OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <vector> | 5 #include <vector> |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/strings/string16.h" | 9 #include "base/strings/string16.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
80 scoped_refptr<const Extension> extension = | 80 scoped_refptr<const Extension> extension = |
81 GetExtensionWithHostPermission(extension_id, | 81 GetExtensionWithHostPermission(extension_id, |
82 host_permissions, | 82 host_permissions, |
83 location); | 83 location); |
84 return extension->permissions_data()->RequiresActionForScriptExecution( | 84 return extension->permissions_data()->RequiresActionForScriptExecution( |
85 extension, | 85 extension, |
86 -1, // Ignore tab id for these. | 86 -1, // Ignore tab id for these. |
87 GURL::EmptyGURL()); | 87 GURL::EmptyGURL()); |
88 } | 88 } |
89 | 89 |
| 90 // Checks that urls are properly restricted for the given extension. |
| 91 void CheckRestrictedUrls(const Extension* extension, |
| 92 bool block_chrome_urls) { |
| 93 // We log the name so we know _which_ extension failed here. |
| 94 const std::string& name = extension->name(); |
| 95 const GURL chrome_settings_url("chrome://settings/"); |
| 96 const GURL chrome_extension_url("chrome-extension://foo/bar.html"); |
| 97 const GURL google_url("https://www.google.com/"); |
| 98 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); |
| 99 const GURL invalid_url("chrome-debugger://foo/bar.html"); |
| 100 |
| 101 std::string error; |
| 102 EXPECT_EQ(block_chrome_urls, |
| 103 PermissionsData::IsRestrictedUrl( |
| 104 chrome_settings_url, |
| 105 chrome_settings_url, |
| 106 extension, |
| 107 &error)) << name; |
| 108 if (block_chrome_urls) |
| 109 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; |
| 110 else |
| 111 EXPECT_TRUE(error.empty()) << name; |
| 112 |
| 113 error.clear(); |
| 114 EXPECT_EQ(block_chrome_urls, |
| 115 PermissionsData::IsRestrictedUrl( |
| 116 chrome_extension_url, |
| 117 chrome_extension_url, |
| 118 extension, |
| 119 &error)) << name; |
| 120 if (block_chrome_urls) |
| 121 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; |
| 122 else |
| 123 EXPECT_TRUE(error.empty()) << name; |
| 124 |
| 125 // Google should never be a restricted url. |
| 126 error.clear(); |
| 127 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
| 128 google_url, google_url, extension, &error)) << name; |
| 129 EXPECT_TRUE(error.empty()) << name; |
| 130 |
| 131 // We should always be able to access our own extension pages. |
| 132 error.clear(); |
| 133 EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
| 134 self_url, self_url, extension, &error)) << name; |
| 135 EXPECT_TRUE(error.empty()) << name; |
| 136 |
| 137 // We should only allow other schemes for extensions when it's a whitelisted |
| 138 // extension. |
| 139 error.clear(); |
| 140 bool allow_on_other_schemes = |
| 141 PermissionsData::CanExecuteScriptEverywhere(extension); |
| 142 EXPECT_EQ(!allow_on_other_schemes, |
| 143 PermissionsData::IsRestrictedUrl( |
| 144 invalid_url, invalid_url, extension, &error)) << name; |
| 145 if (!allow_on_other_schemes) { |
| 146 EXPECT_EQ(ErrorUtils::FormatErrorMessage( |
| 147 manifest_errors::kCannotAccessPage, |
| 148 invalid_url.spec()), |
| 149 error) << name; |
| 150 } else { |
| 151 EXPECT_TRUE(error.empty()); |
| 152 } |
| 153 } |
| 154 |
90 } // namespace | 155 } // namespace |
91 | 156 |
92 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { | 157 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { |
93 scoped_refptr<Extension> extension; | 158 scoped_refptr<Extension> extension; |
94 URLPatternSet hosts; | 159 URLPatternSet hosts; |
95 | 160 |
96 extension = LoadManifest("effective_host_permissions", "empty.json"); | 161 extension = LoadManifest("effective_host_permissions", "empty.json"); |
97 EXPECT_EQ(0u, | 162 EXPECT_EQ(0u, |
98 extension->permissions_data() | 163 extension->permissions_data() |
99 ->GetEffectiveHostPermissions() | 164 ->GetEffectiveHostPermissions() |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
235 new PermissionSet(APIPermissionSet(), | 300 new PermissionSet(APIPermissionSet(), |
236 ManifestPermissionSet(), | 301 ManifestPermissionSet(), |
237 allowed_hosts, | 302 allowed_hosts, |
238 URLPatternSet())); | 303 URLPatternSet())); |
239 extension->permissions_data()->UpdateTabSpecificPermissions(0, | 304 extension->permissions_data()->UpdateTabSpecificPermissions(0, |
240 tab_permissions); | 305 tab_permissions); |
241 EXPECT_FALSE(extension->permissions_data()->RequiresActionForScriptExecution( | 306 EXPECT_FALSE(extension->permissions_data()->RequiresActionForScriptExecution( |
242 extension, 0, GURL("https://www.google.com/"))); | 307 extension, 0, GURL("https://www.google.com/"))); |
243 } | 308 } |
244 | 309 |
| 310 TEST(ExtensionPermissionsTest, IsRestrictedUrl) { |
| 311 scoped_refptr<const Extension> extension = |
| 312 GetExtensionWithHostPermission("normal_extension", |
