| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension_permission_set.h" | 5 #include "chrome/common/extensions/extension_permission_set.h" |
| 6 | 6 |
| 7 #include "base/json/json_value_serializer.h" | 7 #include "base/json/json_value_serializer.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/utf_string_conversions.h" | 10 #include "base/utf_string_conversions.h" |
| 11 #include "chrome/common/chrome_paths.h" | 11 #include "chrome/common/chrome_paths.h" |
| 12 #include "chrome/common/extensions/extension.h" | 12 #include "chrome/common/extensions/extension.h" |
| 13 #include "chrome/common/extensions/extension_constants.h" |
| 14 #include "chrome/common/extensions/extension_error_utils.h" |
| 15 #include "chrome/common/extensions/extension_permission_set.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 17 |
| 18 namespace errors = extension_manifest_errors; |
| 19 namespace keys = extension_manifest_keys; |
| 20 namespace values = extension_manifest_values; |
| 15 namespace { | 21 namespace { |
| 16 | 22 |
| 17 static scoped_refptr<Extension> LoadManifest(const std::string& dir, | 23 static scoped_refptr<Extension> LoadManifest(const std::string& dir, |
| 18 const std::string& test_file, | 24 const std::string& test_file, |
| 19 int extra_flags) { | 25 int extra_flags) { |
| 20 FilePath path; | 26 FilePath path; |
| 21 PathService::Get(chrome::DIR_TEST_DATA, &path); | 27 PathService::Get(chrome::DIR_TEST_DATA, &path); |
| 22 path = path.AppendASCII("extensions") | 28 path = path.AppendASCII("extensions") |
| 23 .AppendASCII(dir) | 29 .AppendASCII(dir) |
| 24 .AppendASCII(test_file); | 30 .AppendASCII(test_file); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 37 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); | 43 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); |
| 38 EXPECT_TRUE(extension) << error; | 44 EXPECT_TRUE(extension) << error; |
| 39 return extension; | 45 return extension; |
| 40 } | 46 } |
| 41 | 47 |
| 42 static scoped_refptr<Extension> LoadManifest(const std::string& dir, | 48 static scoped_refptr<Extension> LoadManifest(const std::string& dir, |
| 43 const std::string& test_file) { | 49 const std::string& test_file) { |
| 44 return LoadManifest(dir, test_file, Extension::NO_FLAGS); | 50 return LoadManifest(dir, test_file, Extension::NO_FLAGS); |
| 45 } | 51 } |
| 46 | 52 |
| 53 static void LoadManifestAndExpectError(DictionaryValue* manifest, |
| 54 Extension::Location location, |
| 55 const std::string& permission) { |
| 56 std::string error; |
| 57 scoped_refptr<Extension> extension = Extension::Create( |
| 58 FilePath(), location, *manifest, |
| 59 Extension::STRICT_ERROR_CHECKS, &error); |
| 60 |
| 61 |
| 62 std::string expected_error = ExtensionErrorUtils::FormatErrorMessage( |
| 63 errors::kPermissionNotAllowed, permission); |
| 64 EXPECT_FALSE(extension); |
| 65 EXPECT_EQ(expected_error, error); |
| 66 } |
| 67 |
| 47 void CompareLists(const std::vector<std::string>& expected, | 68 void CompareLists(const std::vector<std::string>& expected, |
| 48 const std::vector<std::string>& actual) { | 69 const std::vector<std::string>& actual) { |
| 49 ASSERT_EQ(expected.size(), actual.size()); | 70 ASSERT_EQ(expected.size(), actual.size()); |
| 50 | 71 |
| 51 for (size_t i = 0; i < expected.size(); ++i) { | 72 for (size_t i = 0; i < expected.size(); ++i) { |
| 52 EXPECT_EQ(expected[i], actual[i]); | 73 EXPECT_EQ(expected[i], actual[i]); |
| 53 } | 74 } |
| 54 } | 75 } |
| 55 | 76 |
| 56 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { | 77 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { |
| 57 int schemes = URLPattern::SCHEME_ALL; | 78 int schemes = URLPattern::SCHEME_ALL; |
| 58 extent->AddPattern(URLPattern(schemes, pattern)); | 79 extent->AddPattern(URLPattern(schemes, pattern)); |
| 59 } | 80 } |
| 60 | 81 |
| 61 } // namespace | 82 } // namespace |
| 62 | 83 |
| 63 class ExtensionAPIPermissionTest : public testing::Test { | 84 class ExtensionPermissionsTest : public testing::Test { |
| 64 }; | 85 }; |
| 65 | 86 |
| 66 class ExtensionPermissionSetTest : public testing::Test { | |
| 67 }; | |
| 68 | |
| 69 | |
| 70 // Tests GetByID. | 87 // Tests GetByID. |
| 71 TEST(ExtensionPermissionsInfoTest, GetByID) { | 88 TEST(ExtensionPermissionsTest, GetByID) { |
| 72 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 89 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 73 ExtensionAPIPermissionSet ids = info->GetAll(); | 90 ExtensionAPIPermissionSet ids = info->GetAll(); |
| 74 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); | 91 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); |
| 75 i != ids.end(); ++i) { | 92 i != ids.end(); ++i) { |
| 76 EXPECT_EQ(*i, info->GetByID(*i)->id()); | 93 EXPECT_EQ(*i, info->GetByID(*i)->id()); |
| 77 } | 94 } |
| 78 } | 95 } |
| 79 | 96 |
| 80 // Tests that GetByName works with normal permission names and aliases. | 97 // Tests that GetByName works with normal permission names and aliases. |
| 81 TEST(ExtensionPermissionsInfoTest, GetByName) { | 98 TEST(ExtensionPermissionsTest, GetByName) { |
| 82 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 99 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 83 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); | 100 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); |
| 84 EXPECT_EQ(ExtensionAPIPermission::kManagement, | 101 EXPECT_EQ(ExtensionAPIPermission::kManagement, |
| 85 info->GetByName("management")->id()); | 102 info->GetByName("management")->id()); |
| 86 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); | 103 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); |
| 87 } | 104 } |
| 88 | 105 |
| 89 TEST(ExtensionPermissionsInfoTest, GetAll) { | 106 TEST(ExtensionPermissionsTest, GetAll) { |
| 90 size_t count = 0; | 107 size_t count = 0; |
| 91 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 108 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 92 ExtensionAPIPermissionSet apis = info->GetAll(); | 109 ExtensionAPIPermissionSet apis = info->GetAll(); |
| 93 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); | 110 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); |
| 94 api != apis.end(); ++api) { | 111 api != apis.end(); ++api) { |
| 95 // Make sure only the valid permission IDs get returned. | 112 // Make sure only the valid permission IDs get returned. |
| 96 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); | 113 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); |
