1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <vector> 6 7 #include "base/command_line.h" 8 #include "base/memory/ref_counted.h" 9 #include "base/strings/string16.h" 10 #include "base/strings/utf_string_conversions.h" 11 #include "chrome/common/chrome_version_info.h" 12 #include "chrome/common/extensions/extension_test_util.h" 13 #include "chrome/common/extensions/features/feature_channel.h" 14 #include "chrome/common/extensions/permissions/socket_permission.h" 15 #include "content/public/common/socket_permission_request.h" 16 #include "extensions/common/error_utils.h" 17 #include "extensions/common/extension.h" 18 #include "extensions/common/id_util.h" 19 #include "extensions/common/manifest_constants.h" 20 #include "extensions/common/permissions/api_permission.h" 21 #include "extensions/common/permissions/permission_set.h" 22 #include "extensions/common/permissions/permissions_data.h" 23 #include "extensions/common/switches.h" 24 #include "extensions/common/url_pattern_set.h" 25 #include "testing/gtest/include/gtest/gtest.h" 26 27 using content::SocketPermissionRequest; 28 using extension_test_util::LoadManifest; 29 using extension_test_util::LoadManifestUnchecked; 30 using extension_test_util::LoadManifestStrict; 31 32 namespace extensions { 33 34 namespace { 35 36 bool CheckSocketPermission( 37 scoped_refptr<Extension> extension, 38 SocketPermissionRequest::OperationType type, 39 const char* host, 40 int port) { 41 SocketPermission::CheckParam param(type, host, port); 42 return PermissionsData::CheckAPIPermissionWithParam( 43 extension.get(), APIPermission::kSocket, ¶m); 44 } 45 46 } // namespace 47 48 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { 49 scoped_refptr<Extension> extension; 50 URLPatternSet hosts; 51 52 extension = LoadManifest("effective_host_permissions", "empty.json"); 53 EXPECT_EQ(0u, 54 PermissionsData::GetEffectiveHostPermissions(extension.get()) 55 .patterns().size()); 56 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com"))); 57 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 58 59 extension = LoadManifest("effective_host_permissions", "one_host.json"); 60 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 61 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 62 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com"))); 63 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 64 65 extension = LoadManifest("effective_host_permissions", 66 "one_host_wildcard.json"); 67 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 68 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 69 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com"))); 70 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 71 72 extension = LoadManifest("effective_host_permissions", "two_hosts.json"); 73 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 74 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 75 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 76 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 77 78 extension = LoadManifest("effective_host_permissions", 79 "https_not_considered.json"); 80 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 81 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 82 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com"))); 83 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 84 85 extension = LoadManifest("effective_host_permissions", 86 "two_content_scripts.json"); 87 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 88 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com"))); 89 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com"))); 90 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 91 GURL("http://www.reddit.com"))); 92 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com"))); 93 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL( 94 GURL("http://news.ycombinator.com"))); 95 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 96 97 extension = LoadManifest("effective_host_permissions", "all_hosts.json"); 98 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 99 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 100 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/"))); 101 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 102 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 103 104 extension = LoadManifest("effective_host_permissions", "all_hosts2.json"); 105 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 106 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/"))); 107 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 108 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 109 110 extension = LoadManifest("effective_host_permissions", "all_hosts3.json"); 111 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get()); 112 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/"))); 113 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/"))); 114 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com"))); 115 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get())); 116 } 117 118 TEST(ExtensionPermissionsTest, SocketPermissions) { 119 // Set feature current channel to appropriate value. 