chromeos: Check both original and absolute paths for file: scheme

net/url_request/url_request_unittest.cc

Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 2d158a0492764e8196d54bd59c0bd6f0be81e459..8ce7d85fe404537b52b7bca3f672b1880cedb36f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -835,6 +835,48 @@ class URLRequestTest : public PlatformTest {
   TestURLRequestContext default_context_;
 };
 
+// This NetworkDelegate is picky about what files are accessible. Only
+// whitelisted files are allowed.
+class CookieBlockingNetworkDelegate : public TestNetworkDelegate {
+ public:
+  CookieBlockingNetworkDelegate(){};
+
+  // Adds |directory| to the access white list.
+  void AddToWhitelist(const base::FilePath& directory) {
+    // TODO(satorux): Remove this. This is for debugging test failures on
+    // Windows bots.
+    LOG(ERROR) << "@@ AddToWhitelist: " << directory.value();

[satorux1, 2017/05/19 07:41:56]

will remove these failures on win bots are addressed.

[satorux1, 2017/05/19 13:11:41]

here's we got: 

[ RUN      ] URLRequestTest.AllowFileURLs
[6084:5248:0519/004647.095:13434494:ERROR:url_request_unittest.cc(848)] @@
AddToWhitelist: C:\Users\CHROME~2\AppData\Local\Temp\scoped_dir6084_22204
[6084:5248:0519/004647.095:13434494:ERROR:url_request_unittest.cc(868)] @@
original_path:
C:\Users\chrome-bot\AppData\Local\Temp\scoped_dir6084_22204\3b93f3d8-e7a5-4c62-a7da-2e9b0895dd17.tmp
[6084:5248:0519/004647.095:13434494:ERROR:url_request_unittest.cc(869)] @@
absolute_path:
C:\Users\chrome-bot\AppData\Local\Temp\scoped_dir6084_22204\3b93f3d8-e7a5-4c62-a7da-2e9b0895dd17.tmp
e:\b\c\b\win\src\net\url_request\url_request_unittest.cc(1146): error: Value of:
d.request_failed()
  Actual: true
Expected: false
e:\b\c\b\win\src\net\url_request\url_request_unittest.cc(1147): error:      
Expected: test_data
      Which is: "monkey"
To be equal to: d.data_received()
      Which is: ""
[6084:5248:0519/004647.096:13434494:ERROR:url_request_unittest.cc(868)] @@
original_path:
C:\Users\chrome-bot\AppData\Local\Temp\scoped_dir6084_22204\3b93f3d8-e7a5-4c62-a7da-2e9b0895dd17.tmp
[6084:5248:0519/004647.096:13434494:ERROR:url_request_unittest.cc(869)] @@
absolute_path:
C:\Users\chrome-bot\AppData\Local\Temp\scoped_dir6084_22204\3b93f3d8-e7a5-4c62-a7da-2e9b0895dd17.tmp
[  FAILED  ] URLRequestTest.AllowFileURLs (2 ms)
[5420/18265] URLRequestTest.AllowFileURLs (2 ms)


"CHROME~2" and "chrome-bot" do not match hence the test is failing...  I'll have
a closer look next week.

