search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow the externalfile scheme to be whitelisted as an allowed scheme for component...
[chromium-blink-merge.git] / chrome / common / extensions / permissions / permissions_data_unittest.cc
blobe88c364a5d9e8c4846c1cec43bfeede1e149a79d
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <vector>
6
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/extensions/extension_test_util.h"
12 #include "components/crx_file/id_util.h"
13 #include "content/public/common/socket_permission_request.h"
14 #include "extensions/common/error_utils.h"
15 #include "extensions/common/extension.h"
16 #include "extensions/common/extension_builder.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/manifest_constants.h"
19 #include "extensions/common/permissions/api_permission.h"
20 #include "extensions/common/permissions/permission_set.h"
21 #include "extensions/common/permissions/permissions_data.h"
22 #include "extensions/common/permissions/socket_permission.h"
23 #include "extensions/common/switches.h"
24 #include "extensions/common/url_pattern_set.h"
25 #include "extensions/common/value_builder.h"
26 #include "testing/gtest/include/gtest/gtest.h"
27 #include "url/gurl.h"
28
29 using base::UTF16ToUTF8;
30 using content::SocketPermissionRequest;
31 using extension_test_util::LoadManifest;
32 using extension_test_util::LoadManifestUnchecked;
33 using extension_test_util::LoadManifestStrict;
34
35 namespace extensions {
36
37 namespace {
38
39 const char kAllHostsPermission[] = "*://*/*";
40
41 bool CheckSocketPermission(
42 scoped_refptr<Extension> extension,
43 SocketPermissionRequest::OperationType type,
44 const char* host,
45 uint16 port) {
46 SocketPermission::CheckParam param(type, host, port);
47 return extension->permissions_data()->CheckAPIPermissionWithParam(
48 APIPermission::kSocket, &param);
49 }
50
51 // Creates and returns an extension with the given |id|, |host_permissions|, and
52 // manifest |location|.
53 scoped_refptr<const Extension> GetExtensionWithHostPermission(
54 const std::string& id,
55 const std::string& host_permissions,
56 Manifest::Location location) {
57 ListBuilder permissions;
58 if (!host_permissions.empty())
59 permissions.Append(host_permissions);
60
61 return ExtensionBuilder()
62 .SetManifest(
63 DictionaryBuilder()
64 .Set("name", id)
65 .Set("description", "an extension")
66 .Set("manifest_version", 2)
67 .Set("version", "1.0.0")
68 .Set("permissions", permissions.Pass())
69 .Build())
70 .SetLocation(location)
71 .SetID(id)
72 .Build();
73 }
74
75 // Checks that urls are properly restricted for the given extension.
76 void CheckRestrictedUrls(const Extension* extension,
77 bool block_chrome_urls) {
78 // We log the name so we know _which_ extension failed here.
79 const std::string& name = extension->name();
80 const GURL chrome_settings_url("chrome://settings/");
81 const GURL chrome_extension_url("chrome-extension://foo/bar.html");
82 const GURL google_url("https://www.google.com/");
83 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
84 const GURL invalid_url("chrome-debugger://foo/bar.html");
85
86 std::string error;
87 EXPECT_EQ(block_chrome_urls,
88 PermissionsData::IsRestrictedUrl(
89 chrome_settings_url,
90 chrome_settings_url,
91 extension,
92 &error)) << name;
93 if (block_chrome_urls)
94 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name;
95 else
96 EXPECT_TRUE(error.empty()) << name;
97
98 error.clear();
99 EXPECT_EQ(block_chrome_urls,
100 PermissionsData::IsRestrictedUrl(
101 chrome_extension_url,
102 chrome_extension_url,
103 extension,
104 &error)) << name;
105 if (block_chrome_urls)
106 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name;
107 else
108 EXPECT_TRUE(error.empty()) << name;
109
110 // Google should never be a restricted url.
111 error.clear();
112 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
113 google_url, google_url, extension, &error)) << name;
114 EXPECT_TRUE(error.empty()) << name;
115
116 // We should always be able to access our own extension pages.
