Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(334)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/extension_permission_set_unittest.cc

Issue 7003098: Start refractoring extension permissions into ExtensionPermissionSet. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase + small cleanup Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/common/extensions/extension_permission_set.h ('K') | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/extension_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/common/extensions/extension_permission_set.h"
6
7 #include "base/logging.h"
8 #include "base/path_service.h"
9 #include "base/utf_string_conversions.h"
10 #include "chrome/common/chrome_paths.h"
11 #include "chrome/common/extensions/extension.h"
12 #include "content/common/json_value_serializer.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace {
16
17 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
18 const std::string& test_file,
19 int extra_flags) {
20 FilePath path;
21 PathService::Get(chrome::DIR_TEST_DATA, &path);
22 path = path.AppendASCII("extensions")
23 .AppendASCII(dir)
24 .AppendASCII(test_file);
25
26 JSONFileValueSerializer serializer(path);
27 std::string error;
28 scoped_ptr<Value> result(serializer.Deserialize(NULL, &error));
29 if (!result.get()) {
30 EXPECT_EQ("", error);
31 return NULL;
32 }
33
34 scoped_refptr<Extension> extension = Extension::Create(
35 path.DirName(), Extension::INVALID,
36 *static_cast<DictionaryValue*>(result.get()),
37 Extension::STRICT_ERROR_CHECKS | extra_flags, &error);
38 EXPECT_TRUE(extension) << error;
39 return extension;
40 }
41
42 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
43 const std::string& test_file) {
44 return LoadManifest(dir, test_file, Extension::NO_FLAGS);
45 }
46
47 void CompareLists(const std::vector<std::string>& expected,
48 const std::vector<std::string>& actual) {
49 ASSERT_EQ(expected.size(), actual.size());
50
51 for (size_t i = 0; i < expected.size(); ++i) {
52 EXPECT_EQ(expected[i], actual[i]);
53 }
54 }
55
56 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
57 int schemes = URLPattern::SCHEME_ALL;
58 extent->AddPattern(URLPattern(schemes, pattern));
59 }
60
61 static void AssertEqualExtents(const URLPatternSet& extent1,
62 const URLPatternSet& extent2) {
63 URLPatternList patterns1 = extent1.patterns();
64 URLPatternList patterns2 = extent2.patterns();
65 std::set<std::string> strings1;
66 EXPECT_EQ(patterns1.size(), patterns2.size());
67
68 for (size_t i = 0; i < patterns1.size(); ++i)
69 strings1.insert(patterns1.at(i).GetAsString());
70
71 std::set<std::string> strings2;
72 for (size_t i = 0; i < patterns2.size(); ++i)
73 strings2.insert(patterns2.at(i).GetAsString());
74
75 EXPECT_EQ(strings1, strings2);
76 }
77
78 } // namespace
79
80 class ExtensionAPIPermissionTest : public testing::Test {
81 };
82
83 class ExtensionPermissionSetTest : public testing::Test {
84 };
85
86
87 // Tests GetByID.
88 TEST(ExtensionPermissionsInfoTest, GetByID) {
89 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
90 ExtensionAPIPermissionSet ids = info->GetAll();
91 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
92 i != ids.end(); ++i) {
93 EXPECT_EQ(*i, info->GetByID(*i)->id());
94 }
95 }
96
97 // Tests that GetByName works with normal permission names and aliases.
98 TEST(ExtensionPermissionsInfoTest, GetByName) {
99 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
100 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
101 EXPECT_EQ(ExtensionAPIPermission::kManagement,
102 info->GetByName("management")->id());
103 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
104 }
105
106 TEST(ExtensionPermissionsInfoTest, GetAll) {
107 size_t count = 0;
108 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
109 ExtensionAPIPermissionSet apis = info->GetAll();
110 for (ExtensionAPIPermissionSet::iterator api = apis.begin();
111 api != apis.end(); ++api) {
112 // Make sure only the valid permission IDs get returned.
