OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" | 5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/message_loop.h" | 7 #include "base/message_loop.h" |
| 8 #include "chrome/browser/extensions/extension_info_map.h" |
| 9 #include "chrome/common/extensions/extension_constants.h" |
8 #include "chrome/test/base/testing_profile.h" | 10 #include "chrome/test/base/testing_profile.h" |
| 11 #include "content/public/browser/resource_request_info.h" |
9 #include "net/url_request/url_request_test_util.h" | 12 #include "net/url_request/url_request_test_util.h" |
10 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
11 | 14 |
| 15 using content::ResourceRequestInfo; |
| 16 |
12 TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { | 17 TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { |
13 MessageLoopForIO message_loop; | 18 MessageLoopForIO message_loop; |
14 TestURLRequestContext context; | 19 TestURLRequestContext context; |
| 20 scoped_refptr<ExtensionInfoMap> extension_info_map(new ExtensionInfoMap); |
15 const char* sensitive_urls[] = { | 21 const char* sensitive_urls[] = { |
16 "http://www.google.com/chrome", | 22 "http://clients2.google.com", |
17 "https://www.google.com/chrome", | 23 "http://clients22.google.com", |
18 "http://www.google.com/chrome/foobar", | 24 "https://clients2.google.com", |
19 "https://www.google.com/chrome/foobar", | |
20 "http://chrome.google.com", | |
21 "https://chrome.google.com", | |
22 "http://client2.google.com", | |
23 "https://client2.google.com", | |
24 // No http version of webstore. | |
25 "https://chrome.google.com/webstore", | |
26 "http://clients2.google.com/service/update2/crx", | 25 "http://clients2.google.com/service/update2/crx", |
| 26 "https://clients.google.com", |
| 27 "https://test.clients.google.com", |
27 "https://clients2.google.com/service/update2/crx", | 28 "https://clients2.google.com/service/update2/crx", |
28 "http://www.gstatic.com/chrome/extensions/blacklist", | 29 "http://www.gstatic.com/chrome/extensions/blacklist", |
29 "https://www.gstatic.com/chrome/extensions/blacklist", | 30 "https://www.gstatic.com/chrome/extensions/blacklist", |
30 "notregisteredscheme://www.foobar.com" | 31 "notregisteredscheme://www.foobar.com" |
31 }; | 32 }; |
32 const char* non_sensitive_urls[] = { | 33 const char* non_sensitive_urls[] = { |
33 "http://www.google.com/" | 34 "http://www.google.com/" |
34 }; | 35 }; |
35 // Check that requests are rejected based on the destination | 36 // Check that requests are rejected based on the destination |
36 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { | 37 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { |
37 GURL sensitive_url(sensitive_urls[i]); | 38 GURL sensitive_url(sensitive_urls[i]); |
38 TestURLRequest request(sensitive_url, NULL, &context); | 39 TestURLRequest request(sensitive_url, NULL, &context); |
39 EXPECT_TRUE(WebRequestPermissions::HideRequest(&request)) | 40 EXPECT_TRUE( |
| 41 WebRequestPermissions::HideRequest(extension_info_map.get(), &request)) |
40 << sensitive_urls[i]; | 42 << sensitive_urls[i]; |
41 } | 43 } |
42 // Check that requests are accepted if they don't touch sensitive urls. | 44 // Check that requests are accepted if they don't touch sensitive urls. |
43 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) { | 45 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) { |
44 GURL non_sensitive_url(non_sensitive_urls[i]); | 46 GURL non_sensitive_url(non_sensitive_urls[i]); |
45 TestURLRequest request(non_sensitive_url, NULL, &context); | 47 TestURLRequest request(non_sensitive_url, NULL, &context); |
46 EXPECT_FALSE(WebRequestPermissions::HideRequest(&request)) | 48 EXPECT_FALSE( |
| 49 WebRequestPermissions::HideRequest(extension_info_map.get(), &request)) |
47 << non_sensitive_urls[i]; | 50 << non_sensitive_urls[i]; |
48 } | 51 } |
49 // Check that requests are rejected if their first party url is sensitive. | 52 |
50 ASSERT_GE(arraysize(non_sensitive_urls), 1u); | 53 // Check protection of requests originating from the frame showing the Chrome |
51 GURL non_sensitive_url(non_sensitive_urls[0]); | 54 // WebStore. |
52 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { | 55 // Normally this request is not protected: |
53 TestURLRequest request(non_sensitive_url, NULL, &context); | 56 GURL non_sensitive_url("http://www.google.com/test.js"); |
54 GURL sensitive_url(sensitive_urls[i]); | 57 TestURLRequest non_sensitive_request(non_sensitive_url, NULL, &context); |
55 request.set_first_party_for_cookies(sensitive_url); | 58 EXPECT_FALSE(WebRequestPermissions::HideRequest(extension_info_map.get(), |
56 EXPECT_TRUE(WebRequestPermissions::HideRequest(&request)) | 59 &non_sensitive_request)); |
57 << sensitive_urls[i]; | 60 // If the origin is labeled by the WebStoreAppId, it becomes protected. |
58 } | 61 int process_id = 42; |
| 62 int site_instance_id = 23; |
| 63 int frame_id = 17; |
| 64 TestURLRequest sensitive_request(non_sensitive_url, NULL, &context); |
| 65 ResourceRequestInfo::AllocateForTesting(&sensitive_request, |
| 66 ResourceType::SCRIPT, NULL, process_id, frame_id); |
| 67 extension_info_map->RegisterExtensionProcess(extension_misc::kWebStoreAppId, |
| 68 process_id, site_instance_id); |
| 69 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map.get(), |
| 70 &sensitive_request)); |
59 } | 71 } |
OLD | NEW |