Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1368)

Side by Side Diff: chrome/common/extensions/extension_permission_set_unittest.cc

Issue 9317013: Add a centralized mechanism for whitelisting access to extension permissions. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: merge TerminalPrivate api changes Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/extension_permission_set.h" 5 #include "chrome/common/extensions/extension_permission_set.h"
6 6
7 #include "base/json/json_value_serializer.h" 7 #include "base/json/json_value_serializer.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "base/utf_string_conversions.h" 10 #include "base/utf_string_conversions.h"
11 #include "chrome/common/chrome_paths.h" 11 #include "chrome/common/chrome_paths.h"
12 #include "chrome/common/extensions/extension.h" 12 #include "chrome/common/extensions/extension.h"
13 #include "chrome/common/extensions/extension_constants.h"
14 #include "chrome/common/extensions/extension_error_utils.h"
15 #include "chrome/common/extensions/extension_permission_set.h"
13 #include "testing/gtest/include/gtest/gtest.h" 16 #include "testing/gtest/include/gtest/gtest.h"
14 17
18 namespace errors = extension_manifest_errors;
19 namespace keys = extension_manifest_keys;
20 namespace values = extension_manifest_values;
15 namespace { 21 namespace {
16 22
17 static scoped_refptr<Extension> LoadManifest(const std::string& dir, 23 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
18 const std::string& test_file, 24 const std::string& test_file,
19 int extra_flags) { 25 int extra_flags) {
20 FilePath path; 26 FilePath path;
21 PathService::Get(chrome::DIR_TEST_DATA, &path); 27 PathService::Get(chrome::DIR_TEST_DATA, &path);
22 path = path.AppendASCII("extensions") 28 path = path.AppendASCII("extensions")
23 .AppendASCII(dir) 29 .AppendASCII(dir)
24 .AppendASCII(test_file); 30 .AppendASCII(test_file);
(...skipping 12 matching lines...) Expand all
37 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); 43 Extension::STRICT_ERROR_CHECKS | extra_flags, &error);
38 EXPECT_TRUE(extension) << error; 44 EXPECT_TRUE(extension) << error;
39 return extension; 45 return extension;
40 } 46 }
41 47
42 static scoped_refptr<Extension> LoadManifest(const std::string& dir, 48 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
43 const std::string& test_file) { 49 const std::string& test_file) {
44 return LoadManifest(dir, test_file, Extension::NO_FLAGS); 50 return LoadManifest(dir, test_file, Extension::NO_FLAGS);
45 } 51 }
46 52
53 static void LoadManifestAndExpectError(DictionaryValue* manifest,
54 Extension::Location location,
55 const std::string& permission) {
56 std::string error;
57 scoped_refptr<Extension> extension = Extension::Create(
58 FilePath(), location, *manifest,
59 Extension::STRICT_ERROR_CHECKS, &error);
60
61
62 std::string expected_error = ExtensionErrorUtils::FormatErrorMessage(
63 errors::kPermissionNotAllowed, permission);
64 EXPECT_FALSE(extension);
65 EXPECT_EQ(expected_error, error);
66 }
67
47 void CompareLists(const std::vector<std::string>& expected, 68 void CompareLists(const std::vector<std::string>& expected,
48 const std::vector<std::string>& actual) { 69 const std::vector<std::string>& actual) {
49 ASSERT_EQ(expected.size(), actual.size()); 70 ASSERT_EQ(expected.size(), actual.size());
50 71
51 for (size_t i = 0; i < expected.size(); ++i) { 72 for (size_t i = 0; i < expected.size(); ++i) {
52 EXPECT_EQ(expected[i], actual[i]); 73 EXPECT_EQ(expected[i], actual[i]);
53 } 74 }
54 } 75 }
55 76
56 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { 77 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
57 int schemes = URLPattern::SCHEME_ALL; 78 int schemes = URLPattern::SCHEME_ALL;
58 extent->AddPattern(URLPattern(schemes, pattern)); 79 extent->AddPattern(URLPattern(schemes, pattern));
59 } 80 }
60 81
61 } // namespace 82 } // namespace
62 83
63 class ExtensionAPIPermissionTest : public testing::Test { 84 class ExtensionPermissionsTest : public testing::Test {
64 }; 85 };
65 86
66 class ExtensionPermissionSetTest : public testing::Test {
67 };
68
69
70 // Tests GetByID. 87 // Tests GetByID.
71 TEST(ExtensionPermissionsInfoTest, GetByID) { 88 TEST(ExtensionPermissionsTest, GetByID) {
72 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 89 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
73 ExtensionAPIPermissionSet ids = info->GetAll(); 90 ExtensionAPIPermissionSet ids = info->GetAll();
74 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); 91 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
75 i != ids.end(); ++i) { 92 i != ids.end(); ++i) {
76 EXPECT_EQ(*i, info->GetByID(*i)->id()); 93 EXPECT_EQ(*i, info->GetByID(*i)->id());
77 } 94 }
78 } 95 }
79 96
80 // Tests that GetByName works with normal permission names and aliases. 97 // Tests that GetByName works with normal permission names and aliases.
