| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension_permission_set.h" | 5 #include "chrome/common/extensions/extension_permission_set.h" |
| 6 | 6 |
| 7 #include "base/json/json_value_serializer.h" | 7 #include "base/json/json_value_serializer.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/utf_string_conversions.h" | 10 #include "base/utf_string_conversions.h" |
| 11 #include "chrome/common/chrome_paths.h" | 11 #include "chrome/common/chrome_paths.h" |
| 12 #include "chrome/common/extensions/extension.h" | 12 #include "chrome/common/extensions/extension.h" |
| 13 #include "chrome/common/extensions/extension_constants.h" |
| 14 #include "chrome/common/extensions/extension_error_utils.h" |
| 15 #include "chrome/common/extensions/extension_permission_set.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 17 |
| 18 namespace errors = extension_manifest_errors; |
| 19 namespace keys = extension_manifest_keys; |
| 20 namespace values = extension_manifest_values; |
| 15 namespace { | 21 namespace { |
| 16 | 22 |
| 17 static scoped_refptr<Extension> LoadManifest(const std::string& dir, | 23 static scoped_refptr<Extension> LoadManifest(const std::string& dir, |
| 18 const std::string& test_file, | 24 const std::string& test_file, |
| 19 int extra_flags) { | 25 int extra_flags) { |
| 20 FilePath path; | 26 FilePath path; |
| 21 PathService::Get(chrome::DIR_TEST_DATA, &path); | 27 PathService::Get(chrome::DIR_TEST_DATA, &path); |
| 22 path = path.AppendASCII("extensions") | 28 path = path.AppendASCII("extensions") |
| 23 .AppendASCII(dir) | 29 .AppendASCII(dir) |
| 24 .AppendASCII(test_file); | 30 .AppendASCII(test_file); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 37 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); | 43 Extension::STRICT_ERROR_CHECKS | extra_flags, &error); |
| 38 EXPECT_TRUE(extension) << error; | 44 EXPECT_TRUE(extension) << error; |
| 39 return extension; | 45 return extension; |
| 40 } | 46 } |
| 41 | 47 |
| 42 static scoped_refptr<Extension> LoadManifest(const std::string& dir, | 48 static scoped_refptr<Extension> LoadManifest(const std::string& dir, |
| 43 const std::string& test_file) { | 49 const std::string& test_file) { |
| 44 return LoadManifest(dir, test_file, Extension::NO_FLAGS); | 50 return LoadManifest(dir, test_file, Extension::NO_FLAGS); |
| 45 } | 51 } |
| 46 | 52 |
| 53 static void LoadManifestAndExpectError(DictionaryValue* manifest, |
| 54 Extension::Location location, |
| 55 const std::string& expected_error) { |
| 56 std::string error; |
| 57 scoped_refptr<Extension> extension = Extension::Create( |
| 58 FilePath(), location, *manifest, |
| 59 Extension::STRICT_ERROR_CHECKS, &error); |
| 60 |
| 61 EXPECT_FALSE(extension); |
| 62 EXPECT_EQ(expected_error, error); |
| 63 } |
| 64 |
| 47 void CompareLists(const std::vector<std::string>& expected, | 65 void CompareLists(const std::vector<std::string>& expected, |
| 48 const std::vector<std::string>& actual) { | 66 const std::vector<std::string>& actual) { |
| 49 ASSERT_EQ(expected.size(), actual.size()); | 67 ASSERT_EQ(expected.size(), actual.size()); |
| 50 | 68 |
| 51 for (size_t i = 0; i < expected.size(); ++i) { | 69 for (size_t i = 0; i < expected.size(); ++i) { |
| 52 EXPECT_EQ(expected[i], actual[i]); | 70 EXPECT_EQ(expected[i], actual[i]); |
| 53 } | 71 } |
| 54 } | 72 } |
| 55 | 73 |
| 56 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { | 74 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { |
| 57 int schemes = URLPattern::SCHEME_ALL; | 75 int schemes = URLPattern::SCHEME_ALL; |
| 58 extent->AddPattern(URLPattern(schemes, pattern)); | 76 extent->AddPattern(URLPattern(schemes, pattern)); |
| 59 } | 77 } |
| 60 | 78 |
| 61 } // namespace | 79 } // namespace |
| 62 | 80 |
| 63 class ExtensionAPIPermissionTest : public testing::Test { | 81 class ExtensionPermissionsTest : public testing::Test { |
| 64 }; | 82 }; |
| 65 | 83 |
| 66 class ExtensionPermissionSetTest : public testing::Test { | |
| 67 }; | |
| 68 | |
| 69 | |
| 70 // Tests GetByID. | 84 // Tests GetByID. |
| 71 TEST(ExtensionPermissionsInfoTest, GetByID) { | 85 TEST(ExtensionPermissionsTest, GetByID) { |
| 72 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 86 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 73 ExtensionAPIPermissionSet ids = info->GetAll(); | 87 ExtensionAPIPermissionSet ids = info->GetAll(); |
| 74 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); | 88 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); |
| 75 i != ids.end(); ++i) { | 89 i != ids.end(); ++i) { |
| 76 EXPECT_EQ(*i, info->GetByID(*i)->id()); | 90 EXPECT_EQ(*i, info->GetByID(*i)->id()); |
| 77 } | 91 } |
| 78 } | 92 } |
| 79 | 93 |
| 80 // Tests that GetByName works with normal permission names and aliases. | 94 // Tests that GetByName works with normal permission names and aliases. |
| 81 TEST(ExtensionPermissionsInfoTest, GetByName) { | 95 TEST(ExtensionPermissionsTest, GetByName) { |
| 82 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 96 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 83 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); | 97 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); |
| 84 EXPECT_EQ(ExtensionAPIPermission::kManagement, | 98 EXPECT_EQ(ExtensionAPIPermission::kManagement, |
| 85 info->GetByName("management")->id()); | 99 info->GetByName("management")->id()); |
| 86 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); | 100 EXPECT_FALSE(info->GetByName("alsdkfjasldkfj")); |
| 87 } | 101 } |
| 88 | 102 |
| 89 TEST(ExtensionPermissionsInfoTest, GetAll) { | 103 TEST(ExtensionPermissionsTest, GetAll) { |
| 90 size_t count = 0; | 104 size_t count = 0; |
| 91 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 105 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 92 ExtensionAPIPermissionSet apis = info->GetAll(); | 106 ExtensionAPIPermissionSet apis = info->GetAll(); |
| 93 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); | 107 for (ExtensionAPIPermissionSet::iterator api = apis.begin(); |
| 94 api != apis.end(); ++api) { | 108 api != apis.end(); ++api) { |
| 95 // Make sure only the valid permission IDs get returned. | 109 // Make sure only the valid permission IDs get returned. |
| 96 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); | 110 EXPECT_NE(ExtensionAPIPermission::kInvalid, *api); |
| 97 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); | 111 EXPECT_NE(ExtensionAPIPermission::kUnknown, *api); |
| 98 count++; | 112 count++; |
| 99 } | 113 } |
| 100 EXPECT_EQ(count, info->get_permission_count()); | 114 EXPECT_EQ(count, info->get_permission_count()); |
| 101 } | 115 } |