120 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV); 121 scoped_refptr<Extension> extension; 122 std::string error; 123 124 extension = LoadManifest("socket_permissions", "empty.json"); 125 EXPECT_FALSE(CheckSocketPermission(extension, 126 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 127 128 extension = LoadManifestUnchecked("socket_permissions", 129 "socket1.json", 130 Manifest::INTERNAL, Extension::NO_FLAGS, 131 &error); 132 EXPECT_TRUE(extension.get() == NULL); 133 ASSERT_EQ(ErrorUtils::FormatErrorMessage( 134 manifest_errors::kInvalidPermission, "socket"), 135 error); 136 137 extension = LoadManifest("socket_permissions", "socket2.json"); 138 EXPECT_TRUE(CheckSocketPermission(extension, 139 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80)); 140 EXPECT_FALSE(CheckSocketPermission( 141 extension, SocketPermissionRequest::UDP_BIND, "", 80)); 142 EXPECT_TRUE(CheckSocketPermission( 143 extension, SocketPermissionRequest::UDP_BIND, "", 8888)); 144 145 EXPECT_FALSE(CheckSocketPermission( 146 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900)); 147 EXPECT_TRUE(CheckSocketPermission( 148 extension, 149 SocketPermissionRequest::UDP_SEND_TO, 150 "239.255.255.250", 1900)); 151 } 152 153 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { 154 scoped_refptr<Extension> extension; 155 extension = LoadManifest("permissions", "many-apis.json"); 156 std::vector<string16> warnings = 157 PermissionsData::GetPermissionMessageStrings(extension.get()); 158 ASSERT_EQ(6u, warnings.size()); 159 EXPECT_EQ("Access your data on api.flickr.com", 160 UTF16ToUTF8(warnings[0])); 161 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1])); 162 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2])); 163 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3])); 164 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4])); 165 EXPECT_EQ("Manage your apps, extensions, and themes", 166 UTF16ToUTF8(warnings[5])); 167 } 168 169 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) { 170 scoped_refptr<Extension> extension; 171 extension = LoadManifest("permissions", "more-than-3-hosts.json"); 172 std::vector<string16> warnings = 173 PermissionsData::GetPermissionMessageStrings(extension.get()); 174 std::vector<string16> warnings_details = 175 PermissionsData::GetPermissionMessageDetailsStrings(extension.get()); 176 ASSERT_EQ(1u, warnings.size()); 177 ASSERT_EQ(1u, warnings_details.size()); 178 EXPECT_EQ("Access your data on 5 websites", UTF16ToUTF8(warnings[0])); 179 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com", 180 UTF16ToUTF8(warnings_details[0])); 181 } 182 183 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) { 184 scoped_refptr<Extension> extension; 185 extension = LoadManifest("permissions", 186 "location-api.json", 187 Manifest::COMPONENT, 188 Extension::NO_FLAGS); 189 std::vector<string16> warnings = 190 PermissionsData::GetPermissionMessageStrings(extension.get()); 191 ASSERT_EQ(1u, warnings.size()); 192 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0])); 193 } 194 195 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) { 196 scoped_refptr<Extension> extension; 197 extension = LoadManifest("permissions", "many-hosts.json"); 198 std::vector<string16> warnings = 199 PermissionsData::GetPermissionMessageStrings(extension.get()); 200 ASSERT_EQ(1u, warnings.size()); 201 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com", 202 UTF16ToUTF8(warnings[0])); 203 } 204 205 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) { 206 scoped_refptr<Extension> extension; 207 extension = LoadManifest("permissions", "plugins.json"); 208 std::vector<string16> warnings = 209 PermissionsData::GetPermissionMessageStrings(extension.get()); 210 // We don't parse the plugins key on Chrome OS, so it should not ask for any 211 // permissions. 212 #if defined(OS_CHROMEOS) 213 ASSERT_EQ(0u, warnings.size()); 214 #else 215 ASSERT_EQ(1u, warnings.size()); 216 EXPECT_EQ("Access all data on your computer and the websites you visit", 217 UTF16ToUTF8(warnings[0])); 218 #endif 219 } 220 221 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage 222 // methods of Extension for extensions with various permissions. 223 class ExtensionScriptAndCaptureVisibleTest : public testing::Test { 224 protected: 225 ExtensionScriptAndCaptureVisibleTest() 226 : http_url("http://www.google.com"), 227 http_url_with_path("http://www.google.com/index.html"), 228 https_url("https://www.google.com"), 229 file_url("file:///foo/bar"), 230 favicon_url("chrome://favicon/http://www.google.com"), 231 extension_url("chrome-extension://" + 232 id_util::GenerateIdForPath( 233 base::FilePath(FILE_PATH_LITERAL("foo")))), 234 settings_url("chrome://settings"), 235 about_url("about:flags") { 236 urls_.insert(http_url); 237 urls_.insert(http_url_with_path); 238 urls_.insert(https_url); 239 urls_.insert(file_url); 240 urls_.insert(favicon_url); 241 urls_.insert(extension_url); 242 urls_.insert(settings_url); 243 urls_.insert(about_url); 244 // Ignore the policy delegate for this test. 245 PermissionsData::SetPolicyDelegate(NULL); 246 } 247 248 bool AllowedScript(const Extension* extension, const