diff options
| author | jamescook <jamescook@chromium.org> | 2014-09-11 16:32:50 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-09-12 00:19:15 +0000 |
| commit | 646de7d89ca220cdd533bcd35f55768c1ad5dda1 (patch) | |
| tree | d1d5e56fda1f9b542b24e555928f75f26e4dee16 /extensions | |
| parent | abfe4031f1773072d79fac0880ada886b81324f5 (diff) | |
| download | chromium_src-646de7d89ca220cdd533bcd35f55768c1ad5dda1.zip chromium_src-646de7d89ca220cdd533bcd35f55768c1ad5dda1.tar.gz chromium_src-646de7d89ca220cdd533bcd35f55768c1ad5dda1.tar.bz2 | |
Clean up extensions permissions unit tests
* Move socket_permission_unittest.cc and usb_device_permission_unittest.cc
into src/extensions -- they have no src/chrome dependencies.
* Move permissions_data_unittest.cc back into src/chrome -- its tests rely on
extension manifest keys that aren't part of src/extensions yet.
* Rename the latter tests to PermissionsDataTest
BUG=397165
TEST=unit_tests PermissionsDataTest.* and extensions_unittests
Review URL: https://codereview.chromium.org/563663002
Cr-Commit-Position: refs/heads/master@{#294493}
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/DEPS | 6 | ||||
| -rw-r--r-- | extensions/common/permissions/permissions_data_unittest.cc | 754 | ||||
| -rw-r--r-- | extensions/common/permissions/socket_permission_unittest.cc | 330 | ||||
| -rw-r--r-- | extensions/common/permissions/usb_device_permission_unittest.cc | 63 | ||||
| -rw-r--r-- | extensions/extensions.gyp | 2 |
5 files changed, 395 insertions, 760 deletions
diff --git a/extensions/DEPS b/extensions/DEPS index e6b483f..836d930 100644 --- a/extensions/DEPS +++ b/extensions/DEPS @@ -40,16 +40,10 @@ specific_include_rules = { "+chrome/common/chrome_paths.h", "+chrome/common/extensions/features/feature_channel.h", "+chrome/common/extensions/manifest_tests/extension_manifest_test.h", - "+chrome/test/base/browser_with_test_window_test.h", "+chrome/test/base/testing_profile.h", "+chrome/test/base/ui_test_utils.h", ], "(simple|complex)_feature_unittest\.cc|base_feature_provider_unittest\.cc": [ "+chrome/common/extensions/features/chrome_channel_feature_filter.h", ], - "permissions_data_unittest\.cc": [ - "+chrome/common/chrome_version_info.h", - "+chrome/common/extensions/extension_test_util.h", - "+chrome/common/extensions/features/feature_channel.h", - ], } diff --git a/extensions/common/permissions/permissions_data_unittest.cc b/extensions/common/permissions/permissions_data_unittest.cc deleted file mode 100644 index 7374d34..0000000 --- a/extensions/common/permissions/permissions_data_unittest.cc +++ /dev/null @@ -1,754 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <vector> - -#include "base/command_line.h" -#include "base/memory/ref_counted.h" -#include "base/strings/string16.h" -#include "base/strings/utf_string_conversions.h" -#include "chrome/common/chrome_version_info.h" -#include "chrome/common/extensions/extension_test_util.h" -#include "chrome/common/extensions/features/feature_channel.h" -#include "components/crx_file/id_util.h" -#include "content/public/common/socket_permission_request.h" -#include "extensions/common/error_utils.h" -#include "extensions/common/extension.h" -#include "extensions/common/extension_builder.h" -#include "extensions/common/manifest.h" -#include "extensions/common/manifest_constants.h" -#include "extensions/common/permissions/api_permission.h" -#include "extensions/common/permissions/permission_set.h" -#include "extensions/common/permissions/permissions_data.h" -#include "extensions/common/permissions/socket_permission.h" -#include "extensions/common/switches.h" -#include "extensions/common/url_pattern_set.h" -#include "extensions/common/value_builder.h" -#include "testing/gtest/include/gtest/gtest.h" -#include "url/gurl.h" - -using base::UTF16ToUTF8; -using content::SocketPermissionRequest; -using extension_test_util::LoadManifest; -using extension_test_util::LoadManifestUnchecked; -using extension_test_util::LoadManifestStrict; - -namespace extensions { - -namespace { - -const char kAllHostsPermission[] = "*://*/*"; - -bool CheckSocketPermission( - scoped_refptr<Extension> extension, - SocketPermissionRequest::OperationType type, - const char* host, - int port) { - SocketPermission::CheckParam param(type, host, port); - return extension->permissions_data()->CheckAPIPermissionWithParam( - APIPermission::kSocket, ¶m); -} - -// Creates and returns an extension with the given |id|, |host_permissions|, and -// manifest |location|. -scoped_refptr<const Extension> GetExtensionWithHostPermission( - const std::string& id, - const std::string& host_permissions, - Manifest::Location location) { - ListBuilder permissions; - if (!host_permissions.empty()) - permissions.Append(host_permissions); - - return ExtensionBuilder() - .SetManifest( - DictionaryBuilder() - .Set("name", id) - .Set("description", "an extension") - .Set("manifest_version", 2) - .Set("version", "1.0.0") - .Set("permissions", permissions.Pass()) - .Build()) - .SetLocation(location) - .SetID(id) - .Build(); -} - -// Checks