1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/common/pepper_permission_util.h" 6 7 #include <set> 8 #include <string> 9 10 #include "chrome/common/extensions/features/feature_channel.h" 11 #include "extensions/common/extension_builder.h" 12 #include "extensions/common/extension_set.h" 13 #include "extensions/common/id_util.h" 14 #include "testing/gtest/include/gtest/gtest.h" 15 16 using chrome::IsExtensionOrSharedModuleWhitelisted; 17 18 namespace extensions { 19 20 namespace { 21 22 // Return an extension with |id| which imports a module with the given 23 // |import_id|. 24 scoped_refptr<Extension> CreateExtensionImportingModule( 25 const std::string& import_id, 26 const std::string& id) { 27 scoped_ptr<base::DictionaryValue> manifest = 28 DictionaryBuilder() 29 .Set("name", "Has Dependent Modules") 30 .Set("version", "1.0") 31 .Set("manifest_version", 2) 32 .Set("import", 33 ListBuilder().Append(DictionaryBuilder().Set("id", import_id))) 34 .Build(); 35 36 return ExtensionBuilder() 37 .SetManifest(manifest.Pass()) 38 .AddFlags(Extension::FROM_WEBSTORE) 39 .SetID(id) 40 .Build(); 41 } 42 43 } // namespace 44 45 TEST(PepperPermissionUtilTest, ExtensionWhitelisting) { 46 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); 47 ExtensionSet extensions; 48 std::string whitelisted_id = id_util::GenerateId("whitelisted_extension"); 49 scoped_ptr<base::DictionaryValue> manifest = 50 DictionaryBuilder() 51 .Set("name", "Whitelisted Extension") 52 .Set("version", "1.0") 53 .Set("manifest_version", 2) 54 .Build(); 55 scoped_refptr<Extension> ext = ExtensionBuilder() 56 .SetManifest(manifest.Pass()) 57 .SetID(whitelisted_id) 58 .Build(); 59 extensions.Insert(ext); 60 std::set<std::string> whitelist; 61 std::string url = std::string("chrome-extension://") + whitelisted_id + 62 std::string("/manifest.nmf"); 63 std::string bad_scheme_url = 64 std::string("http://") + whitelisted_id + std::string("/manifest.nmf"); 65 std::string bad_host_url = 66 std::string("chrome-extension://") + id_util::GenerateId("bad_host"); 67 std::string("/manifest.nmf"); 68 69 EXPECT_FALSE( 70 IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist)); 71 whitelist.insert(whitelisted_id); 72 EXPECT_TRUE( 73 IsExtensionOrSharedModuleWhitelisted(GURL(url), &extensions, whitelist)); 74 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted( 75 GURL(bad_scheme_url), &extensions, whitelist)); 76 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted( 77 GURL(bad_host_url), &extensions, whitelist)); 78 } 79 80 TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) { 81 ScopedCurrentChannel current_channel(chrome::VersionInfo::CHANNEL_UNKNOWN); 82 ExtensionSet extensions; 83 std::string whitelisted_id = id_util::GenerateId("extension_id"); 84 std::string bad_id = id_util::GenerateId("bad_id"); 85 86 scoped_ptr<base::DictionaryValue> shared_module_manifest = 87 DictionaryBuilder() 88 .Set("name", "Whitelisted Shared Module") 89 .Set("version", "1.0") 90 .Set("manifest_version", 2) 91 .Set("export", 92 DictionaryBuilder() 93 .Set("resources", ListBuilder().Append("*")) 94 // Add the extension to the whitelist. This 95 // restricts import to |whitelisted_id| only. 96 .Set("whitelist", ListBuilder().Append(whitelisted_id))) 97 .Build(); 98 scoped_refptr<Extension> shared_module = 99 ExtensionBuilder().SetManifest(shared_module_manifest.Pass()).Build(); 100 101 scoped_refptr<Extension> ext = 102 CreateExtensionImportingModule(shared_module->id(), whitelisted_id); 103 std::string extension_url = 104 std::string("chrome-extension://") + ext->id() + std::string("/foo.html"); 105 106 std::set<std::string> whitelist; 107 // Important: whitelist *only* the shared module. 108 whitelist.insert(shared_module->id()); 109 110 extensions.Insert(ext); 111 // This should fail because shared_module is not in the set of extensions. 112 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted( 113 GURL(extension_url), &extensions, whitelist)); 114 extensions.Insert(shared_module); 115 EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted( 116 GURL(extension_url), &extensions, whitelist)); 117 scoped_refptr<Extension> bad_ext = 118 CreateExtensionImportingModule(shared_module->id(), bad_id); 119 std::string bad_extension_url = std::string("chrome-extension://") + 120 bad_ext->id() + std::string("/foo.html"); 121 122 extensions.Insert(bad_ext); 123 // This should fail because bad_ext is not whitelisted to use shared_module. 124 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted( 125 GURL(bad_extension_url), &extensions, whitelist)); 126 127 // Note that the whitelist should be empty after this call, so tests checking 128 // for failure to import will fail because of this. 129 whitelist.erase(shared_module->id()); 130 EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted( 131 GURL(extension_url), &extensions, whitelist)); 132 } 133 134 } // namespace extensions 135