81 TEST(ExtensionPermissionsInfoTest, GetByName) { 98 TEST(ExtensionPermissionsTest, GetByName) {
82 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 99 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
83 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); 100 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
84 EXPECT_EQ(ExtensionAPIPermission::kManagement, 101 EXPECT_EQ(ExtensionAPIPermission::kManagement,
85 info->GetByName("management")->id()); 102 info->GetByName("management")->id());
86 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); 103 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
87 } 104 }
88 105
89 TEST(ExtensionPermissionsInfoTest, GetAll) { 106 TEST(ExtensionPermissionsTest, GetAll) {
90 size_t count = 0; 107 size_t count = 0;
91 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 108 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
92 ExtensionAPIPermissionSet apis = info->GetAll(); 109 ExtensionAPIPermissionSet apis = info->GetAll();
93 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); 110 for (ExtensionAPIPermissionSet::iterator api = apis.begin();
94 api != apis.end(); ++api) { 111 api != apis.end(); ++api) {
95 // Make sure only the valid permission IDs get returned. 112 // Make sure only the valid permission IDs get returned.
96 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); 113 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api);
97 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); 114 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api);
98 count++; 115 count++;
99 } 116 }
100 EXPECT_EQ(count, info->get_permission_count()); 117 EXPECT_EQ(count, info->get_permission_count());
101 } 118 }
102 119
103 TEST(ExtensionPermissionInfoTest, GetAllByName) { 120 TEST(ExtensionPermissionsTest, GetAllByName) {
104 std::set<std::string> names; 121 std::set<std::string> names;
105 names.insert("background"); 122 names.insert("background");
106 names.insert("management"); 123 names.insert("management");
107 124
108 // This is an alias of kTab 125 // This is an alias of kTab
109 names.insert("windows"); 126 names.insert("windows");
110 127
111 // This unknown name should get dropped. 128 // This unknown name should get dropped.
112 names.insert("sdlkfjasdlkfj"); 129 names.insert("sdlkfjasdlkfj");
113 130
114 ExtensionAPIPermissionSet expected; 131 ExtensionAPIPermissionSet expected;
115 expected.insert(ExtensionAPIPermission::kBackground); 132 expected.insert(ExtensionAPIPermission::kBackground);
116 expected.insert(ExtensionAPIPermission::kManagement); 133 expected.insert(ExtensionAPIPermission::kManagement);
117 expected.insert(ExtensionAPIPermission::kTab); 134 expected.insert(ExtensionAPIPermission::kTab);
118 135
119 EXPECT_EQ(expected, 136 EXPECT_EQ(expected,
120 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); 137 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names));
121 } 138 }
122 139
123 // Tests that the aliases are properly mapped. 140 // Tests that the aliases are properly mapped.
124 TEST(ExtensionAPIPermissionTest, Aliases) { 141 TEST(ExtensionPermissionsTest, Aliases) {
125 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 142 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
126 // tabs: tabs, windows 143 // tabs: tabs, windows
127 std::string tabs_name = "tabs"; 144 std::string tabs_name = "tabs";
128 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); 145 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name());
129 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); 146 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
130 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); 147 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id());
131 148
132 // unlimitedStorage: unlimitedStorage, unlimited_storage 149 // unlimitedStorage: unlimitedStorage, unlimited_storage
133 std::string storage_name = "unlimitedStorage"; 150 std::string storage_name = "unlimitedStorage";
134 EXPECT_EQ(storage_name, info->GetByID( 151 EXPECT_EQ(storage_name, info->GetByID(
135 ExtensionAPIPermission::kUnlimitedStorage)->name()); 152 ExtensionAPIPermission::kUnlimitedStorage)->name());
136 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, 153 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
137 info->GetByName("unlimitedStorage")->id()); 154 info->GetByName("unlimitedStorage")->id());
138 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, 155 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
139 info->GetByName("unlimited_storage")->id()); 156 info->GetByName("unlimited_storage")->id());
140 } 157 }
141 158
142 TEST(ExtensionAPIPermissionTest, HostedAppPermissions) { 159 TEST(ExtensionPermissionsTest, HostedAppPermissions) {
143 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 160 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
144 ExtensionAPIPermissionSet hosted_perms; 161 ExtensionAPIPermissionSet hosted_perms;
145 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); 162 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications);
146 hosted_perms.insert(ExtensionAPIPermission::kBackground); 163 hosted_perms.insert(ExtensionAPIPermission::kBackground);
147 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); 164 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead);
148 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); 165 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite);
149 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); 166 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate);
150 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); 167 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate);
151 hosted_perms.insert(ExtensionAPIPermission::kExperimental); 168 hosted_perms.insert(ExtensionAPIPermission::kExperimental);
152 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); 169 hosted_perms.insert(ExtensionAPIPermission::kGeolocation);
153 hosted_perms.insert(ExtensionAPIPermission::kNotification); 170 hosted_perms.insert(ExtensionAPIPermission::kNotification);
154 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); 171 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage);
155 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); 172 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
156 173
174 DictionaryValue source;
175 source.SetString(keys::kName, "permission hosted app test");
176 source.SetString(keys::kVersion, "1");
177 source.SetInteger(keys::kManifestVersion, 2);
178 ListValue* urls = new ListValue();
179 urls->Append(Value::CreateStringValue("http://localhost/test.html"));
180 source.Set(keys::kWebURLs, urls);
181 source.SetString(keys::kLaunchWebURL, "http://localhost/test.html");
182
157 ExtensionAPIPermissionSet perms = info->GetAll(); 183 ExtensionAPIPermissionSet perms = info->GetAll();
158 size_t count = 0; 184 size_t count = 0;
159 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 185 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
160 i != perms.end(); ++i) { 186 i != perms.end(); ++i) {
187 ExtensionAPIPermission* permission = info->GetByID(*i);
161 count += hosted_perms.count(*i); 188 count += hosted_perms.count(*i);
162 EXPECT_EQ(hosted_perms.count(*i) > 0, 189 EXPECT_EQ(hosted_perms.count(*i) > 0, permission->supports_hosted_apps());
163 info->GetByID(*i)->supports_hosted_apps()); 190 if (permission->supports_hosted_apps())
191 continue;
192
193 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
194 ListValue* permissions = new ListValue();
195 permissions->Append(Value::CreateStringValue(permission->name()));
196 manifest->Set(keys::kPermissions, permissions);
197
198 // This error may be generated for other reasons too, like if the permission
199 // has a whitelist.
