search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Supervised user import: Listen for profile creation/deletion
[chromium-blink-merge.git] / chrome / common / extensions / permissions / permissions_data_unittest.cc
blob82de2727611f5a65df3eb60e284dbf79be00cbb6
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <vector>
6
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/extensions/extension_test_util.h"
12 #include "components/crx_file/id_util.h"
13 #include "content/public/common/socket_permission_request.h"
14 #include "extensions/common/error_utils.h"
15 #include "extensions/common/extension.h"
16 #include "extensions/common/extension_builder.h"
17 #include "extensions/common/manifest.h"
18 #include "extensions/common/manifest_constants.h"
19 #include "extensions/common/permissions/api_permission.h"
20 #include "extensions/common/permissions/permission_message_test_util.h"
21 #include "extensions/common/permissions/permission_set.h"
22 #include "extensions/common/permissions/permissions_data.h"
23 #include "extensions/common/permissions/socket_permission.h"
24 #include "extensions/common/switches.h"
25 #include "extensions/common/url_pattern_set.h"
26 #include "extensions/common/value_builder.h"
27 #include "testing/gtest/include/gtest/gtest.h"
28 #include "url/gurl.h"
29
30 using base::UTF16ToUTF8;
31 using content::SocketPermissionRequest;
32 using extension_test_util::LoadManifest;
33 using extension_test_util::LoadManifestUnchecked;
34 using extension_test_util::LoadManifestStrict;
35
36 namespace extensions {
37
38 namespace {
39
40 const char kAllHostsPermission[] = "*://*/*";
41
42 bool CheckSocketPermission(
43 scoped_refptr<Extension> extension,
44 SocketPermissionRequest::OperationType type,
45 const char* host,
46 uint16 port) {
47 SocketPermission::CheckParam param(type, host, port);
48 return extension->permissions_data()->CheckAPIPermissionWithParam(
49 APIPermission::kSocket, &param);
50 }
51
52 // Creates and returns an extension with the given |id|, |host_permissions|, and
53 // manifest |location|.
54 scoped_refptr<const Extension> GetExtensionWithHostPermission(
55 const std::string& id,
56 const std::string& host_permissions,
57 Manifest::Location location) {
58 ListBuilder permissions;
59 if (!host_permissions.empty())
60 permissions.Append(host_permissions);
61
62 return ExtensionBuilder()
63 .SetManifest(
64 DictionaryBuilder()
65 .Set("name", id)
66 .Set("description", "an extension")
67 .Set("manifest_version", 2)
68 .Set("version", "1.0.0")
69 .Set("permissions", permissions.Pass())
70 .Build())
71 .SetLocation(location)
72 .SetID(id)
73 .Build();
74 }
75
76 // Checks that urls are properly restricted for the given extension.
77 void CheckRestrictedUrls(const Extension* extension,
78 bool block_chrome_urls) {
79 // We log the name so we know _which_ extension failed here.
80 const std::string& name = extension->name();
81 const GURL chrome_settings_url("chrome://settings/");
82 const GURL chrome_extension_url("chrome-extension://foo/bar.html");
83 const GURL google_url("https://www.google.com/");
84 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
85 const GURL invalid_url("chrome-debugger://foo/bar.html");
86
87 std::string error;
88 EXPECT_EQ(block_chrome_urls,
89 PermissionsData::IsRestrictedUrl(
90 chrome_settings_url,
91 chrome_settings_url,
92 extension,
93 &error)) << name;
94 if (block_chrome_urls)
95 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name;
96 else
97 EXPECT_TRUE(error.empty()) << name;
98
99 error.clear();
100 EXPECT_EQ(block_chrome_urls,
101 PermissionsData::IsRestrictedUrl(
102 chrome_extension_url,
103 chrome_extension_url,
104 extension,
105 &error)) << name;
106 if (block_chrome_urls)
107 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name;
108 else
109 EXPECT_TRUE(error.empty()) << name;
110
111 // Google should never be a restricted url.
112 error.clear();
113 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
114 google_url, google_url, extension, &error)) << name;
115 EXPECT_TRUE(error.empty()) << name;
116
117 // We should always be able to access our own extension pages.
118 error.clear();
119 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
120 self_url, self_url, extension, &error)) << name;
121 EXPECT_TRUE(error.empty()) << name;
122
123 // We should only allow other schemes for extensions when it's a whitelisted
124 // extension.
125 error.clear();
126 bool allow_on_other_schemes =
127 PermissionsData::CanExecuteScriptEverywhere(extension);
128 EXPECT_EQ(!allow_on_other_schemes,
129 PermissionsData::IsRestrictedUrl(
130 invalid_url, invalid_url, extension, &error)) << name;
131 if (!allow_on_other_schemes) {
132 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
133 manifest_errors::kCannotAccessPage,
134 invalid_url.spec()),
135 error) << name;
136 } else {
137 EXPECT_TRUE(error.empty());
138 }
139 }
140
141 } // namespace
142
143 // NOTE: These tests run in Chrome's unit_tests suite because they depend on
144 // extension manifest keys (like "content_scripts") that do not exist yet in the
145 // src/extensions module.