117 error.clear();
118 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
119 self_url, self_url, extension, &error)) << name;
120 EXPECT_TRUE(error.empty()) << name;
121
122 // We should only allow other schemes for extensions when it's a whitelisted
123 // extension.
124 error.clear();
125 bool allow_on_other_schemes =
126 PermissionsData::CanExecuteScriptEverywhere(extension);
127 EXPECT_EQ(!allow_on_other_schemes,
128 PermissionsData::IsRestrictedUrl(
129 invalid_url, invalid_url, extension, &error)) << name;
130 if (!allow_on_other_schemes) {
131 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
132 manifest_errors::kCannotAccessPage,
133 invalid_url.spec()),
134 error) << name;
135 } else {
136 EXPECT_TRUE(error.empty());
137 }
138 }
139
140 } // namespace
141
142 // NOTE: These tests run in Chrome's unit_tests suite because they depend on
143 // extension manifest keys (like "content_scripts") that do not exist yet in the
144 // src/extensions module.
145 TEST(PermissionsDataTest, EffectiveHostPermissions) {
146 scoped_refptr<Extension> extension;
147 URLPatternSet hosts;
148
149 extension = LoadManifest("effective_host_permissions", "empty.json");
150 EXPECT_EQ(0u,
151 extension->permissions_data()
152 ->GetEffectiveHostPermissions()
153 .patterns()
154 .size());
155 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
156 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
157
158 extension = LoadManifest("effective_host_permissions", "one_host.json");
159 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
160 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
161 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
162 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
163
164 extension = LoadManifest("effective_host_permissions",
165 "one_host_wildcard.json");
166 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
167 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
168 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
169 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
170
171 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
172 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
173 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
174 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
175 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
176
177 extension = LoadManifest("effective_host_permissions",
178 "https_not_considered.json");
179 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
180 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
181 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
182 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
183
184 extension = LoadManifest("effective_host_permissions",
185 "two_content_scripts.json");
186 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
187 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
188 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
189 EXPECT_TRUE(extension->permissions_data()
190 ->active_permissions()
191 ->HasEffectiveAccessToURL(GURL("http://www.reddit.com")));
192 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
193 EXPECT_TRUE(
194 extension->permissions_data()
195 ->active_permissions()
196 ->HasEffectiveAccessToURL(GURL("http://news.ycombinator.com")));
197 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
198
199 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
200 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
201 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
202 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
203 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
204 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
205
206 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
207 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
208 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
209 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
210 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
211
212 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
213 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
214 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
215 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
216 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
217 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
218
219 // Tab-specific permissions should be included in the effective hosts.
220 GURL tab_url("http://www.example.com/");
221 URLPatternSet new_hosts;
222 new_hosts.AddOrigin(URLPattern::SCHEME_ALL, tab_url);
223 extension->permissions_data()->UpdateTabSpecificPermissions(
224 1,
225 new PermissionSet(APIPermissionSet(),
226 ManifestPermissionSet(),
227 new_hosts,
228 URLPatternSet()));
229 EXPECT_TRUE(extension->permissions_data()->GetEffectiveHostPermissions().
230 MatchesURL(tab_url));
231 extension->permissions_data()->ClearTabSpecificPermissions(1);
