| Index: chrome/common/extensions/extension_permission_set_unittest.cc
|
| diff --git a/chrome/common/extensions/extension_permission_set_unittest.cc b/chrome/common/extensions/extension_permission_set_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..733b2bdc3f9371bb14b0a14d4491387aff47db3e
|
| --- /dev/null
|
| +++ b/chrome/common/extensions/extension_permission_set_unittest.cc
|
| @@ -0,0 +1,762 @@
|
| +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/common/extensions/extension_permission_set.h"
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/path_service.h"
|
| +#include "base/utf_string_conversions.h"
|
| +#include "chrome/common/chrome_paths.h"
|
| +#include "chrome/common/extensions/extension.h"
|
| +#include "content/common/json_value_serializer.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace {
|
| +
|
| +static scoped_refptr<Extension> LoadManifest(const std::string& dir,
|
| + const std::string& test_file,
|
| + int extra_flags) {
|
| + FilePath path;
|
| + PathService::Get(chrome::DIR_TEST_DATA, &path);
|
| + path = path.AppendASCII("extensions")
|
| + .AppendASCII(dir)
|
| + .AppendASCII(test_file);
|
| +
|
| + JSONFileValueSerializer serializer(path);
|
| + std::string error;
|
| + scoped_ptr<Value> result(serializer.Deserialize(NULL, &error));
|
| + if (!result.get()) {
|
| + EXPECT_EQ("", error);
|
| + return NULL;
|
| + }
|
| +
|
| + scoped_refptr<Extension> extension = Extension::Create(
|
| + path.DirName(), Extension::INVALID,
|
| + *static_cast<DictionaryValue*>(result.get()),
|
| + Extension::STRICT_ERROR_CHECKS | extra_flags, &error);
|
| + EXPECT_TRUE(extension) << error;
|
| + return extension;
|
| +}
|
| +
|
| +static scoped_refptr<Extension> LoadManifest(const std::string& dir,
|
| + const std::string& test_file) {
|
| + return LoadManifest(dir, test_file, Extension::NO_FLAGS);
|
| +}
|
| +
|
| +void CompareLists(const std::vector<std::string>& expected,
|
| + const std::vector<std::string>& actual) {
|
| + ASSERT_EQ(expected.size(), actual.size());
|
| +
|
| + for (size_t i = 0; i < expected.size(); ++i) {
|
| + EXPECT_EQ(expected[i], actual[i]);
|
| + }
|
| +}
|
| +
|
| +static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
|
| + int schemes = URLPattern::SCHEME_ALL;
|
| + extent->AddPattern(URLPattern(schemes, pattern));
|
| +}
|
| +
|
| +static void AssertEqualExtents(const URLPatternSet& extent1,
|
| + const URLPatternSet& extent2) {
|
| + URLPatternList patterns1 = extent1.patterns();
|
| + URLPatternList patterns2 = extent2.patterns();
|
| + std::set<std::string> strings1;
|
| + EXPECT_EQ(patterns1.size(), patterns2.size());
|
| +
|
| + for (size_t i = 0; i < patterns1.size(); ++i)
|
| + strings1.insert(patterns1.at(i).GetAsString());
|
| +
|
| + std::set<std::string> strings2;
|
| + for (size_t i = 0; i < patterns2.size(); ++i)
|
| + strings2.insert(patterns2.at(i).GetAsString());
|
| +
|
| + EXPECT_EQ(strings1, strings2);
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +class ExtensionAPIPermissionTest : public testing::Test {
|
| +};
|
| +
|
| +class ExtensionPermissionSetTest : public testing::Test {
|
| +};
|
| +
|
| +// Tests that GetByName works with normal permission names and aliases.