| 102 | 116 |
| 103 TEST(ExtensionPermissionInfoTest, GetAllByName) { | 117 TEST(ExtensionPermissionsTest, GetAllByName) { |
| 104 std::set<std::string> names; | 118 std::set<std::string> names; |
| 105 names.insert("background"); | 119 names.insert("background"); |
| 106 names.insert("management"); | 120 names.insert("management"); |
| 107 | 121 |
| 108 // This is an alias of kTab | 122 // This is an alias of kTab |
| 109 names.insert("windows"); | 123 names.insert("windows"); |
| 110 | 124 |
| 111 // This unknown name should get dropped. | 125 // This unknown name should get dropped. |
| 112 names.insert("sdlkfjasdlkfj"); | 126 names.insert("sdlkfjasdlkfj"); |
| 113 | 127 |
| 114 ExtensionAPIPermissionSet expected; | 128 ExtensionAPIPermissionSet expected; |
| 115 expected.insert(ExtensionAPIPermission::kBackground); | 129 expected.insert(ExtensionAPIPermission::kBackground); |
| 116 expected.insert(ExtensionAPIPermission::kManagement); | 130 expected.insert(ExtensionAPIPermission::kManagement); |
| 117 expected.insert(ExtensionAPIPermission::kTab); | 131 expected.insert(ExtensionAPIPermission::kTab); |
| 118 | 132 |
| 119 EXPECT_EQ(expected, | 133 EXPECT_EQ(expected, |
| 120 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); | 134 ExtensionPermissionsInfo::GetInstance()->GetAllByName(names)); |
| 121 } | 135 } |
| 122 | 136 |
| 123 // Tests that the aliases are properly mapped. | 137 // Tests that the aliases are properly mapped. |
| 124 TEST(ExtensionAPIPermissionTest, Aliases) { | 138 TEST(ExtensionPermissionsTest, Aliases) { |
| 125 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 139 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 126 // tabs: tabs, windows | 140 // tabs: tabs, windows |
| 127 std::string tabs_name = "tabs"; | 141 std::string tabs_name = "tabs"; |
| 128 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); | 142 EXPECT_EQ(tabs_name, info->GetByID(ExtensionAPIPermission::kTab)->name()); |
| 129 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); | 143 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("tabs")->id()); |
| 130 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); | 144 EXPECT_EQ(ExtensionAPIPermission::kTab, info->GetByName("windows")->id()); |
| 131 | 145 |
| 132 // unlimitedStorage: unlimitedStorage, unlimited_storage | 146 // unlimitedStorage: unlimitedStorage, unlimited_storage |
| 133 std::string storage_name = "unlimitedStorage"; | 147 std::string storage_name = "unlimitedStorage"; |
| 134 EXPECT_EQ(storage_name, info->GetByID( | 148 EXPECT_EQ(storage_name, info->GetByID( |
| 135 ExtensionAPIPermission::kUnlimitedStorage)->name()); | 149 ExtensionAPIPermission::kUnlimitedStorage)->name()); |
| 136 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, | 150 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, |
| 137 info->GetByName("unlimitedStorage")->id()); | 151 info->GetByName("unlimitedStorage")->id()); |
| 138 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, | 152 EXPECT_EQ(ExtensionAPIPermission::kUnlimitedStorage, |
| 139 info->GetByName("unlimited_storage")->id()); | 153 info->GetByName("unlimited_storage")->id()); |
| 140 } | 154 } |
| 141 | 155 |
| 142 TEST(ExtensionAPIPermissionTest, HostedAppPermissions) { | 156 TEST(ExtensionPermissionsTest, HostedAppPermissions) { |
| 143 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 157 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 144 ExtensionAPIPermissionSet hosted_perms; | 158 ExtensionAPIPermissionSet hosted_perms; |
| 145 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); | 159 hosted_perms.insert(ExtensionAPIPermission::kAppNotifications); |
| 146 hosted_perms.insert(ExtensionAPIPermission::kBackground); | 160 hosted_perms.insert(ExtensionAPIPermission::kBackground); |
| 147 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); | 161 hosted_perms.insert(ExtensionAPIPermission::kClipboardRead); |
| 148 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); | 162 hosted_perms.insert(ExtensionAPIPermission::kClipboardWrite); |
| 149 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 163 hosted_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 150 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); | 164 hosted_perms.insert(ExtensionAPIPermission::kChromePrivate); |
| 151 hosted_perms.insert(ExtensionAPIPermission::kExperimental); | 165 hosted_perms.insert(ExtensionAPIPermission::kExperimental); |
| 152 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); | 166 hosted_perms.insert(ExtensionAPIPermission::kGeolocation); |
| 153 hosted_perms.insert(ExtensionAPIPermission::kNotification); | 167 hosted_perms.insert(ExtensionAPIPermission::kNotification); |
| 154 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); | 168 hosted_perms.insert(ExtensionAPIPermission::kUnlimitedStorage); |
| 155 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 169 hosted_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 156 | 170 |
| 171 DictionaryValue source; |
| 172 source.SetString(keys::kName, "permission hosted app test"); |
| 173 source.SetString(keys::kVersion, "1"); |
| 174 source.SetInteger(keys::kManifestVersion, 2); |
| 175 ListValue* urls = new ListValue(); |
| 176 urls->Append(Value::CreateStringValue("http://localhost/test.html")); |
| 177 source.Set(keys::kWebURLs, urls); |
| 178 source.SetString(keys::kLaunchWebURL, "http://localhost/test.html"); |
| 179 |
| 157 ExtensionAPIPermissionSet perms = info->GetAll(); | 180 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 158 size_t count = 0; | 181 size_t count = 0; |
| 159 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 182 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 160 i != perms.end(); ++i) { | 183 i != perms.end(); ++i) { |
| 184 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 161 count += hosted_perms.count(*i); | 185 count += hosted_perms.count(*i); |
| 162 EXPECT_EQ(hosted_perms.count(*i) > 0, | 186 EXPECT_EQ(hosted_perms.count(*i) > 0, permission->supports_hosted_apps()); |
| 163 info->GetByID(*i)->supports_hosted_apps()); | 187 if (permission->supports_hosted_apps()) |
| 188 continue; |
| 189 |
| 190 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 191 ListValue* permissions = new ListValue(); |
| 192 permissions->Append(Value::CreateStringValue(permission->name())); |
| 193 manifest->Set(keys::kPermissions, permissions); |
| 194 |
| 195 // This error may be generated for other reasons too, like if the permission |
| 196 // has a whitelist. |
| 197 LoadManifestAndExpectError( |
| 198 manifest.get(), Extension::INTERNAL, |
| 199 ExtensionErrorUtils::FormatErrorMessage( |
