Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(463)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/extension_permission_set_unittest.cc

Issue 10675007: Move each permission classes to its own files in extensions/permissions (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Rebase again Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/features/permission_feature.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/common/extensions/extension_permission_set.h"
6
7 #include "base/command_line.h"
8 #include "base/json/json_file_value_serializer.h"
9 #include "base/logging.h"
10 #include "base/path_service.h"
11 #include "base/utf_string_conversions.h"
12 #include "chrome/common/chrome_paths.h"
13 #include "chrome/common/chrome_switches.h"
14 #include "chrome/common/extensions/extension.h"
15 #include "chrome/common/extensions/extension_manifest_constants.h"
16 #include "chrome/common/extensions/extension_error_utils.h"
17 #include "chrome/common/extensions/extension_permission_set.h"
18 #include "testing/gtest/include/gtest/gtest.h"
19
20 using extensions::Extension;
21
22 namespace errors = extension_manifest_errors;
23 namespace keys = extension_manifest_keys;
24 namespace values = extension_manifest_values;
25 namespace {
26
27 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
28 const std::string& test_file,
29 int extra_flags) {
30 FilePath path;
31 PathService::Get(chrome::DIR_TEST_DATA, &path);
32 path = path.AppendASCII("extensions")
33 .AppendASCII(dir)
34 .AppendASCII(test_file);
35
36 JSONFileValueSerializer serializer(path);
37 std::string error;
38 scoped_ptr<Value> result(serializer.Deserialize(NULL, &error));
39 if (!result.get()) {
40 EXPECT_EQ("", error);
41 return NULL;
42 }
43
44 scoped_refptr<Extension> extension = Extension::Create(
45 path.DirName(), Extension::INVALID,
46 *static_cast<DictionaryValue*>(result.get()), extra_flags, &error);
47 EXPECT_TRUE(extension) << error;
48 return extension;
49 }
50
51 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
52 const std::string& test_file) {
53 return LoadManifest(dir, test_file, Extension::NO_FLAGS);
54 }
55
56 void CompareLists(const std::vector<std::string>& expected,
57 const std::vector<std::string>& actual) {
58 ASSERT_EQ(expected.size(), actual.size());
59
60 for (size_t i = 0; i < expected.size(); ++i) {
61 EXPECT_EQ(expected[i], actual[i]);
62 }
63 }
64
65 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
66 int schemes = URLPattern::SCHEME_ALL;
67 extent->AddPattern(URLPattern(schemes, pattern));
68 }
69
70 static size_t IndexOf(const std::vector<string16>& warnings,
71 const std::string& warning) {
72 for (size_t i = 0; i < warnings.size(); ++i) {
73 if (warnings[i] == ASCIIToUTF16(warning))
74 return i;
75 }
76
77 return warnings.size();
78 }
79
80 static bool Contains(const std::vector<string16>& warnings,
81 const std::string& warning) {
82 return IndexOf(warnings, warning) != warnings.size();
83 }
84
85 } // namespace
86
87 class ExtensionPermissionsTest : public testing::Test {
88 };
89
90 // Tests GetByID.
91 TEST(ExtensionPermissionsTest, GetByID) {
92 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
93 ExtensionAPIPermissionSet ids = info->GetAll();
94 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
95 i != ids.end(); ++i) {
96 EXPECT_EQ(*i, info->GetByID(*i)->id());
97 }
98 }
99
100 // Tests that GetByName works with normal permission names and aliases.
101 TEST(ExtensionPermissionsTest, GetByName) {
102 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
103 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
104 EXPECT_EQ(ExtensionAPIPermission::kManagement,
105 info->GetByName("management")->id());
106 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
107 }
108
109 TEST(ExtensionPermissionsTest, GetAll) {
110 size_t count = 0;
111 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
112 ExtensionAPIPermissionSet apis = info->GetAll();
113 for (ExtensionAPIPermissionSet::iterator api = apis.begin();
114 api != apis.end(); ++api) {
115 // Make sure only the valid permission IDs get returned.
116 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api);
117 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api);
118 count++;
119 }
120 EXPECT_EQ(count, info->get_permission_count());
121 }
122
123 TEST(ExtensionPermissionsTest, GetAllByName) {
124 std::set<std::string> names;
125 names.insert("background");
126 names.insert("management");
127
128 // This is an alias of kTab
129 names.insert("windows");
130
131 // This unknown name should get dropped.
132 names.insert("sdlkfjasdlkfj");
133
134 ExtensionAPIPermissionSet expected;
135 expected.insert(ExtensionAPIPermission::kBackground);
136 expected.insert(ExtensionAPIPermission::kManagement);
137 expected.insert(ExtensionAPIPermission::kTab);
138
139 EXPECT_EQ(expected,
140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names));
141 }
142
143 // Tests that the aliases are properly mapped.
