| OLD | NEW |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/strings/string16.h" | 9 #include "base/strings/string16.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| 11 #include "chrome/common/chrome_version_info.h" | |
| 12 #include "chrome/common/extensions/extension_test_util.h" | 11 #include "chrome/common/extensions/extension_test_util.h" |
| 13 #include "chrome/common/extensions/features/feature_channel.h" | |
| 14 #include "components/crx_file/id_util.h" | 12 #include "components/crx_file/id_util.h" |
| 15 #include "content/public/common/socket_permission_request.h" | 13 #include "content/public/common/socket_permission_request.h" |
| 16 #include "extensions/common/error_utils.h" | 14 #include "extensions/common/error_utils.h" |
| 17 #include "extensions/common/extension.h" | 15 #include "extensions/common/extension.h" |
| 18 #include "extensions/common/extension_builder.h" | 16 #include "extensions/common/extension_builder.h" |
| 19 #include "extensions/common/manifest.h" | 17 #include "extensions/common/manifest.h" |
| 20 #include "extensions/common/manifest_constants.h" | 18 #include "extensions/common/manifest_constants.h" |
| 21 #include "extensions/common/permissions/api_permission.h" | 19 #include "extensions/common/permissions/api_permission.h" |
| 22 #include "extensions/common/permissions/permission_set.h" | 20 #include "extensions/common/permissions/permission_set.h" |
| 23 #include "extensions/common/permissions/permissions_data.h" | 21 #include "extensions/common/permissions/permissions_data.h" |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 134 manifest_errors::kCannotAccessPage, | 132 manifest_errors::kCannotAccessPage, |
| 135 invalid_url.spec()), | 133 invalid_url.spec()), |
| 136 error) << name; | 134 error) << name; |
| 137 } else { | 135 } else { |
| 138 EXPECT_TRUE(error.empty()); | 136 EXPECT_TRUE(error.empty()); |
| 139 } | 137 } |
| 140 } | 138 } |
| 141 | 139 |
| 142 } // namespace | 140 } // namespace |
| 143 | 141 |
| 144 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { | 142 // NOTE: These tests run in Chrome's unit_tests suite because they depend on |
| 143 // extension manifest keys (like "content_scripts") that do not exist yet in the |
| 144 // src/extensions module. |
| 145 TEST(PermissionsDataTest, EffectiveHostPermissions) { |
| 145 scoped_refptr<Extension> extension; | 146 scoped_refptr<Extension> extension; |
| 146 URLPatternSet hosts; | 147 URLPatternSet hosts; |
| 147 | 148 |
| 148 extension = LoadManifest("effective_host_permissions", "empty.json"); | 149 extension = LoadManifest("effective_host_permissions", "empty.json"); |
| 149 EXPECT_EQ(0u, | 150 EXPECT_EQ(0u, |
| 150 extension->permissions_data() | 151 extension->permissions_data() |
| 151 ->GetEffectiveHostPermissions() | 152 ->GetEffectiveHostPermissions() |
| 152 .patterns() | 153 .patterns() |
| 153 .size()); | 154 .size()); |
| 154 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); | 155 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 209 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); | 210 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); |
| 210 | 211 |
| 211 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); | 212 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); |
| 212 hosts = extension->permissions_data()->GetEffectiveHostPermissions(); | 213 hosts = extension->permissions_data()->GetEffectiveHostPermissions(); |
| 213 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); | 214 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); |
| 214 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); | 215 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); |
| 215 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); | 216 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); |
| 216 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); | 217 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); |
| 217 } | 218 } |
| 218 | 219 |
| 219 TEST(ExtensionPermissionsTest, SocketPermissions) { | 220 TEST(PermissionsDataTest, SocketPermissions) { |
| 220 // Set feature current channel to appropriate value. | |
| 221 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV); | |
| 222 scoped_refptr<Extension> extension; | 221 scoped_refptr<Extension> extension; |
| 223 std::string error; | 222 std::string error; |
| 224 | 223 |
| 225 extension = LoadManifest("socket_permissions", "empty.json"); | 224 extension = LoadManifest("socket_permissions", "empty.json"); |
| 226 EXPECT_FALSE(CheckSocketPermission(extension, | 225 EXPECT_FALSE(CheckSocketPermission(extension, |
| 227 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); | 226 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); |
| 228 | 227 |
