| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
| 6 #include "base/macros.h" | 6 #include "base/macros.h" |
| 7 #include "base/strings/stringprintf.h" | 7 #include "base/strings/stringprintf.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "chrome/browser/ui/browser.h" | 9 #include "chrome/browser/ui/browser.h" |
| 10 #include "chrome/browser/ui/browser_commands.h" | 10 #include "chrome/browser/ui/browser_commands.h" |
| 11 #include "chrome/browser/ui/singleton_tabs.h" | 11 #include "chrome/browser/ui/singleton_tabs.h" |
| 12 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 12 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 13 #include "chrome/common/extensions/extension_process_policy.h" |
| 13 #include "chrome/test/base/in_process_browser_test.h" | 14 #include "chrome/test/base/in_process_browser_test.h" |
| 14 #include "chrome/test/base/ui_test_utils.h" | 15 #include "chrome/test/base/ui_test_utils.h" |
| 15 #include "content/common/fileapi/webblob_messages.h" | 16 #include "content/common/fileapi/webblob_messages.h" |
| 16 #include "content/public/browser/notification_observer.h" | 17 #include "content/public/browser/notification_observer.h" |
| 17 #include "content/public/browser/notification_service.h" | 18 #include "content/public/browser/notification_service.h" |
| 18 #include "content/public/browser/notification_types.h" | 19 #include "content/public/browser/notification_types.h" |
| 19 #include "content/public/browser/render_frame_host.h" | 20 #include "content/public/browser/render_frame_host.h" |
| 20 #include "content/public/browser/render_process_host.h" | 21 #include "content/public/browser/render_process_host.h" |
| 21 #include "content/public/browser/resource_request_details.h" | 22 #include "content/public/browser/resource_request_details.h" |
| 22 #include "content/public/browser/web_contents_observer.h" | 23 #include "content/public/browser/web_contents_observer.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 ui_test_utils::NavigateToURL(browser(), foo); | 65 ui_test_utils::NavigateToURL(browser(), foo); |
| 65 | 66 |
| 66 std::string status; | 67 std::string status; |
| 67 std::string expected_status("0"); | 68 std::string expected_status("0"); |
| 68 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); | 69 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); |
| 69 EXPECT_STREQ(status.c_str(), expected_status.c_str()); | 70 EXPECT_STREQ(status.c_str(), expected_status.c_str()); |
| 70 } | 71 } |
| 71 | 72 |
| 72 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, | 73 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, |
| 73 CreateBlobInExtensionOrigin) { | 74 CreateBlobInExtensionOrigin) { |
| 75 // This test relies on extensions documents running in extension processes, |
| 76 // which is guaranteed with --isolate-extensions. Without it, the checks are |
| 77 // not enforced and this test will time out waiting for the process to be |
| 78 // killed. |
| 79 if (!extensions::IsIsolateExtensionsEnabled()) |
| 80 return; |
| 81 |
| 74 ui_test_utils::NavigateToURL( | 82 ui_test_utils::NavigateToURL( |
| 75 browser(), | 83 browser(), |
| 76 embedded_test_server()->GetURL("a.root-servers.net", "/title1.html")); | 84 embedded_test_server()->GetURL("a.root-servers.net", "/title1.html")); |
| 77 | 85 |
| 78 content::RenderFrameHost* rfh = | 86 content::RenderFrameHost* rfh = |
| 79 browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); | 87 browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); |
| 80 | 88 |
| 81 // All these are attacker controlled values. The UUID is arbitrary. | 89 // All these are attacker controlled values. The UUID is arbitrary. |
| 82 std::string blob_id = "2ce53a26-0409-45a3-86e5-f8fb9f5566d8"; | 90 std::string blob_id = "2ce53a26-0409-45a3-86e5-f8fb9f5566d8"; |
| 83 std::string blob_type = "text/html"; | 91 std::string blob_type = "text/html"; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 106 // in |rfh->GetProcess()|. | 114 // in |rfh->GetProcess()|. |
| 107 content::RenderProcessHostWatcher crash_observer( | 115 content::RenderProcessHostWatcher crash_observer( |
| 108 rfh->GetProcess(), | 116 rfh->GetProcess(), |
| 109 content::RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 117 content::RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
| 110 IPC::IpcSecurityTestUtil::PwnMessageReceived( | 118 IPC::IpcSecurityTestUtil::PwnMessageReceived( |
| 111 rfh->GetProcess()->GetChannel(), | 119 rfh->GetProcess()->GetChannel(), |
| 112 BlobHostMsg_RegisterPublicURL( | 120 BlobHostMsg_RegisterPublicURL( |
| 113 GURL("blob:" + target_origin + "/" + blob_path), blob_id)); | 121 GURL("blob:" + target_origin + "/" + blob_path), blob_id)); |
| 114 crash_observer.Wait(); // If the process is killed, this test passes. | 122 crash_observer.Wait(); // If the process is killed, this test passes. |
| 115 } | 123 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2554083002:
Change Isolate Extensions to be off by default. (Closed)
