| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/strings/string16.h" | 9 #include "base/strings/string16.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 const GURL chrome_settings_url("chrome://settings/"); | 81 const GURL chrome_settings_url("chrome://settings/"); |
| 82 const GURL chrome_extension_url("chrome-extension://foo/bar.html"); | 82 const GURL chrome_extension_url("chrome-extension://foo/bar.html"); |
| 83 const GURL google_url("https://www.google.com/"); | 83 const GURL google_url("https://www.google.com/"); |
| 84 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); | 84 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); |
| 85 const GURL invalid_url("chrome-debugger://foo/bar.html"); | 85 const GURL invalid_url("chrome-debugger://foo/bar.html"); |
| 86 | 86 |
| 87 std::string error; | 87 std::string error; |
| 88 EXPECT_EQ(block_chrome_urls, | 88 EXPECT_EQ(block_chrome_urls, |
| 89 PermissionsData::IsRestrictedUrl( | 89 PermissionsData::IsRestrictedUrl( |
| 90 chrome_settings_url, | 90 chrome_settings_url, |
| 91 chrome_settings_url, | |
| 92 extension, | 91 extension, |
| 93 &error)) << name; | 92 &error)) << name; |
| 94 if (block_chrome_urls) | 93 if (block_chrome_urls) |
| 95 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; | 94 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; |
| 96 else | 95 else |
| 97 EXPECT_TRUE(error.empty()) << name; | 96 EXPECT_TRUE(error.empty()) << name; |
| 98 | 97 |
| 99 error.clear(); | 98 error.clear(); |
| 100 EXPECT_EQ(block_chrome_urls, | 99 EXPECT_EQ(block_chrome_urls, |
| 101 PermissionsData::IsRestrictedUrl( | 100 PermissionsData::IsRestrictedUrl( |
| 102 chrome_extension_url, | 101 chrome_extension_url, |
| 103 chrome_extension_url, | |
| 104 extension, | 102 extension, |
| 105 &error)) << name; | 103 &error)) << name; |
| 106 if (block_chrome_urls) | 104 if (block_chrome_urls) |
| 107 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; | 105 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; |
| 108 else | 106 else |
| 109 EXPECT_TRUE(error.empty()) << name; | 107 EXPECT_TRUE(error.empty()) << name; |
| 110 | 108 |
| 111 // Google should never be a restricted url. | 109 // Google should never be a restricted url. |
| 112 error.clear(); | 110 error.clear(); |
| 113 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( | 111 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
| 114 google_url, google_url, extension, &error)) << name; | 112 google_url, extension, &error)) << name; |
| 115 EXPECT_TRUE(error.empty()) << name; | 113 EXPECT_TRUE(error.empty()) << name; |
| 116 | 114 |
| 117 // We should always be able to access our own extension pages. | 115 // We should always be able to access our own extension pages. |
| 118 error.clear(); | 116 error.clear(); |
| 119 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( | 117 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
| 120 self_url, self_url, extension, &error)) << name; | 118 self_url, extension, &error)) << name; |
| 121 EXPECT_TRUE(error.empty()) << name; | 119 EXPECT_TRUE(error.empty()) << name; |
| 122 | 120 |
| 123 // We should only allow other schemes for extensions when it's a whitelisted | 121 // We should only allow other schemes for extensions when it's a whitelisted |
| 124 // extension. | 122 // extension. |
| 125 error.clear(); | 123 error.clear(); |
| 126 bool allow_on_other_schemes = | 124 bool allow_on_other_schemes = |
| 127 PermissionsData::CanExecuteScriptEverywhere(extension); | 125 PermissionsData::CanExecuteScriptEverywhere(extension); |
| 128 EXPECT_EQ(!allow_on_other_schemes, | 126 EXPECT_EQ(!allow_on_other_schemes, |
| 129 PermissionsData::IsRestrictedUrl( | 127 PermissionsData::IsRestrictedUrl( |
| 130 invalid_url, invalid_url, extension, &error)) << name; | 128 invalid_url, extension, &error)) << name; |
| 131 if (!allow_on_other_schemes) { | 129 if (!allow_on_other_schemes) { |
| 132 EXPECT_EQ(ErrorUtils::FormatErrorMessage( | 130 EXPECT_EQ(ErrorUtils::FormatErrorMessage( |
| 133 manifest_errors::kCannotAccessPage, | 131 manifest_errors::kCannotAccessPage, |
| 134 invalid_url.spec()), | 132 invalid_url.spec()), |
| 135 error) << name; | 133 error) << name; |
| 136 } else { | 134 } else { |
| 137 EXPECT_TRUE(error.empty()); | 135 EXPECT_TRUE(error.empty()); |
| 138 } | 136 } |
| 139 } | 137 } |
| 140 | 138 |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 406 urls_.insert(https_url); | 404 urls_.insert(https_url); |
| 407 urls_.insert(file_url); | 405 urls_.insert(file_url); |
| 408 urls_.insert(favicon_url); | 406 urls_.insert(favicon_url); |
| 409 urls_.insert(extension_url); | 407 urls_.insert(extension_url); |
| 410 urls_.insert(settings_url); | 408 urls_.insert(settings_url); |
| 411 urls_.insert(about_url); | 409 urls_.insert(about_url); |
| 412 // Ignore the policy delegate for this test. | 410 // Ignore the policy delegate for this test. |
| 413 PermissionsData::SetPolicyDelegate(NULL); | 411 PermissionsData::SetPolicyDelegate(NULL); |
| 414 } | 412 } |
| 415 | 413 |
| 416 bool AllowedScript(const Extension* extension, const GURL& url, | 414 bool AllowedScript(const Extension* extension, const GURL& url) { |
| 417 const GURL& top_url) { | 415 return AllowedScript(extension, url, -1); |
| 418 return AllowedScript(extension, url, top_url, -1); | |
| 419 } | 416 } |
| 420 | 417 |
| 421 bool AllowedScript(const Extension* extension, const GURL& url, | 418 bool AllowedScript(const Extension* extension, const GURL& url, int tab_id) { |