113 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api);
114 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api);
115 count++;
116 }
117 EXPECT_EQ(count, info->get_permission_count());
118 }
119
120 TEST(ExtensionPermissionInfoTest, GetAllByName) {
121 std::set<std::string> names;
122 names.insert("background");
123 names.insert("management");
124
125 // This is an alias of kTab
126 names.insert("windows");
127
128 // This unknown name should get dropped.
129 names.insert("sdlkfjasdlkfj");
130
131 ExtensionAPIPermissionSet expected;
132 expected.insert(ExtensionAPIPermission::kBackground);
133 expected.insert(ExtensionAPIPermission::kManagement);
134 expected.insert(ExtensionAPIPermission::kTab);
135
136 EXPECT_EQ(expected,
137 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names));
138 }
139
140 // Tests that the aliases are properly mapped.
141 TEST(ExtensionAPIPermissionTest, Aliases) {
142 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
143 // tabs: tabs, windows
144 std::string tabs_name = "tabs";
145 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name());
146 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
147 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id());
148
149 // unlimitedStorage: unlimitedStorage, unlimited_storage
150 std::string storage_name = "unlimitedStorage";
151 EXPECT_EQ(storage_name, info->GetByID(
152 ExtensionAPIPermission::kUnlimitedStorage)->name());
153 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
154 info->GetByName("unlimitedStorage")->id());
155 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
156 info->GetByName("unlimited_storage")->id());
157 }
158
159 TEST(ExtensionAPIPermissionTest, HostedAppPermissions) {
160 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
161 ExtensionAPIPermissionSet hosted_perms;
162 hosted_perms.insert(ExtensionAPIPermission::kBackground);
163 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead);
164 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite);
165 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate);
166 hosted_perms.insert(ExtensionAPIPermission::kExperimental);
167 hosted_perms.insert(ExtensionAPIPermission::kGeolocation);
168 hosted_perms.insert(ExtensionAPIPermission::kNotification);
169 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage);
170 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
171
172 ExtensionAPIPermissionSet perms = info->GetAll();
173 size_t count = 0;
174 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
175 i != perms.end(); ++i) {
176 count += hosted_perms.count(*i);
177 EXPECT_EQ(hosted_perms.count(*i),
178 info->GetByID(*i)->is_hosted_app());
179 }
180
181 EXPECT_EQ(9u, count);
182 EXPECT_EQ(9u, info->get_hosted_app_permission_count());
183 }
184
185 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) {
186 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
187 ExtensionAPIPermissionSet private_perms;
188 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
189 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate);
190 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
191 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
192
193 ExtensionAPIPermissionSet perms = info->GetAll();
194 int count = 0;
195 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
196 i != perms.end(); ++i) {
197 count += private_perms.count(*i);
198 EXPECT_EQ(private_perms.count(*i),
199 info->GetByID(*i)->is_component_only());
200 }
201
202 EXPECT_EQ(4, count);
203 }
204
205 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
206 scoped_refptr<Extension> extension;
207 const ExtensionPermissionSet* permissions = NULL;
208
209 extension = LoadManifest("effective_host_permissions", "empty.json");
210 permissions = extension->permission_set();
211 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
212 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
213 GURL("http://www.google.com")));
214 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
215
216 extension = LoadManifest("effective_host_permissions", "one_host.json");
217 permissions = extension->permission_set();
218 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
219 GURL("http://www.google.com")));
220 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
221 GURL("https://www.google.com")));
222 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
223
224 extension = LoadManifest("effective_host_permissions",
225 "one_host_wildcard.json");
226 permissions = extension->permission_set();
227 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
228 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
229 GURL("http://foo.google.com")));
230 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
231
232 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
233 permissions = extension->permission_set();
234 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
235 GURL("http://www.google.com")));
236 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
237 GURL("http://www.reddit.com")));
238 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