| 229 extension = LoadManifestUnchecked("socket_permissions", | 228 extension = LoadManifestUnchecked("socket_permissions", |
| 230 "socket1.json", | 229 "socket1.json", |
| 231 Manifest::INTERNAL, Extension::NO_FLAGS, | 230 Manifest::INTERNAL, Extension::NO_FLAGS, |
| (...skipping 14 matching lines...) Expand all Loading... |
| 246 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); | 245 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); |
| 247 | 246 |
| 248 EXPECT_FALSE(CheckSocketPermission( | 247 EXPECT_FALSE(CheckSocketPermission( |
| 249 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); | 248 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); |
| 250 EXPECT_TRUE(CheckSocketPermission( | 249 EXPECT_TRUE(CheckSocketPermission( |
| 251 extension, | 250 extension, |
| 252 SocketPermissionRequest::UDP_SEND_TO, | 251 SocketPermissionRequest::UDP_SEND_TO, |
| 253 "239.255.255.250", 1900)); | 252 "239.255.255.250", 1900)); |
| 254 } | 253 } |
| 255 | 254 |
| 256 TEST(ExtensionPermissionsTest, IsRestrictedUrl) { | 255 TEST(PermissionsDataTest, IsRestrictedUrl) { |
| 257 scoped_refptr<const Extension> extension = | 256 scoped_refptr<const Extension> extension = |
| 258 GetExtensionWithHostPermission("normal_extension", | 257 GetExtensionWithHostPermission("normal_extension", |
| 259 kAllHostsPermission, | 258 kAllHostsPermission, |
| 260 Manifest::INTERNAL); | 259 Manifest::INTERNAL); |
| 261 // Chrome urls should be blocked for normal extensions. | 260 // Chrome urls should be blocked for normal extensions. |
| 262 CheckRestrictedUrls(extension.get(), true); | 261 CheckRestrictedUrls(extension.get(), true); |
| 263 | 262 |
| 264 scoped_refptr<const Extension> component = | 263 scoped_refptr<const Extension> component = |
| 265 GetExtensionWithHostPermission("component", | 264 GetExtensionWithHostPermission("component", |
| 266 kAllHostsPermission, | 265 kAllHostsPermission, |
| 267 Manifest::COMPONENT); | 266 Manifest::COMPONENT); |
| 268 // Chrome urls should be accessible by component extensions. | 267 // Chrome urls should be accessible by component extensions. |
| 269 CheckRestrictedUrls(component.get(), false); | 268 CheckRestrictedUrls(component.get(), false); |
| 270 | 269 |
| 271 base::CommandLine::ForCurrentProcess()->AppendSwitch( | 270 base::CommandLine::ForCurrentProcess()->AppendSwitch( |
| 272 switches::kExtensionsOnChromeURLs); | 271 switches::kExtensionsOnChromeURLs); |
| 273 // Enabling the switch should allow all extensions to access chrome urls. | 272 // Enabling the switch should allow all extensions to access chrome urls. |
| 274 CheckRestrictedUrls(extension.get(), false); | 273 CheckRestrictedUrls(extension.get(), false); |
| 275 } | 274 } |
| 276 | 275 |
| 277 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { | 276 TEST(PermissionsDataTest, GetPermissionMessages_ManyAPIPermissions) { |
| 278 scoped_refptr<Extension> extension; | 277 scoped_refptr<Extension> extension; |
| 279 extension = LoadManifest("permissions", "many-apis.json"); | 278 extension = LoadManifest("permissions", "many-apis.json"); |
| 280 std::vector<base::string16> warnings = | 279 std::vector<base::string16> warnings = |
| 281 extension->permissions_data()->GetPermissionMessageStrings(); | 280 extension->permissions_data()->GetPermissionMessageStrings(); |
| 282 // Warning for "tabs" is suppressed by "history" permission. | 281 // Warning for "tabs" is suppressed by "history" permission. |
| 283 ASSERT_EQ(5u, warnings.size()); | 282 ASSERT_EQ(5u, warnings.size()); |
| 284 EXPECT_EQ("Read and change your data on api.flickr.com", | 283 EXPECT_EQ("Read and change your data on api.flickr.com", |
| 285 UTF16ToUTF8(warnings[0])); | 284 UTF16ToUTF8(warnings[0])); |
| 286 EXPECT_EQ("Read and change your bookmarks", UTF16ToUTF8(warnings[1])); | 285 EXPECT_EQ("Read and change your bookmarks", UTF16ToUTF8(warnings[1])); |
| 287 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); | 286 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); |
| 288 EXPECT_EQ("Read and change your browsing history", UTF16ToUTF8(warnings[3])); | 287 EXPECT_EQ("Read and change your browsing history", UTF16ToUTF8(warnings[3])); |
| 289 EXPECT_EQ("Manage your apps, extensions, and themes", | 288 EXPECT_EQ("Manage your apps, extensions, and themes", |
| 290 UTF16ToUTF8(warnings[4])); | 289 UTF16ToUTF8(warnings[4])); |
| 291 } | 290 } |
| 292 | 291 |
| 293 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) { | 292 TEST(PermissionsDataTest, GetPermissionMessages_ManyHostsPermissions) { |
| 294 scoped_refptr<Extension> extension; | 293 scoped_refptr<Extension> extension; |
| 295 extension = LoadManifest("permissions", "more-than-3-hosts.json"); | 294 extension = LoadManifest("permissions", "more-than-3-hosts.json"); |
| 296 std::vector<base::string16> warnings = | 295 std::vector<base::string16> warnings = |