| 422 const GURL& top_url, int tab_id) { | |
| 423 return extension->permissions_data()->CanAccessPage( | 419 return extension->permissions_data()->CanAccessPage( |
| 424 extension, url, top_url, tab_id, -1, NULL); | 420 extension, url, tab_id, -1, NULL); |
| 425 } | 421 } |
| 426 | 422 |
| 427 bool BlockedScript(const Extension* extension, const GURL& url, | 423 bool BlockedScript(const Extension* extension, const GURL& url) { |
| 428 const GURL& top_url) { | |
| 429 return !extension->permissions_data()->CanAccessPage( | 424 return !extension->permissions_data()->CanAccessPage( |
| 430 extension, url, top_url, -1, -1, NULL); | 425 extension, url, -1, -1, NULL); |
| 431 } | 426 } |
| 432 | 427 |
| 433 bool Allowed(const Extension* extension, const GURL& url) { | 428 bool Allowed(const Extension* extension, const GURL& url) { |
| 434 return Allowed(extension, url, -1); | 429 return Allowed(extension, url, -1); |
| 435 } | 430 } |
| 436 | 431 |
| 437 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { | 432 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { |
| 438 return (extension->permissions_data()->CanAccessPage( | 433 return (extension->permissions_data()->CanAccessPage( |
| 439 extension, url, url, tab_id, -1, NULL) && | 434 extension, url, tab_id, -1, NULL) && |
| 440 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL)); | 435 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL)); |
| 441 } | 436 } |
| 442 | 437 |
| 443 bool CaptureOnly(const Extension* extension, const GURL& url) { | 438 bool CaptureOnly(const Extension* extension, const GURL& url) { |
| 444 return CaptureOnly(extension, url, -1); | 439 return CaptureOnly(extension, url, -1); |
| 445 } | 440 } |
| 446 | 441 |
| 447 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { | 442 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { |
| 448 return !extension->permissions_data()->CanAccessPage( | 443 return !extension->permissions_data()->CanAccessPage( |
| 449 extension, url, url, tab_id, -1, NULL) && | 444 extension, url, tab_id, -1, NULL) && |
| 450 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); | 445 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); |
| 451 } | 446 } |
| 452 | 447 |
| 453 bool ScriptOnly(const Extension* extension, const GURL& url, | 448 bool ScriptOnly(const Extension* extension, const GURL& url) { |
| 454 const GURL& top_url) { | 449 return ScriptOnly(extension, url, -1); |
| 455 return ScriptOnly(extension, url, top_url, -1); | |
| 456 } | 450 } |
| 457 | 451 |
| 458 bool ScriptOnly(const Extension* extension, const GURL& url, | 452 bool ScriptOnly(const Extension* extension, const GURL& url, int tab_id) { |
| 459 const GURL& top_url, int tab_id) { | 453 return AllowedScript(extension, url, tab_id) && |
| 460 return AllowedScript(extension, url, top_url, tab_id) && | |
| 461 !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); | 454 !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); |
| 462 } | 455 } |
| 463 | 456 |
| 464 bool Blocked(const Extension* extension, const GURL& url) { | 457 bool Blocked(const Extension* extension, const GURL& url) { |
| 465 return Blocked(extension, url, -1); | 458 return Blocked(extension, url, -1); |
| 466 } | 459 } |
| 467 | 460 |
| 468 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { | 461 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { |
| 469 return !(extension->permissions_data()->CanAccessPage( | 462 return !(extension->permissions_data()->CanAccessPage( |
| 470 extension, url, url, tab_id, -1, NULL) || | 463 extension, url, tab_id, -1, NULL) || |
| 471 extension->permissions_data()->CanCaptureVisiblePage(tab_id, | 464 extension->permissions_data()->CanCaptureVisiblePage(tab_id, |
| 472 NULL)); | 465 NULL)); |
| 473 } | 466 } |
| 474 | 467 |
| 475 bool ScriptAllowedExclusivelyOnTab( | 468 bool ScriptAllowedExclusivelyOnTab( |
| 476 const Extension* extension, | 469 const Extension* extension, |
| 477 const std::set<GURL>& allowed_urls, | 470 const std::set<GURL>& allowed_urls, |
| 478 int tab_id) { | 471 int tab_id) { |
| 479 bool result = true; | 472 bool result = true; |
| 480 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { | 473 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { |
| 481 const GURL& url = *it; | 474 const GURL& url = *it; |
| 482 if (allowed_urls.count(url)) | 475 if (allowed_urls.count(url)) |
| 483 result &= AllowedScript(extension, url, url, tab_id); | 476 result &= AllowedScript(extension, url, tab_id); |
| 484 else | 477 else |
| 485 result &= Blocked(extension, url, tab_id); | 478 result &= Blocked(extension, url, tab_id); |
| 486 } | 479 } |
| 487 return result; | 480 return result; |
| 488 } | 481 } |
| 489 | 482 |
| 490 // URLs that are "safe" to provide scripting and capture visible tab access | 483 // URLs that are "safe" to provide scripting and capture visible tab access |
| 491 // to if the permissions allow it. | 484 // to if the permissions allow it. |
| 492 const GURL http_url; | 485 const GURL http_url; |
| 493 const GURL http_url_with_path; | 486 const GURL http_url_with_path; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 516 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 509 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
| 517 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 510 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
| 518 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); | 511 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); |