232 EXPECT_FALSE(extension->permissions_data()->GetEffectiveHostPermissions().
233 MatchesURL(tab_url));
234 }
235
236 TEST(PermissionsDataTest, SocketPermissions) {
237 scoped_refptr<Extension> extension;
238 std::string error;
239
240 extension = LoadManifest("socket_permissions", "empty.json");
241 EXPECT_FALSE(CheckSocketPermission(extension,
242 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
243
244 extension = LoadManifestUnchecked("socket_permissions",
245 "socket1.json",
246 Manifest::INTERNAL, Extension::NO_FLAGS,
247 &error);
248 EXPECT_TRUE(extension.get() == NULL);
249 std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage(
250 manifest_errors::kInvalidPermissionWithDetail,
251 "socket",
252 "NULL or empty permission list");
253 EXPECT_EQ(expected_error_msg_header, error);
254
255 extension = LoadManifest("socket_permissions", "socket2.json");
256 EXPECT_TRUE(CheckSocketPermission(extension,
257 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
258 EXPECT_FALSE(CheckSocketPermission(
259 extension, SocketPermissionRequest::UDP_BIND, "", 80));
260 EXPECT_TRUE(CheckSocketPermission(
261 extension, SocketPermissionRequest::UDP_BIND, "", 8888));
262
263 EXPECT_FALSE(CheckSocketPermission(
264 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
265 EXPECT_TRUE(CheckSocketPermission(
266 extension,
267 SocketPermissionRequest::UDP_SEND_TO,
268 "239.255.255.250", 1900));
269 }
270
271 TEST(PermissionsDataTest, IsRestrictedUrl) {
272 scoped_refptr<const Extension> extension =
273 GetExtensionWithHostPermission("normal_extension",
274 kAllHostsPermission,
275 Manifest::INTERNAL);
276 // Chrome urls should be blocked for normal extensions.
277 CheckRestrictedUrls(extension.get(), true);
278
279 scoped_refptr<const Extension> component =
280 GetExtensionWithHostPermission("component",
281 kAllHostsPermission,
282 Manifest::COMPONENT);
283 // Chrome urls should be accessible by component extensions.
284 CheckRestrictedUrls(component.get(), false);
285
286 base::CommandLine::ForCurrentProcess()->AppendSwitch(
287 switches::kExtensionsOnChromeURLs);
288 // Enabling the switch should allow all extensions to access chrome urls.
289 CheckRestrictedUrls(extension.get(), false);
290 }
291
292 TEST(PermissionsDataTest, GetPermissionMessages_ManyAPIPermissions) {
293 scoped_refptr<Extension> extension;
294 extension = LoadManifest("permissions", "many-apis.json");
295 std::vector<base::string16> warnings =
296 extension->permissions_data()->GetPermissionMessageStrings();
297 // Warning for "tabs" is suppressed by "history" permission.
298 ASSERT_EQ(5u, warnings.size());
299 EXPECT_EQ("Read and change your data on api.flickr.com",
300 UTF16ToUTF8(warnings[0]));
301 EXPECT_EQ("Read and change your bookmarks", UTF16ToUTF8(warnings[1]));
302 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
303 EXPECT_EQ("Read and change your browsing history", UTF16ToUTF8(warnings[3]));
304 EXPECT_EQ("Manage your apps, extensions, and themes",
305 UTF16ToUTF8(warnings[4]));
306 }
307
308 TEST(PermissionsDataTest, GetPermissionMessages_ManyHostsPermissions) {
309 scoped_refptr<Extension> extension;
310 extension = LoadManifest("permissions", "more-than-3-hosts.json");
311 std::vector<base::string16> warnings =
312 extension->permissions_data()->GetPermissionMessageStrings();
313 std::vector<base::string16> warnings_details =
314 extension->permissions_data()->GetPermissionMessageDetailsStrings();
315 ASSERT_EQ(1u, warnings.size());
316 ASSERT_EQ(1u, warnings_details.size());
317 EXPECT_EQ("Read and change your data on a number of websites",
318 UTF16ToUTF8(warnings[0]));
319 EXPECT_EQ("www.a.com\nwww.b.com\nwww.c.com\nwww.d.com\nwww.e.com",
320 UTF16ToUTF8(warnings_details[0]));
321 }
322
323 TEST(PermissionsDataTest, GetPermissionMessages_LocationApiPermission) {
324 scoped_refptr<Extension> extension;
325 extension = LoadManifest("permissions",
326 "location-api.json",
327 Manifest::COMPONENT,
328 Extension::NO_FLAGS);
329 std::vector<base::string16> warnings =
330 extension->permissions_data()->GetPermissionMessageStrings();
331 ASSERT_EQ(1u, warnings.size());
332 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
333 }
334
335 TEST(PermissionsDataTest, GetPermissionMessages_ManyHosts) {
336 scoped_refptr<Extension> extension;
337 extension = LoadManifest("permissions", "many-hosts.json");
338 std::vector<base::string16> warnings =
339 extension->permissions_data()->GetPermissionMessageStrings();
340 ASSERT_EQ(1u, warnings.size());
341 EXPECT_EQ(
342 "Read and change your data on encrypted.google.com and www.google.com",
343 UTF16ToUTF8(warnings[0]));
344 }
345
346 TEST(PermissionsDataTest, GetPermissionMessages_Plugins) {
347 scoped_refptr<Extension> extension;
348 extension = LoadManifest("permissions", "plugins.json");
349 std::vector<base::string16> warnings =
350 extension->permissions_data()->GetPermissionMessageStrings();
351 // We don't parse the plugins key on Chrome OS, so it should not ask for any
352 // permissions.
