Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/permissions/permissions_data_unittest.cc

Issue 15239002: Move Extension and PermissionsData to extensions/common. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/extensions/permissions/permissions_data.cc ('k') | chrome/common/extensions/permissions/settings_override_permission_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <vector>
6
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/chrome_version_info.h"
12 #include "chrome/common/extensions/extension.h"
13 #include "chrome/common/extensions/extension_test_util.h"
14 #include "chrome/common/extensions/features/feature_channel.h"
15 #include "chrome/common/extensions/permissions/permissions_data.h"
16 #include "chrome/common/extensions/permissions/socket_permission.h"
17 #include "content/public/common/socket_permission_request.h"
18 #include "extensions/common/error_utils.h"
19 #include "extensions/common/id_util.h"
20 #include "extensions/common/manifest_constants.h"
21 #include "extensions/common/permissions/api_permission.h"
22 #include "extensions/common/permissions/permission_set.h"
23 #include "extensions/common/switches.h"
24 #include "extensions/common/url_pattern_set.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 using content::SocketPermissionRequest;
28 using extension_test_util::LoadManifest;
29 using extension_test_util::LoadManifestUnchecked;
30 using extension_test_util::LoadManifestStrict;
31
32 namespace extensions {
33
34 namespace {
35
36 bool CheckSocketPermission(
37 scoped_refptr<Extension> extension,
38 SocketPermissionRequest::OperationType type,
39 const char* host,
40 int port) {
41 SocketPermission::CheckParam param(type, host, port);
42 return PermissionsData::CheckAPIPermissionWithParam(
43 extension.get(), APIPermission::kSocket, &param);
44 }
45
46 } // namespace
47
48 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
49 scoped_refptr<Extension> extension;
50 URLPatternSet hosts;
51
52 extension = LoadManifest("effective_host_permissions", "empty.json");
53 EXPECT_EQ(0u,
54 PermissionsData::GetEffectiveHostPermissions(extension.get())
55 .patterns().size());
56 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
57 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
58
59 extension = LoadManifest("effective_host_permissions", "one_host.json");
60 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
61 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
62 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
63 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
64
65 extension = LoadManifest("effective_host_permissions",
66 "one_host_wildcard.json");
67 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
68 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
69 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
70 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
71
72 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
73 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
74 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
75 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
76 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
77
78 extension = LoadManifest("effective_host_permissions",
79 "https_not_considered.json");
80 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
81 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
82 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
83 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
84
85 extension = LoadManifest("effective_host_permissions",
86 "two_content_scripts.json");
87 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
88 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
89 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
90 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
91 GURL("http://www.reddit.com")));
92 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
93 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
94 GURL("http://news.ycombinator.com")));
95 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
96
97 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
98 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
99 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
100 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
101 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
102 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
103
104 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
105 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
106 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
107 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
108 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
109
110 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
111 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
112 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
113 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
114 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
115 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
116 }
117