| 97 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); | 114 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); |
| 98 count++; | 115 count++; |
| 99 } | 116 } |
| 100 EXPECT_EQ(count, info->get_permission_count()); | 117 EXPECT_EQ(count, info->get_permission_count()); |
| 101 } | 118 } |
| 102 | 119 |
| 103 TEST(ExtensionPermissionInfoTest, GetAllByName) { | 120 TEST(ExtensionPermissionsTest, GetAllByName) { |
| 104 std::set<std::string> names; | 121 std::set<std::string> names; |
| 105 names.insert("background"); | 122 names.insert("background"); |
| 106 names.insert("management"); | 123 names.insert("management"); |
| 107 | 124 |
| 108 // This is an alias of kTab | 125 // This is an alias of kTab |
| 109 names.insert("windows"); | 126 names.insert("windows"); |
| 110 | 127 |
| 111 // This unknown name should get dropped. | 128 // This unknown name should get dropped. |
| 112 names.insert("sdlkfjasdlkfj"); | 129 names.insert("sdlkfjasdlkfj"); |
| 113 | 130 |
| 114 ExtensionAPIPermissionSet expected; | 131 ExtensionAPIPermissionSet expected; |
| 115 expected.insert(ExtensionAPIPermission::kBackground); | 132 expected.insert(ExtensionAPIPermission::kBackground); |
| 116 expected.insert(ExtensionAPIPermission::kManagement); | 133 expected.insert(ExtensionAPIPermission::kManagement); |
| 117 expected.insert(ExtensionAPIPermission::kTab); | 134 expected.insert(ExtensionAPIPermission::kTab); |
| 118 | 135 |
| 119 EXPECT_EQ(expected, | 136 EXPECT_EQ(expected, |
| 120 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); | 137 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); |
| 121 } | 138 } |
| 122 | 139 |
| 123 // Tests that the aliases are properly mapped. | 140 // Tests that the aliases are properly mapped. |
| 124 TEST(ExtensionAPIPermissionTest, Aliases) { | 141 TEST(ExtensionPermissionsTest, Aliases) { |
| 125 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 142 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 126 // tabs: tabs, windows | 143 // tabs: tabs, windows |
| 127 std::string tabs_name = "tabs"; | 144 std::string tabs_name = "tabs"; |
| 128 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); | 145 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); |
| 129 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); | 146 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); |
| 130 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); | 147 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); |
| 131 | 148 |
| 132 // unlimitedStorage: unlimitedStorage, unlimited_storage | 149 // unlimitedStorage: unlimitedStorage, unlimited_storage |
| 133 std::string storage_name = "unlimitedStorage"; | 150 std::string storage_name = "unlimitedStorage"; |
| 134 EXPECT_EQ(storage_name, info->GetByID( | 151 EXPECT_EQ(storage_name, info->GetByID( |
| 135 ExtensionAPIPermission::kUnlimitedStorage)->name()); | 152 ExtensionAPIPermission::kUnlimitedStorage)->name()); |
| 136 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, | 153 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, |
| 137 info->GetByName("unlimitedStorage")->id()); | 154 info->GetByName("unlimitedStorage")->id()); |
| 138 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, | 155 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, |
| 139 info->GetByName("unlimited_storage")->id()); | 156 info->GetByName("unlimited_storage")->id()); |
| 140 } | 157 } |
| 141 | 158 |
| 142 TEST(ExtensionAPIPermissionTest, HostedAppPermissions) { | 159 TEST(ExtensionPermissionsTest, HostedAppPermissions) { |
| 143 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 160 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 144 ExtensionAPIPermissionSet hosted_perms; | 161 ExtensionAPIPermissionSet hosted_perms; |
| 145 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); | 162 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); |
| 146 hosted_perms.insert(ExtensionAPIPermission::kBackground); | 163 hosted_perms.insert(ExtensionAPIPermission::kBackground); |
| 147 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); | 164 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); |
| 148 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); | 165 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); |
| 149 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 166 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 150 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); | 167 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); |
| 151 hosted_perms.insert(ExtensionAPIPermission::kExperimental); | 168 hosted_perms.insert(ExtensionAPIPermission::kExperimental); |
| 152 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); | 169 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); |
| 153 hosted_perms.insert(ExtensionAPIPermission::kNotification); | 170 hosted_perms.insert(ExtensionAPIPermission::kNotification); |
| 154 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); | 171 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); |
| 155 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 172 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 156 | 173 |
| 174 DictionaryValue source; |
| 175 source.SetString(keys::kName, "permission hosted app test"); |
| 176 source.SetString(keys::kVersion, "1"); |
| 177 source.SetInteger(keys::kManifestVersion, 2); |
| 178 ListValue* urls = new ListValue(); |
| 179 urls->Append(Value::CreateStringValue("http://localhost/test.html")); |
| 180 source.Set(keys::kWebURLs, urls); |
| 181 source.SetString(keys::kLaunchWebURL, "http://localhost/test.html"); |
| 182 |
| 157 ExtensionAPIPermissionSet perms = info->GetAll(); | 183 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 158 size_t count = 0; | 184 size_t count = 0; |
| 159 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 185 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 160 i != perms.end(); ++i) { | 186 i != perms.end(); ++i) { |
| 187 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 161 count += hosted_perms.count(*i); | 188 count += hosted_perms.count(*i); |
| 162 EXPECT_EQ(hosted_perms.count(*i) > 0, | 189 EXPECT_EQ(hosted_perms.count(*i) > 0, permission->supports_hosted_apps()); |
| 163 info->GetByID(*i)->supports_hosted_apps()); | 190 if (permission->supports_hosted_apps()) |
| 191 continue; |
| 192 |
| 193 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 194 ListValue* permissions = new ListValue(); |
| 195 permissions->Append(Value::CreateStringValue(permission->name())); |
