Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(199)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_unittest.cc

Issue 11734030: Small extra validations on permission checks: reject "0" as a valid permission (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_unittest.cc
===================================================================
--- content/browser/child_process_security_policy_unittest.cc (revision 174890)
+++ content/browser/child_process_security_policy_unittest.cc (working copy)
@@ -20,6 +20,12 @@
const int kRendererID = 42;
const int kWorkerRendererID = kRendererID + 1;
+#if defined(FILE_PATH_USES_DRIVE_LETTERS)
+#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
+#else
+#define TEST_PATH(x) FILE_PATH_LITERAL(x)
+#endif
+
class ChildProcessSecurityPolicyTestBrowserClient
: public TestContentBrowserClient {
public:
@@ -294,21 +300,16 @@
p->Add(kRendererID);
- EXPECT_FALSE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
- p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
- EXPECT_TRUE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
- EXPECT_FALSE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
+ EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+ p->GrantReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd")));
+ EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+ EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/shadow"))));
p->Remove(kRendererID);
p->Add(kRendererID);
- EXPECT_FALSE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
- EXPECT_FALSE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
+ EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+ EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/shadow"))));
p->Remove(kRendererID);
}
@@ -319,49 +320,40 @@
p->Add(kRendererID);
- EXPECT_FALSE(p->CanReadDirectory(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/"))));
- p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
- EXPECT_TRUE(p->CanReadDirectory(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/"))));
- EXPECT_TRUE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
+ EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+ p->GrantReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/")));
+ EXPECT_TRUE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+ EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
p->Remove(kRendererID);
p->Add(kRendererID);
- EXPECT_FALSE(p->CanReadDirectory(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/"))));
- EXPECT_FALSE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
+ EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+ EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
// Just granting read permission as a file doesn't imply reading as a
// directory.
- p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
- EXPECT_TRUE(p->CanReadFile(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
- EXPECT_FALSE(p->CanReadDirectory(kRendererID,
- FilePath(FILE_PATH_LITERAL("/etc/"))));
+ p->GrantReadFile(kRendererID, FilePath(TEST_PATH("/etc/")));
+ EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+ EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
p->Remove(kRendererID);
}
TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
- FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe"));
- FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob"));
- FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file"));
- FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home"));
- FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/"));
- FilePath child_traversal1 = FilePath(
- FILE_PATH_LITERAL("/home/joe/././file"));
+ FilePath granted_file = FilePath(TEST_PATH("/home/joe"));
+ FilePath sibling_file = FilePath(TEST_PATH("/home/bob"));
+ FilePath child_file = FilePath(TEST_PATH("/home/joe/file"));
+ FilePath parent_file = FilePath(TEST_PATH("/home"));
+ FilePath parent_slash_file = FilePath(TEST_PATH("/home/"));
+ FilePath child_traversal1 = FilePath(TEST_PATH("/home/joe/././file"));
FilePath child_traversal2 = FilePath(
- FILE_PATH_LITERAL("/home/joe/file/../otherfile"));
- FilePath evil_traversal1 = FilePath(
- FILE_PATH_LITERAL("/home/joe/../../etc/passwd"));
+ TEST_PATH("/home/joe/file/../otherfile"));
+ FilePath evil_traversal1 = FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
FilePath evil_traversal2 = FilePath(
- FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd"));
- FilePath self_traversal = FilePath(
- FILE_PATH_LITERAL("/home/joe/../joe/file"));
+ TEST_PATH("/home/joe/./.././../etc/passwd"));
+ FilePath self_traversal = FilePath(TEST_PATH("/home/joe/../joe/file"));
+ FilePath relative_file = FilePath(TEST_PATH("home/joe"));
Charlie Reis 2013/01/04 20:59:34 Isn't this going to result in c:home/joe? I suppo
ChildProcessSecurityPolicyImpl* p =
ChildProcessSecurityPolicyImpl::GetInstance();
@@ -386,6 +378,7 @@
base::PLATFORM_FILE_READ));
EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
base::PLATFORM_FILE_CREATE));
+ EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
base::PLATFORM_FILE_CREATE |
base::PLATFORM_FILE_OPEN_TRUNCATED |
@@ -486,6 +479,13 @@
base::PLATFORM_FILE_OPEN |
base::PLATFORM_FILE_READ));
p->Remove(kWorkerRendererID);
+
+ p->Add(kRendererID);
+ p->GrantPermissionsForFile(kRendererID, relative_file,
+ base::PLATFORM_FILE_OPEN);
+ EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
+ base::PLATFORM_FILE_OPEN));
+ p->Remove(kRendererID);
}
TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
@@ -510,7 +510,7 @@
ChildProcessSecurityPolicyImpl::GetInstance();
GURL url("file:///etc/passwd");
- FilePath file(FILE_PATH_LITERAL("/etc/passwd"));
+ FilePath file(TEST_PATH("/etc/passwd"));
p->Add(kRendererID);
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698