permissions_data_unittest.cc revision 7dbb3d5cf0c15f500944d211057644d6a2f37371
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <vector> 6 7#include "base/command_line.h" 8#include "base/memory/ref_counted.h" 9#include "base/strings/string16.h" 10#include "base/strings/utf_string_conversions.h" 11#include "chrome/common/chrome_switches.h" 12#include "chrome/common/chrome_version_info.h" 13#include "chrome/common/extensions/extension.h" 14#include "chrome/common/extensions/extension_manifest_constants.h" 15#include "chrome/common/extensions/extension_test_util.h" 16#include "chrome/common/extensions/features/feature.h" 17#include "chrome/common/extensions/permissions/api_permission.h" 18#include "chrome/common/extensions/permissions/permission_set.h" 19#include "chrome/common/extensions/permissions/permissions_data.h" 20#include "chrome/common/extensions/permissions/socket_permission.h" 21#include "content/public/common/socket_permission_request.h" 22#include "extensions/common/error_utils.h" 23#include "extensions/common/id_util.h" 24#include "extensions/common/url_pattern_set.h" 25#include "testing/gtest/include/gtest/gtest.h" 26 27using content::SocketPermissionRequest; 28using extension_test_util::LoadManifest; 29using extension_test_util::LoadManifestUnchecked; 30using extension_test_util::LoadManifestStrict; 31 32namespace extensions { 33 34namespace { 35 36bool CheckSocketPermission( 37 scoped_refptr<Extension> extension, 38 SocketPermissionRequest::OperationType type, 39 const char* host, 40 int port) { 41 SocketPermission::CheckParam param(type, host, port); 42 return PermissionsData::CheckAPIPermissionWithParam( 43 extension.get(), APIPermission::kSocket, ¶m); 44} 45 46} // namespace 47 48TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { 49 scoped_refptr<Extension> extension; 50 URLPatternSet hosts; 51 52 extension = LoadManifest("effective_host_permissions", "empty.json"); 53 EXPECT_EQ(0u, 54 PermissionsData::GetEffectiveHostPermissions(extension.get()) 55 .patterns().size()); 56 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); 57 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 58 59 extension = LoadManifest("effective_host_permissions", "one_host.json"); 60 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 61 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 62 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); 63 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 64 65 extension = LoadManifest("effective_host_permissions", 66 "one_host_wildcard.json"); 67 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 68 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 69 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); 70 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 71 72 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); 73 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 74 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 75 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 76 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 77 78 extension = LoadManifest("effective_host_permissions", 79 "https_not_considered.json"); 80 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 81 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 82 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); 83 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 84 85 extension = LoadManifest("effective_host_permissions", 86 "two_content_scripts.json"); 87 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 88 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 89 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 90 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 91 GURL("http://www.reddit.com"))); 92 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); 93 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 94 GURL("http://news.ycombinator.com"))); 95 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 96 97 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); 98 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 99 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 100 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); 101 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 102 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 103 104 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); 105 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 106 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 107 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 108 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 109 110 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 111 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 112 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); 113 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); 114 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 115 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 116} 117 118TEST(ExtensionPermissionsTest, SocketPermissions) { 119 // Set feature current channel to appropriate value. 