1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <vector> 6 7 #include "base/command_line.h" 8 #include "base/memory/ref_counted.h" 9 #include "base/strings/string16.h" 10 #include "base/strings/utf_string_conversions.h" 11 #include "chrome/common/chrome_version_info.h" 12 #include "chrome/common/extensions/extension.h" 13 #include "chrome/common/extensions/extension_manifest_constants.h" 14 #include "chrome/common/extensions/extension_test_util.h" 15 #include "chrome/common/extensions/features/feature_channel.h" 16 #include "chrome/common/extensions/permissions/api_permission.h" 17 #include "chrome/common/extensions/permissions/permission_set.h" 18 #include "chrome/common/extensions/permissions/permissions_data.h" 19 #include "chrome/common/extensions/permissions/socket_permission.h" 20 #include "content/public/common/socket_permission_request.h" 21 #include "extensions/common/error_utils.h" 22 #include "extensions/common/id_util.h" 23 #include "extensions/common/switches.h" 24 #include "extensions/common/url_pattern_set.h" 25 #include "testing/gtest/include/gtest/gtest.h" 26 27 using content::SocketPermissionRequest; 28 using extension_test_util::LoadManifest; 29 using extension_test_util::LoadManifestUnchecked; 30 using extension_test_util::LoadManifestStrict; 31 32 namespace extensions { 33 34 namespace { 35 36 bool CheckSocketPermission( 37 scoped_refptr<Extension> extension, 38 SocketPermissionRequest::OperationType type, 39 const char* host, 40 int port) { 41 SocketPermission::CheckParam param(type, host, port); 42 return PermissionsData::CheckAPIPermissionWithParam( 43 extension.get(), APIPermission::kSocket, ¶m); 44 } 45 46 } // namespace 47 48 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { 49 scoped_refptr<Extension> extension; 50 URLPatternSet hosts; 51 52 extension = LoadManifest("effective_host_permissions", "empty.json"); 53 EXPECT_EQ(0u, 54 PermissionsData::GetEffectiveHostPermissions(extension.get()) 55 .patterns().size()); 56 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); 57 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 58 59 extension = LoadManifest("effective_host_permissions", "one_host.json"); 60 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 61 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 62 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); 63 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 64 65 extension = LoadManifest("effective_host_permissions", 66 "one_host_wildcard.json"); 67 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 68 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 69 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); 70 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 71 72 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); 73 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 74 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 75 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 76 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 77 78 extension = LoadManifest("effective_host_permissions", 79 "https_not_considered.json"); 80 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 81 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 82 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); 83 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 84 85 extension = LoadManifest("effective_host_permissions", 86 "two_content_scripts.json"); 87 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 88 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 89 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 90 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 91 GURL("http://www.reddit.com"))); 92 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); 93 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 94 GURL("http://news.ycombinator.com"))); 95 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 96 97 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); 98 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 99 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 100 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); 101 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 102 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 103 104 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); 105 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 106 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 107 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 108 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 109 110 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 111 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 112 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); 113 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); 114 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 115 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 116 } 117 118 TEST(ExtensionPermissionsTest, SocketPermissions) { 119 // Set feature current channel to appropriate value. 