200 LoadManifestAndExpectError(
201 manifest.get(), Extension::INTERNAL, permission->name());
164 } 202 }
165 203
166 EXPECT_EQ(hosted_perms.size(), count); 204 EXPECT_EQ(hosted_perms.size(), count);
167 } 205 }
168 206
169 TEST(ExtensionAPIPermissionTest, PlatformAppPermissions) { 207 TEST(ExtensionPermissionsTest, PlatformAppPermissions) {
170 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 208 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
171 ExtensionAPIPermissionSet blacklist; 209 ExtensionAPIPermissionSet blacklist;
172 blacklist.insert(ExtensionAPIPermission::kAppNotifications); 210 blacklist.insert(ExtensionAPIPermission::kAppNotifications);
173 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); 211 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate);
174 blacklist.insert(ExtensionAPIPermission::kChromePrivate); 212 blacklist.insert(ExtensionAPIPermission::kChromePrivate);
175 blacklist.insert(ExtensionAPIPermission::kCookie); 213 blacklist.insert(ExtensionAPIPermission::kCookie);
176 blacklist.insert(ExtensionAPIPermission::kTab); 214 blacklist.insert(ExtensionAPIPermission::kTab);
177 blacklist.insert(ExtensionAPIPermission::kWebNavigation); 215 blacklist.insert(ExtensionAPIPermission::kWebNavigation);
178 blacklist.insert(ExtensionAPIPermission::kWebRequest); 216 blacklist.insert(ExtensionAPIPermission::kWebRequest);
179 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); 217 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking);
180 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); 218 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate);
181 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); 219 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate);
182 220
221 DictionaryValue source;
222 source.SetString(keys::kName, "permission platform app test");
223 source.SetString(keys::kVersion, "1");
224 source.SetInteger(keys::kManifestVersion, 2);
225 source.SetBoolean(keys::kPlatformApp, true);
226 source.SetString(keys::kLaunchLocalPath, "test.html");
227 source.SetString(keys::kLaunchContainer, values::kLaunchContainerShell);
228
183 ExtensionAPIPermissionSet perms = info->GetAll(); 229 ExtensionAPIPermissionSet perms = info->GetAll();
184 size_t count = 0; 230 size_t count = 0;
185 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 231 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
186 i != perms.end(); ++i) { 232 i != perms.end(); ++i) {
233 ExtensionAPIPermission* permission = info->GetByID(*i);
187 count += blacklist.count(*i); 234 count += blacklist.count(*i);
188 EXPECT_EQ(blacklist.count(*i) > 0, 235 EXPECT_EQ(blacklist.count(*i) > 0, !permission->supports_platform_apps());
189 !info->GetByID(*i)->supports_platform_apps()); 236
237 if (permission->supports_platform_apps())
238 continue;
239
240 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
241 ListValue* permissions = new ListValue();
242 permissions->Append(Value::CreateStringValue(permission->name()));
243 manifest->Set(keys::kPermissions, permissions);
244
245 // This error may be generated for other reasons too, like if the permission
246 // has a whitelist.
247 LoadManifestAndExpectError(
248 manifest.get(), Extension::INTERNAL, permission->name());
190 } 249 }
191 250
192 EXPECT_EQ(blacklist.size(), count); 251 EXPECT_EQ(blacklist.size(), count);
193 } 252 }
194 253
195 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { 254 TEST(ExtensionPermissionsTest, ComponentOnlyPermissions) {
196 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 255 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
197 ExtensionAPIPermissionSet private_perms; 256 ExtensionAPIPermissionSet private_perms;
198 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); 257 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate);
199 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); 258 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
200 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); 259 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate);
201 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); 260 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
202 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); 261 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate);
203 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); 262 private_perms.insert(ExtensionAPIPermission::kSystemPrivate);
204 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); 263 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
205 264
265 DictionaryValue source;
266 source.SetString(keys::kName, "component only permission test");
267 source.SetString(keys::kVersion, "1");
268 source.SetInteger(keys::kManifestVersion, 2);
269
206 ExtensionAPIPermissionSet perms = info->GetAll(); 270 ExtensionAPIPermissionSet perms = info->GetAll();
207 int count = 0; 271 int count = 0;
208 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 272 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
209 i != perms.end(); ++i) { 273 i != perms.end(); ++i) {
274 ExtensionAPIPermission* permission = info->GetByID(*i);
210 count += private_perms.count(*i); 275 count += private_perms.count(*i);
211 EXPECT_EQ(private_perms.count(*i) > 0, 276 EXPECT_EQ(private_perms.count(*i) > 0, permission->is_component_only());
212 info->GetByID(*i)->is_component_only()); 277
278 if (!permission->is_component_only())
279 continue;
280
281 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
282 ListValue* permissions = new ListValue();
283 permissions->Append(Value::CreateStringValue(permission->name()));
284 manifest->Set(keys::kPermissions, permissions);
285
286 LoadManifestAndExpectError(
287 manifest.get(), Extension::INTERNAL, permission->name());
213 } 288 }
214 289
215 EXPECT_EQ(7, count); 290 EXPECT_EQ(7, count);
216 } 291 }
217 292
218 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { 293 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
219 scoped_refptr<Extension> extension; 294 scoped_refptr<Extension> extension;
220 scoped_refptr<const ExtensionPermissionSet> permissions; 295 scoped_refptr<const ExtensionPermissionSet> permissions;
221 296
222 extension = LoadManifest("effective_host_permissions", "empty.json"); 297 extension = LoadManifest("effective_host_permissions", "empty.json");
223 permissions = extension->GetActivePermissions(); 298 permissions = extension->GetActivePermissions();
224 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); 299 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
225 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( 300 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
226 GURL("http://www.google.com"))); 301 GURL("http://www.google.com")));
227 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 302 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
228 303
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
284 359
285 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 360 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
286 permissions = extension->GetActivePermissions(); 361 permissions = extension->GetActivePermissions();
287 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); 362 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
