OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "base/memory/ptr_util.h" | 7 #include "base/memory/ptr_util.h" |
8 #include "base/optional.h" | 8 #include "base/optional.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "build/build_config.h" | 11 #include "build/build_config.h" |
12 #include "chrome/browser/browser_process.h" | 12 #include "chrome/browser/browser_process.h" |
13 #include "chrome/browser/chrome_notification_types.h" | 13 #include "chrome/browser/chrome_notification_types.h" |
14 #include "chrome/browser/extensions/active_tab_permission_granter.h" | 14 #include "chrome/browser/extensions/active_tab_permission_granter.h" |
15 #include "chrome/browser/extensions/extension_action_runner.h" | 15 #include "chrome/browser/extensions/extension_action_runner.h" |
16 #include "chrome/browser/extensions/extension_apitest.h" | 16 #include "chrome/browser/extensions/extension_apitest.h" |
17 #include "chrome/browser/extensions/extension_service.h" | 17 #include "chrome/browser/extensions/extension_service.h" |
| 18 #include "chrome/browser/extensions/extension_with_management_policy_apitest.h" |
18 #include "chrome/browser/extensions/tab_helper.h" | 19 #include "chrome/browser/extensions/tab_helper.h" |
19 #include "chrome/browser/extensions/test_extension_dir.h" | 20 #include "chrome/browser/extensions/test_extension_dir.h" |
20 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
21 #include "chrome/browser/search_engines/template_url_service_factory.h" | 22 #include "chrome/browser/search_engines/template_url_service_factory.h" |
22 #include "chrome/browser/ui/browser.h" | 23 #include "chrome/browser/ui/browser.h" |
23 #include "chrome/browser/ui/browser_navigator_params.h" | 24 #include "chrome/browser/ui/browser_navigator_params.h" |
24 #include "chrome/browser/ui/login/login_handler.h" | 25 #include "chrome/browser/ui/login/login_handler.h" |
25 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 26 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
26 #include "chrome/common/extensions/extension_process_policy.h" | 27 #include "chrome/common/extensions/extension_process_policy.h" |
27 #include "chrome/test/base/search_test_utils.h" | 28 #include "chrome/test/base/search_test_utils.h" |
(...skipping 11 matching lines...) Expand all Loading... |
39 #include "content/public/test/browser_test_utils.h" | 40 #include "content/public/test/browser_test_utils.h" |
40 #include "extensions/browser/api/web_request/web_request_api.h" | 41 #include "extensions/browser/api/web_request/web_request_api.h" |
41 #include "extensions/browser/blocked_action_type.h" | 42 #include "extensions/browser/blocked_action_type.h" |
42 #include "extensions/browser/extension_system.h" | 43 #include "extensions/browser/extension_system.h" |
43 #include "extensions/common/extension_builder.h" | 44 #include "extensions/common/extension_builder.h" |
44 #include "extensions/common/features/feature.h" | 45 #include "extensions/common/features/feature.h" |
45 #include "extensions/test/extension_test_message_listener.h" | 46 #include "extensions/test/extension_test_message_listener.h" |
46 #include "extensions/test/result_catcher.h" | 47 #include "extensions/test/result_catcher.h" |
47 #include "net/dns/mock_host_resolver.h" | 48 #include "net/dns/mock_host_resolver.h" |
48 #include "net/test/embedded_test_server/embedded_test_server.h" | 49 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 50 #include "net/test/embedded_test_server/http_request.h" |
49 #include "net/test/test_data_directory.h" | 51 #include "net/test/test_data_directory.h" |
50 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 52 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
51 #include "net/url_request/test_url_fetcher_factory.h" | 53 #include "net/url_request/test_url_fetcher_factory.h" |
52 #include "net/url_request/url_fetcher.h" | 54 #include "net/url_request/url_fetcher.h" |
53 #include "net/url_request/url_fetcher_delegate.h" | 55 #include "net/url_request/url_fetcher_delegate.h" |