| 200 errors::kPermissionNotAllowed, permission->name())); |
| 164 } | 201 } |
| 165 | 202 |
| 166 EXPECT_EQ(hosted_perms.size(), count); | 203 EXPECT_EQ(hosted_perms.size(), count); |
| 167 } | 204 } |
| 168 | 205 |
| 169 TEST(ExtensionAPIPermissionTest, PlatformAppPermissions) { | 206 TEST(ExtensionPermissionsTest, PlatformAppPermissions) { |
| 170 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 207 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 171 ExtensionAPIPermissionSet blacklist; | 208 ExtensionAPIPermissionSet blacklist; |
| 172 blacklist.insert(ExtensionAPIPermission::kAppNotifications); | 209 blacklist.insert(ExtensionAPIPermission::kAppNotifications); |
| 173 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 210 blacklist.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 174 blacklist.insert(ExtensionAPIPermission::kChromePrivate); | 211 blacklist.insert(ExtensionAPIPermission::kChromePrivate); |
| 175 blacklist.insert(ExtensionAPIPermission::kCookie); | 212 blacklist.insert(ExtensionAPIPermission::kCookie); |
| 176 blacklist.insert(ExtensionAPIPermission::kTab); | 213 blacklist.insert(ExtensionAPIPermission::kTab); |
| 177 blacklist.insert(ExtensionAPIPermission::kWebNavigation); | 214 blacklist.insert(ExtensionAPIPermission::kWebNavigation); |
| 178 blacklist.insert(ExtensionAPIPermission::kWebRequest); | 215 blacklist.insert(ExtensionAPIPermission::kWebRequest); |
| 179 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); | 216 blacklist.insert(ExtensionAPIPermission::kWebRequestBlocking); |
| 180 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); | 217 blacklist.insert(ExtensionAPIPermission::kWebSocketProxyPrivate); |
| 181 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); | 218 blacklist.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 182 | 219 |
| 220 DictionaryValue source; |
| 221 source.SetString(keys::kName, "permission platform app test"); |
| 222 source.SetString(keys::kVersion, "1"); |
| 223 source.SetInteger(keys::kManifestVersion, 2); |
| 224 source.SetBoolean(keys::kPlatformApp, true); |
| 225 source.SetString(keys::kLaunchLocalPath, "test.html"); |
| 226 source.SetString(keys::kLaunchContainer, values::kLaunchContainerShell); |
| 227 |
| 183 ExtensionAPIPermissionSet perms = info->GetAll(); | 228 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 184 size_t count = 0; | 229 size_t count = 0; |
| 185 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 230 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 186 i != perms.end(); ++i) { | 231 i != perms.end(); ++i) { |
| 232 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 187 count += blacklist.count(*i); | 233 count += blacklist.count(*i); |
| 188 EXPECT_EQ(blacklist.count(*i) > 0, | 234 EXPECT_EQ(blacklist.count(*i) > 0, !permission->supports_platform_apps()); |
| 189 !info->GetByID(*i)->supports_platform_apps()); | 235 |
| 236 if (permission->supports_platform_apps()) |
| 237 continue; |
| 238 |
| 239 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 240 ListValue* permissions = new ListValue(); |
| 241 permissions->Append(Value::CreateStringValue(permission->name())); |
| 242 manifest->Set(keys::kPermissions, permissions); |
| 243 |
| 244 // This error may be generated for other reasons too, like if the permission |
| 245 // has a whitelist. |
| 246 LoadManifestAndExpectError( |
| 247 manifest.get(), Extension::INTERNAL, |
| 248 ExtensionErrorUtils::FormatErrorMessage( |
| 249 errors::kPermissionNotAllowed, permission->name())); |
| 190 } | 250 } |
| 191 | 251 |
| 192 EXPECT_EQ(blacklist.size(), count); | 252 EXPECT_EQ(blacklist.size(), count); |
| 193 } | 253 } |
| 194 | 254 |
| 195 TEST(ExtensionAPIPermissionTest, ComponentOnlyPermissions) { | 255 TEST(ExtensionPermissionsTest, ComponentOnlyPermissions) { |
| 196 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 256 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 197 ExtensionAPIPermissionSet private_perms; | 257 ExtensionAPIPermissionSet private_perms; |
| 198 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); | 258 private_perms.insert(ExtensionAPIPermission::kChromeAuthPrivate); |
| 199 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); | 259 private_perms.insert(ExtensionAPIPermission::kChromeosInfoPrivate); |
| 200 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); | 260 private_perms.insert(ExtensionAPIPermission::kFileBrowserPrivate); |
| 201 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); | 261 private_perms.insert(ExtensionAPIPermission::kMediaPlayerPrivate); |
| 202 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); | 262 private_perms.insert(ExtensionAPIPermission::kMetricsPrivate); |
| 203 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); | 263 private_perms.insert(ExtensionAPIPermission::kSystemPrivate); |
| 204 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); | 264 private_perms.insert(ExtensionAPIPermission::kWebstorePrivate); |
| 205 | 265 |
| 266 DictionaryValue source; |
| 267 source.SetString(keys::kName, "component only permission test"); |
| 268 source.SetString(keys::kVersion, "1"); |
| 269 source.SetInteger(keys::kManifestVersion, 2); |
| 270 |
| 206 ExtensionAPIPermissionSet perms = info->GetAll(); | 271 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 207 int count = 0; | 272 int count = 0; |
| 208 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 273 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 209 i != perms.end(); ++i) { | 274 i != perms.end(); ++i) { |
| 275 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 210 count += private_perms.count(*i); | 276 count += private_perms.count(*i); |
| 211 EXPECT_EQ(private_perms.count(*i) > 0, | 277 EXPECT_EQ(private_perms.count(*i) > 0, permission->is_component_only()); |
| 212 info->GetByID(*i)->is_component_only()); | 278 |
| 279 if (!permission->is_component_only()) |
| 280 continue; |
| 281 |
| 282 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 283 ListValue* permissions = new ListValue(); |
| 284 permissions->Append(Value::CreateStringValue(permission->name())); |
| 285 manifest->Set(keys::kPermissions, permissions); |
| 286 |
| 287 LoadManifestAndExpectError( |
| 288 manifest.get(), Extension::INTERNAL, |
| 289 ExtensionErrorUtils::FormatErrorMessage( |
| 290 errors::kPermissionNotAllowed, permission->name())); |
| 213 } | 291 } |
| 214 | 292 |
| 215 EXPECT_EQ(7, count); | 293 EXPECT_EQ(7, count); |
| 216 } | 294 } |
| 217 | 295 |
| 218 TEST(ExtensionPermissionSetTest, EffectiveHostPermissions) { | 296 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { |
| 219 scoped_refptr<Extension> extension; | 297 scoped_refptr<Extension> extension; |
| 220 scoped_refptr<const ExtensionPermissionSet> permissions; | 298 scoped_refptr<const ExtensionPermissionSet> permissions; |
| 221 | 299 |
| 222 extension = LoadManifest("effective_host_permissions", "empty.json"); | 300 extension = LoadManifest("effective_host_permissions", "empty.json"); |
| 223 permissions = extension->GetActivePermissions(); | 301 permissions = extension->GetActivePermissions(); |
| 224 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); | 302 EXPECT_EQ(0u, extension->GetEffectiveHostPermissions().patterns().size()); |
| 225 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( | 303 EXPECT_FALSE(permissions->HasEffectiveAccessToURL( |
| 226 GURL("http://www.google.com"))); | 304 GURL("http://www.google.com"))); |
| 227 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); | 305 EXPECT_FALSE(permissions->HasEffectiveAccessToAllHosts()); |
| 228 | 306 |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 284 | 362 |
| 285 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); | 363 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); |
| 286 permissions = extension->GetActivePermissions(); | 364 permissions = extension->GetActivePermissions(); |
| 287 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); | 365 EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/"))); |
| 288 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); | 366 EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/"))); |
| 289 EXPECT_TRUE( | 367 EXPECT_TRUE( |
| 290 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); | 368 permissions->HasEffectiveAccessToURL(GURL("http://www.google.com"))); |
| 291 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); | 369 EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts()); |
| 292 } | 370 } |
| 293 | 371 |
| 294 TEST(ExtensionPermissionSetTest, ExplicitAccessToOrigin) { | 372 TEST(ExtensionPermissionsTest, ExplicitAccessToOrigin) { |
| 295 ExtensionAPIPermissionSet apis; | 373 ExtensionAPIPermissionSet apis; |
| 296 URLPatternSet explicit_hosts; | 374 URLPatternSet explicit_hosts; |
| 297 URLPatternSet scriptable_hosts; | 375 URLPatternSet scriptable_hosts; |
| 298 | 376 |
| 299 AddPattern(&explicit_hosts, "http://*.google.com/*"); | 377 AddPattern(&explicit_hosts, "http://*.google.com/*"); |
| 300 // The explicit host paths should get set to /*. | 378 // The explicit host paths should get set to /*. |
| 301 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); | 379 AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*"); |
| 302 | 380 |
| 303 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( | 381 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( |
| 304 apis, explicit_hosts, scriptable_hosts); | 382 apis, explicit_hosts, scriptable_hosts); |
| 305 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 383 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 306 GURL("http://www.google.com/"))); | 384 GURL("http://www.google.com/"))); |
| 307 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 385 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 308 GURL("http://test.google.com/"))); | 386 GURL("http://test.google.com/"))); |
| 309 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( | 387 ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin( |
| 310 GURL("http://www.example.com"))); | 388 GURL("http://www.example.com"))); |
| 311 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( | 389 ASSERT_TRUE(perm_set->HasEffectiveAccessToURL( |
| 312 GURL("http://www.example.com"))); | 390 GURL("http://www.example.com"))); |
| 313 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( | 391 ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin( |
| 314 GURL("http://test.example.com"))); | 392 GURL("http://test.example.com"))); |
| 315 } | 393 } |
| 316 | 394 |
| 317 TEST(ExtensionPermissionSetTest, CreateUnion) { | 395 TEST(ExtensionPermissionsTest, CreateUnion) { |
| 318 ExtensionAPIPermissionSet apis1; | 396 ExtensionAPIPermissionSet apis1; |
| 319 ExtensionAPIPermissionSet apis2; | 397 ExtensionAPIPermissionSet apis2; |
| 320 ExtensionAPIPermissionSet expected_apis; | 398 ExtensionAPIPermissionSet expected_apis; |
| 321 | 399 |
| 322 URLPatternSet explicit_hosts1; | 400 URLPatternSet explicit_hosts1; |
| 323 URLPatternSet explicit_hosts2; | 401 URLPatternSet explicit_hosts2; |
| 324 URLPatternSet expected_explicit_hosts; | 402 URLPatternSet expected_explicit_hosts; |
| 325 | 403 |
| 326 URLPatternSet scriptable_hosts1; | 404 URLPatternSet scriptable_hosts1; |
| 327 URLPatternSet scriptable_hosts2; | 405 URLPatternSet scriptable_hosts2; |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 388 EXPECT_TRUE(union_set->Contains(*set2)); | 466 EXPECT_TRUE(union_set->Contains(*set2)); |
| 389 | 467 |
| 390 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); | 468 EXPECT_TRUE(union_set->HasEffectiveFullAccess()); |
| 391 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); | 469 EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts()); |
| 392 EXPECT_EQ(expected_apis, union_set->apis()); | 470 EXPECT_EQ(expected_apis, union_set->apis()); |
| 393 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); | 471 EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts()); |
| 394 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); | 472 EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts()); |
| 395 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); | 473 EXPECT_EQ(effective_hosts, union_set->effective_hosts()); |
| 396 } | 474 } |
| 397 | 475 |
| 398 TEST(ExtensionPermissionSetTest, CreateIntersection) { | 476 TEST(ExtensionPermissionsTest, CreateIntersection) { |
| 399 ExtensionAPIPermissionSet apis1; | 477 ExtensionAPIPermissionSet apis1; |
| 400 ExtensionAPIPermissionSet apis2; | 478 ExtensionAPIPermissionSet apis2; |
| 401 ExtensionAPIPermissionSet expected_apis; | 479 ExtensionAPIPermissionSet expected_apis; |
| 402 | 480 |
| 403 URLPatternSet explicit_hosts1; | 481 URLPatternSet explicit_hosts1; |
| 404 URLPatternSet explicit_hosts2; | 482 URLPatternSet explicit_hosts2; |
| 405 URLPatternSet expected_explicit_hosts; | 483 URLPatternSet expected_explicit_hosts; |
| 406 | 484 |
| 407 URLPatternSet scriptable_hosts1; | 485 URLPatternSet scriptable_hosts1; |
| 408 URLPatternSet scriptable_hosts2; | 486 URLPatternSet scriptable_hosts2; |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 EXPECT_FALSE(new_set->Contains(*set2)); | 542 EXPECT_FALSE(new_set->Contains(*set2)); |
| 465 | 543 |
| 466 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); | 544 EXPECT_FALSE(new_set->HasEffectiveFullAccess()); |