GURL& url, 249 const GURL& top_url) { 250 return PermissionsData::CanExecuteScriptOnPage( 251 extension, url, top_url, -1, NULL, -1, NULL); 252 } 253 254 bool BlockedScript(const Extension* extension, const GURL& url, 255 const GURL& top_url) { 256 return !PermissionsData::CanExecuteScriptOnPage( 257 extension, url, top_url, -1, NULL, -1, NULL); 258 } 259 260 bool Allowed(const Extension* extension, const GURL& url) { 261 return Allowed(extension, url, -1); 262 } 263 264 bool Allowed(const Extension* extension, const GURL& url, int tab_id) { 265 return (PermissionsData::CanExecuteScriptOnPage( 266 extension, url, url, tab_id, NULL, -1, NULL) && 267 PermissionsData::CanCaptureVisiblePage( 268 extension, url, tab_id, NULL)); 269 } 270 271 bool CaptureOnly(const Extension* extension, const GURL& url) { 272 return CaptureOnly(extension, url, -1); 273 } 274 275 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) { 276 return !PermissionsData::CanExecuteScriptOnPage( 277 extension, url, url, tab_id, NULL, -1, NULL) && 278 PermissionsData::CanCaptureVisiblePage(extension, url, tab_id, NULL); 279 } 280 281 bool Blocked(const Extension* extension, const GURL& url) { 282 return Blocked(extension, url, -1); 283 } 284 285 bool Blocked(const Extension* extension, const GURL& url, int tab_id) { 286 return !(PermissionsData::CanExecuteScriptOnPage( 287 extension, url, url, tab_id, NULL, -1, NULL) || 288 PermissionsData::CanCaptureVisiblePage( 289 extension, url, tab_id, NULL)); 290 } 291 292 bool AllowedExclusivelyOnTab( 293 const Extension* extension, 294 const std::set<GURL>& allowed_urls, 295 int tab_id) { 296 bool result = true; 297 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) { 298 const GURL& url = *it; 299 if (allowed_urls.count(url)) 300 result &= Allowed(extension, url, tab_id); 301 else 302 result &= Blocked(extension, url, tab_id); 303 } 304 return result; 305 } 306 307 // URLs that are "safe" to provide scripting and capture visible tab access 308 // to if the permissions allow it. 309 const GURL http_url; 310 const GURL http_url_with_path; 311 const GURL https_url; 312 const GURL file_url; 313 314 // We should allow host permission but not scripting permission for favicon 315 // urls. 316 const GURL favicon_url; 317 318 // URLs that regular extensions should never get access to. 319 const GURL extension_url; 320 const GURL settings_url; 321 const GURL about_url; 322 323 private: 324 // The set of all URLs above. 325 std::set<GURL> urls_; 326 }; 327 328 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) { 329 // Test <all_urls> for regular extensions. 330 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture", 331 "extension_regular_all.json"); 332 333 EXPECT_TRUE(Allowed(extension.get(), http_url)); 334 EXPECT_TRUE(Allowed(extension.get(), https_url)); 335 EXPECT_TRUE(Blocked(extension.get(), file_url)); 336 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 337 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 338 EXPECT_TRUE(Blocked(extension.get(), about_url)); 339 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 340 341 // Test access to iframed content. 342 GURL within_extension_url = extension->GetResourceURL("page.html"); 343 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 344 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 345 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 346 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 347 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 348 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 349 350 EXPECT_FALSE( 351 PermissionsData::HasHostPermission(extension.get(), settings_url)); 352 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 353 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 354 355 // Test * for scheme, which implies just the http/https schemes. 356 extension = LoadManifestStrict("script_and_capture", 357 "extension_wildcard.json"); 358 EXPECT_TRUE(Allowed(extension.get(), http_url)); 359 EXPECT_TRUE(Allowed(extension.get(), https_url)); 360 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 361 EXPECT_TRUE(Blocked(extension.get(), about_url)); 362 EXPECT_TRUE(Blocked(extension.get(), file_url)); 363 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 364 extension = 365 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 366 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 367 368 // Having chrome://*/ should not work for regular extensions. Note that 369 // for favicon access, we require the explicit pattern chrome://favicon/*. 