239
240 extension = LoadManifest("effective_host_permissions",
241 "https_not_considered.json");
242 permissions = extension->permission_set();
243 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
244 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://google.com")));
245 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
246
247 extension = LoadManifest("effective_host_permissions",
248 "two_content_scripts.json");
249 permissions = extension->permission_set();
250 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://google.com")));
251 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
252 GURL("http://www.reddit.com")));
253 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(
254 GURL("http://news.ycombinator.com")));
255 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
256
257 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
258 permissions = extension->permission_set();
259 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
260 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
261 EXPECT_TRUE(
262 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
263 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
264
265 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
266 permissions = extension->permission_set();
267 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
268 EXPECT_TRUE(
269 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
270 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
271
272 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
273 permissions = extension->permission_set();
274 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
275 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
276 EXPECT_TRUE(
277 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
278 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
279 }
280
281 TEST(ExtensionPermissionSetTest, CreateUnion) {
282 ExtensionAPIPermissionSet apis1;
283 ExtensionAPIPermissionSet apis2;
284 ExtensionAPIPermissionSet expected_apis;
285
286 URLPatternSet explicit_hosts1;
287 URLPatternSet explicit_hosts2;
288 URLPatternSet expected_explicit_hosts;
289
290 URLPatternSet scriptable_hosts1;
291 URLPatternSet scriptable_hosts2;
292 URLPatternSet expected_scriptable_hosts;
293
294 URLPatternSet effective_hosts;
295
296 scoped_ptr<ExtensionPermissionSet> set1;
297 scoped_ptr<ExtensionPermissionSet> set2;
298 scoped_ptr<ExtensionPermissionSet> union_set;
299
300 // Union with an empty set.
301 apis1.insert(ExtensionAPIPermission::kTab);
302 apis1.insert(ExtensionAPIPermission::kBackground);
303 expected_apis.insert(ExtensionAPIPermission::kTab);
304 expected_apis.insert(ExtensionAPIPermission::kBackground);
305
306 AddPattern(&explicit_hosts1, "http://*.google.com/*");
307 AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
308 AddPattern(&effective_hosts, "http://*.google.com/*");
309
310 set1.reset(new ExtensionPermissionSet(
311 apis1, explicit_hosts1, scriptable_hosts1));
312 set2.reset(new ExtensionPermissionSet(
313 apis2, explicit_hosts2, scriptable_hosts2));
314 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get()));
315
316 EXPECT_FALSE(union_set->HasEffectiveFullAccess());
317 EXPECT_EQ(expected_apis, union_set->apis());
318 AssertEqualExtents(expected_explicit_hosts, union_set->explicit_hosts());
319 AssertEqualExtents(expected_scriptable_hosts, union_set->scriptable_hosts());
320 AssertEqualExtents(expected_explicit_hosts, union_set->effective_hosts());
321
322 // Now use a real second set.
323 apis2.insert(ExtensionAPIPermission::kTab);
324 apis2.insert(ExtensionAPIPermission::kProxy);
325 apis2.insert(ExtensionAPIPermission::kClipboardWrite);
326 apis2.insert(ExtensionAPIPermission::kPlugin);
327 expected_apis.insert(ExtensionAPIPermission::kTab);
328 expected_apis.insert(ExtensionAPIPermission::kProxy);
329 expected_apis.insert(ExtensionAPIPermission::kClipboardWrite);
330 expected_apis.insert(ExtensionAPIPermission::kPlugin);
331
332 AddPattern(&explicit_hosts2, "http://*.example.com/*");
333 AddPattern(&scriptable_hosts2, "http://*.google.com/*");
334 AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
335 AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
336
337 effective_hosts.ClearPatterns();
338 AddPattern(&effective_hosts, "<all_urls>");
339
340 set2.reset(new ExtensionPermissionSet(
341 apis2, explicit_hosts2, scriptable_hosts2));
342 union_set.reset(ExtensionPermissionSet::CreateUnion(set1.get(), set2.get()));
343 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
344 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
345 EXPECT_EQ(expected_apis, union_set->apis());
346 AssertEqualExtents(expected_explicit_hosts, union_set->explicit_hosts());
347 AssertEqualExtents(expected_scriptable_hosts, union_set->scriptable_hosts());
348 AssertEqualExtents(effective_hosts, union_set->effective_hosts());
349 }
350
351 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) {
352 const struct {
353 const char* base_name;
354 // Increase these sizes if you have more than 10.
