Expand whitelist for media stream APIs.

chrome/renderer/chrome_content_renderer_client_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_content_renderer_client.h"
 
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_builder.h"
 #include "content/public/common/webplugininfo.h"
@@ skipping 19 matching lines @@
 const bool kExtensionRestricted = false;
 const bool kExtensionUnrestricted = true;
 const bool kExtensionNotFromWebStore = false;
 const bool kExtensionFromWebStore = true;
 const bool kNotHostedApp = false;
 const bool kHostedApp = true;
 
 const char kNaClMimeType[] = "application/x-nacl";
 const char kExtensionUrl[] = "chrome-extension://extension_id/background.html";
 
-const char kAllowedNaClAppURL1[] = "https://plus.google.com";
-const char kAllowedNaClAppURL2[] = "https://plus.sandbox.google.com";
-const char kAllowedNaClManifestURL1[] = "https://ssl.gstatic.com/s2/oz/nacl/foo";
-const char kAllowedNaClManifestURL2[] = "https://ssl.gstatic.com/photos/nacl/foo";
+const char kPhotosAppURL1[] = "https://plus.google.com";
+const char kPhotosAppURL2[] = "https://plus.sandbox.google.com";
+const char kPhotosManifestURL1[] = "https://ssl.gstatic.com/s2/oz/nacl/foo";
+const char kPhotosManifestURL2[] = "https://ssl.gstatic.com/photos/nacl/foo";
+
+const char kHangoutsAppURL1[] = "https://talkgadget.google.com";

[darin (slow to review), 2013/09/16 19:37:44]

nit: Hangouts -> Chat

[bbudge, 2013/09/16 19:47:51]

Done.

+const char kHangoutsAppURL2[] = "https://foo.talkgadget.google.com";
+const char kHangoutsManifestURL[] = "https://ssl.gstatic.com/chat/apps/fx";
 
 bool AllowsDevInterfaces(const WebPluginParams& params) {
   for (size_t i = 0; i < params.attributeNames.size(); ++i) {
     if (params.attributeNames[i] == WebString::fromUTF8("@dev"))
       return true;
   }
   return false;
 }
 
 void AddFakeDevAttribute(WebPluginParams* params) {
@@ skipping 142 matching lines @@
         GURL(),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionFromWebStore).get(),
         &params));
     EXPECT_TRUE(AllowsDevInterfaces(params));
   }
   // Whitelisted URLs are allowed without --enable-nacl, without 'dev'
   // interfaces. There is a whitelist for the app URL and the manifest URL.
   {
     WebPluginParams params;
-    // Whitelisted manifest URL #1, whitelisted app URL root #1 is allowed.
+    // Whitelisted Photos app is allowed (two app URLs, two manifest URLs)
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosManifestURL1),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(AllowsDevInterfaces(params));
-    // Whitelisted manifest URL #2, whitelisted app URL root #1 is allowed.
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosManifestURL1),
+        GURL(kPhotosAppURL2),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(AllowsDevInterfaces(params));
-    // Whitelisted manifest URL #1, whitelisted app URL root #2 is allowed.
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
-        GURL(kAllowedNaClAppURL2),
+        GURL(kPhotosManifestURL2),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(AllowsDevInterfaces(params));
+    EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
+        GURL(kPhotosManifestURL2),
+        GURL(kPhotosAppURL2),
+        kNaClRestricted,
+        CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
+        &params));
+    EXPECT_FALSE(AllowsDevInterfaces(params));
+    // Whitelisted Hangouts app is allowed.
+    EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
+        GURL(kHangoutsManifestURL),
+        GURL(kHangoutsAppURL1),
+        kNaClRestricted,
+        CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
+        &params));
+    EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
+        GURL(kHangoutsManifestURL),
+        GURL(kHangoutsAppURL2),
+        kNaClRestricted,
+        CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
+        &params));
 
