search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Connect PPAPI IPC channels for non-SFI mode.
[chromium-blink-merge.git] / extensions / common / permissions / permissions_data_unittest.cc
blobfda57f9dae61c0e5deb365577adefde103ab4bac
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <vector>
6
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/chrome_version_info.h"
12 #include "chrome/common/extensions/extension_test_util.h"
13 #include "chrome/common/extensions/features/feature_channel.h"
14 #include "chrome/common/extensions/permissions/socket_permission.h"
15 #include "content/public/common/socket_permission_request.h"
16 #include "extensions/common/error_utils.h"
17 #include "extensions/common/extension.h"
18 #include "extensions/common/id_util.h"
19 #include "extensions/common/manifest_constants.h"
20 #include "extensions/common/permissions/api_permission.h"
21 #include "extensions/common/permissions/permission_set.h"
22 #include "extensions/common/permissions/permissions_data.h"
23 #include "extensions/common/switches.h"
24 #include "extensions/common/url_pattern_set.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 using base::UTF16ToUTF8;
28 using content::SocketPermissionRequest;
29 using extension_test_util::LoadManifest;
30 using extension_test_util::LoadManifestUnchecked;
31 using extension_test_util::LoadManifestStrict;
32
33 namespace extensions {
34
35 namespace {
36
37 bool CheckSocketPermission(
38 scoped_refptr<Extension> extension,
39 SocketPermissionRequest::OperationType type,
40 const char* host,
41 int port) {
42 SocketPermission::CheckParam param(type, host, port);
43 return PermissionsData::CheckAPIPermissionWithParam(
44 extension.get(), APIPermission::kSocket, &param);
45 }
46
47 } // namespace
48
49 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
50 scoped_refptr<Extension> extension;
51 URLPatternSet hosts;
52
53 extension = LoadManifest("effective_host_permissions", "empty.json");
54 EXPECT_EQ(0u,
55 PermissionsData::GetEffectiveHostPermissions(extension.get())
56 .patterns().size());
57 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
58 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
59
60 extension = LoadManifest("effective_host_permissions", "one_host.json");
61 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
62 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
63 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
64 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
65
66 extension = LoadManifest("effective_host_permissions",
67 "one_host_wildcard.json");
68 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
69 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
70 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
71 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
72
73 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
74 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
75 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
76 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
77 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
78
79 extension = LoadManifest("effective_host_permissions",
80 "https_not_considered.json");
81 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
82 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
83 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
84 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
85
86 extension = LoadManifest("effective_host_permissions",
87 "two_content_scripts.json");
88 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
89 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
90 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
91 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
92 GURL("http://www.reddit.com")));
93 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
94 EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
95 GURL("http://news.ycombinator.com")));
96 EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
97
98 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
99 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
100 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
101 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
102 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
103 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
104
105 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
106 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
107 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
108 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
109 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
110
111 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
112 hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
113 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
114 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
115 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
116 EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
117 }
118
119 TEST(ExtensionPermissionsTest, SocketPermissions) {
120 // Set feature current channel to appropriate value.