355 const char* granted_apis[10];
356 const char* granted_hosts[10];
357 bool full_access;
358 bool expect_increase;
359 } kTests[] = {
360 { "allhosts1", {NULL}, {"http://*/", NULL}, false,
361 false }, // all -> all
362 { "allhosts2", {NULL}, {"http://*/", NULL}, false,
363 false }, // all -> one
364 { "allhosts3", {NULL}, {NULL}, false, true }, // one -> all
365 { "hosts1", {NULL},
366 {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
367 false }, // http://a,http://b -> http://a,http://b
368 { "hosts2", {NULL},
369 {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
370 true }, // http://a,http://b -> https://a,http://*.b
371 { "hosts3", {NULL},
372 {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
373 false }, // http://a,http://b -> http://a
374 { "hosts4", {NULL},
375 {"http://www.google.com/", NULL}, false,
376 true }, // http://a -> http://a,http://b
377 { "hosts5", {"tabs", "notifications", NULL},
378 {"http://*.example.com/", "http://*.example.com/*",
379 "http://*.example.co.uk/*", "http://*.example.com.au/*",
380 NULL}, false,
381 false }, // http://a,b,c -> http://a,b,c + https://a,b,c
382 { "hosts6", {"tabs", "notifications", NULL},
383 {"http://*.example.com/", "http://*.example.com/*", NULL}, false,
384 false }, // http://a.com -> http://a.com + http://a.co.uk
385 { "permissions1", {"tabs", NULL},
386 {NULL}, false, false }, // tabs -> tabs
387 { "permissions2", {"tabs", NULL},
388 {NULL}, false, true }, // tabs -> tabs,bookmarks
389 { "permissions3", {NULL},
390 {"http://*/*", NULL},
391 false, true }, // http://a -> http://a,tabs
392 { "permissions5", {"bookmarks", NULL},
393 {NULL}, false, true }, // bookmarks -> bookmarks,history
394 #if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS
395 { "permissions4", {NULL},
396 {NULL}, true, false }, // plugin -> plugin,tabs
397 { "plugin1", {NULL},
398 {NULL}, true, false }, // plugin -> plugin
399 { "plugin2", {NULL},
400 {NULL}, true, false }, // plugin -> none
401 { "plugin3", {NULL},
402 {NULL}, false, true }, // none -> plugin
403 #endif
404 { "storage", {NULL},
405 {NULL}, false, false }, // none -> storage
406 { "notifications", {NULL},
407 {NULL}, false, false } // none -> notifications
408 };
409
410 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
411 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
412 scoped_refptr<Extension> old_extension(
413 LoadManifest("allow_silent_upgrade",
414 std::string(kTests[i].base_name) + "_old.json"));
415 scoped_refptr<Extension> new_extension(
416 LoadManifest("allow_silent_upgrade",
417 std::string(kTests[i].base_name) + "_new.json"));
418
419 ExtensionAPIPermissionSet granted_apis;
420 for (size_t j = 0; kTests[i].granted_apis[j] != NULL; ++j) {
421 granted_apis.insert(info->GetByName(kTests[i].granted_apis[j])->id());
422 }
423
424 URLPatternSet granted_hosts;
425 for (size_t j = 0; kTests[i].granted_hosts[j] != NULL; ++j)
426 AddPattern(&granted_hosts, kTests[i].granted_hosts[j]);
427
428 EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
429 if (!new_extension.get())
430 continue;
431
432 const ExtensionPermissionSet* old_p = old_extension->permission_set();
433 const ExtensionPermissionSet* new_p = new_extension->permission_set();
434
435 EXPECT_EQ(kTests[i].expect_increase, old_p->HasLessPrivilegesThan(new_p))
436 << kTests[i].base_name;
437 }
438 }
439
440 TEST(ExtensionPermissionSetTest, PermissionMessages) {
441 // Ensure that all permissions that needs to show install UI actually have
442 // strings associated with them.