| 467 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); | 545 EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts()); |
| 468 EXPECT_EQ(expected_apis, new_set->apis()); | 546 EXPECT_EQ(expected_apis, new_set->apis()); |
| 469 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); | 547 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 470 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); | 548 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 471 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); | 549 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 472 } | 550 } |
| 473 | 551 |
| 474 TEST(ExtensionPermissionSetTest, CreateDifference) { | 552 TEST(ExtensionPermissionsTest, CreateDifference) { |
| 475 ExtensionAPIPermissionSet apis1; | 553 ExtensionAPIPermissionSet apis1; |
| 476 ExtensionAPIPermissionSet apis2; | 554 ExtensionAPIPermissionSet apis2; |
| 477 ExtensionAPIPermissionSet expected_apis; | 555 ExtensionAPIPermissionSet expected_apis; |
| 478 | 556 |
| 479 URLPatternSet explicit_hosts1; | 557 URLPatternSet explicit_hosts1; |
| 480 URLPatternSet explicit_hosts2; | 558 URLPatternSet explicit_hosts2; |
| 481 URLPatternSet expected_explicit_hosts; | 559 URLPatternSet expected_explicit_hosts; |
| 482 | 560 |
| 483 URLPatternSet scriptable_hosts1; | 561 URLPatternSet scriptable_hosts1; |
| 484 URLPatternSet scriptable_hosts2; | 562 URLPatternSet scriptable_hosts2; |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 EXPECT_EQ(expected_apis, new_set->apis()); | 606 EXPECT_EQ(expected_apis, new_set->apis()); |
| 529 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); | 607 EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts()); |
| 530 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); | 608 EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts()); |
| 531 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); | 609 EXPECT_EQ(effective_hosts, new_set->effective_hosts()); |
| 532 | 610 |
| 533 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set | 611 // |set3| = |set1| - |set2| --> |set3| intersect |set2| == empty_set |
| 534 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); | 612 set1 = ExtensionPermissionSet::CreateIntersection(new_set.get(), set2.get()); |
| 535 EXPECT_TRUE(set1->IsEmpty()); | 613 EXPECT_TRUE(set1->IsEmpty()); |
| 536 } | 614 } |
| 537 | 615 |
| 538 TEST(ExtensionPermissionSetTest, HasLessPrivilegesThan) { | 616 TEST(ExtensionPermissionsTest, HasLessPrivilegesThan) { |
| 539 const struct { | 617 const struct { |
| 540 const char* base_name; | 618 const char* base_name; |
| 541 // Increase these sizes if you have more than 10. | 619 // Increase these sizes if you have more than 10. |
| 542 const char* granted_apis[10]; | 620 const char* granted_apis[10]; |
| 543 const char* granted_hosts[10]; | 621 const char* granted_hosts[10]; |
| 544 bool full_access; | 622 bool full_access; |
| 545 bool expect_increase; | 623 bool expect_increase; |
| 546 } kTests[] = { | 624 } kTests[] = { |
| 547 { "allhosts1", {NULL}, {"http://*/", NULL}, false, | 625 { "allhosts1", {NULL}, {"http://*/", NULL}, false, |
| 548 false }, // all -> all | 626 false }, // all -> all |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 621 scoped_refptr<const ExtensionPermissionSet> old_p( | 699 scoped_refptr<const ExtensionPermissionSet> old_p( |
| 622 old_extension->GetActivePermissions()); | 700 old_extension->GetActivePermissions()); |
| 623 scoped_refptr<const ExtensionPermissionSet> new_p( | 701 scoped_refptr<const ExtensionPermissionSet> new_p( |
| 624 new_extension->GetActivePermissions()); | 702 new_extension->GetActivePermissions()); |
| 625 | 703 |
| 626 EXPECT_EQ(kTests[i].expect_increase, | 704 EXPECT_EQ(kTests[i].expect_increase, |
| 627 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; | 705 old_p->HasLessPrivilegesThan(new_p)) << kTests[i].base_name; |
| 628 } | 706 } |
| 629 } | 707 } |
| 630 | 708 |
| 631 TEST(ExtensionPermissionSetTest, PermissionMessages) { | 709 TEST(ExtensionPermissionsTest, PermissionMessages) { |
| 632 // Ensure that all permissions that needs to show install UI actually have | 710 // Ensure that all permissions that needs to show install UI actually have |
| 633 // strings associated with them. | 711 // strings associated with them. |
| 634 ExtensionAPIPermissionSet skip; | 712 ExtensionAPIPermissionSet skip; |
| 635 | 713 |
| 636 // These are considered "nuisance" or "trivial" permissions that don't need | 714 // These are considered "nuisance" or "trivial" permissions that don't need |
| 637 // a prompt. | 715 // a prompt. |
| 638 skip.insert(ExtensionAPIPermission::kAppNotifications); | 716 skip.insert(ExtensionAPIPermission::kAppNotifications); |
| 639 skip.insert(ExtensionAPIPermission::kContextMenus); | 717 skip.insert(ExtensionAPIPermission::kContextMenus); |
| 640 skip.insert(ExtensionAPIPermission::kIdle); | 718 skip.insert(ExtensionAPIPermission::kIdle); |
| 641 skip.insert(ExtensionAPIPermission::kNotification); | 719 skip.insert(ExtensionAPIPermission::kNotification); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 695 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) | 773 EXPECT_EQ(ExtensionPermissionMessage::kNone, permission->message_id()) |
| 696 << "unexpected message_id for " << permission->name(); | 774 << "unexpected message_id for " << permission->name(); |
| 697 } else { | 775 } else { |
| 698 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) | 776 EXPECT_NE(ExtensionPermissionMessage::kNone, permission->message_id()) |
| 699 << "missing message_id for " << permission->name(); | 777 << "missing message_id for " << permission->name(); |
| 700 } | 778 } |
| 701 } | 779 } |
| 702 } | 780 } |
| 703 | 781 |
| 704 // Tests the default permissions (empty API permission set). | 782 // Tests the default permissions (empty API permission set). |
| 705 TEST(ExtensionPermissionSetTest, DefaultFunctionAccess) { | 783 TEST(ExtensionPermissionsTest, DefaultFunctionAccess) { |
| 706 const struct { | 784 const struct { |
| 707 const char* permission_name; | 785 const char* permission_name; |
| 708 bool expect_success; | 786 bool expect_success; |
| 709 } kTests[] = { | 787 } kTests[] = { |
| 710 // Negative test. | 788 // Negative test. |
| 711 { "non_existing_permission", false }, | 789 { "non_existing_permission", false }, |
| 712 // Test default module/package permission. | 790 // Test default module/package permission. |
| 713 { "browserAction", true }, | 791 { "browserAction", true }, |
| 714 { "devtools", true }, | 792 { "devtools", true }, |