120 Feature::ScopedCurrentChannel scoped_channel( 121 chrome::VersionInfo::CHANNEL_DEV); 122 scoped_refptr<Extension> extension; 123 std::string error; 124 125 extension = LoadManifest("socket_permissions", "empty.json"); 126 EXPECT_FALSE(CheckSocketPermission(extension, 127 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 128 129 extension = LoadManifestUnchecked("socket_permissions", 130 "socket1.json", 131 Manifest::INTERNAL, Extension::NO_FLAGS, 132 &error); 133 EXPECT_TRUE(extension.get() == NULL); 134 ASSERT_EQ(ErrorUtils::FormatErrorMessage( 135 extension_manifest_errors::kInvalidPermission, "socket"), 136 error); 137 138 extension = LoadManifest("socket_permissions", "socket2.json"); 139 EXPECT_TRUE(CheckSocketPermission(extension, 140 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 141 EXPECT_FALSE(CheckSocketPermission( 142 extension, SocketPermissionRequest::UDP_BIND, "", 80)); 143 EXPECT_TRUE(CheckSocketPermission( 144 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); 145 146 EXPECT_FALSE(CheckSocketPermission( 147 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); 148 EXPECT_TRUE(CheckSocketPermission( 149 extension, 150 SocketPermissionRequest::UDP_SEND_TO, 151 "239.255.255.250", 1900)); 152} 153 154// This tests the API permissions with an empty manifest (one that just 155// specifies a name and a version and nothing else). 156TEST(ExtensionPermissionsTest, ApiPermissions) { 157 const struct { 158 const char* permission_name; 159 bool expect_success; 160 } kTests[] = { 161 // Negative test. 162 { "non_existing_permission", false }, 163 // Test default module/package permission. 164 { "browserAction", true }, 165 { "devtools", true }, 166 { "extension", true }, 167 { "i18n", true }, 168 { "pageAction", true }, 169 { "pageActions", true }, 170 { "test", true }, 171 // Some negative tests. 172 { "bookmarks", false }, 173 { "cookies", false }, 174 { "history", false }, 175 // Make sure we find the module name after stripping '.' and '/'. 176 { "browserAction/abcd/onClick", true }, 177 { "browserAction.abcd.onClick", true }, 178 // Test Tabs functions. 179 { "tabs.create", true}, 180 { "tabs.duplicate", true}, 181 { "tabs.onRemoved", true}, 182 { "tabs.remove", true}, 183 { "tabs.update", true}, 184 { "tabs.getSelected", true}, 185 { "tabs.onUpdated", true }, 186 // Test getPermissionWarnings functions. Only one requires permissions. 187 { "management.getPermissionWarningsById", false }, 188 { "management.getPermissionWarningsByManifest", true }, 189 }; 190 191 scoped_refptr<Extension> extension; 192 extension = LoadManifest("empty_manifest", "empty.json"); 193 194 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTests); ++i) { 195 EXPECT_EQ(kTests[i].expect_success, 196 extension->HasAPIPermission(kTests[i].permission_name)) 197 << "Permission being tested: " << kTests[i].permission_name; 198 } 199} 200 201TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { 202 scoped_refptr<Extension> extension; 203 extension = LoadManifest("permissions", "many-apis.json"); 204 std::vector<string16> warnings = 205 PermissionsData::GetPermissionMessageStrings(extension.get()); 206 ASSERT_EQ(6u, warnings.size()); 207 EXPECT_EQ("Access your data on api.flickr.com", 208 UTF16ToUTF8(warnings[0])); 209 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); 210 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); 211 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3])); 212 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4])); 213 EXPECT_EQ("Manage your apps, extensions, and themes", 214 UTF16ToUTF8(warnings[5])); 215} 216 217TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) { 218 scoped_refptr<Extension> extension; 219 extension = LoadManifest("permissions", "more-than-3-hosts.json"); 220 std::vector<string16> warnings = 221 PermissionsData::GetPermissionMessageStrings(extension.get()); 222 std::vector<string16> warnings_details = 223 PermissionsData::GetPermissionMessageDetailsStrings(extension.get()); 224 ASSERT_EQ(1u, warnings.size()); 225 ASSERT_EQ(1u, warnings_details.size()); 226#if defined(TOOLKIT_VIEWS) 227 EXPECT_EQ("Access your data on 5 website(s)", UTF16ToUTF8(warnings[0])); 228 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", 229 UTF16ToUTF8(warnings_details[0])); 230#else 231 // TODO(finnur): Remove once other platforms support expandable sections. 232 EXPECT_EQ("Access your data on www.a.com, www.b.com, and 3 other websites", 233 UTF16ToUTF8(warnings[0])); 234 EXPECT_TRUE(warnings_details[0].empty()); 235#endif 236} 237 238TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) { 239 scoped_refptr<Extension> extension; 240 extension = LoadManifest("permissions", 241 "location-api.json", 242 Manifest::COMPONENT, 243 Extension::NO_FLAGS); 244 std::vector<string16> warnings = 245 PermissionsData::GetPermissionMessageStrings(extension.get()); 246 ASSERT_EQ(1u, warnings.size()); 247 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); 248} 249 250TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) { 251 scoped_refptr<Extension> extension; 252 extension = LoadManifest("permissions", "many-hosts.json"); 253 std::vector<string16> warnings = 254 PermissionsData::GetPermissionMessageStrings(extension.get()); 255 ASSERT_EQ(1u, warnings.size()); 256 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com", 257 UTF16ToUTF8(warnings[0])); 258} 259 260TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) { 261 scoped_refptr<Extension> extension; 262 extension = LoadManifest("permissions", "plugins.json"); 263 std::vector<string16> warnings = 264 PermissionsData::GetPermissionMessageStrings(extension.get()); 265// We don't parse the plugins key on Chrome OS, so it should not ask for any 266// permissions. 