+    whitelist_.insert(directory);
+  }
+
+  // Returns true if |path| matches the white list.
+  bool OnCanAccessFileInternal(const base::FilePath& path) const {
+    for (const auto& directory : whitelist_) {
+      if (directory == path || directory.IsParent(path))
+        return true;
+    }
+    return false;
+  }
+
+  // Returns true only if both |original_path| and |absolute_path| match the
+  // white list.
+  bool OnCanAccessFile(const URLRequest& request,
+                       const base::FilePath& original_path,
+                       const base::FilePath& absolute_path) const override {
+    // TODO(satorux): Remove this. This is for debugging test failures on
+    // Windows bots.
+    LOG(ERROR) << "@@ original_path: " << original_path.value();
+    LOG(ERROR) << "@@ absolute_path: " << absolute_path.value();
+    return (OnCanAccessFileInternal(original_path) &&
+            OnCanAccessFileInternal(absolute_path));
+  }
+
+ private:
+  std::set<base::FilePath> whitelist_;
+
+  DISALLOW_COPY_AND_ASSIGN(CookieBlockingNetworkDelegate);
+};
+
 TEST_F(URLRequestTest, AboutBlankTest) {
   TestDelegate d;
   {
@@ -1083,39 +1125,171 @@ TEST_F(URLRequestTest, FileTestMultipleRanges) {
 TEST_F(URLRequestTest, AllowFileURLs) {
   base::ScopedTempDir temp_dir;
   ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
+  // Get an absolute path since the path can contain a symbolic link.
+  base::FilePath absolute_temp_dir =
+      base::MakeAbsoluteFilePath(temp_dir.GetPath());
   base::FilePath test_file;
-  ASSERT_TRUE(base::CreateTemporaryFileInDir(temp_dir.GetPath(), &test_file));
+  ASSERT_TRUE(base::CreateTemporaryFileInDir(absolute_temp_dir, &test_file));
   std::string test_data("monkey");
   base::WriteFile(test_file, test_data.data(), test_data.size());
   GURL test_file_url = FilePathToFileURL(test_file);
-
   {
     TestDelegate d;
-    TestNetworkDelegate network_delegate;
-    network_delegate.set_can_access_files(true);
+    CookieBlockingNetworkDelegate network_delegate;
+    network_delegate.AddToWhitelist(absolute_temp_dir);
     default_context_.set_network_delegate(&network_delegate);
     std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_file_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
     r->Start();
     base::RunLoop().Run();
+    // This should be allowed as the file path is white listed.
     EXPECT_FALSE(d.request_failed());
     EXPECT_EQ(test_data, d.data_received());
   }
 
