Take 2 at implementing activeTab.

chrome/common/extensions/extension_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include "base/format_macros.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/json/json_file_value_serializer.h"
@@ skipping 597 matching lines @@
 #endif
 }
 
 TEST(ExtensionTest, WantsFileAccess) {
   scoped_refptr<Extension> extension;
   GURL file_url("file:///etc/passwd");
 
   // <all_urls> permission
   extension = LoadManifest("permissions", "permissions_all_urls.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
   extension = LoadManifest(
       "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
 
   // file:///* permission
   extension = LoadManifest("permissions", "permissions_file_scheme.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
   extension = LoadManifest("permissions", "permissions_file_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_TRUE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
 
   // http://* permission
   extension = LoadManifest("permissions", "permissions_http_scheme.json");
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
   extension = LoadManifest("permissions", "permissions_http_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, NULL, NULL));
+  EXPECT_FALSE(extension->CanExecuteScriptOnPage(file_url, -1, NULL, NULL));
 
   // <all_urls> content script match
   extension = LoadManifest("permissions", "content_script_all_urls.json");
   EXPECT_TRUE(extension->wants_file_access());
   EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
   extension = LoadManifest("permissions", "content_script_all_urls.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
   EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
 
   // file:///* content script match
   extension = LoadManifest("permissions", "content_script_file_scheme.json");
   EXPECT_TRUE(extension->wants_file_access());
   EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
   extension = LoadManifest("permissions", "content_script_file_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
   EXPECT_TRUE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
 
   // http://* content script match
   extension = LoadManifest("permissions", "content_script_http_scheme.json");
   EXPECT_FALSE(extension->wants_file_access());
   EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
   extension = LoadManifest("permissions", "content_script_http_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_FALSE(extension->wants_file_access());
   EXPECT_FALSE(extension->CanExecuteScriptOnPage(
-      file_url, &extension->content_scripts()[0], NULL));
+      file_url, -1, &extension->content_scripts()[0], NULL));
 }
 
 TEST(ExtensionTest, ExtraFlags) {
   scoped_refptr<Extension> extension;
   extension = LoadManifest("app", "manifest.json", Extension::FROM_WEBSTORE);
   EXPECT_TRUE(extension->from_webstore());
 
   extension = LoadManifest("app", "manifest.json", Extension::FROM_BOOKMARK);
   EXPECT_TRUE(extension->from_bookmark());
 
   extension = LoadManifest("app", "manifest.json", Extension::NO_FLAGS);
   EXPECT_FALSE(extension->from_bookmark());
   EXPECT_FALSE(extension->from_webstore());
 }
 
 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
 // methods of Extension for extensions with various permissions.
 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
- public:
-  ExtensionScriptAndCaptureVisibleTest() {
-    PathService::Get(chrome::DIR_TEST_DATA, &dirpath_);
+ protected:
+  ExtensionScriptAndCaptureVisibleTest()
+      : http_url_("http://www.google.com"),
+        http_url_with_path_("http://www.google.com/index.html"),
+        https_url_("https://www.google.com"),
+        file_url_("file:///foo/bar"),
+        favicon_url_("chrome://favicon/http://www.google.com"),
+        extension_url_("chrome-extension://" +
+            Extension::GenerateIdForPath(FilePath(FILE_PATH_LITERAL("foo")))),
+        settings_url_("chrome://settings"),
+        about_url_("about:flags") {
+    urls_.insert(http_url_);
+    urls_.insert(http_url_with_path_);
+    urls_.insert(https_url_);
+    urls_.insert(file_url_);
+    urls_.insert(favicon_url_);
+    urls_.insert(extension_url_);
+    urls_.insert(settings_url_);
+    urls_.insert(about_url_);
   }
 
   bool Allowed(const Extension* extension, const GURL& url) {
-    return (extension->CanExecuteScriptOnPage(url, NULL, NULL) &&
-            extension->CanCaptureVisiblePage(url, NULL));
+    return Allowed(extension, url, -1);
+  }
+
+  bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
+    return (extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) &&
+            extension->CanCaptureVisiblePage(url, tab_id, NULL));
   }
 
