Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Side by Side Diff: chrome/common/extensions/extension_permission_set_unittest.cc

Issue 9317013: Add a centralized mechanism for whitelisting access to extension permissions. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: fix a couple tests Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/extension_permission_set.h" 5 #include "chrome/common/extensions/extension_permission_set.h"
6 6
7 #include "base/json/json_value_serializer.h" 7 #include "base/json/json_value_serializer.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "base/utf_string_conversions.h" 10 #include "base/utf_string_conversions.h"
11 #include "chrome/common/chrome_paths.h" 11 #include "chrome/common/chrome_paths.h"
12 #include "chrome/common/extensions/extension.h" 12 #include "chrome/common/extensions/extension.h"
13 #include "chrome/common/extensions/extension_constants.h"
14 #include "chrome/common/extensions/extension_error_utils.h"
15 #include "chrome/common/extensions/extension_permission_set.h"
13 #include "testing/gtest/include/gtest/gtest.h" 16 #include "testing/gtest/include/gtest/gtest.h"
14 17
18 namespace errors = extension_manifest_errors;
19 namespace keys = extension_manifest_keys;
20 namespace values = extension_manifest_values;
15 namespace { 21 namespace {
16 22
17 static scoped_refptr<Extension> LoadManifest(const std::string& dir, 23 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
18 const std::string& test_file, 24 const std::string& test_file,
19 int extra_flags) { 25 int extra_flags) {
20 FilePath path; 26 FilePath path;
21 PathService::Get(chrome::DIR_TEST_DATA, &path); 27 PathService::Get(chrome::DIR_TEST_DATA, &path);
22 path = path.AppendASCII("extensions") 28 path = path.AppendASCII("extensions")
23 .AppendASCII(dir) 29 .AppendASCII(dir)
24 .AppendASCII(test_file); 30 .AppendASCII(test_file);
(...skipping 12 matching lines...) Expand all
37 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); 43 Extension::STRICT_ERROR_CHECKS | extra_flags, &error);
38 EXPECT_TRUE(extension) << error; 44 EXPECT_TRUE(extension) << error;
39 return extension; 45 return extension;
40 } 46 }
41 47
42 static scoped_refptr<Extension> LoadManifest(const std::string& dir, 48 static scoped_refptr<Extension> LoadManifest(const std::string& dir,
43 const std::string& test_file) { 49 const std::string& test_file) {
44 return LoadManifest(dir, test_file, Extension::NO_FLAGS); 50 return LoadManifest(dir, test_file, Extension::NO_FLAGS);
45 } 51 }
46 52
53 static void LoadManifestAndExpectError(DictionaryValue* manifest,
54 Extension::Location location,
55 const std::string& expected_error) {
56 std::string error;
57 scoped_refptr<Extension> extension = Extension::Create(
58 FilePath(), location, *manifest,
59 Extension::STRICT_ERROR_CHECKS, &error);
60
61 EXPECT_FALSE(extension);
62 EXPECT_EQ(expected_error, error);
63 }
64
47 void CompareLists(const std::vector<std::string>& expected, 65 void CompareLists(const std::vector<std::string>& expected,
48 const std::vector<std::string>& actual) { 66 const std::vector<std::string>& actual) {
49 ASSERT_EQ(expected.size(), actual.size()); 67 ASSERT_EQ(expected.size(), actual.size());
50 68
51 for (size_t i = 0; i < expected.size(); ++i) { 69 for (size_t i = 0; i < expected.size(); ++i) {
52 EXPECT_EQ(expected[i], actual[i]); 70 EXPECT_EQ(expected[i], actual[i]);
53 } 71 }
54 } 72 }
55 73
56 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { 74 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
57 int schemes = URLPattern::SCHEME_ALL; 75 int schemes = URLPattern::SCHEME_ALL;
58 extent->AddPattern(URLPattern(schemes, pattern)); 76 extent->AddPattern(URLPattern(schemes, pattern));
59 } 77 }
60 78
61 } // namespace 79 } // namespace
62 80
63 class ExtensionAPIPermissionTest : public testing::Test { 81 class ExtensionPermissionsTest : public testing::Test {
64 }; 82 };
65 83
66 class ExtensionPermissionSetTest : public testing::Test {
67 };
68
69
70 // Tests GetByID. 84 // Tests GetByID.
71 TEST(ExtensionPermissionsInfoTest, GetByID) { 85 TEST(ExtensionPermissionsTest, GetByID) {
72 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 86 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
73 ExtensionAPIPermissionSet ids = info->GetAll(); 87 ExtensionAPIPermissionSet ids = info->GetAll();
74 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); 88 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
75 i != ids.end(); ++i) { 89 i != ids.end(); ++i) {
76 EXPECT_EQ(*i, info->GetByID(*i)->id()); 90 EXPECT_EQ(*i, info->GetByID(*i)->id());
77 } 91 }
78 } 92 }
79 93
80 // Tests that GetByName works with normal permission names and aliases. 94 // Tests that GetByName works with normal permission names and aliases.
81 TEST(ExtensionPermissionsInfoTest, GetByName) { 95 TEST(ExtensionPermissionsTest, GetByName) {
82 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 96 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
83 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); 97 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
84 EXPECT_EQ(ExtensionAPIPermission::kManagement, 98 EXPECT_EQ(ExtensionAPIPermission::kManagement,
85 info->GetByName("management")->id()); 99 info->GetByName("management")->id());
86 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); 100 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj"));
87 } 101 }
88 102
89 TEST(ExtensionPermissionsInfoTest, GetAll) { 103 TEST(ExtensionPermissionsTest, GetAll) {
90 size_t count = 0; 104 size_t count = 0;
91 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 105 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
92 ExtensionAPIPermissionSet apis = info->GetAll(); 106 ExtensionAPIPermissionSet apis = info->GetAll();
93 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); 107 for (ExtensionAPIPermissionSet::iterator api = apis.begin();
94 api != apis.end(); ++api) { 108 api != apis.end(); ++api) {
95 // Make sure only the valid permission IDs get returned. 109 // Make sure only the valid permission IDs get returned.
