chrome/browser/password_manager/credential_manager_browsertest.cc - Issue 2947413002: Restrict CM API interface request and message dispatch.

Unified Diff: chrome/browser/password_manager/credential_manager_browsertest.cc

Issue 2947413002: Restrict CM API interface request and message dispatch. (Closed)

Patch Set: With fix. Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« chrome/browser/password_manager/chrome_password_manager_client.cc ('K') | « chrome/browser/password_manager/chrome_password_manager_client.cc ('k') | components/password_manager/content/browser/credential_manager_impl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/password_manager/credential_manager_browsertest.cc

diff --git a/chrome/browser/password_manager/credential_manager_browsertest.cc b/chrome/browser/password_manager/credential_manager_browsertest.cc

index f33470ed1a9c5dbc5b503a20f16e33f01cda07bc..eb29dfa152502bce0c0e23358c84da163c75f71c 100644

--- a/chrome/browser/password_manager/credential_manager_browsertest.cc

+++ b/chrome/browser/password_manager/credential_manager_browsertest.cc

@@ -245,6 +245,50 @@ IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest,

EXPECT_FALSE(prompt_observer.IsShowingSavePrompt());

}

+// Regression test for https://crbug.com/736357.

+IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest, StoreRace) {

+ GURL example_url =

+ https_test_server().GetURL("www.example.com", "/password/other.html");

+ GURL evil_url =

+ https_test_server().GetURL("www.evil.com", "/password/other.html");

+ // Got to `www.example.com` and start spamming credentials.store().

+ ui_test_utils::NavigateToURL(browser(), example_url);

+ ASSERT_TRUE(content::ExecuteScript(

+ RenderViewHost(),

+ "window.setTimeout(() => {"

+ " for(;;) {"

+ " var c = new PasswordCredential({ id: 'user', password: 'hunter2' });"

+ " navigator.credentials.store(c);"

+ " }"

+ "}, 0);"));

+ // Navigate cross-domain to `www.evil.com`.

+ ui_test_utils::NavigateToURL(browser(), evil_url);

+ WaitForPasswordStore();

vasilii 2017/06/23 18:58:28 It's excessive.

engedy 2017/06/28 16:26:58 Reworked tests, N/A anymore.

+ // The Mojo pipe where the flood is coming from should be cut when the

+ // cross-origin navigation is committed, so that the last credetials.store()

+ // request process is still associated with `example.com`.

+ BubbleObserver prompt_observer(WebContents());

+ prompt_observer.WaitForSavePrompt();

+ ASSERT_TRUE(prompt_observer.IsShowingSavePrompt());

+ prompt_observer.AcceptSavePrompt();

+ WaitForPasswordStore();

+ password_manager::TestPasswordStore::PasswordMap stored =

+ static_cast<password_manager::TestPasswordStore*>(

+ PasswordStoreFactory::GetForProfile(

+ browser()->profile(), ServiceAccessType::IMPLICIT_ACCESS)

+ .get())

+ ->stored_passwords();

+ ASSERT_EQ(1u, stored.size());

+ autofill::PasswordForm signin_form = stored.begin()->second[0];

+ EXPECT_EQ(base::ASCIIToUTF16("user"), signin_form.username_value);

+ EXPECT_EQ(base::ASCIIToUTF16("hunter2"), signin_form.password_value);

+ EXPECT_EQ(example_url.host(), signin_form.origin.host());

vasilii 2017/06/23 18:58:28 Do I understand right that this condition is flaky

engedy 2017/06/28 16:26:58 Reworked tests -- they are not flaky anymore in an

IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest, SaveViaAPIAndAutofill) {

NavigateToFile("/password/password_form.html");