Chromium Code Reviews Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/common/pepper_permission_util.h" | |
| 6 | |
| 7 #include <set> | |
| 8 #include <string> | |
| 9 | |
| 10 #include "chrome/common/extensions/features/feature_channel.h" | |
| 11 #include "extensions/common/extension_builder.h" | |
| 12 #include "extensions/common/extension_set.h" | |
| 13 #include "extensions/common/id_util.h" | |
| 14 #include "testing/gtest/include/gtest/gtest.h" | |
| 15 | |
| 16 using chrome::IsExtensionOrSharedModuleWhitelisted; | |
| 17 | |
| 18 namespace extensions { | |
| 19 | |
| 20 namespace { | |
| 21 | |
| 22 // Return an extension with |id| which imports a module with the given | |
| 23 // |import_id|. | |
| 24 scoped_refptr<Extension> CreateExtensionImportingModule( | |
| 25 const std::string& import_id, const std::string& id) { | |
| 26 scoped_ptr<base::DictionaryValue> manifest = | |
| 27 DictionaryBuilder() | |
| 28 .Set("name", "Has Dependent Modules") | |
| 29 .Set("version", "1.0") | |
| 30 .Set("manifest_version", 2) | |
| 31 .Set("import", | |
| 32 ListBuilder().Append(DictionaryBuilder().Set("id", import_id))) | |
| 33 .Build(); | |
| 34 | |
| 35 return ExtensionBuilder().SetManifest(manifest.Pass()) | |
| 36 .AddFlags(Extension::FROM_WEBSTORE) | |
| 37 .SetID(id) | |
| 38 .Build(); | |
| 39 } | |
| 40 | |
| 41 } // namespace | |
| 42 | |
| 43 | |
| 44 TEST(PepperPermissionUtilTest, ExtensionWhitelisting) { | |
| 45 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); | |
| 46 ExtensionSet extensions; | |
| 47 std::string whitelisted_id = id_util::GenerateId("whitelisted_extension"); | |
| 48 scoped_ptr<base::DictionaryValue> manifest = | |
| 49 DictionaryBuilder().Set("name", "Whitelisted Extension") | |
| 50 .Set("version", "1.0") | |
| 51 .Set("manifest_version", 2) | |
| 52 .Build(); | |
| 53 scoped_refptr<Extension> ext = | |
| 54 ExtensionBuilder().SetManifest(manifest.Pass()) | |
| 55 .SetID(whitelisted_id) | |
| 56 .Build(); | |
| 57 extensions.Insert(ext); | |
| 58 std::set<std::string> whitelist; | |
| 59 std::string url = | |
| 60 std::string("chrome-extension://") + whitelisted_id + | |
| 61 std::string("/manifest.nmf"); | |
| 62 std::string bad_scheme_url = | |
| 63 std::string("http://") + whitelisted_id + std::string("/manifest.nmf"); | |
| 64 std::string bad_host_url = | |
| 65 std::string("chrome-extension://") + id_util::GenerateId("bad_host"); | |
| 66 std::string("/manifest.nmf"); | |
| 67 | |
| 68 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(url), | |
| 69 &extensions, | |
| 70 whitelist)); | |
| 71 whitelist.insert(whitelisted_id); | |
| 72 EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(url), | |
| 73 &extensions, | |
| 74 whitelist)); | |
| 75 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_scheme_url), | |
| 76 &extensions, | |
| 77 whitelist)); | |
| 78 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_host_url), | |
| 79 &extensions, | |
| 80 whitelist)); | |
| 81 } | |
| 82 | |
| 83 TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) { | |
| 84 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); | |
| 85 ExtensionSet extensions; | |
| 86 std::string whitelisted_id = id_util::GenerateId("extension_id"); | |
| 87 std::string bad_id = id_util::GenerateId("bad_id"); | |
| 88 | |
| 89 scoped_ptr<base::DictionaryValue> shared_module_manifest = | |
| 90 DictionaryBuilder() | |
| 91 .Set("name", "Whitelisted Shared Module") | |
| 92 .Set("version", "1.0") | |
| 93 .Set("manifest_version", 2) | |
| 94 .Set("export", | |
| 95 DictionaryBuilder().Set("resources", | |
| 96 ListBuilder().Append("*")) | |
| 97 // Add the extension to the whitelist. This | |
| 98 // restricts import to |whitelisted_id| only. | |
| 99 .Set("whitelist", | |
| 100 ListBuilder().Append(whitelisted_id))) | |
| 101 .Build(); | |
| 102 scoped_refptr<Extension> shared_module = | |
| 103 ExtensionBuilder().SetManifest(shared_module_manifest.Pass()) | |
| 104 .Build(); | |
| 105 | |
| 106 scoped_refptr<Extension> ext = | |
| 107 CreateExtensionImportingModule(shared_module->id(), whitelisted_id); | |
| 108 std::string extension_url = | |
| 109 std::string("chrome-extension://") + ext->id() + std::string("/foo.html"); | |
| 110 | |
| 111 std::set<std::string> whitelist; | |
| 112 // Important: whitelist *only* the shared module. | |
| 113 whitelist.insert(shared_module->id()); | |
| 114 | |
| 115 extensions.Insert(ext); | |
| 116 // This should fail because shared_module is not in the set of extensions. | |
| 117 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), | |
| 118 &extensions, | |
| 119 whitelist)); | |
| 120 extensions.Insert(shared_module); | |
| 121 EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), | |
| 122 &extensions, | |
| 123 whitelist)); | |
| 124 whitelist.erase(shared_module->id()); | |
| 125 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), | |
| 126 &extensions, | |
| 127 whitelist)); | |
| 128 | |
|
jln (very slow on Chromium)
2014/05/09 00:39:05
You need to re-add shared_module for the next test
elijahtaylor1
2014/05/09 00:43:43
yes you're right, I will add the erase and added e
| |
| 129 scoped_refptr<Extension> bad_ext = | |
| 130 CreateExtensionImportingModule(shared_module->id(), bad_id); | |
| 131 std::string bad_extension_url = | |
| 132 std::string("chrome-extension://") + bad_ext->id() + | |
| 133 std::string("/foo.html"); | |
| 134 | |
| 135 extensions.Insert(bad_ext); | |
| 136 // This should fail because bad_ext is not whitelisted to use shared_module. | |
| 137 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_extension_url), | |
| 138 &extensions, | |
| 139 whitelist)); | |
| 140 | |
| 141 } | |
| 142 | |
| 143 } // namespace extensions | |
| 144 | |
| OLD | NEW |
