search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make USB permissions work in the new permission message system
[chromium-blink-merge.git] / content / browser / renderer_host / render_view_host_unittest.cc
blob4690c82653357bdcb2fe2cf4024994a5af2bda95
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/path_service.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "content/browser/child_process_security_policy_impl.h"
8 #include "content/browser/frame_host/render_frame_host_impl.h"
9 #include "content/browser/renderer_host/render_message_filter.h"
10 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
11 #include "content/browser/renderer_host/render_widget_helper.h"
12 #include "content/common/frame_messages.h"
13 #include "content/common/input_messages.h"
14 #include "content/common/view_messages.h"
15 #include "content/public/browser/browser_context.h"
16 #include "content/public/browser/navigation_entry.h"
17 #include "content/public/common/bindings_policy.h"
18 #include "content/public/common/drop_data.h"
19 #include "content/public/common/url_constants.h"
20 #include "content/public/test/mock_render_process_host.h"
21 #include "content/test/test_content_browser_client.h"
22 #include "content/test/test_render_view_host.h"
23 #include "content/test/test_web_contents.h"
24 #include "net/base/filename_util.h"
25 #include "third_party/WebKit/public/web/WebDragOperation.h"
26 #include "ui/base/page_transition_types.h"
27
28 namespace content {
29
30 class RenderViewHostTestBrowserClient : public TestContentBrowserClient {
31 public:
32 RenderViewHostTestBrowserClient() {}
33 ~RenderViewHostTestBrowserClient() override {}
34
35 bool IsHandledURL(const GURL& url) override {
36 return url.scheme() == url::kFileScheme;
37 }
38
39 private:
40 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTestBrowserClient);
41 };
42
43 class RenderViewHostTest : public RenderViewHostImplTestHarness {
44 public:
45 RenderViewHostTest() : old_browser_client_(NULL) {}
46 ~RenderViewHostTest() override {}
47
48 void SetUp() override {
49 RenderViewHostImplTestHarness::SetUp();
50 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
51 }
52
53 void TearDown() override {
54 SetBrowserClientForTesting(old_browser_client_);
55 RenderViewHostImplTestHarness::TearDown();
56 }
57
58 private:
59 RenderViewHostTestBrowserClient test_browser_client_;
60 ContentBrowserClient* old_browser_client_;
61
62 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTest);
63 };
64
65 // All about URLs reported by the renderer should get rewritten to about:blank.
66 // See RenderViewHost::OnNavigate for a discussion.
67 TEST_F(RenderViewHostTest, FilterAbout) {
68 main_test_rfh()->NavigateAndCommitRendererInitiated(
69 1, true, GURL("about:cache"));
70 ASSERT_TRUE(controller().GetVisibleEntry());
71 EXPECT_EQ(GURL(url::kAboutBlankURL),
72 controller().GetVisibleEntry()->GetURL());
73 }
74
75 // Create a full screen popup RenderWidgetHost and View.
76 TEST_F(RenderViewHostTest, CreateFullscreenWidget) {
77 int routing_id = process()->GetNextRoutingID();
78 test_rvh()->CreateNewFullscreenWidget(routing_id);
79 }
80
81 // Ensure we do not grant bindings to a process shared with unprivileged views.
82 TEST_F(RenderViewHostTest, DontGrantBindingsToSharedProcess) {
83 // Create another view in the same process.