443 ExtensionAPIPermissionSet skip;
444
445 skip.insert(ExtensionAPIPermission::kDefault);
446
447 // These are considered "nuisance" or "trivial" permissions that don't need
448 // a prompt.
449 skip.insert(ExtensionAPIPermission::kContextMenus);
450 skip.insert(ExtensionAPIPermission::kIdle);
451 skip.insert(ExtensionAPIPermission::kNotification);
452 skip.insert(ExtensionAPIPermission::kUnlimitedStorage);
453 skip.insert(ExtensionAPIPermission::kContentSettings);
454
455 // TODO(erikkay) add a string for this permission.
456 skip.insert(ExtensionAPIPermission::kBackground);
457
458 skip.insert(ExtensionAPIPermission::kClipboardWrite);
459
460 // The cookie permission does nothing unless you have associated host
461 // permissions.
462 skip.insert(ExtensionAPIPermission::kCookie);
463
464 // The proxy permission is warned as part of host permission checks.
465 skip.insert(ExtensionAPIPermission::kProxy);
466
467 // This permission requires explicit user action (context menu handler)
468 // so we won't prompt for it for now.
469 skip.insert(ExtensionAPIPermission::kFileBrowserHandler);
470
471 // If you've turned on the experimental command-line flag, we don't need
472 // to warn you further.
473 skip.insert(ExtensionAPIPermission::kExperimental);
474
475 // These are private.
476 skip.insert(ExtensionAPIPermission::kWebstorePrivate);
477 skip.insert(ExtensionAPIPermission::kFileBrowserPrivate);
478 skip.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
479 skip.insert(ExtensionAPIPermission::kChromePrivate);
480 skip.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
481 skip.insert(ExtensionAPIPermission::kWebSocketProxyPrivate);
482
483 // Warned as part of host permissions.
484 skip.insert(ExtensionAPIPermission::kDevtools);
485 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
486 ExtensionAPIPermissionSet permissions = info->GetAll();
487 for (ExtensionAPIPermissionSet::const_iterator i = permissions.begin();
488 i != permissions.end(); ++i) {
489 ExtensionAPIPermission* permission = info->GetByID(*i);
490 EXPECT_TRUE(permission);
491 if (skip.count(*i)) {
492 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id())
493 << "unexpected message_id for " << permission->name();
494 } else {
495 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id())
496 << "missing message_id for " << permission->name();
497 }
498 }
499 }
500
501 // Tests the default permissions (empty API permission set).
502 TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) {
503 const struct {
504 const char* permission_name;
505 bool expect_success;
506 } kTests[] = {
507 // Negative test.
508 { "non_existing_permission", false },
509 // Test default module/package permission.
510 { "browserAction", true },
511 { "browserActions", true },
512 { "devtools", true },
513 { "extension", true },
514 { "i18n", true },
515 { "pageAction", true },
516 { "pageActions", true },
517 { "test", true },
518 // Some negative tests.
519 { "bookmarks", false },
520 { "cookies", false },
521 { "history", false },
522 { "tabs.onUpdated", false },
523 // Make sure we find the module name after stripping '.' and '/'.
524 { "browserAction/abcd/onClick", true },
525 { "browserAction.abcd.onClick", true },
526 // Test Tabs functions.
527 { "tabs.create", true},
528 { "tabs.update", true},
529 { "tabs.getSelected", false},
530 };
531
532 ExtensionPermissionSet permissions;
533 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
534 EXPECT_EQ(kTests[i].expect_success,
535 permissions.HasAccessToFunction(kTests[i].permission_name));
536 }
537 }
538
539 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) {
540 scoped_refptr<Extension> extension;
541
542 extension = LoadManifest("permissions", "many-hosts.json");
543 std::vector<string16> warnings =
544 extension->permission_set()->GetWarningMessages();
545 ASSERT_EQ(1u, warnings.size());
546 EXPECT_EQ("Your data on www.google.com and encrypted.google.com",
547 UTF16ToUTF8(warnings[0]));
548 }
549
550 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) {
551 scoped_refptr<Extension> extension;
552 scoped_ptr<ExtensionPermissionSet> permissions;
553
554 extension = LoadManifest("permissions", "plugins.json");
555 std::vector<string16> warnings =
556 extension->permission_set()->GetWarningMessages();
557 // We don't parse the plugins key on Chrome OS, so it should not ask for any
558 // permissions.
