xref: /external/chromium_org/extensions/common/permissions/socket_permission_unittest.cc

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <string>

#include "base/pickle.h"
#include "base/values.h"
#include "extensions/common/permissions/permissions_info.h"
#include "extensions/common/permissions/socket_permission.h"
#include "extensions/common/permissions/socket_permission_data.h"
#include "ipc/ipc_message.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace extensions {

namespace {

using content::SocketPermissionRequest;

void ParseTest(const std::string& permission,
               const std::string& expected_result) {
  SocketPermissionData data;
  ASSERT_TRUE(data.ParseForTest(permission)) << "Parse permission \""
                                             << permission << "\" failed.";
  EXPECT_EQ(expected_result, data.GetAsStringForTest());
}

TEST(SocketPermissionTest, General) {
  SocketPermissionData data1, data2;

  CHECK(data1.ParseForTest("tcp-connect"));
  CHECK(data2.ParseForTest("tcp-connect"));

  EXPECT_TRUE(data1 == data2);
  EXPECT_FALSE(data1 < data2);

  CHECK(data1.ParseForTest("tcp-connect"));
  CHECK(data2.ParseForTest("tcp-connect:www.example.com"));

  EXPECT_FALSE(data1 == data2);
  EXPECT_TRUE(data1 < data2);
}

TEST(SocketPermissionTest, Parse) {
  SocketPermissionData data;

  EXPECT_FALSE(data.ParseForTest(std::string()));
  EXPECT_FALSE(data.ParseForTest("*"));
  EXPECT_FALSE(data.ParseForTest("\00\00*"));
  EXPECT_FALSE(data.ParseForTest("\01*"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:-1"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:65536"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:::"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect::0"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:  www.exmaple.com:  99  "));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com :99"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com: 99"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com:99 "));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:\t*.exmaple.com:99"));
  EXPECT_FALSE(data.ParseForTest("tcp-connect:\n*.exmaple.com:99"));
  EXPECT_FALSE(data.ParseForTest("resolve-host:exmaple.com:99"));
  EXPECT_FALSE(data.ParseForTest("resolve-host:127.0.0.1"));
  EXPECT_FALSE(data.ParseForTest("resolve-host:"));
  EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com:99"));
  EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com"));

  ParseTest("tcp-connect", "tcp-connect:*:*");
  ParseTest("tcp-listen", "tcp-listen:*:*");
  ParseTest("udp-bind", "udp-bind:*:*");
  ParseTest("udp-send-to", "udp-send-to:*:*");
  ParseTest("resolve-host", "resolve-host");
  ParseTest("resolve-proxy", "resolve-proxy");

  ParseTest("tcp-connect:", "tcp-connect:*:*");
  ParseTest("tcp-listen:", "tcp-listen:*:*");
  ParseTest("udp-bind:", "udp-bind:*:*");
  ParseTest("udp-send-to:", "udp-send-to:*:*");

  ParseTest("tcp-connect::", "tcp-connect:*:*");
  ParseTest("tcp-listen::", "tcp-listen:*:*");
  ParseTest("udp-bind::", "udp-bind:*:*");
  ParseTest("udp-send-to::", "udp-send-to:*:*");

  ParseTest("tcp-connect:*", "tcp-connect:*:*");
  ParseTest("tcp-listen:*", "tcp-listen:*:*");
  ParseTest("udp-bind:*", "udp-bind:*:*");
  ParseTest("udp-send-to:*", "udp-send-to:*:*");

  ParseTest("tcp-connect:*:", "tcp-connect:*:*");
  ParseTest("tcp-listen:*:", "tcp-listen:*:*");
  ParseTest("udp-bind:*:", "udp-bind:*:*");
  ParseTest("udp-send-to:*:", "udp-send-to:*:*");

  ParseTest("tcp-connect::*", "tcp-connect:*:*");
  ParseTest("tcp-listen::*", "tcp-listen:*:*");
  ParseTest("udp-bind::*", "udp-bind:*:*");
  ParseTest("udp-send-to::*", "udp-send-to:*:*");

  ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");
  ParseTest("tcp-listen:www.example.com", "tcp-listen:www.example.com:*");
  ParseTest("udp-bind:www.example.com", "udp-bind:www.example.com:*");
  ParseTest("udp-send-to:www.example.com", "udp-send-to:www.example.com:*");
  ParseTest("udp-send-to:wWW.ExAmPlE.cOm", "udp-send-to:www.example.com:*");