| 519 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); | 512 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); |
| 520 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); | 513 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); |
| 521 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); | 514 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); |
| 522 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); | 515 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); |
| 523 | 516 |
| 524 // Test access to iframed content. | 517 // Test access to iframed content. |
| 525 GURL within_extension_url = extension->GetResourceURL("page.html"); | 518 GURL within_extension_url = extension->GetResourceURL("page.html"); |
| 526 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); | 519 EXPECT_TRUE(AllowedScript(extension.get(), http_url)); |
| 527 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); | 520 EXPECT_TRUE(AllowedScript(extension.get(), http_url_with_path)); |
| 528 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); | 521 EXPECT_TRUE(AllowedScript(extension.get(), https_url)); |
| 529 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); | 522 EXPECT_TRUE(BlockedScript(extension.get(), within_extension_url)); |
| 530 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); | 523 EXPECT_TRUE(BlockedScript(extension.get(), extension_url)); |
| 531 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); | |
| 532 | 524 |
| 533 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); | 525 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); |
| 534 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url)); | 526 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url)); |
| 535 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); | 527 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); |
| 536 | 528 |
| 537 // Test * for scheme, which implies just the http/https schemes. | 529 // Test * for scheme, which implies just the http/https schemes. |
| 538 extension = LoadManifestStrict("script_and_capture", | 530 extension = LoadManifestStrict("script_and_capture", |
| 539 "extension_wildcard.json"); | 531 "extension_wildcard.json"); |
| 540 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); | 532 EXPECT_TRUE(ScriptOnly(extension.get(), http_url)); |
| 541 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); | 533 EXPECT_TRUE(ScriptOnly(extension.get(), https_url)); |
| 542 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 534 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 543 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 535 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 544 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 536 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
| 545 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 537 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
| 546 extension = | 538 extension = |
| 547 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); | 539 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); |
| 548 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 540 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 549 | 541 |
| 550 // Having chrome://*/ should not work for regular extensions. Note that | 542 // Having chrome://*/ should not work for regular extensions. Note that |
| 551 // for favicon access, we require the explicit pattern chrome://favicon/*. | 543 // for favicon access, we require the explicit pattern chrome://favicon/*. |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 585 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 577 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
| 586 EXPECT_TRUE(Allowed(extension.get(), settings_url)); | 578 EXPECT_TRUE(Allowed(extension.get(), settings_url)); |
| 587 EXPECT_TRUE(Allowed(extension.get(), about_url)); | 579 EXPECT_TRUE(Allowed(extension.get(), about_url)); |
| 588 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); | 580 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); |
| 589 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); | 581 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); |
| 590 | 582 |
| 591 // Component extensions should only get access to what they ask for. | 583 // Component extensions should only get access to what they ask for. |
| 592 extension = LoadManifest("script_and_capture", | 584 extension = LoadManifest("script_and_capture", |
| 593 "extension_component_google.json", Manifest::COMPONENT, | 585 "extension_component_google.json", Manifest::COMPONENT, |
| 594 Extension::NO_FLAGS); | 586 Extension::NO_FLAGS); |
| 595 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); | 587 EXPECT_TRUE(ScriptOnly(extension.get(), http_url)); |
| 596 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 588 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
| 597 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 589 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
| 598 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 590 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 599 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 591 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
| 600 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 592 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 601 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 593 EXPECT_TRUE(Blocked(extension.get(), extension_url)); |