559 #if defined(OS_CHROMEOS)
560 ASSERT_EQ(0u, warnings.size());
561 #else
562 ASSERT_EQ(1u, warnings.size());
563 EXPECT_EQ("All data on your computer and the websites you visit",
564 UTF16ToUTF8(warnings[0]));
565 #endif
566 }
567
568 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) {
569 scoped_ptr<ExtensionPermissionSet> perm_set;
570 ExtensionAPIPermissionSet empty_perms;
571 std::vector<std::string> expected;
572 expected.push_back("www.foo.com");
573 expected.push_back("www.bar.com");
574 expected.push_back("www.baz.com");
575 URLPatternSet explicit_hosts;
576 URLPatternSet scriptable_hosts;
577
578 {
579 SCOPED_TRACE("no dupes");
580
581 // Simple list with no dupes.
582 explicit_hosts.AddPattern(
583 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
584 explicit_hosts.AddPattern(
585 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
586 explicit_hosts.AddPattern(
587 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
588 perm_set.reset(new ExtensionPermissionSet(
589 empty_perms, explicit_hosts, scriptable_hosts));
590 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
591 }
592
593 {
594 SCOPED_TRACE("two dupes");
595
596 // Add some dupes.
597 explicit_hosts.AddPattern(
598 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
599 explicit_hosts.AddPattern(
600 URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
601 perm_set.reset(new ExtensionPermissionSet(
602 empty_perms, explicit_hosts, scriptable_hosts));
603 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
604 }
605
606 {
607 SCOPED_TRACE("schemes differ");
608
609 // Add a pattern that differs only by scheme. This should be filtered out.
610 explicit_hosts.AddPattern(
611 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
612 perm_set.reset(new ExtensionPermissionSet(
613 empty_perms, explicit_hosts, scriptable_hosts));
614 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
615 }
616
617 {
618 SCOPED_TRACE("paths differ");
619
620 // Add some dupes by path.
621 explicit_hosts.AddPattern(
622 URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
623 perm_set.reset(new ExtensionPermissionSet(
624 empty_perms, explicit_hosts, scriptable_hosts));
625 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
626 }
627
628 {
629 SCOPED_TRACE("subdomains differ");
630
631 // We don't do anything special for subdomains.
632 explicit_hosts.AddPattern(
633 URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
634 explicit_hosts.AddPattern(
635 URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
636
637 expected.push_back("monkey.www.bar.com");
638 expected.push_back("bar.com");
639
640 perm_set.reset(new ExtensionPermissionSet(
641 empty_perms, explicit_hosts, scriptable_hosts));
642 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
643 }
644
645 {
646 SCOPED_TRACE("RCDs differ");
647
648 // Now test for RCD uniquing.
649 explicit_hosts.AddPattern(
650 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
651 explicit_hosts.AddPattern(
652 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
653 explicit_hosts.AddPattern(
654 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
655 explicit_hosts.AddPattern(
656 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
657 explicit_hosts.AddPattern(
658 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
659 explicit_hosts.AddPattern(
660 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
661
662 // This is an unknown RCD, which shouldn't be uniqued out.
663 explicit_hosts.AddPattern(
664 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
665 // But it should only occur once.