| 196 manifest->Set(keys::kPermissions, permissions); |
| 197 |
| 198 // This error may be generated for other reasons too, like if the permission |
| 199 // has a whitelist. |
| 200 LoadManifestAndExpectError( |
| 201 manifest.get(), Extension::INTERNAL, permission->name()); |
| 164 } | 202 } |
| 165 | 203 |
| 166 EXPECT_EQ(hosted_perms.size(), count); | 204 EXPECT_EQ(hosted_perms.size(), count); |
| 167 } | 205 } |
| 168 | 206 |
| 169 TEST(ExtensionAPIPermissionTest, PlatformAppPermissions) { | 207 TEST(ExtensionPermissionsTest, PlatformAppPermissions) { |
| 170 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 208 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 171 ExtensionAPIPermissionSet blacklist; | 209 ExtensionAPIPermissionSet blacklist; |
| 172 blacklist.insert(ExtensionAPIPermission::kAppNotifications); | 210 blacklist.insert(ExtensionAPIPermission::kAppNotifications); |
| 173 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 211 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 174 blacklist.insert(ExtensionAPIPermission::kChromePrivate); | 212 blacklist.insert(ExtensionAPIPermission::kChromePrivate); |
| 175 blacklist.insert(ExtensionAPIPermission::kCookie); | 213 blacklist.insert(ExtensionAPIPermission::kCookie); |
| 176 blacklist.insert(ExtensionAPIPermission::kTab); | 214 blacklist.insert(ExtensionAPIPermission::kTab); |
| 177 blacklist.insert(ExtensionAPIPermission::kWebNavigation); | 215 blacklist.insert(ExtensionAPIPermission::kWebNavigation); |
| 178 blacklist.insert(ExtensionAPIPermission::kWebRequest); | 216 blacklist.insert(ExtensionAPIPermission::kWebRequest); |
| 179 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); | 217 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); |
| 180 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); | 218 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); |
| 181 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); | 219 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 182 | 220 |
| 221 DictionaryValue source; |
| 222 source.SetString(keys::kName, "permission platform app test"); |
| 223 source.SetString(keys::kVersion, "1"); |
| 224 source.SetInteger(keys::kManifestVersion, 2); |
| 225 source.SetBoolean(keys::kPlatformApp, true); |
| 226 source.SetString(keys::kLaunchLocalPath, "test.html"); |
| 227 source.SetString(keys::kLaunchContainer, values::kLaunchContainerShell); |
| 228 |
| 183 ExtensionAPIPermissionSet perms = info->GetAll(); | 229 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 184 size_t count = 0; | 230 size_t count = 0; |
| 185 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 231 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 186 i != perms.end(); ++i) { | 232 i != perms.end(); ++i) { |
| 233 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 187 count += blacklist.count(*i); | 234 count += blacklist.count(*i); |
| 188 EXPECT_EQ(blacklist.count(*i) > 0, | 235 EXPECT_EQ(blacklist.count(*i) > 0, !permission->supports_platform_apps()); |
| 189 !info->GetByID(*i)->supports_platform_apps()); | 236 |
| 237 if (permission->supports_platform_apps()) |
| 238 continue; |
| 239 |
| 240 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 241 ListValue* permissions = new ListValue(); |
| 242 permissions->Append(Value::CreateStringValue(permission->name())); |
| 243 manifest->Set(keys::kPermissions, permissions); |
| 244 |
| 245 // This error may be generated for other reasons too, like if the permission |
| 246 // has a whitelist. |
| 247 LoadManifestAndExpectError( |
| 248 manifest.get(), Extension::INTERNAL, permission->name()); |
| 190 } | 249 } |
| 191 | 250 |
| 192 EXPECT_EQ(blacklist.size(), count); | 251 EXPECT_EQ(blacklist.size(), count); |
| 193 } | 252 } |
| 194 | 253 |
| 195 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { | 254 TEST(ExtensionPermissionsTest, ComponentOnlyPermissions) { |
| 196 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 255 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 197 ExtensionAPIPermissionSet private_perms; | 256 ExtensionAPIPermissionSet private_perms; |
| 198 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 257 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 199 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); | 258 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); |
| 200 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); | 259 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); |
| 201 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); | 260 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); |
| 202 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); | 261 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); |
| 203 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); | 262 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); |
| 204 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 263 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 205 | 264 |
| 265 DictionaryValue source; |
| 266 source.SetString(keys::kName, "component only permission test"); |
| 267 source.SetString(keys::kVersion, "1"); |
| 268 source.SetInteger(keys::kManifestVersion, 2); |
| 269 |
| 206 ExtensionAPIPermissionSet perms = info->GetAll(); | 270 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 207 int count = 0; | 271 int count = 0; |
| 208 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 272 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 209 i != perms.end(); ++i) { | 273 i != perms.end(); ++i) { |
| 274 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 210 count += private_perms.count(*i); | 275 count += private_perms.count(*i); |
| 211 EXPECT_EQ(private_perms.count(*i) > 0, | 276 EXPECT_EQ(private_perms.count(*i) > 0, permission->is_component_only()); |
| 212 info->GetByID(*i)->is_component_only()); | 277 |
| 278 if (!permission->is_component_only()) |
| 279 continue; |
| 280 |
| 281 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 282 ListValue* permissions = new ListValue(); |
| 283 permissions->Append(Value::CreateStringValue(permission->name())); |
| 284 manifest->Set(keys::kPermissions, permissions); |
| 285 |
| 286 LoadManifestAndExpectError( |
| 287 manifest.get(), Extension::INTERNAL, permission->name()); |
| 213 } | 288 } |
| 214 | 289 |
| 215 EXPECT_EQ(7, count); | 290 EXPECT_EQ(7, count); |
| 216 } | 291 } |
| 217 | 292 |
| 218 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { | 293 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { |
