Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/extension_resource_unittest.cc

Issue 11308204: Fix directory traversal in extension_resources.cc. Adds test case, which is complicated by several… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/extensions/extension_resource.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 6
7 #include "base/file_util.h" 7 #include "base/file_util.h"
8 #include "base/files/scoped_temp_dir.h" 8 #include "base/files/scoped_temp_dir.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "chrome/common/chrome_paths.h" 10 #include "chrome/common/chrome_paths.h"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 EXPECT_EQ(relative_path.value(), resource.relative_path().value()); 42 EXPECT_EQ(relative_path.value(), resource.relative_path().value());
43 EXPECT_TRUE(resource.GetFilePath().empty()); 43 EXPECT_TRUE(resource.GetFilePath().empty());
44 } 44 }
45 45
46 TEST(ExtensionResourceTest, ResourcesOutsideOfPath) { 46 TEST(ExtensionResourceTest, ResourcesOutsideOfPath) {
47 base::ScopedTempDir temp; 47 base::ScopedTempDir temp;
48 ASSERT_TRUE(temp.CreateUniqueTempDir()); 48 ASSERT_TRUE(temp.CreateUniqueTempDir());
49 49
50 FilePath inner_dir = temp.path().AppendASCII("directory"); 50 FilePath inner_dir = temp.path().AppendASCII("directory");
51 ASSERT_TRUE(file_util::CreateDirectory(inner_dir)); 51 ASSERT_TRUE(file_util::CreateDirectory(inner_dir));
52 FilePath sub_dir = inner_dir.AppendASCII("subdir");
53 ASSERT_TRUE(file_util::CreateDirectory(sub_dir));
52 FilePath inner_file = inner_dir.AppendASCII("inner"); 54 FilePath inner_file = inner_dir.AppendASCII("inner");
53 FilePath outer_file = temp.path().AppendASCII("outer"); 55 FilePath outer_file = temp.path().AppendASCII("outer");
54 ASSERT_TRUE(file_util::WriteFile(outer_file, "X", 1)); 56 ASSERT_TRUE(file_util::WriteFile(outer_file, "X", 1));
55 ASSERT_TRUE(file_util::WriteFile(inner_file, "X", 1)); 57 ASSERT_TRUE(file_util::WriteFile(inner_file, "X", 1));
56 std::string extension_id = extension_test_util::MakeId("test"); 58 std::string extension_id = extension_test_util::MakeId("test");
57 59
58 #if defined(OS_POSIX) 60 #if defined(OS_POSIX)
59 FilePath symlink_file = inner_dir.AppendASCII("symlink"); 61 FilePath symlink_file = inner_dir.AppendASCII("symlink");
60 file_util::CreateSymbolicLink( 62 file_util::CreateSymbolicLink(
61 FilePath().AppendASCII("..").AppendASCII("outer"), 63 FilePath().AppendASCII("..").AppendASCII("outer"),
(...skipping 17 matching lines...) Expand all
79 FilePath().AppendASCII("inner")); 81 FilePath().AppendASCII("inner"));
80 r3.set_follow_symlinks_anywhere(); 82 r3.set_follow_symlinks_anywhere();
81 EXPECT_FALSE(r3.GetFilePath().empty()); 83 EXPECT_FALSE(r3.GetFilePath().empty());
82 84
83 // ... but, again, not a relative path that walks out of |inner_dir|. 85 // ... but, again, not a relative path that walks out of |inner_dir|.
84 ExtensionResource r4(extension_id, inner_dir, 86 ExtensionResource r4(extension_id, inner_dir,
85 FilePath().AppendASCII("..").AppendASCII("outer")); 87 FilePath().AppendASCII("..").AppendASCII("outer"));
86 r4.set_follow_symlinks_anywhere(); 88 r4.set_follow_symlinks_anywhere();
87 EXPECT_TRUE(r4.GetFilePath().empty()); 89 EXPECT_TRUE(r4.GetFilePath().empty());
88 90
91 // ... and not even when clever current-directory syntax is present. Note
92 // that the path for this test case can't start with the current directory
93 // component due to quirks in FilePath::Append(), and the path must exist.
94 ExtensionResource r4a(
95 extension_id, inner_dir,
96 FilePath().AppendASCII("subdir").AppendASCII(".").AppendASCII("..").
97 AppendASCII("..").AppendASCII("outer"));
98 r4a.set_follow_symlinks_anywhere();
99 EXPECT_TRUE(r4a.GetFilePath().empty());
100
89 #if defined(OS_POSIX) 101 #if defined(OS_POSIX)
90 // The non-packing extension should also not be able to access a resource that 102 // The non-packing extension should also not be able to access a resource that
91 // symlinks out of the directory. 103 // symlinks out of the directory.
92 ExtensionResource r5(extension_id, inner_dir, 104 ExtensionResource r5(extension_id, inner_dir,
93 FilePath().AppendASCII("symlink")); 105 FilePath().AppendASCII("symlink"));
94 EXPECT_TRUE(r5.GetFilePath().empty()); 106 EXPECT_TRUE(r5.GetFilePath().empty());
95 107
96 // ... but a packing extension can. 108 // ... but a packing extension can.
97 ExtensionResource r6(extension_id, inner_dir, 109 ExtensionResource r6(extension_id, inner_dir,
98 FilePath().AppendASCII("symlink")); 110 FilePath().AppendASCII("symlink"));
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 // See http://crbug.com/27359. 153 // See http://crbug.com/27359.
142 expected_path = root_resource; 154 expected_path = root_resource;
143 ASSERT_TRUE(file_util::AbsolutePath(&expected_path)); 155 ASSERT_TRUE(file_util::AbsolutePath(&expected_path));
144 156
145 EXPECT_EQ(ToLower(expected_path.value()), ToLower(resolved_path.value())); 157 EXPECT_EQ(ToLower(expected_path.value()), ToLower(resolved_path.value()));
146 EXPECT_EQ(ToLower(temp.path().value()), 158 EXPECT_EQ(ToLower(temp.path().value()),
147 ToLower(resource.extension_root().value())); 159 ToLower(resource.extension_root().value()));
148 EXPECT_EQ(ToLower(FilePath().AppendASCII(filename).value()), 160 EXPECT_EQ(ToLower(FilePath().AppendASCII(filename).value()),
149 ToLower(resource.relative_path().value())); 161 ToLower(resource.relative_path().value()));
150 } 162 }
OLDNEW
« no previous file with comments | « chrome/common/extensions/extension_resource.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698