353 #if defined(OS_CHROMEOS)
354 ASSERT_EQ(0u, warnings.size());
355 #else
356 ASSERT_EQ(1u, warnings.size());
357 EXPECT_EQ(
358 "Read and change all your data on your computer and the websites you "
359 "visit",
360 UTF16ToUTF8(warnings[0]));
361 #endif
362 }
363
364 TEST(PermissionsDataTest, ExternalFiles) {
365 GURL external_file("externalfile:abc");
366 scoped_refptr<const Extension> extension;
367
368 // A regular extension shouldn't get access to externalfile: scheme URLs
369 // even with <all_urls> specified.
370 extension = GetExtensionWithHostPermission(
371 "regular_extension", "<all_urls>", Manifest::UNPACKED);
372 ASSERT_FALSE(extension->permissions_data()->HasHostPermission(external_file));
373
374 // Component extensions should get access to externalfile: scheme URLs when
375 // <all_urls> is specified.
376 extension = GetExtensionWithHostPermission(
377 "component_extension", "<all_urls>", Manifest::COMPONENT);
378 ASSERT_TRUE(extension->permissions_data()->HasHostPermission(external_file));
379 }
380
381 // Base class for testing the CanAccessPage and CanCaptureVisiblePage
382 // methods of Extension for extensions with various permissions.
383 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
384 protected:
385 ExtensionScriptAndCaptureVisibleTest()
386 : http_url("http://www.google.com"),
387 http_url_with_path("http://www.google.com/index.html"),
388 https_url("https://www.google.com"),
389 file_url("file:///foo/bar"),
390 favicon_url("chrome://favicon/http://www.google.com"),
391 extension_url("chrome-extension://" +
392 crx_file::id_util::GenerateIdForPath(
393 base::FilePath(FILE_PATH_LITERAL("foo")))),
394 settings_url("chrome://settings"),
395 about_url("about:flags") {
396 urls_.insert(http_url);
397 urls_.insert(http_url_with_path);
398 urls_.insert(https_url);
399 urls_.insert(file_url);
400 urls_.insert(favicon_url);
401 urls_.insert(extension_url);
402 urls_.insert(settings_url);
403 urls_.insert(about_url);
404 // Ignore the policy delegate for this test.
