1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/pickle.h"
8 #include "base/values.h"
9 #include "extensions/common/permissions/permissions_info.h"
10 #include "extensions/common/permissions/socket_permission.h"
11 #include "extensions/common/permissions/socket_permission_data.h"
12 #include "ipc/ipc_message.h"
13 #include "testing/gtest/include/gtest/gtest.h"
15 namespace extensions
{
19 using content::SocketPermissionRequest
;
21 void ParseTest(const std::string
& permission
,
22 const std::string
& expected_result
) {
23 SocketPermissionData data
;
24 ASSERT_TRUE(data
.ParseForTest(permission
)) << "Parse permission \""
25 << permission
<< "\" failed.";
26 EXPECT_EQ(expected_result
, data
.GetAsStringForTest());
29 TEST(SocketPermissionTest
, General
) {
30 SocketPermissionData data1
, data2
;
32 CHECK(data1
.ParseForTest("tcp-connect"));
33 CHECK(data2
.ParseForTest("tcp-connect"));
35 EXPECT_TRUE(data1
== data2
);
36 EXPECT_FALSE(data1
< data2
);
38 CHECK(data1
.ParseForTest("tcp-connect"));
39 CHECK(data2
.ParseForTest("tcp-connect:www.example.com"));
41 EXPECT_FALSE(data1
== data2
);
42 EXPECT_TRUE(data1
< data2
);
45 TEST(SocketPermissionTest
, Parse
) {
46 SocketPermissionData data
;
48 EXPECT_FALSE(data
.ParseForTest(std::string()));
49 EXPECT_FALSE(data
.ParseForTest("*"));
50 EXPECT_FALSE(data
.ParseForTest("\00\00*"));
51 EXPECT_FALSE(data
.ParseForTest("\01*"));
52 EXPECT_FALSE(data
.ParseForTest("tcp-connect:www.example.com:-1"));
53 EXPECT_FALSE(data
.ParseForTest("tcp-connect:www.example.com:65536"));
54 EXPECT_FALSE(data
.ParseForTest("tcp-connect:::"));
55 EXPECT_FALSE(data
.ParseForTest("tcp-connect::0"));
56 EXPECT_FALSE(data
.ParseForTest("tcp-connect: www.exmaple.com: 99 "));
57 EXPECT_FALSE(data
.ParseForTest("tcp-connect:*.exmaple.com :99"));
58 EXPECT_FALSE(data
.ParseForTest("tcp-connect:*.exmaple.com: 99"));
59 EXPECT_FALSE(data
.ParseForTest("tcp-connect:*.exmaple.com:99 "));
60 EXPECT_FALSE(data
.ParseForTest("tcp-connect:\t*.exmaple.com:99"));
61 EXPECT_FALSE(data
.ParseForTest("tcp-connect:\n*.exmaple.com:99"));
62 EXPECT_FALSE(data
.ParseForTest("resolve-host:exmaple.com:99"));
63 EXPECT_FALSE(data
.ParseForTest("resolve-host:127.0.0.1"));
64 EXPECT_FALSE(data
.ParseForTest("resolve-host:"));
65 EXPECT_FALSE(data
.ParseForTest("resolve-proxy:exmaple.com:99"));
66 EXPECT_FALSE(data
.ParseForTest("resolve-proxy:exmaple.com"));
68 ParseTest("tcp-connect", "tcp-connect:*:*");
69 ParseTest("tcp-listen", "tcp-listen:*:*");
70 ParseTest("udp-bind", "udp-bind:*:*");
71 ParseTest("udp-send-to", "udp-send-to:*:*");
72 ParseTest("resolve-host", "resolve-host");
73 ParseTest("resolve-proxy", "resolve-proxy");
75 ParseTest("tcp-connect:", "tcp-connect:*:*");
76 ParseTest("tcp-listen:", "tcp-listen:*:*");
77 ParseTest("udp-bind:", "udp-bind:*:*");
78 ParseTest("udp-send-to:", "udp-send-to:*:*");
80 ParseTest("tcp-connect::", "tcp-connect:*:*");
81 ParseTest("tcp-listen::", "tcp-listen:*:*");
82 ParseTest("udp-bind::", "udp-bind:*:*");
83 ParseTest("udp-send-to::", "udp-send-to:*:*");
85 ParseTest("tcp-connect:*", "tcp-connect:*:*");
86 ParseTest("tcp-listen:*", "tcp-listen:*:*");
87 ParseTest("udp-bind:*", "udp-bind:*:*");
88 ParseTest("udp-send-to:*", "udp-send-to:*:*");
90 ParseTest("tcp-connect:*:", "tcp-connect:*:*");
91 ParseTest("tcp-listen:*:", "tcp-listen:*:*");
92 ParseTest("udp-bind:*:", "udp-bind:*:*");
93 ParseTest("udp-send-to:*:", "udp-send-to:*:*");