   bool CaptureOnly(const Extension* extension, const GURL& url) {
-    return !extension->CanExecuteScriptOnPage(url, NULL, NULL) &&
-        extension->CanCaptureVisiblePage(url, NULL);
+    return CaptureOnly(extension, url, -1);
+  }
+
+  bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
+    return !extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) &&
+            extension->CanCaptureVisiblePage(url, tab_id, NULL);
   }
 
   bool Blocked(const Extension* extension, const GURL& url) {
-    return !(extension->CanExecuteScriptOnPage(url, NULL, NULL) ||
-             extension->CanCaptureVisiblePage(url, NULL));
+    return Blocked(extension, url, -1);
   }
 
- protected:
-  FilePath dirpath_;
+  bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
+    return !(extension->CanExecuteScriptOnPage(url, tab_id, NULL, NULL) ||
+             extension->CanCaptureVisiblePage(url, tab_id, NULL));
+  }
+
+  bool AllowedExclusivelyOnTab(
+      const Extension* extension,
+      const std::set<GURL>& allowed_urls,
+      int tab_id) {
+    bool result = true;
+    for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
+      const GURL& url = *it;
+      if (allowed_urls.count(url))
+        result &= Allowed(extension, url, tab_id);
+      else
+        result &= Blocked(extension, url, tab_id);
+    }
+    return result;
+  }
+
+  const GURL& http_url() { return http_url_; }
+  const GURL& http_url_with_path() { return http_url_with_path_; }
+  const GURL& https_url() { return https_url_; }
+  const GURL& file_url() { return file_url_; }
+  const GURL& favicon_url() { return favicon_url_; }
+  const GURL& extension_url() { return extension_url_; }
+  const GURL& settings_url() { return settings_url_; }
+  const GURL& about_url() { return about_url_; }
+
+  const std::set<GURL> urls() { return urls_; }
+
+ private:
+  // URLs that are "safe" to provide scripting and capture visible tab access
+  // to if the permissions allow it.
+  GURL http_url_;
+  GURL http_url_with_path_;
+  GURL https_url_;
+  GURL file_url_;
+
+  // We should allow host permission but not scripting permission for favicon
+  // urls.
+  GURL favicon_url_;
+
+  // URLs that regular extensions should never get access to.
+  GURL extension_url_;
+  GURL settings_url_;
+  GURL about_url_;
+
+  // The set of all URLs above.
+  std::set<GURL> urls_;
 };
 
 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
   scoped_refptr<Extension> extension;
-  // URLs that are "safe" to provide scripting and capture visible tab access
-  // to if the permissions allow it.
-  GURL http_url("http://www.google.com");
-  GURL https_url("https://www.google.com");
-  GURL file_url("file:///foo/bar");
 
-  // We should allow host permission but not scripting permission for favicon
-  // urls.
-  GURL favicon_url("chrome://favicon/http://www.google.com");
-
-  std::string dummy_id =
-      Extension::GenerateIdForPath(FilePath(FILE_PATH_LITERAL("whatever")));
-
-  // URLs that regular extensions should never get access to.
-  GURL extension_url("chrome-extension://" + dummy_id);
-  GURL settings_url("chrome://settings");
-  GURL about_url("about:flags");
 
   // Test <all_urls> for regular extensions.
   extension = LoadManifestStrict("script_and_capture",
       "extension_regular_all.json");
-  EXPECT_TRUE(Allowed(extension, http_url));
-  EXPECT_TRUE(Allowed(extension, https_url));
-  EXPECT_TRUE(Blocked(extension, file_url));
-  EXPECT_TRUE(Blocked(extension, settings_url));
-  EXPECT_TRUE(CaptureOnly(extension, favicon_url));
-  EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(Blocked(extension, extension_url));
+  EXPECT_TRUE(Allowed(extension, http_url()));
+  EXPECT_TRUE(Allowed(extension, https_url()));
+  EXPECT_TRUE(Blocked(extension, file_url()));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
+  EXPECT_TRUE(CaptureOnly(extension, favicon_url()));
+  EXPECT_TRUE(Blocked(extension, about_url()));
+  EXPECT_TRUE(Blocked(extension, extension_url()));
 