| 313 kAllHostsPermission, |
| 314 Manifest::INTERNAL); |
| 315 // Chrome urls should be blocked for normal extensions. |
| 316 CheckRestrictedUrls(extension, true); |
| 317 |
| 318 scoped_refptr<const Extension> component = |
| 319 GetExtensionWithHostPermission("component", |
| 320 kAllHostsPermission, |
| 321 Manifest::COMPONENT); |
| 322 // Chrome urls should be accessible by component extensions. |
| 323 CheckRestrictedUrls(component, false); |
| 324 |
| 325 base::CommandLine::ForCurrentProcess()->AppendSwitch( |
| 326 switches::kExtensionsOnChromeURLs); |
| 327 // Enabling the switch should allow all extensions to access chrome urls. |
| 328 CheckRestrictedUrls(extension, false); |
| 329 |
| 330 } |
| 331 |
245 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { | 332 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { |
246 scoped_refptr<Extension> extension; | 333 scoped_refptr<Extension> extension; |
247 extension = LoadManifest("permissions", "many-apis.json"); | 334 extension = LoadManifest("permissions", "many-apis.json"); |
248 std::vector<base::string16> warnings = | 335 std::vector<base::string16> warnings = |
249 extension->permissions_data()->GetPermissionMessageStrings(); | 336 extension->permissions_data()->GetPermissionMessageStrings(); |
250 // Warning for "tabs" is suppressed by "history" permission. | 337 // Warning for "tabs" is suppressed by "history" permission. |
251 ASSERT_EQ(5u, warnings.size()); | 338 ASSERT_EQ(5u, warnings.size()); |
252 EXPECT_EQ("Read and modify your data on api.flickr.com", | 339 EXPECT_EQ("Read and modify your data on api.flickr.com", |
253 UTF16ToUTF8(warnings[0])); | 340 UTF16ToUTF8(warnings[0])); |
254 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); | 341 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); |
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
546 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested | 633 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested |
547 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); | 634 EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); |
548 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); | 635 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); |
549 | 636 |
550 // Test access to iframed content. | 637 // Test access to iframed content. |
551 GURL within_extension_url = extension->GetResourceURL("page.html"); | 638 GURL within_extension_url = extension->GetResourceURL("page.html"); |
552 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); | 639 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); |
553 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); | 640 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); |
554 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); | 641 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); |
555 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); | 642 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); |
556 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); | 643 EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url)); |
557 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); | 644 EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url)); |
558 | 645 |
559 const PermissionsData* permissions_data = extension->permissions_data(); | 646 const PermissionsData* permissions_data = extension->permissions_data(); |
560 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); | 647 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); |
561 EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); | 648 EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); |
562 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); | 649 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); |
563 | 650 |
564 // Test * for scheme, which implies just the http/https schemes. | 651 // Test * for scheme, which implies just the http/https schemes. |
565 extension = LoadManifestStrict("script_and_capture", | 652 extension = LoadManifestStrict("script_and_capture", |
566 "extension_wildcard.json"); | 653 "extension_wildcard.json"); |
567 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); | 654 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
713 | 800 |
714 permissions_data->ClearTabSpecificPermissions(1); | 801 permissions_data->ClearTabSpecificPermissions(1); |
715 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1)); | 802 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1)); |
716 | 803 |
717 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 804 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
718 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 805 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
719 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 806 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
720 } | 807 } |
721 | 808 |
722 } // namespace extensions | 809 } // namespace extensions |
OLD | NEW |