95 ParseTest("tcp-connect::*", "tcp-connect:*:*");
96 ParseTest("tcp-listen::*", "tcp-listen:*:*");
97 ParseTest("udp-bind::*", "udp-bind:*:*");
98 ParseTest("udp-send-to::*", "udp-send-to:*:*");
100 ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");
101 ParseTest("tcp-listen:www.example.com", "tcp-listen:www.example.com:*");
102 ParseTest("udp-bind:www.example.com", "udp-bind:www.example.com:*");
103 ParseTest("udp-send-to:www.example.com", "udp-send-to:www.example.com:*");
104 ParseTest("udp-send-to:wWW.ExAmPlE.cOm", "udp-send-to:www.example.com:*");
106 ParseTest("tcp-connect:.example.com", "tcp-connect:*.example.com:*");
107 ParseTest("tcp-listen:.example.com", "tcp-listen:*.example.com:*");
108 ParseTest("udp-bind:.example.com", "udp-bind:*.example.com:*");
109 ParseTest("udp-send-to:.example.com", "udp-send-to:*.example.com:*");
111 ParseTest("tcp-connect:*.example.com", "tcp-connect:*.example.com:*");
112 ParseTest("tcp-listen:*.example.com", "tcp-listen:*.example.com:*");
113 ParseTest("udp-bind:*.example.com", "udp-bind:*.example.com:*");
114 ParseTest("udp-send-to:*.example.com", "udp-send-to:*.example.com:*");
116 ParseTest("tcp-connect::99", "tcp-connect:*:99");
117 ParseTest("tcp-listen::99", "tcp-listen:*:99");
118 ParseTest("udp-bind::99", "udp-bind:*:99");
119 ParseTest("udp-send-to::99", "udp-send-to:*:99");
121 ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");
123 ParseTest("tcp-connect:*.example.com:99", "tcp-connect:*.example.com:99");
126 TEST(SocketPermissionTest
, Match
) {
127 SocketPermissionData data
;
128 scoped_ptr
<SocketPermission::CheckParam
> param
;
130 CHECK(data
.ParseForTest("tcp-connect"));
131 param
.reset(new SocketPermission::CheckParam(
132 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
133 EXPECT_TRUE(data
.Check(param
.get()));
134 param
.reset(new SocketPermission::CheckParam(
135 SocketPermissionRequest::UDP_SEND_TO
, "www.example.com", 80));
136 EXPECT_FALSE(data
.Check(param
.get()));
138 CHECK(data
.ParseForTest("udp-send-to::8800"));
139 param
.reset(new SocketPermission::CheckParam(
140 SocketPermissionRequest::UDP_SEND_TO
, "www.example.com", 8800));
141 EXPECT_TRUE(data
.Check(param
.get()));
142 param
.reset(new SocketPermission::CheckParam(
143 SocketPermissionRequest::UDP_SEND_TO
, "smtp.example.com", 8800));
144 EXPECT_TRUE(data
.Check(param
.get()));
145 param
.reset(new SocketPermission::CheckParam(
146 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
147 EXPECT_FALSE(data
.Check(param
.get()));
149 CHECK(data
.ParseForTest("udp-send-to:*.example.com:8800"));
150 param
.reset(new SocketPermission::CheckParam(
151 SocketPermissionRequest::UDP_SEND_TO
, "www.example.com", 8800));
152 EXPECT_TRUE(data
.Check(param
.get()));
153 param
.reset(new SocketPermission::CheckParam(
154 SocketPermissionRequest::UDP_SEND_TO
, "smtp.example.com", 8800));
155 EXPECT_TRUE(data
.Check(param
.get()));
156 param
.reset(new SocketPermission::CheckParam(
157 SocketPermissionRequest::UDP_SEND_TO
, "SMTP.example.com", 8800));
158 EXPECT_TRUE(data
.Check(param
.get()));
159 param
.reset(new SocketPermission::CheckParam(
160 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
161 EXPECT_FALSE(data
.Check(param
.get()));
162 param
.reset(new SocketPermission::CheckParam(
163 SocketPermissionRequest::UDP_SEND_TO
, "www.google.com", 8800));
164 EXPECT_FALSE(data
.Check(param
.get()));
165 param
.reset(new SocketPermission::CheckParam(
166 SocketPermissionRequest::UDP_SEND_TO