96 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); 110 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api);
97 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); 111 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api);
98 count++; 112 count++;
99 } 113 }
100 EXPECT_EQ(count, info->get_permission_count()); 114 EXPECT_EQ(count, info->get_permission_count());
101 } 115 }
102 116
103 TEST(ExtensionPermissionInfoTest, GetAllByName) { 117 TEST(ExtensionPermissionsTest, GetAllByName) {
104 std::set<std::string> names; 118 std::set<std::string> names;
105 names.insert("background"); 119 names.insert("background");
106 names.insert("management"); 120 names.insert("management");
107 121
108 // This is an alias of kTab 122 // This is an alias of kTab
109 names.insert("windows"); 123 names.insert("windows");
110 124
111 // This unknown name should get dropped. 125 // This unknown name should get dropped.
112 names.insert("sdlkfjasdlkfj"); 126 names.insert("sdlkfjasdlkfj");
113 127
114 ExtensionAPIPermissionSet expected; 128 ExtensionAPIPermissionSet expected;
115 expected.insert(ExtensionAPIPermission::kBackground); 129 expected.insert(ExtensionAPIPermission::kBackground);
116 expected.insert(ExtensionAPIPermission::kManagement); 130 expected.insert(ExtensionAPIPermission::kManagement);
117 expected.insert(ExtensionAPIPermission::kTab); 131 expected.insert(ExtensionAPIPermission::kTab);
118 132
119 EXPECT_EQ(expected, 133 EXPECT_EQ(expected,
120 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); 134 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names));
121 } 135 }
122 136
123 // Tests that the aliases are properly mapped. 137 // Tests that the aliases are properly mapped.
124 TEST(ExtensionAPIPermissionTest, Aliases) { 138 TEST(ExtensionPermissionsTest, Aliases) {
125 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 139 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
126 // tabs: tabs, windows 140 // tabs: tabs, windows
127 std::string tabs_name = "tabs"; 141 std::string tabs_name = "tabs";
128 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); 142 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name());
129 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); 143 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id());
130 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); 144 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id());
131 145
132 // unlimitedStorage: unlimitedStorage, unlimited_storage 146 // unlimitedStorage: unlimitedStorage, unlimited_storage
133 std::string storage_name = "unlimitedStorage"; 147 std::string storage_name = "unlimitedStorage";
134 EXPECT_EQ(storage_name, info->GetByID( 148 EXPECT_EQ(storage_name, info->GetByID(
135 ExtensionAPIPermission::kUnlimitedStorage)->name()); 149 ExtensionAPIPermission::kUnlimitedStorage)->name());
136 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, 150 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
137 info->GetByName("unlimitedStorage")->id()); 151 info->GetByName("unlimitedStorage")->id());
138 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, 152 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage,
139 info->GetByName("unlimited_storage")->id()); 153 info->GetByName("unlimited_storage")->id());
140 } 154 }
141 155
142 TEST(ExtensionAPIPermissionTest, HostedAppPermissions) { 156 TEST(ExtensionPermissionsTest, HostedAppPermissions) {
143 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 157 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
144 ExtensionAPIPermissionSet hosted_perms; 158 ExtensionAPIPermissionSet hosted_perms;
145 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); 159 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications);
146 hosted_perms.insert(ExtensionAPIPermission::kBackground); 160 hosted_perms.insert(ExtensionAPIPermission::kBackground);
147 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); 161 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead);
148 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); 162 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite);
149 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); 163 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate);
150 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); 164 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate);
151 hosted_perms.insert(ExtensionAPIPermission::kExperimental); 165 hosted_perms.insert(ExtensionAPIPermission::kExperimental);
152 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); 166 hosted_perms.insert(ExtensionAPIPermission::kGeolocation);
153 hosted_perms.insert(ExtensionAPIPermission::kNotification); 167 hosted_perms.insert(ExtensionAPIPermission::kNotification);
154 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); 168 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage);
155 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); 169 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
156 170
171 DictionaryValue source;
172 source.SetString(keys::kName, "permission hosted app test");
173 source.SetString(keys::kVersion, "1");
174 source.SetInteger(keys::kManifestVersion, 2);
175 ListValue* urls = new ListValue();
176 urls->Append(Value::CreateStringValue("http://localhost/test.html"));
177 source.Set(keys::kWebURLs, urls);
178 source.SetString(keys::kLaunchWebURL, "http://localhost/test.html");
179
157 ExtensionAPIPermissionSet perms = info->GetAll(); 180 ExtensionAPIPermissionSet perms = info->GetAll();
158 size_t count = 0; 181 size_t count = 0;
159 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 182 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
160 i != perms.end(); ++i) { 183 i != perms.end(); ++i) {
184 ExtensionAPIPermission* permission = info->GetByID(*i);
161 count += hosted_perms.count(*i); 185 count += hosted_perms.count(*i);
162 EXPECT_EQ(hosted_perms.count(*i) > 0, 186 EXPECT_EQ(hosted_perms.count(*i) > 0, permission->supports_hosted_apps());
163 info->GetByID(*i)->supports_hosted_apps()); 187 if (permission->supports_hosted_apps())
188 continue;
189
190 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
191 ListValue* permissions = new ListValue();
192 permissions->Append(Value::CreateStringValue(permission->name()));
193 manifest->Set(keys::kPermissions, permissions);
194
195 // This error may be generated for other reasons too, like if the permission
196 // has a whitelist.