| 219 scoped_refptr<Extension> extension; | 294 scoped_refptr<Extension> extension; |
| 220 scoped_refptr<const ExtensionPermissionSet> permissions; | 295 scoped_refptr<const ExtensionPermissionSet> permissions; |
| 221 | 296 |
| 222 extension = LoadManifest("effective_host_permissions", "empty.json"); | 297 extension = LoadManifest("effective_host_permissions", "empty.json"); |
| 223 permissions = extension->GetActivePermissions(); | 298 permissions = extension->GetActivePermissions(); |
| 224 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); | 299 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); |
| 225 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( | 300 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( |
| 226 GURL("http://www.google.com"))); | 301 GURL("http://www.google.com"))); |
| 227 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 302 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 228 | 303 |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 284 | 359 |
| 285 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); | 360 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); |
| 286 permissions = extension->GetActivePermissions(); | 361 permissions = extension->GetActivePermissions(); |
| 287 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); | 362 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); |
| 288 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); | 363 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); |
| 289 EXPECT_TRUE( | 364 EXPECT_TRUE( |
| 290 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); | 365 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); |
| 291 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); | 366 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); |
| 292 } | 367 } |
| 293 | 368 |
| 294 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { | 369 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) { |
| 295 ExtensionAPIPermissionSet apis; | 370 ExtensionAPIPermissionSet apis; |
| 296 URLPatternSet explicit_hosts; | 371 URLPatternSet explicit_hosts; |
| 297 URLPatternSet scriptable_hosts; | 372 URLPatternSet scriptable_hosts; |
| 298 | 373 |
| 299 AddPattern(&explicit_hosts, "http://*.google.com/*"); | 374 AddPattern(&explicit_hosts, "http://*.google.com/*"); |
| 300 // The explicit host paths should get set to /*. | 375 // The explicit host paths should get set to /*. |
| 301 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); | 376 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); |
| 302 | 377 |
| 303 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( | 378 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( |
| 304 apis, explicit_hosts, scriptable_hosts); | 379 apis, explicit_hosts, scriptable_hosts); |
| 305 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 380 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 306 GURL("http://www.google.com/"))); | 381 GURL("http://www.google.com/"))); |
| 307 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 382 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 308 GURL("http://test.google.com/"))); | 383 GURL("http://test.google.com/"))); |
| 309 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 384 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 310 GURL("http://www.example.com"))); | 385 GURL("http://www.example.com"))); |
| 311 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( | 386 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( |
| 312 GURL("http://www.example.com"))); | 387 GURL("http://www.example.com"))); |
| 313 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( | 388 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( |
| 314 GURL("http://test.example.com"))); | 389 GURL("http://test.example.com"))); |
| 315 } | 390 } |
| 316 | 391 |
| 317 TEST(ExtensionPermissionSetTest, CreateUnion) { | 392 TEST(ExtensionPermissionsTest, CreateUnion) { |
| 318 ExtensionAPIPermissionSet apis1; | 393 ExtensionAPIPermissionSet apis1; |
| 319 ExtensionAPIPermissionSet apis2; | 394 ExtensionAPIPermissionSet apis2; |
| 320 ExtensionAPIPermissionSet expected_apis; | 395 ExtensionAPIPermissionSet expected_apis; |
| 321 | 396 |
| 322 URLPatternSet explicit_hosts1; | 397 URLPatternSet explicit_hosts1; |
| 323 URLPatternSet explicit_hosts2; | 398 URLPatternSet explicit_hosts2; |
| 324 URLPatternSet expected_explicit_hosts; | 399 URLPatternSet expected_explicit_hosts; |
| 325 | 400 |
| 326 URLPatternSet scriptable_hosts1; | 401 URLPatternSet scriptable_hosts1; |
| 327 URLPatternSet scriptable_hosts2; | 402 URLPatternSet scriptable_hosts2; |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 388 EXPECT_TRUE(union_set->Contains(*set2)); | 463 EXPECT_TRUE(union_set->Contains(*set2)); |
| 389 | 464 |
| 390 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); | 465 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); |
| 391 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); | 466 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); |
| 392 EXPECT_EQ(expected_apis, union_set->apis()); | 467 EXPECT_EQ(expected_apis, union_set->apis()); |
| 393 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); | 468 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); |
| 394 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); | 469 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); |
| 395 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); | 470 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); |
| 396 } | 471 } |
| 397 | 472 |
| 398 TEST(ExtensionPermissionSetTest, CreateIntersection) { | 473 TEST(ExtensionPermissionsTest, CreateIntersection) { |
| 399 ExtensionAPIPermissionSet apis1; | 474 ExtensionAPIPermissionSet apis1; |
| 400 ExtensionAPIPermissionSet apis2; | 475 ExtensionAPIPermissionSet apis2; |
| 401 ExtensionAPIPermissionSet expected_apis; | 476 ExtensionAPIPermissionSet expected_apis; |
| 402 | 477 |
| 403 URLPatternSet explicit_hosts1; | 478 URLPatternSet explicit_hosts1; |
| 404 URLPatternSet explicit_hosts2; | 479 URLPatternSet explicit_hosts2; |
| 405 URLPatternSet expected_explicit_hosts; | 480 URLPatternSet expected_explicit_hosts; |
| 406 | 481 |
| 407 URLPatternSet scriptable_hosts1; | 482 URLPatternSet scriptable_hosts1; |
| 408 URLPatternSet scriptable_hosts2; | 483 URLPatternSet scriptable_hosts2; |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 EXPECT_FALSE(new_set->Contains(*set2)); | 539 EXPECT_FALSE(new_set->Contains(*set2)); |
| 465 | 540 |