that urls are properly restricted for the given extension. -void CheckRestrictedUrls(const Extension* extension, - bool block_chrome_urls) { - // We log the name so we know _which_ extension failed here. - const std::string& name = extension->name(); - const GURL chrome_settings_url("chrome://settings/"); - const GURL chrome_extension_url("chrome-extension://foo/bar.html"); - const GURL google_url("https://www.google.com/"); - const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); - const GURL invalid_url("chrome-debugger://foo/bar.html"); - - std::string error; - EXPECT_EQ(block_chrome_urls, - PermissionsData::IsRestrictedUrl( - chrome_settings_url, - chrome_settings_url, - extension, - &error)) << name; - if (block_chrome_urls) - EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; - else - EXPECT_TRUE(error.empty()) << name; - - error.clear(); - EXPECT_EQ(block_chrome_urls, - PermissionsData::IsRestrictedUrl( - chrome_extension_url, - chrome_extension_url, - extension, - &error)) << name; - if (block_chrome_urls) - EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; - else - EXPECT_TRUE(error.empty()) << name; - - // Google should never be a restricted url. - error.clear(); - EXPECT_FALSE(PermissionsData::IsRestrictedUrl( - google_url, google_url, extension, &error)) << name; - EXPECT_TRUE(error.empty()) << name; - - // We should always be able to access our own extension pages. - error.clear(); - EXPECT_FALSE(PermissionsData::IsRestrictedUrl( - self_url, self_url, extension, &error)) << name; - EXPECT_TRUE(error.empty()) << name; - - // We should only allow other schemes for extensions when it's a whitelisted - // extension. - error.clear(); - bool allow_on_other_schemes = - PermissionsData::CanExecuteScriptEverywhere(extension); - EXPECT_EQ(!allow_on_other_schemes, - PermissionsData::IsRestrictedUrl( - invalid_url, invalid_url, extension, &error)) << name; - if (!allow_on_other_schemes) { - EXPECT_EQ(ErrorUtils::FormatErrorMessage( - manifest_errors::kCannotAccessPage, - invalid_url.spec()), - error) << name; - } else { - EXPECT_TRUE(error.empty()); - } -} - -} // namespace - -TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { - scoped_refptr<Extension> extension; - URLPatternSet hosts; - - extension = LoadManifest("effective_host_permissions", "empty.json"); - EXPECT_EQ(0u, - extension->permissions_data() - ->GetEffectiveHostPermissions() - .patterns() - .size()); - EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", "one_host.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", - "one_host_wildcard.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", "two_hosts.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", - "https_not_considered.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", - "two_content_scripts.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); - EXPECT_TRUE(extension->permissions_data() - ->active_permissions() - ->HasEffectiveAccessToURL(GURL("http://www.reddit.com"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); - EXPECT_TRUE( - extension->permissions_data() - ->active_permissions() - ->HasEffectiveAccessToURL(GURL("http://news.ycombinator.com"))); - EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", "all_hosts.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); - EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); - - extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); - hosts = extension->permissions_data()->GetEffectiveHostPermissions(); - EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); - EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); - EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts()); -} - -TEST(ExtensionPermissionsTest, SocketPermissions) { - // Set feature current channel to appropriate value. - ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV); - scoped_refptr<Extension> extension; - std::string error; - - extension = LoadManifest("socket_permissions", "empty.json"); - EXPECT_FALSE(CheckSocketPermission(extension, - SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); - - extension = LoadManifestUnchecked("socket_permissions", - "socket1.json", - Manifest::INTERNAL, Extension::NO_FLAGS, - &error); - EXPECT_TRUE(extension.get() == NULL); - std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage( - manifest_errors::kInvalidPermissionWithDetail, - "socket", - "NULL or empty permission list"); - EXPECT_EQ(expected_error_msg_header, error); - - extension = LoadManifest("socket_permissions", "socket2.json"); - EXPECT_TRUE(CheckSocketPermission(extension, - SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); - EXPECT_FALSE(CheckSocketPermission( - extension, SocketPermissionRequest::UDP_BIND, "", 80)); - EXPECT_TRUE(CheckSocketPermission( - extension, SocketPermissionRequest::UDP_BIND, "", 8888)); - - EXPECT_FALSE(CheckSocketPermission( - extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); - EXPECT_TRUE(CheckSocketPermission( - extension, - SocketPermissionRequest::UDP_SEND_TO, - "239.255.255.250", 