121 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV);
122 scoped_refptr<Extension> extension;
123 std::string error;
124
125 extension = LoadManifest("socket_permissions", "empty.json");
126 EXPECT_FALSE(CheckSocketPermission(extension,
127 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
128
129 extension = LoadManifestUnchecked("socket_permissions",
130 "socket1.json",
131 Manifest::INTERNAL, Extension::NO_FLAGS,
132 &error);
133 EXPECT_TRUE(extension.get() == NULL);
134 std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage(
135 manifest_errors::kInvalidPermissionWithDetail,
136 "socket",
137 "NULL or empty permission list");
138 EXPECT_EQ(expected_error_msg_header, error);
139
140 extension = LoadManifest("socket_permissions", "socket2.json");
141 EXPECT_TRUE(CheckSocketPermission(extension,
142 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
143 EXPECT_FALSE(CheckSocketPermission(
144 extension, SocketPermissionRequest::UDP_BIND, "", 80));
145 EXPECT_TRUE(CheckSocketPermission(
146 extension, SocketPermissionRequest::UDP_BIND, "", 8888));
147
148 EXPECT_FALSE(CheckSocketPermission(
149 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
150 EXPECT_TRUE(CheckSocketPermission(
151 extension,
152 SocketPermissionRequest::UDP_SEND_TO,
153 "239.255.255.250", 1900));
154 }
155
156 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
157 scoped_refptr<Extension> extension;
158 extension = LoadManifest("permissions", "many-apis.json");
159 std::vector<base::string16> warnings =
160 PermissionsData::GetPermissionMessageStrings(extension.get());
161 ASSERT_EQ(6u, warnings.size());
162 EXPECT_EQ("Access your data on api.flickr.com",
163 UTF16ToUTF8(warnings[0]));
164 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1]));
165 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
166 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3]));
167 EXPECT_EQ("Access your tabs and browsing activity", UTF16ToUTF8(warnings[4]));
168 EXPECT_EQ("Manage your apps, extensions, and themes",
169 UTF16ToUTF8(warnings[5]));
170 }
171
172 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) {
173 scoped_refptr<Extension> extension;
174 extension = LoadManifest("permissions", "more-than-3-hosts.json");
175 std::vector<base::string16> warnings =
176 PermissionsData::GetPermissionMessageStrings(extension.get());
177 std::vector<base::string16> warnings_details =
178 PermissionsData::GetPermissionMessageDetailsStrings(extension.get());
179 ASSERT_EQ(1u, warnings.size());
180 ASSERT_EQ(1u, warnings_details.size());
181 EXPECT_EQ("Access your data on 5 websites", UTF16ToUTF8(warnings[0]));
182 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com",
183 UTF16ToUTF8(warnings_details[0]));
184 }
185
186 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) {
187 scoped_refptr<Extension> extension;
188 extension = LoadManifest("permissions",
189 "location-api.json",
190 Manifest::COMPONENT,
191 Extension::NO_FLAGS);
192 std::vector<base::string16> warnings =
193 PermissionsData::GetPermissionMessageStrings(extension.get());
194 ASSERT_EQ(1u, warnings.size());
195 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
196 }
197
198 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) {
199 scoped_refptr<Extension> extension;
200 extension = LoadManifest("permissions", "many-hosts.json");
201 std::vector<base::string16> warnings =
202 PermissionsData::GetPermissionMessageStrings(extension.get());
203 ASSERT_EQ(1u, warnings.size());
204 EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
205 UTF16ToUTF8(warnings[0]));
206 }
207
208 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
209 scoped_refptr<Extension> extension;
210 extension = LoadManifest("permissions", "plugins.json");
211 std::vector<base::string16> warnings =
212 PermissionsData::GetPermissionMessageStrings(extension.get());
213 // We don't parse the plugins key on Chrome OS, so it should not ask for any
214 // permissions.
215 #if defined(OS_CHROMEOS)
216 ASSERT_EQ(0u, warnings.size());
217 #else
218 ASSERT_EQ(1u, warnings.size());
219 EXPECT_EQ("Access all data on your computer and the websites you visit",
220 UTF16ToUTF8(warnings[0]));
221 #endif
222 }
223
224 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
225 // methods of Extension for extensions with various permissions.
226 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
227 protected:
228 ExtensionScriptAndCaptureVisibleTest()
229 : http_url("http://www.google.com"),
230 http_url_with_path("http://www.google.com/index.html"),
231 https_url("https://www.google.com"),
232 file_url("file:///foo/bar"),
233 favicon_url("chrome://favicon/http://www.google.com"),
234 extension_url("chrome-extension://" +
235 id_util::GenerateIdForPath(
236 base::FilePath(FILE_PATH_LITERAL("foo")))),
237 settings_url("chrome://settings"),
238 about_url("about:flags") {
239 urls_.insert(http_url);
240 urls_.insert(http_url_with_path);
241 urls_.insert(https_url);
242 urls_.insert(file_url);
243 urls_.insert(favicon_url);
244 urls_.insert(extension_url);
245 urls_.insert(settings_url);
246 urls_.insert(about_url);
247 // Ignore the policy delegate for this test.
