Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Side by Side Diff: chrome/common/extensions/extension_unittest.cc

Issue 10863002: Added check to prevent extensions from injecting scrips into other extensions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: added test cases for self injection... and failed injection attempt Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/extension.h" 5 #include "chrome/common/extensions/extension.h"
6 6
7 #include "base/format_macros.h" 7 #include "base/format_macros.h"
8 #include "base/file_path.h" 8 #include "base/file_path.h"
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/json/json_file_value_serializer.h" 10 #include "base/json/json_file_value_serializer.h"
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after
661 #endif 661 #endif
662 } 662 }
663 663
664 TEST(ExtensionTest, WantsFileAccess) { 664 TEST(ExtensionTest, WantsFileAccess) {
665 scoped_refptr<Extension> extension; 665 scoped_refptr<Extension> extension;
666 GURL file_url("file:///etc/passwd"); 666 GURL file_url("file:///etc/passwd");
667 667
668 // <all_urls> permission 668 // <all_urls> permission
669 extension = LoadManifest("permissions", "permissions_all_urls.json"); 669 extension = LoadManifest("permissions", "permissions_all_urls.json");
670 EXPECT_TRUE(extension->wants_file_access()); 670 EXPECT_TRUE(extension->wants_file_access());
671 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 671 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
672 file_url, file_url, -1, NULL, NULL));
672 extension = LoadManifest( 673 extension = LoadManifest(
673 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS); 674 "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS);
674 EXPECT_TRUE(extension->wants_file_access()); 675 EXPECT_TRUE(extension->wants_file_access());
675 EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 676 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
677 file_url, file_url, -1, NULL, NULL));
676 678
677 // file:///* permission 679 // file:///* permission
678 extension = LoadManifest("permissions", "permissions_file_scheme.json"); 680 extension = LoadManifest("permissions", "permissions_file_scheme.json");
679 EXPECT_TRUE(extension->wants_file_access()); 681 EXPECT_TRUE(extension->wants_file_access());
680 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 682 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
683 file_url, file_url, -1, NULL, NULL));
681 extension = LoadManifest("permissions", "permissions_file_scheme.json", 684 extension = LoadManifest("permissions", "permissions_file_scheme.json",
682 Extension::ALLOW_FILE_ACCESS); 685 Extension::ALLOW_FILE_ACCESS);
683 EXPECT_TRUE(extension->wants_file_access()); 686 EXPECT_TRUE(extension->wants_file_access());
684 EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 687 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
688 file_url, file_url, -1, NULL, NULL));
685 689
686 // http://* permission 690 // http://* permission
687 extension = LoadManifest("permissions", "permissions_http_scheme.json"); 691 extension = LoadManifest("permissions", "permissions_http_scheme.json");
688 EXPECT_FALSE(extension->wants_file_access()); 692 EXPECT_FALSE(extension->wants_file_access());
689 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 693 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
694 file_url, file_url, -1, NULL, NULL));
690 extension = LoadManifest("permissions", "permissions_http_scheme.json", 695 extension = LoadManifest("permissions", "permissions_http_scheme.json",
691 Extension::ALLOW_FILE_ACCESS); 696 Extension::ALLOW_FILE_ACCESS);
692 EXPECT_FALSE(extension->wants_file_access()); 697 EXPECT_FALSE(extension->wants_file_access());
693 EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL)); 698 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
699 file_url, file_url, -1, NULL, NULL));
694 700
695 // <all_urls> content script match 701 // <all_urls> content script match
696 extension = LoadManifest("permissions", "content_script_all_urls.json"); 702 extension = LoadManifest("permissions", "content_script_all_urls.json");
697 EXPECT_TRUE(extension->wants_file_access()); 703 EXPECT_TRUE(extension->wants_file_access());
698 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 704 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
699 file_url, -1, &extension->content_scripts()[0], NULL)); 705 file_url, -1, &extension->content_scripts()[0], NULL));
700 extension = LoadManifest("permissions", "content_script_all_urls.json", 706 extension = LoadManifest("permissions", "content_script_all_urls.json",
701 Extension::ALLOW_FILE_ACCESS); 707 Extension::ALLOW_FILE_ACCESS);
702 EXPECT_TRUE(extension->wants_file_access()); 708 EXPECT_TRUE(extension->wants_file_access());
703 EXPECT_TRUE(extension->CanExecuteScriptOnPage( 709 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
704 file_url, -1, &extension->content_scripts()[0], NULL)); 710 file_url, -1, &extension->content_scripts()[0], NULL));
705 711
706 // file:///* content script match 712 // file:///* content script match
707 extension = LoadManifest("permissions", "content_script_file_scheme.json"); 713 extension = LoadManifest("permissions", "content_script_file_scheme.json");
708 EXPECT_TRUE(extension->wants_file_access()); 714 EXPECT_TRUE(extension->wants_file_access());
709 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 715 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
710 file_url, -1, &extension->content_scripts()[0], NULL)); 716 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
