| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" | 5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" |
| 6 | 6 |
| 7 #include "base/message_loop.h" | 7 #include "base/message_loop.h" |
| 8 #include "chrome/browser/extensions/extension_info_map.h" |
| 9 #include "chrome/common/extensions/extension_constants.h" |
| 8 #include "chrome/test/base/testing_profile.h" | 10 #include "chrome/test/base/testing_profile.h" |
| 11 #include "content/public/browser/resource_request_info.h" |
| 9 #include "net/url_request/url_request_test_util.h" | 12 #include "net/url_request/url_request_test_util.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 11 | 14 |
| 15 using content::ResourceRequestInfo; |
| 16 |
| 12 TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { | 17 TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { |
| 13 MessageLoopForIO message_loop; | 18 MessageLoopForIO message_loop; |
| 14 TestURLRequestContext context; | 19 TestURLRequestContext context; |
| 20 scoped_refptr<ExtensionInfoMap> extension_info_map(new ExtensionInfoMap); |
| 15 const char* sensitive_urls[] = { | 21 const char* sensitive_urls[] = { |
| 16 "http://www.google.com/chrome", | |
| 17 "https://www.google.com/chrome", | |
| 18 "http://www.google.com/chrome/foobar", | |
| 19 "https://www.google.com/chrome/foobar", | |
| 20 "http://chrome.google.com", | |
| 21 "https://chrome.google.com", | |
| 22 "http://client2.google.com", | 22 "http://client2.google.com", |
| 23 "https://client2.google.com", | 23 "https://client2.google.com", |
| 24 // No http version of webstore. | |
| 25 "https://chrome.google.com/webstore", | |
| 26 "http://clients2.google.com/service/update2/crx", | 24 "http://clients2.google.com/service/update2/crx", |
| 27 "https://clients2.google.com/service/update2/crx", | 25 "https://clients2.google.com/service/update2/crx", |
| 28 "http://www.gstatic.com/chrome/extensions/blacklist", | 26 "http://www.gstatic.com/chrome/extensions/blacklist", |
| 29 "https://www.gstatic.com/chrome/extensions/blacklist", | 27 "https://www.gstatic.com/chrome/extensions/blacklist", |
| 30 "notregisteredscheme://www.foobar.com" | 28 "notregisteredscheme://www.foobar.com" |
| 31 }; | 29 }; |
| 32 const char* non_sensitive_urls[] = { | 30 const char* non_sensitive_urls[] = { |
| 33 "http://www.google.com/" | 31 "http://www.google.com/" |
| 34 }; | 32 }; |
| 35 // Check that requests are rejected based on the destination | 33 // Check that requests are rejected based on the destination |
| 36 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { | 34 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { |
| 37 GURL sensitive_url(sensitive_urls[i]); | 35 GURL sensitive_url(sensitive_urls[i]); |
| 38 TestURLRequest request(sensitive_url, NULL, &context); | 36 TestURLRequest request(sensitive_url, NULL, &context); |
| 39 EXPECT_TRUE(WebRequestPermissions::HideRequest(&request)) | 37 EXPECT_TRUE( |
| 38 WebRequestPermissions::HideRequest(extension_info_map.get(), &request)) |
| 40 << sensitive_urls[i]; | 39 << sensitive_urls[i]; |
| 41 } | 40 } |
| 42 // Check that requests are accepted if they don't touch sensitive urls. | 41 // Check that requests are accepted if they don't touch sensitive urls. |
| 43 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) { | 42 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) { |
| 44 GURL non_sensitive_url(non_sensitive_urls[i]); | 43 GURL non_sensitive_url(non_sensitive_urls[i]); |
| 45 TestURLRequest request(non_sensitive_url, NULL, &context); | 44 TestURLRequest request(non_sensitive_url, NULL, &context); |
| 46 EXPECT_FALSE(WebRequestPermissions::HideRequest(&request)) | 45 EXPECT_FALSE( |
| 46 WebRequestPermissions::HideRequest(extension_info_map.get(), &request)) |
| 47 << non_sensitive_urls[i]; | 47 << non_sensitive_urls[i]; |
| 48 } | 48 } |
| 49 // Check that requests are rejected if their first party url is sensitive. | 49 |
| 50 ASSERT_GE(arraysize(non_sensitive_urls), 1u); | 50 // Check protection of requests originating from the frame showing the Chrome |
| 51 GURL non_sensitive_url(non_sensitive_urls[0]); | 51 // WebStore. |
| 52 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { | 52 // Normally this request is not protected: |
| 53 TestURLRequest request(non_sensitive_url, NULL, &context); | 53 GURL non_sensitive_url("http://www.google.com/test.js"); |
| 54 GURL sensitive_url(sensitive_urls[i]); | 54 TestURLRequest non_sensitive_request(non_sensitive_url, NULL, &context); |
| 55 request.set_first_party_for_cookies(sensitive_url); | 55 EXPECT_FALSE(WebRequestPermissions::HideRequest(extension_info_map.get(), |
| 56 EXPECT_TRUE(WebRequestPermissions::HideRequest(&request)) | 56 &non_sensitive_request)); |
| 57 << sensitive_urls[i]; | 57 // If the origin is labeled by the WebStoreAppId, it becomes protected. |
| 58 } | 58 int process_id = 42; |
| 59 int site_instance_id = 23; |
| 60 int frame_id = 17; |
| 61 TestURLRequest sensitive_request(non_sensitive_url, NULL, &context); |
| 62 ResourceRequestInfo::AllocateForTesting(&sensitive_request, |
| 63 ResourceType::SCRIPT, NULL, process_id, frame_id); |
| 64 extension_info_map->RegisterExtensionProcess(extension_misc::kWebStoreAppId, |
| 65 process_id, site_instance_id); |
| 66 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map.get(), |
| 67 &sensitive_request)); |
| 59 } | 68 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10825102:
Protect Chrome WebStore based on process IDs (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src