146 TEST(PermissionsDataTest, EffectiveHostPermissions) {
147 scoped_refptr<Extension> extension;
148 URLPatternSet hosts;
149
150 extension = LoadManifest("effective_host_permissions", "empty.json");
151 EXPECT_EQ(0u,
152 extension->permissions_data()
153 ->GetEffectiveHostPermissions()
154 .patterns()
155 .size());
156 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
157 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
158
159 extension = LoadManifest("effective_host_permissions", "one_host.json");
160 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
161 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
162 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
163 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
164
165 extension = LoadManifest("effective_host_permissions",
166 "one_host_wildcard.json");
167 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
168 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
169 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
170 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
171
172 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
173 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
174 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
175 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
176 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
177
178 extension = LoadManifest("effective_host_permissions",
179 "https_not_considered.json");
180 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
181 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
182 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
183 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
184
185 extension = LoadManifest("effective_host_permissions",
186 "two_content_scripts.json");
187 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
188 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
189 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
190 EXPECT_TRUE(extension->permissions_data()
191 ->active_permissions()
192 ->HasEffectiveAccessToURL(GURL("http://www.reddit.com")));
193 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
194 EXPECT_TRUE(
195 extension->permissions_data()
196 ->active_permissions()
197 ->HasEffectiveAccessToURL(GURL("http://news.ycombinator.com")));
198 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
199
200 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
201 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
202 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
203 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
204 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
205 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
206
207 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
208 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
209 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
210 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
211 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
212
213 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
214 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
215 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
216 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
217 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
218 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
219
220 // Tab-specific permissions should be included in the effective hosts.
221 GURL tab_url("http://www.example.com/");
222 URLPatternSet new_hosts;
223 new_hosts.AddOrigin(URLPattern::SCHEME_ALL, tab_url);
224 extension->permissions_data()->UpdateTabSpecificPermissions(
225 1,
226 new PermissionSet(APIPermissionSet(),
227 ManifestPermissionSet(),
228 new_hosts,
229 URLPatternSet()));
230 EXPECT_TRUE(extension->permissions_data()->GetEffectiveHostPermissions().
231 MatchesURL(tab_url));
232 extension->permissions_data()->ClearTabSpecificPermissions(1);
233 EXPECT_FALSE(extension->permissions_data()->GetEffectiveHostPermissions().
234 MatchesURL(tab_url));
235 }
236
237 TEST(PermissionsDataTest, SocketPermissions) {
238 scoped_refptr<Extension> extension;
239 std::string error;
240
241 extension = LoadManifest("socket_permissions", "empty.json");
242 EXPECT_FALSE(CheckSocketPermission(extension,
243 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
244
245 extension = LoadManifestUnchecked("socket_permissions",
246 "socket1.json",
247 Manifest::INTERNAL, Extension::NO_FLAGS,
248 &error);
249 EXPECT_TRUE(extension.get() == NULL);
250 std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage(
251 manifest_errors::kInvalidPermissionWithDetail,
252 "socket",
253 "NULL or empty permission list");
254 EXPECT_EQ(expected_error_msg_header, error);
255
256 extension = LoadManifest("socket_permissions", "socket2.json");
257 EXPECT_TRUE(CheckSocketPermission(extension,
258 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
259 EXPECT_FALSE(CheckSocketPermission(
260 extension, SocketPermissionRequest::UDP_BIND, "", 80));
261 EXPECT_TRUE(CheckSocketPermission(
262 extension, SocketPermissionRequest::UDP_BIND, "", 8888));
263
264 EXPECT_FALSE(CheckSocketPermission(
265 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
266 EXPECT_TRUE(CheckSocketPermission(
267 extension,
268 SocketPermissionRequest::UDP_SEND_TO,
269 "239.255.255.250", 1900));
270 }
271
272 TEST(PermissionsDataTest, IsRestrictedUrl) {
273 scoped_refptr<const Extension> extension =
274 GetExtensionWithHostPermission("normal_extension",
275 kAllHostsPermission,
276 Manifest::INTERNAL);
277 // Chrome urls should be blocked for normal extensions.
278 CheckRestrictedUrls(extension.get(), true);
279
280 scoped_refptr<const Extension> component =
281 GetExtensionWithHostPermission("component",
282 kAllHostsPermission,
283 Manifest::COMPONENT);
284 // Chrome urls should be accessible by component extensions.
285 CheckRestrictedUrls(component.get(), false);
286
287 base::CommandLine::ForCurrentProcess()->AppendSwitch(
288 switches::kExtensionsOnChromeURLs);
289 // Enabling the switch should allow all extensions to access chrome urls.
290 CheckRestrictedUrls(extension.get(), false);
291 }
292
293 TEST(PermissionsDataTest, GetPermissionMessages_ManyAPIPermissions) {
294 scoped_refptr<Extension> extension;
295 extension = LoadManifest("permissions", "many-apis.json");
296 // Warning for "tabs" is suppressed by "history" permission.
