OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "base/strings/utf_string_conversions.h" | 7 #include "base/strings/utf_string_conversions.h" |
8 #include "base/test/histogram_tester.h" | 8 #include "base/test/histogram_tester.h" |
9 #include "chrome/browser/ui/browser.h" | 9 #include "chrome/browser/ui/browser.h" |
10 #include "chrome/browser/ui/browser_commands.h" | 10 #include "chrome/browser/ui/browser_commands.h" |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 std::string status; | 65 std::string status; |
66 std::string expected_status("0"); | 66 std::string expected_status("0"); |
67 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); | 67 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); |
68 EXPECT_STREQ(status.c_str(), expected_status.c_str()); | 68 EXPECT_STREQ(status.c_str(), expected_status.c_str()); |
69 } | 69 } |
70 | 70 |
71 // Extension isolation prevents a normal renderer process from being able to | 71 // Extension isolation prevents a normal renderer process from being able to |
72 // create a "blob:chrome-extension://" resource. | 72 // create a "blob:chrome-extension://" resource. |
73 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, | 73 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, |
74 CreateBlobInExtensionOrigin) { | 74 CreateBlobInExtensionOrigin) { |
75 // This test relies on extensions documents running in extension processes, | |
76 // which is guaranteed with --isolate-extensions. Without it, the checks are | |
77 // not enforced and this test will time out waiting for the process to be | |
78 // killed. | |
79 if (!extensions::IsIsolateExtensionsEnabled()) | |
80 return; | |
81 | |
82 ui_test_utils::NavigateToURL( | 75 ui_test_utils::NavigateToURL( |
83 browser(), | 76 browser(), |
84 embedded_test_server()->GetURL("a.root-servers.net", "/title1.html")); | 77 embedded_test_server()->GetURL("a.root-servers.net", "/title1.html")); |
85 | 78 |
86 content::RenderFrameHost* rfh = | 79 content::RenderFrameHost* rfh = |
87 browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); | 80 browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); |
88 | 81 |
89 // All these are attacker controlled values. The UUID is arbitrary. | 82 // All these are attacker controlled values. The UUID is arbitrary. |
90 std::string blob_id = "2ce53a26-0409-45a3-86e5-f8fb9f5566d8"; | 83 std::string blob_id = "2ce53a26-0409-45a3-86e5-f8fb9f5566d8"; |
91 std::string blob_type = "text/html"; | 84 std::string blob_type = "text/html"; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 | 167 |
175 // Now navigate to |target_url| in a new tab. It should not contain |payload|. | 168 // Now navigate to |target_url| in a new tab. It should not contain |payload|. |
176 AddTabAtIndex(0, target_url, ui::PAGE_TRANSITION_TYPED); | 169 AddTabAtIndex(0, target_url, ui::PAGE_TRANSITION_TYPED); |
177 content::WaitForLoadStop(browser()->tab_strip_model()->GetWebContentsAt(0)); | 170 content::WaitForLoadStop(browser()->tab_strip_model()->GetWebContentsAt(0)); |
178 rfh = browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); | 171 rfh = browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame(); |
179 EXPECT_EQ(GURL(target_origin), rfh->GetSiteInstance()->GetSiteURL()); | 172 EXPECT_EQ(GURL(target_origin), rfh->GetSiteInstance()->GetSiteURL()); |
180 std::string body; | 173 std::string body; |
181 EXPECT_TRUE(content::ExecuteScriptAndExtractString( | 174 EXPECT_TRUE(content::ExecuteScriptAndExtractString( |
182 rfh, "window.domAutomationController.send(document.body.innerText);", | 175 rfh, "window.domAutomationController.send(document.body.innerText);", |
183 &body)); | 176 &body)); |
184 if (extensions::IsIsolateExtensionsEnabled()) { | 177 EXPECT_EQ( |
185 EXPECT_EQ( | 178 "\nYour file was not found\n\n" |
186 "\nYour file was not found\n\n" | 179 "It may have been moved or deleted.\n" |
187 "It may have been moved or deleted.\n" | 180 "ERR_FILE_NOT_FOUND\n", |
188 "ERR_FILE_NOT_FOUND\n", | 181 body); |
189 body); | |
190 } else { | |
191 // Without --isolate-extensions, the above steps must succeed, since | |
192 // unblessed extension frames are allowed in ordinary renderer processes. | |
193 EXPECT_EQ("pwned.", body); | |
194 } | |
195 } | 182 } |
OLD | NEW |