| 715 { "extension", true }, | 793 { "extension", true }, |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 763 { "tabs", true}, | 841 { "tabs", true}, |
| 764 }; | 842 }; |
| 765 | 843 |
| 766 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); | 844 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); |
| 767 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { | 845 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { |
| 768 EXPECT_EQ(kTests[i].expect_success, | 846 EXPECT_EQ(kTests[i].expect_success, |
| 769 empty->HasAnyAccessToAPI(kTests[i].api_name)); | 847 empty->HasAnyAccessToAPI(kTests[i].api_name)); |
| 770 } | 848 } |
| 771 } | 849 } |
| 772 | 850 |
| 773 TEST(ExtensionPermissionSetTest, GetWarningMessages_ManyHosts) { | 851 TEST(ExtensionPermissionsTest, GetWarningMessages_ManyHosts) { |
| 774 scoped_refptr<Extension> extension; | 852 scoped_refptr<Extension> extension; |
| 775 | 853 |
| 776 extension = LoadManifest("permissions", "many-hosts.json"); | 854 extension = LoadManifest("permissions", "many-hosts.json"); |
| 777 std::vector<string16> warnings = | 855 std::vector<string16> warnings = |
| 778 extension->GetActivePermissions()->GetWarningMessages(); | 856 extension->GetActivePermissions()->GetWarningMessages(); |
| 779 ASSERT_EQ(1u, warnings.size()); | 857 ASSERT_EQ(1u, warnings.size()); |
| 780 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", | 858 EXPECT_EQ("Your data on encrypted.google.com and www.google.com", |
| 781 UTF16ToUTF8(warnings[0])); | 859 UTF16ToUTF8(warnings[0])); |
| 782 } | 860 } |
| 783 | 861 |
| 784 TEST(ExtensionPermissionSetTest, GetWarningMessages_Plugins) { | 862 TEST(ExtensionPermissionsTest, GetWarningMessages_Plugins) { |
| 785 scoped_refptr<Extension> extension; | 863 scoped_refptr<Extension> extension; |
| 786 scoped_refptr<ExtensionPermissionSet> permissions; | 864 scoped_refptr<ExtensionPermissionSet> permissions; |
| 787 | 865 |
| 788 extension = LoadManifest("permissions", "plugins.json"); | 866 extension = LoadManifest("permissions", "plugins.json"); |
| 789 std::vector<string16> warnings = | 867 std::vector<string16> warnings = |
| 790 extension->GetActivePermissions()->GetWarningMessages(); | 868 extension->GetActivePermissions()->GetWarningMessages(); |
| 791 // We don't parse the plugins key on Chrome OS, so it should not ask for any | 869 // We don't parse the plugins key on Chrome OS, so it should not ask for any |
| 792 // permissions. | 870 // permissions. |
| 793 #if defined(OS_CHROMEOS) | 871 #if defined(OS_CHROMEOS) |
| 794 ASSERT_EQ(0u, warnings.size()); | 872 ASSERT_EQ(0u, warnings.size()); |
| 795 #else | 873 #else |
| 796 ASSERT_EQ(1u, warnings.size()); | 874 ASSERT_EQ(1u, warnings.size()); |
| 797 EXPECT_EQ("All data on your computer and the websites you visit", | 875 EXPECT_EQ("All data on your computer and the websites you visit", |
| 798 UTF16ToUTF8(warnings[0])); | 876 UTF16ToUTF8(warnings[0])); |
| 799 #endif | 877 #endif |
| 800 } | 878 } |
| 801 | 879 |
| 802 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay) { | 880 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay) { |
| 803 scoped_refptr<ExtensionPermissionSet> perm_set; | 881 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 804 ExtensionAPIPermissionSet empty_perms; | 882 ExtensionAPIPermissionSet empty_perms; |
| 805 std::set<std::string> expected; | 883 std::set<std::string> expected; |
| 806 expected.insert("www.foo.com"); | 884 expected.insert("www.foo.com"); |
| 807 expected.insert("www.bar.com"); | 885 expected.insert("www.bar.com"); |
| 808 expected.insert("www.baz.com"); | 886 expected.insert("www.baz.com"); |
| 809 URLPatternSet explicit_hosts; | 887 URLPatternSet explicit_hosts; |
| 810 URLPatternSet scriptable_hosts; | 888 URLPatternSet scriptable_hosts; |
| 811 | 889 |
| 812 { | 890 { |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 948 | 1026 |
| 949 explicit_hosts.AddPattern( | 1027 explicit_hosts.AddPattern( |
| 950 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); | 1028 URLPattern(URLPattern::SCHEME_FILE, "file:///*")); |
| 951 | 1029 |
| 952 perm_set = new ExtensionPermissionSet( | 1030 perm_set = new ExtensionPermissionSet( |
| 953 empty_perms, explicit_hosts, scriptable_hosts); | 1031 empty_perms, explicit_hosts, scriptable_hosts); |
| 954 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1032 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 955 } | 1033 } |
| 956 } | 1034 } |
| 957 | 1035 |
| 958 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_ComIsBestRcd) { | 1036 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_ComIsBestRcd) { |
| 959 scoped_refptr<ExtensionPermissionSet> perm_set; | 1037 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 960 ExtensionAPIPermissionSet empty_perms; | 1038 ExtensionAPIPermissionSet empty_perms; |
| 961 URLPatternSet explicit_hosts; | 1039 URLPatternSet explicit_hosts; |
| 962 URLPatternSet scriptable_hosts; | 1040 URLPatternSet scriptable_hosts; |
| 963 explicit_hosts.AddPattern( | 1041 explicit_hosts.AddPattern( |
| 964 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1042 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 965 explicit_hosts.AddPattern( | 1043 explicit_hosts.AddPattern( |
| 966 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 967 explicit_hosts.AddPattern( | 1045 explicit_hosts.AddPattern( |
| 968 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1046 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 969 explicit_hosts.AddPattern( | 1047 explicit_hosts.AddPattern( |
| 970 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); | 1048 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); |
| 971 explicit_hosts.AddPattern( | 1049 explicit_hosts.AddPattern( |
| 972 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1050 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 973 explicit_hosts.AddPattern( | 1051 explicit_hosts.AddPattern( |
| 974 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); | 1052 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.com/path")); |
| 975 | 1053 |
| 976 std::set<std::string> expected; | 1054 std::set<std::string> expected; |
| 977 expected.insert("www.foo.com"); | 1055 expected.insert("www.foo.com"); |
| 978 perm_set = new ExtensionPermissionSet( | 1056 perm_set = new ExtensionPermissionSet( |
| 979 empty_perms, explicit_hosts, scriptable_hosts); | 1057 empty_perms, explicit_hosts, scriptable_hosts); |
| 980 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1058 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 981 } | 1059 } |
| 982 | 1060 |
