Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(198)

Side by Side Diff: chrome/common/extensions/extension_unittest.cc

Issue 10863002: Added check to prevent extensions from injecting scrips into other extensions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: added license comments Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/extension.h" 5 #include "chrome/common/extensions/extension.h"
6 6
7 #include "base/format_macros.h" 7 #include "base/format_macros.h"
8 #include "base/file_path.h" 8 #include "base/file_path.h"
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/json/json_file_value_serializer.h" 10 #include "base/json/json_file_value_serializer.h"
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after
661 #endif 661 #endif
662 } 662 }
663 663
664 TEST(ExtensionTest, WantsFileAccess) { 664 TEST(ExtensionTest, WantsFileAccess) {
665 scoped_refptr<Extension> extension; 665 scoped_refptr<Extension> extension;
666 GURL file_url("file:///etc/passwd"); 666 GURL file_url("file:///etc/passwd");
667 667
668 // <all_urls> permission 668 // <all_urls> permission
669 extension = LoadManifest("permissions", "permissions_all_urls.json"); 669 extension = LoadManifest("permissions", "permissions_all_urls.json");
670 EXPECT_TRUE(extension->wants_file_access()); 670 EXPECT_TRUE(extension->wants_file_access());
671 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 671 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
672 file_url, file_url, -1, NULL, NULL));
672 extension = LoadManifest( 673 extension = LoadManifest(
673 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS); 674 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS);
674 EXPECT_TRUE(extension->wants_file_access()); 675 EXPECT_TRUE(extension->wants_file_access());
675 EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 676 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
677 file_url, file_url, -1, NULL, NULL));
676 678
677 // file:///* permission 679 // file:///* permission
678 extension = LoadManifest("permissions", "permissions_file_scheme.json"); 680 extension = LoadManifest("permissions", "permissions_file_scheme.json");
679 EXPECT_TRUE(extension->wants_file_access()); 681 EXPECT_TRUE(extension->wants_file_access());
680 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 682 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
683 file_url, file_url, -1, NULL, NULL));
681 extension = LoadManifest("permissions", "permissions_file_scheme.json", 684 extension = LoadManifest("permissions", "permissions_file_scheme.json",
682 Extension::ALLOW_FILE_ACCESS); 685 Extension::ALLOW_FILE_ACCESS);
683 EXPECT_TRUE(extension->wants_file_access()); 686 EXPECT_TRUE(extension->wants_file_access());
684 EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 687 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
688 file_url, file_url, -1, NULL, NULL));
685 689
686 // http://* permission 690 // http://* permission
687 extension = LoadManifest("permissions", "permissions_http_scheme.json"); 691 extension = LoadManifest("permissions", "permissions_http_scheme.json");
688 EXPECT_FALSE(extension->wants_file_access()); 692 EXPECT_FALSE(extension->wants_file_access());
689 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 693 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
694 file_url, file_url, -1, NULL, NULL));
690 extension = LoadManifest("permissions", "permissions_http_scheme.json", 695 extension = LoadManifest("permissions", "permissions_http_scheme.json",
691 Extension::ALLOW_FILE_ACCESS); 696 Extension::ALLOW_FILE_ACCESS);
692 EXPECT_FALSE(extension->wants_file_access()); 697 EXPECT_FALSE(extension->wants_file_access());
693 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 698 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
699 file_url, file_url, -1, NULL, NULL));
694 700
695 // <all_urls> content script match 701 // <all_urls> content script match
696 extension = LoadManifest("permissions", "content_script_all_urls.json"); 702 extension = LoadManifest("permissions", "content_script_all_urls.json");
697 EXPECT_TRUE(extension->wants_file_access()); 703 EXPECT_TRUE(extension->wants_file_access());
698 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 704 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
699 file_url, -1, &extension->content_scripts()[0], NULL)); 705 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
700 extension = LoadManifest("permissions", "content_script_all_urls.json", 706 extension = LoadManifest("permissions", "content_script_all_urls.json",
701 Extension::ALLOW_FILE_ACCESS); 707 Extension::ALLOW_FILE_ACCESS);
702 EXPECT_TRUE(extension->wants_file_access()); 708 EXPECT_TRUE(extension->wants_file_access());
703 EXPECT_TRUE(extension->CanExecuteScriptOnPage( 709 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