|
| +TEST(ExtensionAPIPermissionTest, GetByName) {
|
| + EXPECT_EQ(ExtensionAPIPermission::Tab(),
|
| + *ExtensionAPIPermission::GetByName("tabs"));
|
| + EXPECT_EQ(ExtensionAPIPermission::Management(),
|
| + *ExtensionAPIPermission::GetByName("management"));
|
| + EXPECT_FALSE(ExtensionAPIPermission::GetByName("alsdkfjasldkfj"));
|
| +}
|
| +
|
| +// Tests that the aliases are properly mapped.
|
| +TEST(ExtensionAPIPermissionTest, Aliases) {
|
| + // tabs: tabs, windows
|
| + std::string tabs_name = "tabs";
|
| + EXPECT_EQ(tabs_name, ExtensionAPIPermission::Tab().name());
|
| + EXPECT_EQ(ExtensionAPIPermission::Tab(),
|
| + *ExtensionAPIPermission::GetByName("tabs"));
|
| + EXPECT_EQ(ExtensionAPIPermission::Tab(),
|
| + *ExtensionAPIPermission::GetByName("windows"));
|
| +
|
| + // unlimitedStorage: unlimitedStorage, unlimited_storage
|
| + std::string storage_name = "unlimitedStorage";
|
| + EXPECT_EQ(storage_name,
|
| + ExtensionAPIPermission::UnlimitedStorage().name());
|
| + EXPECT_EQ(ExtensionAPIPermission::UnlimitedStorage(),
|
| + *ExtensionAPIPermission::GetByName("unlimitedStorage"));
|
| + EXPECT_EQ(ExtensionAPIPermission::UnlimitedStorage(),
|
| + *ExtensionAPIPermission::GetByName("unlimited_storage"));
|
| +}
|
| +
|
| +TEST(ExtensionAPIPermissionTest, HostedAppPermissions) {
|
| + std::set<ExtensionAPIPermission> hosted_perms;
|
| + hosted_perms.insert(ExtensionAPIPermission::Background());
|
| + hosted_perms.insert(ExtensionAPIPermission::ClipboardRead());
|
| + hosted_perms.insert(ExtensionAPIPermission::ClipboardWrite());
|
| + hosted_perms.insert(ExtensionAPIPermission::ChromePrivate());
|
| + hosted_perms.insert(ExtensionAPIPermission::Experimental());
|
| + hosted_perms.insert(ExtensionAPIPermission::Geolocation());
|
| + hosted_perms.insert(ExtensionAPIPermission::Notification());
|
| + hosted_perms.insert(ExtensionAPIPermission::UnlimitedStorage());
|
| + hosted_perms.insert(ExtensionAPIPermission::WebstorePrivate());
|
| +
|
| + std::set<ExtensionAPIPermission> perms = ExtensionAPIPermission::GetAll();
|
| + size_t count = 0;
|
| + for (std::set<ExtensionAPIPermission>::iterator i = perms.begin();
|
| + i != perms.end(); ++i) {
|
| + count += hosted_perms.count(*i);
|
| + EXPECT_EQ(hosted_perms.count(*i), i->is_hosted_app());
|
| + }
|
| +
|
| + EXPECT_EQ((size_t)9, count);
|
| + EXPECT_EQ((size_t)9, ExtensionAPIPermission::hosted_app_permission_count());
|
| +}
|
| +
|
| +TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) {
|
| + std::set<ExtensionAPIPermission> private_perms;
|
| + private_perms.insert(ExtensionAPIPermission::ChromeosInfoPrivate());
|
| + private_perms.insert(ExtensionAPIPermission::FileBrowserPrivate());
|
| + private_perms.insert(ExtensionAPIPermission::MediaPlayerPrivate());
|
| + private_perms.insert(ExtensionAPIPermission::WebstorePrivate());
|
| +
|
| + std::set<ExtensionAPIPermission> perms = ExtensionAPIPermission::GetAll();
|
| + int count = 0;
|
| + for (std::set<ExtensionAPIPermission>::iterator i = perms.begin();
|
| + i != perms.end(); ++i) {
|
| + count += private_perms.count(*i);
|
| + EXPECT_EQ(private_perms.count(*i), i->is_component_only());
|
| + }
|
| +
|
| + EXPECT_EQ(4, count);
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) {
|
| + scoped_refptr<Extension> extension;
|
| + ExtensionPermissionSet permissions;
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "empty.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
|
| + EXPECT_FALSE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "one_host.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_FALSE(permissions.HasAccessToHost(GURL("https://www.google.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions",
|
| + "one_host_wildcard.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://google.com")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://foo.google.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "two_hosts.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.reddit.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions",