| 602 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); | 594 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); |
| 603 } | 595 } |
| 604 | 596 |
| 605 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { | 597 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { |
| 606 base::CommandLine::ForCurrentProcess()->AppendSwitch( | 598 base::CommandLine::ForCurrentProcess()->AppendSwitch( |
| 607 switches::kExtensionsOnChromeURLs); | 599 switches::kExtensionsOnChromeURLs); |
| 608 | 600 |
| 609 scoped_refptr<Extension> extension; | 601 scoped_refptr<Extension> extension; |
| 610 | 602 |
| 611 // Test <all_urls> for regular extensions. | 603 // Test <all_urls> for regular extensions. |
| 612 extension = LoadManifestStrict("script_and_capture", | 604 extension = LoadManifestStrict("script_and_capture", |
| 613 "extension_regular_all.json"); | 605 "extension_regular_all.json"); |
| 614 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 606 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
| 615 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 607 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
| 616 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); | 608 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); |
| 617 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); | 609 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); |
| 618 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested | 610 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested |
| 619 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); | 611 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); |
| 620 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); | 612 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); |
| 621 | 613 |
| 622 // Test access to iframed content. | 614 // Test access to iframed content. |
| 623 GURL within_extension_url = extension->GetResourceURL("page.html"); | 615 GURL within_extension_url = extension->GetResourceURL("page.html"); |
| 624 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); | 616 EXPECT_TRUE(AllowedScript(extension.get(), http_url)); |
| 625 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); | 617 EXPECT_TRUE(AllowedScript(extension.get(), http_url_with_path)); |
| 626 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); | 618 EXPECT_TRUE(AllowedScript(extension.get(), https_url)); |
| 627 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); | 619 EXPECT_TRUE(BlockedScript(extension.get(), within_extension_url)); |
| 628 EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url)); | 620 EXPECT_TRUE(BlockedScript(extension.get(), extension_url)); |
| 629 EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url)); | |
| 630 | 621 |
| 631 const PermissionsData* permissions_data = extension->permissions_data(); | 622 const PermissionsData* permissions_data = extension->permissions_data(); |
| 632 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); | 623 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); |
| 633 EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); | 624 EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); |
| 634 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); | 625 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); |
| 635 | 626 |
| 636 // Test * for scheme, which implies just the http/https schemes. | 627 // Test * for scheme, which implies just the http/https schemes. |
| 637 extension = LoadManifestStrict("script_and_capture", | 628 extension = LoadManifestStrict("script_and_capture", |
| 638 "extension_wildcard.json"); | 629 "extension_wildcard.json"); |
| 639 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); | 630 EXPECT_TRUE(ScriptOnly(extension.get(), http_url)); |
| 640 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); | 631 EXPECT_TRUE(ScriptOnly(extension.get(), https_url)); |
| 641 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 632 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 642 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 633 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 643 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 634 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
| 644 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 635 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
| 645 extension = | 636 extension = |
| 646 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); | 637 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); |
| 647 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 638 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 648 | 639 |
| 649 // Having chrome://*/ should work for regular extensions with the flag | 640 // Having chrome://*/ should work for regular extensions with the flag |
| 650 // enabled. | 641 // enabled. |
| 651 std::string error; | 642 std::string error; |
| 652 extension = LoadManifestUnchecked("script_and_capture", | 643 extension = LoadManifestUnchecked("script_and_capture", |
| 653 "extension_wildcard_chrome.json", | 644 "extension_wildcard_chrome.json", |
| 654 Manifest::INTERNAL, Extension::NO_FLAGS, | 645 Manifest::INTERNAL, Extension::NO_FLAGS, |
| 655 &error); | 646 &error); |
| 656 EXPECT_FALSE(extension.get() == NULL); | 647 EXPECT_FALSE(extension.get() == NULL); |
| 657 EXPECT_TRUE(Blocked(extension.get(), http_url)); | 648 EXPECT_TRUE(Blocked(extension.get(), http_url)); |
| 658 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 649 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