704 file_url, -1, &extension->content_scripts()[0], NULL)); 710 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
705 711
706 // file:///* content script match 712 // file:///* content script match
707 extension = LoadManifest("permissions", "content_script_file_scheme.json"); 713 extension = LoadManifest("permissions", "content_script_file_scheme.json");
708 EXPECT_TRUE(extension->wants_file_access()); 714 EXPECT_TRUE(extension->wants_file_access());
709 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 715 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
710 file_url, -1, &extension->content_scripts()[0], NULL)); 716 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
711 extension = LoadManifest("permissions", "content_script_file_scheme.json", 717 extension = LoadManifest("permissions", "content_script_file_scheme.json",
712 Extension::ALLOW_FILE_ACCESS); 718 Extension::ALLOW_FILE_ACCESS);
713 EXPECT_TRUE(extension->wants_file_access()); 719 EXPECT_TRUE(extension->wants_file_access());
714 EXPECT_TRUE(extension->CanExecuteScriptOnPage( 720 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
715 file_url, -1, &extension->content_scripts()[0], NULL)); 721 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
716 722
717 // http://* content script match 723 // http://* content script match
718 extension = LoadManifest("permissions", "content_script_http_scheme.json"); 724 extension = LoadManifest("permissions", "content_script_http_scheme.json");
719 EXPECT_FALSE(extension->wants_file_access()); 725 EXPECT_FALSE(extension->wants_file_access());
720 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 726 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
721 file_url, -1, &extension->content_scripts()[0], NULL)); 727 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
722 extension = LoadManifest("permissions", "content_script_http_scheme.json", 728 extension = LoadManifest("permissions", "content_script_http_scheme.json",
723 Extension::ALLOW_FILE_ACCESS); 729 Extension::ALLOW_FILE_ACCESS);
724 EXPECT_FALSE(extension->wants_file_access()); 730 EXPECT_FALSE(extension->wants_file_access());
725 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 731 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
726 file_url, -1, &extension->content_scripts()[0], NULL)); 732 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
727 } 733 }
728 734
729 TEST(ExtensionTest, ExtraFlags) { 735 TEST(ExtensionTest, ExtraFlags) {
730 scoped_refptr<Extension> extension; 736 scoped_refptr<Extension> extension;
731 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE); 737 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE);
732 EXPECT_TRUE(extension->from_webstore()); 738 EXPECT_TRUE(extension->from_webstore());
733 739
734 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK); 740 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK);
735 EXPECT_TRUE(extension->from_bookmark()); 741 EXPECT_TRUE(extension->from_bookmark());
736 742
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
768 urls_.insert(http_url); 774 urls_.insert(http_url);
769 urls_.insert(http_url_with_path); 775 urls_.insert(http_url_with_path);
770 urls_.insert(https_url); 776 urls_.insert(https_url);
771 urls_.insert(file_url); 777 urls_.insert(file_url);
772 urls_.insert(favicon_url); 778 urls_.insert(favicon_url);
773 urls_.insert(extension_url); 779 urls_.insert(extension_url);
774 urls_.insert(settings_url); 780 urls_.insert(settings_url);
775 urls_.insert(about_url); 781 urls_.insert(about_url);
776 } 782 }
777 783
784 bool AllowedScript(const Extension* extension, const GURL& url,
785 const GURL& top_url) {
786 return extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL);
787 }
788
789 bool BlockedScript(const Extension* extension, const GURL& url,
790 const GURL& top_url) {
791 return !extension->CanExecuteScriptOnPage(url, top_url, -1, NULL, NULL);
792 }
793
778 bool Allowed(const Extension* extension, const GURL& url) { 794 bool Allowed(const Extension* extension, const GURL& url) {
779 return Allowed(extension, url, -1); 795 return Allowed(extension, url, -1);
780 } 796 }
781 797
782 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 798 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
783 return (extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) && 799 return (extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
784 extension->CanCaptureVisiblePage(url, tab_id, NULL)); 800 extension->CanCaptureVisiblePage(url, tab_id, NULL));
785 } 801 }
786 802
787 bool CaptureOnly(const Extension* extension, const GURL& url) { 803 bool CaptureOnly(const Extension* extension, const GURL& url) {
788 return CaptureOnly(extension, url, -1); 804 return CaptureOnly(extension, url, -1);
789 } 805 }
790 806