|
| + "https_not_considered.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://google.com")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("https://google.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions",
|
| + "two_content_scripts.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://google.com")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.reddit.com")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://news.ycombinator.com")));
|
| + EXPECT_FALSE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "all_hosts.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://test/")));
|
| + EXPECT_FALSE(permissions.HasAccessToHost(GURL("https://test/")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_TRUE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://test/")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_TRUE(permissions.HasEffectiveAccessToAllHosts());
|
| +
|
| + extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
|
| + permissions = extension->permission_set();
|
| + EXPECT_FALSE(permissions.HasAccessToHost(GURL("http://test/")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("https://test/")));
|
| + EXPECT_TRUE(permissions.HasAccessToHost(GURL("http://www.google.com")));
|
| + EXPECT_TRUE(permissions.HasEffectiveAccessToAllHosts());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, CreateUnion) {
|
| + std::set<ExtensionAPIPermission> apis1;
|
| + std::set<ExtensionAPIPermission> apis2;
|
| + std::set<ExtensionAPIPermission> expected_apis;
|
| +
|
| + URLPatternSet hosts1;
|
| + URLPatternSet hosts2;
|
| + URLPatternSet expected_hosts;
|
| +
|
| + bool native_code1 = false;
|
| + bool native_code2 = false;
|
| + bool expected_native_code = false;
|
| +
|
| + scoped_ptr<ExtensionPermissionSet> set1;
|
| + scoped_ptr<ExtensionPermissionSet> set2;
|
| + scoped_ptr<ExtensionPermissionSet> union_set;
|
| +
|
| + // Union with an empty set.
|
| + apis1.insert(ExtensionAPIPermission::Tab());
|
| + apis1.insert(ExtensionAPIPermission::Background());
|
| + expected_apis.insert(ExtensionAPIPermission::Tab());
|
| + expected_apis.insert(ExtensionAPIPermission::Background());
|
| +
|
| + AddPattern(&hosts1, "http://*.google.com/*");
|
| + AddPattern(&expected_hosts, "http://*.google.com/*");
|
| +
|
| + set1.reset(new ExtensionPermissionSet(native_code1, apis1, hosts1));
|
| + set2.reset(new ExtensionPermissionSet(native_code2, apis2, hosts2));
|
| + union_set.reset(ExtensionPermissionSet::CreateUnion(*set1, *set2));
|
| +
|
| + EXPECT_EQ(expected_native_code, union_set->native_code());
|
| + EXPECT_EQ(expected_apis, union_set->apis());
|
| + AssertEqualExtents(expected_hosts, union_set->effective_hosts());
|
| +
|
| + // Now use a real second set.
|
| + apis2.insert(ExtensionAPIPermission::Tab());
|
| + apis2.insert(ExtensionAPIPermission::Proxy());
|
| + apis2.insert(ExtensionAPIPermission::ClipboardWrite());
|
| + expected_apis.insert(ExtensionAPIPermission::Tab());
|
| + expected_apis.insert(ExtensionAPIPermission::Proxy());
|
| + expected_apis.insert(ExtensionAPIPermission::ClipboardWrite());
|
| +
|
| + AddPattern(&hosts2, "http://*.example.com/*");
|
| + AddPattern(&hosts2, "http://*.google.com/*");
|
| + AddPattern(&expected_hosts, "http://*.example.com/*");
|
| +
|
| + native_code2 = true;
|
| + expected_native_code = true;
|
| +
|
| + set2.reset(new ExtensionPermissionSet(native_code2, apis2, hosts2));
|
| + union_set.reset(ExtensionPermissionSet::CreateUnion(*set1, *set2));
|
| + EXPECT_EQ(expected_native_code, union_set->native_code());
|
| + EXPECT_EQ(expected_apis, union_set->apis());
|
| + AssertEqualExtents(expected_hosts, union_set->effective_hosts());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) {
|
| + const struct {
|
| + const char* base_name;
|
| + // Increase these sizes if you have more than 10.