267#if defined(OS_CHROMEOS) 268 ASSERT_EQ(0u, warnings.size()); 269#else 270 ASSERT_EQ(1u, warnings.size()); 271 EXPECT_EQ("Access all data on your computer and the websites you visit", 272 UTF16ToUTF8(warnings[0])); 273#endif 274} 275 276// Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage 277// methods of Extension for extensions with various permissions. 278class ExtensionScriptAndCaptureVisibleTest : public testing::Test { 279 protected: 280 ExtensionScriptAndCaptureVisibleTest() 281 : http_url("http://www.google.com"), 282 http_url_with_path("http://www.google.com/index.html"), 283 https_url("https://www.google.com"), 284 file_url("file:///foo/bar"), 285 favicon_url("chrome://favicon/http://www.google.com"), 286 extension_url("chrome-extension://" + 287 id_util::GenerateIdForPath( 288 base::FilePath(FILE_PATH_LITERAL("foo")))), 289 settings_url("chrome://settings"), 290 about_url("about:flags") { 291 urls_.insert(http_url); 292 urls_.insert(http_url_with_path); 293 urls_.insert(https_url); 294 urls_.insert(file_url); 295 urls_.insert(favicon_url); 296 urls_.insert(extension_url); 297 urls_.insert(settings_url); 298 urls_.insert(about_url); 299 // Ignore the policy delegate for this test. 300 PermissionsData::SetPolicyDelegate(NULL); 301 } 302 303 bool AllowedScript(const Extension* extension, const GURL& url, 304 const GURL& top_url) { 305 return PermissionsData::CanExecuteScriptOnPage( 306 extension, url, top_url, -1, NULL, -1, NULL); 307 } 308 309 bool BlockedScript(const Extension* extension, const GURL& url, 310 const GURL& top_url) { 311 return !PermissionsData::CanExecuteScriptOnPage( 312 extension, url, top_url, -1, NULL, -1, NULL); 313 } 314 315 bool Allowed(const Extension* extension, const GURL& url) { 316 return Allowed(extension, url, -1); 317 } 318 319 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 320 return (PermissionsData::CanExecuteScriptOnPage( 321 extension, url, url, tab_id, NULL, -1, NULL) && 322 PermissionsData::CanCaptureVisiblePage( 323 extension, url, tab_id, NULL)); 324 } 325 326 bool CaptureOnly(const Extension* extension, const GURL& url) { 327 return CaptureOnly(extension, url, -1); 328 } 329 330 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 331 return !PermissionsData::CanExecuteScriptOnPage( 332 extension, url, url, tab_id, NULL, -1, NULL) && 333 PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL); 334 } 335 336 bool Blocked(const Extension* extension, const GURL& url) { 337 return Blocked(extension, url, -1); 338 } 339 340 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 341 return !(PermissionsData::CanExecuteScriptOnPage( 342 extension, url, url, tab_id, NULL, -1, NULL) || 343 PermissionsData::CanCaptureVisiblePage( 344 extension, url, tab_id, NULL)); 345 } 346 347 bool AllowedExclusivelyOnTab( 348 const Extension* extension, 349 const std::set<GURL>& allowed_urls, 350 int tab_id) { 351 bool result = true; 352 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 353 const GURL& url = *it; 354 if (allowed_urls.count(url)) 355 result &= Allowed(extension, url, tab_id); 356 else 357 result &= Blocked(extension, url, tab_id); 358 } 359 return result; 360 } 361 362 // URLs that are "safe" to provide scripting and capture visible tab access 363 // to if the permissions allow it. 364 const GURL http_url; 365 const GURL http_url_with_path; 366 const GURL https_url; 367 const GURL file_url; 368 369 // We should allow host permission but not scripting permission for favicon 370 // urls. 371 const GURL favicon_url; 372 373 // URLs that regular extensions should never get access to. 374 const GURL extension_url; 375 const GURL settings_url; 376 const GURL about_url; 377 378 private: 379 // The set of all URLs above. 380 std::set<GURL> urls_; 381}; 382 383TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { 384 // Test <all_urls> for regular extensions. 385 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", 386 "extension_regular_all.json"); 387 388 EXPECT_TRUE(Allowed(extension.get(), http_url)); 389 EXPECT_TRUE(Allowed(extension.get(), https_url)); 390 EXPECT_TRUE(Blocked(extension.get(), file_url)); 391 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 392 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 393 EXPECT_TRUE(Blocked(extension.get(), about_url)); 394 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 395 396 // Test access to iframed content. 397 GURL within_extension_url = extension->GetResourceURL("page.html"); 398 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 399 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 400 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 401 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 402 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 403 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 404 405 EXPECT_FALSE( 406 PermissionsData::HasHostPermission(extension.get(), settings_url)); 407 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 408 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 409 410 // Test * for scheme, which implies just the http/https schemes. 