54 #include "net/url_request/url_request_context_getter.h" | 56 #include "net/url_request/url_request_context_getter.h" |
55 #include "third_party/WebKit/public/platform/WebInputEvent.h" | 57 #include "third_party/WebKit/public/platform/WebInputEvent.h" |
56 | 58 |
57 #if defined(OS_CHROMEOS) | 59 #if defined(OS_CHROMEOS) |
58 #include "chromeos/login/login_state.h" | 60 #include "chromeos/login/login_state.h" |
(...skipping 19 matching lines...) Expand all Loading... |
78 const content::NotificationSource& source, | 80 const content::NotificationSource& source, |
79 const content::NotificationDetails& details) override { | 81 const content::NotificationDetails& details) override { |
80 LoginHandler* handler = | 82 LoginHandler* handler = |
81 content::Details<LoginNotificationDetails>(details).ptr()->handler(); | 83 content::Details<LoginNotificationDetails>(details).ptr()->handler(); |
82 handler->CancelAuth(); | 84 handler->CancelAuth(); |
83 } | 85 } |
84 | 86 |
85 private: | 87 private: |
86 content::NotificationRegistrar registrar_; | 88 content::NotificationRegistrar registrar_; |
87 | 89 |
88 DISALLOW_COPY_AND_ASSIGN(CancelLoginDialog); | 90 DISALLOW_COPY_AND_ASSIGN(CancelLoginDialog); |
89 }; | 91 }; |
90 | 92 |
91 // Sends an XHR request to the provided host, port, and path, and responds when | 93 // Sends an XHR request to the provided host, port, and path, and responds when |
92 // the request was sent. | 94 // the request was sent. |
93 const char kPerformXhrJs[] = | 95 const char kPerformXhrJs[] = |
94 "var url = 'http://%s:%d/%s';\n" | 96 "var url = 'http://%s:%d/%s';\n" |
95 "var xhr = new XMLHttpRequest();\n" | 97 "var xhr = new XMLHttpRequest();\n" |
96 "xhr.open('GET', url);\n" | 98 "xhr.open('GET', url);\n" |
97 "xhr.onload = function() {\n" | 99 "xhr.onload = function() {\n" |
98 " window.domAutomationController.send(true);\n" | 100 " window.domAutomationController.send(true);\n" |
(...skipping 848 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
947 // example.com should also succeed, since it's not through the profile's | 949 // example.com should also succeed, since it's not through the profile's |
948 // request context. | 950 // request context. |
949 SCOPED_TRACE("example.com with System's request context"); | 951 SCOPED_TRACE("example.com with System's request context"); |
950 TestURLFetcherDelegate url_fetcher(system_context, example_url, | 952 TestURLFetcherDelegate url_fetcher(system_context, example_url, |
951 net::URLRequestStatus()); | 953 net::URLRequestStatus()); |
952 url_fetcher.SetExpectedResponse(kExampleFullContent); | 954 url_fetcher.SetExpectedResponse(kExampleFullContent); |
953 url_fetcher.WaitForCompletion(); | 955 url_fetcher.WaitForCompletion(); |
954 } | 956 } |
955 } | 957 } |
956 | 958 |
| 959 // Tests that the webRequest events aren't dispatched when the request initiator |
| 960 // is protected by policy. |
| 961 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, |
| 962 InitiatorProtectedByPolicy) { |
| 963 // We expect that no request will be hidden or modification blocked. This |
| 964 // means that the request to example.com will be seen by the extension. |
| 965 { |
| 966 ExtensionManagementPolicyUpdater pref(&policy_provider_); |
| 967 pref.AddRuntimeBlockedHost("*", "*://notexample.com"); |
| 968 } |
| 969 |
| 970 ASSERT_TRUE(StartEmbeddedTestServer()); |
| 971 |
| 972 // Host navigated to. |
| 973 const std::string example_com = "example.com"; |
| 974 |
| 975 // URL of a page that initiates a cross domain requests when navigated to. |
| 976 const GURL extension_test_url = embedded_test_server()->GetURL( |
| 977 example_com, |
| 978 "/extensions/api_test/webrequest/policy_blocked/ref_remote_js.html"); |
| 979 |
| 980 LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked")); |
| 981 |
| 982 // Extension communicates back using this listener name. |
| 983 const std::string listener_message = "protected_origin"; |
| 984 |