288 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); 363 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
289 EXPECT_TRUE( 364 EXPECT_TRUE(
290 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 365 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
291 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); 366 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
292 } 367 }
293 368
294 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { 369 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) {
295 ExtensionAPIPermissionSet apis; 370 ExtensionAPIPermissionSet apis;
296 URLPatternSet explicit_hosts; 371 URLPatternSet explicit_hosts;
297 URLPatternSet scriptable_hosts; 372 URLPatternSet scriptable_hosts;
298 373
299 AddPattern(&explicit_hosts, "http://*.google.com/*"); 374 AddPattern(&explicit_hosts, "http://*.google.com/*");
300 // The explicit host paths should get set to /*. 375 // The explicit host paths should get set to /*.
301 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); 376 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
302 377
303 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( 378 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
304 apis, explicit_hosts, scriptable_hosts); 379 apis, explicit_hosts, scriptable_hosts);
305 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 380 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
306 GURL("http://www.google.com/"))); 381 GURL("http://www.google.com/")));
307 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 382 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
308 GURL("http://test.google.com/"))); 383 GURL("http://test.google.com/")));
309 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 384 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
310 GURL("http://www.example.com"))); 385 GURL("http://www.example.com")));
311 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( 386 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
312 GURL("http://www.example.com"))); 387 GURL("http://www.example.com")));
313 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( 388 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
314 GURL("http://test.example.com"))); 389 GURL("http://test.example.com")));
315 } 390 }
316 391
317 TEST(ExtensionPermissionSetTest, CreateUnion) { 392 TEST(ExtensionPermissionsTest, CreateUnion) {
318 ExtensionAPIPermissionSet apis1; 393 ExtensionAPIPermissionSet apis1;
319 ExtensionAPIPermissionSet apis2; 394 ExtensionAPIPermissionSet apis2;
320 ExtensionAPIPermissionSet expected_apis; 395 ExtensionAPIPermissionSet expected_apis;
321 396
322 URLPatternSet explicit_hosts1; 397 URLPatternSet explicit_hosts1;
323 URLPatternSet explicit_hosts2; 398 URLPatternSet explicit_hosts2;
324 URLPatternSet expected_explicit_hosts; 399 URLPatternSet expected_explicit_hosts;
325 400
326 URLPatternSet scriptable_hosts1; 401 URLPatternSet scriptable_hosts1;
327 URLPatternSet scriptable_hosts2; 402 URLPatternSet scriptable_hosts2;
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
388 EXPECT_TRUE(union_set->Contains(*set2)); 463 EXPECT_TRUE(union_set->Contains(*set2));
389 464
390 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); 465 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
391 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); 466 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
392 EXPECT_EQ(expected_apis, union_set->apis()); 467 EXPECT_EQ(expected_apis, union_set->apis());
393 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); 468 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
394 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); 469 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
395 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); 470 EXPECT_EQ(effective_hosts, union_set->effective_hosts());
396 } 471 }
397 472
398 TEST(ExtensionPermissionSetTest, CreateIntersection) { 473 TEST(ExtensionPermissionsTest, CreateIntersection) {
399 ExtensionAPIPermissionSet apis1; 474 ExtensionAPIPermissionSet apis1;
400 ExtensionAPIPermissionSet apis2; 475 ExtensionAPIPermissionSet apis2;
401 ExtensionAPIPermissionSet expected_apis; 476 ExtensionAPIPermissionSet expected_apis;
402 477
403 URLPatternSet explicit_hosts1; 478 URLPatternSet explicit_hosts1;
404 URLPatternSet explicit_hosts2; 479 URLPatternSet explicit_hosts2;
405 URLPatternSet expected_explicit_hosts; 480 URLPatternSet expected_explicit_hosts;
406 481
407 URLPatternSet scriptable_hosts1; 482 URLPatternSet scriptable_hosts1;
408 URLPatternSet scriptable_hosts2; 483 URLPatternSet scriptable_hosts2;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
464 EXPECT_FALSE(new_set->Contains(*set2)); 539 EXPECT_FALSE(new_set->Contains(*set2));
465 540
466 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); 541 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
467 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); 542 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
468 EXPECT_EQ(expected_apis, new_set->apis()); 543 EXPECT_EQ(expected_apis, new_set->apis());
469 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 544 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
470 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 545 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
471 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 546 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
472 } 547 }
473 548
474 TEST(ExtensionPermissionSetTest, CreateDifference) { 549 TEST(ExtensionPermissionsTest, CreateDifference) {
475 ExtensionAPIPermissionSet apis1; 550 ExtensionAPIPermissionSet apis1;
476 ExtensionAPIPermissionSet apis2; 551 ExtensionAPIPermissionSet apis2;
477 ExtensionAPIPermissionSet expected_apis; 552 ExtensionAPIPermissionSet expected_apis;
478 553
479 URLPatternSet explicit_hosts1; 554 URLPatternSet explicit_hosts1;
480 URLPatternSet explicit_hosts2; 555 URLPatternSet explicit_hosts2;
481 URLPatternSet expected_explicit_hosts; 556 URLPatternSet expected_explicit_hosts;
482 557
483 URLPatternSet scriptable_hosts1; 558 URLPatternSet scriptable_hosts1;
484 URLPatternSet scriptable_hosts2; 559 URLPatternSet scriptable_hosts2;
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
528 EXPECT_EQ(expected_apis, new_set->apis()); 603 EXPECT_EQ(expected_apis, new_set->apis());
529 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 604 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
530 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 605 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
531 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 606 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
532 607
533 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set 608 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
534 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); 609 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get());
535 EXPECT_TRUE(set1->IsEmpty()); 610 EXPECT_TRUE(set1->IsEmpty());
536 } 611 }
537 612
538 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { 613 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) {
539 const struct { 614 const struct {
540 const char* base_name; 615 const char* base_name;
541 // Increase these sizes if you have more than 10. 616 // Increase these sizes if you have more than 10.