411 extension = LoadManifestStrict("script_and_capture", 412 "extension_wildcard.json"); 413 EXPECT_TRUE(Allowed(extension.get(), http_url)); 414 EXPECT_TRUE(Allowed(extension.get(), https_url)); 415 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 416 EXPECT_TRUE(Blocked(extension.get(), about_url)); 417 EXPECT_TRUE(Blocked(extension.get(), file_url)); 418 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 419 extension = 420 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 421 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 422 423 // Having chrome://*/ should not work for regular extensions. Note that 424 // for favicon access, we require the explicit pattern chrome://favicon/*. 425 std::string error; 426 extension = LoadManifestUnchecked("script_and_capture", 427 "extension_wildcard_chrome.json", 428 Manifest::INTERNAL, Extension::NO_FLAGS, 429 &error); 430 EXPECT_TRUE(extension.get() == NULL); 431 EXPECT_EQ( 432 ErrorUtils::FormatErrorMessage( 433 extension_manifest_errors::kInvalidPermissionScheme, "chrome://*/"), 434 error); 435 436 // Having chrome://favicon/* should not give you chrome://* 437 extension = LoadManifestStrict("script_and_capture", 438 "extension_chrome_favicon_wildcard.json"); 439 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 440 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 441 EXPECT_TRUE(Blocked(extension.get(), about_url)); 442 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 443 444 // Having http://favicon should not give you chrome://favicon 445 extension = LoadManifestStrict("script_and_capture", 446 "extension_http_favicon.json"); 447 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 448 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 449 450 // Component extensions with <all_urls> should get everything. 451 extension = LoadManifest("script_and_capture", "extension_component_all.json", 452 Manifest::COMPONENT, Extension::NO_FLAGS); 453 EXPECT_TRUE(Allowed(extension.get(), http_url)); 454 EXPECT_TRUE(Allowed(extension.get(), https_url)); 455 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 456 EXPECT_TRUE(Allowed(extension.get(), about_url)); 457 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 458 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 459 460 // Component extensions should only get access to what they ask for. 461 extension = LoadManifest("script_and_capture", 462 "extension_component_google.json", Manifest::COMPONENT, 463 Extension::NO_FLAGS); 464 EXPECT_TRUE(Allowed(extension.get(), http_url)); 465 EXPECT_TRUE(Blocked(extension.get(), https_url)); 466 EXPECT_TRUE(Blocked(extension.get(), file_url)); 467 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 468 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 469 EXPECT_TRUE(Blocked(extension.get(), about_url)); 470 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 471 EXPECT_FALSE( 472 PermissionsData::HasHostPermission(extension.get(), settings_url)); 473} 474 475TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { 476 CommandLine::ForCurrentProcess()->AppendSwitch( 477 switches::kExtensionsOnChromeURLs); 478 479 scoped_refptr<Extension> extension; 480 481 // Test <all_urls> for regular extensions. 482 extension = LoadManifestStrict("script_and_capture", 483 "extension_regular_all.json"); 484 EXPECT_TRUE(Allowed(extension.get(), http_url)); 485 EXPECT_TRUE(Allowed(extension.get(), https_url)); 486 EXPECT_TRUE(Blocked(extension.get(), file_url)); 487 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 488 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 489 EXPECT_TRUE(Blocked(extension.get(), about_url)); 490 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 491 492 // Test access to iframed content. 493 GURL within_extension_url = extension->GetResourceURL("page.html"); 494 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 495 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 496 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 497 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 498 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 499 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 500 501 EXPECT_FALSE( 502 PermissionsData::HasHostPermission(extension.get(), settings_url)); 503 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 504 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 505 506 // Test * for scheme, which implies just the http/https schemes. 507 extension = LoadManifestStrict("script_and_capture", 508 "extension_wildcard.json"); 509 EXPECT_TRUE(Allowed(extension.get(), http_url)); 510 EXPECT_TRUE(Allowed(extension.get(), https_url)); 511 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 512 EXPECT_TRUE(Blocked(extension.get(), about_url)); 513 EXPECT_TRUE(Blocked(extension.get(), file_url)); 514 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 515 extension = 516 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 517 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 518 519 // Having chrome://*/ should work for regular extensions with the flag 520 // enabled. 