| 659 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url)); | 650 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url)); |
| 660 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 651 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 661 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 652 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
| 662 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); | 653 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url)); |
| 663 | 654 |
| 664 // Having chrome://favicon/* should not give you chrome://* | 655 // Having chrome://favicon/* should not give you chrome://* |
| 665 extension = LoadManifestStrict("script_and_capture", | 656 extension = LoadManifestStrict("script_and_capture", |
| 666 "extension_chrome_favicon_wildcard.json"); | 657 "extension_chrome_favicon_wildcard.json"); |
| 667 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 658 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 668 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); | 659 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url)); |
| 669 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 660 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 670 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); | 661 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); |
| 671 | 662 |
| 672 // Having http://favicon should not give you chrome://favicon | 663 // Having http://favicon should not give you chrome://favicon |
| 673 extension = LoadManifestStrict("script_and_capture", | 664 extension = LoadManifestStrict("script_and_capture", |
| 674 "extension_http_favicon.json"); | 665 "extension_http_favicon.json"); |
| 675 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 666 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 676 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 667 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
| 677 | 668 |
| 678 // Component extensions with <all_urls> should get everything. | 669 // Component extensions with <all_urls> should get everything. |
| 679 extension = LoadManifest("script_and_capture", "extension_component_all.json", | 670 extension = LoadManifest("script_and_capture", "extension_component_all.json", |
| 680 Manifest::COMPONENT, Extension::NO_FLAGS); | 671 Manifest::COMPONENT, Extension::NO_FLAGS); |
| 681 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 672 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
| 682 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 673 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
| 683 EXPECT_TRUE(Allowed(extension.get(), settings_url)); | 674 EXPECT_TRUE(Allowed(extension.get(), settings_url)); |
| 684 EXPECT_TRUE(Allowed(extension.get(), about_url)); | 675 EXPECT_TRUE(Allowed(extension.get(), about_url)); |
| 685 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); | 676 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); |
| 686 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); | 677 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); |
| 687 | 678 |
| 688 // Component extensions should only get access to what they ask for. | 679 // Component extensions should only get access to what they ask for. |
| 689 extension = LoadManifest("script_and_capture", | 680 extension = LoadManifest("script_and_capture", |
| 690 "extension_component_google.json", Manifest::COMPONENT, | 681 "extension_component_google.json", Manifest::COMPONENT, |
| 691 Extension::NO_FLAGS); | 682 Extension::NO_FLAGS); |
| 692 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); | 683 EXPECT_TRUE(ScriptOnly(extension.get(), http_url)); |
| 693 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 684 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
| 694 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 685 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
| 695 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 686 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
| 696 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 687 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
| 697 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 688 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
| 698 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 689 EXPECT_TRUE(Blocked(extension.get(), extension_url)); |
| 699 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); | 690 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); |
| 700 } | 691 } |
| 701 | 692 |
| 702 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { | 693 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 785 | 776 |
| 786 permissions_data->ClearTabSpecificPermissions(1); | 777 permissions_data->ClearTabSpecificPermissions(1); |
| 787 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); | 778 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); |
| 788 | 779 |
| 789 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 780 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
| 790 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 781 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
| 791 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 782 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
| 792 } | 783 } |
| 793 | 784 |
| 794 } // namespace extensions | 785 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1150683007:
[Extensions] Use document url (not top url) for tab-specific permissions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master