Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3099)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/extension_unittest.cc

Issue 6966015: Merge 86164 (Closed) Base URL: svn://svn.chromium.org/chrome/branches/742/src/
Patch Set: Created 9 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/common/extensions/extension.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/extension_unittest.cc
===================================================================
--- chrome/common/extensions/extension_unittest.cc (revision 86314)
+++ chrome/common/extensions/extension_unittest.cc (working copy)
@@ -1295,6 +1295,154 @@
file_url, &extension->content_scripts()[0], NULL));
}
+// Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
+// methods of Extension for extensions with various permissions.
+class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
+ public:
+ ExtensionScriptAndCaptureVisibleTest() {
+ PathService::Get(chrome::DIR_TEST_DATA, &dirpath_);
+ }
+
+ scoped_refptr<Extension> MakeExtension(const std::string& permissions,
+ Extension::Location location) {
+ // Replace single-quotes with double-quotes in permissions, since JSON
+ // mandates double-quotes.
+ std::string munged_permissions = permissions;
+ ReplaceSubstringsAfterOffset(&munged_permissions, 0, "'", "\"");
+
+ DictionaryValue dictionary;
+ dictionary.SetString(keys::kName, "permission test");
+ dictionary.SetString(keys::kVersion, "1");
+ std::string error;
+ JSONStringValueSerializer serializer(munged_permissions);
+ scoped_ptr<Value> permission_value(serializer.Deserialize(NULL, &error));
+ EXPECT_EQ("", error);
+ if (!permission_value.get())
+ return NULL;
+ EXPECT_TRUE(permission_value->IsType(Value::TYPE_LIST));
+ dictionary.Set(keys::kPermissions, permission_value.release());
+
+ FilePath dirpath;
+ PathService::Get(chrome::DIR_TEST_DATA, &dirpath);
+ dirpath = dirpath.AppendASCII("extensions").AppendASCII("permissions");
+
+ scoped_refptr<Extension> extension = Extension::Create(
+ dirpath,
+ location,
+ dictionary,
+ Extension::STRICT_ERROR_CHECKS,
+ &error);
+ if (!extension)
+ VLOG(1) << error;
+ return extension;
+ }
+
+ bool Allowed(const Extension* extension, const GURL& url) {
+ return (extension->CanExecuteScriptOnPage(url, NULL, NULL) &&
+ extension->CanCaptureVisiblePage(url, NULL));
+ }
+
+ bool CaptureOnly(const Extension* extension, const GURL& url) {
+ return !extension->CanExecuteScriptOnPage(url, NULL, NULL) &&
+ extension->CanCaptureVisiblePage(url, NULL);
+ }
+
+ bool Blocked(const Extension* extension, const GURL& url) {
+ return !(extension->CanExecuteScriptOnPage(url, NULL, NULL) ||
+ extension->CanCaptureVisiblePage(url, NULL));
+ }
+
+ protected:
+ FilePath dirpath_;
+};
+
+TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
+ scoped_refptr<Extension> extension;
+ // URLs that are "safe" to provide scripting and capture visible tab access
+ // to if the permissions allow it.
+ GURL http_url("http://www.google.com");
+ GURL https_url("https://www.google.com");
+ GURL file_url("file:///foo/bar");
+
+ // We should allow host permission but not scripting permission for favicon
+ // urls.
+ GURL favicon_url("chrome://favicon/http://www.google.com");
+
+ std::string dummy_id =
+ Extension::GenerateIdForPath(FilePath(FILE_PATH_LITERAL("whatever")));
+
+ // URLs that regular extensions should never get access to.
+ GURL extension_url("chrome-extension://" + dummy_id);
+ GURL settings_url("chrome://settings");
+ GURL about_url("about:flags");
+
+ // Test <all_urls> for regular extensions.
+ extension = MakeExtension("['tabs','<all_urls>']", Extension::INTERNAL);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(CaptureOnly(extension, favicon_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, extension_url));
+
+ EXPECT_FALSE(extension->HasHostPermission(settings_url));
+ EXPECT_FALSE(extension->HasHostPermission(about_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Test * for scheme, which implies just the http/https schemes.
+ extension = MakeExtension("['tabs','*://*/']", Extension::INTERNAL);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+ extension = MakeExtension("['tabs','*://settings/*']", Extension::INTERNAL);
+ EXPECT_TRUE(Blocked(extension, settings_url));
+
+ // Having chrome://*/ should not work for regular extensions. Note that
+ // for favicon access, we require the explicit pattern chrome://favicon/*.
+ extension = MakeExtension("['tabs','chrome://*/']",
+ Extension::INTERNAL);
+ EXPECT_TRUE(extension == NULL);
+
+ // Having chrome://favicon/* should not give you chrome://*
+ extension = MakeExtension("['tabs','chrome://favicon/*']",
+ Extension::INTERNAL);
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(CaptureOnly(extension, favicon_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Having http://favicon should not give you chrome://favicon
+ extension = MakeExtension("['tabs', 'http://favicon/']", Extension::INTERNAL);
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+
+ // Component extensions with <all_urls> should get everything.
+ extension = MakeExtension("['tabs','<all_urls>']", Extension::COMPONENT);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Allowed(extension, settings_url));
+ EXPECT_TRUE(Allowed(extension, about_url));
+ EXPECT_TRUE(Allowed(extension, favicon_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Component extensions should only get access to what they ask for.
+ extension = MakeExtension("['tabs', 'http://www.google.com/']",
+ Extension::COMPONENT);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Blocked(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, extension_url));
+ EXPECT_FALSE(extension->HasHostPermission(settings_url));
+}
+
+
TEST(ExtensionTest, GetDistinctHostsForDisplay) {
std::vector<std::string> expected;
expected.push_back("www.foo.com");
« no previous file with comments | « chrome/common/extensions/extension.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698