144 TEST(ExtensionPermissionsTest, Aliases) {
145 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
146 // tabs: tabs, windows
147 std::string tabs_name = "tabs";
148 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name());
149 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
150 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id());
151
152 // unlimitedStorage: unlimitedStorage, unlimited_storage
153 std::string storage_name = "unlimitedStorage";
154 EXPECT_EQ(storage_name, info->GetByID(
155 ExtensionAPIPermission::kUnlimitedStorage)->name());
156 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
157 info->GetByName("unlimitedStorage")->id());
158 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
159 info->GetByName("unlimited_storage")->id());
160 }
161
162 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
163 scoped_refptr<Extension> extension;
164 scoped_refptr<const ExtensionPermissionSet> permissions;
165
166 extension = LoadManifest("effective_host_permissions", "empty.json");
167 permissions = extension->GetActivePermissions();
168 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
169 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
170 GURL("http://www.google.com")));
171 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
172
173 extension = LoadManifest("effective_host_permissions", "one_host.json");
174 permissions = extension->GetActivePermissions();
175 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
176 GURL("http://www.google.com")));
177 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
178 GURL("https://www.google.com")));
179 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
180
181 extension = LoadManifest("effective_host_permissions",
182 "one_host_wildcard.json");
183 permissions = extension->GetActivePermissions();
184 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
185 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
186 GURL("http://foo.google.com")));
187 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
188
189 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
190 permissions = extension->GetActivePermissions();
191 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
192 GURL("http://www.google.com")));
193 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
194 GURL("http://www.reddit.com")));
195 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
196
197 extension = LoadManifest("effective_host_permissions",
198 "https_not_considered.json");
199 permissions = extension->GetActivePermissions();
200 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
201 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
202 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
203
204 extension = LoadManifest("effective_host_permissions",
205 "two_content_scripts.json");
206 permissions = extension->GetActivePermissions();
207 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
208 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
209 GURL("http://www.reddit.com")));
210 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
211 GURL("http://news.ycombinator.com")));
212 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
213
214 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
215 permissions = extension->GetActivePermissions();
216 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
217 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
218 EXPECT_TRUE(
219 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
220 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
221
222 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
223 permissions = extension->GetActivePermissions();
224 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
225 EXPECT_TRUE(
226 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
227 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
228
229 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
230 permissions = extension->GetActivePermissions();
231 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
232 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
233 EXPECT_TRUE(
234 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
235 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
236 }
237
238 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) {
239 ExtensionAPIPermissionSet apis;
240 URLPatternSet explicit_hosts;
241 URLPatternSet scriptable_hosts;
242
243 AddPattern(&explicit_hosts, "http://*.google.com/*");
244 // The explicit host paths should get set to /*.
245 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
246
247 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
248 apis, explicit_hosts, scriptable_hosts);
249 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
250 GURL("http://www.google.com/")));
251 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
252 GURL("http://test.google.com/")));
253 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
254 GURL("http://www.example.com")));
255 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
256 GURL("http://www.example.com")));
257 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
258 GURL("http://test.example.com")));
259 }
260
261 TEST(ExtensionPermissionsTest, CreateUnion) {
262 ExtensionAPIPermissionSet apis1;
263 ExtensionAPIPermissionSet apis2;
264 ExtensionAPIPermissionSet expected_apis;
265
266 URLPatternSet explicit_hosts1;
267 URLPatternSet explicit_hosts2;
268 URLPatternSet expected_explicit_hosts;
269
270 URLPatternSet scriptable_hosts1;
271 URLPatternSet scriptable_hosts2;
272 URLPatternSet expected_scriptable_hosts;
273
274 ExtensionOAuth2Scopes scopes1;
275 ExtensionOAuth2Scopes scopes2;
276 ExtensionOAuth2Scopes expected_scopes;
277
278 URLPatternSet effective_hosts;
279
280 scoped_refptr<ExtensionPermissionSet> set1;
281 scoped_refptr<ExtensionPermissionSet> set2;
282 scoped_refptr<ExtensionPermissionSet> union_set;
283
284 // Union with an empty set.
285 apis1.insert(ExtensionAPIPermission::kTab);
286 apis1.insert(ExtensionAPIPermission::kBackground);
287 expected_apis.insert(ExtensionAPIPermission::kTab);
288 expected_apis.insert(ExtensionAPIPermission::kBackground);
289
290 AddPattern(&explicit_hosts1, "http://*.google.com/*");
291 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
292 AddPattern(&effective_hosts, "http://*.google.com/*");
293
294 scopes1.insert("first-scope");
295 scopes1.insert("second-scope");
296 expected_scopes.insert("first-scope");
297 expected_scopes.insert("second-scope");
298
299 set1 = new ExtensionPermissionSet(
300 apis1, explicit_hosts1, scriptable_hosts1, scopes1);
301 set2 = new ExtensionPermissionSet(
302 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
303 union_set = ExtensionPermissionSet::CreateUnion(set1.get(), set2.get());
304 EXPECT_TRUE(set1->Contains(*set2));
305 EXPECT_TRUE(set1->Contains(*union_set));
306 EXPECT_FALSE(set2->Contains(*set1));
307 EXPECT_FALSE(set2->Contains(*union_set));
308 EXPECT_TRUE(union_set->Contains(*set1));
309 EXPECT_TRUE(union_set->Contains(*set2));
310
311 EXPECT_FALSE(union_set->HasEffectiveFullAccess());
312 EXPECT_EQ(expected_apis, union_set->apis());
313 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
314 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
315 EXPECT_EQ(expected_explicit_hosts, union_set->effective_hosts());
316 EXPECT_EQ(expected_scopes, union_set->scopes());
317
318 // Now use a real second set.
