OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "base/memory/ptr_util.h" | 7 #include "base/memory/ptr_util.h" |
8 #include "base/optional.h" | 8 #include "base/optional.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "build/build_config.h" | 11 #include "build/build_config.h" |
12 #include "chrome/browser/browser_process.h" | 12 #include "chrome/browser/browser_process.h" |
13 #include "chrome/browser/chrome_notification_types.h" | 13 #include "chrome/browser/chrome_notification_types.h" |
14 #include "chrome/browser/extensions/active_tab_permission_granter.h" | 14 #include "chrome/browser/extensions/active_tab_permission_granter.h" |
15 #include "chrome/browser/extensions/extension_action_runner.h" | 15 #include "chrome/browser/extensions/extension_action_runner.h" |
16 #include "chrome/browser/extensions/extension_apitest.h" | 16 #include "chrome/browser/extensions/extension_apitest.h" |
17 #include "chrome/browser/extensions/extension_service.h" | 17 #include "chrome/browser/extensions/extension_service.h" |
18 #include "chrome/browser/extensions/extension_with_management_policy_apitest.h" | |
18 #include "chrome/browser/extensions/tab_helper.h" | 19 #include "chrome/browser/extensions/tab_helper.h" |
19 #include "chrome/browser/extensions/test_extension_dir.h" | 20 #include "chrome/browser/extensions/test_extension_dir.h" |
20 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
21 #include "chrome/browser/search_engines/template_url_service_factory.h" | 22 #include "chrome/browser/search_engines/template_url_service_factory.h" |
22 #include "chrome/browser/ui/browser.h" | 23 #include "chrome/browser/ui/browser.h" |
23 #include "chrome/browser/ui/browser_navigator_params.h" | 24 #include "chrome/browser/ui/browser_navigator_params.h" |
24 #include "chrome/browser/ui/login/login_handler.h" | 25 #include "chrome/browser/ui/login/login_handler.h" |
25 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 26 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
26 #include "chrome/common/extensions/extension_process_policy.h" | 27 #include "chrome/common/extensions/extension_process_policy.h" |
27 #include "chrome/test/base/search_test_utils.h" | 28 #include "chrome/test/base/search_test_utils.h" |
(...skipping 11 matching lines...) Expand all Loading... | |
39 #include "content/public/test/browser_test_utils.h" | 40 #include "content/public/test/browser_test_utils.h" |
40 #include "extensions/browser/api/web_request/web_request_api.h" | 41 #include "extensions/browser/api/web_request/web_request_api.h" |
41 #include "extensions/browser/blocked_action_type.h" | 42 #include "extensions/browser/blocked_action_type.h" |
42 #include "extensions/browser/extension_system.h" | 43 #include "extensions/browser/extension_system.h" |
43 #include "extensions/common/extension_builder.h" | 44 #include "extensions/common/extension_builder.h" |
44 #include "extensions/common/features/feature.h" | 45 #include "extensions/common/features/feature.h" |
45 #include "extensions/test/extension_test_message_listener.h" | 46 #include "extensions/test/extension_test_message_listener.h" |
46 #include "extensions/test/result_catcher.h" | 47 #include "extensions/test/result_catcher.h" |
47 #include "net/dns/mock_host_resolver.h" | 48 #include "net/dns/mock_host_resolver.h" |
48 #include "net/test/embedded_test_server/embedded_test_server.h" | 49 #include "net/test/embedded_test_server/embedded_test_server.h" |
50 #include "net/test/embedded_test_server/http_request.h" | |
49 #include "net/test/test_data_directory.h" | 51 #include "net/test/test_data_directory.h" |
50 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 52 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
51 #include "net/url_request/test_url_fetcher_factory.h" | 53 #include "net/url_request/test_url_fetcher_factory.h" |
52 #include "net/url_request/url_fetcher.h" | 54 #include "net/url_request/url_fetcher.h" |
53 #include "net/url_request/url_fetcher_delegate.h" | 55 #include "net/url_request/url_fetcher_delegate.h" |
