Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(270)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/csp_validator_unittest.cc

Issue 12093036: Move Extension Location and Type enums to Manifest, and move InstallWarning to its own file. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/extensions/tab_helper.h ('K') | « chrome/common/extensions/csp_validator.cc ('k') | chrome/common/extensions/extension.h » ('j') | chrome/common/extensions/extension.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/csp_validator.h" 5 #include "chrome/common/extensions/csp_validator.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 using extensions::csp_validator::ContentSecurityPolicyIsLegal; 8 using extensions::csp_validator::ContentSecurityPolicyIsLegal;
9 using extensions::csp_validator::ContentSecurityPolicyIsSecure; 9 using extensions::csp_validator::ContentSecurityPolicyIsSecure;
10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; 10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;
11 using extensions::Extension; 11 using extensions::Manifest;
12 12
13 TEST(ExtensionCSPValidator, IsLegal) { 13 TEST(ExtensionCSPValidator, IsLegal) {
14 EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo")); 14 EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo"));
15 EXPECT_TRUE(ContentSecurityPolicyIsLegal( 15 EXPECT_TRUE(ContentSecurityPolicyIsLegal(
16 "default-src 'self'; script-src http://www.google.com")); 16 "default-src 'self'; script-src http://www.google.com"));
17 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 17 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
18 "default-src 'self';\nscript-src http://www.google.com")); 18 "default-src 'self';\nscript-src http://www.google.com"));
19 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 19 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
20 "default-src 'self';\rscript-src http://www.google.com")); 20 "default-src 'self';\rscript-src http://www.google.com"));
21 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 21 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
22 "default-src 'self';,script-src http://www.google.com")); 22 "default-src 'self';,script-src http://www.google.com"));
23 } 23 }
24 24
25 TEST(ExtensionCSPValidator, IsSecure) { 25 TEST(ExtensionCSPValidator, IsSecure) {
26 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 26 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
27 "", Extension::TYPE_EXTENSION)); 27 "", Manifest::TYPE_EXTENSION));
28 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 28 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
29 "img-src https://google.com", Extension::TYPE_EXTENSION)); 29 "img-src https://google.com", Manifest::TYPE_EXTENSION));
30 30
31 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 31 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
32 "default-src *", Extension::TYPE_EXTENSION)); 32 "default-src *", Manifest::TYPE_EXTENSION));
33 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 33 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
34 "default-src 'self'", Extension::TYPE_EXTENSION)); 34 "default-src 'self'", Manifest::TYPE_EXTENSION));
35 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 35 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
36 "default-src 'none'", Extension::TYPE_EXTENSION)); 36 "default-src 'none'", Manifest::TYPE_EXTENSION));
37 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 37 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
38 "default-src 'self' ftp://google.com", Extension::TYPE_EXTENSION)); 38 "default-src 'self' ftp://google.com", Manifest::TYPE_EXTENSION));
39 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 39 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
40 "default-src 'self' https://google.com", Extension::TYPE_EXTENSION)); 40 "default-src 'self' https://google.com", Manifest::TYPE_EXTENSION));
41 41
42 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 42 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
43 "default-src *; default-src 'self'", Extension::TYPE_EXTENSION)); 43 "default-src *; default-src 'self'", Manifest::TYPE_EXTENSION));
44 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 44 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
45 "default-src 'self'; default-src *", Extension::TYPE_EXTENSION)); 45 "default-src 'self'; default-src *", Manifest::TYPE_EXTENSION));
46 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 46 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
47 "default-src 'self'; default-src *; script-src *; script-src 'self'", 47 "default-src 'self'; default-src *; script-src *; script-src 'self'",
48 Extension::TYPE_EXTENSION)); 48 Manifest::TYPE_EXTENSION));
49 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 49 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
50 "default-src 'self'; default-src *; script-src 'self'; script-src *", 50 "default-src 'self'; default-src *; script-src 'self'; script-src *",
51 Extension::TYPE_EXTENSION)); 51 Manifest::TYPE_EXTENSION));
52 52
53 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 53 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
54 "default-src *; script-src 'self'", Extension::TYPE_EXTENSION)); 54 "default-src *; script-src 'self'", Manifest::TYPE_EXTENSION));
55 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 55 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
56 "default-src *; script-src 'self'; img-src 'self'", 56 "default-src *; script-src 'self'; img-src 'self'",
57 Extension::TYPE_EXTENSION)); 57 Manifest::TYPE_EXTENSION));
58 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 58 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
59 "default-src *; script-src 'self'; object-src 'self'", 59 "default-src *; script-src 'self'; object-src 'self'",
60 Extension::TYPE_EXTENSION)); 60 Manifest::TYPE_EXTENSION));
61 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 61 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
62 "script-src 'self'; object-src 'self'", Extension::TYPE_EXTENSION)); 62 "script-src 'self'; object-src 'self'", Manifest::TYPE_EXTENSION));
63 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 63 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