319 apis2.insert(ExtensionAPIPermission::kTab);
320 apis2.insert(ExtensionAPIPermission::kProxy);
321 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
322 apis2.insert(ExtensionAPIPermission::kPlugin);
323 expected_apis.insert(ExtensionAPIPermission::kTab);
324 expected_apis.insert(ExtensionAPIPermission::kProxy);
325 expected_apis.insert(ExtensionAPIPermission::kClipboardWrite);
326 expected_apis.insert(ExtensionAPIPermission::kPlugin);
327
328 AddPattern(&explicit_hosts2, "http://*.example.com/*");
329 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
330 AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
331 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
332
333 scopes2.insert("real-scope");
334 scopes2.insert("anotherscope");
335 expected_scopes.insert("real-scope");
336 expected_scopes.insert("anotherscope");
337
338 URLPatternSet::CreateUnion(
339 explicit_hosts2, scriptable_hosts2, &effective_hosts);
340
341 set2 = new ExtensionPermissionSet(
342 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
343 union_set = ExtensionPermissionSet::CreateUnion(set1.get(), set2.get());
344
345 EXPECT_FALSE(set1->Contains(*set2));
346 EXPECT_FALSE(set1->Contains(*union_set));
347 EXPECT_FALSE(set2->Contains(*set1));
348 EXPECT_FALSE(set2->Contains(*union_set));
349 EXPECT_TRUE(union_set->Contains(*set1));
350 EXPECT_TRUE(union_set->Contains(*set2));
351
352 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
353 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
354 EXPECT_EQ(expected_apis, union_set->apis());
355 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
356 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
357 EXPECT_EQ(expected_scopes, union_set->scopes());
358 EXPECT_EQ(effective_hosts, union_set->effective_hosts());
359 }
360
361 TEST(ExtensionPermissionsTest, CreateIntersection) {
362 ExtensionAPIPermissionSet apis1;
363 ExtensionAPIPermissionSet apis2;
364 ExtensionAPIPermissionSet expected_apis;
365
366 URLPatternSet explicit_hosts1;
367 URLPatternSet explicit_hosts2;
368 URLPatternSet expected_explicit_hosts;
369
370 URLPatternSet scriptable_hosts1;
371 URLPatternSet scriptable_hosts2;
372 URLPatternSet expected_scriptable_hosts;
373
374 URLPatternSet effective_hosts;
375
376 scoped_refptr<ExtensionPermissionSet> set1;
377 scoped_refptr<ExtensionPermissionSet> set2;
378 scoped_refptr<ExtensionPermissionSet> new_set;
379
380 // Intersection with an empty set.
381 apis1.insert(ExtensionAPIPermission::kTab);
382 apis1.insert(ExtensionAPIPermission::kBackground);
383
384 AddPattern(&explicit_hosts1, "http://*.google.com/*");
385 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
386
387 set1 = new ExtensionPermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
388 set2 = new ExtensionPermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
389 new_set = ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get());
390 EXPECT_TRUE(set1->Contains(*new_set));
391 EXPECT_TRUE(set2->Contains(*new_set));
392 EXPECT_TRUE(set1->Contains(*set2));
393 EXPECT_FALSE(set2->Contains(*set1));
394 EXPECT_FALSE(new_set->Contains(*set1));
395 EXPECT_TRUE(new_set->Contains(*set2));
396
397 EXPECT_TRUE(new_set->IsEmpty());
398 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
399 EXPECT_EQ(expected_apis, new_set->apis());
400 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
401 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
402 EXPECT_EQ(expected_explicit_hosts, new_set->effective_hosts());
403
404 // Now use a real second set.
405 apis2.insert(ExtensionAPIPermission::kTab);
406 apis2.insert(ExtensionAPIPermission::kProxy);
407 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
408 apis2.insert(ExtensionAPIPermission::kPlugin);
409 expected_apis.insert(ExtensionAPIPermission::kTab);
410
411 AddPattern(&explicit_hosts2, "http://*.example.com/*");
412 AddPattern(&explicit_hosts2, "http://*.google.com/*");
413 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
414 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
415
416 effective_hosts.ClearPatterns();
417 AddPattern(&effective_hosts, "http://*.google.com/*");
418
419 set2 = new ExtensionPermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
420 new_set = ExtensionPermissionSet::CreateIntersection(set1.get(), set2.get());
421
422 EXPECT_TRUE(set1->Contains(*new_set));
423 EXPECT_TRUE(set2->Contains(*new_set));
424 EXPECT_FALSE(set1->Contains(*set2));
425 EXPECT_FALSE(set2->Contains(*set1));
426 EXPECT_FALSE(new_set->Contains(*set1));
427 EXPECT_FALSE(new_set->Contains(*set2));
428
429 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
430 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
431 EXPECT_EQ(expected_apis, new_set->apis());
432 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
433 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
434 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
435 }
436
437 TEST(ExtensionPermissionsTest, CreateDifference) {
438 ExtensionAPIPermissionSet apis1;
439 ExtensionAPIPermissionSet apis2;
440 ExtensionAPIPermissionSet expected_apis;
441
442 URLPatternSet explicit_hosts1;
443 URLPatternSet explicit_hosts2;
444 URLPatternSet expected_explicit_hosts;
445
446 URLPatternSet scriptable_hosts1;
447 URLPatternSet scriptable_hosts2;
448 URLPatternSet expected_scriptable_hosts;
449
450 ExtensionOAuth2Scopes scopes1;
451 ExtensionOAuth2Scopes scopes2;
452 ExtensionOAuth2Scopes expected_scopes;
453
454 URLPatternSet effective_hosts;
455
456 scoped_refptr<ExtensionPermissionSet> set1;
457 scoped_refptr<ExtensionPermissionSet> set2;
458 scoped_refptr<ExtensionPermissionSet> new_set;
459
460 // Difference with an empty set.