791 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 807 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
792 return !extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) && 808 return !extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
793 extension->CanCaptureVisiblePage(url, tab_id, NULL); 809 extension->CanCaptureVisiblePage(url, tab_id, NULL);
794 } 810 }
795 811
796 bool Blocked(const Extension* extension, const GURL& url) { 812 bool Blocked(const Extension* extension, const GURL& url) {
797 return Blocked(extension, url, -1); 813 return Blocked(extension, url, -1);
798 } 814 }
799 815
800 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 816 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
801 return !(extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) || 817 return !(extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) ||
802 extension->CanCaptureVisiblePage(url, tab_id, NULL)); 818 extension->CanCaptureVisiblePage(url, tab_id, NULL));
803 } 819 }
804 820
805 bool AllowedExclusivelyOnTab( 821 bool AllowedExclusivelyOnTab(
806 const Extension* extension, 822 const Extension* extension,
807 const std::set<GURL>& allowed_urls, 823 const std::set<GURL>& allowed_urls,
808 int tab_id) { 824 int tab_id) {
809 bool result = true; 825 bool result = true;
810 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 826 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
811 const GURL& url = *it; 827 const GURL& url = *it;
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
845 extension = LoadManifestStrict("script_and_capture", 861 extension = LoadManifestStrict("script_and_capture",
846 "extension_regular_all.json"); 862 "extension_regular_all.json");
847 EXPECT_TRUE(Allowed(extension, http_url)); 863 EXPECT_TRUE(Allowed(extension, http_url));
848 EXPECT_TRUE(Allowed(extension, https_url)); 864 EXPECT_TRUE(Allowed(extension, https_url));
849 EXPECT_TRUE(Blocked(extension, file_url)); 865 EXPECT_TRUE(Blocked(extension, file_url));
850 EXPECT_TRUE(Blocked(extension, settings_url)); 866 EXPECT_TRUE(Blocked(extension, settings_url));
851 EXPECT_TRUE(CaptureOnly(extension, favicon_url)); 867 EXPECT_TRUE(CaptureOnly(extension, favicon_url));
852 EXPECT_TRUE(Blocked(extension, about_url)); 868 EXPECT_TRUE(Blocked(extension, about_url));
853 EXPECT_TRUE(Blocked(extension, extension_url)); 869 EXPECT_TRUE(Blocked(extension, extension_url));
854 870
871 // Test access to iframed content.
872 GURL within_extension_url = extension->GetResourceURL("page.html");
873 EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path));
874 EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path));
875 EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url));
876 EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url));
877 EXPECT_TRUE(BlockedScript(extension, http_url, extension_url));
878 EXPECT_TRUE(BlockedScript(extension, https_url, extension_url));
879
855 EXPECT_FALSE(extension->HasHostPermission(settings_url)); 880 EXPECT_FALSE(extension->HasHostPermission(settings_url));
856 EXPECT_FALSE(extension->HasHostPermission(about_url)); 881 EXPECT_FALSE(extension->HasHostPermission(about_url));
857 EXPECT_TRUE(extension->HasHostPermission(favicon_url)); 882 EXPECT_TRUE(extension->HasHostPermission(favicon_url));
858 883
859 // Test * for scheme, which implies just the http/https schemes. 884 // Test * for scheme, which implies just the http/https schemes.
860 extension = LoadManifestStrict("script_and_capture", 885 extension = LoadManifestStrict("script_and_capture",
861 "extension_wildcard.json"); 886 "extension_wildcard.json");
862 EXPECT_TRUE(Allowed(extension, http_url)); 887 EXPECT_TRUE(Allowed(extension, http_url));
863 EXPECT_TRUE(Allowed(extension, https_url)); 888 EXPECT_TRUE(Allowed(extension, https_url));
864 EXPECT_TRUE(Blocked(extension, settings_url)); 889 EXPECT_TRUE(Blocked(extension, settings_url));
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after
1159 } 1184 }
1160 1185
1161 TEST(ExtensionTest, GetSyncTypeExtensionWithTwoPlugins) { 1186 TEST(ExtensionTest, GetSyncTypeExtensionWithTwoPlugins) {
1162 scoped_refptr<Extension> extension( 1187 scoped_refptr<Extension> extension(
1163 MakeSyncTestExtension(EXTENSION, GURL(), GURL(), 1188 MakeSyncTestExtension(EXTENSION, GURL(), GURL(),
1164 Extension::INTERNAL, 2, FilePath())); 1189 Extension::INTERNAL, 2, FilePath()));
1165 if (extension) 1190 if (extension)
1166 EXPECT_EQ(extension->GetSyncType(), Extension::SYNC_TYPE_NONE); 1191 EXPECT_EQ(extension->GetSyncType(), Extension::SYNC_TYPE_NONE);
1167 } 1192 }
1168 #endif // !defined(OS_CHROMEOS) 1193 #endif // !defined(OS_CHROMEOS)
OLDNEW
« no previous file with comments | « chrome/common/extensions/extension.cc ('k') | chrome/renderer/extensions/user_script_scheduler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698