118 TEST(ExtensionPermissionsTest, SocketPermissions) {
119 // Set feature current channel to appropriate value.
120 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV);
121 scoped_refptr<Extension> extension;
122 std::string error;
123
124 extension = LoadManifest("socket_permissions", "empty.json");
125 EXPECT_FALSE(CheckSocketPermission(extension,
126 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
127
128 extension = LoadManifestUnchecked("socket_permissions",
129 "socket1.json",
130 Manifest::INTERNAL, Extension::NO_FLAGS,
131 &error);
132 EXPECT_TRUE(extension.get() == NULL);
133 ASSERT_EQ(ErrorUtils::FormatErrorMessage(
134 manifest_errors::kInvalidPermission, "socket"),
135 error);
136
137 extension = LoadManifest("socket_permissions", "socket2.json");
138 EXPECT_TRUE(CheckSocketPermission(extension,
139 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
140 EXPECT_FALSE(CheckSocketPermission(
141 extension, SocketPermissionRequest::UDP_BIND, "", 80));
142 EXPECT_TRUE(CheckSocketPermission(
143 extension, SocketPermissionRequest::UDP_BIND, "", 8888));
144
145 EXPECT_FALSE(CheckSocketPermission(
146 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
147 EXPECT_TRUE(CheckSocketPermission(
148 extension,
149 SocketPermissionRequest::UDP_SEND_TO,
150 "239.255.255.250", 1900));
151 }
152
153 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
154 scoped_refptr<Extension> extension;
155 extension = LoadManifest("permissions", "many-apis.json");
156 std::vector<string16> warnings =
157 PermissionsData::GetPermissionMessageStrings(extension.get());
158 ASSERT_EQ(6u, warnings.size());
159 EXPECT_EQ("Access your data on api.flickr.com",
160 UTF16ToUTF8(warnings[0]));
161 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1]));
162 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
163 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3]));
164 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4]));
165 EXPECT_EQ("Manage your apps, extensions, and themes",
166 UTF16ToUTF8(warnings[5]));
167 }
168
169 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) {
170 scoped_refptr<Extension> extension;
171 extension = LoadManifest("permissions", "more-than-3-hosts.json");
172 std::vector<string16> warnings =
173 PermissionsData::GetPermissionMessageStrings(extension.get());
174 std::vector<string16> warnings_details =
175 PermissionsData::GetPermissionMessageDetailsStrings(extension.get());
176 ASSERT_EQ(1u, warnings.size());
177 ASSERT_EQ(1u, warnings_details.size());
178 EXPECT_EQ("Access your data on 5 websites", UTF16ToUTF8(warnings[0]));
179 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com",
180 UTF16ToUTF8(warnings_details[0]));
181 }
182
183 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) {
184 scoped_refptr<Extension> extension;
185 extension = LoadManifest("permissions",
186 "location-api.json",
187 Manifest::COMPONENT,
188 Extension::NO_FLAGS);
189 std::vector<string16> warnings =
190 PermissionsData::GetPermissionMessageStrings(extension.get());
191 ASSERT_EQ(1u, warnings.size());
192 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
193 }
194
195 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) {
196 scoped_refptr<Extension> extension;
197 extension = LoadManifest("permissions", "many-hosts.json");
198 std::vector<string16> warnings =
199 PermissionsData::GetPermissionMessageStrings(extension.get());
200 ASSERT_EQ(1u, warnings.size());
201 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
202 UTF16ToUTF8(warnings[0]));
203 }
204
205 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
206 scoped_refptr<Extension> extension;
207 extension = LoadManifest("permissions", "plugins.json");
208 std::vector<string16> warnings =
209 PermissionsData::GetPermissionMessageStrings(extension.get());
210 // We don't parse the plugins key on Chrome OS, so it should not ask for any
211 // permissions.
212 #if defined(OS_CHROMEOS)
213 ASSERT_EQ(0u, warnings.size());
214 #else
215 ASSERT_EQ(1u, warnings.size());
216 EXPECT_EQ("Access all data on your computer and the websites you visit",
217 UTF16ToUTF8(warnings[0]));
218 #endif
219 }
220
221 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
222 // methods of Extension for extensions with various permissions.
223 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
224 protected:
225 ExtensionScriptAndCaptureVisibleTest()
226 : http_url("http://www.google.com"),
227 http_url_with_path("http://www.google.com/index.html"),
228 https_url("https://www.google.com"),
229 file_url("file:///foo/bar"),
230 favicon_url("chrome://favicon/http://www.google.com"),
231 extension_url("chrome-extension://" +
232 id_util::GenerateIdForPath(
233 base::FilePath(FILE_PATH_LITERAL("foo")))),
234 settings_url("chrome://settings"),
235 about_url("about:flags") {
236 urls_.insert(http_url);
237 urls_.insert(http_url_with_path);
238 urls_.insert(https_url);
239 urls_.insert(file_url);
240 urls_.insert(favicon_url);
241 urls_.insert(extension_url);
242 urls_.insert(settings_url);
243 urls_.insert(about_url);
244 // Ignore the policy delegate for this test.