1900)); -} - -TEST(ExtensionPermissionsTest, IsRestrictedUrl) { - scoped_refptr<const Extension> extension = - GetExtensionWithHostPermission("normal_extension", - kAllHostsPermission, - Manifest::INTERNAL); - // Chrome urls should be blocked for normal extensions. - CheckRestrictedUrls(extension.get(), true); - - scoped_refptr<const Extension> component = - GetExtensionWithHostPermission("component", - kAllHostsPermission, - Manifest::COMPONENT); - // Chrome urls should be accessible by component extensions. - CheckRestrictedUrls(component.get(), false); - - base::CommandLine::ForCurrentProcess()->AppendSwitch( - switches::kExtensionsOnChromeURLs); - // Enabling the switch should allow all extensions to access chrome urls. - CheckRestrictedUrls(extension.get(), false); -} - -TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { - scoped_refptr<Extension> extension; - extension = LoadManifest("permissions", "many-apis.json"); - std::vector<base::string16> warnings = - extension->permissions_data()->GetPermissionMessageStrings(); - // Warning for "tabs" is suppressed by "history" permission. - ASSERT_EQ(5u, warnings.size()); - EXPECT_EQ("Read and change your data on api.flickr.com", - UTF16ToUTF8(warnings[0])); - EXPECT_EQ("Read and change your bookmarks", UTF16ToUTF8(warnings[1])); - EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); - EXPECT_EQ("Read and change your browsing history", UTF16ToUTF8(warnings[3])); - EXPECT_EQ("Manage your apps, extensions, and themes", - UTF16ToUTF8(warnings[4])); -} - -TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) { - scoped_refptr<Extension> extension; - extension = LoadManifest("permissions", "more-than-3-hosts.json"); - std::vector<base::string16> warnings = - extension->permissions_data()->GetPermissionMessageStrings(); - std::vector<base::string16> warnings_details = - extension->permissions_data()->GetPermissionMessageDetailsStrings(); - ASSERT_EQ(1u, warnings.size()); - ASSERT_EQ(1u, warnings_details.size()); - EXPECT_EQ("Read and change your data on a number of websites", - UTF16ToUTF8(warnings[0])); - EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", - UTF16ToUTF8(warnings_details[0])); -} - -TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) { - scoped_refptr<Extension> extension; - extension = LoadManifest("permissions", - "location-api.json", - Manifest::COMPONENT, - Extension::NO_FLAGS); - std::vector<base::string16> warnings = - extension->permissions_data()->GetPermissionMessageStrings(); - ASSERT_EQ(1u, warnings.size()); - EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); -} - -TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) { - scoped_refptr<Extension> extension; - extension = LoadManifest("permissions", "many-hosts.json"); - std::vector<base::string16> warnings = - extension->permissions_data()->GetPermissionMessageStrings(); - ASSERT_EQ(1u, warnings.size()); - EXPECT_EQ( - "Read and change your data on encrypted.google.com and www.google.com", - UTF16ToUTF8(warnings[0])); -} - -TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) { - scoped_refptr<Extension> extension; - extension = LoadManifest("permissions", "plugins.json"); - std::vector<base::string16> warnings = - extension->permissions_data()->GetPermissionMessageStrings(); -// We don't parse the plugins key on Chrome OS, so it should not ask for any -// permissions. -#if defined(OS_CHROMEOS) - ASSERT_EQ(0u, warnings.size()); -#else - ASSERT_EQ(1u, warnings.size()); - EXPECT_EQ( - "Read and change all your data on your computer and the websites you " - "visit", - UTF16ToUTF8(warnings[0])); -#endif -} - -// Base class for testing the CanAccessPage and CanCaptureVisiblePage -// methods of Extension for extensions with various permissions. -class ExtensionScriptAndCaptureVisibleTest : public testing::Test { - protected: - ExtensionScriptAndCaptureVisibleTest() - : http_url("http://www.google.com"), - http_url_with_path("http://www.google.com/index.html"), - https_url("https://www.google.com"), - file_url("file:///foo/bar"), - favicon_url("chrome://favicon/http://www.google.com"), - extension_url("chrome-extension://" + - crx_file::id_util::GenerateIdForPath( - base::FilePath(FILE_PATH_LITERAL("foo")))), - settings_url("chrome://settings"), - about_url("about:flags") { - urls_.insert(http_url); - urls_.insert(http_url_with_path); - urls_.insert(https_url); - urls_.insert(file_url); - urls_.insert(favicon_url); - urls_.insert(extension_url); - urls_.insert(settings_url); - urls_.insert(about_url); - // Ignore the policy delegate for this test. - PermissionsData::SetPolicyDelegate(NULL); - } - - bool AllowedScript(const Extension* extension, const GURL& url, - const GURL& top_url) { - return AllowedScript(extension, url, top_url, -1); - } - - bool AllowedScript(const Extension* extension, const GURL& url, - const GURL& top_url, int tab_id) { - return extension->permissions_data()->CanAccessPage( - extension, url, top_url, tab_id, -1, NULL); - } - - bool BlockedScript(const Extension* extension, const GURL& url, - const