|
| + const char* granted_apis[10];
|
| + const char* granted_hosts[10];
|
| + bool full_access;
|
| + bool expect_increase;
|
| + } kTests[] = {
|
| + { "allhosts1", {NULL}, {"http://*/", NULL}, false,
|
| + false }, // all -> all
|
| + { "allhosts2", {NULL}, {"http://*/", NULL}, false,
|
| + false }, // all -> one
|
| + { "allhosts3", {NULL}, {NULL}, false, true }, // one -> all
|
| + { "hosts1", {NULL},
|
| + {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
|
| + false }, // http://a,http://b -> http://a,http://b
|
| + { "hosts2", {NULL},
|
| + {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
|
| + true }, // http://a,http://b -> https://a,http://*.b
|
| + { "hosts3", {NULL},
|
| + {"http://www.google.com/", "http://www.reddit.com/", NULL}, false,
|
| + false }, // http://a,http://b -> http://a
|
| + { "hosts4", {NULL},
|
| + {"http://www.google.com/", NULL}, false,
|
| + true }, // http://a -> http://a,http://b
|
| + { "hosts5", {"tabs", "notifications", NULL},
|
| + {"http://*.example.com/", "http://*.example.com/*",
|
| + "http://*.example.co.uk/*", "http://*.example.com.au/*",
|
| + NULL}, false,
|
| + false }, // http://a,b,c -> http://a,b,c + https://a,b,c
|
| + { "hosts6", {"tabs", "notifications", NULL},
|
| + {"http://*.example.com/", "http://*.example.com/*", NULL}, false,
|
| + false }, // http://a.com -> http://a.com + http://a.co.uk
|
| + { "permissions1", {"tabs", NULL},
|
| + {NULL}, false, false }, // tabs -> tabs
|
| + { "permissions2", {"tabs", NULL},
|
| + {NULL}, false, true }, // tabs -> tabs,bookmarks
|
| + { "permissions3", {NULL},
|
| + {"http://*/*", NULL},
|
| + false, true }, // http://a -> http://a,tabs
|
| + { "permissions5", {"bookmarks", NULL},
|
| + {NULL}, false, true }, // bookmarks -> bookmarks,history
|
| +#if !defined(OS_CHROMEOS) // plugins aren't allowed in ChromeOS
|
| + { "permissions4", {NULL},
|
| + {NULL}, true, false }, // plugin -> plugin,tabs
|
| + { "plugin1", {NULL},
|
| + {NULL}, true, false }, // plugin -> plugin
|
| + { "plugin2", {NULL},
|
| + {NULL}, true, false }, // plugin -> none
|
| + { "plugin3", {NULL},
|
| + {NULL}, false, true }, // none -> plugin
|
| +#endif
|
| + { "storage", {NULL},
|
| + {NULL}, false, false }, // none -> storage
|
| + { "notifications", {NULL},
|
| + {NULL}, false, false } // none -> notifications
|
| + };
|
| +
|
| + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
|
| + scoped_refptr<Extension> old_extension(
|
| + LoadManifest("allow_silent_upgrade",
|
| + std::string(kTests[i].base_name) + "_old.json"));
|
| + scoped_refptr<Extension> new_extension(
|
| + LoadManifest("allow_silent_upgrade",
|
| + std::string(kTests[i].base_name) + "_new.json"));
|
| +
|
| + std::set<ExtensionAPIPermission> granted_apis;
|
| + for (size_t j = 0; kTests[i].granted_apis[j] != NULL; ++j) {
|
| + granted_apis.insert(
|
| + *ExtensionAPIPermission::GetByName(kTests[i].granted_apis[j]));
|
| + }
|
| +
|
| + URLPatternSet granted_hosts;
|
| + for (size_t j = 0; kTests[i].granted_hosts[j] != NULL; ++j)
|
| + AddPattern(&granted_hosts, kTests[i].granted_hosts[j]);
|
| +
|
| + EXPECT_TRUE(new_extension.get()) << kTests[i].base_name << "_new.json";
|
| + if (!new_extension.get())
|
| + continue;
|
| +
|
| + ExtensionPermissionSet old_p = old_extension->permission_set();
|
| + ExtensionPermissionSet new_p = new_extension->permission_set();
|
| +
|
| + EXPECT_EQ(kTests[i].expect_increase, old_p.HasLessPrivilegesThan(new_p))
|
| + << kTests[i].base_name;
|
| + }
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, PermissionMessages) {
|
| + // Ensure that all permissions that needs to show install UI actually have
|
| + // strings associated with them.