84 scoped_ptr<TestWebContents> new_web_contents(
85 TestWebContents::Create(browser_context(), rvh()->GetSiteInstance()));
86
87 rvh()->AllowBindings(BINDINGS_POLICY_WEB_UI);
88 EXPECT_FALSE(rvh()->GetEnabledBindings() & BINDINGS_POLICY_WEB_UI);
89 }
90
91 class MockDraggingRenderViewHostDelegateView
92 : public RenderViewHostDelegateView {
93 public:
94 ~MockDraggingRenderViewHostDelegateView() override {}
95 void StartDragging(const DropData& drop_data,
96 blink::WebDragOperationsMask allowed_ops,
97 const gfx::ImageSkia& image,
98 const gfx::Vector2d& image_offset,
99 const DragEventSourceInfo& event_info) override {
100 drag_url_ = drop_data.url;
101 html_base_url_ = drop_data.html_base_url;
102 }
103 void UpdateDragCursor(blink::WebDragOperation operation) override {}
104 void GotFocus() override {}
105 void TakeFocus(bool reverse) override {}
106 virtual void UpdatePreferredSize(const gfx::Size& pref_size) {}
107
108 GURL drag_url() {
109 return drag_url_;
110 }
111
112 GURL html_base_url() {
113 return html_base_url_;
114 }
115
116 private:
117 GURL drag_url_;
118 GURL html_base_url_;
119 };
120
121 TEST_F(RenderViewHostTest, StartDragging) {
122 TestWebContents* web_contents = contents();
123 MockDraggingRenderViewHostDelegateView delegate_view;
124 web_contents->set_delegate_view(&delegate_view);
125
126 DropData drop_data;
127 GURL file_url = GURL("file:///home/user/secrets.txt");
128 drop_data.url = file_url;
129 drop_data.html_base_url = file_url;
130 test_rvh()->TestOnStartDragging(drop_data);
131 EXPECT_EQ(GURL(url::kAboutBlankURL), delegate_view.drag_url());
132 EXPECT_EQ(GURL(url::kAboutBlankURL), delegate_view.html_base_url());
133
134 GURL http_url = GURL("http://www.domain.com/index.html");
135 drop_data.url = http_url;
136 drop_data.html_base_url = http_url;
137 test_rvh()->TestOnStartDragging(drop_data);
138 EXPECT_EQ(http_url, delegate_view.drag_url());
139 EXPECT_EQ(http_url, delegate_view.html_base_url());
140
141 GURL https_url = GURL("https://www.domain.com/index.html");
142 drop_data.url = https_url;
143 drop_data.html_base_url = https_url;
144 test_rvh()->TestOnStartDragging(drop_data);
145 EXPECT_EQ(https_url, delegate_view.drag_url());
146 EXPECT_EQ(https_url, delegate_view.html_base_url());
147
148 GURL javascript_url = GURL("javascript:alert('I am a bookmarklet')");
149 drop_data.url = javascript_url;
150 drop_data.html_base_url = http_url;
151 test_rvh()->TestOnStartDragging(drop_data);
152 EXPECT_EQ(javascript_url, delegate_view.drag_url());
153 EXPECT_EQ(http_url, delegate_view.html_base_url());
154 }
155
156 TEST_F(RenderViewHostTest, DragEnteredFileURLsStillBlocked) {
157 DropData dropped_data;
158 gfx::Point client_point;
159 gfx::Point screen_point;
160 // We use "//foo/bar" path (rather than "/foo/bar") since dragged paths are
161 // expected to be absolute on any platforms.
162 base::FilePath highlighted_file_path(FILE_PATH_LITERAL("//tmp/foo.html"));
163 base::FilePath dragged_file_path(FILE_PATH_LITERAL("//tmp/image.jpg"));
164 base::FilePath sensitive_file_path(FILE_PATH_LITERAL("//etc/passwd"));
165 GURL highlighted_file_url = net::FilePathToFileURL(highlighted_file_path);
166 GURL dragged_file_url = net::FilePathToFileURL(dragged_file_path);
167 GURL sensitive_file_url = net::FilePathToFileURL(sensitive_file_path);
168 dropped_data.url = highlighted_file_url;
169 dropped_data.filenames.push_back(
170 ui::FileInfo(dragged_file_path, base::FilePath()));
171
172 rvh()->DragTargetDragEnter(dropped_data, client_point, screen_point,
173 blink::WebDragOperationNone, 0);
174
175 int id = process()->GetID();
176 ChildProcessSecurityPolicyImpl* policy =
177 ChildProcessSecurityPolicyImpl::GetInstance();
178
179 EXPECT_FALSE(policy->CanRequestURL(id, highlighted_file_url));
180 EXPECT_FALSE(policy->CanReadFile(id, highlighted_file_path));
181 EXPECT_TRUE(policy->CanRequestURL(id, dragged_file_url));
182 EXPECT_TRUE(policy->CanReadFile(id, dragged_file_path));
