Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/common/permissions/permissions_data_unittest.cc

Issue 348313003: Create withheld permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Test fix Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« extensions/common/permissions/permissions_data.cc ('K') | « extensions/common/permissions/permissions_data.cc ('k') | extensions/common/url_pattern.h » ('j') | extensions/common/url_pattern.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/common/permissions/permissions_data_unittest.cc
diff --git a/extensions/common/permissions/permissions_data_unittest.cc b/extensions/common/permissions/permissions_data_unittest.cc
index 70cb8874f126d666b9aec870c3e74d62f27770a1..93d1fb7675d92850b1be2ad6b0ef27bc4f50bb7b 100644
--- a/extensions/common/permissions/permissions_data_unittest.cc
+++ b/extensions/common/permissions/permissions_data_unittest.cc
@@ -7,6 +7,7 @@
#include "base/command_line.h"
#include "base/memory/ref_counted.h"
#include "base/strings/string16.h"
+#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "chrome/common/chrome_version_info.h"
#include "chrome/common/extensions/extension_test_util.h"
@@ -15,6 +16,7 @@
#include "extensions/common/error_utils.h"
#include "extensions/common/extension.h"
#include "extensions/common/extension_builder.h"
+#include "extensions/common/feature_switch.h"
#include "extensions/common/id_util.h"
#include "extensions/common/manifest.h"
#include "extensions/common/manifest_constants.h"
@@ -74,19 +76,6 @@ scoped_refptr<const Extension> GetExtensionWithHostPermission(
.Build();
}
-bool RequiresActionForScriptExecution(const std::string& extension_id,
- const std::string& host_permissions,
- Manifest::Location location) {
- scoped_refptr<const Extension> extension =
- GetExtensionWithHostPermission(extension_id,
- host_permissions,
- location);
- return extension->permissions_data()->RequiresActionForScriptExecution(
- extension,
- -1, // Ignore tab id for these.
- GURL::EmptyGURL());
-}
-
// Checks that urls are properly restricted for the given extension.
void CheckRestrictedUrls(const Extension* extension,
bool block_chrome_urls) {
@@ -266,47 +255,6 @@ TEST(ExtensionPermissionsTest, SocketPermissions) {
"239.255.255.250", 1900));
}
-TEST(ExtensionPermissionsTest, RequiresActionForScriptExecution) {
- // Extensions with all_hosts should require action.
- EXPECT_TRUE(RequiresActionForScriptExecution(
- "all_hosts_permissions", kAllHostsPermission, Manifest::INTERNAL));
- // Extensions with nearly all hosts are treated the same way.
- EXPECT_TRUE(RequiresActionForScriptExecution(
- "pseudo_all_hosts_permissions", "*://*.com/*", Manifest::INTERNAL));
- // Extensions with explicit permissions shouldn't require action.
- EXPECT_FALSE(RequiresActionForScriptExecution(
- "explicit_permissions", "https://www.google.com/*", Manifest::INTERNAL));
- // Policy extensions are exempt...
- EXPECT_FALSE(RequiresActionForScriptExecution(
- "policy", kAllHostsPermission, Manifest::EXTERNAL_POLICY));
- // ... as are component extensions.
- EXPECT_FALSE(RequiresActionForScriptExecution(
- "component", kAllHostsPermission, Manifest::COMPONENT));
- // Throw in an external pref extension to make sure that it's not just working
- // for everything non-internal.
- EXPECT_TRUE(RequiresActionForScriptExecution(
- "external_pref", kAllHostsPermission, Manifest::EXTERNAL_PREF));
-
- // If we grant an extension tab permissions, then it should no longer require
- // action.
- scoped_refptr<const Extension> extension =
- GetExtensionWithHostPermission("all_hosts_permissions",
- kAllHostsPermission,
- Manifest::INTERNAL);
- URLPatternSet allowed_hosts;
- allowed_hosts.AddPattern(
- URLPattern(URLPattern::SCHEME_HTTPS, "https://www.google.com/*"));
- scoped_refptr<PermissionSet> tab_permissions(
- new PermissionSet(APIPermissionSet(),
- ManifestPermissionSet(),
- allowed_hosts,
- URLPatternSet()));
- extension->permissions_data()->UpdateTabSpecificPermissions(0,
- tab_permissions);
- EXPECT_FALSE(extension->permissions_data()->RequiresActionForScriptExecution(
- extension, 0, GURL("https://www.google.com/")));
-}
-
TEST(ExtensionPermissionsTest, IsRestrictedUrl) {
scoped_refptr<const Extension> extension =
GetExtensionWithHostPermission("normal_extension",
@@ -806,4 +754,191 @@ TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
}
+namespace {
+
+scoped_refptr<const Extension> CreateExtensionWithPermissions(
+ const std::set<URLPattern>& scriptable_hosts,
+ const std::set<URLPattern>& explicit_hosts,
+ Manifest::Location location) {
+ ListBuilder scriptable_host_list;
+ for (std::set<URLPattern>::const_iterator pattern = scriptable_hosts.begin();
+ pattern != scriptable_hosts.end();
+ ++pattern) {
+ scriptable_host_list.Append(pattern->GetAsString());
+ }
+
+ ListBuilder explicit_host_list;
+ for (std::set<URLPattern>::const_iterator pattern = explicit_hosts.begin();
+ pattern != explicit_hosts.end();
+ ++pattern) {
+ explicit_host_list.Append(pattern->GetAsString());
+ }
+
+ DictionaryBuilder script;
+ script.Set("matches", scriptable_host_list.Pass())
+ .Set("js", ListBuilder().Append("foo.js"));
+
+ return ExtensionBuilder()
+ .SetLocation(location)
+ .SetManifest(
+ DictionaryBuilder()
+ .Set("name", "extension")
+ .Set("description", "foo")
+ .Set("manifest_version", 2)
+ .Set("version", "0.1.2.3")
+ .Set("content_scripts", ListBuilder().Append(script.Pass()))
+ .Set("permissions", explicit_host_list.Pass()))
+ .Build();
+}
+
+testing::AssertionResult SetsAreEqual(const std::set<URLPattern>& set1,
+ const std::set<URLPattern>& set2) {
+ // Take the (set1 - set2) U (set2 - set1). This is then the set of all
+ // elements which are in either set1 or set2, but not both.
