Chromium Code Reviews Chromium Code Reviews
Issue 264923011:
Add a whitelist check for nacl-nonsfi mode (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/common/pepper_permission_util_unittest.cc |
| diff --git a/chrome/common/pepper_permission_util_unittest.cc b/chrome/common/pepper_permission_util_unittest.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..562141492f619dcc3c102f782dbc12e94384162e |
| --- /dev/null |
| +++ b/chrome/common/pepper_permission_util_unittest.cc |
| @@ -0,0 +1,144 @@ |
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome/common/pepper_permission_util.h" |
| + |
| +#include <set> |
| +#include <string> |
| + |
| +#include "chrome/common/extensions/features/feature_channel.h" |
| +#include "extensions/common/extension_builder.h" |
| +#include "extensions/common/extension_set.h" |
| +#include "extensions/common/id_util.h" |
| +#include "testing/gtest/include/gtest/gtest.h" |
| + |
| +using chrome::IsExtensionOrSharedModuleWhitelisted; |
| + |
| +namespace extensions { |
| + |
| +namespace { |
| + |
| +// Return an extension with |id| which imports a module with the given |
| +// |import_id|. |
| +scoped_refptr<Extension> CreateExtensionImportingModule( |
| + const std::string& import_id, const std::string& id) { |
| + scoped_ptr<base::DictionaryValue> manifest = |
| + DictionaryBuilder() |
| + .Set("name", "Has Dependent Modules") |
| + .Set("version", "1.0") |
| + .Set("manifest_version", 2) |
| + .Set("import", |
| + ListBuilder().Append(DictionaryBuilder().Set("id", import_id))) |
| + .Build(); |
| + |
| + return ExtensionBuilder().SetManifest(manifest.Pass()) |
| + .AddFlags(Extension::FROM_WEBSTORE) |
| + .SetID(id) |
| + .Build(); |
| +} |
| + |
| +} // namespace |
| + |
| + |
| +TEST(PepperPermissionUtilTest, ExtensionWhitelisting) { |
| + ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); |
| + ExtensionSet extensions; |
| + std::string whitelisted_id = id_util::GenerateId("whitelisted_extension"); |
| + scoped_ptr<base::DictionaryValue> manifest = |
| + DictionaryBuilder().Set("name", "Whitelisted Extension") |
| + .Set("version", "1.0") |
| + .Set("manifest_version", 2) |
| + .Build(); |
| + scoped_refptr<Extension> ext = |
| + ExtensionBuilder().SetManifest(manifest.Pass()) |
| + .SetID(whitelisted_id) |
| + .Build(); |
| + extensions.Insert(ext); |
| + std::set<std::string> whitelist; |
| + std::string url = |
| + std::string("chrome-extension://") + whitelisted_id + |
| + std::string("/manifest.nmf"); |
| + std::string bad_scheme_url = |
| + std::string("http://") + whitelisted_id + std::string("/manifest.nmf"); |
| + std::string bad_host_url = |
| + std::string("chrome-extension://") + id_util::GenerateId("bad_host"); |
| + std::string("/manifest.nmf"); |
| + |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(url), |
| + &extensions, |
| + whitelist)); |
| + whitelist.insert(whitelisted_id); |
| + EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(url), |
| + &extensions, |
| + whitelist)); |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_scheme_url), |
| + &extensions, |
| + whitelist)); |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_host_url), |
| + &extensions, |
| + whitelist)); |
| +} |
| + |
| +TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) { |
| + ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); |
| + ExtensionSet extensions; |
| + std::string whitelisted_id = id_util::GenerateId("extension_id"); |
| + std::string bad_id = id_util::GenerateId("bad_id"); |
| + |
| + scoped_ptr<base::DictionaryValue> shared_module_manifest = |
| + DictionaryBuilder() |
| + .Set("name", "Whitelisted Shared Module") |
| + .Set("version", "1.0") |
| + .Set("manifest_version", 2) |
| + .Set("export", |
| + DictionaryBuilder().Set("resources", |
| + ListBuilder().Append("*")) |
| + // Add the extension to the whitelist. This |
| + // restricts import to |whitelisted_id| only. |
| + .Set("whitelist", |
| + ListBuilder().Append(whitelisted_id))) |
| + .Build(); |
| + scoped_refptr<Extension> shared_module = |
| + ExtensionBuilder().SetManifest(shared_module_manifest.Pass()) |
| + .Build(); |
| + |
| + scoped_refptr<Extension> ext = |
| + CreateExtensionImportingModule(shared_module->id(), whitelisted_id); |
| + std::string extension_url = |
| + std::string("chrome-extension://") + ext->id() + std::string("/foo.html"); |
| + |
| + std::set<std::string> whitelist; |
| + // Important: whitelist *only* the shared module. |
| + whitelist.insert(shared_module->id()); |
| + |
| + extensions.Insert(ext); |
| + // This should fail because shared_module is not in the set of extensions. |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), |
| + &extensions, |
| + whitelist)); |
| + extensions.Insert(shared_module); |
| + EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), |
| + &extensions, |
| + whitelist)); |
| + whitelist.erase(shared_module->id()); |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(extension_url), |
| + &extensions, |
| + whitelist)); |
| + |
|
jln (very slow on Chromium)
2014/05/09 00:39:05
You need to re-add shared_module for the next test
elijahtaylor1
2014/05/09 00:43:43
yes you're right, I will add the erase and added e
|
| + scoped_refptr<Extension> bad_ext = |
| + CreateExtensionImportingModule(shared_module->id(), bad_id); |
| + std::string bad_extension_url = |
| + std::string("chrome-extension://") + bad_ext->id() + |
| + std::string("/foo.html"); |
| + |
| + extensions.Insert(bad_ext); |
| + // This should fail because bad_ext is not whitelisted to use shared_module. |
| + EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(GURL(bad_extension_url), |
| + &extensions, |
| + whitelist)); |
| + |
| +} |
| + |
| +} // namespace extensions |
| + |