248 PermissionsData::SetPolicyDelegate(NULL);
249 }
250
251 bool AllowedScript(const Extension* extension, const GURL& url,
252 const GURL& top_url) {
253 return AllowedScript(extension, url, top_url, -1);
254 }
255
256 bool AllowedScript(const Extension* extension, const GURL& url,
257 const GURL& top_url, int tab_id) {
258 return PermissionsData::CanExecuteScriptOnPage(
259 extension, url, top_url, tab_id, NULL, -1, NULL);
260 }
261
262 bool BlockedScript(const Extension* extension, const GURL& url,
263 const GURL& top_url) {
264 return !PermissionsData::CanExecuteScriptOnPage(
265 extension, url, top_url, -1, NULL, -1, NULL);
266 }
267
268 bool Allowed(const Extension* extension, const GURL& url) {
269 return Allowed(extension, url, -1);
270 }
271
272 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
273 return (PermissionsData::CanExecuteScriptOnPage(
274 extension, url, url, tab_id, NULL, -1, NULL) &&
275 PermissionsData::CanCaptureVisiblePage(
276 extension, tab_id, NULL));
277 }
278
279 bool CaptureOnly(const Extension* extension, const GURL& url) {
280 return CaptureOnly(extension, url, -1);
281 }
282
283 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
284 return !PermissionsData::CanExecuteScriptOnPage(
285 extension, url, url, tab_id, NULL, -1, NULL) &&
286 PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL);
287 }
288
289 bool ScriptOnly(const Extension* extension, const GURL& url,
290 const GURL& top_url) {
291 return ScriptOnly(extension, url, top_url, -1);
292 }
293
294 bool ScriptOnly(const Extension* extension, const GURL& url,
295 const GURL& top_url, int tab_id) {
296 return AllowedScript(extension, url, top_url, tab_id) &&
297 !PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL);
298 }
299
300 bool Blocked(const Extension* extension, const GURL& url) {
301 return Blocked(extension, url, -1);
302 }
303
304 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
305 return !(PermissionsData::CanExecuteScriptOnPage(
306 extension, url, url, tab_id, NULL, -1, NULL) ||
307 PermissionsData::CanCaptureVisiblePage(
308 extension, tab_id, NULL));
309 }
310
311 bool ScriptAllowedExclusivelyOnTab(
312 const Extension* extension,
313 const std::set<GURL>& allowed_urls,
314 int tab_id) {
315 bool result = true;
316 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
317 const GURL& url = *it;
318 if (allowed_urls.count(url))
319 result &= AllowedScript(extension, url, url, tab_id);
320 else
321 result &= Blocked(extension, url, tab_id);
322 }
323 return result;
324 }
325
326 // URLs that are "safe" to provide scripting and capture visible tab access
327 // to if the permissions allow it.
328 const GURL http_url;
329 const GURL http_url_with_path;
330 const GURL https_url;
331 const GURL file_url;
332
333 // We should allow host permission but not scripting permission for favicon
334 // urls.
335 const GURL favicon_url;
336
337 // URLs that regular extensions should never get access to.
338 const GURL extension_url;
339 const GURL settings_url;
340 const GURL about_url;
341
342 private:
343 // The set of all URLs above.
344 std::set<GURL> urls_;
345 };
346
347 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
348 // Test <all_urls> for regular extensions.
349 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
350 "extension_regular_all.json");
351
352 EXPECT_TRUE(Allowed(extension.get(), http_url));
353 EXPECT_TRUE(Allowed(extension.get(), https_url));
354 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
355 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
356 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
357 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
358 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
359
360 // Test access to iframed content.
361 GURL within_extension_url = extension->GetResourceURL("page.html");
362 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
363 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
364 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
365 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
366 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
367 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
368
369 EXPECT_FALSE(
370 PermissionsData::HasHostPermission(extension.get(), settings_url));
371 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
372 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
373
374 // Test * for scheme, which implies just the http/https schemes.
375 extension = LoadManifestStrict("script_and_capture",
376 "extension_wildcard.json");
377 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
378 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
379 EXPECT_TRUE(Blocked(extension.get(), settings_url));
380 EXPECT_TRUE(Blocked(extension.get(), about_url));
381 EXPECT_TRUE(Blocked(extension.get(), file_url));
382 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
383 extension =
384 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
385 EXPECT_TRUE(Blocked(extension.get(), settings_url));
386
387 // Having chrome://*/ should not work for regular extensions. Note that
388 // for favicon access, we require the explicit pattern chrome://favicon/*.