245 PermissionsData::SetPolicyDelegate(NULL);
246 }
247
248 bool AllowedScript(const Extension* extension, const GURL& url,
249 const GURL& top_url) {
250 return PermissionsData::CanExecuteScriptOnPage(
251 extension, url, top_url, -1, NULL, -1, NULL);
252 }
253
254 bool BlockedScript(const Extension* extension, const GURL& url,
255 const GURL& top_url) {
256 return !PermissionsData::CanExecuteScriptOnPage(
257 extension, url, top_url, -1, NULL, -1, NULL);
258 }
259
260 bool Allowed(const Extension* extension, const GURL& url) {
261 return Allowed(extension, url, -1);
262 }
263
264 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
265 return (PermissionsData::CanExecuteScriptOnPage(
266 extension, url, url, tab_id, NULL, -1, NULL) &&
267 PermissionsData::CanCaptureVisiblePage(
268 extension, url, tab_id, NULL));
269 }
270
271 bool CaptureOnly(const Extension* extension, const GURL& url) {
272 return CaptureOnly(extension, url, -1);
273 }
274
275 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
276 return !PermissionsData::CanExecuteScriptOnPage(
277 extension, url, url, tab_id, NULL, -1, NULL) &&
278 PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL);
279 }
280
281 bool Blocked(const Extension* extension, const GURL& url) {
282 return Blocked(extension, url, -1);
283 }
284
285 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
286 return !(PermissionsData::CanExecuteScriptOnPage(
287 extension, url, url, tab_id, NULL, -1, NULL) ||
288 PermissionsData::CanCaptureVisiblePage(
289 extension, url, tab_id, NULL));
290 }
291
292 bool AllowedExclusivelyOnTab(
293 const Extension* extension,
294 const std::set<GURL>& allowed_urls,
295 int tab_id) {
296 bool result = true;
297 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
298 const GURL& url = *it;
299 if (allowed_urls.count(url))
300 result &= Allowed(extension, url, tab_id);
301 else
302 result &= Blocked(extension, url, tab_id);
303 }
304 return result;
305 }
306
307 // URLs that are "safe" to provide scripting and capture visible tab access
308 // to if the permissions allow it.
309 const GURL http_url;
310 const GURL http_url_with_path;
311 const GURL https_url;
312 const GURL file_url;
313
314 // We should allow host permission but not scripting permission for favicon
315 // urls.
316 const GURL favicon_url;
317
318 // URLs that regular extensions should never get access to.
319 const GURL extension_url;
320 const GURL settings_url;
321 const GURL about_url;
322
323 private:
324 // The set of all URLs above.
325 std::set<GURL> urls_;
326 };
327
328 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
329 // Test <all_urls> for regular extensions.
330 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
331 "extension_regular_all.json");
332
333 EXPECT_TRUE(Allowed(extension.get(), http_url));
334 EXPECT_TRUE(Allowed(extension.get(), https_url));
335 EXPECT_TRUE(Blocked(extension.get(), file_url));
336 EXPECT_TRUE(Blocked(extension.get(), settings_url));
337 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
338 EXPECT_TRUE(Blocked(extension.get(), about_url));
339 EXPECT_TRUE(Blocked(extension.get(), extension_url));
340
341 // Test access to iframed content.
342 GURL within_extension_url = extension->GetResourceURL("page.html");
343 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
344 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
345 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
346 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
347 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
348 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
349
350 EXPECT_FALSE(
351 PermissionsData::HasHostPermission(extension.get(), settings_url));
352 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
353 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
354
355 // Test * for scheme, which implies just the http/https schemes.
356 extension = LoadManifestStrict("script_and_capture",
357 "extension_wildcard.json");
358 EXPECT_TRUE(Allowed(extension.get(), http_url));
359 EXPECT_TRUE(Allowed(extension.get(), https_url));
360 EXPECT_TRUE(Blocked(extension.get(), settings_url));
361 EXPECT_TRUE(Blocked(extension.get(), about_url));
362 EXPECT_TRUE(Blocked(extension.get(), file_url));
363 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
364 extension =
365 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
366 EXPECT_TRUE(Blocked(extension.get(), settings_url));
367
368 // Having chrome://*/ should not work for regular extensions. Note that
369 // for favicon access, we require the explicit pattern chrome://favicon/*.
370 std::string error;
371 extension = LoadManifestUnchecked("script_and_capture",
372 "extension_wildcard_chrome.json",
373 Manifest::INTERNAL, Extension::NO_FLAGS,
374 &error);
375 std::vector<InstallWarning> warnings = extension->install_warnings();
376 EXPECT_FALSE(warnings.empty());
377 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
378 manifest_errors::kInvalidPermissionScheme,
379 "chrome://*/"),
380 warnings[0].message);
381 EXPECT_TRUE(Blocked(extension.get(), settings_url));
382 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
383 EXPECT_TRUE(Blocked(extension.get(), about_url));
384
385 // Having chrome://favicon/* should not give you chrome://*
386 extension = LoadManifestStrict("script_and_capture",
387 "extension_chrome_favicon_wildcard.json");
388 EXPECT_TRUE(Blocked(extension.get(), settings_url));
389 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
390 EXPECT_TRUE(Blocked(extension.get(), about_url));
391 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
392
393 // Having http://favicon should not give you chrome://favicon
394 extension = LoadManifestStrict("script_and_capture",
395 "extension_http_favicon.json");
396 EXPECT_TRUE(Blocked(extension.get(), settings_url));
397 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
398
399 // Component extensions with <all_urls> should get everything.