| 983 TEST(ExtensionPermissionSetTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { | 1061 TEST(ExtensionPermissionsTest, GetDistinctHostsForDisplay_NetIs2ndBestRcd) { |
| 984 scoped_refptr<ExtensionPermissionSet> perm_set; | 1062 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 985 ExtensionAPIPermissionSet empty_perms; | 1063 ExtensionAPIPermissionSet empty_perms; |
| 986 URLPatternSet explicit_hosts; | 1064 URLPatternSet explicit_hosts; |
| 987 URLPatternSet scriptable_hosts; | 1065 URLPatternSet scriptable_hosts; |
| 988 explicit_hosts.AddPattern( | 1066 explicit_hosts.AddPattern( |
| 989 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1067 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 990 explicit_hosts.AddPattern( | 1068 explicit_hosts.AddPattern( |
| 991 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1069 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 992 explicit_hosts.AddPattern( | 1070 explicit_hosts.AddPattern( |
| 993 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1071 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 994 explicit_hosts.AddPattern( | 1072 explicit_hosts.AddPattern( |
| 995 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); | 1073 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.net/path")); |
| 996 explicit_hosts.AddPattern( | 1074 explicit_hosts.AddPattern( |
| 997 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1075 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 998 // No http://www.foo.com/path | 1076 // No http://www.foo.com/path |
| 999 | 1077 |
| 1000 std::set<std::string> expected; | 1078 std::set<std::string> expected; |
| 1001 expected.insert("www.foo.net"); | 1079 expected.insert("www.foo.net"); |
| 1002 perm_set = new ExtensionPermissionSet( | 1080 perm_set = new ExtensionPermissionSet( |
| 1003 empty_perms, explicit_hosts, scriptable_hosts); | 1081 empty_perms, explicit_hosts, scriptable_hosts); |
| 1004 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1082 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1005 } | 1083 } |
| 1006 | 1084 |
| 1007 TEST(ExtensionPermissionSetTest, | 1085 TEST(ExtensionPermissionsTest, |
| 1008 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { | 1086 GetDistinctHostsForDisplay_OrgIs3rdBestRcd) { |
| 1009 scoped_refptr<ExtensionPermissionSet> perm_set; | 1087 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1010 ExtensionAPIPermissionSet empty_perms; | 1088 ExtensionAPIPermissionSet empty_perms; |
| 1011 URLPatternSet explicit_hosts; | 1089 URLPatternSet explicit_hosts; |
| 1012 URLPatternSet scriptable_hosts; | 1090 URLPatternSet scriptable_hosts; |
| 1013 explicit_hosts.AddPattern( | 1091 explicit_hosts.AddPattern( |
| 1014 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1092 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 1015 explicit_hosts.AddPattern( | 1093 explicit_hosts.AddPattern( |
| 1016 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); | 1094 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.org/path")); |
| 1017 explicit_hosts.AddPattern( | 1095 explicit_hosts.AddPattern( |
| 1018 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1096 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 1019 // No http://www.foo.net/path | 1097 // No http://www.foo.net/path |
| 1020 explicit_hosts.AddPattern( | 1098 explicit_hosts.AddPattern( |
| 1021 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1099 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 1022 // No http://www.foo.com/path | 1100 // No http://www.foo.com/path |
| 1023 | 1101 |
| 1024 std::set<std::string> expected; | 1102 std::set<std::string> expected; |
| 1025 expected.insert("www.foo.org"); | 1103 expected.insert("www.foo.org"); |
| 1026 perm_set = new ExtensionPermissionSet( | 1104 perm_set = new ExtensionPermissionSet( |
| 1027 empty_perms, explicit_hosts, scriptable_hosts); | 1105 empty_perms, explicit_hosts, scriptable_hosts); |
| 1028 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1106 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1029 } | 1107 } |
| 1030 | 1108 |
| 1031 TEST(ExtensionPermissionSetTest, | 1109 TEST(ExtensionPermissionsTest, |
| 1032 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { | 1110 GetDistinctHostsForDisplay_FirstInListIs4thBestRcd) { |
| 1033 scoped_refptr<ExtensionPermissionSet> perm_set; | 1111 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1034 ExtensionAPIPermissionSet empty_perms; | 1112 ExtensionAPIPermissionSet empty_perms; |
| 1035 URLPatternSet explicit_hosts; | 1113 URLPatternSet explicit_hosts; |
| 1036 URLPatternSet scriptable_hosts; | 1114 URLPatternSet scriptable_hosts; |
| 1037 explicit_hosts.AddPattern( | 1115 explicit_hosts.AddPattern( |
| 1038 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); | 1116 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.ca/path")); |
| 1039 // No http://www.foo.org/path | 1117 // No http://www.foo.org/path |
| 1040 explicit_hosts.AddPattern( | 1118 explicit_hosts.AddPattern( |
| 1041 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); | 1119 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.co.uk/path")); |
| 1042 // No http://www.foo.net/path | 1120 // No http://www.foo.net/path |
| 1043 explicit_hosts.AddPattern( | 1121 explicit_hosts.AddPattern( |
| 1044 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); | 1122 URLPattern(URLPattern::SCHEME_HTTP, "http://www.foo.jp/path")); |
| 1045 // No http://www.foo.com/path | 1123 // No http://www.foo.com/path |
| 1046 | 1124 |
| 1047 std::set<std::string> expected; | 1125 std::set<std::string> expected; |
| 1048 expected.insert("www.foo.ca"); | 1126 expected.insert("www.foo.ca"); |
| 1049 perm_set = new ExtensionPermissionSet( | 1127 perm_set = new ExtensionPermissionSet( |
| 1050 empty_perms, explicit_hosts, scriptable_hosts); | 1128 empty_perms, explicit_hosts, scriptable_hosts); |
| 1051 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); | 1129 EXPECT_EQ(expected, perm_set->GetDistinctHostsForDisplay()); |
| 1052 } | 1130 } |
| 1053 | 1131 |
| 1054 TEST(ExtensionPermissionSetTest, HasLessHostPrivilegesThan) { | 1132 TEST(ExtensionPermissionsTest, HasLessHostPrivilegesThan) { |
| 1055 URLPatternSet elist1; | 1133 URLPatternSet elist1; |
| 1056 URLPatternSet elist2; | 1134 URLPatternSet elist2; |
| 1057 URLPatternSet slist1; | 1135 URLPatternSet slist1; |
| 1058 URLPatternSet slist2; | 1136 URLPatternSet slist2; |
| 1059 scoped_refptr<ExtensionPermissionSet> set1; | 1137 scoped_refptr<ExtensionPermissionSet> set1; |
| 1060 scoped_refptr<ExtensionPermissionSet> set2; | 1138 scoped_refptr<ExtensionPermissionSet> set2; |
| 1061 ExtensionAPIPermissionSet empty_perms; | 1139 ExtensionAPIPermissionSet empty_perms; |
