1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <vector> 6 7 #include "chrome/browser/extensions/webstore_inline_installer.h" 8 #include "chrome/test/base/chrome_render_view_host_test_harness.h" 9 #include "content/public/browser/browser_thread.h" 10 #include "content/public/browser/web_contents.h" 11 #include "content/public/test/test_browser_thread.h" 12 #include "testing/gtest/include/gtest/gtest.h" 13 #include "url/gurl.h" 14 15 namespace extensions { 16 17 namespace { 18 19 // Wraps WebstoreInlineInstaller to provide access to domain verification 20 // methods for testing. 21 class TestWebstoreInlineInstaller : public WebstoreInlineInstaller { 22 public: 23 explicit TestWebstoreInlineInstaller(content::WebContents* contents, 24 const std::string& requestor_url); 25 26 bool TestCheckRequestorPermitted(const base::DictionaryValue& webstore_data) { 27 std::string error; 28 return CheckRequestorPermitted(webstore_data, &error); 29 } 30 31 protected: 32 virtual ~TestWebstoreInlineInstaller(); 33 }; 34 35 void TestInstallerCallback(bool success, const std::string& error) {} 36 37 TestWebstoreInlineInstaller::TestWebstoreInlineInstaller( 38 content::WebContents* contents, 39 const std::string& requestor_url) 40 : WebstoreInlineInstaller(contents, 41 "", 42 GURL(requestor_url), 43 base::Bind(&TestInstallerCallback)) { 44 } 45 46 TestWebstoreInlineInstaller::~TestWebstoreInlineInstaller() {} 47 48 // We inherit from ChromeRenderViewHostTestHarness only for 49 // CreateTestWebContents, because we need a mock WebContents to support the 50 // underlying WebstoreInlineInstaller in each test case. 51 class WebstoreInlineInstallerTest : public ChromeRenderViewHostTestHarness { 52 public: 53 // testing::Test 54 virtual void SetUp() OVERRIDE; 55 virtual void TearDown() OVERRIDE; 56 57 bool TestSingleVerifiedSite(const std::string& requestor_url, 58 const std::string& verified_site); 59 60 bool TestMultipleVerifiedSites( 61 const std::string& requestor_url, 62 const std::vector<std::string>& verified_sites); 63 64 protected: 65 scoped_ptr<content::WebContents> web_contents_; 66 }; 67 68 void WebstoreInlineInstallerTest::SetUp() { 69 ChromeRenderViewHostTestHarness::SetUp(); 70 web_contents_.reset(CreateTestWebContents()); 71 } 72 73 void WebstoreInlineInstallerTest::TearDown() { 74 web_contents_.reset(NULL); 75 ChromeRenderViewHostTestHarness::TearDown(); 76 } 77 78 // Simulates a test against the verified site string from a Webstore item's 79 // "verified_site" manifest entry. 80 bool WebstoreInlineInstallerTest::TestSingleVerifiedSite( 81 const std::string& requestor_url, 82 const std::string& verified_site) { 83 base::DictionaryValue webstore_data; 84 webstore_data.SetString("verified_site", verified_site); 85 86 scoped_refptr<TestWebstoreInlineInstaller> installer = 87 new TestWebstoreInlineInstaller(web_contents_.get(), requestor_url); 88 return installer->TestCheckRequestorPermitted(webstore_data); 89 } 90 91 // Simulates a test against a list of verified site strings from a Webstore 92 // item's "verified_sites" manifest entry. 93 bool WebstoreInlineInstallerTest::TestMultipleVerifiedSites( 94 const std::string& requestor_url, 95 const std::vector<std::string>& verified_sites) { 96 base::ListValue* sites = new base::ListValue(); 97 for (std::vector<std::string>::const_iterator it = verified_sites.begin(); 98 it != verified_sites.end(); ++it) { 99 sites->Append(new base::StringValue(*it)); 100 } 101 base::DictionaryValue webstore_data; 102 webstore_data.Set("verified_sites", sites); 103 104 scoped_refptr<TestWebstoreInlineInstaller> installer = 105 new TestWebstoreInlineInstaller(web_contents_.get(), requestor_url); 106 return installer->TestCheckRequestorPermitted(webstore_data); 107 } 108 109 } // namespace 110 111 TEST_F(WebstoreInlineInstallerTest, DomainVerification) { 112 // Exact domain match. 