542 const char* granted_apis[10]; 617 const char* granted_apis[10];
543 const char* granted_hosts[10]; 618 const char* granted_hosts[10];
544 bool full_access; 619 bool full_access;
545 bool expect_increase; 620 bool expect_increase;
546 } kTests[] = { 621 } kTests[] = {
547 { "allhosts1", {NULL}, {"http://*/", NULL}, false, 622 { "allhosts1", {NULL}, {"http://*/", NULL}, false,
548 false }, // all -> all 623 false }, // all -> all
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
621 scoped_refptr<const ExtensionPermissionSet> old_p( 696 scoped_refptr<const ExtensionPermissionSet> old_p(
622 old_extension->GetActivePermissions()); 697 old_extension->GetActivePermissions());
623 scoped_refptr<const ExtensionPermissionSet> new_p( 698 scoped_refptr<const ExtensionPermissionSet> new_p(
624 new_extension->GetActivePermissions()); 699 new_extension->GetActivePermissions());
625 700
626 EXPECT_EQ(kTests[i].expect_increase, 701 EXPECT_EQ(kTests[i].expect_increase,
627 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; 702 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name;
628 } 703 }
629 } 704 }
630 705
631 TEST(ExtensionPermissionSetTest, PermissionMessages) { 706 TEST(ExtensionPermissionsTest, PermissionMessages) {
632 // Ensure that all permissions that needs to show install UI actually have 707 // Ensure that all permissions that needs to show install UI actually have
633 // strings associated with them. 708 // strings associated with them.
634 ExtensionAPIPermissionSet skip; 709 ExtensionAPIPermissionSet skip;
635 710
636 // These are considered "nuisance" or "trivial" permissions that don't need 711 // These are considered "nuisance" or "trivial" permissions that don't need
637 // a prompt. 712 // a prompt.
638 skip.insert(ExtensionAPIPermission::kAppNotifications); 713 skip.insert(ExtensionAPIPermission::kAppNotifications);
639 skip.insert(ExtensionAPIPermission::kContextMenus); 714 skip.insert(ExtensionAPIPermission::kContextMenus);
640 skip.insert(ExtensionAPIPermission::kIdle); 715 skip.insert(ExtensionAPIPermission::kIdle);
641 skip.insert(ExtensionAPIPermission::kNotification); 716 skip.insert(ExtensionAPIPermission::kNotification);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
695 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) 770 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id())
696 << "unexpected message_id for " << permission->name(); 771 << "unexpected message_id for " << permission->name();
697 } else { 772 } else {
698 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) 773 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id())
699 << "missing message_id for " << permission->name(); 774 << "missing message_id for " << permission->name();
700 } 775 }
701 } 776 }
702 } 777 }
703 778
704 // Tests the default permissions (empty API permission set). 779 // Tests the default permissions (empty API permission set).
705 TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) { 780 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) {
706 const struct { 781 const struct {
707 const char* permission_name; 782 const char* permission_name;
708 bool expect_success; 783 bool expect_success;
709 } kTests[] = { 784 } kTests[] = {
710 // Negative test. 785 // Negative test.
711 { "non_existing_permission", false }, 786 { "non_existing_permission", false },
712 // Test default module/package permission. 787 // Test default module/package permission.