197 LoadManifestAndExpectError(
198 manifest.get(), Extension::INTERNAL,
199 ExtensionErrorUtils::FormatErrorMessage(
200 errors::kPermissionNotAllowed, permission->name()));
164 } 201 }
165 202
166 EXPECT_EQ(hosted_perms.size(), count); 203 EXPECT_EQ(hosted_perms.size(), count);
167 } 204 }
168 205
169 TEST(ExtensionAPIPermissionTest, PlatformAppPermissions) { 206 TEST(ExtensionPermissionsTest, PlatformAppPermissions) {
170 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 207 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
171 ExtensionAPIPermissionSet blacklist; 208 ExtensionAPIPermissionSet blacklist;
172 blacklist.insert(ExtensionAPIPermission::kAppNotifications); 209 blacklist.insert(ExtensionAPIPermission::kAppNotifications);
173 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); 210 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate);
174 blacklist.insert(ExtensionAPIPermission::kChromePrivate); 211 blacklist.insert(ExtensionAPIPermission::kChromePrivate);
175 blacklist.insert(ExtensionAPIPermission::kCookie); 212 blacklist.insert(ExtensionAPIPermission::kCookie);
176 blacklist.insert(ExtensionAPIPermission::kTab); 213 blacklist.insert(ExtensionAPIPermission::kTab);
177 blacklist.insert(ExtensionAPIPermission::kWebNavigation); 214 blacklist.insert(ExtensionAPIPermission::kWebNavigation);
178 blacklist.insert(ExtensionAPIPermission::kWebRequest); 215 blacklist.insert(ExtensionAPIPermission::kWebRequest);
179 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); 216 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking);
180 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); 217 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate);
181 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); 218 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate);
182 219
220 DictionaryValue source;
221 source.SetString(keys::kName, "permission platform app test");
222 source.SetString(keys::kVersion, "1");
223 source.SetInteger(keys::kManifestVersion, 2);
224 source.SetBoolean(keys::kPlatformApp, true);
225 source.SetString(keys::kLaunchLocalPath, "test.html");
226 source.SetString(keys::kLaunchContainer, values::kLaunchContainerShell);
227
183 ExtensionAPIPermissionSet perms = info->GetAll(); 228 ExtensionAPIPermissionSet perms = info->GetAll();
184 size_t count = 0; 229 size_t count = 0;
185 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 230 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
186 i != perms.end(); ++i) { 231 i != perms.end(); ++i) {
232 ExtensionAPIPermission* permission = info->GetByID(*i);
187 count += blacklist.count(*i); 233 count += blacklist.count(*i);
188 EXPECT_EQ(blacklist.count(*i) > 0, 234 EXPECT_EQ(blacklist.count(*i) > 0, !permission->supports_platform_apps());
189 !info->GetByID(*i)->supports_platform_apps()); 235
236 if (permission->supports_platform_apps())
237 continue;
238
239 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
240 ListValue* permissions = new ListValue();
241 permissions->Append(Value::CreateStringValue(permission->name()));
242 manifest->Set(keys::kPermissions, permissions);
243
244 // This error may be generated for other reasons too, like if the permission
245 // has a whitelist.
246 LoadManifestAndExpectError(
247 manifest.get(), Extension::INTERNAL,
248 ExtensionErrorUtils::FormatErrorMessage(
249 errors::kPermissionNotAllowed, permission->name()));
190 } 250 }
191 251
192 EXPECT_EQ(blacklist.size(), count); 252 EXPECT_EQ(blacklist.size(), count);
193 } 253 }
194 254
195 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { 255 TEST(ExtensionPermissionsTest, ComponentOnlyPermissions) {
196 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); 256 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
197 ExtensionAPIPermissionSet private_perms; 257 ExtensionAPIPermissionSet private_perms;
198 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); 258 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate);
199 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); 259 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate);
200 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); 260 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate);
201 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); 261 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate);
202 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); 262 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate);
203 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); 263 private_perms.insert(ExtensionAPIPermission::kSystemPrivate);
204 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); 264 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate);
205 265
266 DictionaryValue source;
267 source.SetString(keys::kName, "component only permission test");
268 source.SetString(keys::kVersion, "1");
269 source.SetInteger(keys::kManifestVersion, 2);
270
206 ExtensionAPIPermissionSet perms = info->GetAll(); 271 ExtensionAPIPermissionSet perms = info->GetAll();
207 int count = 0; 272 int count = 0;
208 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); 273 for (ExtensionAPIPermissionSet::iterator i = perms.begin();
209 i != perms.end(); ++i) { 274 i != perms.end(); ++i) {
275 ExtensionAPIPermission* permission = info->GetByID(*i);
210 count += private_perms.count(*i); 276 count += private_perms.count(*i);
211 EXPECT_EQ(private_perms.count(*i) > 0, 277 EXPECT_EQ(private_perms.count(*i) > 0, permission->is_component_only());
212 info->GetByID(*i)->is_component_only()); 278
279 if (!permission->is_component_only())
280 continue;
281
282 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
283 ListValue* permissions = new ListValue();
284 permissions->Append(Value::CreateStringValue(permission->name()));
285 manifest->Set(keys::kPermissions, permissions);
286
287 LoadManifestAndExpectError(
288 manifest.get(), Extension::INTERNAL,
289 ExtensionErrorUtils::FormatErrorMessage(
290 errors::kPermissionNotAllowed, permission->name()));
213 } 291 }
214 292
215 EXPECT_EQ(7, count); 293 EXPECT_EQ(7, count);
216 } 294 }
217 295
218 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { 296 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
219 scoped_refptr<Extension> extension; 297 scoped_refptr<Extension> extension;
220 scoped_refptr<const ExtensionPermissionSet> permissions; 298 scoped_refptr<const ExtensionPermissionSet> permissions;
221 299
222 extension = LoadManifest("effective_host_permissions", "empty.json"); 300 extension = LoadManifest("effective_host_permissions", "empty.json");
223 permissions = extension->GetActivePermissions(); 301 permissions = extension->GetActivePermissions();
224 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); 302 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size());
225 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( 303 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(
226 GURL("http://www.google.com"))); 304 GURL("http://www.google.com")));
227 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); 305 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts());
228 306
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
284 362
285 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 363 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
286 permissions = extension->GetActivePermissions(); 364 permissions = extension->GetActivePermissions();