389 std::string error;
390 extension = LoadManifestUnchecked("script_and_capture",
391 "extension_wildcard_chrome.json",
392 Manifest::INTERNAL, Extension::NO_FLAGS,
393 &error);
394 std::vector<InstallWarning> warnings = extension->install_warnings();
395 EXPECT_FALSE(warnings.empty());
396 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
397 manifest_errors::kInvalidPermissionScheme,
398 "chrome://*/"),
399 warnings[0].message);
400 EXPECT_TRUE(Blocked(extension.get(), settings_url));
401 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
402 EXPECT_TRUE(Blocked(extension.get(), about_url));
403
404 // Having chrome://favicon/* should not give you chrome://*
405 extension = LoadManifestStrict("script_and_capture",
406 "extension_chrome_favicon_wildcard.json");
407 EXPECT_TRUE(Blocked(extension.get(), settings_url));
408 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
409 EXPECT_TRUE(Blocked(extension.get(), about_url));
410 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
411
412 // Having http://favicon should not give you chrome://favicon
413 extension = LoadManifestStrict("script_and_capture",
414 "extension_http_favicon.json");
415 EXPECT_TRUE(Blocked(extension.get(), settings_url));
416 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
417
418 // Component extensions with <all_urls> should get everything.
419 extension = LoadManifest("script_and_capture", "extension_component_all.json",
420 Manifest::COMPONENT, Extension::NO_FLAGS);
421 EXPECT_TRUE(Allowed(extension.get(), http_url));
422 EXPECT_TRUE(Allowed(extension.get(), https_url));
423 EXPECT_TRUE(Allowed(extension.get(), settings_url));
424 EXPECT_TRUE(Allowed(extension.get(), about_url));
425 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
426 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
427
428 // Component extensions should only get access to what they ask for.
429 extension = LoadManifest("script_and_capture",
430 "extension_component_google.json", Manifest::COMPONENT,
431 Extension::NO_FLAGS);
432 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
433 EXPECT_TRUE(Blocked(extension.get(), https_url));
434 EXPECT_TRUE(Blocked(extension.get(), file_url));
435 EXPECT_TRUE(Blocked(extension.get(), settings_url));
436 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
437 EXPECT_TRUE(Blocked(extension.get(), about_url));
438 EXPECT_TRUE(Blocked(extension.get(), extension_url));
439 EXPECT_FALSE(
440 PermissionsData::HasHostPermission(extension.get(), settings_url));
441 }
442
443 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
444 CommandLine::ForCurrentProcess()->AppendSwitch(
445 switches::kExtensionsOnChromeURLs);
446
447 scoped_refptr<Extension> extension;
448
449 // Test <all_urls> for regular extensions.
450 extension = LoadManifestStrict("script_and_capture",
451 "extension_regular_all.json");
452 EXPECT_TRUE(Allowed(extension.get(), http_url));
453 EXPECT_TRUE(Allowed(extension.get(), https_url));
454 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
455 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
456 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
457 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
458 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
459
460 // Test access to iframed content.
461 GURL within_extension_url = extension->GetResourceURL("page.html");
462 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
463 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
464 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
465 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
466 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
467 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
468
469 EXPECT_FALSE(
470 PermissionsData::HasHostPermission(extension.get(), settings_url));
471 EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
472 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
473
474 // Test * for scheme, which implies just the http/https schemes.
475 extension = LoadManifestStrict("script_and_capture",
476 "extension_wildcard.json");
477 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
478 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
479 EXPECT_TRUE(Blocked(extension.get(), settings_url));
480 EXPECT_TRUE(Blocked(extension.get(), about_url));
481 EXPECT_TRUE(Blocked(extension.get(), file_url));
482 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
483 extension =
484 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
485 EXPECT_TRUE(Blocked(extension.get(), settings_url));
486
487 // Having chrome://*/ should work for regular extensions with the flag
488 // enabled.
