| Index: chrome/common/pepper_permission_util_unittest.cc
|
| diff --git a/chrome/common/pepper_permission_util_unittest.cc b/chrome/common/pepper_permission_util_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..37104e2110e38d024ead92cd1aedfaeb16b5e22b
|
| --- /dev/null
|
| +++ b/chrome/common/pepper_permission_util_unittest.cc
|
| @@ -0,0 +1,134 @@
|
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/common/pepper_permission_util.h"
|
| +
|
| +#include <set>
|
| +#include <string>
|
| +
|
| +#include "extensions/common/extension_builder.h"
|
| +#include "extensions/common/extension_set.h"
|
| +#include "extensions/common/id_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +using chrome::IsExtensionOrSharedModuleWhitelisted;
|
| +
|
| +namespace extensions {
|
| +
|
| +namespace {
|
| +
|
| +// Return an extension with |id| which imports a module with the given
|
| +// |import_id|.
|
| +scoped_refptr<Extension> CreateExtensionImportingModule(
|
| + const std::string& import_id, const std::string& id) {
|
| + scoped_ptr<base::DictionaryValue> manifest =
|
| + DictionaryBuilder()
|
| + .Set("name", "Has Dependent Modules")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Set("import",
|
| + ListBuilder().Append(DictionaryBuilder().Set("id", import_id)))
|
| + .Build();
|
| +
|
| + return ExtensionBuilder().SetManifest(manifest.Pass())
|
| + .AddFlags(Extension::FROM_WEBSTORE)
|
| + .SetID(id)
|
| + .Build();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +
|
| +TEST(PepperPermissionUtilTest, ExtensionWhitelisting) {
|
| + ExtensionSet extensions;
|
| + std::string id = id_util::GenerateId("whitelisted_extension");
|
| + scoped_ptr<base::DictionaryValue> manifest =
|
| + DictionaryBuilder().Set("name", "Whitelisted Extension")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Build();
|
| + scoped_refptr<Extension> ext =
|
| + ExtensionBuilder().SetManifest(manifest.Pass())
|
| + .SetID(id)
|
| + .Build();
|
| + extensions.Insert(ext);
|
| + std::set<std::string> whitelist;
|
| + std::string url =
|
| + std::string("chrome-extension://") + id + std::string("/manifest.nmf");
|
| + std::string bad_scheme_url =
|
| + std::string("http://") + id + std::string("/manifest.nmf");
|
| + std::string bad_host_url =
|
| + std::string("chrome-extension://") + id_util::GenerateId("bad_host");
|
| + std::string("/manifest.nmf");
|
| +
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(url),
|
| + &extensions,
|
| + whitelist));
|
| + whitelist.insert(id);
|
| + EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(url),
|
| + &extensions,
|
| + whitelist));
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_scheme_url),
|
| + &extensions,
|
| + whitelist));
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_host_url),
|
| + &extensions,
|
| + whitelist));
|
| +}
|
| +
|
| +TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) {
|
| + ExtensionSet extensions;
|
| + std::string id = id_util::GenerateId("extension_id");
|
| + std::string bad_id = id_util::GenerateId("bad_id");
|
| +
|
| + scoped_ptr<base::DictionaryValue> shared_module_manifest =
|
| + DictionaryBuilder()
|
| + .Set("name", "Whitelisted Shared Module")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Set("export",
|
| + DictionaryBuilder().Set("resources",
|
| + ListBuilder().Append("*"))
|
| + .Set("whitelist",
|
| + ListBuilder().Append(id)))
|
| + .Build();
|
| + scoped_refptr<Extension> shared_module =
|
| + ExtensionBuilder().SetManifest(shared_module_manifest.Pass())
|
| + .Build();
|
| +
|
| + scoped_refptr<Extension> ext =
|
| + CreateExtensionImportingModule(shared_module->id(), id);
|
| + std::string extension_url =
|
| + std::string("chrome-extension://") + ext->id() + std::string("/foo.html");
|
| +
|
| + std::set<std::string> whitelist;
|
| + // Important: whitelist *only* the shared module.
|
| + whitelist.insert(shared_module->id());
|
| +
|
| + extensions.Insert(ext);
|
| + // This should fail because shared_module is not in the set of extensions.
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url),
|
| + &extensions,
|
| + whitelist));
|
| + extensions.Insert(shared_module);
|
| + EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url),
|
| + &extensions,
|
| + whitelist));
|
| +
|
| + scoped_refptr<Extension> bad_ext =
|
| + CreateExtensionImportingModule(shared_module->id(), bad_id);
|
| + std::string bad_extension_url =
|
| + std::string("chrome-extension://") + bad_ext->id() +
|
| + std::string("/foo.html");
|
| +
|
| + extensions.Insert(bad_ext);
|
| + // This should fail because bad_ext is not whitelisted to use shared_module.
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_extension_url),
|
| + &extensions,
|
| + whitelist));
|
| +
|
| +}
|
| +
|
| +} // namespace extensions
|
| +
|
|
|
Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src