| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "chrome/common/extensions/extension_test_util.h" | 11 #include "chrome/common/extensions/extension_test_util.h" |
| 12 #include "chromeos/login/login_state.h" |
| 12 #include "content/public/browser/resource_request_info.h" | 13 #include "content/public/browser/resource_request_info.h" |
| 13 #include "content/public/test/test_browser_thread_bundle.h" | 14 #include "content/public/test/test_browser_thread_bundle.h" |
| 14 #include "extensions/browser/api/web_request/web_request_permissions.h" | 15 #include "extensions/browser/api/web_request/web_request_permissions.h" |
| 15 #include "extensions/browser/info_map.h" | 16 #include "extensions/browser/info_map.h" |
| 16 #include "extensions/common/constants.h" | 17 #include "extensions/common/constants.h" |
| 17 #include "extensions/common/permissions/permissions_data.h" | 18 #include "extensions/common/permissions/permissions_data.h" |
| 18 #include "ipc/ipc_message.h" | 19 #include "ipc/ipc_message.h" |
| 19 #include "net/base/request_priority.h" | 20 #include "net/base/request_priority.h" |
| 20 #include "net/url_request/url_request.h" | 21 #include "net/url_request/url_request.h" |
| 21 #include "net/url_request/url_request_test_util.h" | 22 #include "net/url_request/url_request_test_util.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 38 private: | 39 private: |
| 39 content::TestBrowserThreadBundle thread_bundle_; | 40 content::TestBrowserThreadBundle thread_bundle_; |
| 40 | 41 |
| 41 protected: | 42 protected: |
| 42 net::TestURLRequestContext context; | 43 net::TestURLRequestContext context; |
| 43 | 44 |
| 44 // This extension has Web Request permissions, but no host permission. | 45 // This extension has Web Request permissions, but no host permission. |
| 45 scoped_refptr<Extension> permissionless_extension_; | 46 scoped_refptr<Extension> permissionless_extension_; |
| 46 // This extension has Web Request permissions, and *.com a host permission. | 47 // This extension has Web Request permissions, and *.com a host permission. |
| 47 scoped_refptr<Extension> com_extension_; | 48 scoped_refptr<Extension> com_extension_; |
| 49 // This extension is the same as com_extension, except it's installed from |
| 50 // Manifest::EXTERNAL_POLICY_DOWNLOAD. |
| 51 scoped_refptr<Extension> com_policy_extension_; |
| 48 scoped_refptr<extensions::InfoMap> extension_info_map_; | 52 scoped_refptr<extensions::InfoMap> extension_info_map_; |
| 49 }; | 53 }; |
| 50 | 54 |
| 51 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() { | 55 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() { |
| 52 testing::Test::SetUp(); | 56 testing::Test::SetUp(); |
| 53 | 57 |
| 54 std::string error; | 58 std::string error; |
| 55 permissionless_extension_ = LoadManifestUnchecked("permissions", | 59 permissionless_extension_ = LoadManifestUnchecked("permissions", |
| 56 "web_request_no_host.json", | 60 "web_request_no_host.json", |
| 57 Manifest::INVALID_LOCATION, | 61 Manifest::INVALID_LOCATION, |
| 58 Extension::NO_FLAGS, | 62 Extension::NO_FLAGS, |
| 59 "ext_id_1", | 63 "ext_id_1", |
| 60 &error); | 64 &error); |
| 61 ASSERT_TRUE(permissionless_extension_.get()) << error; | 65 ASSERT_TRUE(permissionless_extension_.get()) << error; |
| 62 com_extension_ = | 66 com_extension_ = |
| 63 LoadManifestUnchecked("permissions", | 67 LoadManifestUnchecked("permissions", |
| 64 "web_request_com_host_permissions.json", | 68 "web_request_com_host_permissions.json", |
| 65 Manifest::INVALID_LOCATION, | 69 Manifest::INVALID_LOCATION, |
| 66 Extension::NO_FLAGS, | 70 Extension::NO_FLAGS, |
| 67 "ext_id_2", | 71 "ext_id_2", |
| 68 &error); | 72 &error); |