521 std::string error; 522 extension = LoadManifestUnchecked("script_and_capture", 523 "extension_wildcard_chrome.json", 524 Manifest::INTERNAL, Extension::NO_FLAGS, 525 &error); 526 EXPECT_FALSE(extension.get() == NULL); 527 EXPECT_TRUE(Blocked(extension.get(), http_url)); 528 EXPECT_TRUE(Blocked(extension.get(), https_url)); 529 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 530 EXPECT_TRUE(Blocked(extension.get(), about_url)); 531 EXPECT_TRUE(Blocked(extension.get(), file_url)); 532 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 533 534 // Having chrome://favicon/* should not give you chrome://* 535 extension = LoadManifestStrict("script_and_capture", 536 "extension_chrome_favicon_wildcard.json"); 537 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 538 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 539 EXPECT_TRUE(Blocked(extension.get(), about_url)); 540 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 541 542 // Having http://favicon should not give you chrome://favicon 543 extension = LoadManifestStrict("script_and_capture", 544 "extension_http_favicon.json"); 545 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 546 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 547 548 // Component extensions with <all_urls> should get everything. 549 extension = LoadManifest("script_and_capture", "extension_component_all.json", 550 Manifest::COMPONENT, Extension::NO_FLAGS); 551 EXPECT_TRUE(Allowed(extension.get(), http_url)); 552 EXPECT_TRUE(Allowed(extension.get(), https_url)); 553 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 554 EXPECT_TRUE(Allowed(extension.get(), about_url)); 555 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 556 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 557 558 // Component extensions should only get access to what they ask for. 559 extension = LoadManifest("script_and_capture", 560 "extension_component_google.json", Manifest::COMPONENT, 561 Extension::NO_FLAGS); 562 EXPECT_TRUE(Allowed(extension.get(), http_url)); 563 EXPECT_TRUE(Blocked(extension.get(), https_url)); 564 EXPECT_TRUE(Blocked(extension.get(), file_url)); 565 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 566 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 567 EXPECT_TRUE(Blocked(extension.get(), about_url)); 568 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 569 EXPECT_FALSE( 570 PermissionsData::HasHostPermission(extension.get(), settings_url)); 571} 572 573TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { 574 scoped_refptr<Extension> extension = 575 LoadManifestStrict("script_and_capture", "tab_specific.json"); 576 577 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 578 .get()); 579 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 580 .get()); 581 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2) 582 .get()); 583 584 std::set<GURL> no_urls; 585 586 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 587 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 588 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 589 590 URLPatternSet allowed_hosts; 591 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 592 http_url.spec())); 593 std::set<GURL> allowed_urls; 594 allowed_urls.insert(http_url); 595 // http_url_with_path() will also be allowed, because Extension should be 596 // considering the security origin of the URL not the URL itself, and 597 // http_url is in allowed_hosts. 598 allowed_urls.insert(http_url_with_path); 599 600 { 601 scoped_refptr<PermissionSet> permissions( 602 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); 603 PermissionsData::UpdateTabSpecificPermissions( 604 extension.get(), 0, permissions); 605 EXPECT_EQ(permissions->explicit_hosts(), 606 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 607 ->explicit_hosts()); 608 } 609 610 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 611 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 612 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 613 614 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 615 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 616 .get()); 617 618 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 619 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 620 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 621 622 std::set<GURL> more_allowed_urls = allowed_urls; 623 more_allowed_urls.insert(https_url); 624 URLPatternSet more_allowed_hosts = allowed_hosts; 625 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 626 https_url.spec())); 627 628 { 629 scoped_refptr<PermissionSet> permissions( 630 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); 631 PermissionsData::UpdateTabSpecificPermissions( 632 extension.get(), 0, permissions); 633 EXPECT_EQ(permissions->explicit_hosts(), 634 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 635 ->explicit_hosts()); 636 637 permissions = new PermissionSet(APIPermissionSet(), 638 more_allowed_hosts, 639 URLPatternSet()); 640 PermissionsData::UpdateTabSpecificPermissions( 641 extension.get(), 1, permissions); 642 EXPECT_EQ(permissions->explicit_hosts(), 643 PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 644 ->explicit_hosts()); 645 } 646 647 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 648 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 649 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 650 651 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 652 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 653 .get()); 654 655 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 656 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 657 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 658 659 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1); 660 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 661 .get()); 662 663 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 664 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 665 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 666} 667 668} // namespace extensions 669