713 { "browserAction", true }, 788 { "browserAction", true },
714 { "devtools", true }, 789 { "devtools", true },
715 { "extension", true }, 790 { "extension", true },
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
763 { "tabs", true}, 838 { "tabs", true},
764 }; 839 };
765 840
766 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); 841 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
767 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { 842 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
768 EXPECT_EQ(kTests[i].expect_success, 843 EXPECT_EQ(kTests[i].expect_success,
769 empty->HasAnyAccessToAPI(kTests[i].api_name)); 844 empty->HasAnyAccessToAPI(kTests[i].api_name));
770 } 845 }
771 } 846 }
772 847
773 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { 848 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) {
774 scoped_refptr<Extension> extension; 849 scoped_refptr<Extension> extension;
775 850
776 extension = LoadManifest("permissions", "many-hosts.json"); 851 extension = LoadManifest("permissions", "many-hosts.json");
777 std::vector<string16> warnings = 852 std::vector<string16> warnings =
778 extension->GetActivePermissions()->GetWarningMessages(); 853 extension->GetActivePermissions()->GetWarningMessages();
779 ASSERT_EQ(1u, warnings.size()); 854 ASSERT_EQ(1u, warnings.size());
780 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", 855 EXPECT_EQ("Your data on encrypted.google.com and www.google.com",
781 UTF16ToUTF8(warnings[0])); 856 UTF16ToUTF8(warnings[0]));
782 } 857 }
783 858
784 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { 859 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) {
785 scoped_refptr<Extension> extension; 860 scoped_refptr<Extension> extension;
786 scoped_refptr<ExtensionPermissionSet> permissions; 861 scoped_refptr<ExtensionPermissionSet> permissions;
787 862
788 extension = LoadManifest("permissions", "plugins.json"); 863 extension = LoadManifest("permissions", "plugins.json");
789 std::vector<string16> warnings = 864 std::vector<string16> warnings =
790 extension->GetActivePermissions()->GetWarningMessages(); 865 extension->GetActivePermissions()->GetWarningMessages();
791 // We don't parse the plugins key on Chrome OS, so it should not ask for any 866 // We don't parse the plugins key on Chrome OS, so it should not ask for any
792 // permissions. 867 // permissions.
793 #if defined(OS_CHROMEOS) 868 #if defined(OS_CHROMEOS)
794 ASSERT_EQ(0u, warnings.size()); 869 ASSERT_EQ(0u, warnings.size());
795 #else 870 #else
796 ASSERT_EQ(1u, warnings.size()); 871 ASSERT_EQ(1u, warnings.size());
797 EXPECT_EQ("All data on your computer and the websites you visit", 872 EXPECT_EQ("All data on your computer and the websites you visit",
798 UTF16ToUTF8(warnings[0])); 873 UTF16ToUTF8(warnings[0]));
799 #endif 874 #endif
800 } 875 }
801 876
802 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) { 877 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) {
803 scoped_refptr<ExtensionPermissionSet> perm_set; 878 scoped_refptr<ExtensionPermissionSet> perm_set;
804 ExtensionAPIPermissionSet empty_perms; 879 ExtensionAPIPermissionSet empty_perms;
805 std::set<std::string> expected; 880 std::set<std::string> expected;
806 expected.insert("www.foo.com"); 881 expected.insert("www.foo.com");
807 expected.insert("www.bar.com"); 882 expected.insert("www.bar.com");
808 expected.insert("www.baz.com"); 883 expected.insert("www.baz.com");
809 URLPatternSet explicit_hosts; 884 URLPatternSet explicit_hosts;
810 URLPatternSet scriptable_hosts; 885 URLPatternSet scriptable_hosts;
811 886
812 { 887 {
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
948 1023
949 explicit_hosts.AddPattern( 1024 explicit_hosts.AddPattern(
950 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); 1025 URLPattern(URLPattern::SCHEME_FILE, "file:///*"));
951 1026
952 perm_set = new ExtensionPermissionSet( 1027 perm_set = new ExtensionPermissionSet(
953 empty_perms, explicit_hosts, scriptable_hosts); 1028 empty_perms, explicit_hosts, scriptable_hosts);
954 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1029 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
955 } 1030 }
956 } 1031 }
957 1032
958 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) { 1033 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
959 scoped_refptr<ExtensionPermissionSet> perm_set; 1034 scoped_refptr<ExtensionPermissionSet> perm_set;
960 ExtensionAPIPermissionSet empty_perms; 1035 ExtensionAPIPermissionSet empty_perms;
961 URLPatternSet explicit_hosts; 1036 URLPatternSet explicit_hosts;
962 URLPatternSet scriptable_hosts; 1037 URLPatternSet scriptable_hosts;
963 explicit_hosts.AddPattern( 1038 explicit_hosts.AddPattern(
964 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1039 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
965 explicit_hosts.AddPattern( 1040 explicit_hosts.AddPattern(
966 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
967 explicit_hosts.AddPattern( 1042 explicit_hosts.AddPattern(
968 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1043 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
969 explicit_hosts.AddPattern( 1044 explicit_hosts.AddPattern(
970 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1045 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
971 explicit_hosts.AddPattern( 1046 explicit_hosts.AddPattern(
972 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1047 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
973 explicit_hosts.AddPattern( 1048 explicit_hosts.AddPattern(
974 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1049 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
975 1050
976 std::set<std::string> expected; 1051 std::set<std::string> expected;
977 expected.insert("www.foo.com"); 1052 expected.insert("www.foo.com");
978 perm_set = new ExtensionPermissionSet( 1053 perm_set = new ExtensionPermissionSet(
979 empty_perms, explicit_hosts, scriptable_hosts); 1054 empty_perms, explicit_hosts, scriptable_hosts);
980 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1055 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
981 } 1056 }
982 1057
983 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { 1058 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
984 scoped_refptr<ExtensionPermissionSet> perm_set; 1059 scoped_refptr<ExtensionPermissionSet> perm_set;