64 "default-src 'unsafe-eval'", Extension::TYPE_EXTENSION)); 64 "default-src 'unsafe-eval'", Manifest::TYPE_EXTENSION));
65 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 65 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
66 "default-src 'unsafe-eval'", Extension::TYPE_LEGACY_PACKAGED_APP)); 66 "default-src 'unsafe-eval'", Manifest::TYPE_LEGACY_PACKAGED_APP));
67 67
68 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 68 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
69 "default-src 'unsafe-eval'", Extension::TYPE_PLATFORM_APP)); 69 "default-src 'unsafe-eval'", Manifest::TYPE_PLATFORM_APP));
70 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 70 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
71 "default-src 'unsafe-inline'", Extension::TYPE_EXTENSION)); 71 "default-src 'unsafe-inline'", Manifest::TYPE_EXTENSION));
72 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 72 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
73 "default-src 'unsafe-inline' 'none'", Extension::TYPE_EXTENSION)); 73 "default-src 'unsafe-inline' 'none'", Manifest::TYPE_EXTENSION));
74 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 74 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
75 "default-src 'self' http://google.com", Extension::TYPE_EXTENSION)); 75 "default-src 'self' http://google.com", Manifest::TYPE_EXTENSION));
76 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 76 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
77 "default-src 'self' https://google.com", Extension::TYPE_EXTENSION)); 77 "default-src 'self' https://google.com", Manifest::TYPE_EXTENSION));
78 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 78 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
79 "default-src 'self' chrome://resources", Extension::TYPE_EXTENSION)); 79 "default-src 'self' chrome://resources", Manifest::TYPE_EXTENSION));
80 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 80 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
81 "default-src 'self' chrome-extension://aabbcc", 81 "default-src 'self' chrome-extension://aabbcc",
82 Extension::TYPE_EXTENSION)); 82 Manifest::TYPE_EXTENSION));
83 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 83 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
84 "default-src 'self' chrome-extension-resource://aabbcc", 84 "default-src 'self' chrome-extension-resource://aabbcc",
85 Extension::TYPE_EXTENSION)); 85 Manifest::TYPE_EXTENSION));
86 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 86 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
87 "default-src 'self' https:", Extension::TYPE_EXTENSION)); 87 "default-src 'self' https:", Manifest::TYPE_EXTENSION));
88 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 88 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
89 "default-src 'self' http:", Extension::TYPE_EXTENSION)); 89 "default-src 'self' http:", Manifest::TYPE_EXTENSION));
90 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 90 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
91 "default-src 'self' google.com", Extension::TYPE_EXTENSION)); 91 "default-src 'self' google.com", Manifest::TYPE_EXTENSION));
92 92
93 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 93 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
94 "default-src 'self' *", Extension::TYPE_EXTENSION)); 94 "default-src 'self' *", Manifest::TYPE_EXTENSION));
95 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 95 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
96 "default-src 'self' *:*", Extension::TYPE_EXTENSION)); 96 "default-src 'self' *:*", Manifest::TYPE_EXTENSION));
97 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 97 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
98 "default-src 'self' *:*/", Extension::TYPE_EXTENSION)); 98 "default-src 'self' *:*/", Manifest::TYPE_EXTENSION));
99 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 99 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
100 "default-src 'self' *:*/path", Extension::TYPE_EXTENSION)); 100 "default-src 'self' *:*/path", Manifest::TYPE_EXTENSION));
101 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 101 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
102 "default-src 'self' https://*:*", Extension::TYPE_EXTENSION)); 102 "default-src 'self' https://*:*", Manifest::TYPE_EXTENSION));
103 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 103 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
104 "default-src 'self' https://*:*/", Extension::TYPE_EXTENSION)); 104 "default-src 'self' https://*:*/", Manifest::TYPE_EXTENSION));
105 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 105 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
106 "default-src 'self' https://*:*/path", Extension::TYPE_EXTENSION)); 106 "default-src 'self' https://*:*/path", Manifest::TYPE_EXTENSION));
107 107
108 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 108 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
109 "default-src 'self' https://*.google.com", Extension::TYPE_EXTENSION)); 109 "default-src 'self' https://*.google.com", Manifest::TYPE_EXTENSION));
110 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 110 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
111 "default-src 'self' https://*.google.com:1", Extension::TYPE_EXTENSION)); 111 "default-src 'self' https://*.google.com:1", Manifest::TYPE_EXTENSION));
112 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 112 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
113 "default-src 'self' https://*.google.com:*", Extension::TYPE_EXTENSION)); 113 "default-src 'self' https://*.google.com:*", Manifest::TYPE_EXTENSION));
114 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 114 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
115 "default-src 'self' https://*.google.com:1/", Extension::TYPE_EXTENSION)); 115 "default-src 'self' https://*.google.com:1/", Manifest::TYPE_EXTENSION));
116 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 116 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
117 "default-src 'self' https://*.google.com:*/", Extension::TYPE_EXTENSION)); 117 "default-src 'self' https://*.google.com:*/", Manifest::TYPE_EXTENSION));