120 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV); 121 scoped_refptr<Extension> extension; 122 std::string error; 123 124 extension = LoadManifest("socket_permissions", "empty.json"); 125 EXPECT_FALSE(CheckSocketPermission(extension, 126 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 127 128 extension = LoadManifestUnchecked("socket_permissions", 129 "socket1.json", 130 Manifest::INTERNAL, Extension::NO_FLAGS, 131 &error); 132 EXPECT_TRUE(extension.get() == NULL); 133 ASSERT_EQ(ErrorUtils::FormatErrorMessage( 134 extension_manifest_errors::kInvalidPermission, "socket"), 135 error); 136 137 extension = LoadManifest("socket_permissions", "socket2.json"); 138 EXPECT_TRUE(CheckSocketPermission(extension, 139 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 140 EXPECT_FALSE(CheckSocketPermission( 141 extension, SocketPermissionRequest::UDP_BIND, "", 80)); 142 EXPECT_TRUE(CheckSocketPermission( 143 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); 144 145 EXPECT_FALSE(CheckSocketPermission( 146 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); 147 EXPECT_TRUE(CheckSocketPermission( 148 extension, 149 SocketPermissionRequest::UDP_SEND_TO, 150 "239.255.255.250", 1900)); 151 } 152 153 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { 154 scoped_refptr<Extension> extension; 155 extension = LoadManifest("permissions", "many-apis.json"); 156 std::vector<string16> warnings = 157 PermissionsData::GetPermissionMessageStrings(extension.get()); 158 ASSERT_EQ(6u, warnings.size()); 159 EXPECT_EQ("Access your data on api.flickr.com", 160 UTF16ToUTF8(warnings[0])); 161 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); 162 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); 163 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3])); 164 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4])); 165 EXPECT_EQ("Manage your apps, extensions, and themes", 166 UTF16ToUTF8(warnings[5])); 167 } 168 169 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) { 170 scoped_refptr<Extension> extension; 171 extension = LoadManifest("permissions", "more-than-3-hosts.json"); 172 std::vector<string16> warnings = 173 PermissionsData::GetPermissionMessageStrings(extension.get()); 174 std::vector<string16> warnings_details = 175 PermissionsData::GetPermissionMessageDetailsStrings(extension.get()); 176 ASSERT_EQ(1u, warnings.size()); 177 ASSERT_EQ(1u, warnings_details.size()); 178 #if defined(TOOLKIT_VIEWS) 179 EXPECT_EQ("Access your data on 5 website(s)", UTF16ToUTF8(warnings[0])); 180 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", 181 UTF16ToUTF8(warnings_details[0])); 182 #else 183 // TODO(finnur): Remove once other platforms support expandable sections. 184 EXPECT_EQ("Access your data on www.a.com, www.b.com, and 3 other websites", 185 UTF16ToUTF8(warnings[0])); 186 EXPECT_TRUE(warnings_details[0].empty()); 187 #endif 188 } 189 190 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) { 191 scoped_refptr<Extension> extension; 192 extension = LoadManifest("permissions", 193 "location-api.json", 194 Manifest::COMPONENT, 195 Extension::NO_FLAGS); 196 std::vector<string16> warnings = 197 PermissionsData::GetPermissionMessageStrings(extension.get()); 198 ASSERT_EQ(1u, warnings.size()); 199 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); 200 } 201 202 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) { 203 scoped_refptr<Extension> extension; 204 extension = LoadManifest("permissions", "many-hosts.json"); 205 std::vector<string16> warnings = 206 PermissionsData::GetPermissionMessageStrings(extension.get()); 207 ASSERT_EQ(1u, warnings.size()); 208 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com", 209 UTF16ToUTF8(warnings[0])); 210 } 211 212 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) { 213 scoped_refptr<Extension> extension; 214 extension = LoadManifest("permissions", "plugins.json"); 215 std::vector<string16> warnings = 216 PermissionsData::GetPermissionMessageStrings(extension.get()); 217 // We don't parse the plugins key on Chrome OS, so it should not ask for any 218 // permissions. 219 #if defined(OS_CHROMEOS) 220 ASSERT_EQ(0u, warnings.size()); 221 #else 222 ASSERT_EQ(1u, warnings.size()); 223 EXPECT_EQ("Access all data on your computer and the websites you visit", 224 UTF16ToUTF8(warnings[0])); 225 #endif 226 } 227 228 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage 229 // methods of Extension for extensions with various permissions. 