985 ExtensionAPIPermissionSet empty_perms; 1060 ExtensionAPIPermissionSet empty_perms;
986 URLPatternSet explicit_hosts; 1061 URLPatternSet explicit_hosts;
987 URLPatternSet scriptable_hosts; 1062 URLPatternSet scriptable_hosts;
988 explicit_hosts.AddPattern( 1063 explicit_hosts.AddPattern(
989 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1064 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
990 explicit_hosts.AddPattern( 1065 explicit_hosts.AddPattern(
991 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1066 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
992 explicit_hosts.AddPattern( 1067 explicit_hosts.AddPattern(
993 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1068 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
994 explicit_hosts.AddPattern( 1069 explicit_hosts.AddPattern(
995 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1070 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
996 explicit_hosts.AddPattern( 1071 explicit_hosts.AddPattern(
997 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1072 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
998 // No http://www.foo.com/path 1073 // No http://www.foo.com/path
999 1074
1000 std::set<std::string> expected; 1075 std::set<std::string> expected;
1001 expected.insert("www.foo.net"); 1076 expected.insert("www.foo.net");
1002 perm_set = new ExtensionPermissionSet( 1077 perm_set = new ExtensionPermissionSet(
1003 empty_perms, explicit_hosts, scriptable_hosts); 1078 empty_perms, explicit_hosts, scriptable_hosts);
1004 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1079 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1005 } 1080 }
1006 1081
1007 TEST(ExtensionPermissionSetTest, 1082 TEST(ExtensionPermissionsTest,
1008 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { 1083 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
1009 scoped_refptr<ExtensionPermissionSet> perm_set; 1084 scoped_refptr<ExtensionPermissionSet> perm_set;
1010 ExtensionAPIPermissionSet empty_perms; 1085 ExtensionAPIPermissionSet empty_perms;
1011 URLPatternSet explicit_hosts; 1086 URLPatternSet explicit_hosts;
1012 URLPatternSet scriptable_hosts; 1087 URLPatternSet scriptable_hosts;
1013 explicit_hosts.AddPattern( 1088 explicit_hosts.AddPattern(
1014 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1089 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1015 explicit_hosts.AddPattern( 1090 explicit_hosts.AddPattern(
1016 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1091 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1017 explicit_hosts.AddPattern( 1092 explicit_hosts.AddPattern(
1018 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1093 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1019 // No http://www.foo.net/path 1094 // No http://www.foo.net/path
1020 explicit_hosts.AddPattern( 1095 explicit_hosts.AddPattern(
1021 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1096 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1022 // No http://www.foo.com/path 1097 // No http://www.foo.com/path
1023 1098
1024 std::set<std::string> expected; 1099 std::set<std::string> expected;
1025 expected.insert("www.foo.org"); 1100 expected.insert("www.foo.org");
1026 perm_set = new ExtensionPermissionSet( 1101 perm_set = new ExtensionPermissionSet(
1027 empty_perms, explicit_hosts, scriptable_hosts); 1102 empty_perms, explicit_hosts, scriptable_hosts);
1028 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1103 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1029 } 1104 }
1030 1105
1031 TEST(ExtensionPermissionSetTest, 1106 TEST(ExtensionPermissionsTest,
1032 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { 1107 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
1033 scoped_refptr<ExtensionPermissionSet> perm_set; 1108 scoped_refptr<ExtensionPermissionSet> perm_set;
1034 ExtensionAPIPermissionSet empty_perms; 1109 ExtensionAPIPermissionSet empty_perms;
1035 URLPatternSet explicit_hosts; 1110 URLPatternSet explicit_hosts;
1036 URLPatternSet scriptable_hosts; 1111 URLPatternSet scriptable_hosts;
1037 explicit_hosts.AddPattern( 1112 explicit_hosts.AddPattern(
1038 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1113 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1039 // No http://www.foo.org/path 1114 // No http://www.foo.org/path
1040 explicit_hosts.AddPattern( 1115 explicit_hosts.AddPattern(
1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1116 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1042 // No http://www.foo.net/path 1117 // No http://www.foo.net/path
1043 explicit_hosts.AddPattern( 1118 explicit_hosts.AddPattern(
1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1119 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1045 // No http://www.foo.com/path 1120 // No http://www.foo.com/path
1046 1121
1047 std::set<std::string> expected; 1122 std::set<std::string> expected;
1048 expected.insert("www.foo.ca"); 1123 expected.insert("www.foo.ca");
1049 perm_set = new ExtensionPermissionSet( 1124 perm_set = new ExtensionPermissionSet(
1050 empty_perms, explicit_hosts, scriptable_hosts); 1125 empty_perms, explicit_hosts, scriptable_hosts);
1051 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1126 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1052 } 1127 }
1053 1128
1054 TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) { 1129 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) {
1055 URLPatternSet elist1; 1130 URLPatternSet elist1;
1056 URLPatternSet elist2; 1131 URLPatternSet elist2;
1057 URLPatternSet slist1; 1132 URLPatternSet slist1;
1058 URLPatternSet slist2; 1133 URLPatternSet slist2;
1059 scoped_refptr<ExtensionPermissionSet> set1; 1134 scoped_refptr<ExtensionPermissionSet> set1;
1060 scoped_refptr<ExtensionPermissionSet> set2; 1135 scoped_refptr<ExtensionPermissionSet> set2;
1061 ExtensionAPIPermissionSet empty_perms; 1136 ExtensionAPIPermissionSet empty_perms;
1062 elist1.AddPattern( 1137 elist1.AddPattern(
1063 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); 1138 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1064 elist1.AddPattern( 1139 elist1.AddPattern(
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
1113 1188
1114 // Test that different subdomains count as different hosts. 1189 // Test that different subdomains count as different hosts.