287 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); 365 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
288 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); 366 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
289 EXPECT_TRUE( 367 EXPECT_TRUE(
290 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); 368 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
291 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); 369 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
292 } 370 }
293 371
294 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { 372 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) {
295 ExtensionAPIPermissionSet apis; 373 ExtensionAPIPermissionSet apis;
296 URLPatternSet explicit_hosts; 374 URLPatternSet explicit_hosts;
297 URLPatternSet scriptable_hosts; 375 URLPatternSet scriptable_hosts;
298 376
299 AddPattern(&explicit_hosts, "http://*.google.com/*"); 377 AddPattern(&explicit_hosts, "http://*.google.com/*");
300 // The explicit host paths should get set to /*. 378 // The explicit host paths should get set to /*.
301 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); 379 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
302 380
303 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( 381 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
304 apis, explicit_hosts, scriptable_hosts); 382 apis, explicit_hosts, scriptable_hosts);
305 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 383 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
306 GURL("http://www.google.com/"))); 384 GURL("http://www.google.com/")));
307 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 385 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
308 GURL("http://test.google.com/"))); 386 GURL("http://test.google.com/")));
309 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( 387 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
310 GURL("http://www.example.com"))); 388 GURL("http://www.example.com")));
311 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( 389 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
312 GURL("http://www.example.com"))); 390 GURL("http://www.example.com")));
313 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( 391 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
314 GURL("http://test.example.com"))); 392 GURL("http://test.example.com")));
315 } 393 }
316 394
317 TEST(ExtensionPermissionSetTest, CreateUnion) { 395 TEST(ExtensionPermissionsTest, CreateUnion) {
318 ExtensionAPIPermissionSet apis1; 396 ExtensionAPIPermissionSet apis1;
319 ExtensionAPIPermissionSet apis2; 397 ExtensionAPIPermissionSet apis2;
320 ExtensionAPIPermissionSet expected_apis; 398 ExtensionAPIPermissionSet expected_apis;
321 399
322 URLPatternSet explicit_hosts1; 400 URLPatternSet explicit_hosts1;
323 URLPatternSet explicit_hosts2; 401 URLPatternSet explicit_hosts2;
324 URLPatternSet expected_explicit_hosts; 402 URLPatternSet expected_explicit_hosts;
325 403
326 URLPatternSet scriptable_hosts1; 404 URLPatternSet scriptable_hosts1;
327 URLPatternSet scriptable_hosts2; 405 URLPatternSet scriptable_hosts2;
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
388 EXPECT_TRUE(union_set->Contains(*set2)); 466 EXPECT_TRUE(union_set->Contains(*set2));
389 467
390 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); 468 EXPECT_TRUE(union_set->HasEffectiveFullAccess());
391 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); 469 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
392 EXPECT_EQ(expected_apis, union_set->apis()); 470 EXPECT_EQ(expected_apis, union_set->apis());
393 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); 471 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
394 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); 472 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
395 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); 473 EXPECT_EQ(effective_hosts, union_set->effective_hosts());
396 } 474 }
397 475
398 TEST(ExtensionPermissionSetTest, CreateIntersection) { 476 TEST(ExtensionPermissionsTest, CreateIntersection) {
399 ExtensionAPIPermissionSet apis1; 477 ExtensionAPIPermissionSet apis1;
400 ExtensionAPIPermissionSet apis2; 478 ExtensionAPIPermissionSet apis2;
401 ExtensionAPIPermissionSet expected_apis; 479 ExtensionAPIPermissionSet expected_apis;
402 480
403 URLPatternSet explicit_hosts1; 481 URLPatternSet explicit_hosts1;
404 URLPatternSet explicit_hosts2; 482 URLPatternSet explicit_hosts2;
405 URLPatternSet expected_explicit_hosts; 483 URLPatternSet expected_explicit_hosts;
406 484
407 URLPatternSet scriptable_hosts1; 485 URLPatternSet scriptable_hosts1;
408 URLPatternSet scriptable_hosts2; 486 URLPatternSet scriptable_hosts2;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
464 EXPECT_FALSE(new_set->Contains(*set2)); 542 EXPECT_FALSE(new_set->Contains(*set2));
465 543
466 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); 544 EXPECT_FALSE(new_set->HasEffectiveFullAccess());
467 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); 545 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
468 EXPECT_EQ(expected_apis, new_set->apis()); 546 EXPECT_EQ(expected_apis, new_set->apis());
469 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 547 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
470 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 548 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
471 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 549 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
472 } 550 }
473 551
474 TEST(ExtensionPermissionSetTest, CreateDifference) { 552 TEST(ExtensionPermissionsTest, CreateDifference) {
475 ExtensionAPIPermissionSet apis1; 553 ExtensionAPIPermissionSet apis1;
476 ExtensionAPIPermissionSet apis2; 554 ExtensionAPIPermissionSet apis2;
477 ExtensionAPIPermissionSet expected_apis; 555 ExtensionAPIPermissionSet expected_apis;
478 556
479 URLPatternSet explicit_hosts1; 557 URLPatternSet explicit_hosts1;
480 URLPatternSet explicit_hosts2; 558 URLPatternSet explicit_hosts2;
481 URLPatternSet expected_explicit_hosts; 559 URLPatternSet expected_explicit_hosts;
482 560
483 URLPatternSet scriptable_hosts1; 561 URLPatternSet scriptable_hosts1;
484 URLPatternSet scriptable_hosts2; 562 URLPatternSet scriptable_hosts2;
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
528 EXPECT_EQ(expected_apis, new_set->apis()); 606 EXPECT_EQ(expected_apis, new_set->apis());
529 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); 607 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
530 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); 608 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
531 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); 609 EXPECT_EQ(effective_hosts, new_set->effective_hosts());
532 610
533 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set 611 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set
534 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); 612 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get());
535 EXPECT_TRUE(set1->IsEmpty()); 613 EXPECT_TRUE(set1->IsEmpty());
536 } 614 }
537 615
538 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { 616 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) {
539 const struct { 617 const struct {
540 const char* base_name; 618 const char* base_name;
541 // Increase these sizes if you have more than 10. 619 // Increase these sizes if you have more than 10.
