1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/prefs/pref_value_map.h" 6 #include "chrome/browser/extensions/external_policy_loader.h" 7 #include "chrome/browser/extensions/policy_handlers.h" 8 #include "chrome/common/pref_names.h" 9 #include "components/policy/core/browser/policy_error_map.h" 10 #include "components/policy/core/common/policy_map.h" 11 #include "extensions/browser/pref_names.h" 12 #include "policy/policy_constants.h" 13 #include "testing/gtest/include/gtest/gtest.h" 14 15 namespace extensions { 16 17 const char kTestPref[] = "unit_test.test_pref"; 18 19 TEST(ExtensionListPolicyHandlerTest, CheckPolicySettings) { 20 base::ListValue list; 21 policy::PolicyMap policy_map; 22 policy::PolicyErrorMap errors; 23 ExtensionListPolicyHandler handler( 24 policy::key::kExtensionInstallBlacklist, kTestPref, true); 25 26 policy_map.Set(policy::key::kExtensionInstallBlacklist, 27 policy::POLICY_LEVEL_MANDATORY, 28 policy::POLICY_SCOPE_USER, 29 list.DeepCopy(), 30 NULL); 31 errors.Clear(); 32 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 33 EXPECT_TRUE(errors.empty()); 34 35 list.Append(new base::StringValue("abcdefghijklmnopabcdefghijklmnop")); 36 policy_map.Set(policy::key::kExtensionInstallBlacklist, 37 policy::POLICY_LEVEL_MANDATORY, 38 policy::POLICY_SCOPE_USER, 39 list.DeepCopy(), 40 NULL); 41 errors.Clear(); 42 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 43 EXPECT_TRUE(errors.empty()); 44 45 list.Append(new base::StringValue("*")); 46 policy_map.Set(policy::key::kExtensionInstallBlacklist, 47 policy::POLICY_LEVEL_MANDATORY, 48 policy::POLICY_SCOPE_USER, 49 list.DeepCopy(), 50 NULL); 51 errors.Clear(); 52 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 53 EXPECT_TRUE(errors.empty()); 54 55 list.Append(new base::StringValue("invalid")); 56 policy_map.Set(policy::key::kExtensionInstallBlacklist, 57 policy::POLICY_LEVEL_MANDATORY, 58 policy::POLICY_SCOPE_USER, 59 list.DeepCopy(), 60 NULL); 61 errors.Clear(); 62 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 63 EXPECT_FALSE(errors.empty()); 64 EXPECT_FALSE( 65 errors.GetErrors(policy::key::kExtensionInstallBlacklist).empty()); 66 } 67 68 TEST(ExtensionListPolicyHandlerTest, ApplyPolicySettings) { 69 base::ListValue policy; 70 base::ListValue expected; 71 policy::PolicyMap policy_map; 72 PrefValueMap prefs; 73 base::Value* value = NULL; 74 ExtensionListPolicyHandler handler( 75 policy::key::kExtensionInstallBlacklist, kTestPref, false); 76 77 policy.Append(new base::StringValue("abcdefghijklmnopabcdefghijklmnop")); 78 expected.Append(new base::StringValue("abcdefghijklmnopabcdefghijklmnop")); 79 80 policy_map.Set(policy::key::kExtensionInstallBlacklist, 81 policy::POLICY_LEVEL_MANDATORY, 82 policy::POLICY_SCOPE_USER, 83 policy.DeepCopy(), 84 NULL); 85 handler.ApplyPolicySettings(policy_map, &prefs); 86 EXPECT_TRUE(prefs.GetValue(kTestPref, &value)); 87 EXPECT_TRUE(base::Value::Equals(&expected, value)); 88 89 policy.Append(new base::StringValue("invalid")); 90 policy_map.Set(policy::key::kExtensionInstallBlacklist, 91 policy::POLICY_LEVEL_MANDATORY, 92 policy::POLICY_SCOPE_USER, 93 policy.DeepCopy(), 94 NULL); 95 handler.ApplyPolicySettings(policy_map, &prefs); 96 EXPECT_TRUE(prefs.GetValue(kTestPref, &value)); 97 EXPECT_TRUE(base::Value::Equals(&expected, value)); 98 } 99 100 TEST(ExtensionInstallForcelistPolicyHandlerTest, CheckPolicySettings) { 