     // Whitelisted manifest URL, bad app URLs, NOT allowed.
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
+        GURL(kPhotosManifestURL1),
         GURL("http://plus.google.com/foo"),  // http scheme
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
+        GURL(kPhotosManifestURL1),
         GURL("http://plus.sandbox.google.com/foo"),  // http scheme
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
+        GURL(kPhotosManifestURL1),
         GURL("https://plus.google.evil.com/foo"),  // bad host
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     // Whitelisted app URL, bad manifest URL, NOT allowed.
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL("http://ssl.gstatic.com/s2/oz/nacl/foo"),  // http scheme
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL("https://ssl.gstatic.evil.com/s2/oz/nacl/foo"),  // bad host
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL("https://ssl.gstatic.com/wrong/s2/oz/nacl/foo"),  // bad path
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
   }
   // Whitelisted URLs can't get 'dev' interfaces with --enable-nacl.
   {
     WebPluginParams params;
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosManifestURL1),
+        GURL(kPhotosAppURL1),
         kNaClUnrestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(AllowsDevInterfaces(params));
   }
   // Whitelisted URLs can't get 'dev' interfaces by injecting a fake
   // '@dev' attribute.
   {
     WebPluginParams params;
     AddFakeDevAttribute(&params);
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
-        GURL(kAllowedNaClManifestURL1),
-        GURL(kAllowedNaClAppURL1),
+        GURL(kPhotosManifestURL1),
+        GURL(kPhotosAppURL1),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(AllowsDevInterfaces(params));
   }
   // Non-whitelisted URLs are blocked without --enable-nacl.
   {
     WebPluginParams params;
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
         GURL("https://plus.google.com.evil.com/foo1"),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionNotFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
         GURL("https://plus.google.com.evil.com/foo2"),
         kNaClRestricted,
         CreateExtension(kExtensionRestricted, kExtensionFromWebStore).get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
-        GURL("https://plus.google.com.evil.com/foo3"),
+        GURL("https://talkgadget.google.com.evil.com/foo3"),
         kNaClRestricted,
         CreateExtension(kExtensionUnrestricted, kExtensionNotFromWebStore)
             .get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
-        GURL("https://plus.google.com.evil.com/foo4"),
+        GURL("https://talkgadget.google.com.evil.com/foo4"),
         kNaClRestricted,
         CreateExtension(kExtensionUnrestricted, kExtensionFromWebStore).get(),
         &params));
   }
   // Non chrome-extension:// URLs belonging to hosted apps are allowed.
   {
     WebPluginParams params;
     EXPECT_TRUE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
         GURL("http://example.com/test.html"),
         kNaClRestricted,
         CreateHostedApp(kExtensionRestricted,
                         kExtensionNotFromWebStore,
                         "http://example.com/").get(),
         &params));
     EXPECT_FALSE(ChromeContentRendererClient::IsNaClAllowed(
         GURL(),
         GURL("http://example.evil.com/test.html"),
         kNaClRestricted,
         CreateHostedApp(kExtensionRestricted,
                         kExtensionNotFromWebStore,
                         "http://example.com/").get(),
         &params));
   }
 }
 
+TEST_F(ChromeContentRendererClientTest, AllowPepperMediaStreamAPI) {
+  ChromeContentRendererClient test;
+#if !defined(OS_ANDROID)
+  EXPECT_TRUE(test.AllowPepperMediaStreamAPI(GURL(kHangoutsAppURL1)));
+#else
+  EXPECT_FALSE(test.AllowPepperMediaStreamAPI(GURL(kHangoutsAppURL1)));
+#endif
+  EXPECT_FALSE(test.AllowPepperMediaStreamAPI(

[juberti2, 2013/09/16 19:41:52]

add test for foo.talkgadget.google.com

[bbudge, 2013/09/16 19:47:51]

Done.

+      GURL("http://talkgadget.google.com")));
+  EXPECT_FALSE(test.AllowPepperMediaStreamAPI(
+      GURL("https://talkgadget.evil.com")));
+}
+
 }  // namespace chrome