461 apis1.insert(ExtensionAPIPermission::kTab);
462 apis1.insert(ExtensionAPIPermission::kBackground);
463
464 AddPattern(&explicit_hosts1, "http://*.google.com/*");
465 AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
466
467 scopes1.insert("my-scope");
468 scopes1.insert("other-scope");
469
470 set1 = new ExtensionPermissionSet(
471 apis1, explicit_hosts1, scriptable_hosts1, scopes1);
472 set2 = new ExtensionPermissionSet(
473 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
474 new_set = ExtensionPermissionSet::CreateDifference(set1.get(), set2.get());
475 EXPECT_EQ(*set1, *new_set);
476
477 // Now use a real second set.
478 apis2.insert(ExtensionAPIPermission::kTab);
479 apis2.insert(ExtensionAPIPermission::kProxy);
480 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
481 apis2.insert(ExtensionAPIPermission::kPlugin);
482 expected_apis.insert(ExtensionAPIPermission::kBackground);
483
484 AddPattern(&explicit_hosts2, "http://*.example.com/*");
485 AddPattern(&explicit_hosts2, "http://*.google.com/*");
486 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
487 AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
488
489 scopes2.insert("other-scope");
490 expected_scopes.insert("my-scope");
491
492 effective_hosts.ClearPatterns();
493 AddPattern(&effective_hosts, "http://www.reddit.com/*");
494
495 set2 = new ExtensionPermissionSet(
496 apis2, explicit_hosts2, scriptable_hosts2, scopes2);
497 new_set = ExtensionPermissionSet::CreateDifference(set1.get(), set2.get());
498
499 EXPECT_TRUE(set1->Contains(*new_set));
500 EXPECT_FALSE(set2->Contains(*new_set));
501
502 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
503 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
504 EXPECT_EQ(expected_apis, new_set->apis());
505 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
506 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
507 EXPECT_EQ(expected_scopes, new_set->scopes());
508 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
509
510 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
511 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get());
512 EXPECT_TRUE(set1->IsEmpty());
513 }
514
515 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) {
516 const struct {
517 const char* base_name;
518 bool expect_increase;
519 } kTests[] = {
520 { "allhosts1", false }, // all -> all
521 { "allhosts2", false }, // all -> one
522 { "allhosts3", true }, // one -> all
523 { "hosts1", false }, // http://a,http://b -> http://a,http://b
524 { "hosts2", true }, // http://a,http://b -> https://a,http://*.b
525 { "hosts3", false }, // http://a,http://b -> http://a
526 { "hosts4", true }, // http://a -> http://a,http://b
527 { "hosts5", false }, // http://a,b,c -> http://a,b,c + https://a,b,c
528 { "hosts6", false }, // http://a.com -> http://a.com + http://a.co.uk
529 { "permissions1", false }, // tabs -> tabs
530 { "permissions2", true }, // tabs -> tabs,bookmarks
531 { "permissions3", true }, // http://a -> http://a,tabs
532 { "permissions5", true }, // bookmarks -> bookmarks,history
533 { "equivalent_warnings", false }, // tabs --> tabs, webNavigation
534 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS
535 { "permissions4", false }, // plugin -> plugin,tabs
536 { "plugin1", false }, // plugin -> plugin
537 { "plugin2", false }, // plugin -> none
538 { "plugin3", true }, // none -> plugin
539 #endif
540 { "storage", false }, // none -> storage
541 { "notifications", false }, // none -> notifications
542 { "scopes1", true }, // scope1 -> scope1,scope2
543 { "scopes2", false }, // scope1,scope2 -> scope1
544 { "scopes3", true }, // none -> scope1
545 };
546
547 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
548 scoped_refptr<Extension> old_extension(
549 LoadManifest("allow_silent_upgrade",
550 std::string(kTests[i].base_name) + "_old.json"));
551 scoped_refptr<Extension> new_extension(
552 LoadManifest("allow_silent_upgrade",
553 std::string(kTests[i].base_name) + "_new.json"));
554
555 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
556 if (!new_extension.get())
557 continue;
558
559 scoped_refptr<const ExtensionPermissionSet> old_p(
560 old_extension->GetActivePermissions());
561 scoped_refptr<const ExtensionPermissionSet> new_p(
562 new_extension->GetActivePermissions());
563
564 EXPECT_EQ(kTests[i].expect_increase,
565 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name;
566 }
567 }
568
569 TEST(ExtensionPermissionsTest, PermissionMessages) {
570 // Ensure that all permissions that needs to show install UI actually have
571 // strings associated with them.