| 985 // Listen to verify extension sees the web request. |
| 986 ExtensionTestMessageListener before_request_listener(listener_message, false); |
| 987 |
| 988 // Wait until all remote Javascript files have been blocked / pulled down. |
| 989 ui_test_utils::NavigateToURLWithDisposition( |
| 990 browser(), extension_test_url, WindowOpenDisposition::CURRENT_TAB, |
| 991 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); |
| 992 |
| 993 // Domain that hosts javascript file referenced by example_com. |
| 994 const std::string example2_com = "example2.com"; |
| 995 |
| 996 // The server saw a request for the remote Javascript file. |
| 997 EXPECT_TRUE(BrowsedTo(example2_com)); |
| 998 |
| 999 // The request was seen by the extension. |
| 1000 EXPECT_TRUE(before_request_listener.was_satisfied()); |
| 1001 |
| 1002 // Clear the list of domains the server has seen. |
| 1003 ClearRequestLog(); |
| 1004 |
| 1005 // Make sure we've cleared the embedded server history. |
| 1006 EXPECT_FALSE(BrowsedTo(example2_com)); |
| 1007 |
| 1008 // Set the policy to hide requests to example.com or any resource |
| 1009 // it includes. We expect that in this test, the request to example2.com |
| 1010 // will not be seen by the extension. |
| 1011 { |
| 1012 ExtensionManagementPolicyUpdater pref(&policy_provider_); |
| 1013 pref.AddRuntimeBlockedHost("*", "*://" + example_com); |
| 1014 } |
| 1015 |
| 1016 // Listen in case extension sees the requst. |
| 1017 ExtensionTestMessageListener before_request_listener2(listener_message, |
| 1018 false); |
| 1019 |
| 1020 // Wait until all remote Javascript files have been pulled down. |
| 1021 ui_test_utils::NavigateToURLWithDisposition( |
| 1022 browser(), extension_test_url, WindowOpenDisposition::CURRENT_TAB, |
| 1023 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); |
| 1024 |
| 1025 // The server saw a request for the remote Javascript file. |
| 1026 EXPECT_TRUE(BrowsedTo(example2_com)); |
| 1027 |
| 1028 // The request was hidden from the extension. |
| 1029 EXPECT_FALSE(before_request_listener2.was_satisfied()); |
| 1030 } |
| 1031 |
| 1032 // Tests that the webRequest events aren't dispatched when the URL of the |
| 1033 // request is protected by policy. |
| 1034 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, |
| 1035 UrlProtectedByPolicy) { |
| 1036 // Host protected by policy. |
| 1037 const std::string protected_domain = "example.com"; |
| 1038 |
| 1039 { |
| 1040 ExtensionManagementPolicyUpdater pref(&policy_provider_); |
| 1041 pref.AddRuntimeBlockedHost("*", "*://" + protected_domain); |
| 1042 } |
| 1043 |
| 1044 ASSERT_TRUE(StartEmbeddedTestServer()); |
| 1045 |
| 1046 LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked")); |
| 1047 |
| 1048 // Listen in case extension sees the requst. |
| 1049 ExtensionTestMessageListener before_request_listener("protected_url", false); |
| 1050 |
| 1051 // Path to resolve during test navigations. |
| 1052 const std::string test_path = "/defaultresponse?protected_url"; |
| 1053 |
| 1054 // Navigate to the protected domain and wait until page fully loads. |
| 1055 ui_test_utils::NavigateToURLWithDisposition( |
| 1056 browser(), embedded_test_server()->GetURL(protected_domain, test_path), |
| 1057 WindowOpenDisposition::CURRENT_TAB, |
| 1058 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); |
| 1059 |
| 1060 // The server saw a request for the protected site. |
| 1061 EXPECT_TRUE(BrowsedTo(protected_domain)); |
| 1062 |
| 1063 // The request was hidden from the extension. |
| 1064 EXPECT_FALSE(before_request_listener.was_satisfied()); |
| 1065 |
| 1066 // Host not protected by policy. |
| 1067 const std::string unprotected_domain = "notblockedexample.com"; |
| 1068 |
| 1069 // Now we'll test browsing to a non-protected website where we expect the |
| 1070 // extension to see the request. |
| 1071 ui_test_utils::NavigateToURLWithDisposition( |
| 1072 browser(), embedded_test_server()->GetURL(unprotected_domain, test_path), |
| 1073 WindowOpenDisposition::CURRENT_TAB, |