370 std::string error; 371 extension = LoadManifestUnchecked("script_and_capture", 372 "extension_wildcard_chrome.json", 373 Manifest::INTERNAL, Extension::NO_FLAGS, 374 &error); 375 std::vector<InstallWarning> warnings = extension->install_warnings(); 376 EXPECT_FALSE(warnings.empty()); 377 EXPECT_EQ(ErrorUtils::FormatErrorMessage( 378 manifest_errors::kInvalidPermissionScheme, 379 "chrome://*/"), 380 warnings[0].message); 381 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 382 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 383 EXPECT_TRUE(Blocked(extension.get(), about_url)); 384 385 // Having chrome://favicon/* should not give you chrome://* 386 extension = LoadManifestStrict("script_and_capture", 387 "extension_chrome_favicon_wildcard.json"); 388 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 389 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url)); 390 EXPECT_TRUE(Blocked(extension.get(), about_url)); 391 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 392 393 // Having http://favicon should not give you chrome://favicon 394 extension = LoadManifestStrict("script_and_capture", 395 "extension_http_favicon.json"); 396 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 397 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 398 399 // Component extensions with <all_urls> should get everything. 400 extension = LoadManifest("script_and_capture", "extension_component_all.json", 401 Manifest::COMPONENT, Extension::NO_FLAGS); 402 EXPECT_TRUE(Allowed(extension.get(), http_url)); 403 EXPECT_TRUE(Allowed(extension.get(), https_url)); 404 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 405 EXPECT_TRUE(Allowed(extension.get(), about_url)); 406 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 407 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 408 409 // Component extensions should only get access to what they ask for. 410 extension = LoadManifest("script_and_capture", 411 "extension_component_google.json", Manifest::COMPONENT, 412 Extension::NO_FLAGS); 413 EXPECT_TRUE(Allowed(extension.get(), http_url)); 414 EXPECT_TRUE(Blocked(extension.get(), https_url)); 415 EXPECT_TRUE(Blocked(extension.get(), file_url)); 416 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 417 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 418 EXPECT_TRUE(Blocked(extension.get(), about_url)); 419 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 420 EXPECT_FALSE( 421 PermissionsData::HasHostPermission(extension.get(), settings_url)); 422 } 423 424 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) { 425 CommandLine::ForCurrentProcess()->AppendSwitch( 426 switches::kExtensionsOnChromeURLs); 427 428 scoped_refptr<Extension> extension; 429 430 // Test <all_urls> for regular extensions. 431 extension = LoadManifestStrict("script_and_capture", 432 "extension_regular_all.json"); 433 EXPECT_TRUE(Allowed(extension.get(), http_url)); 434 EXPECT_TRUE(Allowed(extension.get(), https_url)); 435 EXPECT_TRUE(Blocked(extension.get(), file_url)); 436 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 437 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 438 EXPECT_TRUE(Blocked(extension.get(), about_url)); 439 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 440 441 // Test access to iframed content. 442 GURL within_extension_url = extension->GetResourceURL("page.html"); 443 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path)); 444 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); 445 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); 446 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); 447 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); 448 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); 449 450 EXPECT_FALSE( 451 PermissionsData::HasHostPermission(extension.get(), settings_url)); 452 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url)); 453 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 454 455 // Test * for scheme, which implies just the http/https schemes. 456 extension = LoadManifestStrict("script_and_capture", 457 "extension_wildcard.json"); 458 EXPECT_TRUE(Allowed(extension.get(), http_url)); 459 EXPECT_TRUE(Allowed(extension.get(), https_url)); 460 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 461 EXPECT_TRUE(Blocked(extension.get(), about_url)); 462 EXPECT_TRUE(Blocked(extension.get(), file_url)); 463 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 464 extension = 465 LoadManifest("script_and_capture", "extension_wildcard_settings.json"); 466 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 467 468 // Having chrome://*/ should work for regular extensions with the flag 469 // enabled. 470 std::string error; 471 extension = LoadManifestUnchecked("script_and_capture", 472 "extension_wildcard_chrome.json", 473 Manifest::INTERNAL, Extension::NO_FLAGS, 474 &error); 475 EXPECT_FALSE(extension.get() == NULL); 476 EXPECT_TRUE(Blocked(extension.get(), http_url)); 477 EXPECT_TRUE(Blocked(extension.get(), https_url)); 478 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 479 EXPECT_TRUE(Blocked(extension.get(), about_url)); 480 EXPECT_TRUE(Blocked(extension.get(), file_url)); 481 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 482 483 // Having chrome://favicon/* should not give you chrome://* 484 extension = LoadManifestStrict("script_and_capture", 485 "extension_chrome_favicon_wildcard.json"); 486 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 487 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested 488 EXPECT_TRUE(Blocked(extension.get(), about_url)); 489 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 490 491 // Having http://favicon should not give you chrome://favicon 492 extension = LoadManifestStrict("script_and_capture", 493 "extension_http_favicon.json"); 494 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 495 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 496 497 // Component extensions with <all_urls> should get everything. 