, "wwwexample.com", 8800));
167 EXPECT_FALSE(data
.Check(param
.get()));
169 CHECK(data
.ParseForTest("udp-send-to:*.ExAmPlE.cOm:8800"));
170 param
.reset(new SocketPermission::CheckParam(
171 SocketPermissionRequest::UDP_SEND_TO
, "www.example.com", 8800));
172 EXPECT_TRUE(data
.Check(param
.get()));
173 param
.reset(new SocketPermission::CheckParam(
174 SocketPermissionRequest::UDP_SEND_TO
, "smtp.example.com", 8800));
175 EXPECT_TRUE(data
.Check(param
.get()));
176 param
.reset(new SocketPermission::CheckParam(
177 SocketPermissionRequest::UDP_SEND_TO
, "SMTP.example.com", 8800));
178 EXPECT_TRUE(data
.Check(param
.get()));
179 param
.reset(new SocketPermission::CheckParam(
180 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
181 EXPECT_FALSE(data
.Check(param
.get()));
182 param
.reset(new SocketPermission::CheckParam(
183 SocketPermissionRequest::UDP_SEND_TO
, "www.google.com", 8800));
184 EXPECT_FALSE(data
.Check(param
.get()));
186 ASSERT_TRUE(data
.ParseForTest("udp-bind::8800"));
187 param
.reset(new SocketPermission::CheckParam(
188 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8800));
189 EXPECT_TRUE(data
.Check(param
.get()));
190 param
.reset(new SocketPermission::CheckParam(
191 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8888));
192 EXPECT_FALSE(data
.Check(param
.get()));
193 param
.reset(new SocketPermission::CheckParam(
194 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
195 EXPECT_FALSE(data
.Check(param
.get()));
196 param
.reset(new SocketPermission::CheckParam(
197 SocketPermissionRequest::UDP_SEND_TO
, "www.google.com", 8800));
198 EXPECT_FALSE(data
.Check(param
.get()));
200 // Do not wildcard part of ip address.
201 ASSERT_TRUE(data
.ParseForTest("tcp-connect:*.168.0.1:8800"));
202 param
.reset(new SocketPermission::CheckParam(
203 SocketPermissionRequest::TCP_CONNECT
, "192.168.0.1", 8800));
204 EXPECT_FALSE(data
.Check(param
.get()));
206 ASSERT_FALSE(data
.ParseForTest("udp-multicast-membership:*"));
207 ASSERT_FALSE(data
.ParseForTest("udp-multicast-membership:*:*"));
208 ASSERT_TRUE(data
.ParseForTest("udp-multicast-membership"));
209 param
.reset(new SocketPermission::CheckParam(
210 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8800));
211 EXPECT_FALSE(data
.Check(param
.get()));
212 param
.reset(new SocketPermission::CheckParam(
213 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8888));
214 EXPECT_FALSE(data
.Check(param
.get()));
215 param
.reset(new SocketPermission::CheckParam(
216 SocketPermissionRequest::TCP_CONNECT
, "www.example.com", 80));
217 EXPECT_FALSE(data
.Check(param
.get()));
218 param
.reset(new SocketPermission::CheckParam(
219 SocketPermissionRequest::UDP_SEND_TO
, "www.google.com", 8800));
220 EXPECT_FALSE(data
.Check(param
.get()));
221 param
.reset(new SocketPermission::CheckParam(
222 SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP
, "127.0.0.1", 35));
223 EXPECT_TRUE(data
.Check(param
.get()));
225 ASSERT_TRUE(data
.ParseForTest("resolve-host"));
226 param
.reset(new SocketPermission::CheckParam(
227 SocketPermissionRequest::RESOLVE_HOST
, "www.example.com", 80));
228 EXPECT_TRUE(data
.Check(param
.get()));
229 param
.reset(new SocketPermission::CheckParam(
230 SocketPermissionRequest::RESOLVE_HOST
, "www.example.com", 8080));
231 EXPECT_TRUE(data
.Check(param
.get()));
232 param
.reset(new SocketPermission::CheckParam(
233 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8800));
234 EXPECT_FALSE(data