54 #include "net/url_request/url_request_context_getter.h" | 56 #include "net/url_request/url_request_context_getter.h" |
55 #include "third_party/WebKit/public/platform/WebInputEvent.h" | 57 #include "third_party/WebKit/public/platform/WebInputEvent.h" |
56 | 58 |
57 #if defined(OS_CHROMEOS) | 59 #if defined(OS_CHROMEOS) |
58 #include "chromeos/login/login_state.h" | 60 #include "chromeos/login/login_state.h" |
(...skipping 888 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
947 // example.com should also succeed, since it's not through the profile's | 949 // example.com should also succeed, since it's not through the profile's |
948 // request context. | 950 // request context. |
949 SCOPED_TRACE("example.com with System's request context"); | 951 SCOPED_TRACE("example.com with System's request context"); |
950 TestURLFetcherDelegate url_fetcher(system_context, example_url, | 952 TestURLFetcherDelegate url_fetcher(system_context, example_url, |
951 net::URLRequestStatus()); | 953 net::URLRequestStatus()); |
952 url_fetcher.SetExpectedResponse(kExampleFullContent); | 954 url_fetcher.SetExpectedResponse(kExampleFullContent); |
953 url_fetcher.WaitForCompletion(); | 955 url_fetcher.WaitForCompletion(); |
954 } | 956 } |
955 } | 957 } |
956 | 958 |
959 // Tests that the webRequest events aren't dispatched when the request initiator | |
960 // is protected by policy. | |
961 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, | |
962 InitiatorProtectedByPolicy) { | |
963 // Host navigated to. | |
964 const std::string example_com = "example.com"; | |
965 | |
966 // Domain that hosts javascript file referenced by example_com. | |
967 const std::string example2_com = "example2.com"; | |
968 | |
969 // Extension communicates back using this listener name. | |
970 const std::string listener_name = "protected_origin"; | |
Devlin
2017/06/01 15:21:33
this isn't a name, it's a message.
nrpeter
2017/06/06 21:42:07
Done.
| |
971 | |
972 // We expect that no webRequest will be hidden or modification blocked. This | |
973 // means that the request to example.com will be seen by the extension. | |
974 { | |
975 ExtensionManagementPolicyUpdater pref(&policy_provider_); | |
976 pref.AddRuntimeBlockedHost("*", "*://notexample.com"); | |
977 } | |
978 // Set auto confirm UI flag. | |
979 PermissionsRequestFunction::SetAutoConfirmForTests(true); | |
Devlin
2017/06/01 15:21:33
As mentioned in https://codereview.chromium.org/24
nrpeter
2017/06/06 21:42:07
Done.
| |
980 | |
981 ASSERT_TRUE(StartEmbeddedTestServer()); | |
982 | |
983 // URL within the text extension that initiates cross domain requests when | |
984 // navigated to. | |
985 const GURL extension_test_url = embedded_test_server()->GetURL( | |
986 example_com, | |
987 "/extensions/api_test/webrequest/policy_blocked/ref_remote_js.html"); | |
988 | |
989 LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked")); | |
990 | |
991 // Listen to verify extension sees the web request. | |
992 ExtensionTestMessageListener before_request_listener(listener_name, false); | |
993 | |
994 // Wait until all remote Javascript files have been blocked / pulled down. | |
995 ui_test_utils::NavigateToURLWithDisposition( | |
996 browser(), extension_test_url, WindowOpenDisposition::CURRENT_TAB, | |
997 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); | |
998 | |
999 // The server saw a request for the remote Javascript file. | |
1000 EXPECT_TRUE(BrowsedTo(example2_com)); | |
1001 | |
1002 // The webRequest was seen by the extension. | |
1003 EXPECT_TRUE(before_request_listener.was_satisfied()); | |
1004 | |
1005 // Clear the list of domains the server has seen. | |
1006 ClearRequestLog(); | |
1007 | |
1008 // Make sure we've cleared the embedded server history. | |
1009 EXPECT_FALSE(BrowsedTo(example2_com)); | |
1010 | |
1011 // Set the policy to hide webRequests to example.com or any resource | |
Devlin
2017/06/01 15:21:32
s/webRequests/requests (webRequest is the API)
nrpeter
2017/06/06 21:42:07
Done.
