chrome/browser/extensions/process_manager_browsertest.cc - Issue 2364633004: Lock down the registration of blob:chrome-extension:// URLs

Side by Side Diff: chrome/browser/extensions/process_manager_browsertest.cc

Issue 2364633004: Lock down the registration of blob:chrome-extension:// URLs (Closed)

Patch Set: Pare down CL Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/browser_process_impl.cc ('K') | « chrome/browser/chrome_security_exploit_browsertest.cc ('k') | content/browser/bad_message.h » ('j') | content/browser/child_process_security_policy_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6	6

7 #include <memory>	7 #include <memory>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/callback.h"	10 #include "base/callback.h"

11 #include "base/macros.h"	11 #include "base/macros.h"

12 #include "base/run_loop.h"	12 #include "base/run_loop.h"

13 #include "chrome/browser/extensions/browser_action_test_util.h"	13 #include "chrome/browser/extensions/browser_action_test_util.h"

14 #include "chrome/browser/extensions/extension_browsertest.h"	14 #include "chrome/browser/extensions/extension_browsertest.h"

15 #include "chrome/browser/extensions/extension_service.h"	15 #include "chrome/browser/extensions/extension_service.h"

16 #include "chrome/browser/extensions/test_extension_dir.h"	16 #include "chrome/browser/extensions/test_extension_dir.h"

17 #include "chrome/browser/ui/tabs/tab_strip_model.h"	17 #include "chrome/browser/ui/tabs/tab_strip_model.h"

18 #include "chrome/common/extensions/extension_process_policy.h"	18 #include "chrome/common/extensions/extension_process_policy.h"

19 #include "chrome/common/pref_names.h"	19 #include "chrome/common/pref_names.h"

20 #include "chrome/test/base/in_process_browser_test.h"	20 #include "chrome/test/base/in_process_browser_test.h"

21 #include "chrome/test/base/ui_test_utils.h"	21 #include "chrome/test/base/ui_test_utils.h"

	22 #include "content/public/browser/child_process_security_policy.h"

22 #include "content/public/browser/notification_service.h"	23 #include "content/public/browser/notification_service.h"

23 #include "content/public/browser/render_frame_host.h"	24 #include "content/public/browser/render_frame_host.h"

24 #include "content/public/browser/render_process_host.h"	25 #include "content/public/browser/render_process_host.h"

25 #include "content/public/browser/web_contents.h"	26 #include "content/public/browser/web_contents.h"

26 #include "content/public/test/browser_test_utils.h"	27 #include "content/public/test/browser_test_utils.h"

27 #include "content/public/test/test_navigation_observer.h"	28 #include "content/public/test/test_navigation_observer.h"

28 #include "content/public/test/test_utils.h"	29 #include "content/public/test/test_utils.h"

29 #include "extensions/browser/process_manager.h"	30 #include "extensions/browser/process_manager.h"

30 #include "extensions/common/value_builder.h"	31 #include "extensions/common/value_builder.h"

31 #include "extensions/test/background_page_watcher.h"	32 #include "extensions/test/background_page_watcher.h"

(...skipping 635 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
667 // this will go into a new extension process.	668 // this will go into a new extension process.

668 const GURL extension_url(extension->url().Resolve("empty.html"));	669 const GURL extension_url(extension->url().Resolve("empty.html"));

669 EXPECT_TRUE(content::NavigateIframeToURL(tab, "frame1", extension_url));	670 EXPECT_TRUE(content::NavigateIframeToURL(tab, "frame1", extension_url));

670 EXPECT_EQ(IfExtensionsIsolated(1, 0),	671 EXPECT_EQ(IfExtensionsIsolated(1, 0),

671 pm->GetRenderFrameHostsForExtension(extension->id()).size());	672 pm->GetRenderFrameHostsForExtension(extension->id()).size());

672 EXPECT_EQ(IfExtensionsIsolated(1, 0), pm->GetAllFrames().size());	673 EXPECT_EQ(IfExtensionsIsolated(1, 0), pm->GetAllFrames().size());

673	674

674 content::RenderFrameHost* main_frame = tab->GetMainFrame();	675 content::RenderFrameHost* main_frame = tab->GetMainFrame();

675 content::RenderFrameHost* extension_frame = ChildFrameAt(main_frame, 0);	676 content::RenderFrameHost* extension_frame = ChildFrameAt(main_frame, 0);

676	677

	678 // Validate that permissions have been granted for the extension scheme

	679 // to the process of the extension iframe.

