Almost all actions in Declarative Web Request require all_urls host permissions

chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker_unittest.cc

Index: chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker_unittest.cc
diff --git a/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker_unittest.cc b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..7eeac168f115d136705eea708def93d7c62277c8
--- /dev/null
+++ b/chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker_unittest.cc
@@ -0,0 +1,111 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/declarative_webrequest/webrequest_rules_checker.h"
+
+#include "base/json/json_reader.h"
+#include "chrome/common/extensions/extension_test_util.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace extensions {
+
+using base::Value;
+using extension_test_util::LoadManifest;
+using testing::HasSubstr;
+
+TEST(WebRequestRulesCheckerTest, StageChecker) {
+  // The contentType condition can only be evaluated during ON_HEADERS_RECEIVED
+  // but the redirect action can only be executed during ON_BEFORE_REQUEST.
+  // Therefore, this is an inconsistent rule that needs to be flagged.
+  const char kRule[] =
+      "{                                                                 \n"
+      "  \"id\": \"rule1\",                                              \n"
+      "  \"conditions\": [                                               \n"
+      "    {                                                             \n"
+      "      \"instanceType\": \"declarativeWebRequest.RequestMatcher\", \n"
+      "      \"url\": {\"hostSuffix\": \"foo.com\"},                     \n"
+      "      \"contentType\": [\"image/jpeg\"]                           \n"
+      "    }                                                             \n"
+      "  ],                                                              \n"
+      "  \"actions\": [                                                  \n"
+      "    {                                                             \n"
+      "      \"instanceType\": \"declarativeWebRequest.RedirectRequest\",\n"
+      "      \"redirectUrl\": \"http://bar.com\"                         \n"
+      "    }                                                             \n"
+      "  ],                                                              \n"
+      "  \"priority\": 200                                               \n"
+      "}                                                                 ";
+
+  scoped_ptr<Value> value(base::JSONReader::Read(kRule));
+  ASSERT_TRUE(value);
+
+  RulesRegistry::Rule rule;
+  ASSERT_TRUE(RulesRegistry::Rule::Populate(*value, &rule));
+
+  std::string error;
+  URLMatcher matcher;
+  scoped_ptr<WebRequestConditionSet> conditions =
+      WebRequestConditionSet::Create(
+          matcher.condition_factory(), rule.conditions, &error);
+  ASSERT_TRUE(error.empty()) << error;
+  ASSERT_TRUE(conditions);
+
+  bool bad_message = false;
+  scoped_ptr<WebRequestActionSet> actions =
+      WebRequestActionSet::Create(rule.actions, &error, &bad_message);
+  ASSERT_TRUE(error.empty()) << error;
+  ASSERT_FALSE(bad_message);
+  ASSERT_TRUE(actions);
+
+  WebRequestRulesChecker checker(NULL);
+  EXPECT_FALSE(checker.StageChecker(conditions.get(), actions.get(), &error));
+  EXPECT_THAT(error, HasSubstr("no time in the request life-cycle"));
+}
+
+TEST(WebRequestRulesCheckerTest, HostPermissionsChecker) {
+  const char kAction[] =  // This action requires all URLs host permission.
+      "{                                                             \n"
+      "  \"instanceType\": \"declarativeWebRequest.RedirectRequest\",\n"
+      "  \"redirectUrl\": \"http://bar.com\"                         \n"
+      "}                                                             ";
+  scoped_ptr<Value> action_value(base::JSONReader::Read(kAction));
+  ASSERT_TRUE(action_value);
+
+  WebRequestActionSet::AnyVector actions;
+  actions.push_back(linked_ptr<base::Value>(action_value.release()));
+  ASSERT_TRUE(actions.back().get());
+
+  std::string error;
+  bool bad_message = false;
+  scoped_ptr<WebRequestActionSet> action_set(
+      WebRequestActionSet::Create(actions, &error, &bad_message));
+  ASSERT_TRUE(error.empty()) << error;
+  ASSERT_FALSE(bad_message);
+  ASSERT_TRUE(action_set);
+
+  scoped_refptr<Extension> extension_no_url(
+      LoadManifest("permissions", "web_request_no_host.json"));
+  scoped_refptr<Extension> extension_some_urls(
+      LoadManifest("permissions", "web_request_com_host_permissions.json"));
+  scoped_refptr<Extension> extension_all_urls(
+      LoadManifest("permissions", "web_request_all_host_permissions.json"));
+
+  WebRequestRulesChecker checker_no_url(extension_no_url.get());
+  WebRequestRulesChecker checker_some_urls(extension_some_urls.get());
+  WebRequestRulesChecker checker_all_urls(extension_all_urls.get());
+
+  EXPECT_TRUE(
+      checker_all_urls.HostPermissionsChecker(action_set.get(), &error));
+  EXPECT_TRUE(error.empty()) << error;
+  EXPECT_FALSE(
+      checker_some_urls.HostPermissionsChecker(action_set.get(), &error));
+  EXPECT_THAT(error, HasSubstr("all URLs are needed"));
+  EXPECT_THAT(error, HasSubstr(action_set->actions().back()->GetName()));
+  EXPECT_FALSE(checker_no_url.HostPermissionsChecker(action_set.get(), &error));
+  EXPECT_THAT(error, HasSubstr("all URLs are needed"));
+  EXPECT_THAT(error, HasSubstr(action_set->actions().back()->GetName()));
+}
+
+}  // namespace extensions