Start refractoring extension permissions into ExtensionPermissionSet.

chrome/common/extensions/extension_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/extension.h"
 
 #include "base/format_macros.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
@@ skipping 24 matching lines @@
 
 void CompareLists(const std::vector<std::string>& expected,
                   const std::vector<std::string>& actual) {
   ASSERT_EQ(expected.size(), actual.size());
 
   for (size_t i = 0; i < expected.size(); ++i) {
     EXPECT_EQ(expected[i], actual[i]);
   }
 }
 
-static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
-  int schemes = URLPattern::SCHEME_ALL;
-  extent->AddPattern(URLPattern(schemes, pattern));
-}
-
 static scoped_refptr<Extension> LoadManifestUnchecked(
     const std::string& dir,
     const std::string& test_file,
     Extension::Location location,
     int extra_flags,
     std::string* error) {
   FilePath path;
   PathService::Get(chrome::DIR_TEST_DATA, &path);
   path = path.AppendASCII("extensions")
              .AppendASCII(dir)
@@ skipping 327 matching lines @@
   hosts = extension->GetEffectiveHostPermissions();
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
   EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
 
   extension = LoadManifest("effective_host_permissions",
                            "two_content_scripts.json");
   hosts = extension->GetEffectiveHostPermissions();
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
+  EXPECT_TRUE(extension->permission_set()->HasEffectiveAccessToHost(
+      GURL("http://www.reddit.com")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
+  EXPECT_TRUE(extension->permission_set()->HasEffectiveAccessToHost(
+      GURL("http://news.ycombinator.com")));
   EXPECT_FALSE(extension->HasEffectiveAccessToAllHosts());
 
   extension = LoadManifest("effective_host_permissions", "all_hosts.json");
   hosts = extension->GetEffectiveHostPermissions();
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
   EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
 
   extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
   hosts = extension->GetEffectiveHostPermissions();
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
   EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
 
   extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
   hosts = extension->GetEffectiveHostPermissions();
   EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
   EXPECT_TRUE(extension->HasEffectiveAccessToAllHosts());
 }
 