101 base::ListValue list; 102 policy::PolicyMap policy_map; 103 policy::PolicyErrorMap errors; 104 ExtensionInstallForcelistPolicyHandler handler; 105 106 policy_map.Set(policy::key::kExtensionInstallForcelist, 107 policy::POLICY_LEVEL_MANDATORY, 108 policy::POLICY_SCOPE_USER, 109 list.DeepCopy(), 110 NULL); 111 errors.Clear(); 112 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 113 EXPECT_TRUE(errors.empty()); 114 115 list.AppendString("abcdefghijklmnopabcdefghijklmnop;http://example.com"); 116 policy_map.Set(policy::key::kExtensionInstallForcelist, 117 policy::POLICY_LEVEL_MANDATORY, 118 policy::POLICY_SCOPE_USER, 119 list.DeepCopy(), 120 NULL); 121 errors.Clear(); 122 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 123 EXPECT_TRUE(errors.empty()); 124 125 // Add an erroneous entry. This should generate an error, but the good 126 // entry should still be translated successfully. 127 list.AppendString("adfasdf;http://example.com"); 128 policy_map.Set(policy::key::kExtensionInstallForcelist, 129 policy::POLICY_LEVEL_MANDATORY, 130 policy::POLICY_SCOPE_USER, 131 list.DeepCopy(), 132 NULL); 133 errors.Clear(); 134 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 135 EXPECT_EQ(1U, errors.size()); 136 137 // Add an entry with bad URL, which should generate another error. 138 list.AppendString("abcdefghijklmnopabcdefghijklmnop;nourl"); 139 policy_map.Set(policy::key::kExtensionInstallForcelist, 140 policy::POLICY_LEVEL_MANDATORY, 141 policy::POLICY_SCOPE_USER, 142 list.DeepCopy(), 143 NULL); 144 errors.Clear(); 145 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 146 EXPECT_EQ(2U, errors.size()); 147 148 // Just an extension ID should also generate an error. 149 list.AppendString("abcdefghijklmnopabcdefghijklmnop"); 150 policy_map.Set(policy::key::kExtensionInstallForcelist, 151 policy::POLICY_LEVEL_MANDATORY, 152 policy::POLICY_SCOPE_USER, 153 list.DeepCopy(), 154 NULL); 155 errors.Clear(); 156 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 157 EXPECT_EQ(3U, errors.size()); 158 } 159 160 TEST(ExtensionInstallForcelistPolicyHandlerTest, ApplyPolicySettings) { 161 base::ListValue policy; 162 base::DictionaryValue expected; 163 policy::PolicyMap policy_map; 164 PrefValueMap prefs; 165 base::Value* value = NULL; 166 ExtensionInstallForcelistPolicyHandler handler; 167 168 handler.ApplyPolicySettings(policy_map, &prefs); 169 EXPECT_FALSE(prefs.GetValue(pref_names::kInstallForceList, &value)); 170 EXPECT_FALSE(value); 171 172 policy_map.Set(policy::key::kExtensionInstallForcelist, 173 policy::POLICY_LEVEL_MANDATORY, 174 policy::POLICY_SCOPE_USER, 175 policy.DeepCopy(), 176 NULL); 177 handler.ApplyPolicySettings(policy_map, &prefs); 178 EXPECT_TRUE(prefs.GetValue(pref_names::kInstallForceList, &value)); 179 EXPECT_TRUE(base::Value::Equals(&expected, value)); 180 181 policy.AppendString("abcdefghijklmnopabcdefghijklmnop;http://example.com"); 182 extensions::ExternalPolicyLoader::AddExtension( 183 &expected, "abcdefghijklmnopabcdefghijklmnop", "http://example.com"); 184 policy_map.Set(policy::key::kExtensionInstallForcelist, 185 policy::POLICY_LEVEL_MANDATORY, 186 policy::POLICY_SCOPE_USER, 187 policy.DeepCopy(), 188 NULL); 189 handler.ApplyPolicySettings(policy_map, &prefs); 190 EXPECT_TRUE(prefs.GetValue(pref_names::kInstallForceList, &value)); 191 