666 explicit_hosts.AddPattern(
667 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
668
669 expected.push_back("www.foo.xyzzy");
670
671 perm_set.reset(new ExtensionPermissionSet(
672 empty_perms, explicit_hosts, scriptable_hosts));
673 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
674 }
675
676 {
677 SCOPED_TRACE("wildcards");
678
679 explicit_hosts.AddPattern(
680 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
681
682 expected.push_back("*.google.com");
683
684 perm_set.reset(new ExtensionPermissionSet(
685 empty_perms, explicit_hosts, scriptable_hosts));
686 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
687 }
688
689 {
690 SCOPED_TRACE("scriptable hosts");
691 explicit_hosts.ClearPatterns();
692 scriptable_hosts.ClearPatterns();
693 expected.clear();
694
695 explicit_hosts.AddPattern(
696 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
697 scriptable_hosts.AddPattern(
698 URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*"));
699
700 expected.push_back("*.google.com");
701 expected.push_back("*.example.com");
702
703 perm_set.reset(new ExtensionPermissionSet(
704 empty_perms, explicit_hosts, scriptable_hosts));
705 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
706 }
707 }
708
709 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
710 scoped_ptr<ExtensionPermissionSet> perm_set;
711 ExtensionAPIPermissionSet empty_perms;
712 URLPatternSet explicit_hosts;
713 URLPatternSet scriptable_hosts;
714 explicit_hosts.AddPattern(
715 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
716 explicit_hosts.AddPattern(
717 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
718 explicit_hosts.AddPattern(
719 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
720 explicit_hosts.AddPattern(
721 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
722 explicit_hosts.AddPattern(
723 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
724 explicit_hosts.AddPattern(
725 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
726
727 std::vector<std::string> expected;
728 expected.push_back("www.foo.com");
729 perm_set.reset(new ExtensionPermissionSet(
730 empty_perms, explicit_hosts, scriptable_hosts));
731 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
732 }
733
734 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
735 scoped_ptr<ExtensionPermissionSet> perm_set;
736 ExtensionAPIPermissionSet empty_perms;
737 URLPatternSet explicit_hosts;
738 URLPatternSet scriptable_hosts;
739 explicit_hosts.AddPattern(
740 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
741 explicit_hosts.AddPattern(
742 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
743 explicit_hosts.AddPattern(
744 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
745 explicit_hosts.AddPattern(
746 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
747 explicit_hosts.AddPattern(
748 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
749 // No http://www.foo.com/path
750
751 std::vector<std::string> expected;
752 expected.push_back("www.foo.net");
753 perm_set.reset(new ExtensionPermissionSet(
754 empty_perms, explicit_hosts, scriptable_hosts));
755 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
756 }
757
758 TEST(ExtensionPermissionSetTest,
759 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
760 scoped_ptr<ExtensionPermissionSet> perm_set;
761 ExtensionAPIPermissionSet empty_perms;
762 URLPatternSet explicit_hosts;
763 URLPatternSet scriptable_hosts;
764 explicit_hosts.AddPattern(
765 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
766 explicit_hosts.AddPattern(
767 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
768 explicit_hosts.AddPattern(
769 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
770 // No http://www.foo.net/path
771 explicit_hosts.AddPattern(
772 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
773 // No http://www.foo.com/path
774
775 std::vector<std::string> expected;
776 expected.push_back("www.foo.org");
777 perm_set.reset(new ExtensionPermissionSet(
778 empty_perms, explicit_hosts, scriptable_hosts));
779 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
780 }
781
782 TEST(ExtensionPermissionSetTest,
783 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
784 scoped_ptr<ExtensionPermissionSet> perm_set;
785 ExtensionAPIPermissionSet empty_perms;
786 URLPatternSet explicit_hosts;
787 URLPatternSet scriptable_hosts;
788 explicit_hosts.AddPattern(
789 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
790 // No http://www.foo.org/path
791 explicit_hosts.AddPattern(
792 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
793 // No http://www.foo.net/path
794 explicit_hosts.AddPattern(
795 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
796 // No http://www.foo.com/path
797
798 std::vector<std::string> expected;
799 expected.push_back("www.foo.ca");
800 perm_set.reset(new ExtensionPermissionSet(
801 empty_perms, explicit_hosts, scriptable_hosts));
802 CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
803 }
804
805 TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) {
806 URLPatternSet elist1;
807 URLPatternSet elist2;
808 URLPatternSet slist1;
809 URLPatternSet slist2;
810 scoped_ptr<ExtensionPermissionSet> set1;
811 scoped_ptr<ExtensionPermissionSet> set2;
812 ExtensionAPIPermissionSet empty_perms;
813 elist1.AddPattern(
814 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
815 elist1.AddPattern(
816 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
817
818 // Test that the host order does not matter.