| 1062 elist1.AddPattern( | 1140 elist1.AddPattern( |
| 1063 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); | 1141 URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path")); |
| 1064 elist1.AddPattern( | 1142 elist1.AddPattern( |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1113 | 1191 |
| 1114 // Test that different subdomains count as different hosts. | 1192 // Test that different subdomains count as different hosts. |
| 1115 elist2.ClearPatterns(); | 1193 elist2.ClearPatterns(); |
| 1116 elist2.AddPattern( | 1194 elist2.AddPattern( |
| 1117 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); | 1195 URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*")); |
| 1118 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); | 1196 set2 = new ExtensionPermissionSet(empty_perms, elist2, slist2); |
| 1119 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); | 1197 EXPECT_TRUE(set1->HasLessHostPrivilegesThan(set2.get())); |
| 1120 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); | 1198 EXPECT_TRUE(set2->HasLessHostPrivilegesThan(set1.get())); |
| 1121 } | 1199 } |
| 1122 | 1200 |
| 1123 TEST(ExtensionPermissionSetTest, GetAPIsAsStrings) { | 1201 TEST(ExtensionPermissionsTest, GetAPIsAsStrings) { |
| 1124 ExtensionAPIPermissionSet apis; | 1202 ExtensionAPIPermissionSet apis; |
| 1125 URLPatternSet empty_set; | 1203 URLPatternSet empty_set; |
| 1126 | 1204 |
| 1127 apis.insert(ExtensionAPIPermission::kProxy); | 1205 apis.insert(ExtensionAPIPermission::kProxy); |
| 1128 apis.insert(ExtensionAPIPermission::kBackground); | 1206 apis.insert(ExtensionAPIPermission::kBackground); |
| 1129 apis.insert(ExtensionAPIPermission::kNotification); | 1207 apis.insert(ExtensionAPIPermission::kNotification); |
| 1130 apis.insert(ExtensionAPIPermission::kTab); | 1208 apis.insert(ExtensionAPIPermission::kTab); |
| 1131 | 1209 |
| 1132 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( | 1210 scoped_refptr<ExtensionPermissionSet> perm_set = new ExtensionPermissionSet( |
| 1133 apis, empty_set, empty_set); | 1211 apis, empty_set, empty_set); |
| 1134 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); | 1212 std::set<std::string> api_names = perm_set->GetAPIsAsStrings(); |
| 1135 | 1213 |
| 1136 // The result is correct if it has the same number of elements | 1214 // The result is correct if it has the same number of elements |
| 1137 // and we can convert it back to the id set. | 1215 // and we can convert it back to the id set. |
| 1138 EXPECT_EQ(4u, api_names.size()); | 1216 EXPECT_EQ(4u, api_names.size()); |
| 1139 EXPECT_EQ(apis, | 1217 EXPECT_EQ(apis, |
| 1140 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); | 1218 ExtensionPermissionsInfo::GetInstance()->GetAllByName(api_names)); |
| 1141 } | 1219 } |
| 1142 | 1220 |
| 1143 TEST(ExtensionPermissionSetTest, IsEmpty) { | 1221 TEST(ExtensionPermissionsTest, IsEmpty) { |
| 1144 ExtensionAPIPermissionSet empty_apis; | 1222 ExtensionAPIPermissionSet empty_apis; |
| 1145 URLPatternSet empty_extent; | 1223 URLPatternSet empty_extent; |
| 1146 | 1224 |
| 1147 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); | 1225 scoped_refptr<ExtensionPermissionSet> empty = new ExtensionPermissionSet(); |
| 1148 EXPECT_TRUE(empty->IsEmpty()); | 1226 EXPECT_TRUE(empty->IsEmpty()); |
| 1149 scoped_refptr<ExtensionPermissionSet> perm_set; | 1227 scoped_refptr<ExtensionPermissionSet> perm_set; |
| 1150 | 1228 |
| 1151 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); | 1229 perm_set = new ExtensionPermissionSet(empty_apis, empty_extent, empty_extent); |
| 1152 EXPECT_TRUE(perm_set->IsEmpty()); | 1230 EXPECT_TRUE(perm_set->IsEmpty()); |
| 1153 | 1231 |
| 1154 ExtensionAPIPermissionSet non_empty_apis; | 1232 ExtensionAPIPermissionSet non_empty_apis; |
| 1155 non_empty_apis.insert(ExtensionAPIPermission::kBackground); | 1233 non_empty_apis.insert(ExtensionAPIPermission::kBackground); |
| 1156 perm_set = new ExtensionPermissionSet( | 1234 perm_set = new ExtensionPermissionSet( |
| 1157 non_empty_apis, empty_extent, empty_extent); | 1235 non_empty_apis, empty_extent, empty_extent); |
| 1158 EXPECT_FALSE(perm_set->IsEmpty()); | 1236 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1159 | 1237 |
| 1160 // Try non standard host | 1238 // Try non standard host |
| 1161 URLPatternSet non_empty_extent; | 1239 URLPatternSet non_empty_extent; |
| 1162 AddPattern(&non_empty_extent, "http://www.google.com/*"); | 1240 AddPattern(&non_empty_extent, "http://www.google.com/*"); |
| 1163 | 1241 |
| 1164 perm_set = new ExtensionPermissionSet( | 1242 perm_set = new ExtensionPermissionSet( |
| 1165 empty_apis, non_empty_extent, empty_extent); | 1243 empty_apis, non_empty_extent, empty_extent); |
| 1166 EXPECT_FALSE(perm_set->IsEmpty()); | 1244 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1167 | 1245 |
| 1168 perm_set = new ExtensionPermissionSet( | 1246 perm_set = new ExtensionPermissionSet( |
| 1169 empty_apis, empty_extent, non_empty_extent); | 1247 empty_apis, empty_extent, non_empty_extent); |
| 1170 EXPECT_FALSE(perm_set->IsEmpty()); | 1248 EXPECT_FALSE(perm_set->IsEmpty()); |
| 1171 } | 1249 } |
| 1250 |
| 1251 // Tests that permission whitelists are enforced. |
| 1252 TEST(ExtensionPermissionsTest, Whitelists) { |
| 1253 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 1254 ExtensionAPIPermissionSet ids = info->GetAll(); |
| 1255 |
| 1256 // We CHECK if a developer tries to register a whitelist without setting |
| 1257 // kFlagEnforceWhitelist, so there's no need to enumerate the permissions we |
| 1258 // expect to have whitelists. |
| 1259 |
| 1260 DictionaryValue source; |
| 1261 source.SetString(keys::kName, "permission whitelist test"); |
| 1262 source.SetString(keys::kVersion, "1"); |
| 1263 source.SetInteger(keys::kManifestVersion, 2); |
| 1264 |
| 1265 for (ExtensionAPIPermissionSet::iterator i = ids.begin(); |
| 1266 i != ids.end(); ++i) { |
| 1267 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 1268 if (!permission->should_enforce_whitelist()) |
| 1269 continue; |
| 1270 |
| 1271 scoped_ptr<DictionaryValue> manifest(source.DeepCopy()); |
| 1272 ListValue* permissions = new ListValue(); |
| 1273 permissions->Append(Value::CreateStringValue(permission->name())); |
| 1274 manifest->Set(keys::kPermissions, permissions); |
| 1275 |
| 1276 // Even COMPONENT extensions are subject to the whitelist. |
| 1277 LoadManifestAndExpectError( |
| 1278 manifest.get(), Extension::COMPONENT, |
| 1279 ExtensionErrorUtils::FormatErrorMessage( |
| 1280 errors::kPermissionNotAllowed, permission->name())); |
| 1281 } |
| 1282 } |
| OLD | NEW |