542 const char* granted_apis[10]; 620 const char* granted_apis[10];
543 const char* granted_hosts[10]; 621 const char* granted_hosts[10];
544 bool full_access; 622 bool full_access;
545 bool expect_increase; 623 bool expect_increase;
546 } kTests[] = { 624 } kTests[] = {
547 { "allhosts1", {NULL}, {"http://*/", NULL}, false, 625 { "allhosts1", {NULL}, {"http://*/", NULL}, false,
548 false }, // all -> all 626 false }, // all -> all
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
621 scoped_refptr<const ExtensionPermissionSet> old_p( 699 scoped_refptr<const ExtensionPermissionSet> old_p(
622 old_extension->GetActivePermissions()); 700 old_extension->GetActivePermissions());
623 scoped_refptr<const ExtensionPermissionSet> new_p( 701 scoped_refptr<const ExtensionPermissionSet> new_p(
624 new_extension->GetActivePermissions()); 702 new_extension->GetActivePermissions());
625 703
626 EXPECT_EQ(kTests[i].expect_increase, 704 EXPECT_EQ(kTests[i].expect_increase,
627 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; 705 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name;
628 } 706 }
629 } 707 }
630 708
631 TEST(ExtensionPermissionSetTest, PermissionMessages) { 709 TEST(ExtensionPermissionsTest, PermissionMessages) {
632 // Ensure that all permissions that needs to show install UI actually have 710 // Ensure that all permissions that needs to show install UI actually have
633 // strings associated with them. 711 // strings associated with them.
634 ExtensionAPIPermissionSet skip; 712 ExtensionAPIPermissionSet skip;
635 713
636 // These are considered "nuisance" or "trivial" permissions that don't need 714 // These are considered "nuisance" or "trivial" permissions that don't need
637 // a prompt. 715 // a prompt.
638 skip.insert(ExtensionAPIPermission::kAppNotifications); 716 skip.insert(ExtensionAPIPermission::kAppNotifications);
639 skip.insert(ExtensionAPIPermission::kContextMenus); 717 skip.insert(ExtensionAPIPermission::kContextMenus);
640 skip.insert(ExtensionAPIPermission::kIdle); 718 skip.insert(ExtensionAPIPermission::kIdle);
641 skip.insert(ExtensionAPIPermission::kNotification); 719 skip.insert(ExtensionAPIPermission::kNotification);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
695 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) 773 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id())
696 << "unexpected message_id for " << permission->name(); 774 << "unexpected message_id for " << permission->name();
697 } else { 775 } else {
698 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) 776 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id())
699 << "missing message_id for " << permission->name(); 777 << "missing message_id for " << permission->name();
700 } 778 }
701 } 779 }
702 } 780 }
703 781
704 // Tests the default permissions (empty API permission set). 782 // Tests the default permissions (empty API permission set).
705 TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) { 783 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) {
706 const struct { 784 const struct {
707 const char* permission_name; 785 const char* permission_name;
708 bool expect_success; 786 bool expect_success;
709 } kTests[] = { 787 } kTests[] = {
710 // Negative test. 788 // Negative test.
711 { "non_existing_permission", false }, 789 { "non_existing_permission", false },
712 // Test default module/package permission. 790 // Test default module/package permission.