405 PermissionsData::SetPolicyDelegate(NULL);
406 }
407
408 bool AllowedScript(const Extension* extension, const GURL& url,
409 const GURL& top_url) {
410 return AllowedScript(extension, url, top_url, -1);
411 }
412
413 bool AllowedScript(const Extension* extension, const GURL& url,
414 const GURL& top_url, int tab_id) {
415 return extension->permissions_data()->CanAccessPage(
416 extension, url, top_url, tab_id, -1, NULL);
417 }
418
419 bool BlockedScript(const Extension* extension, const GURL& url,
420 const GURL& top_url) {
421 return !extension->permissions_data()->CanAccessPage(
422 extension, url, top_url, -1, -1, NULL);
423 }
424
425 bool Allowed(const Extension* extension, const GURL& url) {
426 return Allowed(extension, url, -1);
427 }
428
429 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
430 return (extension->permissions_data()->CanAccessPage(
431 extension, url, url, tab_id, -1, NULL) &&
432 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL));
433 }
434
435 bool CaptureOnly(const Extension* extension, const GURL& url) {
436 return CaptureOnly(extension, url, -1);
437 }
438
439 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
440 return !extension->permissions_data()->CanAccessPage(
441 extension, url, url, tab_id, -1, NULL) &&
442 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
443 }
444
445 bool ScriptOnly(const Extension* extension, const GURL& url,
446 const GURL& top_url) {
447 return ScriptOnly(extension, url, top_url, -1);
448 }
449
450 bool ScriptOnly(const Extension* extension, const GURL& url,
451 const GURL& top_url, int tab_id) {
452 return AllowedScript(extension, url, top_url, tab_id) &&
453 !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
454 }
455
456 bool Blocked(const Extension* extension, const GURL& url) {
457 return Blocked(extension, url, -1);
458 }
459
460 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
461 return !(extension->permissions_data()->CanAccessPage(
462 extension, url, url, tab_id, -1, NULL) ||
463 extension->permissions_data()->CanCaptureVisiblePage(tab_id,
464 NULL));
465 }
466
467 bool ScriptAllowedExclusivelyOnTab(
468 const Extension* extension,
469 const std::set<GURL>& allowed_urls,
470 int tab_id) {
471 bool result = true;
472 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
473 const GURL& url = *it;
474 if (allowed_urls.count(url))
475 result &= AllowedScript(extension, url, url, tab_id);
476 else
477 result &= Blocked(extension, url, tab_id);
478 }
479 return result;
480 }
481
482 // URLs that are "safe" to provide scripting and capture visible tab access
483 // to if the permissions allow it.
484 const GURL http_url;
485 const GURL http_url_with_path;
486 const GURL https_url;
487 const GURL file_url;
488
489 // We should allow host permission but not scripting permission for favicon
490 // urls.
491 const GURL favicon_url;
492
493 // URLs that regular extensions should never get access to.
494 const GURL extension_url;
495 const GURL settings_url;
496 const GURL about_url;
497
498 private:
499 // The set of all URLs above.
500 std::set<GURL> urls_;
501 };
502
503 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
504 // Test <all_urls> for regular extensions.
505 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
506 "extension_regular_all.json");
507
508 EXPECT_TRUE(Allowed(extension.get(), http_url));
509 EXPECT_TRUE(Allowed(extension.get(), https_url));
510 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
511 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
512 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
513 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
514 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
515
516 // Test access to iframed content.
517 GURL within_extension_url = extension->GetResourceURL("page.html");
518 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
519 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
520 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
521 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
522 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
523 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
524
525 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
526 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url));
527 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
528
529 // Test * for scheme, which implies just the http/https schemes.
530 extension = LoadManifestStrict("script_and_capture",
531 "extension_wildcard.json");
532 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
533 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
534 EXPECT_TRUE(Blocked(extension.get(), settings_url));
535 EXPECT_TRUE(Blocked(extension.get(), about_url));
536 EXPECT_TRUE(Blocked(extension.get(), file_url));
537 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
538 extension =
539 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
540 EXPECT_TRUE(Blocked(extension.get(), settings_url));
541
542 // Having chrome://*/ should not work for regular extensions. Note that
543 // for favicon access, we require the explicit pattern chrome://favicon/*.
544 std::string error;
545 extension = LoadManifestUnchecked("script_and_capture",
546 "extension_wildcard_chrome.json",
547 Manifest::INTERNAL, Extension::NO_FLAGS,
548 &error);
549 std::vector<InstallWarning> warnings = extension->install_warnings();
550 EXPECT_FALSE(warnings.empty());
551 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
552 manifest_errors::kInvalidPermissionScheme,
553 "chrome://*/"),
554 warnings[0].message);
555 EXPECT_TRUE(Blocked(extension.get(), settings_url));
556 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
557 EXPECT_TRUE(Blocked(extension.get(), about_url));
558
559 // Having chrome://favicon/* should not give you chrome://*
560 extension = LoadManifestStrict("script_and_capture",
561 "extension_chrome_favicon_wildcard.json");
562 EXPECT_TRUE(Blocked(extension.get(), settings_url));
563 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
564 EXPECT_TRUE(Blocked(extension.get(), about_url));
565 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
566
567 // Having http://favicon should not give you chrome://favicon
568 extension = LoadManifestStrict("script_and_capture",
569 "extension_http_favicon.json");
570 EXPECT_TRUE(Blocked(extension.get(), settings_url));
571 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
572
573 // Component extensions with <all_urls> should get everything.
