TRACE("file urls");
930 explicit_hosts.ClearPatterns();
931 scriptable_hosts.ClearPatterns();
932 expected.clear();
933
934 explicit_hosts.AddPattern(
935 URLPattern(URLPattern::SCHEME_FILE, "file:///*"));
936
937 perm_set = new ExtensionPermissionSet(
938 empty_perms, explicit_hosts, scriptable_hosts);
939 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
940 }
941 }
942
943 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
944 scoped_refptr<ExtensionPermissionSet> perm_set;
945 ExtensionAPIPermissionSet empty_perms;
946 URLPatternSet explicit_hosts;
947 URLPatternSet scriptable_hosts;
948 explicit_hosts.AddPattern(
949 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
950 explicit_hosts.AddPattern(
951 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
952 explicit_hosts.AddPattern(
953 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
954 explicit_hosts.AddPattern(
955 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
956 explicit_hosts.AddPattern(
957 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
958 explicit_hosts.AddPattern(
959 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
960
961 std::set<std::string> expected;
962 expected.insert("www.foo.com");
963 perm_set = new ExtensionPermissionSet(
964 empty_perms, explicit_hosts, scriptable_hosts);
965 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
966 }
967
968 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
969 scoped_refptr<ExtensionPermissionSet> perm_set;
970 ExtensionAPIPermissionSet empty_perms;
971 URLPatternSet explicit_hosts;
972 URLPatternSet scriptable_hosts;
973 explicit_hosts.AddPattern(
974 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
975 explicit_hosts.AddPattern(
976 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
977 explicit_hosts.AddPattern(
978 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
979 explicit_hosts.AddPattern(
980 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
981 explicit_hosts.AddPattern(
982 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
983 // No http://www.foo.com/path
984
985 std::set<std::string> expected;
986 expected.insert("www.foo.net");
987 perm_set = new ExtensionPermissionSet(
988 empty_perms, explicit_hosts, scriptable_hosts);
989 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
990 }
991
992 TEST(ExtensionPermissionsTest,
993 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
994 scoped_refptr<ExtensionPermissionSet> perm_set;
995 ExtensionAPIPermissionSet empty_perms;
996 URLPatternSet explicit_hosts;
997 URLPatternSet scriptable_hosts;
998 explicit_hosts.AddPattern(
999 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1000 explicit_hosts.AddPattern(
1001 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1002 explicit_hosts.AddPattern(
1003 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1004 // No http://www.foo.net/path
1005 explicit_hosts.AddPattern(
1006 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1007 // No http://www.foo.com/path
1008
1009 std::set<std::string> expected;
1010 expected.insert("www.foo.org");
1011 perm_set = new ExtensionPermissionSet(
1012 empty_perms, explicit_hosts, scriptable_hosts);
1013 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1014 }
1015
1016 TEST(ExtensionPermissionsTest,
1017 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
1018 scoped_refptr<ExtensionPermissionSet> perm_set;
1019 ExtensionAPIPermissionSet empty_perms;
1020 URLPatternSet explicit_hosts;
1021 URLPatternSet scriptable_hosts;
1022 explicit_hosts.AddPattern(
1023 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1024 // No http://www.foo.org/path
1025 explicit_hosts.AddPattern(
1026 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1027 // No http://www.foo.net/path
1028 explicit_hosts.AddPattern(
1029 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1030 // No http://www.foo.com/path
1031
1032 std::set<std::string> expected;
1033 expected.insert("www.foo.ca");
1034 perm_set = new ExtensionPermissionSet(
1035 empty_perms, explicit_hosts, scriptable_hosts);
1036 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1037 }
1038
1039 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) {
1040 URLPatternSet elist1;
1041 URLPatternSet elist2;
1042 URLPatternSet slist1;
1043 URLPatternSet slist2;
1044 scoped_refptr<ExtensionPermissionSet> set1;
1045 scoped_refptr<ExtensionPermissionSet> set2;
1046 ExtensionAPIPermissionSet empty_perms;
1047 elist1.AddPattern(
1048 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1049 elist1.AddPattern(
1050 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1051
1052 // Test that the host order does not matter.
1053 elist2.AddPattern(
1054 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1055 elist2.AddPattern(
1056 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1057
1058 set1 = new ExtensionPermissionSet(empty_perms, elist1, slist1);
1059 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1060
1061 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1062 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1063
1064 // Test that paths are ignored.
1065 elist2.ClearPatterns();
1066 elist2.AddPattern(
1067 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
1068 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1069 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1070 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1071
1072 // Test that RCDs are ignored.
1073 elist2.ClearPatterns();
1074 elist2.AddPattern(
1075 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
1076 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1077 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1078 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1079
1080 // Test that subdomain wildcards are handled properly.
1081 elist2.ClearPatterns();
1082 elist2.AddPattern(
1083 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
1084 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1085 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1086 //TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
1087 //EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1088
1089 // Test that different domains count as different hosts.
1090 elist2.ClearPatterns();
1091 elist2.AddPattern(
1092 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1093 elist2.AddPattern(
1094 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
1095 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1096 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1097 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1098
1099 // Test that different subdomains count as different hosts.
1100 elist2.ClearPatterns();
1101 elist2.AddPattern(
1102 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
1103 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1104 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1105 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
1106 }
1107
1108 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) {
1109 ExtensionAPIPermissionSet apis;
1110 URLPatternSet empty_set;
1111
1112 apis.insert(ExtensionAPIPermission::kProxy);
1113 apis.insert(ExtensionAPIPermission::kBackground);
1114 apis.insert(ExtensionAPIPermission::kNotification);
1115 apis.insert(ExtensionAPIPermission::kTab);
1116
1117 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
1118 apis, empty_set, empty_set);
1119 std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
1120
1121 // The result is correct if it has the same number of elements
1122 // and we can convert it back to the id set.
1123 EXPECT_EQ(4u, api_names.size());
1124 EXPECT_EQ(apis,
1125 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names));
1126 }
1127
1128 TEST(ExtensionPermissionsTest, IsEmpty) {
1129 ExtensionAPIPermissionSet empty_apis;
1130 URLPatternSet empty_extent;
1131
1132 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
1133 EXPECT_TRUE(empty->IsEmpty());
1134 scoped_refptr<ExtensionPermissionSet> perm_set;
1135
1136 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
1137 EXPECT_TRUE(perm_set->IsEmpty());
1138
1139 ExtensionAPIPermissionSet non_empty_apis;
1140 non_empty_apis.insert(ExtensionAPIPermission::kBackground);
1141 perm_set = new ExtensionPermissionSet(
1142 non_empty_apis, empty_extent, empty_extent);
1143 EXPECT_FALSE(perm_set->IsEmpty());
1144
1145 // Try non standard host
1146 URLPatternSet non_empty_extent;
1147 AddPattern(&non_empty_extent, "http://www.google.com/*");
1148
1149 perm_set = new ExtensionPermissionSet(
1150 empty_apis, non_empty_extent, empty_extent);
1151 EXPECT_FALSE(perm_set->IsEmpty());
1152
1153 perm_set = new ExtensionPermissionSet(
1154 empty_apis, empty_extent, non_empty_extent);
1155 EXPECT_FALSE(perm_set->IsEmpty());
1156 }
OLDNEW
« no previous file with comments | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/features/permission_feature.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698