| 1074 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); |
| 1075 |
| 1076 // The server saw a request for the non-protected site. |
| 1077 EXPECT_TRUE(BrowsedTo(unprotected_domain)); |
| 1078 |
| 1079 // The request was visible from the extension. |
| 1080 EXPECT_TRUE(before_request_listener.was_satisfied()); |
| 1081 } |
| 1082 |
| 1083 // Test that no webRequest events are seen for a protected host during normal |
| 1084 // navigation. This replicates most of the tests from |
| 1085 // WebRequestWithWithheldPermissions with a protected host. Granting a tab |
| 1086 // specific permission shouldn't bypass our policy. |
| 1087 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy, |
| 1088 WebRequestProtectedByPolicy) { |
| 1089 FeatureSwitch::ScopedOverride enable_scripts_require_action( |
| 1090 FeatureSwitch::scripts_require_action(), true); |
| 1091 |
| 1092 // Host protected by policy. |
| 1093 const std::string protected_domain = "example.com"; |
| 1094 |
| 1095 { |
| 1096 ExtensionManagementPolicyUpdater pref(&policy_provider_); |
| 1097 pref.AddRuntimeBlockedHost("*", "*://" + protected_domain); |
| 1098 } |
| 1099 |
| 1100 ASSERT_TRUE(StartEmbeddedTestServer()); |
| 1101 |
| 1102 ExtensionTestMessageListener listener("ready", false); |
| 1103 const Extension* extension = |
| 1104 LoadExtension(test_data_dir_.AppendASCII("webrequest_activetab")); |
| 1105 ASSERT_TRUE(extension) << message_; |
| 1106 EXPECT_TRUE(listener.WaitUntilSatisfied()); |
| 1107 |
| 1108 // Navigate the browser to a page in a new tab. |
| 1109 GURL url = embedded_test_server()->GetURL(protected_domain, "/empty.html"); |
| 1110 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_LINK); |
| 1111 params.disposition = WindowOpenDisposition::NEW_FOREGROUND_TAB; |
| 1112 ui_test_utils::NavigateToURL(¶ms); |
| 1113 |
| 1114 content::WebContents* web_contents = |
| 1115 browser()->tab_strip_model()->GetActiveWebContents(); |
| 1116 ASSERT_TRUE(web_contents); |
| 1117 ExtensionActionRunner* runner = |
| 1118 ExtensionActionRunner::GetForWebContents(web_contents); |
| 1119 ASSERT_TRUE(runner); |
| 1120 |
| 1121 int port = embedded_test_server()->port(); |
| 1122 const std::string kXhrPath = "simple.html"; |
| 1123 |
| 1124 // The extension shouldn't have currently received any webRequest events, |
| 1125 // since it doesn't have permission (and shouldn't receive any from an XHR). |
| 1126 EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile())); |
| 1127 PerformXhrInFrame(web_contents->GetMainFrame(), protected_domain, port, |
| 1128 kXhrPath); |
| 1129 EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile())); |
| 1130 |
| 1131 // Grant activeTab permission, and perform another XHR. The extension should |
| 1132 // still be blocked due to ExtensionSettings policy on example.com. |
| 1133 // Only records ACCESS_WITHHELD, not ACCESS_DENIED, this is why it matches |
| 1134 // BLOCKED_ACTION_NONE. |
| 1135 EXPECT_EQ(BLOCKED_ACTION_NONE, runner->GetBlockedActions(extension)); |
| 1136 runner->set_default_bubble_close_action_for_testing( |
| 1137 base::WrapUnique(new ToolbarActionsBarBubbleDelegate::CloseAction( |
| 1138 ToolbarActionsBarBubbleDelegate::CLOSE_EXECUTE))); |
| 1139 runner->RunAction(extension, true); |
| 1140 base::RunLoop().RunUntilIdle(); |
| 1141 EXPECT_TRUE(content::WaitForLoadStop(web_contents)); |
| 1142 EXPECT_EQ(BLOCKED_ACTION_NONE, runner->GetBlockedActions(extension)); |
| 1143 int xhr_count = GetWebRequestCountFromBackgroundPage(extension, profile()); |
| 1144 // ... which means that we should have a non-zero xhr count if the policy |
| 1145 // didn't block the events. |
| 1146 EXPECT_EQ(0, xhr_count); |
| 1147 // And the extension should also block future events. |
| 1148 PerformXhrInFrame(web_contents->GetMainFrame(), protected_domain, port, |
| 1149 kXhrPath); |
| 1150 EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile())); |
| 1151 } |
| 1152 |
957 } // namespace extensions | 1153 } // namespace extensions |
OLD | NEW |