GURL& top_url) { - return !extension->permissions_data()->CanAccessPage( - extension, url, top_url, -1, -1, NULL); - } - - bool Allowed(const Extension* extension, const GURL& url) { - return Allowed(extension, url, -1); - } - - bool Allowed(const Extension* extension, const GURL& url, int tab_id) { - return (extension->permissions_data()->CanAccessPage( - extension, url, url, tab_id, -1, NULL) && - extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL)); - } - - bool CaptureOnly(const Extension* extension, const GURL& url) { - return CaptureOnly(extension, url, -1); - } - - bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { - return !extension->permissions_data()->CanAccessPage( - extension, url, url, tab_id, -1, NULL) && - extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); - } - - bool ScriptOnly(const Extension* extension, const GURL& url, - const GURL& top_url) { - return ScriptOnly(extension, url, top_url, -1); - } - - bool ScriptOnly(const Extension* extension, const GURL& url, - const GURL& top_url, int tab_id) { - return AllowedScript(extension, url, top_url, tab_id) && - !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL); - } - - bool Blocked(const Extension* extension, const GURL& url) { - return Blocked(extension, url, -1); - } - - bool Blocked(const Extension* extension, const GURL& url, int tab_id) { - return !(extension->permissions_data()->CanAccessPage( - extension, url, url, tab_id, -1, NULL) || - extension->permissions_data()->CanCaptureVisiblePage(tab_id, - NULL)); - } - - bool ScriptAllowedExclusivelyOnTab( - const Extension* extension, - const std::set<GURL>& allowed_urls, - int tab_id) { - bool result = true; - for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { - const GURL& url = *it; - if (allowed_urls.count(url)) - result &= AllowedScript(extension, url, url, tab_id); - else - result &= Blocked(extension, url, tab_id); - } - return result; - } - - // URLs that are "safe" to provide scripting and capture visible tab access - // to if the permissions allow it. - const GURL http_url; - const GURL http_url_with_path; - const GURL https_url; - const GURL file_url; - - // We should allow host permission but not scripting permission for favicon - // urls. - const GURL favicon_url; - - // URLs that regular extensions should never get access to. - const GURL extension_url; - const GURL settings_url; - const GURL about_url; - - private: - // The set of all URLs above. - std::set<GURL> urls_; -}; - -TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { - // Test <all_urls> for regular extensions. - scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", - "extension_regular_all.json"); - - EXPECT_TRUE(Allowed(extension.get(), http_url)); - EXPECT_TRUE(Allowed(extension.get(), https_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); - - // Test access to iframed content. - GURL within_extension_url = extension->GetResourceURL("page.html"); - EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); - EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); - EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); - EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); - EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); - EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); - - EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); - EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url)); - EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); - - // Test * for scheme, which implies just the http/https schemes. - extension = LoadManifestStrict("script_and_capture", - "extension_wildcard.json"); - EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); - EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(Blocked(extension.get(), file_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - extension = - LoadManifest("script_and_capture", "extension_wildcard_settings.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - - // Having chrome://*/ should not work for regular extensions. Note that - // for favicon access, we require the explicit pattern chrome://favicon/*. - std::string error; - extension = LoadManifestUnchecked("script_and_capture", - "extension_wildcard_chrome.json", - Manifest::INTERNAL, Extension::NO_FLAGS, - &error); - std::vector<InstallWarning> warnings = extension->install_warnings(); - EXPECT_FALSE(warnings.empty()); - EXPECT_EQ(ErrorUtils::FormatErrorMessage( - manifest_errors::kInvalidPermissionScheme, - "chrome://*/"), - warnings[0].message); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - - // Having chrome://favicon/* should not give you chrome://* - extension = LoadManifestStrict("script_and_capture", - "extension_chrome_favicon_wildcard.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); - - // Having http://favicon should not give you chrome://favicon - extension = LoadManifestStrict("script_and_capture", - "extension_http_favicon.