|
| + std::set<ExtensionAPIPermission> skip;
|
| +
|
| + // These are considered "nuisance" or "trivial" permissions that don't need
|
| + // a prompt.
|
| + skip.insert(ExtensionAPIPermission::ContextMenus());
|
| + skip.insert(ExtensionAPIPermission::Idle());
|
| + skip.insert(ExtensionAPIPermission::Notification());
|
| + skip.insert(ExtensionAPIPermission::UnlimitedStorage());
|
| + skip.insert(ExtensionAPIPermission::ContentSettings());
|
| +
|
| + // TODO(erikkay) add a string for this permission.
|
| + skip.insert(ExtensionAPIPermission::Background());
|
| +
|
| + skip.insert(ExtensionAPIPermission::ClipboardWrite());
|
| +
|
| + // The cookie permission does nothing unless you have associated host
|
| + // permissions.
|
| + skip.insert(ExtensionAPIPermission::Cookie());
|
| +
|
| + // The proxy permission is warned as part of host permission checks.
|
| + skip.insert(ExtensionAPIPermission::Proxy());
|
| +
|
| + // This permission requires explicit user action (context menu handler)
|
| + // so we won't prompt for it for now.
|
| + skip.insert(ExtensionAPIPermission::FileBrowserHandler());
|
| +
|
| + // If you've turned on the experimental command-line flag, we don't need
|
| + // to warn you further.
|
| + skip.insert(ExtensionAPIPermission::Experimental());
|
| +
|
| + // These are private.
|
| + skip.insert(ExtensionAPIPermission::WebstorePrivate());
|
| + skip.insert(ExtensionAPIPermission::FileBrowserPrivate());
|
| + skip.insert(ExtensionAPIPermission::MediaPlayerPrivate());
|
| + skip.insert(ExtensionAPIPermission::ChromePrivate());
|
| + skip.insert(ExtensionAPIPermission::ChromeosInfoPrivate());
|
| + skip.insert(ExtensionAPIPermission::WebSocketProxyPrivate());
|
| +
|
| + std::set<ExtensionAPIPermission> permissions =
|
| + ExtensionAPIPermission::GetAll();
|
| +
|
| + const ExtensionPermissionMessage::MessageId ID_NONE =
|
| + ExtensionPermissionMessage::ID_NONE;
|
| +
|
| + for (std::set<ExtensionAPIPermission>::const_iterator i = permissions.begin();
|
| + i != permissions.end(); ++i) {
|
| + ExtensionAPIPermission permission = *i;
|
| + if (skip.count(permission)) {
|
| + EXPECT_EQ(ID_NONE, permission.message_id())
|
| + << "unexpected message_id for " << permission.name();
|
| + } else {
|
| + EXPECT_NE(ID_NONE, permission.message_id())
|
| + << "missing message_id for " << permission.name();
|
| + }
|
| + }
|
| +}
|
| +
|
| +// Tests the default permissions (empty API permission set).