711 extension = LoadManifest("permissions", "content_script_file_scheme.json", 717 extension = LoadManifest("permissions", "content_script_file_scheme.json",
712 Extension::ALLOW_FILE_ACCESS); 718 Extension::ALLOW_FILE_ACCESS);
713 EXPECT_TRUE(extension->wants_file_access()); 719 EXPECT_TRUE(extension->wants_file_access());
714 EXPECT_TRUE(extension->CanExecuteScriptOnPage( 720 EXPECT_TRUE(extension->CanExecuteScriptOnPage(
715 file_url, -1, &extension->content_scripts()[0], NULL)); 721 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
716 722
717 // http://* content script match 723 // http://* content script match
718 extension = LoadManifest("permissions", "content_script_http_scheme.json"); 724 extension = LoadManifest("permissions", "content_script_http_scheme.json");
719 EXPECT_FALSE(extension->wants_file_access()); 725 EXPECT_FALSE(extension->wants_file_access());
720 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 726 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
721 file_url, -1, &extension->content_scripts()[0], NULL)); 727 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
722 extension = LoadManifest("permissions", "content_script_http_scheme.json", 728 extension = LoadManifest("permissions", "content_script_http_scheme.json",
723 Extension::ALLOW_FILE_ACCESS); 729 Extension::ALLOW_FILE_ACCESS);
724 EXPECT_FALSE(extension->wants_file_access()); 730 EXPECT_FALSE(extension->wants_file_access());
725 EXPECT_FALSE(extension->CanExecuteScriptOnPage( 731 EXPECT_FALSE(extension->CanExecuteScriptOnPage(
726 file_url, -1, &extension->content_scripts()[0], NULL)); 732 file_url, file_url, -1, &extension->content_scripts()[0], NULL));
727 } 733 }
728 734
729 TEST(ExtensionTest, ExtraFlags) { 735 TEST(ExtensionTest, ExtraFlags) {
730 scoped_refptr<Extension> extension; 736 scoped_refptr<Extension> extension;
731 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE); 737 extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE);
732 EXPECT_TRUE(extension->from_webstore()); 738 EXPECT_TRUE(extension->from_webstore());
733 739
734 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK); 740 extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK);
735 EXPECT_TRUE(extension->from_bookmark()); 741 EXPECT_TRUE(extension->from_bookmark());
736 742
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
773 urls_.insert(extension_url); 779 urls_.insert(extension_url);
774 urls_.insert(settings_url); 780 urls_.insert(settings_url);
775 urls_.insert(about_url); 781 urls_.insert(about_url);
776 } 782 }
777 783
778 bool Allowed(const Extension* extension, const GURL& url) { 784 bool Allowed(const Extension* extension, const GURL& url) {
779 return Allowed(extension, url, -1); 785 return Allowed(extension, url, -1);
780 } 786 }
781 787
782 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 788 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
783 return (extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) && 789 return (extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
784 extension->CanCaptureVisiblePage(url, tab_id, NULL)); 790 extension->CanCaptureVisiblePage(url, tab_id, NULL));
785 } 791 }
786 792
787 bool CaptureOnly(const Extension* extension, const GURL& url) { 793 bool CaptureOnly(const Extension* extension, const GURL& url) {
788 return CaptureOnly(extension, url, -1); 794 return CaptureOnly(extension, url, -1);
789 } 795 }
790 796
791 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 797 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
792 return !extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) && 798 return !extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) &&
793 extension->CanCaptureVisiblePage(url, tab_id, NULL); 799 extension->CanCaptureVisiblePage(url, tab_id, NULL);
794 } 800 }
795 801
796 bool Blocked(const Extension* extension, const GURL& url) { 802 bool Blocked(const Extension* extension, const GURL& url) {
797 return Blocked(extension, url, -1); 803 return Blocked(extension, url, -1);
798 } 804 }
799 805
800 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 806 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
801 return !(extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) || 807 return !(extension->CanExecuteScriptOnPage(url, url, tab_id, NULL, NULL) ||
802 extension->CanCaptureVisiblePage(url, tab_id, NULL)); 808 extension->CanCaptureVisiblePage(url, tab_id, NULL));
803 } 809 }
804 810
805 bool AllowedExclusivelyOnTab( 811 bool AllowedExclusivelyOnTab(
806 const Extension* extension, 812 const Extension* extension,
807 const std::set<GURL>& allowed_urls, 813 const std::set<GURL>& allowed_urls,
808 int tab_id) { 814 int tab_id) {
809 bool result = true; 815 bool result = true;
810 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 816 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
811 const GURL& url = *it; 817 const GURL& url = *it;
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after
1159 } 1165 }
1160 1166
1161 TEST(ExtensionTest, GetSyncTypeExtensionWithTwoPlugins) { 1167 TEST(ExtensionTest, GetSyncTypeExtensionWithTwoPlugins) {
1162 scoped_refptr<Extension> extension( 1168 scoped_refptr<Extension> extension(
1163 MakeSyncTestExtension(EXTENSION, GURL(), GURL(), 1169 MakeSyncTestExtension(EXTENSION, GURL(), GURL(),
1164 Extension::INTERNAL, 2, FilePath())); 1170 Extension::INTERNAL, 2, FilePath()));
1165 if (extension) 1171 if (extension)
1166 EXPECT_EQ(extension->GetSyncType(), Extension::SYNC_TYPE_NONE); 1172 EXPECT_EQ(extension->GetSyncType(), Extension::SYNC_TYPE_NONE);
1167 } 1173 }
1168 #endif // !defined(OS_CHROMEOS) 1174 #endif // !defined(OS_CHROMEOS)
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698