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - - // Component extensions with <all_urls> should get everything. - extension = LoadManifest("script_and_capture", "extension_component_all.json", - Manifest::COMPONENT, Extension::NO_FLAGS); - EXPECT_TRUE(Allowed(extension.get(), http_url)); - EXPECT_TRUE(Allowed(extension.get(), https_url)); - EXPECT_TRUE(Allowed(extension.get(), settings_url)); - EXPECT_TRUE(Allowed(extension.get(), about_url)); - EXPECT_TRUE(Allowed(extension.get(), favicon_url)); - EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); - - // Component extensions should only get access to what they ask for. - extension = LoadManifest("script_and_capture", - "extension_component_google.json", Manifest::COMPONENT, - Extension::NO_FLAGS); - EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); - EXPECT_TRUE(Blocked(extension.get(), https_url)); - EXPECT_TRUE(Blocked(extension.get(), file_url)); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(Blocked(extension.get(), extension_url)); - EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); -} - -TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { - CommandLine::ForCurrentProcess()->AppendSwitch( - switches::kExtensionsOnChromeURLs); - - scoped_refptr<Extension> extension; - - // Test <all_urls> for regular extensions. - extension = LoadManifestStrict("script_and_capture", - "extension_regular_all.json"); - EXPECT_TRUE(Allowed(extension.get(), http_url)); - EXPECT_TRUE(Allowed(extension.get(), https_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), file_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), settings_url)); - EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested - EXPECT_TRUE(CaptureOnly(extension.get(), about_url)); - EXPECT_TRUE(CaptureOnly(extension.get(), extension_url)); - - // Test access to iframed content. - GURL within_extension_url = extension->GetResourceURL("page.html"); - EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); - EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); - EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); - EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); - EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url)); - EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url)); - - const PermissionsData* permissions_data = extension->permissions_data(); - EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); - EXPECT_FALSE(permissions_data->HasHostPermission(about_url)); - EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url)); - - // Test * for scheme, which implies just the http/https schemes. - extension = LoadManifestStrict("script_and_capture", - "extension_wildcard.json"); - EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); - EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url)); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(Blocked(extension.get(), file_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - extension = - LoadManifest("script_and_capture", "extension_wildcard_settings.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - - // Having chrome://*/ should work for regular extensions with the flag - // enabled. - std::string error; - extension = LoadManifestUnchecked("script_and_capture", - "extension_wildcard_chrome.json", - Manifest::INTERNAL, Extension::NO_FLAGS, - &error); - EXPECT_FALSE(extension.get() == NULL); - EXPECT_TRUE(Blocked(extension.get(), http_url)); - EXPECT_TRUE(Blocked(extension.get(), https_url)); - EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(Blocked(extension.get(), file_url)); - EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); - - // Having chrome://favicon/* should not give you chrome://* - extension = LoadManifestStrict("script_and_capture", - "extension_chrome_favicon_wildcard.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); - - // Having http://favicon should not give you chrome://favicon - extension = LoadManifestStrict("script_and_capture", - "extension_http_favicon.json"); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - - // Component extensions with <all_urls> should get everything. - extension = LoadManifest("script_and_capture", "extension_component_all.json", - Manifest::COMPONENT, Extension::NO_FLAGS); - EXPECT_TRUE(Allowed(extension.get(), http_url)); - EXPECT_TRUE(Allowed(extension.get(), https_url)); - EXPECT_TRUE(Allowed(extension.get(), settings_url)); - EXPECT_TRUE(Allowed(extension.get(), about_url)); - EXPECT_TRUE(Allowed(extension.get(), favicon_url)); - EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url)); - - // Component extensions should only get access to what they ask for. - extension = LoadManifest("script_and_capture", - "extension_component_google.json", Manifest::COMPONENT, - Extension::NO_FLAGS); - EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url)); - EXPECT_TRUE(Blocked(extension.get(), https_url)); - EXPECT_TRUE(Blocked(extension.get(), file_url)); - EXPECT_TRUE(Blocked(extension.get(), settings_url)); - EXPECT_TRUE(Blocked(extension.get(), favicon_url)); - EXPECT_TRUE(Blocked(extension.get(), about_url)); - EXPECT_TRUE(Blocked(extension.get(), extension_url)); - EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url)); -} - -TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { - scoped_refptr<Extension> extension = - LoadManifestStrict("script_and_capture", "tab_specific.json"); - - const PermissionsData* permissions_data = extension->permissions_data(); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(2).get()); - - std::set<GURL> no_urls; - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); - - URLPatternSet allowed_hosts; - allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, - http_url.spec())); - std::set<GURL> allowed_urls; - allowed_urls.insert(http_url); - // http_url_with_path() will also be allowed, because Extension should be - // considering the security origin of the URL not the URL itself, and - // http_url is in allowed_hosts. - allowed_urls.insert(http_url_with_path); - - { - scoped_refptr<PermissionSet> permissions( - new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), - allowed_hosts, URLPatternSet())); - permissions_data->UpdateTabSpecificPermissions(0, permissions); - EXPECT_EQ(permissions->explicit_hosts(), - permissions_data->GetTabSpecificPermissionsForTesting(0) - ->explicit_hosts()); - } - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); - - permissions_data->ClearTabSpecificPermissions(0); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); - - std::set<GURL> more_allowed_urls = allowed_urls; - more_allowed_urls.insert(https_url); - URLPatternSet more_allowed_hosts = allowed_hosts; - more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, - https_url.spec())); - - { - scoped_refptr<PermissionSet> permissions( - new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), - allowed_hosts, URLPatternSet())); - permissions_data->UpdateTabSpecificPermissions(0, permissions); - EXPECT_EQ(permissions->explicit_hosts(), - permissions_data->GetTabSpecificPermissionsForTesting(0) - ->explicit_hosts()); - - permissions = new PermissionSet(APIPermissionSet(), - ManifestPermissionSet(), - more_allowed_hosts, - URLPatternSet()); - permissions_data->UpdateTabSpecificPermissions(1, permissions); - EXPECT_EQ(permissions->explicit_hosts(), - permissions_data->GetTabSpecificPermissionsForTesting(1) - ->explicit_hosts()); - } - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); - EXPECT_TRUE( - ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); - - permissions_data->ClearTabSpecificPermissions(0); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get()); - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); - EXPECT_TRUE( - ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); - - permissions_data->ClearTabSpecificPermissions(1); - EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get()); - - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1)); - EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2)); -} - -} // namespace extensions diff --git a/extensions/common/permissions/socket_permission_unittest.cc b/extensions/common/permissions/socket_permission_unittest.cc new file mode 100644 index 0000000..0b1fae0 --- /dev/null +++ b/extensions/common/permissions/socket_permission_unittest.cc @@ -0,0 +1,330 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <string> + +#include "base/pickle.h" +#include "base/values.h" +#include "extensions/common/permissions/permissions_info.h" +#include "extensions/common/permissions/socket_permission.h" +#include "extensions/common/permissions/socket_permission_data.h" +#include "ipc/ipc_message.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace extensions { + +namespace { + +using content::SocketPermissionRequest; + +void ParseTest(const std::string& permission, + const std::string& expected_result) { + SocketPermissionData data; + ASSERT_TRUE(data.ParseForTest(permission)) << "Parse permission \"" + << permission << "\" failed."; + EXPECT_EQ(expected_result, data.GetAsStringForTest()); +} + +TEST(SocketPermissionTest, General) { + SocketPermissionData data1, data2; + + CHECK(data1.ParseForTest("tcp-connect")); + CHECK(data2.ParseForTest("tcp-connect")); + + EXPECT_TRUE(data1 == data2); + EXPECT_FALSE(data1 < data2); + + CHECK(data1.ParseForTest("tcp-connect")); + CHECK(data2.ParseForTest("tcp-connect:www.example.com")); + + EXPECT_FALSE(data1 == data2); + EXPECT_TRUE(data1 < data2); +} + +TEST(SocketPermissionTest, Parse) { + SocketPermissionData data; + + EXPECT_FALSE(data.ParseForTest(std::string())); + EXPECT_FALSE(data.ParseForTest("*")); + EXPECT_FALSE(data.ParseForTest("\00\00*")); + EXPECT_FALSE(data.ParseForTest("\01*")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:-1")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:65536")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:::")); + EXPECT_FALSE(data.ParseForTest("tcp-connect::0")); + EXPECT_FALSE(data.ParseForTest("tcp-connect: www.exmaple.com: 99 ")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com :99")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com: 99")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com:99 ")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:\t*.exmaple.com:99")); + EXPECT_FALSE(data.ParseForTest("tcp-connect:\n*.exmaple.com:99")); + EXPECT_FALSE(data.ParseForTest("resolve-host:exmaple.com:99")); + EXPECT_FALSE(data.ParseForTest("resolve-host:127.0.0.1")); + EXPECT_FALSE(data.ParseForTest("resolve-host:")); + EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com:99")); + EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com")); + + ParseTest("tcp-connect", "tcp-connect:*:*"); + ParseTest("tcp-listen", "tcp-listen:*:*"); + ParseTest("udp-bind", "udp-bind:*:*"); + ParseTest("udp-send-to", "udp-send-to:*:*"); + ParseTest("resolve-host", "resolve-host"); + ParseTest("resolve-proxy", "resolve-proxy"); + + ParseTest("tcp-connect:", "tcp-connect:*:*"); + ParseTest("tcp-listen:", "tcp-listen:*:*"); + ParseTest("udp-bind:", "udp-bind:*:*"); + ParseTest("udp-send-to:", "udp-send-to:*:*"); + + ParseTest("tcp-connect::", "tcp-connect:*:*"); + ParseTest("tcp-listen::", "tcp-listen:*:*"); + ParseTest("udp-bind::", "udp-bind:*:*"); + ParseTest("udp-send-to::", "udp-send-to:*:*"); + + ParseTest("tcp-connect:*", "tcp-connect:*:*"); + ParseTest("tcp-listen:*", "tcp-listen:*:*"); + ParseTest("udp-bind:*", "udp-bind:*:*"); + ParseTest("udp-send-to:*", "udp-send-to:*:*"); + + ParseTest("tcp-connect:*:", "tcp-connect:*:*"); + ParseTest("tcp-listen:*:", "tcp-listen:*:*"); + ParseTest("udp-bind:*:", "udp-bind:*:*"); + ParseTest("udp-send-to:*:", "udp-send-to:*:*"); + + ParseTest("tcp-connect::*", "tcp-connect:*:*"); + ParseTest("tcp-listen::*", "tcp-listen:*:*"); + ParseTest("udp-bind::*", "udp-bind:*:*"); + ParseTest("udp-send-to::*", "udp-send-to:*:*"); + + ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*"); + ParseTest("tcp-listen:www.example.com", "tcp-listen:www.example.com:*"); + ParseTest("udp-bind:www.example.com", "udp-bind:www.example.com:*"); + ParseTest("udp-send-to:www.example.com", "udp-send-to:www.example.com:*"); + ParseTest("udp-send-to:wWW.ExAmPlE.cOm", "udp-send-to:www.example.com:*"); + + ParseTest("tcp-connect:.example.com", "tcp-connect:*.example.com:*"); + ParseTest("tcp-listen:.example.com", "tcp-listen:*.example.com:*"); + ParseTest("udp-bind:.example.com", "udp-bind:*.example.com:*"); + ParseTest("udp-send-to:.example.com", "udp-send-to:*.example.com:*"); + + ParseTest("tcp-connect:*.example.com", "tcp-connect:*.example.com:*"); + ParseTest("tcp-listen:*.example.com", "tcp-listen:*.example.com:*"); + ParseTest("udp-bind:*.example.com", "udp-bind:*.example.com:*"); + ParseTest("udp-send-to:*.example.com", "udp-send-to:*.example.com:*"); + + ParseTest("tcp-connect::99", "tcp-connect:*:99"); + ParseTest("tcp-listen::99", "tcp-listen:*:99"); + ParseTest("udp-bind::99", "udp-bind:*:99"); + ParseTest("udp-send-to::99", "udp-send-to:*:99"); + + ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*"); + + ParseTest("tcp-connect:*.example.com:99", "tcp-connect:*.example.com:99"); +} + +TEST(SocketPermissionTest, Match) { + SocketPermissionData data; + scoped_ptr<SocketPermission::CheckParam> param; + + CHECK(data.ParseForTest("tcp-connect")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + + CHECK(data.ParseForTest("udp-send-to::8800")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + + CHECK(data.ParseForTest("udp-send-to:*.example.com:8800")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "wwwexample.com", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + CHECK(data.ParseForTest("udp-send-to:*.ExAmPlE.cOm:8800")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + ASSERT_TRUE(data.ParseForTest("udp-bind::8800")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + // Do not wildcard part of ip address. + ASSERT_TRUE(data.ParseForTest("tcp-connect:*.168.0.1:8800")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "192.168.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*")); + ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*:*")); + ASSERT_TRUE(data.ParseForTest("udp-multicast-membership")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "127.0.0.1", 35)); + EXPECT_TRUE(data.Check(param.get())); + + ASSERT_TRUE(data.ParseForTest("resolve-host")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 80)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 8080)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + ASSERT_TRUE(data.ParseForTest("resolve-proxy")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 80)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 8080)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + + ASSERT_TRUE(data.ParseForTest("network-state")); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::NETWORK_STATE, std::string(), 0)); + EXPECT_TRUE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); + param.reset(new SocketPermission::CheckParam( + SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800)); + EXPECT_FALSE(data.Check(param.get())); +} + +TEST(SocketPermissionTest, IPC) { + const APIPermissionInfo* permission_info = + PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket); + + { + IPC::Message m; + + scoped_ptr<APIPermission> permission1( + permission_info->CreateAPIPermission()); + scoped_ptr<APIPermission> permission2( + permission_info->CreateAPIPermission()); + + permission1->Write(&m); + PickleIterator iter(m); + permission2->Read(&m, &iter); + + EXPECT_TRUE(permission1->Equal(permission2.get())); + } + + { + IPC::Message m; + + scoped_ptr<APIPermission> permission1( + permission_info->CreateAPIPermission()); + scoped_ptr<APIPermission> permission2( + permission_info->CreateAPIPermission()); + + scoped_ptr<base::ListValue> value(new base::ListValue()); + value->AppendString("tcp-connect:*.example.com:80"); + value->AppendString("udp-bind::8080"); + value->AppendString("udp-send-to::8888"); + ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL)); + + EXPECT_FALSE(permission1->Equal(permission2.get())); + + permission1->Write(&m); + PickleIterator iter(m); + permission2->Read(&m, &iter); + EXPECT_TRUE(permission1->Equal(permission2.get())); + } +} + +TEST(SocketPermissionTest, Value) { + const APIPermissionInfo* permission_info = + PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket); + + scoped_ptr<APIPermission> permission1(permission_info->CreateAPIPermission()); + scoped_ptr<APIPermission> permission2(permission_info->CreateAPIPermission()); + + scoped_ptr<base::ListValue> value(new base::ListValue()); + value->AppendString("tcp-connect:*.example.com:80"); + value->AppendString("udp-bind::8080"); + value->AppendString("udp-send-to::8888"); + ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL)); + + EXPECT_FALSE(permission1->Equal(permission2.get())); + + scoped_ptr<base::Value> vtmp(permission1->ToValue()); + ASSERT_TRUE(vtmp); + ASSERT_TRUE(permission2->FromValue(vtmp.get(), NULL, NULL)); + EXPECT_TRUE(permission1->Equal(permission2.get())); +} + +} // namespace + +} // namespace extensions diff --git a/extensions/common/permissions/usb_device_permission_unittest.cc b/extensions/common/permissions/usb_device_permission_unittest.cc new file mode 100644 index 0000000..ee92932 --- /dev/null +++ b/extensions/common/permissions/usb_device_permission_unittest.cc @@ -0,0 +1,63 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <set> +#include <string> + +#include "base/memory/scoped_ptr.h" +#include "base/pickle.h" +#include "base/strings/utf_string_conversions.h" +#include "base/values.h" +#include "extensions/common/permissions/api_permission.h" +#include "extensions/common/permissions/permissions_info.h" +#include "extensions/common/permissions/usb_device_permission.h" +#include "extensions/common/permissions/usb_device_permission_data.h" +#include "ipc/ipc_message.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace extensions { + +TEST(USBDevicePermissionTest, PermissionDataOrder) { + EXPECT_LT(UsbDevicePermissionData(0x02ad, 0x138c, -1), + UsbDevicePermissionData(0x02ad, 0x138d, -1)); + ASSERT_LT(UsbDevicePermissionData(0x02ad, 0x138d, -1), + UsbDevicePermissionData(0x02ae, 0x138c, -1)); + EXPECT_LT(UsbDevicePermissionData(0x02ad, 0x138c, -1), + UsbDevicePermissionData(0x02ad, 0x138c, 0)); +} + +#if defined(ENABLE_EXTENSIONS) +#define MAYBE_PermissionMessage PermissionMessage +#else +#define MAYBE_PermissionMessage DISABLED_PermissionMessage +#endif // defined(ENABLE_EXTENSIONS) + +TEST(USBDevicePermissionTest, MAYBE_PermissionMessage) { + const char* const kMessages[] = { + "Access the USB device PVR Mass Storage from HUMAX Co., Ltd.", + "Access the USB device from HUMAX Co., Ltd.", + "Access the USB device", + }; + + // Prepare data set + scoped_ptr<base::ListValue> permission_list(new base::ListValue()); + permission_list->Append( + UsbDevicePermissionData(0x02ad, 0x138c, -1).ToValue()->DeepCopy()); + permission_list->Append( + UsbDevicePermissionData(0x02ad, 0x138d, -1).ToValue()->DeepCopy()); + permission_list->Append( + UsbDevicePermissionData(0x02ae, 0x138d, -1).ToValue()->DeepCopy()); + + UsbDevicePermission permission( + PermissionsInfo::GetInstance()->GetByID(APIPermission::kUsbDevice)); + ASSERT_TRUE(permission.FromValue(permission_list.get(), NULL, NULL)); + + PermissionMessages messages = permission.GetMessages(); + ASSERT_EQ(3U, messages.size()); + EXPECT_EQ(base::ASCIIToUTF16(kMessages[0]), messages.at(0).message()); + EXPECT_EQ(base::ASCIIToUTF16(kMessages[1]), messages.at(1).message()); + EXPECT_EQ(base::ASCIIToUTF16(kMessages[2]), messages.at(2).message()); +} + +} // namespace extensions diff --git a/extensions/extensions.gyp b/extensions/extensions.gyp index 99e4843..bee4c12 100644 --- a/extensions/extensions.gyp +++ b/extensions/extensions.gyp @@ -1103,6 +1103,8 @@ 'common/one_shot_event_unittest.cc', 'common/permissions/api_permission_set_unittest.cc', 'common/permissions/manifest_permission_set_unittest.cc', + 'common/permissions/socket_permission_unittest.cc', + 'common/permissions/usb_device_permission_unittest.cc', 'common/url_pattern_set_unittest.cc', 'common/url_pattern_unittest.cc', 'common/user_script_unittest.cc', |