OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <vector> | 5 #include <vector> |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/strings/string16.h" | 9 #include "base/strings/string16.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
241 urls_.insert(favicon_url); | 241 urls_.insert(favicon_url); |
242 urls_.insert(extension_url); | 242 urls_.insert(extension_url); |
243 urls_.insert(settings_url); | 243 urls_.insert(settings_url); |
244 urls_.insert(about_url); | 244 urls_.insert(about_url); |
245 // Ignore the policy delegate for this test. | 245 // Ignore the policy delegate for this test. |
246 PermissionsData::SetPolicyDelegate(NULL); | 246 PermissionsData::SetPolicyDelegate(NULL); |
247 } | 247 } |
248 | 248 |
249 bool AllowedScript(const Extension* extension, const GURL& url, | 249 bool AllowedScript(const Extension* extension, const GURL& url, |
250 const GURL& top_url) { | 250 const GURL& top_url) { |
| 251 return AllowedScript(extension, url, top_url, -1); |
| 252 } |
| 253 |
| 254 bool AllowedScript(const Extension* extension, const GURL& url, |
| 255 const GURL& top_url, int tab_id) { |
251 return PermissionsData::CanExecuteScriptOnPage( | 256 return PermissionsData::CanExecuteScriptOnPage( |
252 extension, url, top_url, -1, NULL, -1, NULL); | 257 extension, url, top_url, tab_id, NULL, -1, NULL); |
253 } | 258 } |
254 | 259 |
255 bool BlockedScript(const Extension* extension, const GURL& url, | 260 bool BlockedScript(const Extension* extension, const GURL& url, |
256 const GURL& top_url) { | 261 const GURL& top_url) { |
257 return !PermissionsData::CanExecuteScriptOnPage( | 262 return !PermissionsData::CanExecuteScriptOnPage( |
258 extension, url, top_url, -1, NULL, -1, NULL); | 263 extension, url, top_url, -1, NULL, -1, NULL); |
259 } | 264 } |
260 | 265 |
261 bool Allowed(const Extension* extension, const GURL& url) { | 266 bool Allowed(const Extension* extension, const GURL& url) { |
262 return Allowed(extension, url, -1); | 267 return Allowed(extension, url, -1); |
263 } | 268 } |
264 | 269 |
265 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { | 270 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { |
266 return (PermissionsData::CanExecuteScriptOnPage( | 271 return (PermissionsData::CanExecuteScriptOnPage( |
267 extension, url, url, tab_id, NULL, -1, NULL) && | 272 extension, url, url, tab_id, NULL, -1, NULL) && |
268 PermissionsData::CanCaptureVisiblePage( | 273 PermissionsData::CanCaptureVisiblePage( |
269 extension, url, tab_id, NULL)); | 274 extension, tab_id, NULL)); |
270 } | 275 } |
271 | 276 |
272 bool CaptureOnly(const Extension* extension, const GURL& url) { | 277 bool CaptureOnly(const Extension* extension, const GURL& url) { |
273 return CaptureOnly(extension, url, -1); | 278 return CaptureOnly(extension, url, -1); |
274 } | 279 } |
275 | 280 |
276 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { | 281 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { |
277 return !PermissionsData::CanExecuteScriptOnPage( | 282 return !PermissionsData::CanExecuteScriptOnPage( |
278 extension, url, url, tab_id, NULL, -1, NULL) && | 283 extension, url, url, tab_id, NULL, -1, NULL) && |
279 PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL); | 284 PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL); |
| 285 } |
| 286 |
| 287 bool ScriptOnly(const Extension* extension, const GURL& url, |
| 288 const GURL& top_url) { |
| 289 return ScriptOnly(extension, url, top_url, -1); |
| 290 } |
| 291 |
| 292 bool ScriptOnly(const Extension* extension, const GURL& url, |
| 293 const GURL& top_url, int tab_id) { |
| 294 return AllowedScript(extension, url, top_url, tab_id) && |
| 295 !PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL); |
280 } | 296 } |
281 | 297 |
282 bool Blocked(const Extension* extension, const GURL& url) { | 298 bool Blocked(const Extension* extension, const GURL& url) { |
283 return Blocked(extension, url, -1); | 299 return Blocked(extension, url, -1); |
284 } | 300 } |
285 | 301 |
286 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { | 302 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { |
287 return !(PermissionsData::CanExecuteScriptOnPage( | 303 return !(PermissionsData::CanExecuteScriptOnPage( |
288 extension, url, url, tab_id, NULL, -1, NULL) || | 304 extension, url, url, tab_id, NULL, -1, NULL) || |
289 PermissionsData::CanCaptureVisiblePage( | 305 PermissionsData::CanCaptureVisiblePage( |
290 extension, url, tab_id, NULL)); | 306 extension, tab_id, NULL)); |
291 } | 307 } |
292 | 308 |
293 bool AllowedExclusivelyOnTab( | 309 bool ScriptAllowedExclusivelyOnTab( |
294 const Extension* extension, | 310 const Extension* extension, |
295 const std::set<GURL>& allowed_urls, | 311 const std::set<GURL>& allowed_urls, |
296 int tab_id) { | 312 int tab_id) { |
297 bool result = true; | 313 bool result = true; |
298 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { | 314 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { |
299 const GURL& url = *it; | 315 const GURL& url = *it; |
300 if (allowed_urls.count(url)) | 316 if (allowed_urls.count(url)) |
301 result &= Allowed(extension, url, tab_id); | 317 result &= AllowedScript(extension, url, url, tab_id); |
302 else | 318 else |
303 result &= Blocked(extension, url, tab_id); | 319 result &= Blocked(extension, url, tab_id); |
304 } | 320 } |
305 return result; | 321 return result; |
306 } | 322 } |
307 | 323 |