498 extension = LoadManifest("script_and_capture", "extension_component_all.json", 499 Manifest::COMPONENT, Extension::NO_FLAGS); 500 EXPECT_TRUE(Allowed(extension.get(), http_url)); 501 EXPECT_TRUE(Allowed(extension.get(), https_url)); 502 EXPECT_TRUE(Allowed(extension.get(), settings_url)); 503 EXPECT_TRUE(Allowed(extension.get(), about_url)); 504 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); 505 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url)); 506 507 // Component extensions should only get access to what they ask for. 508 extension = LoadManifest("script_and_capture", 509 "extension_component_google.json", Manifest::COMPONENT, 510 Extension::NO_FLAGS); 511 EXPECT_TRUE(Allowed(extension.get(), http_url)); 512 EXPECT_TRUE(Blocked(extension.get(), https_url)); 513 EXPECT_TRUE(Blocked(extension.get(), file_url)); 514 EXPECT_TRUE(Blocked(extension.get(), settings_url)); 515 EXPECT_TRUE(Blocked(extension.get(), favicon_url)); 516 EXPECT_TRUE(Blocked(extension.get(), about_url)); 517 EXPECT_TRUE(Blocked(extension.get(), extension_url)); 518 EXPECT_FALSE( 519 PermissionsData::HasHostPermission(extension.get(), settings_url)); 520 } 521 522 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) { 523 scoped_refptr<Extension> extension = 524 LoadManifestStrict("script_and_capture", "tab_specific.json"); 525 526 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 527 .get()); 528 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 529 .get()); 530 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2) 531 .get()); 532 533 std::set<GURL> no_urls; 534 535 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 536 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 537 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 538 539 URLPatternSet allowed_hosts; 540 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 541 http_url.spec())); 542 std::set<GURL> allowed_urls; 543 allowed_urls.insert(http_url); 544 // http_url_with_path() will also be allowed, because Extension should be 545 // considering the security origin of the URL not the URL itself, and 546 // http_url is in allowed_hosts. 547 allowed_urls.insert(http_url_with_path); 548 549 { 550 scoped_refptr<PermissionSet> permissions( 551 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), 552 allowed_hosts, URLPatternSet())); 553 PermissionsData::UpdateTabSpecificPermissions( 554 extension.get(), 0, permissions); 555 EXPECT_EQ(permissions->explicit_hosts(), 556 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 557 ->explicit_hosts()); 558 } 559 560 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 561 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 562 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 563 564 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 565 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 566 .get()); 567 568 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 569 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 570 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 571 572 std::set<GURL> more_allowed_urls = allowed_urls; 573 more_allowed_urls.insert(https_url); 574 URLPatternSet more_allowed_hosts = allowed_hosts; 575 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL, 576 https_url.spec())); 577 578 { 579 scoped_refptr<PermissionSet> permissions( 580 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(), 581 allowed_hosts, URLPatternSet())); 582 PermissionsData::UpdateTabSpecificPermissions( 583 extension.get(), 0, permissions); 584 EXPECT_EQ(permissions->explicit_hosts(), 585 PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 586 ->explicit_hosts()); 587 588 permissions = new PermissionSet(APIPermissionSet(), 589 ManifestPermissionSet(), 590 more_allowed_hosts, 591 URLPatternSet()); 592 PermissionsData::UpdateTabSpecificPermissions( 593 extension.get(), 1, permissions); 594 EXPECT_EQ(permissions->explicit_hosts(), 595 PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 596 ->explicit_hosts()); 597 } 598 599 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), allowed_urls, 0)); 600 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 601 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 602 603 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0); 604 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0) 605 .get()); 606 607 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 608 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1)); 609 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 610 611 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1); 612 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1) 613 .get()); 614 615 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 0)); 616 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 1)); 617 EXPECT_TRUE(AllowedExclusivelyOnTab(extension.get(), no_urls, 2)); 618 } 619 620 } // namespace extensions 621