| |
1012 // it includes. We expect that in this test, the webRequest to example2.com | |
1013 // will not be seen by the extension. | |
1014 { | |
1015 ExtensionManagementPolicyUpdater pref(&policy_provider_); | |
1016 pref.AddRuntimeBlockedHost("*", "*://" + example_com); | |
1017 } | |
1018 | |
1019 // Listen in case extension sees the web requst. | |
1020 ExtensionTestMessageListener before_request_listener2(listener_name, false); | |
1021 | |
1022 // Wait until all remote Javascript files have been pulled down. | |
1023 ui_test_utils::NavigateToURLWithDisposition( | |
1024 browser(), extension_test_url, WindowOpenDisposition::CURRENT_TAB, | |
1025 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); | |
1026 | |
1027 // The server saw a request for the remote Javascript file. | |
1028 EXPECT_TRUE(BrowsedTo(example2_com)); | |
1029 | |
1030 // The webRequest was hidden from the extension. | |
1031 EXPECT_FALSE(before_request_listener2.was_satisfied()); | |
1032 } | |
1033 | |
1034 // Tests that the webRequest events aren't dispatched when the URL of the | |
1035 // request is protected by policy. | |
1036 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, | |
1037 UrlProtectedByPolicy) { | |
1038 // Host protected by policy. | |
1039 const std::string protected_domain = "example.com"; | |
1040 | |
1041 // Host not protected by policy. | |
1042 const std::string unprotected_domain = "not_blocked_example.com"; | |
Devlin
2017/06/01 15:21:32
As mentioned at https://codereview.chromium.org/24
nrpeter
2017/06/06 21:42:07
Done.
| |
1043 | |
1044 // File to resolve during test navigations. | |
1045 const std::string file_url = | |
Devlin
2017/06/01 15:21:33
variables should be declared near their first use.
nrpeter
2017/06/06 21:42:07
Done.
| |
1046 "/extensions/api_test/webrequest/policy_blocked/protected_url.html"; | |
1047 | |
1048 { | |
1049 ExtensionManagementPolicyUpdater pref(&policy_provider_); | |
1050 pref.AddRuntimeBlockedHost("*", "*://" + protected_domain); | |
1051 } | |
1052 | |
1053 // Set auto confirm UI flag. | |
1054 PermissionsRequestFunction::SetAutoConfirmForTests(true); | |
1055 | |
1056 ASSERT_TRUE(StartEmbeddedTestServer()); | |
1057 | |
1058 LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked")); | |
1059 | |
1060 // Listen in case extension sees the web requst. | |
1061 ExtensionTestMessageListener before_request_listener("protected_url", false); | |
1062 | |
1063 // Navigate to the protected domain and wait until page fully loads. | |
1064 ui_test_utils::NavigateToURLWithDisposition( | |
1065 browser(), embedded_test_server()->GetURL(protected_domain, file_url), | |
1066 WindowOpenDisposition::CURRENT_TAB, | |
1067 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); | |
1068 | |
1069 // The server saw a request for the protected site. | |
1070 EXPECT_TRUE(BrowsedTo(protected_domain)); | |
1071 | |
1072 // The webRequest was hidden from the extension. | |
1073 EXPECT_FALSE(before_request_listener.was_satisfied()); | |
1074 | |
1075 // Now we'll test browsing to a non-protected website where we expect the | |
1076 // extension to see the webrequest event. | |
1077 ui_test_utils::NavigateToURLWithDisposition( | |
1078 browser(), embedded_test_server()->GetURL(unprotected_domain, file_url), | |
1079 WindowOpenDisposition::CURRENT_TAB, | |
1080 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); | |
1081 | |
1082 // The server saw a request for the non-protected site. | |
1083 EXPECT_TRUE(BrowsedTo(unprotected_domain)); | |
1084 | |
1085 // The webRequest was visible from the extension. | |
1086 EXPECT_TRUE(before_request_listener.was_satisfied()); | |
1087 } | |
1088 | |
1089 // Test that no webRequest events are seen for a protected host during normal | |
1090 // navigation. This replicates most of the tests from | |
1091 // WebRequestWithWithheldPermissions with a protected host. Granting a tab | |
1092 // specific permission shouldn't bypass our policy. | |
1093 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, | |