572 ExtensionAPIPermissionSet skip;
573
574 // These are considered "nuisance" or "trivial" permissions that don't need
575 // a prompt.
576 skip.insert(ExtensionAPIPermission::kActiveTab);
577 skip.insert(ExtensionAPIPermission::kAlarms);
578 skip.insert(ExtensionAPIPermission::kAppNotifications);
579 skip.insert(ExtensionAPIPermission::kAppWindow);
580 skip.insert(ExtensionAPIPermission::kBrowsingData);
581 skip.insert(ExtensionAPIPermission::kContextMenus);
582 skip.insert(ExtensionAPIPermission::kDeclarative);
583 skip.insert(ExtensionAPIPermission::kIdle);
584 skip.insert(ExtensionAPIPermission::kNotification);
585 skip.insert(ExtensionAPIPermission::kUnlimitedStorage);
586 skip.insert(ExtensionAPIPermission::kStorage);
587 skip.insert(ExtensionAPIPermission::kTts);
588
589 // TODO(erikkay) add a string for this permission.
590 skip.insert(ExtensionAPIPermission::kBackground);
591
592 skip.insert(ExtensionAPIPermission::kClipboardWrite);
593
594 // The cookie permission does nothing unless you have associated host
595 // permissions.
596 skip.insert(ExtensionAPIPermission::kCookie);
597
598 // The ime, proxy, and webRequest permissions are warned as part of host
599 // permission checks.
600 skip.insert(ExtensionAPIPermission::kProxy);
601 skip.insert(ExtensionAPIPermission::kWebRequest);
602 skip.insert(ExtensionAPIPermission::kWebRequestBlocking);
603 skip.insert(ExtensionAPIPermission::kDeclarativeWebRequest);
604
605
606 // This permission requires explicit user action (context menu handler)
607 // so we won't prompt for it for now.
608 skip.insert(ExtensionAPIPermission::kFileBrowserHandler);
609
610 // This permission requires explicit user action (shortcut) so we don't
611 // prompt for it.
612 skip.insert(ExtensionAPIPermission::kKeybinding);
613
614 // If you've turned on the experimental command-line flag, we don't need
615 // to warn you further.
616 skip.insert(ExtensionAPIPermission::kExperimental);
617
618 // These are private.
619 skip.insert(ExtensionAPIPermission::kChromeAuthPrivate);
620 skip.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
621 skip.insert(ExtensionAPIPermission::kFileBrowserHandlerInternal);
622 skip.insert(ExtensionAPIPermission::kFileBrowserPrivate);
623 skip.insert(ExtensionAPIPermission::kInputMethodPrivate);
624 skip.insert(ExtensionAPIPermission::kManagedModePrivate);
625 skip.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
626 skip.insert(ExtensionAPIPermission::kMetricsPrivate);
627 skip.insert(ExtensionAPIPermission::kEchoPrivate);
628 skip.insert(ExtensionAPIPermission::kSystemPrivate);
629 skip.insert(ExtensionAPIPermission::kTerminalPrivate);
630 skip.insert(ExtensionAPIPermission::kWebRequestInternal);
631 skip.insert(ExtensionAPIPermission::kWebSocketProxyPrivate);
632 skip.insert(ExtensionAPIPermission::kWebstorePrivate);
633
634 // Warned as part of host permissions.
635 skip.insert(ExtensionAPIPermission::kDevtools);
636
637 // Platform apps. TODO(miket): must we skip?
638 skip.insert(ExtensionAPIPermission::kFileSystem);
639 skip.insert(ExtensionAPIPermission::kSocket);
640 skip.insert(ExtensionAPIPermission::kUsb);
641
642 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
643 ExtensionAPIPermissionSet permissions = info->GetAll();
644 for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin();
645 i != permissions.end(); ++i) {
646 ExtensionAPIPermission* permission = info->GetByID(*i);
647 EXPECT_TRUE(permission);
648 if (skip.count(*i)) {
649 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id())
650 << "unexpected message_id for " << permission->name();
651 } else {
652 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id())
653 << "missing message_id for " << permission->name();
654 }
655 }
656 }
657
658 // Tests the default permissions (empty API permission set).
659 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) {
660 const struct {
661 const char* permission_name;
662 bool expect_success;
663 } kTests[] = {
664 // Negative test.
665 { "non_existing_permission", false },
666 // Test default module/package permission.
667 { "browserAction", true },
668 { "devtools", true },
669 { "extension", true },
670 { "i18n", true },
671 { "pageAction", true },
672 { "pageActions", true },
673 { "test", true },
674 // Some negative tests.
675 { "bookmarks", false },
676 { "cookies", false },
677 { "history", false },
678 { "tabs.onUpdated", false },
679 // Make sure we find the module name after stripping '.' and '/'.