574 extension = LoadManifest("script_and_capture", "extension_component_all.json",
575 Manifest::COMPONENT, Extension::NO_FLAGS);
576 EXPECT_TRUE(Allowed(extension.get(), http_url));
577 EXPECT_TRUE(Allowed(extension.get(), https_url));
578 EXPECT_TRUE(Allowed(extension.get(), settings_url));
579 EXPECT_TRUE(Allowed(extension.get(), about_url));
580 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
581 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
582
583 // Component extensions should only get access to what they ask for.
584 extension = LoadManifest("script_and_capture",
585 "extension_component_google.json", Manifest::COMPONENT,
586 Extension::NO_FLAGS);
587 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
588 EXPECT_TRUE(Blocked(extension.get(), https_url));
589 EXPECT_TRUE(Blocked(extension.get(), file_url));
590 EXPECT_TRUE(Blocked(extension.get(), settings_url));
591 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
592 EXPECT_TRUE(Blocked(extension.get(), about_url));
593 EXPECT_TRUE(Blocked(extension.get(), extension_url));
594 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
595 }
596
597 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
598 base::CommandLine::ForCurrentProcess()->AppendSwitch(
599 switches::kExtensionsOnChromeURLs);
600
601 scoped_refptr<Extension> extension;
602
603 // Test <all_urls> for regular extensions.
604 extension = LoadManifestStrict("script_and_capture",
605 "extension_regular_all.json");
606 EXPECT_TRUE(Allowed(extension.get(), http_url));
607 EXPECT_TRUE(Allowed(extension.get(), https_url));
608 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
609 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
610 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
611 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
612 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
613
614 // Test access to iframed content.
615 GURL within_extension_url = extension->GetResourceURL("page.html");
616 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
617 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
618 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
619 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
620 EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url));
621 EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url));
622
623 const PermissionsData* permissions_data = extension->permissions_data();
624 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url));
625 EXPECT_FALSE(permissions_data->HasHostPermission(about_url));
626 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url));
627
628 // Test * for scheme, which implies just the http/https schemes.
629 extension = LoadManifestStrict("script_and_capture",
630 "extension_wildcard.json");
631 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
632 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
633 EXPECT_TRUE(Blocked(extension.get(), settings_url));
634 EXPECT_TRUE(Blocked(extension.get(), about_url));
635 EXPECT_TRUE(Blocked(extension.get(), file_url));
636 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
637 extension =
638 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
639 EXPECT_TRUE(Blocked(extension.get(), settings_url));
640
641 // Having chrome://*/ should work for regular extensions with the flag
642 // enabled.
643 std::string error;
644 extension = LoadManifestUnchecked("script_and_capture",
645 "extension_wildcard_chrome.json",
646 Manifest::INTERNAL, Extension::NO_FLAGS,
647 &error);
648 EXPECT_FALSE(extension.get() == NULL);
649 EXPECT_TRUE(Blocked(extension.get(), http_url));
650 EXPECT_TRUE(Blocked(extension.get(), https_url));
651 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url));
652 EXPECT_TRUE(Blocked(extension.get(), about_url));
653 EXPECT_TRUE(Blocked(extension.get(), file_url));
654 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
655
656 // Having chrome://favicon/* should not give you chrome://*
657 extension = LoadManifestStrict("script_and_capture",
658 "extension_chrome_favicon_wildcard.json");
659 EXPECT_TRUE(Blocked(extension.get(), settings_url));
660 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
661 EXPECT_TRUE(Blocked(extension.get(), about_url));
662 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
663
664 // Having http://favicon should not give you chrome://favicon
665 extension = LoadManifestStrict("script_and_capture",
666 "extension_http_favicon.json");
667 EXPECT_TRUE(Blocked(extension.get(), settings_url));
668 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
669
670 // Component extensions with <all_urls> should get everything.