400 extension = LoadManifest("script_and_capture", "extension_component_all.json",
401 Manifest::COMPONENT, Extension::NO_FLAGS);
402 EXPECT_TRUE(Allowed(extension.get(), http_url));
403 EXPECT_TRUE(Allowed(extension.get(), https_url));
404 EXPECT_TRUE(Allowed(extension.get(), settings_url));
405 EXPECT_TRUE(Allowed(extension.get(), about_url));
406 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
407 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
408
409 // Component extensions should only get access to what they ask for.
410 extension = LoadManifest("script_and_capture",
411 "extension_component_google.json", Manifest::COMPONENT,
412 Extension::NO_FLAGS);
413 EXPECT_TRUE(Allowed(extension.get(), http_url));
414 EXPECT_TRUE(Blocked(extension.get(), https_url));
415 EXPECT_TRUE(Blocked(extension.get(), file_url));
416 EXPECT_TRUE(Blocked(extension.get(), settings_url));
417 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
418 EXPECT_TRUE(Blocked(extension.get(), about_url));
419 EXPECT_TRUE(Blocked(extension.get(), extension_url));
420 EXPECT_FALSE(
421 PermissionsData::HasHostPermission(extension.get(), settings_url));
422 }
423
424 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
425 CommandLine::ForCurrentProcess()->AppendSwitch(
426 switches::kExtensionsOnChromeURLs);
427
428 scoped_refptr<Extension> extension;
429
430 // Test <all_urls> for regular extensions.
431 extension = LoadManifestStrict("script_and_capture",
432 "extension_regular_all.json");
433 EXPECT_TRUE(Allowed(extension.get(), http_url));
434 EXPECT_TRUE(Allowed(extension.get(), https_url));
435 EXPECT_TRUE(Blocked(extension.get(), file_url));
436 EXPECT_TRUE(Blocked(extension.get(), settings_url));
437 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
438 EXPECT_TRUE(Blocked(extension.get(), about_url));
439 EXPECT_TRUE(Blocked(extension.get(), extension_url));
440
441 // Test access to iframed content.
442 GURL within_extension_url = extension->GetResourceURL("page.html");
443 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
444 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
445 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
446 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
447 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
448 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
449
450 EXPECT_FALSE(
451 PermissionsData::HasHostPermission(extension.get(), settings_url));
452 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
453 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
454
455 // Test * for scheme, which implies just the http/https schemes.
456 extension = LoadManifestStrict("script_and_capture",
457 "extension_wildcard.json");
458 EXPECT_TRUE(Allowed(extension.get(), http_url));
459 EXPECT_TRUE(Allowed(extension.get(), https_url));
460 EXPECT_TRUE(Blocked(extension.get(), settings_url));
461 EXPECT_TRUE(Blocked(extension.get(), about_url));
462 EXPECT_TRUE(Blocked(extension.get(), file_url));
463 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
464 extension =
465 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
466 EXPECT_TRUE(Blocked(extension.get(), settings_url));
467
468 // Having chrome://*/ should work for regular extensions with the flag
469 // enabled.
470 std::string error;
471 extension = LoadManifestUnchecked("script_and_capture",
472 "extension_wildcard_chrome.json",
473 Manifest::INTERNAL, Extension::NO_FLAGS,
474 &error);
475 EXPECT_FALSE(extension.get() == NULL);
476 EXPECT_TRUE(Blocked(extension.get(), http_url));
477 EXPECT_TRUE(Blocked(extension.get(), https_url));
478 EXPECT_TRUE(Allowed(extension.get(), settings_url));
479 EXPECT_TRUE(Blocked(extension.get(), about_url));
480 EXPECT_TRUE(Blocked(extension.get(), file_url));
481 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
482
483 // Having chrome://favicon/* should not give you chrome://*
484 extension = LoadManifestStrict("script_and_capture",
485 "extension_chrome_favicon_wildcard.json");
486 EXPECT_TRUE(Blocked(extension.get(), settings_url));
487 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
488 EXPECT_TRUE(Blocked(extension.get(), about_url));
489 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
490
491 // Having http://favicon should not give you chrome://favicon
492 extension = LoadManifestStrict("script_and_capture",
493 "extension_http_favicon.json");
494 EXPECT_TRUE(Blocked(extension.get(), settings_url));
495 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
496
497 // Component extensions with <all_urls> should get everything.