|
| +TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) {
|
| + const struct {
|
| + const char* permission_name;
|
| + bool expect_success;
|
| + } kTests[] = {
|
| + // Negative test.
|
| + { "non_existing_permission", false },
|
| + // Test default module/package permission.
|
| + { "browserAction", true },
|
| + { "browserActions", true },
|
| + { "devtools", true },
|
| + { "extension", true },
|
| + { "i18n", true },
|
| + { "pageAction", true },
|
| + { "pageActions", true },
|
| + { "test", true },
|
| + // Some negative tests.
|
| + { "bookmarks", false },
|
| + { "cookies", false },
|
| + { "history", false },
|
| + { "tabs.onUpdated", false },
|
| + // Make sure we find the module name after stripping '.' and '/'.
|
| + { "browserAction/abcd/onClick", true },
|
| + { "browserAction.abcd.onClick", true },
|
| + // Test Tabs functions.
|
| + { "tabs.create", true},
|
| + { "tabs.update", true},
|
| + { "tabs.getSelected", false},
|
| + };
|
| +
|
| + ExtensionPermissionSet permissions(
|
| + false, std::set<ExtensionAPIPermission>(), URLPatternSet());
|
| + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
|
| + EXPECT_EQ(kTests[i].expect_success,
|
| + permissions.HasAccessToFunction(kTests[i].permission_name));
|
| + }
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) {
|
| + scoped_refptr<Extension> extension;
|
| +
|
| + extension = LoadManifest("permissions", "many-hosts.json");
|
| + std::vector<string16> warnings =
|
| + extension->permission_set().GetWarningMessages();
|
| + ASSERT_EQ(1u, warnings.size());
|
| + EXPECT_EQ("Your data on www.google.com and encrypted.google.com",
|
| + UTF16ToUTF8(warnings[0]));
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) {
|
| + scoped_refptr<Extension> extension;
|
| + scoped_ptr<ExtensionPermissionSet> permissions;
|
| +
|
| + extension = LoadManifest("permissions", "plugins.json");
|
| + std::vector<string16> warnings =
|
| + extension->permission_set().GetWarningMessages();
|
| + // We don't parse the plugins key on Chrome OS, so it should not ask for any
|
| + // permissions.
|
| +#if defined(OS_CHROMEOS)
|
| + ASSERT_EQ(0u, warnings.size());
|
| +#else
|
| + ASSERT_EQ(1u, warnings.size());
|
| + EXPECT_EQ("All data on your computer and the websites you visit",
|
| + UTF16ToUTF8(warnings[0]));
|
| +#endif
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) {
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + std::vector<std::string> expected;
|
| + expected.push_back("www.foo.com");
|
| + expected.push_back("www.bar.com");
|
| + expected.push_back("www.baz.com");
|
| + URLPatternSet actual;
|
| +
|
| + {
|
| + SCOPED_TRACE("no dupes");
|
| +
|
| + // Simple list with no dupes.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("two dupes");
|
| +
|
| + // Add some dupes.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.baz.com/path"));
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("schemes differ");
|
| +
|
| + // Add a pattern that differs only by scheme. This should be filtered out.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTPS, "https://www.bar.com/path"));
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("paths differ");
|
| +
|
| + // Add some dupes by path.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.bar.com/pathypath"));
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("subdomains differ");
|
| +
|
| + // We don't do anything special for subdomains.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://monkey.www.bar.com/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://bar.com/path"));
|
| +
|
| + expected.push_back("monkey.www.bar.com");
|
| + expected.push_back("bar.com");
|
| +
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("RCDs differ");
|
| +
|
| + // Now test for RCD uniquing.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.de/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca.us/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com.my/path"));
|
| +
|
| + // This is an unknown RCD, which shouldn't be uniqued out.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
|
| + // But it should only occur once.
