| OLD | NEW |
|---|
| 1 #!/usr/bin/python | 1 #!/usr/bin/python |
| 2 # Copyright (c) 2011 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 import os | 6 import os |
| 7 | 7 |
| 8 import pyauto_functional | 8 import pyauto_functional |
| 9 import pyauto | 9 import pyauto |
| 10 | 10 |
| 11 | 11 |
| 12 class ChromeosSecurity(pyauto.PyUITest): | 12 class ChromeosSecurity(pyauto.PyUITest): |
| 13 """Security tests for chrome on ChromeOS. | 13 """Security tests for chrome on ChromeOS. |
| 14 | 14 |
| 15 Requires ChromeOS to be logged in. | 15 Requires ChromeOS to be logged in. |
| 16 """ | 16 """ |
| 17 def setUp(self): |
| 18 pyauto.PyUITest.setUp(self) |
| 19 baseline_file = os.path.abspath(os.path.join( |
| 20 pyauto.PyUITest.DataDir(), 'pyauto_private', 'chromeos', |
| 21 'security', 'extension_permission_baseline.txt')) |
| 22 self.assertTrue(os.path.exists(baseline_file), |
| 23 msg='Baseline info file does not exist.') |
| 24 baseline_info = self.EvalDataFrom(baseline_file) |
| 25 self._bundled_crx_directory = baseline_info['BUNDLED_CRX_DIRECTORY'] |
| 26 self._bundled_crx_baseline = baseline_info['BUNDLED_CRX_BASELINE'] |
| 27 self._component_extension_baseline = ( |
| 28 baseline_info['COMPONENT_EXTENSION_BASELINE']) |
| 29 if self.GetBrowserInfo()['properties']['is_official']: |
| 30 self._component_extension_baseline.extend( |
| 31 baseline_info['OFFICIAL_COMPONENT_EXTENSIONS']) |
| 17 | 32 |
| 18 def ExtraChromeFlagsOnChromeOS(self): | 33 def ExtraChromeFlagsOnChromeOS(self): |
| 19 """Override default list of extra flags typicall used with automation. | 34 """Override default list of extra flags typically used with automation. |
| 20 | 35 |
| 21 See the default flags used with automation in pyauto.py. | 36 See the default flags used with automation in pyauto.py. |
| 22 Chrome flags for this test should be as close to reality as possible. | 37 Chrome flags for this test should be as close to reality as possible. |
| 23 """ | 38 """ |
| 24 return [ | 39 return [ |
| 25 '--homepage=about:blank', | 40 '--homepage=about:blank', |
| 26 ] | 41 ] |
| 27 | 42 |
| 28 def testCannotViewLocalFiles(self): | 43 def testCannotViewLocalFiles(self): |
| 29 """Verify that local files cannot be accessed from the browser.""" | 44 """Verify that local files cannot be accessed from the browser.""" |
| 30 urls_and_titles = { | 45 urls_and_titles = { |
| 31 'file:///': 'Index of /', | 46 'file:///': 'Index of /', |
| 32 'file:///etc/': 'Index of /etc/', | 47 'file:///etc/': 'Index of /etc/', |
| 33 self.GetFileURLForDataPath('title2.html'): 'Title Of Awesomeness', | 48 self.GetFileURLForDataPath('title2.html'): 'Title Of Awesomeness', |
| 34 } | 49 } |
| 35 for url, title in urls_and_titles.iteritems(): | 50 for url, title in urls_and_titles.iteritems(): |
| 36 self.NavigateToURL(url) | 51 self.NavigateToURL(url) |
| 37 self.assertNotEqual(title, self.GetActiveTabTitle(), | 52 self.assertNotEqual(title, self.GetActiveTabTitle(), |
| 38 msg='Could access local file %s.' % url) | 53 msg='Could access local file %s.' % url) |
| 39 | 54 |
| 55 def _VerifyExtensionPermissions(self, baseline): |
| 56 """Ensures extension permissions in the baseline match actual info. |
| 57 |
| 58 This function will fail the current test if either (1) an extension named |
| 59 in the baseline is not currently installed in Chrome; or (2) the api |
| 60 permissions or effective host permissions of an extension in the baseline |
| 61 do not match the actual permissions associated with the extension in Chrome. |
| 62 |
| 63 Args: |
| 64 baseline: A dictionary of expected extension information, containing |
| 65 extension names and api/effective host permission info. |
| 66 """ |
| 67 full_ext_actual_info = self.GetExtensionsInfo() |
| 68 for ext_expected_info in baseline: |