498 extension = LoadManifest("script_and_capture", "extension_component_all.json",
499 Manifest::COMPONENT, Extension::NO_FLAGS);
500 EXPECT_TRUE(Allowed(extension.get(), http_url));
501 EXPECT_TRUE(Allowed(extension.get(), https_url));
502 EXPECT_TRUE(Allowed(extension.get(), settings_url));
503 EXPECT_TRUE(Allowed(extension.get(), about_url));
504 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
505 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
506
507 // Component extensions should only get access to what they ask for.
508 extension = LoadManifest("script_and_capture",
509 "extension_component_google.json", Manifest::COMPONENT,
510 Extension::NO_FLAGS);
511 EXPECT_TRUE(Allowed(extension.get(), http_url));
512 EXPECT_TRUE(Blocked(extension.get(), https_url));
513 EXPECT_TRUE(Blocked(extension.get(), file_url));
514 EXPECT_TRUE(Blocked(extension.get(), settings_url));
515 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
516 EXPECT_TRUE(Blocked(extension.get(), about_url));
517 EXPECT_TRUE(Blocked(extension.get(), extension_url));
518 EXPECT_FALSE(
519 PermissionsData::HasHostPermission(extension.get(), settings_url));
520 }
521
522 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
523 scoped_refptr<Extension> extension =
524 LoadManifestStrict("script_and_capture", "tab_specific.json");
525
526 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
527 .get());
528 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
529 .get());
530 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2)
531 .get());
532
533 std::set<GURL> no_urls;
534
535 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0));
536 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1));
537 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
538
539 URLPatternSet allowed_hosts;
540 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
541 http_url.spec()));
542 std::set<GURL> allowed_urls;
543 allowed_urls.insert(http_url);
544 // http_url_with_path() will also be allowed, because Extension should be
545 // considering the security origin of the URL not the URL itself, and
546 // http_url is in allowed_hosts.
547 allowed_urls.insert(http_url_with_path);
548
549 {
550 scoped_refptr<PermissionSet> permissions(
551 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
552 allowed_hosts, URLPatternSet()));
553 PermissionsData::UpdateTabSpecificPermissions(
554 extension.get(), 0, permissions);
555 EXPECT_EQ(permissions->explicit_hosts(),
556 PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
557 ->explicit_hosts());
558 }
559
560 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
561 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1));
562 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
563
564 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
565 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
566 .get());
567
568 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0));
569 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1));
570 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
571
572 std::set<GURL> more_allowed_urls = allowed_urls;
573 more_allowed_urls.insert(https_url);
574 URLPatternSet more_allowed_hosts = allowed_hosts;
575 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
576 https_url.spec()));
577
578 {
579 scoped_refptr<PermissionSet> permissions(
580 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
581 allowed_hosts, URLPatternSet()));
582 PermissionsData::UpdateTabSpecificPermissions(
583 extension.get(), 0, permissions);
584 EXPECT_EQ(permissions->explicit_hosts(),
585 PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
586 ->explicit_hosts());
587
588 permissions = new PermissionSet(APIPermissionSet(),
589 ManifestPermissionSet(),
590 more_allowed_hosts,
591 URLPatternSet());
592 PermissionsData::UpdateTabSpecificPermissions(
593 extension.get(), 1, permissions);
594 EXPECT_EQ(permissions->explicit_hosts(),
595 PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
596 ->explicit_hosts());
597 }
598
599 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
600 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
601 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
602
603 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
604 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
605 .get());
606
607 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0));
608 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
609 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
610
611 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1);
612 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
613 .get());
614
615 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0));
616 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1));
617 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2));
618 }
619
620 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/common/extensions/permissions/permissions_data.cc ('k') | chrome/common/extensions/permissions/settings_override_permission_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698