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.xyzzy/path"));
|
| +
|
| + expected.push_back("www.foo.xyzzy");
|
| +
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +
|
| + {
|
| + SCOPED_TRACE("wildcards");
|
| +
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
|
| +
|
| + expected.push_back("*.google.com");
|
| +
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| + }
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + URLPatternSet actual;
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
|
| +
|
| + std::vector<std::string> expected;
|
| + expected.push_back("www.foo.com");
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + URLPatternSet actual;
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
|
| + // No http://www.foo.com/path
|
| +
|
| + std::vector<std::string> expected;
|
| + expected.push_back("www.foo.net");
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest,
|
| + GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + URLPatternSet actual;
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
|
| + // No http://www.foo.net/path
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
|
| + // No http://www.foo.com/path
|
| +
|
| + std::vector<std::string> expected;
|
| + expected.push_back("www.foo.org");
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest,
|
| + GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
|
| + scoped_ptr<ExtensionPermissionSet> perm_set;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + URLPatternSet actual;
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
|
| + // No http://www.foo.org/path
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
|
| + // No http://www.foo.net/path
|
| + actual.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
|
| + // No http://www.foo.com/path
|
| +
|
| + std::vector<std::string> expected;
|
| + expected.push_back("www.foo.ca");
|
| + perm_set.reset(new ExtensionPermissionSet(false, empty_perms, actual));
|
| + CompareLists(expected, perm_set->GetDistinctHostsForDisplay());
|
| +}
|
| +
|
| +TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) {
|
| + URLPatternSet list1;
|
| + URLPatternSet list2;
|
| + scoped_ptr<ExtensionPermissionSet> set1;
|
| + scoped_ptr<ExtensionPermissionSet> set2;
|
| + std::set<ExtensionAPIPermission> empty_perms;
|
| + list1.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
|
| + list1.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
|
| +
|
| + // Test that the host order does not matter.
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
|
| +
|
| + set1.reset(new ExtensionPermissionSet(false, empty_perms, list1));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| +
|
| + EXPECT_FALSE(set1->HasLessHostPrivilegesThan(*set2));
|
| + EXPECT_FALSE(set2->HasLessHostPrivilegesThan(*set1));
|
| +
|
| + // Test that paths are ignored.
|
| + list2.ClearPatterns();
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| + EXPECT_FALSE(set1->HasLessHostPrivilegesThan(*set2));
|
| + EXPECT_FALSE(set2->HasLessHostPrivilegesThan(*set1));
|
| +
|
| + // Test that RCDs are ignored.
|
| + list2.ClearPatterns();
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| + EXPECT_FALSE(set1->HasLessHostPrivilegesThan(*set2));
|
| + EXPECT_FALSE(set2->HasLessHostPrivilegesThan(*set1));
|
| +
|
| + // Test that subdomain wildcards are handled properly.
|
| + list2.ClearPatterns();
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| + EXPECT_TRUE(set1->HasLessHostPrivilegesThan(*set2));
|
| + //TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
|
| + //EXPECT_FALSE(set2->HasLessHostPrivilegesThan(*set1));
|
| +
|
| + // Test that different domains count as different hosts.
|
| + list2.ClearPatterns();
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| + EXPECT_TRUE(set1->HasLessHostPrivilegesThan(*set2));
|
| + EXPECT_FALSE(set2->HasLessHostPrivilegesThan(*set1));
|
| +
|
| + // Test that different subdomains count as different hosts.
|
| + list2.ClearPatterns();
|
| + list2.AddPattern(
|
| + URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
|
| + set2.reset(new ExtensionPermissionSet(false, empty_perms, list2));
|
| + EXPECT_TRUE(set1->HasLessHostPrivilegesThan(*set2));
|
| + EXPECT_TRUE(set2->HasLessHostPrivilegesThan(*set1));
|
| +}
|
|
|
Chromium Code Reviews
Issue 7003098:
Start refractoring extension permissions into ExtensionPermissionSet. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src