308 // URLs that are "safe" to provide scripting and capture visible tab access | 324 // URLs that are "safe" to provide scripting and capture visible tab access |
309 // to if the permissions allow it. | 325 // to if the permissions allow it. |
310 const GURL http_url; | 326 const GURL http_url; |
311 const GURL http_url_with_path; | 327 const GURL http_url_with_path; |
(...skipping 14 matching lines...) Expand all Loading... |
326 std::set<GURL> urls_; | 342 std::set<GURL> urls_; |
327 }; | 343 }; |
328 | 344 |
329 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { | 345 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { |
330 // Test <all_urls> for regular extensions. | 346 // Test <all_urls> for regular extensions. |
331 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", | 347 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", |
332 "extension_regular_all.json"); | 348 "extension_regular_all.json"); |
333 | 349 |
334 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 350 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
335 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 351 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
336 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 352 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); |
337 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 353 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); |
338 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); | 354 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); |
339 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 355 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); |
340 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 356 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); |
341 | 357 |
342 // Test access to iframed content. | 358 // Test access to iframed content. |
343 GURL within_extension_url = extension->GetResourceURL("page.html"); | 359 GURL within_extension_url = extension->GetResourceURL("page.html"); |
344 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); | 360 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); |
345 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); | 361 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); |
346 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); | 362 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); |
347 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); | 363 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); |
348 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); | 364 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); |
349 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); | 365 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); |
350 | 366 |
351 EXPECT_FALSE( | 367 EXPECT_FALSE( |
352 PermissionsData::HasHostPermission(extension.get(), settings_url)); | 368 PermissionsData::HasHostPermission(extension.get(), settings_url)); |
353 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); | 369 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); |
354 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 370 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
355 | 371 |
356 // Test * for scheme, which implies just the http/https schemes. | 372 // Test * for scheme, which implies just the http/https schemes. |
357 extension = LoadManifestStrict("script_and_capture", | 373 extension = LoadManifestStrict("script_and_capture", |
358 "extension_wildcard.json"); | 374 "extension_wildcard.json"); |
359 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 375 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); |
360 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 376 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); |
361 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 377 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
362 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 378 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
363 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 379 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
364 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 380 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
365 extension = | 381 extension = |
366 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); | 382 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); |
367 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 383 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
368 | 384 |
369 // Having chrome://*/ should not work for regular extensions. Note that | 385 // Having chrome://*/ should not work for regular extensions. Note that |
370 // for favicon access, we require the explicit pattern chrome://favicon/*. | 386 // for favicon access, we require the explicit pattern chrome://favicon/*. |
371 std::string error; | 387 std::string error; |
372 extension = LoadManifestUnchecked("script_and_capture", | 388 extension = LoadManifestUnchecked("script_and_capture", |
373 "extension_wildcard_chrome.json", | 389 "extension_wildcard_chrome.json", |
374 Manifest::INTERNAL, Extension::NO_FLAGS, | 390 Manifest::INTERNAL, Extension::NO_FLAGS, |
375 &error); | 391 &error); |
376 std::vector<InstallWarning> warnings = extension->install_warnings(); | 392 std::vector<InstallWarning> warnings = extension->install_warnings(); |
377 EXPECT_FALSE(warnings.empty()); | 393 EXPECT_FALSE(warnings.empty()); |
378 EXPECT_EQ(ErrorUtils::FormatErrorMessage( | 394 EXPECT_EQ(ErrorUtils::FormatErrorMessage( |