680 { "browserAction/abcd/onClick", true },
681 { "browserAction.abcd.onClick", true },
682 // Test Tabs functions.
683 { "tabs.create", true},
684 { "tabs.update", true},
685 { "tabs.getSelected", false},
686 };
687
688 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
689 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
690 EXPECT_EQ(kTests[i].expect_success,
691 empty->HasAccessToFunction(kTests[i].permission_name));
692 }
693 }
694
695 // Tests the default permissions (empty API permission set).
696 TEST(ExtensionPermissionSetTest, DefaultAnyAPIAccess) {
697 const struct {
698 const char* api_name;
699 bool expect_success;
700 } kTests[] = {
701 // Negative test.
702 { "non_existing_permission", false },
703 // Test default module/package permission.
704 { "browserAction", true },
705 { "devtools", true },
706 { "extension", true },
707 { "i18n", true },
708 { "pageAction", true },
709 { "pageActions", true },
710 { "test", true },
711 // Some negative tests.
712 { "bookmarks", false },
713 { "cookies", false },
714 { "history", false },
715 // Negative APIs that have positive individual functions.
716 { "management", true},
717 { "tabs", true},
718 };
719
720 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
721 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
722 EXPECT_EQ(kTests[i].expect_success,
723 empty->HasAnyAccessToAPI(kTests[i].api_name));
724 }
725 }
726
727 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) {
728 scoped_refptr<Extension> extension;
729
730 extension = LoadManifest("permissions", "many-hosts.json");
731 std::vector<string16> warnings =
732 extension->GetActivePermissions()->GetWarningMessages();
733 ASSERT_EQ(1u, warnings.size());
734 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
735 UTF16ToUTF8(warnings[0]));
736 }
737
738 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) {
739 scoped_refptr<Extension> extension;
740 scoped_refptr<ExtensionPermissionSet> permissions;
741
742 extension = LoadManifest("permissions", "plugins.json");
743 std::vector<string16> warnings =
744 extension->GetActivePermissions()->GetWarningMessages();
745 // We don't parse the plugins key on Chrome OS, so it should not ask for any
746 // permissions.
747 #if defined(OS_CHROMEOS)
748 ASSERT_EQ(0u, warnings.size());
749 #else
750 ASSERT_EQ(1u, warnings.size());
751 EXPECT_EQ("Access all data on your computer and the websites you visit",
752 UTF16ToUTF8(warnings[0]));
753 #endif
754 }
755
756 TEST(ExtensionPermissionsTest, GetWarningMessages_AudioVideo) {
757 // Both audio and video present.
758 scoped_refptr<Extension> extension =
759 LoadManifest("permissions", "audio-video.json");
760 ExtensionPermissionSet* set =
761 const_cast<ExtensionPermissionSet*>(
762 extension->GetActivePermissions().get());
763 std::vector<string16> warnings = set->GetWarningMessages();
764 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
765 EXPECT_FALSE(Contains(warnings, "Use your camera"));
766 EXPECT_TRUE(Contains(warnings, "Use your microphone and camera"));
767 size_t combined_index = IndexOf(warnings, "Use your microphone and camera");
768 size_t combined_size = warnings.size();
769
770 // Just audio present.
771 set->apis_.erase(ExtensionAPIPermission::kVideoCapture);
772 warnings = set->GetWarningMessages();
773 EXPECT_EQ(combined_size, warnings.size());
774 EXPECT_EQ(combined_index, IndexOf(warnings, "Use your microphone"));
775 EXPECT_FALSE(Contains(warnings, "Use your camera"));
776 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
777
778 // Just video present.
779 set->apis_.erase(ExtensionAPIPermission::kAudioCapture);
780 set->apis_.insert(ExtensionAPIPermission::kVideoCapture);
781 warnings = set->GetWarningMessages();
782 EXPECT_EQ(combined_size, warnings.size());
783 EXPECT_FALSE(Contains(warnings, "Use your microphone"));
784 EXPECT_FALSE(Contains(warnings, "Use your microphone and camera"));
785 EXPECT_TRUE(Contains(warnings, "Use your camera"));
786 }
787
788 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) {
789 scoped_refptr<ExtensionPermissionSet> perm_set;
790 ExtensionAPIPermissionSet empty_perms;
791 std::set<std::string> expected;
792 expected.insert("www.foo.com");
793 expected.insert("www.bar.com");
794 expected.insert("www.baz.com");
795 URLPatternSet explicit_hosts;
796 URLPatternSet scriptable_hosts;
797
798 {
799 SCOPED_TRACE("no dupes");
800
801 // Simple list with no dupes.
802 explicit_hosts.AddPattern(
803 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
804 explicit_hosts.AddPattern(
805 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
806 explicit_hosts.AddPattern(
807 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
808 perm_set = new ExtensionPermissionSet(
809 empty_perms, explicit_hosts, scriptable_hosts);
810 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
811 }
812
813 {
814 SCOPED_TRACE("two dupes");
815
816 // Add some dupes.