713 { "browserAction", true }, 791 { "browserAction", true },
714 { "devtools", true }, 792 { "devtools", true },
715 { "extension", true }, 793 { "extension", true },
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
763 { "tabs", true}, 841 { "tabs", true},
764 }; 842 };
765 843
766 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); 844 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
767 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { 845 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) {
768 EXPECT_EQ(kTests[i].expect_success, 846 EXPECT_EQ(kTests[i].expect_success,
769 empty->HasAnyAccessToAPI(kTests[i].api_name)); 847 empty->HasAnyAccessToAPI(kTests[i].api_name));
770 } 848 }
771 } 849 }
772 850
773 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { 851 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) {
774 scoped_refptr<Extension> extension; 852 scoped_refptr<Extension> extension;
775 853
776 extension = LoadManifest("permissions", "many-hosts.json"); 854 extension = LoadManifest("permissions", "many-hosts.json");
777 std::vector<string16> warnings = 855 std::vector<string16> warnings =
778 extension->GetActivePermissions()->GetWarningMessages(); 856 extension->GetActivePermissions()->GetWarningMessages();
779 ASSERT_EQ(1u, warnings.size()); 857 ASSERT_EQ(1u, warnings.size());
780 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", 858 EXPECT_EQ("Your data on encrypted.google.com and www.google.com",
781 UTF16ToUTF8(warnings[0])); 859 UTF16ToUTF8(warnings[0]));
782 } 860 }
783 861
784 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { 862 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) {
785 scoped_refptr<Extension> extension; 863 scoped_refptr<Extension> extension;
786 scoped_refptr<ExtensionPermissionSet> permissions; 864 scoped_refptr<ExtensionPermissionSet> permissions;
787 865
788 extension = LoadManifest("permissions", "plugins.json"); 866 extension = LoadManifest("permissions", "plugins.json");
789 std::vector<string16> warnings = 867 std::vector<string16> warnings =
790 extension->GetActivePermissions()->GetWarningMessages(); 868 extension->GetActivePermissions()->GetWarningMessages();
791 // We don't parse the plugins key on Chrome OS, so it should not ask for any 869 // We don't parse the plugins key on Chrome OS, so it should not ask for any
792 // permissions. 870 // permissions.
793 #if defined(OS_CHROMEOS) 871 #if defined(OS_CHROMEOS)
794 ASSERT_EQ(0u, warnings.size()); 872 ASSERT_EQ(0u, warnings.size());
795 #else 873 #else
796 ASSERT_EQ(1u, warnings.size()); 874 ASSERT_EQ(1u, warnings.size());
797 EXPECT_EQ("All data on your computer and the websites you visit", 875 EXPECT_EQ("All data on your computer and the websites you visit",
798 UTF16ToUTF8(warnings[0])); 876 UTF16ToUTF8(warnings[0]));
799 #endif 877 #endif
800 } 878 }
801 879
802 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) { 880 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) {
803 scoped_refptr<ExtensionPermissionSet> perm_set; 881 scoped_refptr<ExtensionPermissionSet> perm_set;
804 ExtensionAPIPermissionSet empty_perms; 882 ExtensionAPIPermissionSet empty_perms;
805 std::set<std::string> expected; 883 std::set<std::string> expected;
806 expected.insert("www.foo.com"); 884 expected.insert("www.foo.com");
807 expected.insert("www.bar.com"); 885 expected.insert("www.bar.com");
808 expected.insert("www.baz.com"); 886 expected.insert("www.baz.com");
809 URLPatternSet explicit_hosts; 887 URLPatternSet explicit_hosts;
810 URLPatternSet scriptable_hosts; 888 URLPatternSet scriptable_hosts;
811 889
812 { 890 {
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
948 1026
949 explicit_hosts.AddPattern( 1027 explicit_hosts.AddPattern(
950 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); 1028 URLPattern(URLPattern::SCHEME_FILE, "file:///*"));
951 1029
952 perm_set = new ExtensionPermissionSet( 1030 perm_set = new ExtensionPermissionSet(
953 empty_perms, explicit_hosts, scriptable_hosts); 1031 empty_perms, explicit_hosts, scriptable_hosts);
954 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1032 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
955 } 1033 }
956 } 1034 }
957 1035
958 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) { 1036 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) {
959 scoped_refptr<ExtensionPermissionSet> perm_set; 1037 scoped_refptr<ExtensionPermissionSet> perm_set;
960 ExtensionAPIPermissionSet empty_perms; 1038 ExtensionAPIPermissionSet empty_perms;
961 URLPatternSet explicit_hosts; 1039 URLPatternSet explicit_hosts;
962 URLPatternSet scriptable_hosts; 1040 URLPatternSet scriptable_hosts;
963 explicit_hosts.AddPattern( 1041 explicit_hosts.AddPattern(
964 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1042 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
965 explicit_hosts.AddPattern( 1043 explicit_hosts.AddPattern(
966 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
967 explicit_hosts.AddPattern( 1045 explicit_hosts.AddPattern(
968 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1046 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
969 explicit_hosts.AddPattern( 1047 explicit_hosts.AddPattern(
970 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1048 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
971 explicit_hosts.AddPattern( 1049 explicit_hosts.AddPattern(
972 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1050 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
973 explicit_hosts.AddPattern( 1051 explicit_hosts.AddPattern(
974 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); 1052 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path"));
975 1053
976 std::set<std::string> expected; 1054 std::set<std::string> expected;
977 expected.insert("www.foo.com"); 1055 expected.insert("www.foo.com");
978 perm_set = new ExtensionPermissionSet( 1056 perm_set = new ExtensionPermissionSet(
979 empty_perms, explicit_hosts, scriptable_hosts); 1057 empty_perms, explicit_hosts, scriptable_hosts);
980 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1058 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
981 } 1059 }
982 1060
983 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { 1061 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) {
984 scoped_refptr<ExtensionPermissionSet> perm_set; 1062 scoped_refptr<ExtensionPermissionSet> perm_set;