EXPECT_TRUE(base::Value::Equals(&expected, value)); 192 193 policy.AppendString("invalid"); 194 policy_map.Set(policy::key::kExtensionInstallForcelist, 195 policy::POLICY_LEVEL_MANDATORY, 196 policy::POLICY_SCOPE_USER, 197 policy.DeepCopy(), 198 NULL); 199 handler.ApplyPolicySettings(policy_map, &prefs); 200 EXPECT_TRUE(prefs.GetValue(pref_names::kInstallForceList, &value)); 201 EXPECT_TRUE(base::Value::Equals(&expected, value)); 202 } 203 204 TEST(ExtensionURLPatternListPolicyHandlerTest, CheckPolicySettings) { 205 base::ListValue list; 206 policy::PolicyMap policy_map; 207 policy::PolicyErrorMap errors; 208 ExtensionURLPatternListPolicyHandler handler( 209 policy::key::kExtensionInstallSources, kTestPref); 210 211 policy_map.Set(policy::key::kExtensionInstallSources, 212 policy::POLICY_LEVEL_MANDATORY, 213 policy::POLICY_SCOPE_USER, 214 list.DeepCopy(), 215 NULL); 216 errors.Clear(); 217 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 218 EXPECT_TRUE(errors.empty()); 219 220 list.Append(new base::StringValue("http://*.google.com/*")); 221 policy_map.Set(policy::key::kExtensionInstallSources, 222 policy::POLICY_LEVEL_MANDATORY, 223 policy::POLICY_SCOPE_USER, 224 list.DeepCopy(), 225 NULL); 226 errors.Clear(); 227 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 228 EXPECT_TRUE(errors.empty()); 229 230 list.Append(new base::StringValue("<all_urls>")); 231 policy_map.Set(policy::key::kExtensionInstallSources, 232 policy::POLICY_LEVEL_MANDATORY, 233 policy::POLICY_SCOPE_USER, 234 list.DeepCopy(), 235 NULL); 236 errors.Clear(); 237 EXPECT_TRUE(handler.CheckPolicySettings(policy_map, &errors)); 238 EXPECT_TRUE(errors.empty()); 239 240 list.Append(new base::StringValue("invalid")); 241 policy_map.Set(policy::key::kExtensionInstallSources, 242 policy::POLICY_LEVEL_MANDATORY, 243 policy::POLICY_SCOPE_USER, 244 list.DeepCopy(), 245 NULL); 246 errors.Clear(); 247 EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors)); 248 EXPECT_FALSE(errors.empty()); 249 EXPECT_FALSE(errors.GetErrors(policy::key::kExtensionInstallSources).empty()); 250 251 // URLPattern syntax has a different way to express 'all urls'. Though '*' 252 // would be compatible today, it would be brittle, so we disallow. 253 list.Append(new base::StringValue("*")); 254 policy_map.Set(policy::key::kExtensionInstallSources, 255 policy::POLICY_LEVEL_MANDATORY, 256 policy::POLICY_SCOPE_USER, 257 list.DeepCopy(), 258 NULL); 259 errors.Clear(); 260 EXPECT_FALSE(handler.CheckPolicySettings(policy_map, &errors)); 261 EXPECT_FALSE(errors.empty()); 262 EXPECT_FALSE(errors.GetErrors(policy::key::kExtensionInstallSources).empty()); 263 } 264 265 TEST(ExtensionURLPatternListPolicyHandlerTest, ApplyPolicySettings) { 266 base::ListValue list; 267 policy::PolicyMap policy_map; 268 PrefValueMap prefs; 269 base::Value* value = NULL; 270 ExtensionURLPatternListPolicyHandler handler( 271 policy::key::kExtensionInstallSources, kTestPref); 272 273 list.Append(new base::StringValue("https://corp.monkey.net/*")); 274 policy_map.Set(policy::key::kExtensionInstallSources, 275 policy::POLICY_LEVEL_MANDATORY, 276 policy::POLICY_SCOPE_USER, 277 list.DeepCopy(), 278 NULL); 279 handler.ApplyPolicySettings(policy_map, &prefs); 280 ASSERT_TRUE(prefs.GetValue(kTestPref, &value)); 281 EXPECT_TRUE(base::Value::Equals(&list, value)); 282 } 283 284 } // namespace extensions 285