819 elist2.AddPattern(
820 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
821 elist2.AddPattern(
822 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
823
824 set1.reset(new ExtensionPermissionSet(empty_perms, elist1, slist1));
825 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
826
827 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
828 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
829
830 // Test that paths are ignored.
831 elist2.ClearPatterns();
832 elist2.AddPattern(
833 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
834 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
835 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
836 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
837
838 // Test that RCDs are ignored.
839 elist2.ClearPatterns();
840 elist2.AddPattern(
841 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
842 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
843 EXPECT_FALSE(set1->HasLessHostPrivilegesThan(set2.get()));
844 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
845
846 // Test that subdomain wildcards are handled properly.
847 elist2.ClearPatterns();
848 elist2.AddPattern(
849 URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
850 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
851 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
852 //TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
853 //EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
854
855 // Test that different domains count as different hosts.
856 elist2.ClearPatterns();
857 elist2.AddPattern(
858 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
859 elist2.AddPattern(
860 URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
861 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
862 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
863 EXPECT_FALSE(set2->HasLessHostPrivilegesThan(set1.get()));
864
865 // Test that different subdomains count as different hosts.
866 elist2.ClearPatterns();
867 elist2.AddPattern(
868 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
869 set2.reset(new ExtensionPermissionSet(empty_perms, elist2, slist2));
870 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
871 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
872 }
873
874 TEST(ExtensionPermissionSetTest, GetAPIsAsStrings) {
875 ExtensionAPIPermissionSet apis;
876 URLPatternSet empty_set;
877
878 apis.insert(ExtensionAPIPermission::kProxy);
879 apis.insert(ExtensionAPIPermission::kBackground);
880 apis.insert(ExtensionAPIPermission::kNotification);
881 apis.insert(ExtensionAPIPermission::kTab);
882
883 ExtensionPermissionSet perm_set(apis, empty_set, empty_set);
884 std::set<std::string> api_names = perm_set.GetAPIsAsStrings();
885
886 // The result is correct if it has the same number of elements
887 // and we can convert it back to the id set.
888 EXPECT_EQ(4u, api_names.size());
889 EXPECT_EQ(apis,
890 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names));
891 }
892
893 TEST(ExtensionPermissionSetTest, IsEmpty) {
894 ExtensionAPIPermissionSet empty_apis;
895 URLPatternSet empty_extent;
896
897 ExtensionPermissionSet perm_set;
898 EXPECT_TRUE(perm_set.IsEmpty());
899
900 perm_set = ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
901 EXPECT_TRUE(perm_set.IsEmpty());
902
903 ExtensionAPIPermissionSet non_empty_apis;
904 non_empty_apis.insert(ExtensionAPIPermission::kBackground);
905 perm_set = ExtensionPermissionSet(
906 non_empty_apis, empty_extent, empty_extent);
907 EXPECT_FALSE(perm_set.IsEmpty());
908
909 // Try non standard host
910 URLPatternSet non_empty_extent;
911 AddPattern(&non_empty_extent, "http://www.google.com/*");
912
913 perm_set = ExtensionPermissionSet(
914 empty_apis, non_empty_extent, empty_extent);
915 EXPECT_FALSE(perm_set.IsEmpty());
916
917 perm_set = ExtensionPermissionSet(
918 empty_apis, empty_extent, non_empty_extent);
919 EXPECT_FALSE(perm_set.IsEmpty());
920 }
OLDNEW
« chrome/common/extensions/extension_permission_set.h ('K') | « chrome/common/extensions/extension_permission_set.cc ('k') | chrome/common/extensions/extension_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698