| 466 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); | 541 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); |
| 467 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); | 542 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); |
| 468 EXPECT_EQ(expected_apis, new_set->apis()); | 543 EXPECT_EQ(expected_apis, new_set->apis()); |
| 469 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); | 544 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 470 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); | 545 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 471 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); | 546 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 472 } | 547 } |
| 473 | 548 |
| 474 TEST(ExtensionPermissionSetTest, CreateDifference) { | 549 TEST(ExtensionPermissionsTest, CreateDifference) { |
| 475 ExtensionAPIPermissionSet apis1; | 550 ExtensionAPIPermissionSet apis1; |
| 476 ExtensionAPIPermissionSet apis2; | 551 ExtensionAPIPermissionSet apis2; |
| 477 ExtensionAPIPermissionSet expected_apis; | 552 ExtensionAPIPermissionSet expected_apis; |
| 478 | 553 |
| 479 URLPatternSet explicit_hosts1; | 554 URLPatternSet explicit_hosts1; |
| 480 URLPatternSet explicit_hosts2; | 555 URLPatternSet explicit_hosts2; |
| 481 URLPatternSet expected_explicit_hosts; | 556 URLPatternSet expected_explicit_hosts; |
| 482 | 557 |
| 483 URLPatternSet scriptable_hosts1; | 558 URLPatternSet scriptable_hosts1; |
| 484 URLPatternSet scriptable_hosts2; | 559 URLPatternSet scriptable_hosts2; |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 EXPECT_EQ(expected_apis, new_set->apis()); | 603 EXPECT_EQ(expected_apis, new_set->apis()); |
| 529 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); | 604 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 530 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); | 605 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 531 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); | 606 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 532 | 607 |
| 533 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set | 608 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set |
| 534 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); | 609 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); |
| 535 EXPECT_TRUE(set1->IsEmpty()); | 610 EXPECT_TRUE(set1->IsEmpty()); |
| 536 } | 611 } |
| 537 | 612 |
| 538 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { | 613 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) { |
| 539 const struct { | 614 const struct { |
| 540 const char* base_name; | 615 const char* base_name; |
| 541 // Increase these sizes if you have more than 10. | 616 // Increase these sizes if you have more than 10. |
| 542 const char* granted_apis[10]; | 617 const char* granted_apis[10]; |
| 543 const char* granted_hosts[10]; | 618 const char* granted_hosts[10]; |
| 544 bool full_access; | 619 bool full_access; |
| 545 bool expect_increase; | 620 bool expect_increase; |
| 546 } kTests[] = { | 621 } kTests[] = { |
| 547 { "allhosts1", {NULL}, {"http://*/", NULL}, false, | 622 { "allhosts1", {NULL}, {"http://*/", NULL}, false, |
| 548 false }, // all -> all | 623 false }, // all -> all |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 621 scoped_refptr<const ExtensionPermissionSet> old_p( | 696 scoped_refptr<const ExtensionPermissionSet> old_p( |
| 622 old_extension->GetActivePermissions()); | 697 old_extension->GetActivePermissions()); |
| 623 scoped_refptr<const ExtensionPermissionSet> new_p( | 698 scoped_refptr<const ExtensionPermissionSet> new_p( |
| 624 new_extension->GetActivePermissions()); | 699 new_extension->GetActivePermissions()); |
| 625 | 700 |
| 626 EXPECT_EQ(kTests[i].expect_increase, | 701 EXPECT_EQ(kTests[i].expect_increase, |
| 627 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; | 702 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; |
| 628 } | 703 } |
| 629 } | 704 } |
| 630 | 705 |
| 631 TEST(ExtensionPermissionSetTest, PermissionMessages) { | 706 TEST(ExtensionPermissionsTest, PermissionMessages) { |
| 632 // Ensure that all permissions that needs to show install UI actually have | 707 // Ensure that all permissions that needs to show install UI actually have |
| 633 // strings associated with them. | 708 // strings associated with them. |
| 634 ExtensionAPIPermissionSet skip; | 709 ExtensionAPIPermissionSet skip; |
| 635 | 710 |
| 636 // These are considered "nuisance" or "trivial" permissions that don't need | 711 // These are considered "nuisance" or "trivial" permissions that don't need |
| 637 // a prompt. | 712 // a prompt. |
| 638 skip.insert(ExtensionAPIPermission::kAppNotifications); | 713 skip.insert(ExtensionAPIPermission::kAppNotifications); |
| 639 skip.insert(ExtensionAPIPermission::kContextMenus); | 714 skip.insert(ExtensionAPIPermission::kContextMenus); |
| 640 skip.insert(ExtensionAPIPermission::kIdle); | 715 skip.insert(ExtensionAPIPermission::kIdle); |
| 641 skip.insert(ExtensionAPIPermission::kNotification); | 716 skip.insert(ExtensionAPIPermission::kNotification); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 695 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) | 770 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) |
| 696 << "unexpected message_id for " << permission->name(); | 771 << "unexpected message_id for " << permission->name(); |
| 697 } else { | 772 } else { |
| 698 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) | 773 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) |
| 699 << "missing message_id for " << permission->name(); | 774 << "missing message_id for " << permission->name(); |
| 700 } | 775 } |
| 701 } | 776 } |
| 702 } | 777 } |
| 703 | 778 |
| 704 // Tests the default permissions (empty API permission set). | 779 // Tests the default permissions (empty API permission set). |
| 705 TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) { | 780 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) { |
| 706 const struct { | 781 const struct { |
| 707 const char* permission_name; | 782 const char* permission_name; |
| 708 bool expect_success; | 783 bool expect_success; |
| 709 } kTests[] = { | 784 } kTests[] = { |
| 710 // Negative test. | 785 // Negative test. |
| 711 { "non_existing_permission", false }, | 786 { "non_existing_permission", false }, |
| 712 // Test default module/package permission. | 787 // Test default module/package permission. |
| 713 { "browserAction", true }, | 788 { "browserAction", true }, |