113 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com", "example.com")); 114 115 // The HTTPS scheme is allowed. 116 EXPECT_TRUE(TestSingleVerifiedSite("https://example.com", "example.com")); 117 118 // The file: scheme is not allowed. 119 EXPECT_FALSE(TestSingleVerifiedSite("file:///example.com", "example.com")); 120 121 // Trailing slash in URL. 122 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/", "example.com")); 123 124 // Page on the domain. 125 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/page.html", 126 "example.com")); 127 128 // Page on a subdomain. 129 EXPECT_TRUE(TestSingleVerifiedSite("http://sub.example.com/page.html", 130 "example.com")); 131 132 // Root domain when only a subdomain is verified. 133 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/", 134 "sub.example.com")); 135 136 // Different subdomain when only a subdomain is verified. 137 EXPECT_FALSE(TestSingleVerifiedSite("http://www.example.com/", 138 "sub.example.com")); 139 140 // Port matches. 141 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com:123/", 142 "example.com:123")); 143 144 // Port doesn't match. 145 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com:456/", 146 "example.com:123")); 147 148 // Port is missing in the requestor URL. 149 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/", 150 "example.com:123")); 151 152 // Port is missing in the verified site (any port matches). 153 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com:123/", "example.com")); 154 155 // Path matches. 156 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path", 157 "example.com/path")); 158 159 // Path doesn't match. 160 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/foo", 161 "example.com/path")); 162 163 // Path is missing. 164 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com", 165 "example.com/path")); 166 167 // Path matches (with trailing slash). 168 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path/", 169 "example.com/path")); 170 171 // Path matches (is a file under the path). 172 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path/page.html", 173 "example.com/path")); 174 175 // Path and port match. 176 EXPECT_TRUE(TestSingleVerifiedSite( 177 "http://example.com:123/path/page.html", "example.com:123/path")); 178 179 // Match specific valid schemes 180 EXPECT_TRUE(TestSingleVerifiedSite("http://example.com", 181 "http://example.com")); 182 EXPECT_TRUE(TestSingleVerifiedSite("https://example.com", 183 "https://example.com")); 184 185 // Mismatch specific vaild schemes 186 EXPECT_FALSE(TestSingleVerifiedSite("https://example.com", 187 "http://example.com")); 188 EXPECT_FALSE(TestSingleVerifiedSite("http://example.com", 189 "https://example.com")); 190 191 // Invalid scheme spec 192 EXPECT_FALSE(TestSingleVerifiedSite("file://example.com", 193 "file://example.com")); 194 195 std::vector<std::string> verified_sites; 196 verified_sites.push_back("foo.example.com"); 197 verified_sites.push_back("bar.example.com:123"); 198 verified_sites.push_back("example.com/unicorns"); 199 200 // Test valid examples against the site list. 201 202 EXPECT_TRUE(TestMultipleVerifiedSites("http://foo.example.com", 203 verified_sites)); 204 205 EXPECT_TRUE(TestMultipleVerifiedSites("http://bar.example.com:123", 206 verified_sites)); 207 208 EXPECT_TRUE(TestMultipleVerifiedSites( 209 "http://cooking.example.com/unicorns/bacon.html", verified_sites)); 210 211 // Test invalid examples against the site list. 212 213 EXPECT_FALSE(TestMultipleVerifiedSites("http://example.com", 214 verified_sites)); 215 216 EXPECT_FALSE(TestMultipleVerifiedSites("file://foo.example.com", 217 verified_sites)); 218 219 EXPECT_FALSE(TestMultipleVerifiedSites("http://baz.example.com", 220 verified_sites)); 221 222 EXPECT_FALSE(TestMultipleVerifiedSites("http://bar.example.com:456", 223 verified_sites)); 224 } 225 226 } // namespace extensions 227