183 EXPECT_FALSE(policy->CanRequestURL(id, sensitive_file_url));
184 EXPECT_FALSE(policy->CanReadFile(id, sensitive_file_path));
185 }
186
187 TEST_F(RenderViewHostTest, MessageWithBadHistoryItemFiles) {
188 base::FilePath file_path;
189 EXPECT_TRUE(PathService::Get(base::DIR_TEMP, &file_path));
190 file_path = file_path.AppendASCII("foo");
191 EXPECT_EQ(0, process()->bad_msg_count());
192 test_rvh()->TestOnUpdateStateWithFile(-1, file_path);
193 EXPECT_EQ(1, process()->bad_msg_count());
194
195 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
196 process()->GetID(), file_path);
197 test_rvh()->TestOnUpdateStateWithFile(-1, file_path);
198 EXPECT_EQ(1, process()->bad_msg_count());
199 }
200
201 namespace {
202 void SetBadFilePath(const GURL& url,
203 const base::FilePath& file_path,
204 FrameHostMsg_DidCommitProvisionalLoad_Params* params) {
205 params->page_state =
206 PageState::CreateForTesting(url, false, "data", &file_path);
207 }
208 }
209
210 TEST_F(RenderViewHostTest, NavigationWithBadHistoryItemFiles) {
211 GURL url("http://www.google.com");
212 base::FilePath file_path;
213 EXPECT_TRUE(PathService::Get(base::DIR_TEMP, &file_path));
214 file_path = file_path.AppendASCII("bar");
215 auto set_bad_file_path_callback = base::Bind(SetBadFilePath, url, file_path);
216
217 EXPECT_EQ(0, process()->bad_msg_count());
218 main_test_rfh()->SendRendererInitiatedNavigationRequest(url, false);
219 main_test_rfh()->PrepareForCommit();
220 contents()->GetMainFrame()->SendNavigateWithModificationCallback(
221 1, 1, true, url, set_bad_file_path_callback);
222 EXPECT_EQ(1, process()->bad_msg_count());
223
224 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
225 process()->GetID(), file_path);
226 main_test_rfh()->SendRendererInitiatedNavigationRequest(url, false);
227 main_test_rfh()->PrepareForCommit();
228 contents()->GetMainFrame()->SendNavigateWithModificationCallback(
229 2, 2, true, url, set_bad_file_path_callback);
230 EXPECT_EQ(1, process()->bad_msg_count());
231 }
232
233 TEST_F(RenderViewHostTest, RoutingIdSane) {
234 RenderFrameHostImpl* root_rfh =
235 contents()->GetFrameTree()->root()->current_frame_host();
236 EXPECT_EQ(contents()->GetMainFrame(), root_rfh);
237 EXPECT_EQ(test_rvh()->GetProcess(), root_rfh->GetProcess());
238 EXPECT_NE(test_rvh()->GetRoutingID(), root_rfh->routing_id());
239 }
240
241 class TestSaveImageFromDataURL : public RenderMessageFilter {
242 public:
243 TestSaveImageFromDataURL(
244 BrowserContext* context)
245 : RenderMessageFilter(
246 0,
247 nullptr,
248 context,
249 context->GetRequestContext(),
250 nullptr,
251 nullptr,
252 nullptr,
253 nullptr) {
254 Reset();
255 }
256
257 void Reset() {
258 url_string_ = std::string();
259 is_downloaded_ = false;
260 }
261
262 std::string& UrlString() const {
263 return url_string_;
264 }
265
266 bool IsDownloaded() const {
267 return is_downloaded_;
268 }
269
270 void Test(const std::string& url) {
271 OnMessageReceived(ViewHostMsg_SaveImageFromDataURL(0, url));
272 }
273
274 protected:
275 ~TestSaveImageFromDataURL() override {}
276 void DownloadUrl(int render_view_id,
277 const GURL& url,
278 const Referrer& referrer,
279 const base::string16& suggested_name,
280 const bool use_prompt) const override {
281 url_string_ = url.spec();
282 is_downloaded_ = true;
283 }
284
285 private:
286 mutable std::string url_string_;
287 mutable bool is_downloaded_;
288 };
289
290 TEST_F(RenderViewHostTest, SaveImageFromDataURL) {
291 scoped_refptr<TestSaveImageFromDataURL> tester(
292 new TestSaveImageFromDataURL(browser_context()));
293
294 tester->Reset();
295 tester->Test("http://non-data-url.com");
296 EXPECT_EQ(tester->UrlString(), "");
297 EXPECT_FALSE(tester->IsDownloaded());
298
299 const std::string data_url = "data:image/gif;base64,"
300 "R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=";
301
302 tester->Reset();
303 tester->Test(data_url);
304 EXPECT_EQ(tester->UrlString(), data_url);
305 EXPECT_TRUE(tester->IsDownloaded());
306 }
307
308 } // namespace content