379 manifest_errors::kInvalidPermissionScheme, | 395 manifest_errors::kInvalidPermissionScheme, |
380 "chrome://*/"), | 396 "chrome://*/"), |
381 warnings[0].message); | 397 warnings[0].message); |
382 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 398 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
383 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 399 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
384 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 400 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
385 | 401 |
386 // Having chrome://favicon/* should not give you chrome://* | 402 // Having chrome://favicon/* should not give you chrome://* |
387 extension = LoadManifestStrict("script_and_capture", | 403 extension = LoadManifestStrict("script_and_capture", |
388 "extension_chrome_favicon_wildcard.json"); | 404 "extension_chrome_favicon_wildcard.json"); |
389 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 405 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
390 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); | 406 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
391 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 407 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
392 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 408 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
393 | 409 |
394 // Having http://favicon should not give you chrome://favicon | 410 // Having http://favicon should not give you chrome://favicon |
395 extension = LoadManifestStrict("script_and_capture", | 411 extension = LoadManifestStrict("script_and_capture", |
396 "extension_http_favicon.json"); | 412 "extension_http_favicon.json"); |
397 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 413 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
398 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 414 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
399 | 415 |
400 // Component extensions with <all_urls> should get everything. | 416 // Component extensions with <all_urls> should get everything. |
401 extension = LoadManifest("script_and_capture", "extension_component_all.json", | 417 extension = LoadManifest("script_and_capture", "extension_component_all.json", |
402 Manifest::COMPONENT, Extension::NO_FLAGS); | 418 Manifest::COMPONENT, Extension::NO_FLAGS); |
403 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 419 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
404 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 420 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
405 EXPECT_TRUE(Allowed(extension.get(), settings_url)); | 421 EXPECT_TRUE(Allowed(extension.get(), settings_url)); |
406 EXPECT_TRUE(Allowed(extension.get(), about_url)); | 422 EXPECT_TRUE(Allowed(extension.get(), about_url)); |
407 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); | 423 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); |
408 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 424 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
409 | 425 |
410 // Component extensions should only get access to what they ask for. | 426 // Component extensions should only get access to what they ask for. |
411 extension = LoadManifest("script_and_capture", | 427 extension = LoadManifest("script_and_capture", |
412 "extension_component_google.json", Manifest::COMPONENT, | 428 "extension_component_google.json", Manifest::COMPONENT, |
413 Extension::NO_FLAGS); | 429 Extension::NO_FLAGS); |
414 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 430 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); |
415 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 431 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
416 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 432 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
417 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 433 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
418 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 434 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
419 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 435 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
420 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 436 EXPECT_TRUE(Blocked(extension.get(), extension_url)); |
421 EXPECT_FALSE( | 437 EXPECT_FALSE( |
422 PermissionsData::HasHostPermission(extension.get(), settings_url)); | 438 PermissionsData::HasHostPermission(extension.get(), settings_url)); |
423 } | 439 } |
424 | 440 |
425 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { | 441 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { |
426 CommandLine::ForCurrentProcess()->AppendSwitch( | 442 CommandLine::ForCurrentProcess()->AppendSwitch( |
427 switches::kExtensionsOnChromeURLs); | 443 switches::kExtensionsOnChromeURLs); |
428 | 444 |
429 scoped_refptr<Extension> extension; | 445 scoped_refptr<Extension> extension; |
430 | 446 |
431 // Test <all_urls> for regular extensions. | 447 // Test <all_urls> for regular extensions. |
432 extension = LoadManifestStrict("script_and_capture", | 448 extension = LoadManifestStrict("script_and_capture", |
433 "extension_regular_all.json"); | 449 "extension_regular_all.json"); |
434 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 450 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
435 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 451 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