| 714 { "devtools", true }, | 789 { "devtools", true }, |
| 715 { "extension", true }, | 790 { "extension", true }, |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 763 { "tabs", true}, | 838 { "tabs", true}, |
| 764 }; | 839 }; |
| 765 | 840 |
| 766 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); | 841 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); |
| 767 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { | 842 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { |
| 768 EXPECT_EQ(kTests[i].expect_success, | 843 EXPECT_EQ(kTests[i].expect_success, |
| 769 empty->HasAnyAccessToAPI(kTests[i].api_name)); | 844 empty->HasAnyAccessToAPI(kTests[i].api_name)); |
| 770 } | 845 } |
| 771 } | 846 } |
| 772 | 847 |
| 773 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { | 848 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) { |
| 774 scoped_refptr<Extension> extension; | 849 scoped_refptr<Extension> extension; |
| 775 | 850 |
| 776 extension = LoadManifest("permissions", "many-hosts.json"); | 851 extension = LoadManifest("permissions", "many-hosts.json"); |
| 777 std::vector<string16> warnings = | 852 std::vector<string16> warnings = |
| 778 extension->GetActivePermissions()->GetWarningMessages(); | 853 extension->GetActivePermissions()->GetWarningMessages(); |
| 779 ASSERT_EQ(1u, warnings.size()); | 854 ASSERT_EQ(1u, warnings.size()); |
| 780 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", | 855 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", |
| 781 UTF16ToUTF8(warnings[0])); | 856 UTF16ToUTF8(warnings[0])); |
| 782 } | 857 } |
| 783 | 858 |
| 784 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { | 859 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) { |
| 785 scoped_refptr<Extension> extension; | 860 scoped_refptr<Extension> extension; |
| 786 scoped_refptr<ExtensionPermissionSet> permissions; | 861 scoped_refptr<ExtensionPermissionSet> permissions; |
| 787 | 862 |
| 788 extension = LoadManifest("permissions", "plugins.json"); | 863 extension = LoadManifest("permissions", "plugins.json"); |
| 789 std::vector<string16> warnings = | 864 std::vector<string16> warnings = |
| 790 extension->GetActivePermissions()->GetWarningMessages(); | 865 extension->GetActivePermissions()->GetWarningMessages(); |
| 791 // We don't parse the plugins key on Chrome OS, so it should not ask for any | 866 // We don't parse the plugins key on Chrome OS, so it should not ask for any |
| 792 // permissions. | 867 // permissions. |
| 793 #if defined(OS_CHROMEOS) | 868 #if defined(OS_CHROMEOS) |
| 794 ASSERT_EQ(0u, warnings.size()); | 869 ASSERT_EQ(0u, warnings.size()); |
| 795 #else | 870 #else |
| 796 ASSERT_EQ(1u, warnings.size()); | 871 ASSERT_EQ(1u, warnings.size()); |
| 797 EXPECT_EQ("All data on your computer and the websites you visit", | 872 EXPECT_EQ("All data on your computer and the websites you visit", |
| 798 UTF16ToUTF8(warnings[0])); | 873 UTF16ToUTF8(warnings[0])); |
| 799 #endif | 874 #endif |
| 800 } | 875 } |
| 801 | 876 |
| 802 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) { | 877 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) { |
| 803 scoped_refptr<ExtensionPermissionSet> perm_set; | 878 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 804 ExtensionAPIPermissionSet empty_perms; | 879 ExtensionAPIPermissionSet empty_perms; |
| 805 std::set<std::string> expected; | 880 std::set<std::string> expected; |
| 806 expected.insert("www.foo.com"); | 881 expected.insert("www.foo.com"); |
| 807 expected.insert("www.bar.com"); | 882 expected.insert("www.bar.com"); |
| 808 expected.insert("www.baz.com"); | 883 expected.insert("www.baz.com"); |
| 809 URLPatternSet explicit_hosts; | 884 URLPatternSet explicit_hosts; |
| 810 URLPatternSet scriptable_hosts; | 885 URLPatternSet scriptable_hosts; |
| 811 | 886 |
| 812 { | 887 { |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 948 | 1023 |
| 949 explicit_hosts.AddPattern( | 1024 explicit_hosts.AddPattern( |
| 950 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); | 1025 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); |
| 951 | 1026 |
| 952 perm_set = new ExtensionPermissionSet( | 1027 perm_set = new ExtensionPermissionSet( |
| 953 empty_perms, explicit_hosts, scriptable_hosts); | 1028 empty_perms, explicit_hosts, scriptable_hosts); |
| 954 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1029 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 955 } | 1030 } |
| 956 } | 1031 } |
| 957 | 1032 |
| 958 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) { | 1033 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) { |
| 959 scoped_refptr<ExtensionPermissionSet> perm_set; | 1034 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 960 ExtensionAPIPermissionSet empty_perms; | 1035 ExtensionAPIPermissionSet empty_perms; |
| 961 URLPatternSet explicit_hosts; | 1036 URLPatternSet explicit_hosts; |
| 962 URLPatternSet scriptable_hosts; | 1037 URLPatternSet scriptable_hosts; |
| 963 explicit_hosts.AddPattern( | 1038 explicit_hosts.AddPattern( |
| 964 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1039 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 965 explicit_hosts.AddPattern( | 1040 explicit_hosts.AddPattern( |
| 966 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 967 explicit_hosts.AddPattern( | 1042 explicit_hosts.AddPattern( |
| 968 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1043 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 969 explicit_hosts.AddPattern( | 1044 explicit_hosts.AddPattern( |
| 970 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); | 1045 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); |
| 971 explicit_hosts.AddPattern( | 1046 explicit_hosts.AddPattern( |
| 972 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1047 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 973 explicit_hosts.AddPattern( | 1048 explicit_hosts.AddPattern( |
| 974 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); | 1049 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); |
| 975 | 1050 |
| 976 std::set<std::string> expected; | 1051 std::set<std::string> expected; |
| 977 expected.insert("www.foo.com"); | 1052 expected.insert("www.foo.com"); |
| 978 perm_set = new ExtensionPermissionSet( | 1053 perm_set = new ExtensionPermissionSet( |
| 979 empty_perms, explicit_hosts, scriptable_hosts); | 1054 empty_perms, explicit_hosts, scriptable_hosts); |
| 980 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1055 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 981 } | 1056 } |