  ParseTest("tcp-connect:.example.com", "tcp-connect:*.example.com:*");
  ParseTest("tcp-listen:.example.com", "tcp-listen:*.example.com:*");
  ParseTest("udp-bind:.example.com", "udp-bind:*.example.com:*");
  ParseTest("udp-send-to:.example.com", "udp-send-to:*.example.com:*");

  ParseTest("tcp-connect:*.example.com", "tcp-connect:*.example.com:*");
  ParseTest("tcp-listen:*.example.com", "tcp-listen:*.example.com:*");
  ParseTest("udp-bind:*.example.com", "udp-bind:*.example.com:*");
  ParseTest("udp-send-to:*.example.com", "udp-send-to:*.example.com:*");

  ParseTest("tcp-connect::99", "tcp-connect:*:99");
  ParseTest("tcp-listen::99", "tcp-listen:*:99");
  ParseTest("udp-bind::99", "udp-bind:*:99");
  ParseTest("udp-send-to::99", "udp-send-to:*:99");

  ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");

  ParseTest("tcp-connect:*.example.com:99", "tcp-connect:*.example.com:99");
}

TEST(SocketPermissionTest, Match) {
  SocketPermissionData data;
  scoped_ptr<SocketPermission::CheckParam> param;

  CHECK(data.ParseForTest("tcp-connect"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));

  CHECK(data.ParseForTest("udp-send-to::8800"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));

  CHECK(data.ParseForTest("udp-send-to:*.example.com:8800"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "wwwexample.com", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  CHECK(data.ParseForTest("udp-send-to:*.ExAmPlE.cOm:8800"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  ASSERT_TRUE(data.ParseForTest("udp-bind::8800"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  // Do not wildcard part of ip address.
  ASSERT_TRUE(data.ParseForTest("tcp-connect:*.168.0.1:8800"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "192.168.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*"));
  ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*:*"));
  ASSERT_TRUE(data.ParseForTest("udp-multicast-membership"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "127.0.0.1", 35));
  EXPECT_TRUE(data.Check(param.get()));

  ASSERT_TRUE(data.ParseForTest("resolve-host"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 80));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 8080));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  ASSERT_TRUE(data.ParseForTest("resolve-proxy"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 80));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 8080));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));

  ASSERT_TRUE(data.ParseForTest("network-state"));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::NETWORK_STATE, std::string(), 0));
  EXPECT_TRUE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));
  param.reset(new SocketPermission::CheckParam(
      SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
  EXPECT_FALSE(data.Check(param.get()));
}

TEST(SocketPermissionTest, IPC) {
  const APIPermissionInfo* permission_info =
      PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);

  {
    IPC::Message m;

    scoped_ptr<APIPermission> permission1(
        permission_info->CreateAPIPermission());
    scoped_ptr<APIPermission> permission2(
        permission_info->CreateAPIPermission());

    permission1->Write(&m);
    PickleIterator iter(m);
    permission2->Read(&m, &iter);

    EXPECT_TRUE(permission1->Equal(permission2.get()));
  }

  {
    IPC::Message m;

    scoped_ptr<APIPermission> permission1(
        permission_info->CreateAPIPermission());
    scoped_ptr<APIPermission> permission2(
        permission_info->CreateAPIPermission());

    scoped_ptr<base::ListValue> value(new base::ListValue());
    value->AppendString("tcp-connect:*.example.com:80");
    value->AppendString("udp-bind::8080");
    value->AppendString("udp-send-to::8888");
    ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL));

    EXPECT_FALSE(permission1->Equal(permission2.get()));

    permission1->Write(&m);
    PickleIterator iter(m);
    permission2->Read(&m, &iter);
    EXPECT_TRUE(permission1->Equal(permission2.get()));
  }
}

TEST(SocketPermissionTest, Value) {
  const APIPermissionInfo* permission_info =
      PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);

  scoped_ptr<APIPermission> permission1(permission_info->CreateAPIPermission());
  scoped_ptr<APIPermission> permission2(permission_info->CreateAPIPermission());

  scoped_ptr<base::ListValue> value(new base::ListValue());
  value->AppendString("tcp-connect:*.example.com:80");
  value->AppendString("udp-bind::8080");
  value->AppendString("udp-send-to::8888");
  ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL));

  EXPECT_FALSE(permission1->Equal(permission2.get()));

  scoped_ptr<base::Value> vtmp(permission1->ToValue());
  ASSERT_TRUE(vtmp);
  ASSERT_TRUE(permission2->FromValue(vtmp.get(), NULL, NULL));
  EXPECT_TRUE(permission1->Equal(permission2.get()));
}

}  // namespace

}  // namespace extensions