436 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 452 EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); |
437 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 453 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); |
438 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested | 454 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested |
439 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 455 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); |
440 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 456 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); |
441 | 457 |
442 // Test access to iframed content. | 458 // Test access to iframed content. |
443 GURL within_extension_url = extension->GetResourceURL("page.html"); | 459 GURL within_extension_url = extension->GetResourceURL("page.html"); |
444 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); | 460 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); |
445 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); | 461 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); |
446 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); | 462 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); |
447 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); | 463 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); |
448 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); | 464 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); |
449 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); | 465 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); |
450 | 466 |
451 EXPECT_FALSE( | 467 EXPECT_FALSE( |
452 PermissionsData::HasHostPermission(extension.get(), settings_url)); | 468 PermissionsData::HasHostPermission(extension.get(), settings_url)); |
453 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); | 469 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); |
454 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 470 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
455 | 471 |
456 // Test * for scheme, which implies just the http/https schemes. | 472 // Test * for scheme, which implies just the http/https schemes. |
457 extension = LoadManifestStrict("script_and_capture", | 473 extension = LoadManifestStrict("script_and_capture", |
458 "extension_wildcard.json"); | 474 "extension_wildcard.json"); |
459 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 475 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); |
460 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 476 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); |
461 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 477 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
462 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 478 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
463 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 479 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
464 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 480 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
465 extension = | 481 extension = |
466 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); | 482 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); |
467 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 483 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
468 | 484 |
469 // Having chrome://*/ should work for regular extensions with the flag | 485 // Having chrome://*/ should work for regular extensions with the flag |
470 // enabled. | 486 // enabled. |
471 std::string error; | 487 std::string error; |
472 extension = LoadManifestUnchecked("script_and_capture", | 488 extension = LoadManifestUnchecked("script_and_capture", |
473 "extension_wildcard_chrome.json", | 489 "extension_wildcard_chrome.json", |
474 Manifest::INTERNAL, Extension::NO_FLAGS, | 490 Manifest::INTERNAL, Extension::NO_FLAGS, |
475 &error); | 491 &error); |
476 EXPECT_FALSE(extension.get() == NULL); | 492 EXPECT_FALSE(extension.get() == NULL); |
477 EXPECT_TRUE(Blocked(extension.get(), http_url)); | 493 EXPECT_TRUE(Blocked(extension.get(), http_url)); |
478 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 494 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
479 EXPECT_TRUE(Allowed(extension.get(), settings_url)); | 495 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url)); |
480 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 496 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
481 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 497 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
482 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested | 498 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); |
483 | 499 |
484 // Having chrome://favicon/* should not give you chrome://* | 500 // Having chrome://favicon/* should not give you chrome://* |
485 extension = LoadManifestStrict("script_and_capture", | 501 extension = LoadManifestStrict("script_and_capture", |
486 "extension_chrome_favicon_wildcard.json"); | 502 "extension_chrome_favicon_wildcard.json"); |
487 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 503 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
488 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested | 504 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); |
489 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 505 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
490 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 506 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