.Check(param
.get()));
235 param
.reset(new SocketPermission::CheckParam(
236 SocketPermissionRequest::TCP_CONNECT
, "127.0.0.1", 8800));
237 EXPECT_FALSE(data
.Check(param
.get()));
239 ASSERT_TRUE(data
.ParseForTest("resolve-proxy"));
240 param
.reset(new SocketPermission::CheckParam(
241 SocketPermissionRequest::RESOLVE_PROXY
, "www.example.com", 80));
242 EXPECT_TRUE(data
.Check(param
.get()));
243 param
.reset(new SocketPermission::CheckParam(
244 SocketPermissionRequest::RESOLVE_PROXY
, "www.example.com", 8080));
245 EXPECT_TRUE(data
.Check(param
.get()));
246 param
.reset(new SocketPermission::CheckParam(
247 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8800));
248 EXPECT_FALSE(data
.Check(param
.get()));
249 param
.reset(new SocketPermission::CheckParam(
250 SocketPermissionRequest::TCP_CONNECT
, "127.0.0.1", 8800));
251 EXPECT_FALSE(data
.Check(param
.get()));
253 ASSERT_TRUE(data
.ParseForTest("network-state"));
254 param
.reset(new SocketPermission::CheckParam(
255 SocketPermissionRequest::NETWORK_STATE
, std::string(), 0));
256 EXPECT_TRUE(data
.Check(param
.get()));
257 param
.reset(new SocketPermission::CheckParam(
258 SocketPermissionRequest::UDP_BIND
, "127.0.0.1", 8800));
259 EXPECT_FALSE(data
.Check(param
.get()));
260 param
.reset(new SocketPermission::CheckParam(
261 SocketPermissionRequest::TCP_CONNECT
, "127.0.0.1", 8800));
262 EXPECT_FALSE(data
.Check(param
.get()));
265 TEST(SocketPermissionTest
, IPC
) {
266 const APIPermissionInfo
* permission_info
=
267 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket
);
272 scoped_ptr
<APIPermission
> permission1(
273 permission_info
->CreateAPIPermission());
274 scoped_ptr
<APIPermission
> permission2(
275 permission_info
->CreateAPIPermission());
277 permission1
->Write(&m
);
278 PickleIterator
iter(m
);
279 permission2
->Read(&m
, &iter
);
281 EXPECT_TRUE(permission1
->Equal(permission2
.get()));
287 scoped_ptr
<APIPermission
> permission1(
288 permission_info
->CreateAPIPermission());
289 scoped_ptr
<APIPermission
> permission2(
290 permission_info
->CreateAPIPermission());
292 scoped_ptr
<base::ListValue
> value(new base::ListValue());
293 value
->AppendString("tcp-connect:*.example.com:80");
294 value
->AppendString("udp-bind::8080");
295 value
->AppendString("udp-send-to::8888");
296 ASSERT_TRUE(permission1
->FromValue(value
.get(), NULL
, NULL
));
298 EXPECT_FALSE(permission1
->Equal(permission2
.get()));
300 permission1
->Write(&m
);
301 PickleIterator
iter(m
);
302 permission2
->Read(&m
, &iter
);
303 EXPECT_TRUE(permission1
->Equal(permission2
.get()));
307 TEST(SocketPermissionTest
, Value
) {
308 const APIPermissionInfo
* permission_info
=
309 PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket
);
311 scoped_ptr
<APIPermission
> permission1(permission_info
->CreateAPIPermission());
312 scoped_ptr
<APIPermission
> permission2(permission_info
->CreateAPIPermission());
314 scoped_ptr
<base::ListValue
> value(new base::ListValue());
315 value
->AppendString("tcp-connect:*.example.com:80");
316 value
->AppendString("udp-bind::8080");
317 value
->AppendString("udp-send-to::8888");
318 ASSERT_TRUE(permission1
->FromValue(value
.get(), NULL
, NULL
));
320 EXPECT_FALSE(permission1
->Equal(permission2
.get()));
322 scoped_ptr
<base::Value
> vtmp(permission1
->ToValue());
324 ASSERT_TRUE(permission2
->FromValue(vtmp
.get(), NULL
, NULL
));
325 EXPECT_TRUE(permission1
->Equal(permission2
.get()));
330 } // namespace extensions