   {
     TestDelegate d;
-    TestNetworkDelegate network_delegate;
-    network_delegate.set_can_access_files(false);
+    CookieBlockingNetworkDelegate network_delegate;
     default_context_.set_network_delegate(&network_delegate);
     std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         test_file_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
     r->Start();
     base::RunLoop().Run();
+    // This should be rejected as the file path is not white listed.
+    EXPECT_TRUE(d.request_failed());
+    EXPECT_EQ("", d.data_received());
+    EXPECT_EQ(ERR_ACCESS_DENIED, d.request_status());
+  }
+}
+
+#if defined(OS_POSIX)  // Bacause of symbolic links.
+
+TEST_F(URLRequestTest, SymlinksToFiles) {
+  base::ScopedTempDir temp_dir;
+  ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
+  // Get an absolute path since the path can contain a symbolic link.
+  base::FilePath absolute_temp_dir =
+      base::MakeAbsoluteFilePath(temp_dir.GetPath());
+
+  // Create a good directory (will be white listed) and a good file.
+  base::FilePath good_dir = absolute_temp_dir.AppendASCII("good");
+  ASSERT_TRUE(base::CreateDirectory(good_dir));
+  base::FilePath good_file;
+  ASSERT_TRUE(base::CreateTemporaryFileInDir(good_dir, &good_file));
+  std::string good_data("good");
+  base::WriteFile(good_file, good_data.data(), good_data.size());
+
+  // Create a bad directory (will not be white listed) and a bad file.
+  base::FilePath bad_dir = absolute_temp_dir.AppendASCII("bad");
+  ASSERT_TRUE(base::CreateDirectory(bad_dir));
+  base::FilePath bad_file;
+  ASSERT_TRUE(base::CreateTemporaryFileInDir(bad_dir, &bad_file));
+  std::string bad_data("bad");
+  base::WriteFile(bad_file, bad_data.data(), bad_data.size());
+
+  // This symlink will point to the good file. Access to the symlink will be
+  // allowed as both the symlink and the destination file are in the same
+  // good directory.
+  base::FilePath good_symlink = good_dir.AppendASCII("good_symlink");
+  ASSERT_TRUE(base::CreateSymbolicLink(good_file, good_symlink));
+  GURL good_file_url = FilePathToFileURL(good_symlink);
+  // This symlink will point to the bad file. Even though the symlink is in
+  // the good directory, access to the symlink will be rejected since it
+  // points to the bad file.
+  base::FilePath bad_symlink = good_dir.AppendASCII("bad_symlink");
+  ASSERT_TRUE(base::CreateSymbolicLink(bad_file, bad_symlink));
+  GURL bad_file_url = FilePathToFileURL(bad_symlink);
+
+  {
+    TestDelegate d;
+    CookieBlockingNetworkDelegate network_delegate;
+    network_delegate.AddToWhitelist(good_dir);
+    default_context_.set_network_delegate(&network_delegate);
+    std::unique_ptr<URLRequest> r(
+        default_context_.CreateRequest(good_file_url, DEFAULT_PRIORITY, &d));
+    r->Start();
+    base::RunLoop().Run();
+    // good_file_url should be allowed.
+    EXPECT_FALSE(d.request_failed());
+    EXPECT_EQ(good_data, d.data_received());
+  }
+
+  {
+    TestDelegate d;
+    CookieBlockingNetworkDelegate network_delegate;
+    network_delegate.AddToWhitelist(good_dir);
+    default_context_.set_network_delegate(&network_delegate);
+    std::unique_ptr<URLRequest> r(
+        default_context_.CreateRequest(bad_file_url, DEFAULT_PRIORITY, &d));
+    r->Start();
+    base::RunLoop().Run();
+    // bad_file_url should be rejected.
+    EXPECT_TRUE(d.request_failed());
+    EXPECT_EQ("", d.data_received());
+    EXPECT_EQ(ERR_ACCESS_DENIED, d.request_status());
+  }
+}
+
+TEST_F(URLRequestTest, SymlinksToDirs) {
+  // The temporary dir will be added to the whitelist.
+  base::ScopedTempDir temp_dir;
+  ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
+  // Get an absolute path since the path can contain a symbolic link.
+  base::FilePath absolute_temp_dir =
+      base::MakeAbsoluteFilePath(temp_dir.GetPath());
+
+  // Create a good directory (will be white listed).
+  base::FilePath good_dir = absolute_temp_dir.AppendASCII("good");
+  ASSERT_TRUE(base::CreateDirectory(good_dir));
+
+  // Create a bad directory (will not be white listed).
+  base::FilePath bad_dir = absolute_temp_dir.AppendASCII("bad");
+  ASSERT_TRUE(base::CreateDirectory(bad_dir));
+
+  // This symlink will point to the good directory. Access to the symlink
+  // will be allowed as the symlink is in the good dir that'll be white
+  // listed.
+  base::FilePath good_symlink = good_dir.AppendASCII("good_symlink");
+  ASSERT_TRUE(base::CreateSymbolicLink(good_dir, good_symlink));
+  GURL good_file_url = FilePathToFileURL(good_symlink);
+  // This symlink will point to the bad directory. Even though the symlink is
+  // in the good directory, access to the symlink will be rejected since it
+  // points to the bad directory.
+  base::FilePath bad_symlink = good_dir.AppendASCII("bad_symlink");
+  ASSERT_TRUE(base::CreateSymbolicLink(bad_dir, bad_symlink));
+  GURL bad_file_url = FilePathToFileURL(bad_symlink);
+
+  {
+    TestDelegate d;
+    CookieBlockingNetworkDelegate network_delegate;
+    network_delegate.AddToWhitelist(good_dir);
+    default_context_.set_network_delegate(&network_delegate);
+    std::unique_ptr<URLRequest> r(
+        default_context_.CreateRequest(good_file_url, DEFAULT_PRIORITY, &d));
+    r->Start();
+    base::RunLoop().Run();
+    // good_file_url should be allowed.
+    EXPECT_FALSE(d.request_failed());
+    ASSERT_NE(d.data_received().find("good_symlink"), std::string::npos);
+  }
+
+  {
+    TestDelegate d;
+    CookieBlockingNetworkDelegate network_delegate;
+    network_delegate.AddToWhitelist(good_dir);
+    default_context_.set_network_delegate(&network_delegate);
+    std::unique_ptr<URLRequest> r(
+        default_context_.CreateRequest(bad_file_url, DEFAULT_PRIORITY, &d));
+    r->Start();
+    base::RunLoop().Run();
+    // bad_file_url should be rejected.
     EXPECT_TRUE(d.request_failed());
     EXPECT_EQ("", d.data_received());
+    EXPECT_EQ(ERR_ACCESS_DENIED, d.request_status());
   }
 }
 
+#endif  // defined(OS_POSIX)
 
 TEST_F(URLRequestTest, FileDirCancelTest) {
   // Put in mock resource provider.
@@ -1167,9 +1341,8 @@ TEST_F(URLRequestTest, FileDirOutputSanity) {
   EXPECT_GT(info.size, 0);
   std::string sentinel_output = GetDirectoryListingEntry(
       base::string16(sentinel_name, sentinel_name + strlen(sentinel_name)),
-      std::string(sentinel_name),
-      false /* is_dir */,
-      info.size,
+      std::string(sentinel_name), false /* is_dir */, info.size,
+
       info.last_modified);
 
   ASSERT_LT(0, d.bytes_received());