491 | 507 |
492 // Having http://favicon should not give you chrome://favicon | 508 // Having http://favicon should not give you chrome://favicon |
493 extension = LoadManifestStrict("script_and_capture", | 509 extension = LoadManifestStrict("script_and_capture", |
494 "extension_http_favicon.json"); | 510 "extension_http_favicon.json"); |
495 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 511 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
496 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 512 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
497 | 513 |
498 // Component extensions with <all_urls> should get everything. | 514 // Component extensions with <all_urls> should get everything. |
499 extension = LoadManifest("script_and_capture", "extension_component_all.json", | 515 extension = LoadManifest("script_and_capture", "extension_component_all.json", |
500 Manifest::COMPONENT, Extension::NO_FLAGS); | 516 Manifest::COMPONENT, Extension::NO_FLAGS); |
501 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 517 EXPECT_TRUE(Allowed(extension.get(), http_url)); |
502 EXPECT_TRUE(Allowed(extension.get(), https_url)); | 518 EXPECT_TRUE(Allowed(extension.get(), https_url)); |
503 EXPECT_TRUE(Allowed(extension.get(), settings_url)); | 519 EXPECT_TRUE(Allowed(extension.get(), settings_url)); |
504 EXPECT_TRUE(Allowed(extension.get(), about_url)); | 520 EXPECT_TRUE(Allowed(extension.get(), about_url)); |
505 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); | 521 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); |
506 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); | 522 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); |
507 | 523 |
508 // Component extensions should only get access to what they ask for. | 524 // Component extensions should only get access to what they ask for. |
509 extension = LoadManifest("script_and_capture", | 525 extension = LoadManifest("script_and_capture", |
510 "extension_component_google.json", Manifest::COMPONENT, | 526 "extension_component_google.json", Manifest::COMPONENT, |
511 Extension::NO_FLAGS); | 527 Extension::NO_FLAGS); |
512 EXPECT_TRUE(Allowed(extension.get(), http_url)); | 528 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); |
513 EXPECT_TRUE(Blocked(extension.get(), https_url)); | 529 EXPECT_TRUE(Blocked(extension.get(), https_url)); |
514 EXPECT_TRUE(Blocked(extension.get(), file_url)); | 530 EXPECT_TRUE(Blocked(extension.get(), file_url)); |
515 EXPECT_TRUE(Blocked(extension.get(), settings_url)); | 531 EXPECT_TRUE(Blocked(extension.get(), settings_url)); |
516 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); | 532 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); |
517 EXPECT_TRUE(Blocked(extension.get(), about_url)); | 533 EXPECT_TRUE(Blocked(extension.get(), about_url)); |
518 EXPECT_TRUE(Blocked(extension.get(), extension_url)); | 534 EXPECT_TRUE(Blocked(extension.get(), extension_url)); |
519 EXPECT_FALSE( | 535 EXPECT_FALSE( |
520 PermissionsData::HasHostPermission(extension.get(), settings_url)); | 536 PermissionsData::HasHostPermission(extension.get(), settings_url)); |
521 } | 537 } |
522 | 538 |
523 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { | 539 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { |
524 scoped_refptr<Extension> extension = | 540 scoped_refptr<Extension> extension = |
525 LoadManifestStrict("script_and_capture", "tab_specific.json"); | 541 LoadManifestStrict("script_and_capture", "tab_specific.json"); |
526 | 542 |
527 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) | 543 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) |
528 .get()); | 544 .get()); |
529 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) | 545 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) |
530 .get()); | 546 .get()); |
531 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2) | 547 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2) |
532 .get()); | 548 .get()); |
533 | 549 |
534 std::set<GURL> no_urls; | 550 std::set<GURL> no_urls; |
535 | 551 |
536 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 552 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
537 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 553 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
538 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 554 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
539 | 555 |
540 URLPatternSet allowed_hosts; | 556 URLPatternSet allowed_hosts; |
541 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, | 557 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, |
542 http_url.spec())); | 558 http_url.spec())); |
543 std::set<GURL> allowed_urls; | 559 std::set<GURL> allowed_urls; |
544 allowed_urls.insert(http_url); | 560 allowed_urls.insert(http_url); |
545 // http_url_with_path() will also be allowed, because Extension should be | 561 // http_url_with_path() will also be allowed, because Extension should be |
546 // considering the security origin of the URL not the URL itself, and | 562 // considering the security origin of the URL not the URL itself, and |
547 // http_url is in allowed_hosts. | 563 // http_url is in allowed_hosts. |
548 allowed_urls.insert(http_url_with_path); | 564 allowed_urls.insert(http_url_with_path); |
549 | 565 |
550 { | 566 { |
551 scoped_refptr<PermissionSet> permissions( | 567 scoped_refptr<PermissionSet> permissions( |
552 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), | 568 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), |