985 ExtensionAPIPermissionSet empty_perms; 1063 ExtensionAPIPermissionSet empty_perms;
986 URLPatternSet explicit_hosts; 1064 URLPatternSet explicit_hosts;
987 URLPatternSet scriptable_hosts; 1065 URLPatternSet scriptable_hosts;
988 explicit_hosts.AddPattern( 1066 explicit_hosts.AddPattern(
989 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1067 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
990 explicit_hosts.AddPattern( 1068 explicit_hosts.AddPattern(
991 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1069 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
992 explicit_hosts.AddPattern( 1070 explicit_hosts.AddPattern(
993 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1071 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
994 explicit_hosts.AddPattern( 1072 explicit_hosts.AddPattern(
995 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); 1073 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path"));
996 explicit_hosts.AddPattern( 1074 explicit_hosts.AddPattern(
997 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1075 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
998 // No http://www.foo.com/path 1076 // No http://www.foo.com/path
999 1077
1000 std::set<std::string> expected; 1078 std::set<std::string> expected;
1001 expected.insert("www.foo.net"); 1079 expected.insert("www.foo.net");
1002 perm_set = new ExtensionPermissionSet( 1080 perm_set = new ExtensionPermissionSet(
1003 empty_perms, explicit_hosts, scriptable_hosts); 1081 empty_perms, explicit_hosts, scriptable_hosts);
1004 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1082 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1005 } 1083 }
1006 1084
1007 TEST(ExtensionPermissionSetTest, 1085 TEST(ExtensionPermissionsTest,
1008 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { 1086 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) {
1009 scoped_refptr<ExtensionPermissionSet> perm_set; 1087 scoped_refptr<ExtensionPermissionSet> perm_set;
1010 ExtensionAPIPermissionSet empty_perms; 1088 ExtensionAPIPermissionSet empty_perms;
1011 URLPatternSet explicit_hosts; 1089 URLPatternSet explicit_hosts;
1012 URLPatternSet scriptable_hosts; 1090 URLPatternSet scriptable_hosts;
1013 explicit_hosts.AddPattern( 1091 explicit_hosts.AddPattern(
1014 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1092 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1015 explicit_hosts.AddPattern( 1093 explicit_hosts.AddPattern(
1016 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); 1094 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path"));
1017 explicit_hosts.AddPattern( 1095 explicit_hosts.AddPattern(
1018 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1096 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1019 // No http://www.foo.net/path 1097 // No http://www.foo.net/path
1020 explicit_hosts.AddPattern( 1098 explicit_hosts.AddPattern(
1021 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1099 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1022 // No http://www.foo.com/path 1100 // No http://www.foo.com/path
1023 1101
1024 std::set<std::string> expected; 1102 std::set<std::string> expected;
1025 expected.insert("www.foo.org"); 1103 expected.insert("www.foo.org");
1026 perm_set = new ExtensionPermissionSet( 1104 perm_set = new ExtensionPermissionSet(
1027 empty_perms, explicit_hosts, scriptable_hosts); 1105 empty_perms, explicit_hosts, scriptable_hosts);
1028 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1106 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1029 } 1107 }
1030 1108
1031 TEST(ExtensionPermissionSetTest, 1109 TEST(ExtensionPermissionsTest,
1032 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { 1110 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) {
1033 scoped_refptr<ExtensionPermissionSet> perm_set; 1111 scoped_refptr<ExtensionPermissionSet> perm_set;
1034 ExtensionAPIPermissionSet empty_perms; 1112 ExtensionAPIPermissionSet empty_perms;
1035 URLPatternSet explicit_hosts; 1113 URLPatternSet explicit_hosts;
1036 URLPatternSet scriptable_hosts; 1114 URLPatternSet scriptable_hosts;
1037 explicit_hosts.AddPattern( 1115 explicit_hosts.AddPattern(
1038 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); 1116 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path"));
1039 // No http://www.foo.org/path 1117 // No http://www.foo.org/path
1040 explicit_hosts.AddPattern( 1118 explicit_hosts.AddPattern(
1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); 1119 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path"));
1042 // No http://www.foo.net/path 1120 // No http://www.foo.net/path
1043 explicit_hosts.AddPattern( 1121 explicit_hosts.AddPattern(
1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); 1122 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path"));
1045 // No http://www.foo.com/path 1123 // No http://www.foo.com/path
1046 1124
1047 std::set<std::string> expected; 1125 std::set<std::string> expected;
1048 expected.insert("www.foo.ca"); 1126 expected.insert("www.foo.ca");
1049 perm_set = new ExtensionPermissionSet( 1127 perm_set = new ExtensionPermissionSet(
1050 empty_perms, explicit_hosts, scriptable_hosts); 1128 empty_perms, explicit_hosts, scriptable_hosts);
1051 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); 1129 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay());
1052 } 1130 }
1053 1131
1054 TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) { 1132 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) {
1055 URLPatternSet elist1; 1133 URLPatternSet elist1;
1056 URLPatternSet elist2; 1134 URLPatternSet elist2;
1057 URLPatternSet slist1; 1135 URLPatternSet slist1;
1058 URLPatternSet slist2; 1136 URLPatternSet slist2;
1059 scoped_refptr<ExtensionPermissionSet> set1; 1137 scoped_refptr<ExtensionPermissionSet> set1;
1060 scoped_refptr<ExtensionPermissionSet> set2; 1138 scoped_refptr<ExtensionPermissionSet> set2;
1061 ExtensionAPIPermissionSet empty_perms; 1139 ExtensionAPIPermissionSet empty_perms;
1062 elist1.AddPattern( 1140 elist1.AddPattern(
1063 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); 1141 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
1064 elist1.AddPattern( 1142 elist1.AddPattern(
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
1113 1191
1114 // Test that different subdomains count as different hosts. 1192 // Test that different subdomains count as different hosts.