671 extension = LoadManifest("script_and_capture", "extension_component_all.json",
672 Manifest::COMPONENT, Extension::NO_FLAGS);
673 EXPECT_TRUE(Allowed(extension.get(), http_url));
674 EXPECT_TRUE(Allowed(extension.get(), https_url));
675 EXPECT_TRUE(Allowed(extension.get(), settings_url));
676 EXPECT_TRUE(Allowed(extension.get(), about_url));
677 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
678 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
679
680 // Component extensions should only get access to what they ask for.
681 extension = LoadManifest("script_and_capture",
682 "extension_component_google.json", Manifest::COMPONENT,
683 Extension::NO_FLAGS);
684 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
685 EXPECT_TRUE(Blocked(extension.get(), https_url));
686 EXPECT_TRUE(Blocked(extension.get(), file_url));
687 EXPECT_TRUE(Blocked(extension.get(), settings_url));
688 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
689 EXPECT_TRUE(Blocked(extension.get(), about_url));
690 EXPECT_TRUE(Blocked(extension.get(), extension_url));
691 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
692 }
693
694 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
695 scoped_refptr<Extension> extension =
696 LoadManifestStrict("script_and_capture", "tab_specific.json");
697
698 const PermissionsData* permissions_data = extension->permissions_data();
699 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
700 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get());
701 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(2).get());
702
703 std::set<GURL> no_urls;
704
705 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
706 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
707 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
708
709 URLPatternSet allowed_hosts;
710 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
711 http_url.spec()));
712 std::set<GURL> allowed_urls;
713 allowed_urls.insert(http_url);
714 // http_url_with_path() will also be allowed, because Extension should be
715 // considering the security origin of the URL not the URL itself, and
716 // http_url is in allowed_hosts.
717 allowed_urls.insert(http_url_with_path);
718
719 {
720 scoped_refptr<PermissionSet> permissions(
721 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
722 allowed_hosts, URLPatternSet()));
723 permissions_data->UpdateTabSpecificPermissions(0, permissions);
724 EXPECT_EQ(permissions->explicit_hosts(),
725 permissions_data->GetTabSpecificPermissionsForTesting(0)
726 ->explicit_hosts());
727 }
728
729 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
730 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
731 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
732
733 permissions_data->ClearTabSpecificPermissions(0);
734 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
735
736 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
737 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
738 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
739
740 std::set<GURL> more_allowed_urls = allowed_urls;
741 more_allowed_urls.insert(https_url);
742 URLPatternSet more_allowed_hosts = allowed_hosts;
743 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
744 https_url.spec()));
745
746 {
747 scoped_refptr<PermissionSet> permissions(
748 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
749 allowed_hosts, URLPatternSet()));
750 permissions_data->UpdateTabSpecificPermissions(0, permissions);
751 EXPECT_EQ(permissions->explicit_hosts(),
752 permissions_data->GetTabSpecificPermissionsForTesting(0)
753 ->explicit_hosts());
754
755 permissions = new PermissionSet(APIPermissionSet(),
756 ManifestPermissionSet(),
757 more_allowed_hosts,
758 URLPatternSet());
759 permissions_data->UpdateTabSpecificPermissions(1, permissions);
760 EXPECT_EQ(permissions->explicit_hosts(),
761 permissions_data->GetTabSpecificPermissionsForTesting(1)
762 ->explicit_hosts());
763 }
764
765 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
766 EXPECT_TRUE(
767 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
768 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
769
770 permissions_data->ClearTabSpecificPermissions(0);
771 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
772
773 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
774 EXPECT_TRUE(
775 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
776 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
777
778 permissions_data->ClearTabSpecificPermissions(1);
779 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get());
780
781 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
782 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
783 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
784 }
785
786 } // namespace extensions