Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(482)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chrome_security_exploit_browsertest.cc

Issue 2924383003: [MD Bookmarks] Enable by default. (Closed)
Patch Set: address comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/component_loader_unittest.cc » ('j') | chrome/browser/tab_contents/view_source_browsertest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chrome_security_exploit_browsertest.cc
diff --git a/chrome/browser/chrome_security_exploit_browsertest.cc b/chrome/browser/chrome_security_exploit_browsertest.cc
index 789dba1b575e17ae587b8ff135e8d914984c78cf..59fd27e88977365e86f769dafd2f8803b5957130 100644
--- a/chrome/browser/chrome_security_exploit_browsertest.cc
+++ b/chrome/browser/chrome_security_exploit_browsertest.cc
@@ -6,11 +6,11 @@
#include "base/macros.h"
#include "base/strings/utf_string_conversions.h"
#include "base/test/histogram_tester.h"
+#include "chrome/browser/extensions/extension_browsertest.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/browser_commands.h"
#include "chrome/browser/ui/singleton_tabs.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
-#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/ui_test_utils.h"
#include "content/public/browser/notification_observer.h"
#include "content/public/browser/notification_service.h"
@@ -30,23 +30,32 @@
// perform any dangerous operations in such cases.
// This is similar to the security_exploit_browsertest.cc tests, but also
// includes chrome/ layer concepts such as extensions.
-class ChromeSecurityExploitBrowserTest : public InProcessBrowserTest {
+class ChromeSecurityExploitBrowserTest : public ExtensionBrowserTest {
public:
ChromeSecurityExploitBrowserTest() {}
~ChromeSecurityExploitBrowserTest() override {}
void SetUpOnMainThread() override {
+ ExtensionBrowserTest::SetUpOnMainThread();
+
ASSERT_TRUE(embedded_test_server()->Start());
host_resolver()->AddRule("*", "127.0.0.1");
+
+ extension_ = LoadExtension(test_data_dir_.AppendASCII("options_page"));
}
void SetUpCommandLine(base::CommandLine* command_line) override {
+ ExtensionBrowserTest::SetUpCommandLine(command_line);
// Since we assume exploited renderer process, it can bypass the same origin
// policy at will. Simulate that by passing the disable-web-security flag.
command_line->AppendSwitch(switches::kDisableWebSecurity);
}
+ const extensions::Extension* extension() { return extension_; }
+
private:
+ const extensions::Extension* extension_;
+
DISALLOW_COPY_AND_ASSIGN(ChromeSecurityExploitBrowserTest);
};
@@ -84,9 +93,8 @@ IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest,
std::string blob_contents = "<script>chrome.extensions</script>";
std::string blob_path = "5881f76e-10d2-410d-8c61-ef210502acfd";
- // Target the bookmark manager extension.
- std::string target_origin =
- "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno";
+ // Target the an extension.
alexmos 2017/06/20 20:26:02 nit: s/the an/an/
calamity 2017/06/21 08:37:49 Done.
+ std::string target_origin = "chrome-extension://" + extension()->id();
// Set up a blob ID and populate it with attacker-controlled value. This
// message is allowed, because this data is not in any origin.
@@ -133,9 +141,8 @@ IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest,
std::string payload = "<html><body>pwned.</body></html>";
std::string payload_type = "text/html";
- // Target the bookmark manager extension.
- std::string target_origin =
- "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/";
+ // Target the an extension.
alexmos 2017/06/20 20:26:02 ditto
calamity 2017/06/21 08:37:49 Done.
+ std::string target_origin = "chrome-extension://" + extension()->id();
// Set up a blob ID and populate it with the attacker-controlled payload.
// This is allowed, because this data is not in any origin;
@@ -154,7 +161,7 @@ IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest,
// storage::kFileSystemTypeTemporary));
GURL target_url =
- GURL("filesystem:" + target_origin + "temporary/exploit.html");
+ GURL("filesystem:" + target_origin + "/temporary/exploit.html");
content::PwnMessageHelper::FileSystemCreate(rfh->GetProcess(), 23, target_url,
false, false, false);
« no previous file with comments | « no previous file | chrome/browser/extensions/component_loader_unittest.cc » ('j') | chrome/browser/tab_contents/view_source_browsertest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698