553 allowed_hosts, URLPatternSet())); | 569 allowed_hosts, URLPatternSet())); |
554 PermissionsData::UpdateTabSpecificPermissions( | 570 PermissionsData::UpdateTabSpecificPermissions( |
555 extension.get(), 0, permissions); | 571 extension.get(), 0, permissions); |
556 EXPECT_EQ(permissions->explicit_hosts(), | 572 EXPECT_EQ(permissions->explicit_hosts(), |
557 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) | 573 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) |
558 ->explicit_hosts()); | 574 ->explicit_hosts()); |
559 } | 575 } |
560 | 576 |
561 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); | 577 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); |
562 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 578 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
563 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 579 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
564 | 580 |
565 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); | 581 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); |
566 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) | 582 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) |
567 .get()); | 583 .get()); |
568 | 584 |
569 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 585 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
570 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 586 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
571 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 587 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
572 | 588 |
573 std::set<GURL> more_allowed_urls = allowed_urls; | 589 std::set<GURL> more_allowed_urls = allowed_urls; |
574 more_allowed_urls.insert(https_url); | 590 more_allowed_urls.insert(https_url); |
575 URLPatternSet more_allowed_hosts = allowed_hosts; | 591 URLPatternSet more_allowed_hosts = allowed_hosts; |
576 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, | 592 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, |
577 https_url.spec())); | 593 https_url.spec())); |
578 | 594 |
579 { | 595 { |
580 scoped_refptr<PermissionSet> permissions( | 596 scoped_refptr<PermissionSet> permissions( |
581 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), | 597 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), |
582 allowed_hosts, URLPatternSet())); | 598 allowed_hosts, URLPatternSet())); |
583 PermissionsData::UpdateTabSpecificPermissions( | 599 PermissionsData::UpdateTabSpecificPermissions( |
584 extension.get(), 0, permissions); | 600 extension.get(), 0, permissions); |
585 EXPECT_EQ(permissions->explicit_hosts(), | 601 EXPECT_EQ(permissions->explicit_hosts(), |
586 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) | 602 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) |
587 ->explicit_hosts()); | 603 ->explicit_hosts()); |
588 | 604 |
589 permissions = new PermissionSet(APIPermissionSet(), | 605 permissions = new PermissionSet(APIPermissionSet(), |
590 ManifestPermissionSet(), | 606 ManifestPermissionSet(), |
591 more_allowed_hosts, | 607 more_allowed_hosts, |
592 URLPatternSet()); | 608 URLPatternSet()); |
593 PermissionsData::UpdateTabSpecificPermissions( | 609 PermissionsData::UpdateTabSpecificPermissions( |
594 extension.get(), 1, permissions); | 610 extension.get(), 1, permissions); |
595 EXPECT_EQ(permissions->explicit_hosts(), | 611 EXPECT_EQ(permissions->explicit_hosts(), |
596 PermissionsData::GetTabSpecificPermissions(extension.get(), 1) | 612 PermissionsData::GetTabSpecificPermissions(extension.get(), 1) |
597 ->explicit_hosts()); | 613 ->explicit_hosts()); |
598 } | 614 } |
599 | 615 |
600 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); | 616 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); |
601 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); | 617 EXPECT_TRUE( |
602 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 618 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); |
| 619 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
603 | 620 |
604 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); | 621 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); |
605 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) | 622 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) |
606 .get()); | 623 .get()); |
607 | 624 |
608 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 625 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
609 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); | 626 EXPECT_TRUE( |
610 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 627 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); |
| 628 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
611 | 629 |
612 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1); | 630 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1); |
613 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) | 631 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) |
614 .get()); | 632 .get()); |
615 | 633 |
616 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 634 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
617 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 635 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
618 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 636 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
619 } | 637 } |
620 | 638 |
621 } // namespace extensions | 639 } // namespace extensions |
OLD | NEW |