489 std::string error;
490 extension = LoadManifestUnchecked("script_and_capture",
491 "extension_wildcard_chrome.json",
492 Manifest::INTERNAL, Extension::NO_FLAGS,
493 &error);
494 EXPECT_FALSE(extension.get() == NULL);
495 EXPECT_TRUE(Blocked(extension.get(), http_url));
496 EXPECT_TRUE(Blocked(extension.get(), https_url));
497 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url));
498 EXPECT_TRUE(Blocked(extension.get(), about_url));
499 EXPECT_TRUE(Blocked(extension.get(), file_url));
500 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
501
502 // Having chrome://favicon/* should not give you chrome://*
503 extension = LoadManifestStrict("script_and_capture",
504 "extension_chrome_favicon_wildcard.json");
505 EXPECT_TRUE(Blocked(extension.get(), settings_url));
506 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
507 EXPECT_TRUE(Blocked(extension.get(), about_url));
508 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
509
510 // Having http://favicon should not give you chrome://favicon
511 extension = LoadManifestStrict("script_and_capture",
512 "extension_http_favicon.json");
513 EXPECT_TRUE(Blocked(extension.get(), settings_url));
514 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
515
516 // Component extensions with <all_urls> should get everything.
517 extension = LoadManifest("script_and_capture", "extension_component_all.json",
518 Manifest::COMPONENT, Extension::NO_FLAGS);
519 EXPECT_TRUE(Allowed(extension.get(), http_url));
520 EXPECT_TRUE(Allowed(extension.get(), https_url));
521 EXPECT_TRUE(Allowed(extension.get(), settings_url));
522 EXPECT_TRUE(Allowed(extension.get(), about_url));
523 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
524 EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
525
526 // Component extensions should only get access to what they ask for.
527 extension = LoadManifest("script_and_capture",
528 "extension_component_google.json", Manifest::COMPONENT,
529 Extension::NO_FLAGS);
530 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
531 EXPECT_TRUE(Blocked(extension.get(), https_url));
532 EXPECT_TRUE(Blocked(extension.get(), file_url));
533 EXPECT_TRUE(Blocked(extension.get(), settings_url));
534 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
535 EXPECT_TRUE(Blocked(extension.get(), about_url));
536 EXPECT_TRUE(Blocked(extension.get(), extension_url));
537 EXPECT_FALSE(
538 PermissionsData::HasHostPermission(extension.get(), settings_url));
539 }
540
541 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
542 scoped_refptr<Extension> extension =
543 LoadManifestStrict("script_and_capture", "tab_specific.json");
544
545 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
546 .get());
547 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
548 .get());
549 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2)
550 .get());
551
552 std::set<GURL> no_urls;
553
554 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
555 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
556 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
557
558 URLPatternSet allowed_hosts;
559 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
560 http_url.spec()));
561 std::set<GURL> allowed_urls;
562 allowed_urls.insert(http_url);
563 // http_url_with_path() will also be allowed, because Extension should be
564 // considering the security origin of the URL not the URL itself, and
565 // http_url is in allowed_hosts.
566 allowed_urls.insert(http_url_with_path);
567
568 {
569 scoped_refptr<PermissionSet> permissions(
570 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
571 allowed_hosts, URLPatternSet()));
572 PermissionsData::UpdateTabSpecificPermissions(
573 extension.get(), 0, permissions);
574 EXPECT_EQ(permissions->explicit_hosts(),
575 PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
576 ->explicit_hosts());
577 }
578
579 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
580 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
581 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
582
583 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
584 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
585 .get());
586
587 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
588 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
589 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
590
591 std::set<GURL> more_allowed_urls = allowed_urls;
592 more_allowed_urls.insert(https_url);
593 URLPatternSet more_allowed_hosts = allowed_hosts;
594 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
595 https_url.spec()));
596
597 {
598 scoped_refptr<PermissionSet> permissions(
599 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
600 allowed_hosts, URLPatternSet()));
601 PermissionsData::UpdateTabSpecificPermissions(
602 extension.get(), 0, permissions);
603 EXPECT_EQ(permissions->explicit_hosts(),
604 PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
605 ->explicit_hosts());
606
607 permissions = new PermissionSet(APIPermissionSet(),
608 ManifestPermissionSet(),
609 more_allowed_hosts,
610 URLPatternSet());
611 PermissionsData::UpdateTabSpecificPermissions(
612 extension.get(), 1, permissions);
613 EXPECT_EQ(permissions->explicit_hosts(),
614 PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
615 ->explicit_hosts());
616 }
617
618 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
619 EXPECT_TRUE(
620 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
621 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
622
623 PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
624 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
625 .get());
626
627 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
628 EXPECT_TRUE(
629 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
630 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
631
632 PermissionsData::ClearTabSpecificPermissions(extension.get(), 1);
633 EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
634 .get());
635
636 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
637 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
638 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
639 }
640
641 } // namespace extensions