1115 elist2.ClearPatterns(); 1190 elist2.ClearPatterns();
1116 elist2.AddPattern( 1191 elist2.AddPattern(
1117 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); 1192 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
1118 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); 1193 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1119 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); 1194 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1120 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); 1195 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
1121 } 1196 }
1122 1197
1123 TEST(ExtensionPermissionSetTest, GetAPIsAsStrings) { 1198 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) {
1124 ExtensionAPIPermissionSet apis; 1199 ExtensionAPIPermissionSet apis;
1125 URLPatternSet empty_set; 1200 URLPatternSet empty_set;
1126 1201
1127 apis.insert(ExtensionAPIPermission::kProxy); 1202 apis.insert(ExtensionAPIPermission::kProxy);
1128 apis.insert(ExtensionAPIPermission::kBackground); 1203 apis.insert(ExtensionAPIPermission::kBackground);
1129 apis.insert(ExtensionAPIPermission::kNotification); 1204 apis.insert(ExtensionAPIPermission::kNotification);
1130 apis.insert(ExtensionAPIPermission::kTab); 1205 apis.insert(ExtensionAPIPermission::kTab);
1131 1206
1132 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( 1207 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
1133 apis, empty_set, empty_set); 1208 apis, empty_set, empty_set);
1134 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); 1209 std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
1135 1210
1136 // The result is correct if it has the same number of elements 1211 // The result is correct if it has the same number of elements
1137 // and we can convert it back to the id set. 1212 // and we can convert it back to the id set.
1138 EXPECT_EQ(4u, api_names.size()); 1213 EXPECT_EQ(4u, api_names.size());
1139 EXPECT_EQ(apis, 1214 EXPECT_EQ(apis,
1140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); 1215 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names));
1141 } 1216 }
1142 1217
1143 TEST(ExtensionPermissionSetTest, IsEmpty) { 1218 TEST(ExtensionPermissionsTest, IsEmpty) {
1144 ExtensionAPIPermissionSet empty_apis; 1219 ExtensionAPIPermissionSet empty_apis;
1145 URLPatternSet empty_extent; 1220 URLPatternSet empty_extent;
1146 1221
1147 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); 1222 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
1148 EXPECT_TRUE(empty->IsEmpty()); 1223 EXPECT_TRUE(empty->IsEmpty());
1149 scoped_refptr<ExtensionPermissionSet> perm_set; 1224 scoped_refptr<ExtensionPermissionSet> perm_set;
1150 1225
1151 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); 1226 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
1152 EXPECT_TRUE(perm_set->IsEmpty()); 1227 EXPECT_TRUE(perm_set->IsEmpty());
1153 1228
1154 ExtensionAPIPermissionSet non_empty_apis; 1229 ExtensionAPIPermissionSet non_empty_apis;
1155 non_empty_apis.insert(ExtensionAPIPermission::kBackground); 1230 non_empty_apis.insert(ExtensionAPIPermission::kBackground);
1156 perm_set = new ExtensionPermissionSet( 1231 perm_set = new ExtensionPermissionSet(
1157 non_empty_apis, empty_extent, empty_extent); 1232 non_empty_apis, empty_extent, empty_extent);
1158 EXPECT_FALSE(perm_set->IsEmpty()); 1233 EXPECT_FALSE(perm_set->IsEmpty());
1159 1234
1160 // Try non standard host 1235 // Try non standard host
1161 URLPatternSet non_empty_extent; 1236 URLPatternSet non_empty_extent;
1162 AddPattern(&non_empty_extent, "http://www.google.com/*"); 1237 AddPattern(&non_empty_extent, "http://www.google.com/*");
1163 1238
1164 perm_set = new ExtensionPermissionSet( 1239 perm_set = new ExtensionPermissionSet(
1165 empty_apis, non_empty_extent, empty_extent); 1240 empty_apis, non_empty_extent, empty_extent);
1166 EXPECT_FALSE(perm_set->IsEmpty()); 1241 EXPECT_FALSE(perm_set->IsEmpty());
1167 1242
1168 perm_set = new ExtensionPermissionSet( 1243 perm_set = new ExtensionPermissionSet(
1169 empty_apis, empty_extent, non_empty_extent); 1244 empty_apis, empty_extent, non_empty_extent);
1170 EXPECT_FALSE(perm_set->IsEmpty()); 1245 EXPECT_FALSE(perm_set->IsEmpty());
1171 } 1246 }
1247
1248 // Tests that permission whitelists are enforced.
1249 TEST(ExtensionPermissionsTest, Whitelists) {
1250 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
1251 ExtensionAPIPermissionSet ids = info->GetAll();
1252
1253 // We CHECK if a developer tries to register a whitelist without setting
1254 // kFlagEnforceWhitelist, so there's no need to enumerate the permissions we
1255 // expect to have whitelists.
1256
1257 DictionaryValue source;
1258 source.SetString(keys::kName, "permission whitelist test");
1259 source.SetString(keys::kVersion, "1");
1260 source.SetInteger(keys::kManifestVersion, 2);
1261
1262 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
1263 i != ids.end(); ++i) {
1264 ExtensionAPIPermission* permission = info->GetByID(*i);
1265 if (!permission->should_enforce_whitelist())
1266 continue;
1267
1268 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
1269 ListValue* permissions = new ListValue();
1270 permissions->Append(Value::CreateStringValue(permission->name()));
1271 manifest->Set(keys::kPermissions, permissions);
1272
1273 // Even COMPONENT extensions are subject to the whitelist.
1274 LoadManifestAndExpectError(
1275 manifest.get(), Extension::COMPONENT, permission->name());
1276 }
1277 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698