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
-  EXPECT_FALSE(extension->HasHostPermission(about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_FALSE(extension->HasHostPermission(settings_url()));
+  EXPECT_FALSE(extension->HasHostPermission(about_url()));
+  EXPECT_TRUE(extension->HasHostPermission(favicon_url()));
 
   // Test * for scheme, which implies just the http/https schemes.
   extension = LoadManifestStrict("script_and_capture",
       "extension_wildcard.json");
-  EXPECT_TRUE(Allowed(extension, http_url));
-  EXPECT_TRUE(Allowed(extension, https_url));
-  EXPECT_TRUE(Blocked(extension, settings_url));
-  EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(Blocked(extension, file_url));
-  EXPECT_TRUE(Blocked(extension, favicon_url));
+  EXPECT_TRUE(Allowed(extension, http_url()));
+  EXPECT_TRUE(Allowed(extension, https_url()));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
+  EXPECT_TRUE(Blocked(extension, about_url()));
+  EXPECT_TRUE(Blocked(extension, file_url()));
+  EXPECT_TRUE(Blocked(extension, favicon_url()));
   extension = LoadManifest("script_and_capture",
       "extension_wildcard_settings.json");
-  EXPECT_TRUE(Blocked(extension, settings_url));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
 
   // Having chrome://*/ should not work for regular extensions. Note that
   // for favicon access, we require the explicit pattern chrome://favicon/*.
   std::string error;
   extension = LoadManifestUnchecked("script_and_capture",
                                     "extension_wildcard_chrome.json",
                                     Extension::INTERNAL, Extension::NO_FLAGS,
                                     &error);
   EXPECT_TRUE(extension == NULL);
   EXPECT_EQ(ExtensionErrorUtils::FormatErrorMessage(
       errors::kInvalidPermissionScheme, base::IntToString(1)), error);
 
   // Having chrome://favicon/* should not give you chrome://*
   extension = LoadManifestStrict("script_and_capture",
       "extension_chrome_favicon_wildcard.json");
-  EXPECT_TRUE(Blocked(extension, settings_url));
-  EXPECT_TRUE(CaptureOnly(extension, favicon_url));
-  EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
+  EXPECT_TRUE(CaptureOnly(extension, favicon_url()));
+  EXPECT_TRUE(Blocked(extension, about_url()));
+  EXPECT_TRUE(extension->HasHostPermission(favicon_url()));
 
   // Having http://favicon should not give you chrome://favicon
   extension = LoadManifestStrict("script_and_capture",
       "extension_http_favicon.json");
-  EXPECT_TRUE(Blocked(extension, settings_url));
-  EXPECT_TRUE(Blocked(extension, favicon_url));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
+  EXPECT_TRUE(Blocked(extension, favicon_url()));
 
   // Component extensions with <all_urls> should get everything.
   extension = LoadManifest("script_and_capture", "extension_component_all.json",
       Extension::COMPONENT, Extension::NO_FLAGS);
-  EXPECT_TRUE(Allowed(extension, http_url));
-  EXPECT_TRUE(Allowed(extension, https_url));
-  EXPECT_TRUE(Allowed(extension, settings_url));
-  EXPECT_TRUE(Allowed(extension, about_url));
-  EXPECT_TRUE(Allowed(extension, favicon_url));
-  EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+  EXPECT_TRUE(Allowed(extension, http_url()));
+  EXPECT_TRUE(Allowed(extension, https_url()));
+  EXPECT_TRUE(Allowed(extension, settings_url()));
+  EXPECT_TRUE(Allowed(extension, about_url()));
+  EXPECT_TRUE(Allowed(extension, favicon_url()));
+  EXPECT_TRUE(extension->HasHostPermission(favicon_url()));
 