| 69 located_ext_info = [info for info in full_ext_actual_info if |
| 70 info['name'] == ext_expected_info['name']] |
| 71 self.assertTrue( |
| 72 located_ext_info, |
| 73 msg='Cannot locate extension info: ' + ext_expected_info['name']) |
| 74 ext_actual_info = located_ext_info[0] |
| 75 self.assertEqual(set(ext_expected_info['effective_host_permissions']), |
| 76 set(ext_actual_info['effective_host_permissions']), |
| 77 msg='Effective host permission info does not match for ' |
| 78 'extension: ' + ext_expected_info['name']) |
| 79 self.assertEqual(set(ext_expected_info['api_permissions']), |
| 80 set(ext_actual_info['api_permissions']), |
| 81 msg='API permission info does not match for ' |
| 82 'extension: ' + ext_expected_info['name']) |
| 83 |
| 84 def testComponentExtensionPermissions(self): |
| 85 """Ensures component extension permissions are as expected.""" |
| 86 expected_names = [ext['name'] for ext in self._component_extension_baseline] |
| 87 actual_names = [ext['name'] for ext in self.GetExtensionsInfo() if |
| 88 ext['is_component_extension']] |
| 89 self.assertEqual(set(expected_names), set(actual_names), |
| 90 msg='Component extension names do not match baseline:\n' |
| 91 'Installed extensions: %s\n' |
| 92 'Expected extensions: %s' % (actual_names, |
| 93 expected_names)) |
| 94 self._VerifyExtensionPermissions(self._component_extension_baseline) |
| 95 |
| 96 def testBundledCrxPermissions(self): |
| 97 """Ensures bundled CRX permissions are as expected.""" |
| 98 # Verify that each bundled CRX on the device is expected, then install it. |
| 99 for file_name in os.listdir(self._bundled_crx_directory): |
| 100 if file_name.endswith('.crx'): |
| 101 self.assertTrue( |
| 102 file_name in [x['crx_file'] for x in self._bundled_crx_baseline], |
| 103 msg='Unexpected CRX file: ' + file_name) |
| 104 crx_file = pyauto.FilePath( |
| 105 os.path.join(self._bundled_crx_directory, file_name)) |
| 106 self.assertTrue(self.InstallExtension(crx_file, False), |
| 107 msg='Extension install failed: %s' % crx_file.value()) |
| 108 |
| 109 # Verify that the permissions information in the baseline matches the |
| 110 # permissions associated with the installed bundled CRX extensions. |
| 111 self._VerifyExtensionPermissions(self._bundled_crx_baseline) |
| 112 |
| 113 def testNoUnexpectedExtensions(self): |
| 114 """Ensures there are no unexpected bundled or component extensions.""" |
| 115 # Install all bundled extensions on the device. |
| 116 for file_name in os.listdir(self._bundled_crx_directory): |
| 117 if file_name.endswith('.crx'): |
| 118 crx_file = pyauto.FilePath( |
| 119 os.path.join(self._bundled_crx_directory, file_name)) |
| 120 self.assertTrue(self.InstallExtension(crx_file, False), |
| 121 msg='Extension install failed: %s' % crx_file.value()) |
| 122 |
| 123 # Ensure that the set of installed extension names precisely matches the |
| 124 # baseline. |
| 125 expected_names = [ext['name'] for ext in self._component_extension_baseline] |
| 126 expected_names.extend([ext['name'] for ext in self._bundled_crx_baseline]) |
| 127 ext_actual_info = self.GetExtensionsInfo() |
| 128 installed_names = [ext['name'] for ext in ext_actual_info] |
| 129 self.assertEqual(set(expected_names), set(installed_names), |
| 130 msg='Installed extension names do not match baseline:\n' |
| 131 'Installed extensions: %s\n' |
| 132 'Expected extensions: %s' % (installed_names, |
| 133 expected_names)) |
| 40 | 134 |
| 41 if __name__ == '__main__': | 135 if __name__ == '__main__': |
| 42 pyauto_functional.Main() | 136 pyauto_functional.Main() |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6969105:
New security-related pyauto tests for Chrome on ChromeOS that verify extension permissions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src