+ // If the sets are equal, this is none.
+ std::set<URLPattern> difference = base::STLSetUnion<std::set<URLPattern> >(
+ base::STLSetDifference<std::set<URLPattern> >(set1, set2),
+ base::STLSetDifference<std::set<URLPattern> >(set2, set1));
+
+ std::string error;
+ for (std::set<URLPattern>::const_iterator iter = difference.begin();
+ iter != difference.end();
+ ++iter) {
+ if (iter->GetAsString() == "chrome://favicon/*")
+ continue; // Grr... This is auto-added for extensions with <all_urls>
+ error = base::StringPrintf("%s\n%s contains %s and the other does not.",
+ error.c_str(),
+ (set1.count(*iter) ? "Set1" : "Set2"),
+ iter->GetAsString().c_str());
+ }
+
+ if (!error.empty())
+ return testing::AssertionFailure() << error;
+ return testing::AssertionSuccess();
+}
+
+} // namespace
+
+TEST(PermissionsDataWithheldPermissionsTest, WithholdAllHosts) {
+ // Permissions are only withheld with the appropriate switch turned on.
+ scoped_ptr<FeatureSwitch::ScopedOverride> switch_override(
+ new FeatureSwitch::ScopedOverride(
+ FeatureSwitch::scripts_require_action(),
+ FeatureSwitch::OVERRIDE_ENABLED));
+
+ URLPattern google(URLPattern::SCHEME_ALL, "http://www.google.com/*");
+ URLPattern sub_google(URLPattern::SCHEME_ALL, "http://*.google.com/*");
+ URLPattern all_http(URLPattern::SCHEME_ALL, "http://*/*");
+ URLPattern all_hosts(URLPattern::SCHEME_ALL, "<all_urls>");
+ URLPattern all_com(URLPattern::SCHEME_ALL, "http://*.com/*");
+
+ std::set<URLPattern> all_host_patterns;
+ std::set<URLPattern> safe_patterns;
+
+ all_host_patterns.insert(all_http);
+ all_host_patterns.insert(all_hosts);
+ all_host_patterns.insert(all_com);
+
+ safe_patterns.insert(google);
+ safe_patterns.insert(sub_google);
+
+ std::set<URLPattern> all_patterns = base::STLSetUnion<std::set<URLPattern> >(
+ all_host_patterns, safe_patterns);
+
+ scoped_refptr<const Extension> extension = CreateExtensionWithPermissions(
+ all_patterns, all_patterns, Manifest::INTERNAL);
+ const PermissionsData* permissions_data = extension->permissions_data();
+
+ // At first, the active permissions should have only the safe patterns and
+ // the withheld permissions should have only the all host patterns.
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->scriptable_hosts().patterns(),
+ safe_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->explicit_hosts().patterns(),
+ safe_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->withheld_permissions()->scriptable_hosts().patterns(),
+ all_host_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->withheld_permissions()->explicit_hosts().patterns(),
+ all_host_patterns));
+
+ // Then, we grant the withheld all-hosts permissions.
+ permissions_data->GrantWithheldAllHosts();
+ // Now, active permissions should have all patterns, and withheld permissions
+ // should have none.
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->scriptable_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->scriptable_hosts()
+ .patterns()
+ .empty());
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->explicit_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->explicit_hosts()
+ .patterns()
+ .empty());
+
+ // Finally, we revoke the all hosts permissions.
+ permissions_data->WithholdAllHosts();
+
+ // We should be back to our initial state - all_hosts should be withheld, and
+ // the safe patterns should be granted.
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->scriptable_hosts().patterns(),
+ safe_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->explicit_hosts().patterns(),
+ safe_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->withheld_permissions()->scriptable_hosts().patterns(),
+ all_host_patterns));
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->withheld_permissions()->explicit_hosts().patterns(),
+ all_host_patterns));
+
+ // Creating a component extension should result in no withheld permissions.
+ extension = CreateExtensionWithPermissions(
+ all_patterns, all_patterns, Manifest::COMPONENT);
+ permissions_data = extension->permissions_data();
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->scriptable_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->scriptable_hosts()
+ .patterns()
+ .empty());
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->explicit_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->explicit_hosts()
+ .patterns()
+ .empty());
+
+ // Without the switch, we shouldn't withhold anything.
+ switch_override.reset();
+ extension = CreateExtensionWithPermissions(
+ all_patterns, all_patterns, Manifest::INTERNAL);
+ permissions_data = extension->permissions_data();
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->scriptable_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->scriptable_hosts()
+ .patterns()
+ .empty());
+ EXPECT_TRUE(SetsAreEqual(
+ permissions_data->active_permissions()->explicit_hosts().patterns(),
+ all_patterns));
+ EXPECT_TRUE(permissions_data->withheld_permissions()
+ ->explicit_hosts()
+ .patterns()
+ .empty());
+}
+
} // namespace extensions
« extensions/common/permissions/permissions_data.cc ('K') | « extensions/common/permissions/permissions_data.cc ('k') | extensions/common/url_pattern.h » ('j') | extensions/common/url_pattern.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698