| 69 ASSERT_TRUE(com_extension_.get()) << error; | 73 ASSERT_TRUE(com_extension_.get()) << error; |
| 74 com_policy_extension_ = |
| 75 LoadManifestUnchecked("permissions", |
| 76 "web_request_com_host_permissions.json", |
| 77 Manifest::EXTERNAL_POLICY_DOWNLOAD, |
| 78 Extension::NO_FLAGS, |
| 79 "ext_id_3", |
| 80 &error); |
| 81 ASSERT_TRUE(com_policy_extension_.get()) << error; |
| 70 extension_info_map_ = new extensions::InfoMap; | 82 extension_info_map_ = new extensions::InfoMap; |
| 71 extension_info_map_->AddExtension(permissionless_extension_.get(), | 83 extension_info_map_->AddExtension(permissionless_extension_.get(), |
| 72 base::Time::Now(), | 84 base::Time::Now(), |
| 73 false /*incognito_enabled*/, | 85 false, // incognito_enabled |
| 74 false /*notifications_disabled*/); | 86 false); // notifications_disabled |
| 75 extension_info_map_->AddExtension( | 87 extension_info_map_->AddExtension( |
| 76 com_extension_.get(), | 88 com_extension_.get(), |
| 77 base::Time::Now(), | 89 base::Time::Now(), |
| 78 false /*incognito_enabled*/, | 90 false, // incognito_enabled |
| 79 false /*notifications_disabled*/); | 91 false); // notifications_disabled |
| 92 extension_info_map_->AddExtension( |
| 93 com_policy_extension_.get(), |
| 94 base::Time::Now(), |
| 95 false, // incognito_enabled |
| 96 false); // notifications_disabled |
| 80 } | 97 } |
| 81 | 98 |
| 82 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) { | 99 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) { |
| 83 net::TestURLRequestContext context; | 100 net::TestURLRequestContext context; |
| 84 const char* const sensitive_urls[] = { | 101 const char* const sensitive_urls[] = { |
| 85 "http://clients2.google.com", | 102 "http://clients2.google.com", |
| 86 "http://clients22.google.com", | 103 "http://clients22.google.com", |
| 87 "https://clients2.google.com", | 104 "https://clients2.google.com", |
| 88 "http://clients2.google.com/service/update2/crx", | 105 "http://clients2.google.com/service/update2/crx", |
| 89 "https://clients.google.com", | 106 "https://clients.google.com", |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, | 172 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, |
| 156 TestCanExtensionAccessURL_HostPermissions) { | 173 TestCanExtensionAccessURL_HostPermissions) { |
| 157 std::unique_ptr<net::URLRequest> request(context.CreateRequest( | 174 std::unique_ptr<net::URLRequest> request(context.CreateRequest( |
| 158 GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL)); | 175 GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL)); |
| 159 | 176 |
| 160 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, | 177 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, |
| 161 WebRequestPermissions::CanExtensionAccessURL( | 178 WebRequestPermissions::CanExtensionAccessURL( |
| 162 extension_info_map_.get(), permissionless_extension_->id(), | 179 extension_info_map_.get(), permissionless_extension_->id(), |
| 163 request->url(), | 180 request->url(), |
| 164 -1, // No tab id. | 181 -1, // No tab id. |
| 165 false /*crosses_incognito*/, | 182 false, // crosses_incognito |
| 166 WebRequestPermissions::DO_NOT_CHECK_HOST)); | 183 WebRequestPermissions::DO_NOT_CHECK_HOST)); |
| 167 EXPECT_EQ(PermissionsData::ACCESS_DENIED, | 184 EXPECT_EQ(PermissionsData::ACCESS_DENIED, |
| 168 WebRequestPermissions::CanExtensionAccessURL( | 185 WebRequestPermissions::CanExtensionAccessURL( |
| 169 extension_info_map_.get(), permissionless_extension_->id(), | 186 extension_info_map_.get(), permissionless_extension_->id(), |
| 170 request->url(), | 187 request->url(), |
| 171 -1, // No tab id. | 188 -1, // No tab id. |
| 172 false /*crosses_incognito*/, | 189 false, // crosses_incognito |