230 class ExtensionScriptAndCaptureVisibleTest : public testing::Test { 231 protected: 232 ExtensionScriptAndCaptureVisibleTest() 233 : http_url("http://www.google.com"), 234 http_url_with_path("http://www.google.com/index.html"), 235 https_url("https://www.google.com"), 236 file_url("file:///foo/bar"), 237 favicon_url("chrome://favicon/http://www.google.com"), 238 extension_url("chrome-extension://" + 239 id_util::GenerateIdForPath( 240 base::FilePath(FILE_PATH_LITERAL("foo")))), 241 settings_url("chrome://settings"), 242 about_url("about:flags") { 243 urls_.insert(http_url); 244 urls_.insert(http_url_with_path); 245 urls_.insert(https_url); 246 urls_.insert(file_url); 247 urls_.insert(favicon_url); 248 urls_.insert(extension_url); 249 urls_.insert(settings_url); 250 urls_.insert(about_url); 251 // Ignore the policy delegate for this test. 252 PermissionsData::SetPolicyDelegate(NULL); 253 } 254 255 bool AllowedScript(const Extension* extension, const GURL& url, 256 const GURL& top_url) { 257 return PermissionsData::CanExecuteScriptOnPage( 258 extension, url, top_url, -1, NULL, -1, NULL); 259 } 260 261 bool BlockedScript(const Extension* extension, const GURL& url, 262 const GURL& top_url) { 263 return !PermissionsData::CanExecuteScriptOnPage( 264 extension, url, top_url, -1, NULL, -1, NULL); 265 } 266 267 bool Allowed(const Extension* extension, const GURL& url) { 268 return Allowed(extension, url, -1); 269 } 270 271 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 272 return (PermissionsData::CanExecuteScriptOnPage( 273 extension, url, url, tab_id, NULL, -1, NULL) && 274 PermissionsData::CanCaptureVisiblePage( 275 extension, url, tab_id, NULL)); 276 } 277 278 bool CaptureOnly(const Extension* extension, const GURL& url) { 279 return CaptureOnly(extension, url, -1); 280 } 281 282 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 283 return !PermissionsData::CanExecuteScriptOnPage( 284 extension, url, url, tab_id, NULL, -1, NULL) && 285 PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL); 286 } 287 288 bool Blocked(const Extension* extension, const GURL& url) { 289 return Blocked(extension, url, -1); 290 } 291 292 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 293 return !(PermissionsData::CanExecuteScriptOnPage( 294 extension, url, url, tab_id, NULL, -1, NULL) || 295 PermissionsData::CanCaptureVisiblePage( 296 extension, url, tab_id, NULL)); 297 } 298 299 bool AllowedExclusivelyOnTab( 300 const Extension* extension, 301 const std::set<GURL>& allowed_urls, 302 int tab_id) { 303 bool result = true; 304 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 305 const GURL& url = *it; 306 if (allowed_urls.count(url)) 307 result &= Allowed(extension, url, tab_id); 308 else 309 result &= Blocked(extension, url, tab_id); 310 } 311 return result; 312 } 313 314 // URLs that are "safe" to provide scripting and capture visible tab access 315 // to if the permissions allow it. 316 const GURL http_url; 317 const GURL http_url_with_path; 318 const GURL https_url; 319 const GURL file_url; 320 321 // We should allow host permission but not scripting permission for favicon 322 // urls. 323 const GURL favicon_url; 324 325 // URLs that regular extensions should never get access to. 326 const GURL extension_url; 327 const GURL settings_url; 328 const GURL about_url; 329 330 private: 331 // The set of all URLs above. 332 std::set<GURL> urls_; 333 }; 334 335 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { 336 // Test <all_urls> for regular extensions. 337 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", 338 "extension_regular_all.json"); 339 340 EXPECT_TRUE(Allowed(extension.get(), http_url)); 341 EXPECT_TRUE(Allowed(extension.get(), https_url)); 342 EXPECT_TRUE(Blocked(extension.get(), file_url)); 343 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 344 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 345 EXPECT_TRUE(Blocked(extension.get(), about_url)); 346 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 347 348 // Test access to iframed content. 349 GURL within_extension_url = extension->GetResourceURL("page.html"); 350 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 351 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 352 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 353 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 354 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 355 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 356 357 EXPECT_FALSE( 358 PermissionsData::HasHostPermission(extension.get(), settings_url)); 359 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 360 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 361 362 // Test * for scheme, which implies just the http/https schemes. 363 extension = LoadManifestStrict("script_and_capture", 364 "extension_wildcard.json"); 365 EXPECT_TRUE(Allowed(extension.get(), http_url)); 366 EXPECT_TRUE(Allowed(extension.get(), https_url)); 367 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 368 EXPECT_TRUE(Blocked(extension.get(), about_url)); 369 EXPECT_TRUE(Blocked(extension.get(), file_url)); 370 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 371 extension = 372 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 373 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 374 375 // Having chrome://*/ should not work for regular extensions. Note that 376 // for favicon access, we require the explicit pattern chrome://favicon/*. 