1115 elist2.ClearPatterns(); 1193 elist2.ClearPatterns();
1116 elist2.AddPattern( 1194 elist2.AddPattern(
1117 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); 1195 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
1118 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); 1196 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2);
1119 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); 1197 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get()));
1120 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); 1198 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get()));
1121 } 1199 }
1122 1200
1123 TEST(ExtensionPermissionSetTest, GetAPIsAsStrings) { 1201 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) {
1124 ExtensionAPIPermissionSet apis; 1202 ExtensionAPIPermissionSet apis;
1125 URLPatternSet empty_set; 1203 URLPatternSet empty_set;
1126 1204
1127 apis.insert(ExtensionAPIPermission::kProxy); 1205 apis.insert(ExtensionAPIPermission::kProxy);
1128 apis.insert(ExtensionAPIPermission::kBackground); 1206 apis.insert(ExtensionAPIPermission::kBackground);
1129 apis.insert(ExtensionAPIPermission::kNotification); 1207 apis.insert(ExtensionAPIPermission::kNotification);
1130 apis.insert(ExtensionAPIPermission::kTab); 1208 apis.insert(ExtensionAPIPermission::kTab);
1131 1209
1132 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( 1210 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet(
1133 apis, empty_set, empty_set); 1211 apis, empty_set, empty_set);
1134 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); 1212 std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
1135 1213
1136 // The result is correct if it has the same number of elements 1214 // The result is correct if it has the same number of elements
1137 // and we can convert it back to the id set. 1215 // and we can convert it back to the id set.
1138 EXPECT_EQ(4u, api_names.size()); 1216 EXPECT_EQ(4u, api_names.size());
1139 EXPECT_EQ(apis, 1217 EXPECT_EQ(apis,
1140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); 1218 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names));
1141 } 1219 }
1142 1220
1143 TEST(ExtensionPermissionSetTest, IsEmpty) { 1221 TEST(ExtensionPermissionsTest, IsEmpty) {
1144 ExtensionAPIPermissionSet empty_apis; 1222 ExtensionAPIPermissionSet empty_apis;
1145 URLPatternSet empty_extent; 1223 URLPatternSet empty_extent;
1146 1224
1147 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); 1225 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet();
1148 EXPECT_TRUE(empty->IsEmpty()); 1226 EXPECT_TRUE(empty->IsEmpty());
1149 scoped_refptr<ExtensionPermissionSet> perm_set; 1227 scoped_refptr<ExtensionPermissionSet> perm_set;
1150 1228
1151 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); 1229 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent);
1152 EXPECT_TRUE(perm_set->IsEmpty()); 1230 EXPECT_TRUE(perm_set->IsEmpty());
1153 1231
1154 ExtensionAPIPermissionSet non_empty_apis; 1232 ExtensionAPIPermissionSet non_empty_apis;
1155 non_empty_apis.insert(ExtensionAPIPermission::kBackground); 1233 non_empty_apis.insert(ExtensionAPIPermission::kBackground);
1156 perm_set = new ExtensionPermissionSet( 1234 perm_set = new ExtensionPermissionSet(
1157 non_empty_apis, empty_extent, empty_extent); 1235 non_empty_apis, empty_extent, empty_extent);
1158 EXPECT_FALSE(perm_set->IsEmpty()); 1236 EXPECT_FALSE(perm_set->IsEmpty());
1159 1237
1160 // Try non standard host 1238 // Try non standard host
1161 URLPatternSet non_empty_extent; 1239 URLPatternSet non_empty_extent;
1162 AddPattern(&non_empty_extent, "http://www.google.com/*"); 1240 AddPattern(&non_empty_extent, "http://www.google.com/*");
1163 1241
1164 perm_set = new ExtensionPermissionSet( 1242 perm_set = new ExtensionPermissionSet(
1165 empty_apis, non_empty_extent, empty_extent); 1243 empty_apis, non_empty_extent, empty_extent);
1166 EXPECT_FALSE(perm_set->IsEmpty()); 1244 EXPECT_FALSE(perm_set->IsEmpty());
1167 1245
1168 perm_set = new ExtensionPermissionSet( 1246 perm_set = new ExtensionPermissionSet(
1169 empty_apis, empty_extent, non_empty_extent); 1247 empty_apis, empty_extent, non_empty_extent);
1170 EXPECT_FALSE(perm_set->IsEmpty()); 1248 EXPECT_FALSE(perm_set->IsEmpty());
1171 } 1249 }
1250
1251 // Tests that permission whitelists are enforced.
1252 TEST(ExtensionPermissionsTest, Whitelists) {
1253 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance();
1254 ExtensionAPIPermissionSet ids = info->GetAll();
1255
1256 // We CHECK if a developer tries to register a whitelist without setting
1257 // kFlagEnforceWhitelist, so there's no need to enumerate the permissions we
1258 // expect to have whitelists.
1259
1260 DictionaryValue source;
1261 source.SetString(keys::kName, "permission whitelist test");
1262 source.SetString(keys::kVersion, "1");
1263 source.SetInteger(keys::kManifestVersion, 2);
1264
1265 for (ExtensionAPIPermissionSet::iterator i = ids.begin();
1266 i != ids.end(); ++i) {
1267 ExtensionAPIPermission* permission = info->GetByID(*i);
1268 if (!permission->should_enforce_whitelist())
1269 continue;
1270
1271 scoped_ptr<DictionaryValue> manifest(source.DeepCopy());
1272 ListValue* permissions = new ListValue();
1273 permissions->Append(Value::CreateStringValue(permission->name()));
1274 manifest->Set(keys::kPermissions, permissions);
1275
1276 // Even COMPONENT extensions are subject to the whitelist.
1277 LoadManifestAndExpectError(
1278 manifest.get(), Extension::COMPONENT,
1279 ExtensionErrorUtils::FormatErrorMessage(
1280 errors::kPermissionNotAllowed, permission->name()));
1281 }
1282 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698