	680 content::ChildProcessSecurityPolicy* policy =

	681 content::ChildProcessSecurityPolicy::GetInstance();

	682 EXPECT_TRUE(policy->CanRequestURL(

	683 extension_frame->GetProcess()->GetID(),

	684 GURL("blob:chrome-extension://some-extension-id/some-guid")));
	Devlin 2016/09/29 17:31:09 nit: I'd recommend using some kind of valid id, be nit: I'd recommend using some kind of valid id, because I could definitely see us adding logic to disallow invalid ids (or even foreign ids). ncarter (slow) 2016/09/29 21:01:45 Your point is good. It would actually be pretty st Show quoted text On 2016/09/29 17:31:09, Devlin (catching up) wrote: > nit: I'd recommend using some kind of valid id, because I could definitely see > us adding logic to disallow invalid ids (or even foreign ids). Your point is good. It would actually be pretty straightforward to convert the GrantScheme calls in this CL to be GrantOrigin() based: we already have a particular extension in hand when we're doing the granting. The only reason I haven't done this, is because I'm paranoid about whether we have any races between the Grant() operations on the UI thread, and the CanAccessWhatever checks on the IO thread, and making the grant be scheme-based seemed harder to screw up (the risk being, I guess, if we ever have a case where one extension can do a renderer-initiated, in-process navigation to another extension? Like I said, I'm paranoid here.) For now, though, I prefer this test to use invalid ids only; it makes it clearer that the enforcement today is based simply on the scheme. And since this test includes both EXPECT_TRUE and EXPECT_FALSE cases, I believe this test will start failing if we add any kind of logic to disallow invalid ids. At that point, I'd hope that we would expand this to include both valid and invalid ids.
	685 EXPECT_TRUE(policy->CanRequestURL(

	686 main_frame->GetProcess()->GetID(),

	687 GURL("blob:chrome-extension://some-extension-id/some-guid")));

	688 EXPECT_TRUE(policy->CanRequestURL(

	689 extension_frame->GetProcess()->GetID(),

	690 GURL("filesystem:chrome-extension://some-extension-id/some-path")));

	691 EXPECT_TRUE(policy->CanRequestURL(

	692 main_frame->GetProcess()->GetID(),

	693 GURL("filesystem:chrome-extension://some-extension-id/some-path")));

	694 EXPECT_TRUE(policy->CanRequestURL(

	695 extension_frame->GetProcess()->GetID(),

	696 GURL("chrome-extension://some-extension-id/resource.html")));

	697 EXPECT_TRUE(policy->CanRequestURL(

	698 main_frame->GetProcess()->GetID(),

	699 GURL("chrome-extension://some-extension-id/resource.html")));

	700 EXPECT_TRUE(policy->CanCommitURL(

	701 extension_frame->GetProcess()->GetID(),

	702 GURL("blob:chrome-extension://some-extension-id/some-guid")));

	703 EXPECT_FALSE(policy->CanCommitURL(

	704 main_frame->GetProcess()->GetID(),

	705 GURL("blob:chrome-extension://some-extension-id/some-guid")));

	706 EXPECT_TRUE(policy->CanCommitURL(

	707 extension_frame->GetProcess()->GetID(),

	708 GURL("chrome-extension://some-extension-id/resource.html")));

	709 EXPECT_FALSE(policy->CanCommitURL(

	710 main_frame->GetProcess()->GetID(),

	711 GURL("chrome-extension://some-extension-id/resource.html")));

	712 EXPECT_TRUE(policy->CanCommitURL(

	713 extension_frame->GetProcess()->GetID(),

	714 GURL("filesystem:chrome-extension://some-extension-id/some-path")));

	715 EXPECT_FALSE(policy->CanCommitURL(

	716 main_frame->GetProcess()->GetID(),

	717 GURL("filesystem:chrome-extension://some-extension-id/some-path")));

	718

677 // Open a new about:blank popup from main frame. This should stay in the web	719 // Open a new about:blank popup from main frame. This should stay in the web

678 // process.	720 // process.

679 content::WebContents* popup =	721 content::WebContents* popup =

680 OpenPopup(main_frame, GURL(url::kAboutBlankURL));	722 OpenPopup(main_frame, GURL(url::kAboutBlankURL));

681 EXPECT_NE(popup, tab);	723 EXPECT_NE(popup, tab);

682 ASSERT_EQ(2, browser()->tab_strip_model()->count());	724 ASSERT_EQ(2, browser()->tab_strip_model()->count());

683 EXPECT_EQ(IfExtensionsIsolated(1, 0),	725 EXPECT_EQ(IfExtensionsIsolated(1, 0),

684 pm->GetRenderFrameHostsForExtension(extension->id()).size());	726 pm->GetRenderFrameHostsForExtension(extension->id()).size());

685 EXPECT_EQ(IfExtensionsIsolated(1, 0), pm->GetAllFrames().size());	727 EXPECT_EQ(IfExtensionsIsolated(1, 0), pm->GetAllFrames().size());

686	728

(...skipping 103 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
790 popup->GetMainFrame()->GetLastCommittedOrigin());	832 popup->GetMainFrame()->GetLastCommittedOrigin());

791 EXPECT_EQ("foo", GetTextContent(popup->GetMainFrame()));	833 EXPECT_EQ("foo", GetTextContent(popup->GetMainFrame()));

792	834

793 EXPECT_EQ(3 + i,	835 EXPECT_EQ(3 + i,

794 pm->GetRenderFrameHostsForExtension(extension->id()).size());	836 pm->GetRenderFrameHostsForExtension(extension->id()).size());

795 EXPECT_EQ(3 + i, pm->GetAllFrames().size());	837 EXPECT_EQ(3 + i, pm->GetAllFrames().size());

796 }	838 }

797 }	839 }

798	840

799 } // namespace extensions	841 } // namespace extensions

OLD	NEW