   // Component extensions should only get access to what they ask for.
   extension = LoadManifest("script_and_capture",
       "extension_component_google.json", Extension::COMPONENT,
       Extension::NO_FLAGS);
-  EXPECT_TRUE(Allowed(extension, http_url));
-  EXPECT_TRUE(Blocked(extension, https_url));
-  EXPECT_TRUE(Blocked(extension, file_url));
-  EXPECT_TRUE(Blocked(extension, settings_url));
-  EXPECT_TRUE(Blocked(extension, favicon_url));
-  EXPECT_TRUE(Blocked(extension, about_url));
-  EXPECT_TRUE(Blocked(extension, extension_url));
-  EXPECT_FALSE(extension->HasHostPermission(settings_url));
+  EXPECT_TRUE(Allowed(extension, http_url()));
+  EXPECT_TRUE(Blocked(extension, https_url()));
+  EXPECT_TRUE(Blocked(extension, file_url()));
+  EXPECT_TRUE(Blocked(extension, settings_url()));
+  EXPECT_TRUE(Blocked(extension, favicon_url()));
+  EXPECT_TRUE(Blocked(extension, about_url()));
+  EXPECT_TRUE(Blocked(extension, extension_url()));
+  EXPECT_FALSE(extension->HasHostPermission(settings_url()));

[not at google - send to devlin, 2012/06/06 07:38:40]

Looking at the damage I made here, I should revert that accessor change and just
call the member variables http_url and https_url etc.

+}
+
+TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
+  scoped_refptr<Extension> extension =
+      LoadManifestStrict("script_and_capture", "tab_specific.json");
+
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(0));
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(1));
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(2));
+
+  std::set<GURL> no_urls;
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+
+  URLPatternSet allowed_hosts;
+    allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
+                                        http_url().spec()));
+  std::set<GURL> allowed_urls;
+    allowed_urls.insert(http_url());
+    // http_url_with_path() will also be allowed, because Extension should be
+    // considering the security origin of the URL not the URL itself, and
+    // http_url() is in allowed_hosts.
+    allowed_urls.insert(http_url_with_path());
+
+  extension->SetTabSpecificHostPermissions(0, allowed_hosts);
+  EXPECT_EQ(allowed_hosts, *extension->GetTabSpecificHostPermissions(0));
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+
+  extension->ClearTabSpecificHostPermissions(0);
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(0));
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+
+  std::set<GURL> more_allowed_urls = allowed_urls;
+    more_allowed_urls.insert(https_url());
+  URLPatternSet more_allowed_hosts = allowed_hosts;
+    more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
+                                             https_url().spec()));
+
+  extension->SetTabSpecificHostPermissions(0, allowed_hosts);
+  EXPECT_EQ(allowed_hosts, *extension->GetTabSpecificHostPermissions(0));
+  extension->SetTabSpecificHostPermissions(1, more_allowed_hosts);
+  EXPECT_EQ(more_allowed_hosts, *extension->GetTabSpecificHostPermissions(1));
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, allowed_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+
+  extension->ClearTabSpecificHostPermissions(0);
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(0));
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, more_allowed_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+
+  extension->ClearTabSpecificHostPermissions(1);
+  EXPECT_EQ(NULL, extension->GetTabSpecificHostPermissions(1));
+
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 0));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 1));
+  EXPECT_TRUE(AllowedExclusivelyOnTab(extension, no_urls, 2));
+}
+
+TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecificActiveHostPermissions) {
+  // - no active permissions.
+  // - no tab specific permissions
+  // - changing active permissions.
+  // - changing tab specific permissions.
+  // - lots of tab specific permissions (test merge algorithm).
 }
 
 TEST(ExtensionTest, GenerateId) {
   std::string result;
   EXPECT_TRUE(Extension::GenerateId("", &result));
 
   EXPECT_TRUE(Extension::GenerateId("test", &result));
   EXPECT_EQ(result, "jpignaibiiemhngfjkcpokkamffknabf");
 
   EXPECT_TRUE(Extension::GenerateId("_", &result));
@@ skipping 147 matching lines @@
 }
 
 TEST(ExtensionTest, GetSyncTypeExtensionWithTwoPlugins) {
   scoped_refptr<Extension> extension(
       MakeSyncTestExtension(EXTENSION, GURL(), GURL(),
                             Extension::INTERNAL, 2, FilePath()));
   if (extension)
     EXPECT_EQ(extension->GetSyncType(), Extension::SYNC_TYPE_NONE);
 }
 #endif // !defined(OS_CHROMEOS)