| 297 extension->permissions_data()->GetPermissionMessageStrings(); | 296 extension->permissions_data()->GetPermissionMessageStrings(); |
| 298 std::vector<base::string16> warnings_details = | 297 std::vector<base::string16> warnings_details = |
| 299 extension->permissions_data()->GetPermissionMessageDetailsStrings(); | 298 extension->permissions_data()->GetPermissionMessageDetailsStrings(); |
| 300 ASSERT_EQ(1u, warnings.size()); | 299 ASSERT_EQ(1u, warnings.size()); |
| 301 ASSERT_EQ(1u, warnings_details.size()); | 300 ASSERT_EQ(1u, warnings_details.size()); |
| 302 EXPECT_EQ("Read and change your data on a number of websites", | 301 EXPECT_EQ("Read and change your data on a number of websites", |
| 303 UTF16ToUTF8(warnings[0])); | 302 UTF16ToUTF8(warnings[0])); |
| 304 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", | 303 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", |
| 305 UTF16ToUTF8(warnings_details[0])); | 304 UTF16ToUTF8(warnings_details[0])); |
| 306 } | 305 } |
| 307 | 306 |
| 308 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) { | 307 TEST(PermissionsDataTest, GetPermissionMessages_LocationApiPermission) { |
| 309 scoped_refptr<Extension> extension; | 308 scoped_refptr<Extension> extension; |
| 310 extension = LoadManifest("permissions", | 309 extension = LoadManifest("permissions", |
| 311 "location-api.json", | 310 "location-api.json", |
| 312 Manifest::COMPONENT, | 311 Manifest::COMPONENT, |
| 313 Extension::NO_FLAGS); | 312 Extension::NO_FLAGS); |
| 314 std::vector<base::string16> warnings = | 313 std::vector<base::string16> warnings = |
| 315 extension->permissions_data()->GetPermissionMessageStrings(); | 314 extension->permissions_data()->GetPermissionMessageStrings(); |
| 316 ASSERT_EQ(1u, warnings.size()); | 315 ASSERT_EQ(1u, warnings.size()); |
| 317 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); | 316 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); |
| 318 } | 317 } |
| 319 | 318 |
| 320 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) { | 319 TEST(PermissionsDataTest, GetPermissionMessages_ManyHosts) { |
| 321 scoped_refptr<Extension> extension; | 320 scoped_refptr<Extension> extension; |
| 322 extension = LoadManifest("permissions", "many-hosts.json"); | 321 extension = LoadManifest("permissions", "many-hosts.json"); |
| 323 std::vector<base::string16> warnings = | 322 std::vector<base::string16> warnings = |
| 324 extension->permissions_data()->GetPermissionMessageStrings(); | 323 extension->permissions_data()->GetPermissionMessageStrings(); |
| 325 ASSERT_EQ(1u, warnings.size()); | 324 ASSERT_EQ(1u, warnings.size()); |
| 326 EXPECT_EQ( | 325 EXPECT_EQ( |
| 327 "Read and change your data on encrypted.google.com and www.google.com", | 326 "Read and change your data on encrypted.google.com and www.google.com", |
| 328 UTF16ToUTF8(warnings[0])); | 327 UTF16ToUTF8(warnings[0])); |
| 329 } | 328 } |
| 330 | 329 |
| 331 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) { | 330 TEST(PermissionsDataTest, GetPermissionMessages_Plugins) { |
| 332 scoped_refptr<Extension> extension; | 331 scoped_refptr<Extension> extension; |
| 333 extension = LoadManifest("permissions", "plugins.json"); | 332 extension = LoadManifest("permissions", "plugins.json"); |
| 334 std::vector<base::string16> warnings = | 333 std::vector<base::string16> warnings = |
| 335 extension->permissions_data()->GetPermissionMessageStrings(); | 334 extension->permissions_data()->GetPermissionMessageStrings(); |
| 336 // We don't parse the plugins key on Chrome OS, so it should not ask for any | 335 // We don't parse the plugins key on Chrome OS, so it should not ask for any |
| 337 // permissions. | 336 // permissions. |
| 338 #if defined(OS_CHROMEOS) | 337 #if defined(OS_CHROMEOS) |
| 339 ASSERT_EQ(0u, warnings.size()); | 338 ASSERT_EQ(0u, warnings.size()); |
| 340 #else | 339 #else |
| 341 ASSERT_EQ(1u, warnings.size()); | 340 ASSERT_EQ(1u, warnings.size()); |
| (...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 745 | 744 |
| 746 permissions_data->ClearTabSpecificPermissions(1); | 745 permissions_data->ClearTabSpecificPermissions(1); |
| 747 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); | 746 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); |
| 748 | 747 |
| 749 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); | 748 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); |
| 750 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); | 749 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); |
| 751 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); | 750 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); |
| 752 } | 751 } |
| 753 | 752 |
| 754 } // namespace extensions | 753 } // namespace extensions |
| OLD | NEW |