| Index: chrome/common/pepper_permission_util_unittest.cc
|
| diff --git a/chrome/common/pepper_permission_util_unittest.cc b/chrome/common/pepper_permission_util_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..42fb2cf7287617a4a13d87388119803b2905c794
|
| --- /dev/null
|
| +++ b/chrome/common/pepper_permission_util_unittest.cc
|
| @@ -0,0 +1,134 @@
|
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/common/pepper_permission_util.h"
|
| +
|
| +#include <set>
|
| +#include <string>
|
| +
|
| +#include "chrome/common/extensions/features/feature_channel.h"
|
| +#include "extensions/common/extension_builder.h"
|
| +#include "extensions/common/extension_set.h"
|
| +#include "extensions/common/id_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +using chrome::IsExtensionOrSharedModuleWhitelisted;
|
| +
|
| +namespace extensions {
|
| +
|
| +namespace {
|
| +
|
| +// Return an extension with |id| which imports a module with the given
|
| +// |import_id|.
|
| +scoped_refptr<Extension> CreateExtensionImportingModule(
|
| + const std::string& import_id,
|
| + const std::string& id) {
|
| + scoped_ptr<base::DictionaryValue> manifest =
|
| + DictionaryBuilder()
|
| + .Set("name", "Has Dependent Modules")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Set("import",
|
| + ListBuilder().Append(DictionaryBuilder().Set("id", import_id)))
|
| + .Build();
|
| +
|
| + return ExtensionBuilder()
|
| + .SetManifest(manifest.Pass())
|
| + .AddFlags(Extension::FROM_WEBSTORE)
|
| + .SetID(id)
|
| + .Build();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +TEST(PepperPermissionUtilTest, ExtensionWhitelisting) {
|
| + ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);
|
| + ExtensionSet extensions;
|
| + std::string whitelisted_id = id_util::GenerateId("whitelisted_extension");
|
| + scoped_ptr<base::DictionaryValue> manifest =
|
| + DictionaryBuilder()
|
| + .Set("name", "Whitelisted Extension")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Build();
|
| + scoped_refptr<Extension> ext = ExtensionBuilder()
|
| + .SetManifest(manifest.Pass())
|
| + .SetID(whitelisted_id)
|
| + .Build();
|
| + extensions.Insert(ext);
|
| + std::set<std::string> whitelist;
|
| + std::string url = std::string("chrome-extension://") + whitelisted_id +
|
| + std::string("/manifest.nmf");
|
| + std::string bad_scheme_url =
|
| + std::string("http://") + whitelisted_id + std::string("/manifest.nmf");
|
| + std::string bad_host_url =
|
| + std::string("chrome-extension://") + id_util::GenerateId("bad_host");
|
| + std::string("/manifest.nmf");
|
| +
|
| + EXPECT_FALSE(
|
| + IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist));
|
| + whitelist.insert(whitelisted_id);
|
| + EXPECT_TRUE(
|
| + IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist));
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(bad_scheme_url), &extensions, whitelist));
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(bad_host_url), &extensions, whitelist));
|
| +}
|
| +
|
| +TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) {
|
| + ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN);
|
| + ExtensionSet extensions;
|
| + std::string whitelisted_id = id_util::GenerateId("extension_id");
|
| + std::string bad_id = id_util::GenerateId("bad_id");
|
| +
|
| + scoped_ptr<base::DictionaryValue> shared_module_manifest =
|
| + DictionaryBuilder()
|
| + .Set("name", "Whitelisted Shared Module")
|
| + .Set("version", "1.0")
|
| + .Set("manifest_version", 2)
|
| + .Set("export",
|
| + DictionaryBuilder()
|
| + .Set("resources", ListBuilder().Append("*"))
|
| + // Add the extension to the whitelist. This
|
| + // restricts import to |whitelisted_id| only.
|
| + .Set("whitelist", ListBuilder().Append(whitelisted_id)))
|
| + .Build();
|
| + scoped_refptr<Extension> shared_module =
|
| + ExtensionBuilder().SetManifest(shared_module_manifest.Pass()).Build();
|
| +
|
| + scoped_refptr<Extension> ext =
|
| + CreateExtensionImportingModule(shared_module->id(), whitelisted_id);
|
| + std::string extension_url =
|
| + std::string("chrome-extension://") + ext->id() + std::string("/foo.html");
|
| +
|
| + std::set<std::string> whitelist;
|
| + // Important: whitelist *only* the shared module.
|
| + whitelist.insert(shared_module->id());
|
| +
|
| + extensions.Insert(ext);
|
| + // This should fail because shared_module is not in the set of extensions.
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(extension_url), &extensions, whitelist));
|
| + extensions.Insert(shared_module);
|
| + EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(extension_url), &extensions, whitelist));
|
| + scoped_refptr<Extension> bad_ext =
|
| + CreateExtensionImportingModule(shared_module->id(), bad_id);
|
| + std::string bad_extension_url = std::string("chrome-extension://") +
|
| + bad_ext->id() + std::string("/foo.html");
|
| +
|
| + extensions.Insert(bad_ext);
|
| + // This should fail because bad_ext is not whitelisted to use shared_module.
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(bad_extension_url), &extensions, whitelist));
|
| +
|
| + // Note that the whitelist should be empty after this call, so tests checking
|
| + // for failure to import will fail because of this.
|
| + whitelist.erase(shared_module->id());
|
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
|
| + GURL(extension_url), &extensions, whitelist));
|
| +}
|
| +
|
| +} // namespace extensions
|
|
|
Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src