377 std::string error; 378 extension = LoadManifestUnchecked("script_and_capture", 379 "extension_wildcard_chrome.json", 380 Manifest::INTERNAL, Extension::NO_FLAGS, 381 &error); 382 EXPECT_TRUE(extension.get() == NULL); 383 EXPECT_EQ( 384 ErrorUtils::FormatErrorMessage( 385 extension_manifest_errors::kInvalidPermissionScheme, "chrome://*/"), 386 error); 387 388 // Having chrome://favicon/* should not give you chrome://* 389 extension = LoadManifestStrict("script_and_capture", 390 "extension_chrome_favicon_wildcard.json"); 391 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 392 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 393 EXPECT_TRUE(Blocked(extension.get(), about_url)); 394 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 395 396 // Having http://favicon should not give you chrome://favicon 397 extension = LoadManifestStrict("script_and_capture", 398 "extension_http_favicon.json"); 399 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 400 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 401 402 // Component extensions with <all_urls> should get everything. 403 extension = LoadManifest("script_and_capture", "extension_component_all.json", 404 Manifest::COMPONENT, Extension::NO_FLAGS); 405 EXPECT_TRUE(Allowed(extension.get(), http_url)); 406 EXPECT_TRUE(Allowed(extension.get(), https_url)); 407 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 408 EXPECT_TRUE(Allowed(extension.get(), about_url)); 409 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 410 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 411 412 // Component extensions should only get access to what they ask for. 413 extension = LoadManifest("script_and_capture", 414 "extension_component_google.json", Manifest::COMPONENT, 415 Extension::NO_FLAGS); 416 EXPECT_TRUE(Allowed(extension.get(), http_url)); 417 EXPECT_TRUE(Blocked(extension.get(), https_url)); 418 EXPECT_TRUE(Blocked(extension.get(), file_url)); 419 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 420 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 421 EXPECT_TRUE(Blocked(extension.get(), about_url)); 422 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 423 EXPECT_FALSE( 424 PermissionsData::HasHostPermission(extension.get(), settings_url)); 425 } 426 427 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { 428 CommandLine::ForCurrentProcess()->AppendSwitch( 429 switches::kExtensionsOnChromeURLs); 430 431 scoped_refptr<Extension> extension; 432 433 // Test <all_urls> for regular extensions. 434 extension = LoadManifestStrict("script_and_capture", 435 "extension_regular_all.json"); 436 EXPECT_TRUE(Allowed(extension.get(), http_url)); 437 EXPECT_TRUE(Allowed(extension.get(), https_url)); 438 EXPECT_TRUE(Blocked(extension.get(), file_url)); 439 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 440 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 441 EXPECT_TRUE(Blocked(extension.get(), about_url)); 442 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 443 444 // Test access to iframed content. 445 GURL within_extension_url = extension->GetResourceURL("page.html"); 446 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 447 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 448 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 449 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 450 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 451 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 452 453 EXPECT_FALSE( 454 PermissionsData::HasHostPermission(extension.get(), settings_url)); 455 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 456 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 457 458 // Test * for scheme, which implies just the http/https schemes. 459 extension = LoadManifestStrict("script_and_capture", 460 "extension_wildcard.json"); 461 EXPECT_TRUE(Allowed(extension.get(), http_url)); 462 EXPECT_TRUE(Allowed(extension.get(), https_url)); 463 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 464 EXPECT_TRUE(Blocked(extension.get(), about_url)); 465 EXPECT_TRUE(Blocked(extension.get(), file_url)); 466 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 467 extension = 468 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 469 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 470 471 // Having chrome://*/ should work for regular extensions with the flag 472 // enabled. 473 std::string error; 474 extension = LoadManifestUnchecked("script_and_capture", 475 "extension_wildcard_chrome.json", 476 Manifest::INTERNAL, Extension::NO_FLAGS, 477 &error); 478 EXPECT_FALSE(extension.get() == NULL); 479 EXPECT_TRUE(Blocked(extension.get(), http_url)); 480 EXPECT_TRUE(Blocked(extension.get(), https_url)); 481 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 482 EXPECT_TRUE(Blocked(extension.get(), about_url)); 483 EXPECT_TRUE(Blocked(extension.get(), file_url)); 484 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 485 486 // Having chrome://favicon/* should not give you chrome://* 487 extension = LoadManifestStrict("script_and_capture", 488 "extension_chrome_favicon_wildcard.json"); 489 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 490 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 491 EXPECT_TRUE(Blocked(extension.get(), about_url)); 492 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 493 494 // Having http://favicon should not give you chrome://favicon 495 extension = LoadManifestStrict("script_and_capture", 496 "extension_http_favicon.json"); 497 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 498 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 499 500 // Component extensions with <all_urls> should get everything. 