817 explicit_hosts.AddPattern(
818 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
819 explicit_hosts.AddPattern(
820 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
821 perm_set = new ExtensionPermissionSet(
822 empty_perms, explicit_hosts, scriptable_hosts);
823 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
824 }
825
826 {
827 SCOPED_TRACE("schemes differ");
828
829 // Add a pattern that differs only by scheme. This should be filtered out.
830 explicit_hosts.AddPattern(
831 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
832 perm_set = new ExtensionPermissionSet(
833 empty_perms, explicit_hosts, scriptable_hosts);
834 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
835 }
836
837 {
838 SCOPED_TRACE("paths differ");
839
840 // Add some dupes by path.
841 explicit_hosts.AddPattern(
842 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
843 perm_set = new ExtensionPermissionSet(
844 empty_perms, explicit_hosts, scriptable_hosts);
845 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
846 }
847
848 {
849 SCOPED_TRACE("subdomains differ");
850
851 // We don't do anything special for subdomains.
852 explicit_hosts.AddPattern(
853 URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
854 explicit_hosts.AddPattern(
855 URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
856
857 expected.insert("monkey.www.bar.com");
858 expected.insert("bar.com");
859
860 perm_set = new ExtensionPermissionSet(
861 empty_perms, explicit_hosts, scriptable_hosts);
862 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
863 }
864
865 {
866 SCOPED_TRACE("RCDs differ");
867
868 // Now test for RCD uniquing.
869 explicit_hosts.AddPattern(
870 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
871 explicit_hosts.AddPattern(
872 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
873 explicit_hosts.AddPattern(
874 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
875 explicit_hosts.AddPattern(
876 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
877 explicit_hosts.AddPattern(
878 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
879 explicit_hosts.AddPattern(
880 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
881
882 // This is an unknown RCD, which shouldn't be uniqued out.
883 explicit_hosts.AddPattern(
884 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
885 // But it should only occur once.
886 explicit_hosts.AddPattern(
887 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
888
889 expected.insert("www.foo.xyzzy");
890
891 perm_set = new ExtensionPermissionSet(
892 empty_perms, explicit_hosts, scriptable_hosts);
893 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
894 }
895
896 {
897 SCOPED_TRACE("wildcards");
898
899 explicit_hosts.AddPattern(
900 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
901
902 expected.insert("*.google.com");
903
904 perm_set = new ExtensionPermissionSet(
905 empty_perms, explicit_hosts, scriptable_hosts);
906 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
907 }
908
909 {
910 SCOPED_TRACE("scriptable hosts");
911 explicit_hosts.ClearPatterns();
912 scriptable_hosts.ClearPatterns();
913 expected.clear();
914
915 explicit_hosts.AddPattern(
916 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
917 scriptable_hosts.AddPattern(
918 URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*"));
919
920 expected.insert("*.google.com");
921 expected.insert("*.example.com");
922
923 perm_set = new ExtensionPermissionSet(
924 empty_perms, explicit_hosts, scriptable_hosts);
925 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
926 }
927
928 {
929 // We don't display warnings for file URLs because they are off by default.
930 SCOPED_TRACE("file urls");
931 explicit_hosts.ClearPatterns();
932 scriptable_hosts.ClearPatterns();
933 expected.clear();
934
935 explicit_hosts.AddPattern(
936 URLPattern(URLPattern::SCHEME_FILE, "file:///*"));
937
938 perm_set = new ExtensionPermissionSet(
939 empty_perms, explicit_hosts, scriptable_hosts);
940 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
941 }
942 }
943
944 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
945 scoped_refptr<ExtensionPermissionSet> perm_set;
946 ExtensionAPIPermissionSet empty_perms;
947 URLPatternSet explicit_hosts;
948 URLPatternSet scriptable_hosts;
949 explicit_hosts.AddPattern(
950 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
951 explicit_hosts.AddPattern(
952 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
953 explicit_hosts.AddPattern(
954 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
955 explicit_hosts.AddPattern(
956 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
957 explicit_hosts.AddPattern(
958 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
959 explicit_hosts.AddPattern(
960 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
961
962 std::set<std::string> expected;
963 expected.insert("www.foo.com");
964 perm_set = new ExtensionPermissionSet(
965 empty_perms, explicit_hosts, scriptable_hosts);
966 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
967 }
968
969 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
970 scoped_refptr<ExtensionPermissionSet> perm_set;
971 ExtensionAPIPermissionSet empty_perms;
972 URLPatternSet explicit_hosts;
973 URLPatternSet scriptable_hosts;
974 explicit_hosts.AddPattern(
975 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
976 explicit_hosts.AddPattern(
977 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
978 explicit_hosts.AddPattern(
979 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
980 explicit_hosts.AddPattern(
981 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
982 explicit_hosts.AddPattern(
983 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
984 // No http://www.foo.com/path
985
986 std::set<std::string> expected;
987 expected.insert("www.foo.net");
988 perm_set = new ExtensionPermissionSet(
989 empty_perms, explicit_hosts, scriptable_hosts);
990 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
991 }
992
993 TEST(ExtensionPermissionsTest,
994 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
995 scoped_refptr<ExtensionPermissionSet> perm_set;
996 ExtensionAPIPermissionSet empty_perms;
997 URLPatternSet explicit_hosts;
998 URLPatternSet scriptable_hosts;
999 explicit_hosts.AddPattern(
