chrome/common/pepper_permission_util_unittest.cc - Issue 264923011: Add a whitelist check for nacl-nonsfi mode

Side by Side Diff: chrome/common/pepper_permission_util_unittest.cc

Issue 264923011: Add a whitelist check for nacl-nonsfi mode (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: feedback Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/common/pepper_permission_util.cc ('K') | « chrome/common/pepper_permission_util.cc ('k') | components/nacl/browser/nacl_browser_delegate.h » ('j') | components/nacl/browser/nacl_process_host.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/common/pepper_permission_util.h"

	6

	7 #include <set>

	8 #include <string>

	9

	10 #include "chrome/common/extensions/features/feature_channel.h"

	11 #include "extensions/common/extension_builder.h"

	12 #include "extensions/common/extension_set.h"

	13 #include "extensions/common/id_util.h"

	14 #include "testing/gtest/include/gtest/gtest.h"

	15

	16 using chrome::IsExtensionOrSharedModuleWhitelisted;

	17

	18 namespace extensions {

	19

	20 namespace {

	21

	22 // Return an extension with \|id\| which imports a module with the given

	23 // \|import_id\|.

	24 scoped_refptr<Extension> CreateExtensionImportingModule(

	25 const std::string& import_id, const std::string& id) {

	26 scoped_ptr<base::DictionaryValue> manifest =

	27 DictionaryBuilder()

	28 .Set("name", "Has Dependent Modules")

	29 .Set("version", "1.0")

	30 .Set("manifest_version", 2)

	31 .Set("import",

	32 ListBuilder().Append(DictionaryBuilder().Set("id", import_id)))

	33 .Build();

	34

	35 return ExtensionBuilder().SetManifest(manifest.Pass())

	36 .AddFlags(Extension::FROM_WEBSTORE)

	37 .SetID(id)

	38 .Build();

	39 }

	40

	41 } // namespace

	42

	43

	44 TEST(PepperPermissionUtilTest, ExtensionWhitelisting) {

	45 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);

	46 ExtensionSet extensions;

	47 std::string id = id_util::GenerateId("whitelisted_extension");
	jln (very slow on Chromium) 2014/05/08 23:22:41 Do you want to rename to whitelisted_id? Do you want to rename to whitelisted_id? elijahtaylor1 2014/05/09 00:33:28 Done. Show quoted text On 2014/05/08 23:22:41, jln wrote: > Do you want to rename to whitelisted_id? Done.
	48 scoped_ptr<base::DictionaryValue> manifest =

	49 DictionaryBuilder().Set("name", "Whitelisted Extension")

	50 .Set("version", "1.0")

	51 .Set("manifest_version", 2)

	52 .Build();

	53 scoped_refptr<Extension> ext =

	54 ExtensionBuilder().SetManifest(manifest.Pass())

	55 .SetID(id)

	56 .Build();

	57 extensions.Insert(ext);

	58 std::set<std::string> whitelist;

	59 std::string url =

	60 std::string("chrome-extension://") + id + std::string("/manifest.nmf");

	61 std::string bad_scheme_url =

	62 std::string("http://") + id + std::string("/manifest.nmf");

	63 std::string bad_host_url =

	64 std::string("chrome-extension://") + id_util::GenerateId("bad_host");

	65 std::string("/manifest.nmf");

	66

	67 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(url),

	68 &extensions,

	69 whitelist));

	70 whitelist.insert(id);

	71 EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(url),

	72 &extensions,

	73 whitelist));

	74 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_scheme_url),

	75 &extensions,

	76 whitelist));

	77 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_host_url),

	78 &extensions,

	79 whitelist));

	80 }

	81

	82 TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) {

	83 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);

	84 ExtensionSet extensions;

	85 std::string id = id_util::GenerateId("extension_id");
	jln (very slow on Chromium) 2014/05/08 23:22:41 s/id/whitelisted_id/ ? s/id/whitelisted_id/ ? elijahtaylor1 2014/05/09 00:33:28 Done. Show quoted text On 2014/05/08 23:22:41, jln wrote: > s/id/whitelisted_id/ ? Done.
	86 std::string bad_id = id_util::GenerateId("bad_id");

	87

	88 scoped_ptr<base::DictionaryValue> shared_module_manifest =

	89 DictionaryBuilder()

	90 .Set("name", "Whitelisted Shared Module")

	91 .Set("version", "1.0")

	92 .Set("manifest_version", 2)

	93 .Set("export",

	94 DictionaryBuilder().Set("resources",

	95 ListBuilder().Append("*"))

	96 .Set("whitelist",

	97 ListBuilder().Append(id)))
	jln (very slow on Chromium) 2014/05/08 23:22:41 Maybe add a comment that this is where the magic h Maybe add a comment that this is where the magic happens? elijahtaylor1 2014/05/09 00:33:28 Done. Show quoted text On 2014/05/08 23:22:41, jln wrote: > Maybe add a comment that this is where the magic happens? Done.
	98 .Build();

	99 scoped_refptr<Extension> shared_module =

	100 ExtensionBuilder().SetManifest(shared_module_manifest.Pass())

	101 .Build();

	102

	103 scoped_refptr<Extension> ext =

	104 CreateExtensionImportingModule(shared_module->id(), id);

	105 std::string extension_url =

	106 std::string("chrome-extension://") + ext->id() + std::string("/foo.html");

	107

	108 std::set<std::string> whitelist;

	109 // Important: whitelist only the shared module.

	110 whitelist.insert(shared_module->id());

	111

	112 extensions.Insert(ext);

	113 // This should fail because shared_module is not in the set of extensions.

	114 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url),

	115 &extensions,

	116 whitelist));

	117 extensions.Insert(shared_module);

	118 EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url),

	119 &extensions,

	120 whitelist));

	121
	jln (very slow on Chromium) 2014/05/08 23:22:41 Could you add another EXPECT_FALSE() after removin Could you add another EXPECT_FALSE() after removing whitelisted_id from \|whitelist\|? elijahtaylor1 2014/05/09 00:33:28 Done. Show quoted text On 2014/05/08 23:22:41, jln wrote: > Could you add another EXPECT_FALSE() after removing whitelisted_id from > \|whitelist\|? Done.
	122 scoped_refptr<Extension> bad_ext =

	123 CreateExtensionImportingModule(shared_module->id(), bad_id);

	124 std::string bad_extension_url =

	125 std::string("chrome-extension://") + bad_ext->id() +

	126 std::string("/foo.html");

	127

	128 extensions.Insert(bad_ext);

	129 // This should fail because bad_ext is not whitelisted to use shared_module.

	130 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_extension_url),

	131 &extensions,

	132 whitelist));

	133

	134 }

	135

	136 } // namespace extensions

	137

OLD	NEW