-TEST(ExtensionTest, IsPrivilegeIncrease) {
-  const struct {
-    const char* base_name;
-    // Increase these sizes if you have more than 10.
-    const char* granted_apis[10];
-    const char* granted_hosts[10];
-    bool full_access;
-    bool expect_increase;
-  } kTests[] = {
-    { "allhosts1", {NULL}, {"http://*/", NULL}, false,
-      false },  // all -> all
-    { "allhosts2", {NULL}, {"http://*/", NULL}, false,
-      false },  // all -> one
-    { "allhosts3", {NULL}, {NULL}, false, true },  // one -> all
-    { "hosts1", {NULL},
-      {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
-      false },  // http://a,http://b -> http://a,http://b
-    { "hosts2", {NULL},
-      {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
-      true },  // http://a,http://b -> https://a,http://*.b
-    { "hosts3", {NULL},
-      {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
-      false },  // http://a,http://b -> http://a
-    { "hosts4", {NULL},
-      {"http://www.google.com/", NULL}, false,
-      true },  // http://a -> http://a,http://b
-    { "hosts5", {"tabs", "notifications", NULL},
-      {"http://*.example.com/", "http://*.example.com/*",
-       "http://*.example.co.uk/*", "http://*.example.com.au/*",
-       NULL}, false,
-      false },  // http://a,b,c -> http://a,b,c + https://a,b,c
-    { "hosts6", {"tabs", "notifications", NULL},
-      {"http://*.example.com/", "http://*.example.com/*", NULL}, false,
-      false },  // http://a.com -> http://a.com + http://a.co.uk
-    { "permissions1", {"tabs", NULL},
-      {NULL}, false, false },  // tabs -> tabs
-    { "permissions2", {"tabs", NULL},
-      {NULL}, false, true },  // tabs -> tabs,bookmarks
-    { "permissions3", {NULL},
-      {"http://*/*", NULL},
-      false, true },  // http://a -> http://a,tabs
-    { "permissions5", {"bookmarks", NULL},
-      {NULL}, false, true },  // bookmarks -> bookmarks,history
-#if !defined(OS_CHROMEOS)  // plugins aren't allowed in ChromeOS
-    { "permissions4", {NULL},
-      {NULL}, true, false },  // plugin -> plugin,tabs
-    { "plugin1", {NULL},
-      {NULL}, true, false },  // plugin -> plugin
-    { "plugin2", {NULL},
-      {NULL}, true, false },  // plugin -> none
-    { "plugin3", {NULL},
-      {NULL}, false, true },  // none -> plugin
-#endif
-    { "storage", {NULL},
-      {NULL}, false, false },  // none -> storage
-    { "notifications", {NULL},
-      {NULL}, false, false }  // none -> notifications
-  };
-
-  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
-    scoped_refptr<Extension> old_extension(
-        LoadManifest("allow_silent_upgrade",
-                     std::string(kTests[i].base_name) + "_old.json"));
-    scoped_refptr<Extension> new_extension(
-        LoadManifest("allow_silent_upgrade",
-                     std::string(kTests[i].base_name) + "_new.json"));
-
-    std::set<std::string> granted_apis;
-    for (size_t j = 0; kTests[i].granted_apis[j] != NULL; ++j)
-      granted_apis.insert(kTests[i].granted_apis[j]);
-
-    URLPatternSet granted_hosts;
-    for (size_t j = 0; kTests[i].granted_hosts[j] != NULL; ++j)
-      AddPattern(&granted_hosts, kTests[i].granted_hosts[j]);
-
-    EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
-    if (!new_extension.get())
-      continue;
-
-    EXPECT_EQ(kTests[i].expect_increase,
-              Extension::IsPrivilegeIncrease(kTests[i].full_access,
-                                             granted_apis,
-                                             granted_hosts,
-                                             new_extension.get()))
-        << kTests[i].base_name;
-  }
-}
-
-TEST(ExtensionTest, PermissionMessages) {
-  // Ensure that all permissions that needs to show install UI actually have
-  // strings associated with them.
-
-  std::set<std::string> skip;
-
-  // These are considered "nuisance" or "trivial" permissions that don't need
-  // a prompt.
-  skip.insert(Extension::kContextMenusPermission);
-  skip.insert(Extension::kIdlePermission);
-  skip.insert(Extension::kNotificationPermission);
-  skip.insert(Extension::kUnlimitedStoragePermission);
-  skip.insert(Extension::kContentSettingsPermission);
-
-  // TODO(erikkay) add a string for this permission.
-  skip.insert(Extension::kBackgroundPermission);
-
-  skip.insert(Extension::kClipboardWritePermission);
-
-  // The cookie permission does nothing unless you have associated host
-  // permissions.
-  skip.insert(Extension::kCookiePermission);
-
-  // The proxy permission is warned as part of host permission checks.
-  skip.insert(Extension::kProxyPermission);
-
-  // This permission requires explicit user action (context menu handler)
-  // so we won't prompt for it for now.
-  skip.insert(Extension::kFileBrowserHandlerPermission);
-
-  // If you've turned on the experimental command-line flag, we don't need
-  // to warn you further.
-  skip.insert(Extension::kExperimentalPermission);
-
-  // These are private.
-  skip.insert(Extension::kWebstorePrivatePermission);
-  skip.insert(Extension::kFileBrowserPrivatePermission);
-  skip.insert(Extension::kMediaPlayerPrivatePermission);
-  skip.insert(Extension::kChromePrivatePermission);
-  skip.insert(Extension::kChromeosInfoPrivatePermission);
-  skip.insert(Extension::kWebSocketProxyPrivatePermission);
-
-  const Extension::PermissionMessage::MessageId ID_NONE =
-      Extension::PermissionMessage::ID_NONE;
-
-  for (size_t i = 0; i < Extension::kNumPermissions; ++i) {
-    Extension::Permission permission = Extension::kPermissions[i];
-    if (skip.count(permission.name)) {
-      EXPECT_EQ(ID_NONE, permission.message_id)
-          << "unexpected message_id for " << permission.name;
-    } else {
-      EXPECT_NE(ID_NONE, permission.message_id)
-          << "missing message_id for " << permission.name;
-    }
-  }
-}
-
 // Returns a copy of |source| resized to |size| x |size|.
 static SkBitmap ResizedCopy(const SkBitmap& source, int size) {
   return skia::ImageOperations::Resize(source,
                                        skia::ImageOperations::RESIZE_LANCZOS3,
                                        size,
                                        size);
 }
 
 static bool SizeEquals(const SkBitmap& bitmap, const gfx::Size& size) {
   return bitmap.width() == size.width() && bitmap.height() == size.height();
@@ skipping 321 matching lines @@
   EXPECT_TRUE(Allowed(extension, http_url));
   EXPECT_TRUE(Blocked(extension, https_url));
   EXPECT_TRUE(Blocked(extension, file_url));
   EXPECT_TRUE(Blocked(extension, settings_url));
   EXPECT_TRUE(Blocked(extension, favicon_url));
   EXPECT_TRUE(Blocked(extension, about_url));
   EXPECT_TRUE(Blocked(extension, extension_url));
   EXPECT_FALSE(extension->HasHostPermission(settings_url));
 }
 