1000 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1001 explicit_hosts.AddPattern(
1002 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1003 explicit_hosts.AddPattern(
1004 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1005 // No http://www.foo.net/path
1006 explicit_hosts.AddPattern(
1007 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1008 // No http://www.foo.com/path
1009
1010 std::set<std::string> expected;
1011 expected.insert("www.foo.org");
1012 perm_set = new ExtensionPermissionSet(
1013 empty_perms, explicit_hosts, scriptable_hosts);
1014 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1015 }
1016
1017 TEST(ExtensionPermissionsTest,
1018 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
1019 scoped_refptr<ExtensionPermissionSet> perm_set;
1020 ExtensionAPIPermissionSet empty_perms;
1021 URLPatternSet explicit_hosts;
1022 URLPatternSet scriptable_hosts;
1023 explicit_hosts.AddPattern(
1024 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1025 // No http://www.foo.org/path
1026 explicit_hosts.AddPattern(
1027 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1028 // No http://www.foo.net/path
1029 explicit_hosts.AddPattern(
1030 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1031 // No http://www.foo.com/path
1032
1033 std::set<std::string> expected;
1034 expected.insert("www.foo.ca");
1035 perm_set = new ExtensionPermissionSet(
1036 empty_perms, explicit_hosts, scriptable_hosts);
1037 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1038 }
1039
1040 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) {
1041 URLPatternSet elist1;
1042 URLPatternSet elist2;
1043 URLPatternSet slist1;
1044 URLPatternSet slist2;
1045 scoped_refptr<ExtensionPermissionSet> set1;
1046 scoped_refptr<ExtensionPermissionSet> set2;
1047 ExtensionAPIPermissionSet empty_perms;
1048 elist1.AddPattern(
1049 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1050 elist1.AddPattern(
1051 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1052
1053 // Test that the host order does not matter.
1054 elist2.AddPattern(
1055 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1056 elist2.AddPattern(
1057 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1058
1059 set1 = new ExtensionPermissionSet(empty_perms, elist1, slist1);
1060 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1061
1062 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1063 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1064
1065 // Test that paths are ignored.
1066 elist2.ClearPatterns();
1067 elist2.AddPattern(
1068 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
1069 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1070 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1071 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1072
1073 // Test that RCDs are ignored.
1074 elist2.ClearPatterns();
1075 elist2.AddPattern(
1076 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
1077 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1078 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
1079 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1080
1081 // Test that subdomain wildcards are handled properly.
1082 elist2.ClearPatterns();
1083 elist2.AddPattern(
1084 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
1085 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1086 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1087 //TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
1088 //EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1089
1090 // Test that different domains count as different hosts.
1091 elist2.ClearPatterns();
1092 elist2.AddPattern(
1093 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
1094 elist2.AddPattern(
1095 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
1096 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1097 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1098 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
1099
1100 // Test that different subdomains count as different hosts.
1101 elist2.ClearPatterns();
1102 elist2.AddPattern(
1103 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
1104 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1105 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1106 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
1107 }
1108
1109 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) {
1110 ExtensionAPIPermissionSet apis;
1111 URLPatternSet empty_set;
1112
1113 apis.insert(ExtensionAPIPermission::kProxy);
1114 apis.insert(ExtensionAPIPermission::kBackground);
1115 apis.insert(ExtensionAPIPermission::kNotification);
1116 apis.insert(ExtensionAPIPermission::kTab);
1117
1118 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
1119 apis, empty_set, empty_set);
1120 std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
1121
1122 // The result is correct if it has the same number of elements
1123 // and we can convert it back to the id set.
1124 EXPECT_EQ(4u, api_names.size());
1125 EXPECT_EQ(apis,
1126 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names));
1127 }
1128
1129 TEST(ExtensionPermissionsTest, IsEmpty) {
1130 ExtensionAPIPermissionSet empty_apis;
1131 URLPatternSet empty_extent;
1132
1133 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
1134 EXPECT_TRUE(empty->IsEmpty());
1135 scoped_refptr<ExtensionPermissionSet> perm_set;
1136
1137 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
1138 EXPECT_TRUE(perm_set->IsEmpty());
1139
1140 ExtensionAPIPermissionSet non_empty_apis;
1141 non_empty_apis.insert(ExtensionAPIPermission::kBackground);
1142 perm_set = new ExtensionPermissionSet(
1143 non_empty_apis, empty_extent, empty_extent);
1144 EXPECT_FALSE(perm_set->IsEmpty());
1145
1146 // Try non standard host
1147 URLPatternSet non_empty_extent;
1148 AddPattern(&non_empty_extent, "http://www.google.com/*");
1149
1150 perm_set = new ExtensionPermissionSet(
1151 empty_apis, non_empty_extent, empty_extent);
1152 EXPECT_FALSE(perm_set->IsEmpty());
1153
1154 perm_set = new ExtensionPermissionSet(
1155 empty_apis, empty_extent, non_empty_extent);
1156 EXPECT_FALSE(perm_set->IsEmpty());
1157 }
OLDNEW
« no previous file with comments | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/features/permission_feature.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698