1094 WebRequestProtectedByPolicy) { | |
1095 FeatureSwitch::ScopedOverride enable_scripts_require_action( | |
1096 FeatureSwitch::scripts_require_action(), true); | |
1097 | |
1098 // Host protected by policy. | |
1099 const std::string protected_domain = "example.com"; | |
1100 | |
1101 { | |
1102 ExtensionManagementPolicyUpdater pref(&policy_provider_); | |
1103 pref.AddRuntimeBlockedHost("*", "*://" + protected_domain); | |
1104 } | |
1105 | |
1106 extensions::PermissionsRequestFunction::SetAutoConfirmForTests(true); | |
1107 ASSERT_TRUE(StartEmbeddedTestServer()); | |
1108 | |
1109 ExtensionTestMessageListener listener("ready", false); | |
1110 const Extension* extension = | |
1111 LoadExtension(test_data_dir_.AppendASCII("webrequest_activetab")); | |
1112 ASSERT_TRUE(extension) << message_; | |
1113 EXPECT_TRUE(listener.WaitUntilSatisfied()); | |
1114 | |
1115 // Navigate the browser to a page in a new tab. | |
1116 GURL url = embedded_test_server()->GetURL(protected_domain, "/empty.html"); | |
1117 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_LINK); | |
1118 params.disposition = WindowOpenDisposition::NEW_FOREGROUND_TAB; | |
1119 ui_test_utils::NavigateToURL(¶ms); | |
1120 | |
1121 content::WebContents* web_contents = | |
1122 browser()->tab_strip_model()->GetActiveWebContents(); | |
1123 ASSERT_TRUE(web_contents); | |
1124 ExtensionActionRunner* runner = | |
1125 ExtensionActionRunner::GetForWebContents(web_contents); | |
1126 ASSERT_TRUE(runner); | |
1127 | |
1128 int port = embedded_test_server()->port(); | |
1129 const std::string kXhrPath = "simple.html"; | |
1130 | |
1131 // The extension shouldn't have currently received any webRequest events, | |
1132 // since it doesn't have permission (and shouldn't receive any from an XHR). | |
1133 EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile())); | |
1134 PerformXhrInFrame(web_contents->GetMainFrame(), protected_domain, port, | |
1135 kXhrPath); | |
1136 EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile())); | |
1137 | |
1138 // Grant activeTab permission, and perform another XHR. The extension should | |
1139 // still be blocked due to ExtensionSettings policy on example.com. | |
1140 // Only records ACCESS_WITHHELD, not ACCESS_DENIED, this is why it matches | |
1141 // BLOCKED_ACTION_NONE. | |
1142 EXPECT_EQ(BLOCKED_ACTION_NONE, runner->GetBlockedActions(extension)); | |
1143 runner->set_default_bubble_close_action_for_testing( | |
Devlin
2017/06/01 15:21:32
Trying to run when the extension doesn't want to i
nrpeter
2017/06/06 21:42:07
I could, but wanted to make sure that modification
| |
1144 base::WrapUnique(new ToolbarActionsBarBubbleDelegate::CloseAction( | |
1145 ToolbarActionsBarBubbleDelegate::CLOSE_EXECUTE))); | |
1146 runner->RunAction(extension, true); | |
1147 base::RunLoop().RunUntilIdle(); | |
1148 EXPECT_TRUE(content::WaitForLoadStop(web_contents)); | |
1149 // The runner will have refreshed the page... | |
Devlin
2017/06/01 15:21:33
Will it have, if there was no blocked action?
nrpeter
2017/06/06 21:42:07
Done. Thanks, that was an old comment.
| |
1150 EXPECT_EQ(BLOCKED_ACTION_NONE, runner->GetBlockedActions(extension)); | |
1151 int xhr_count = GetWebRequestCountFromBackgroundPage(extension, profile()); | |
1152 // ... which means that we should have a non-zero xhr count if the policy | |
1153 // didn't block the events. | |
1154 EXPECT_EQ(xhr_count, 0); | |
Devlin
2017/06/01 15:21:33
EXPECT_EQ(expected, actual)
nrpeter
2017/06/06 21:42:07
Done.
| |
1155 // And the extension should also block future events. | |
1156 PerformXhrInFrame(web_contents->GetMainFrame(), protected_domain, port, | |
1157 kXhrPath); | |
1158 EXPECT_EQ(xhr_count, | |
Devlin
2017/06/01 15:21:33
prefer 0, since that's what we expect
nrpeter
2017/06/06 21:42:07
Done.
| |
1159 GetWebRequestCountFromBackgroundPage(extension, profile())); | |
1160 } | |
1161 | |
957 } // namespace extensions | 1162 } // namespace extensions |
OLD | NEW |