| 173 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); | 190 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); |
| 174 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, | 191 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, |
| 175 WebRequestPermissions::CanExtensionAccessURL( | 192 WebRequestPermissions::CanExtensionAccessURL( |
| 176 extension_info_map_.get(), com_extension_->id(), request->url(), | 193 extension_info_map_.get(), com_extension_->id(), request->url(), |
| 177 -1, // No tab id. | 194 -1, // No tab id. |
| 178 false /*crosses_incognito*/, | 195 false, // crosses_incognito |
| 179 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); | 196 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); |
| 180 EXPECT_EQ(PermissionsData::ACCESS_DENIED, | 197 EXPECT_EQ(PermissionsData::ACCESS_DENIED, |
| 181 WebRequestPermissions::CanExtensionAccessURL( | 198 WebRequestPermissions::CanExtensionAccessURL( |
| 182 extension_info_map_.get(), com_extension_->id(), request->url(), | 199 extension_info_map_.get(), com_extension_->id(), request->url(), |
| 183 -1, // No tab id. | 200 -1, // No tab id. |
| 184 false /*crosses_incognito*/, | 201 false, // crosses_incognito |
| 185 WebRequestPermissions::REQUIRE_ALL_URLS)); | 202 WebRequestPermissions::REQUIRE_ALL_URLS)); |
| 203 |
| 204 // Public Sessions tests. |
| 205 #if defined(OS_CHROMEOS) |
| 206 std::unique_ptr<net::URLRequest> org_request(context.CreateRequest( |
| 207 GURL("http://example.org"), net::DEFAULT_PRIORITY, nullptr)); |
| 208 |
| 209 // com_extension_ doesn't have host permission for .org URLs. |
| 210 EXPECT_EQ(PermissionsData::ACCESS_DENIED, |
| 211 WebRequestPermissions::CanExtensionAccessURL( |
| 212 extension_info_map_.get(), com_policy_extension_->id(), |
| 213 org_request->url(), |
| 214 -1, // No tab id. |
| 215 false, // crosses_incognito |
| 216 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); |
| 217 |
| 218 // Set Public Session state. |
| 219 chromeos::LoginState::Initialize(); |
| 220 chromeos::LoginState::Get()->SetLoggedInState( |
| 221 chromeos::LoginState::LOGGED_IN_ACTIVE, |
| 222 chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT); |
| 223 |
| 224 // Host permission checks are disabled in Public Sessions, instead all URLs |
| 225 // are whitelisted. |
| 226 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, |
| 227 WebRequestPermissions::CanExtensionAccessURL( |
| 228 extension_info_map_.get(), com_policy_extension_->id(), |
| 229 org_request->url(), |
| 230 -1, // No tab id. |
| 231 false, // crosses_incognito |
| 232 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); |
| 233 |
| 234 EXPECT_EQ(PermissionsData::ACCESS_ALLOWED, |
| 235 WebRequestPermissions::CanExtensionAccessURL( |
| 236 extension_info_map_.get(), com_policy_extension_->id(), |
| 237 org_request->url(), |
| 238 -1, // No tab id. |
| 239 false, // crosses_incognito |
| 240 WebRequestPermissions::REQUIRE_ALL_URLS)); |
| 241 |
| 242 // Make sure that chrome:// URLs cannot be accessed. |
| 243 std::unique_ptr<net::URLRequest> chrome_request(context.CreateRequest( |
| 244 GURL("chrome://version/"), net::DEFAULT_PRIORITY, nullptr)); |
| 245 |
| 246 EXPECT_EQ(PermissionsData::ACCESS_DENIED, |
| 247 WebRequestPermissions::CanExtensionAccessURL( |
| 248 extension_info_map_.get(), com_policy_extension_->id(), |
| 249 chrome_request->url(), |
| 250 -1, // No tab id. |
| 251 false, // crosses_incognito |
| 252 WebRequestPermissions::REQUIRE_HOST_PERMISSION)); |
| 253 #endif |
| 186 } | 254 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2455393002:
PS - Adjusting webRequest API for use in Public Sessions (Closed)