-TEST(ExtensionTest, GetDistinctHostsForDisplay) {
-  std::vector<std::string> expected;
-  expected.push_back("www.foo.com");
-  expected.push_back("www.bar.com");
-  expected.push_back("www.baz.com");
-  URLPatternList actual;
-
-  {
-    SCOPED_TRACE("no dupes");
-
-    // Simple list with no dupes.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("two dupes");
-
-    // Add some dupes.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("schemes differ");
-
-    // Add a pattern that differs only by scheme. This should be filtered out.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("paths differ");
-
-    // Add some dupes by path.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("subdomains differ");
-
-    // We don't do anything special for subdomains.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
-
-    expected.push_back("monkey.www.bar.com");
-    expected.push_back("bar.com");
-
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("RCDs differ");
-
-    // Now test for RCD uniquing.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
-
-    // This is an unknown RCD, which shouldn't be uniqued out.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
-    // But it should only occur once.
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
-
-    expected.push_back("www.foo.xyzzy");
-
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-
-  {
-    SCOPED_TRACE("wildcards");
-
-    actual.push_back(
-        URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
-
-    expected.push_back("*.google.com");
-
-    CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-  }
-}
-
-TEST(ExtensionTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
-  URLPatternList actual;
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
-
-  std::vector<std::string> expected;
-  expected.push_back("www.foo.com");
-
-  CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-}
-
-TEST(ExtensionTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
-  URLPatternList actual;
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
-  // No http://www.foo.com/path
-
-  std::vector<std::string> expected;
-  expected.push_back("www.foo.net");
-
-  CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-}
-
-TEST(ExtensionTest, GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
-  URLPatternList actual;
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
-  // No http://www.foo.net/path
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
-  // No http://www.foo.com/path
-
-  std::vector<std::string> expected;
-  expected.push_back("www.foo.org");
-
-  CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-}
-
-TEST(ExtensionTest, GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
-  URLPatternList actual;
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
-  // No http://www.foo.org/path
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
-  // No http://www.foo.net/path
-  actual.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
-  // No http://www.foo.com/path
-
-  std::vector<std::string> expected;
-  expected.push_back("www.foo.ca");
-
-  CompareLists(expected,
-                 Extension::GetDistinctHostsForDisplay(actual));
-}
-
-TEST(ExtensionTest, IsElevatedHostList) {
-  URLPatternList list1;
-  URLPatternList list2;
-
-  list1.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
-  list1.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
-
-  // Test that the host order does not matter.
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
-
-  EXPECT_FALSE(Extension::IsElevatedHostList(list1, list2));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list2, list1));
-
-  // Test that paths are ignored.
-  list2.clear();
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list1, list2));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list2, list1));
-
-  // Test that RCDs are ignored.
-  list2.clear();
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list1, list2));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list2, list1));
-
-  // Test that subdomain wildcards are handled properly.
-  list2.clear();
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
-  EXPECT_TRUE(Extension::IsElevatedHostList(list1, list2));
-  //TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
-  //EXPECT_FALSE(Extension::IsElevatedHostList(list2, list1));
-
-  // Test that different domains count as different hosts.
-  list2.clear();
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
-  EXPECT_TRUE(Extension::IsElevatedHostList(list1, list2));
-  EXPECT_FALSE(Extension::IsElevatedHostList(list2, list1));
-
-  // Test that different subdomains count as different hosts.
-  list2.clear();
-  list2.push_back(
-      URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
-  EXPECT_TRUE(Extension::IsElevatedHostList(list1, list2));
-  EXPECT_TRUE(Extension::IsElevatedHostList(list2, list1));
-}
-
 TEST(ExtensionTest, GenerateId) {
   std::string result;
   EXPECT_TRUE(Extension::GenerateId("", &result));
 
   EXPECT_TRUE(Extension::GenerateId("test", &result));
   EXPECT_EQ(result, "jpignaibiiemhngfjkcpokkamffknabf");
 
   EXPECT_TRUE(Extension::GenerateId("_", &result));
   EXPECT_EQ(result, "ncocknphbhhlhkikpnnlmbcnbgdempcd");
 
   EXPECT_TRUE(Extension::GenerateId(
       "this_string_is_longer_than_a_single_sha256_hash_digest", &result));
   EXPECT_EQ(result, "jimneklojkjdibfkgiiophfhjhbdgcfi");
 }