118 118
119 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 119 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
120 "default-src 'self' http://127.0.0.1", Extension::TYPE_EXTENSION)); 120 "default-src 'self' http://127.0.0.1", Manifest::TYPE_EXTENSION));
121 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 121 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
122 "default-src 'self' http://localhost", Extension::TYPE_EXTENSION)); 122 "default-src 'self' http://localhost", Manifest::TYPE_EXTENSION));
123 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 123 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
124 "default-src 'self' http://lOcAlHoSt", Extension::TYPE_EXTENSION)); 124 "default-src 'self' http://lOcAlHoSt", Manifest::TYPE_EXTENSION));
125 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 125 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
126 "default-src 'self' http://127.0.0.1:9999", Extension::TYPE_EXTENSION)); 126 "default-src 'self' http://127.0.0.1:9999", Manifest::TYPE_EXTENSION));
127 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 127 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
128 "default-src 'self' http://localhost:8888", Extension::TYPE_EXTENSION)); 128 "default-src 'self' http://localhost:8888", Manifest::TYPE_EXTENSION));
129 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 129 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
130 "default-src 'self' http://127.0.0.1.example.com", 130 "default-src 'self' http://127.0.0.1.example.com",
131 Extension::TYPE_EXTENSION)); 131 Manifest::TYPE_EXTENSION));
132 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 132 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
133 "default-src 'self' http://localhost.example.com", 133 "default-src 'self' http://localhost.example.com",
134 Extension::TYPE_EXTENSION)); 134 Manifest::TYPE_EXTENSION));
135 135
136 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 136 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
137 "default-src 'self' blob:", Extension::TYPE_EXTENSION)); 137 "default-src 'self' blob:", Manifest::TYPE_EXTENSION));
138 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 138 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
139 "default-src 'self' blob:http://example.com/XXX", 139 "default-src 'self' blob:http://example.com/XXX",
140 Extension::TYPE_EXTENSION)); 140 Manifest::TYPE_EXTENSION));
141 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 141 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
142 "default-src 'self' filesystem:", Extension::TYPE_EXTENSION)); 142 "default-src 'self' filesystem:", Manifest::TYPE_EXTENSION));
143 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 143 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
144 "default-src 'self' filesystem:http://example.com/XXX", 144 "default-src 'self' filesystem:http://example.com/XXX",
145 Extension::TYPE_EXTENSION)); 145 Manifest::TYPE_EXTENSION));
146 } 146 }
147 147
148 TEST(ExtensionCSPValidator, IsSandboxed) { 148 TEST(ExtensionCSPValidator, IsSandboxed) {
149 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("", Extension::TYPE_EXTENSION)); 149 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("", Manifest::TYPE_EXTENSION));
150 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 150 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
151 "img-src https://google.com", Extension::TYPE_EXTENSION)); 151 "img-src https://google.com", Manifest::TYPE_EXTENSION));
152 152
153 // Sandbox directive is required. 153 // Sandbox directive is required.
154 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 154 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
155 "sandbox", Extension::TYPE_EXTENSION)); 155 "sandbox", Manifest::TYPE_EXTENSION));
156 156
157 // Additional sandbox tokens are OK. 157 // Additional sandbox tokens are OK.
158 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 158 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
159 "sandbox allow-scripts", Extension::TYPE_EXTENSION)); 159 "sandbox allow-scripts", Manifest::TYPE_EXTENSION));
160 // Except for allow-same-origin. 160 // Except for allow-same-origin.
161 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 161 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
162 "sandbox allow-same-origin", Extension::TYPE_EXTENSION)); 162 "sandbox allow-same-origin", Manifest::TYPE_EXTENSION));
163 163
164 // Additional directives are OK. 164 // Additional directives are OK.
165 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 165 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
166 "sandbox; img-src https://google.com", Extension::TYPE_EXTENSION)); 166 "sandbox; img-src https://google.com", Manifest::TYPE_EXTENSION));
167 167
168 // Extensions allow navigation, platform apps don't. 168 // Extensions allow navigation, platform apps don't.
169 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 169 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
170 "sandbox allow-top-navigation", Extension::TYPE_EXTENSION)); 170 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION));
171 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 171 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
172 "sandbox allow-top-navigation", Extension::TYPE_PLATFORM_APP)); 172 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP));
173 173
174 // Popups are OK. 174 // Popups are OK.
175 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 175 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
176 "sandbox allow-popups", Extension::TYPE_EXTENSION)); 176 "sandbox allow-popups", Manifest::TYPE_EXTENSION));
177 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 177 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
178 "sandbox allow-popups", Extension::TYPE_PLATFORM_APP)); 178 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP));
179 } 179 }
OLDNEW
« chrome/browser/extensions/tab_helper.h ('K') | « chrome/common/extensions/csp_validator.cc ('k') | chrome/common/extensions/extension.h » ('j') | chrome/common/extensions/extension.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698