| 982 | 1057 |
| 983 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { | 1058 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { |
| 984 scoped_refptr<ExtensionPermissionSet> perm_set; | 1059 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 985 ExtensionAPIPermissionSet empty_perms; | 1060 ExtensionAPIPermissionSet empty_perms; |
| 986 URLPatternSet explicit_hosts; | 1061 URLPatternSet explicit_hosts; |
| 987 URLPatternSet scriptable_hosts; | 1062 URLPatternSet scriptable_hosts; |
| 988 explicit_hosts.AddPattern( | 1063 explicit_hosts.AddPattern( |
| 989 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1064 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 990 explicit_hosts.AddPattern( | 1065 explicit_hosts.AddPattern( |
| 991 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1066 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 992 explicit_hosts.AddPattern( | 1067 explicit_hosts.AddPattern( |
| 993 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1068 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 994 explicit_hosts.AddPattern( | 1069 explicit_hosts.AddPattern( |
| 995 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); | 1070 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); |
| 996 explicit_hosts.AddPattern( | 1071 explicit_hosts.AddPattern( |
| 997 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1072 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 998 // No http://www.foo.com/path | 1073 // No http://www.foo.com/path |
| 999 | 1074 |
| 1000 std::set<std::string> expected; | 1075 std::set<std::string> expected; |
| 1001 expected.insert("www.foo.net"); | 1076 expected.insert("www.foo.net"); |
| 1002 perm_set = new ExtensionPermissionSet( | 1077 perm_set = new ExtensionPermissionSet( |
| 1003 empty_perms, explicit_hosts, scriptable_hosts); | 1078 empty_perms, explicit_hosts, scriptable_hosts); |
| 1004 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1079 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1005 } | 1080 } |
| 1006 | 1081 |
| 1007 TEST(ExtensionPermissionSetTest, | 1082 TEST(ExtensionPermissionsTest, |
| 1008 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { | 1083 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { |
| 1009 scoped_refptr<ExtensionPermissionSet> perm_set; | 1084 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1010 ExtensionAPIPermissionSet empty_perms; | 1085 ExtensionAPIPermissionSet empty_perms; |
| 1011 URLPatternSet explicit_hosts; | 1086 URLPatternSet explicit_hosts; |
| 1012 URLPatternSet scriptable_hosts; | 1087 URLPatternSet scriptable_hosts; |
| 1013 explicit_hosts.AddPattern( | 1088 explicit_hosts.AddPattern( |
| 1014 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1089 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 1015 explicit_hosts.AddPattern( | 1090 explicit_hosts.AddPattern( |
| 1016 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1091 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 1017 explicit_hosts.AddPattern( | 1092 explicit_hosts.AddPattern( |
| 1018 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1093 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 1019 // No http://www.foo.net/path | 1094 // No http://www.foo.net/path |
| 1020 explicit_hosts.AddPattern( | 1095 explicit_hosts.AddPattern( |
| 1021 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1096 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 1022 // No http://www.foo.com/path | 1097 // No http://www.foo.com/path |
| 1023 | 1098 |
| 1024 std::set<std::string> expected; | 1099 std::set<std::string> expected; |
| 1025 expected.insert("www.foo.org"); | 1100 expected.insert("www.foo.org"); |
| 1026 perm_set = new ExtensionPermissionSet( | 1101 perm_set = new ExtensionPermissionSet( |
| 1027 empty_perms, explicit_hosts, scriptable_hosts); | 1102 empty_perms, explicit_hosts, scriptable_hosts); |
| 1028 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1103 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1029 } | 1104 } |
| 1030 | 1105 |
| 1031 TEST(ExtensionPermissionSetTest, | 1106 TEST(ExtensionPermissionsTest, |
| 1032 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { | 1107 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { |
| 1033 scoped_refptr<ExtensionPermissionSet> perm_set; | 1108 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1034 ExtensionAPIPermissionSet empty_perms; | 1109 ExtensionAPIPermissionSet empty_perms; |
| 1035 URLPatternSet explicit_hosts; | 1110 URLPatternSet explicit_hosts; |
| 1036 URLPatternSet scriptable_hosts; | 1111 URLPatternSet scriptable_hosts; |
| 1037 explicit_hosts.AddPattern( | 1112 explicit_hosts.AddPattern( |
| 1038 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1113 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 1039 // No http://www.foo.org/path | 1114 // No http://www.foo.org/path |
| 1040 explicit_hosts.AddPattern( | 1115 explicit_hosts.AddPattern( |
| 1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1116 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 1042 // No http://www.foo.net/path | 1117 // No http://www.foo.net/path |
| 1043 explicit_hosts.AddPattern( | 1118 explicit_hosts.AddPattern( |
| 1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1119 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 1045 // No http://www.foo.com/path | 1120 // No http://www.foo.com/path |
| 1046 | 1121 |
| 1047 std::set<std::string> expected; | 1122 std::set<std::string> expected; |
| 1048 expected.insert("www.foo.ca"); | 1123 expected.insert("www.foo.ca"); |
| 1049 perm_set = new ExtensionPermissionSet( | 1124 perm_set = new ExtensionPermissionSet( |
| 1050 empty_perms, explicit_hosts, scriptable_hosts); | 1125 empty_perms, explicit_hosts, scriptable_hosts); |
| 1051 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1126 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1052 } | 1127 } |
| 1053 | 1128 |
| 1054 TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) { | 1129 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) { |
| 1055 URLPatternSet elist1; | 1130 URLPatternSet elist1; |
| 1056 URLPatternSet elist2; | 1131 URLPatternSet elist2; |
| 1057 URLPatternSet slist1; | 1132 URLPatternSet slist1; |
| 1058 URLPatternSet slist2; | 1133 URLPatternSet slist2; |
| 1059 scoped_refptr<ExtensionPermissionSet> set1; | 1134 scoped_refptr<ExtensionPermissionSet> set1; |
| 1060 scoped_refptr<ExtensionPermissionSet> set2; | 1135 scoped_refptr<ExtensionPermissionSet> set2; |