501 extension = LoadManifest("script_and_capture", "extension_component_all.json", 502 Manifest::COMPONENT, Extension::NO_FLAGS); 503 EXPECT_TRUE(Allowed(extension.get(), http_url)); 504 EXPECT_TRUE(Allowed(extension.get(), https_url)); 505 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 506 EXPECT_TRUE(Allowed(extension.get(), about_url)); 507 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 508 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 509 510 // Component extensions should only get access to what they ask for. 511 extension = LoadManifest("script_and_capture", 512 "extension_component_google.json", Manifest::COMPONENT, 513 Extension::NO_FLAGS); 514 EXPECT_TRUE(Allowed(extension.get(), http_url)); 515 EXPECT_TRUE(Blocked(extension.get(), https_url)); 516 EXPECT_TRUE(Blocked(extension.get(), file_url)); 517 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 518 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 519 EXPECT_TRUE(Blocked(extension.get(), about_url)); 520 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 521 EXPECT_FALSE( 522 PermissionsData::HasHostPermission(extension.get(), settings_url)); 523 } 524 525 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { 526 scoped_refptr<Extension> extension = 527 LoadManifestStrict("script_and_capture", "tab_specific.json"); 528 529 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 530 .get()); 531 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 532 .get()); 533 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2) 534 .get()); 535 536 std::set<GURL> no_urls; 537 538 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 539 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 540 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 541 542 URLPatternSet allowed_hosts; 543 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 544 http_url.spec())); 545 std::set<GURL> allowed_urls; 546 allowed_urls.insert(http_url); 547 // http_url_with_path() will also be allowed, because Extension should be 548 // considering the security origin of the URL not the URL itself, and 549 // http_url is in allowed_hosts. 550 allowed_urls.insert(http_url_with_path); 551 552 { 553 scoped_refptr<PermissionSet> permissions( 554 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); 555 PermissionsData::UpdateTabSpecificPermissions( 556 extension.get(), 0, permissions); 557 EXPECT_EQ(permissions->explicit_hosts(), 558 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 559 ->explicit_hosts()); 560 } 561 562 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 563 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 564 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 565 566 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 567 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 568 .get()); 569 570 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 571 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 572 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 573 574 std::set<GURL> more_allowed_urls = allowed_urls; 575 more_allowed_urls.insert(https_url); 576 URLPatternSet more_allowed_hosts = allowed_hosts; 577 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 578 https_url.spec())); 579 580 { 581 scoped_refptr<PermissionSet> permissions( 582 new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet())); 583 PermissionsData::UpdateTabSpecificPermissions( 584 extension.get(), 0, permissions); 585 EXPECT_EQ(permissions->explicit_hosts(), 586 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 587 ->explicit_hosts()); 588 589 permissions = new PermissionSet(APIPermissionSet(), 590 more_allowed_hosts, 591 URLPatternSet()); 592 PermissionsData::UpdateTabSpecificPermissions( 593 extension.get(), 1, permissions); 594 EXPECT_EQ(permissions->explicit_hosts(), 595 PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 596 ->explicit_hosts()); 597 } 598 599 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 600 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 601 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 602 603 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 604 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 605 .get()); 606 607 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 608 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 609 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 610 611 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1); 612 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 613 .get()); 614 615 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 616 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 617 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 618 } 619 620 } // namespace extensions 621