| 1061 ExtensionAPIPermissionSet empty_perms; | 1136 ExtensionAPIPermissionSet empty_perms; |
| 1062 elist1.AddPattern( | 1137 elist1.AddPattern( |
| 1063 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); | 1138 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); |
| 1064 elist1.AddPattern( | 1139 elist1.AddPattern( |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1113 | 1188 |
| 1114 // Test that different subdomains count as different hosts. | 1189 // Test that different subdomains count as different hosts. |
| 1115 elist2.ClearPatterns(); | 1190 elist2.ClearPatterns(); |
| 1116 elist2.AddPattern( | 1191 elist2.AddPattern( |
| 1117 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); | 1192 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); |
| 1118 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); | 1193 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); |
| 1119 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); | 1194 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); |
| 1120 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); | 1195 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); |
| 1121 } | 1196 } |
| 1122 | 1197 |
| 1123 TEST(ExtensionPermissionSetTest, GetAPIsAsStrings) { | 1198 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) { |
| 1124 ExtensionAPIPermissionSet apis; | 1199 ExtensionAPIPermissionSet apis; |
| 1125 URLPatternSet empty_set; | 1200 URLPatternSet empty_set; |
| 1126 | 1201 |
| 1127 apis.insert(ExtensionAPIPermission::kProxy); | 1202 apis.insert(ExtensionAPIPermission::kProxy); |
| 1128 apis.insert(ExtensionAPIPermission::kBackground); | 1203 apis.insert(ExtensionAPIPermission::kBackground); |
| 1129 apis.insert(ExtensionAPIPermission::kNotification); | 1204 apis.insert(ExtensionAPIPermission::kNotification); |
| 1130 apis.insert(ExtensionAPIPermission::kTab); | 1205 apis.insert(ExtensionAPIPermission::kTab); |
| 1131 | 1206 |
| 1132 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( | 1207 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( |
| 1133 apis, empty_set, empty_set); | 1208 apis, empty_set, empty_set); |
| 1134 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); | 1209 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); |
| 1135 | 1210 |
| 1136 // The result is correct if it has the same number of elements | 1211 // The result is correct if it has the same number of elements |
| 1137 // and we can convert it back to the id set. | 1212 // and we can convert it back to the id set. |
| 1138 EXPECT_EQ(4u, api_names.size()); | 1213 EXPECT_EQ(4u, api_names.size()); |
| 1139 EXPECT_EQ(apis, | 1214 EXPECT_EQ(apis, |
| 1140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); | 1215 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); |
| 1141 } | 1216 } |
| 1142 | 1217 |
| 1143 TEST(ExtensionPermissionSetTest, IsEmpty) { | 1218 TEST(ExtensionPermissionsTest, IsEmpty) { |
| 1144 ExtensionAPIPermissionSet empty_apis; | 1219 ExtensionAPIPermissionSet empty_apis; |
| 1145 URLPatternSet empty_extent; | 1220 URLPatternSet empty_extent; |
| 1146 | 1221 |
| 1147 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); | 1222 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); |
| 1148 EXPECT_TRUE(empty->IsEmpty()); | 1223 EXPECT_TRUE(empty->IsEmpty()); |
| 1149 scoped_refptr<ExtensionPermissionSet> perm_set; | 1224 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1150 | 1225 |
| 1151 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); | 1226 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); |
| 1152 EXPECT_TRUE(perm_set->IsEmpty()); | 1227 EXPECT_TRUE(perm_set->IsEmpty()); |
| 1153 | 1228 |
| 1154 ExtensionAPIPermissionSet non_empty_apis; | 1229 ExtensionAPIPermissionSet non_empty_apis; |
| 1155 non_empty_apis.insert(ExtensionAPIPermission::kBackground); | 1230 non_empty_apis.insert(ExtensionAPIPermission::kBackground); |
| 1156 perm_set = new ExtensionPermissionSet( | 1231 perm_set = new ExtensionPermissionSet( |
| 1157 non_empty_apis, empty_extent, empty_extent); | 1232 non_empty_apis, empty_extent, empty_extent); |
| 1158 EXPECT_FALSE(perm_set->IsEmpty()); | 1233 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1159 | 1234 |
| 1160 // Try non standard host | 1235 // Try non standard host |
| 1161 URLPatternSet non_empty_extent; | 1236 URLPatternSet non_empty_extent; |
| 1162 AddPattern(&non_empty_extent, "http://www.google.com/*"); | 1237 AddPattern(&non_empty_extent, "http://www.google.com/*"); |
| 1163 | 1238 |
| 1164 perm_set = new ExtensionPermissionSet( | 1239 perm_set = new ExtensionPermissionSet( |
| 1165 empty_apis, non_empty_extent, empty_extent); | 1240 empty_apis, non_empty_extent, empty_extent); |
| 1166 EXPECT_FALSE(perm_set->IsEmpty()); | 1241 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1167 | 1242 |
| 1168 perm_set = new ExtensionPermissionSet( | 1243 perm_set = new ExtensionPermissionSet( |
| 1169 empty_apis, empty_extent, non_empty_extent); | 1244 empty_apis, empty_extent, non_empty_extent); |
| 1170 EXPECT_FALSE(perm_set->IsEmpty()); | 1245 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1171 } | 1246 } |
| 1247 |
| 1248 // Tests that permission whitelists are enforced. |
| 1249 TEST(ExtensionPermissionsTest, Whitelists) { |
| 1250 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 1251 ExtensionAPIPermissionSet ids = info->GetAll(); |
| 1252 |
| 1253 // We CHECK if a developer tries to register a whitelist without setting |
| 1254 // kFlagEnforceWhitelist, so there's no need to enumerate the permissions we |
| 1255 // expect to have whitelists. |
| 1256 |
| 1257 DictionaryValue source; |
| 1258 source.SetString(keys::kName, "permission whitelist test"); |
| 1259 source.SetString(keys::kVersion, "1"); |
| 1260 source.SetInteger(keys::kManifestVersion, 2); |
| 1261 |
| 1262 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); |
| 1263 i != ids.end(); ++i) { |
| 1264 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 1265 if (!permission->should_enforce_whitelist()) |
| 1266 continue; |
| 1267 |
| 1268 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 1269 ListValue* permissions = new ListValue(); |
| 1270 permissions->Append(Value::CreateStringValue(permission->name())); |
| 1271 manifest->Set(keys::kPermissions, permissions); |
| 1272 |
| 1273 // Even COMPONENT extensions are subject to the whitelist. |
| 1274 LoadManifestAndExpectError( |
| 1275 manifest.get(), Extension::COMPONENT, permission->name()); |
| 1276 } |
| 1277 } |
| OLD | NEW |