297 std::vector<std::string> expected_messages;
298 expected_messages.push_back("Read and change your data on api.flickr.com");
299 expected_messages.push_back("Read and change your bookmarks");
300 expected_messages.push_back("Detect your physical location");
301 expected_messages.push_back("Read and change your browsing history");
302 expected_messages.push_back("Manage your apps, extensions, and themes");
303 EXPECT_TRUE(VerifyPermissionMessages(extension->permissions_data(),
304 expected_messages, false));
305 }
306
307 TEST(PermissionsDataTest, GetPermissionMessages_ManyHostsPermissions) {
308 scoped_refptr<Extension> extension;
309 extension = LoadManifest("permissions", "more-than-3-hosts.json");
310 std::vector<std::string> submessages;
311 submessages.push_back("www.a.com");
312 submessages.push_back("www.b.com");
313 submessages.push_back("www.c.com");
314 submessages.push_back("www.d.com");
315 submessages.push_back("www.e.com");
316 EXPECT_TRUE(VerifyOnePermissionMessageWithSubmessages(
317 extension->permissions_data(),
318 "Read and change your data on a number of websites", submessages));
319 }
320
321 TEST(PermissionsDataTest, GetPermissionMessages_LocationApiPermission) {
322 scoped_refptr<Extension> extension;
323 extension = LoadManifest("permissions",
324 "location-api.json",
325 Manifest::COMPONENT,
326 Extension::NO_FLAGS);
327 EXPECT_TRUE(VerifyOnePermissionMessage(extension->permissions_data(),
328 "Detect your physical location"));
329 }
330
331 TEST(PermissionsDataTest, GetPermissionMessages_ManyHosts) {
332 scoped_refptr<Extension> extension;
333 extension = LoadManifest("permissions", "many-hosts.json");
334 EXPECT_TRUE(VerifyOnePermissionMessage(
335 extension->permissions_data(),
336 "Read and change your data on encrypted.google.com and www.google.com"));
337 }
338
339 TEST(PermissionsDataTest, GetPermissionMessages_Plugins) {
340 scoped_refptr<Extension> extension;
341 extension = LoadManifest("permissions", "plugins.json");
342 // We don't parse the plugins key on Chrome OS, so it should not ask for any
343 // permissions.
344 #if defined(OS_CHROMEOS)
345 EXPECT_TRUE(VerifyNoPermissionMessages(extension->permissions_data()));
346 #else
347 EXPECT_TRUE(VerifyOnePermissionMessage(
348 extension->permissions_data(),
349 "Read and change all your data on your computer and the websites you "
350 "visit"));
351 #endif
352 }
353
354 TEST(PermissionsDataTest, ExternalFiles) {
355 GURL external_file("externalfile:abc");
356 scoped_refptr<const Extension> extension;
357
358 // A regular extension shouldn't get access to externalfile: scheme URLs
359 // even with <all_urls> specified.
360 extension = GetExtensionWithHostPermission(
361 "regular_extension", "<all_urls>", Manifest::UNPACKED);
362 ASSERT_FALSE(extension->permissions_data()->HasHostPermission(external_file));
363
364 // Component extensions should get access to externalfile: scheme URLs when
365 // <all_urls> is specified.
366 extension = GetExtensionWithHostPermission(
367 "component_extension", "<all_urls>", Manifest::COMPONENT);
368 ASSERT_TRUE(extension->permissions_data()->HasHostPermission(external_file));
369 }
370
371 TEST(PermissionsDataTest, ExtensionScheme) {
372 GURL external_file(
373 "chrome-extension://abcdefghijklmnopabcdefghijklmnop/index.html");
374 scoped_refptr<const Extension> extension;
375
376 // A regular extension shouldn't get access to chrome-extension: scheme URLs
377 // even with <all_urls> specified.
378 extension = GetExtensionWithHostPermission("regular_extension", "<all_urls>",
379 Manifest::UNPACKED);
380 ASSERT_FALSE(extension->permissions_data()->HasHostPermission(external_file));
381
382 // Component extensions should get access to chrome-extension: scheme URLs
383 // when <all_urls> is specified.
384 extension = GetExtensionWithHostPermission("component_extension",
385 "<all_urls>", Manifest::COMPONENT);
386 ASSERT_TRUE(extension->permissions_data()->HasHostPermission(external_file));
387 }
388
389 // Base class for testing the CanAccessPage and CanCaptureVisiblePage
390 // methods of Extension for extensions with various permissions.
391 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
392 protected:
393 ExtensionScriptAndCaptureVisibleTest()
394 : http_url("http://www.google.com"),
395 http_url_with_path("http://www.google.com/index.html"),
396 https_url("https://www.google.com"),
397 file_url("file:///foo/bar"),
398 favicon_url("chrome://favicon/http://www.google.com"),
399 extension_url("chrome-extension://" +
400 crx_file::id_util::GenerateIdForPath(
401 base::FilePath(FILE_PATH_LITERAL("foo")))),
402 settings_url("chrome://settings"),
403 about_url("about:flags") {
404 urls_.insert(http_url);
405 urls_.insert(http_url_with_path);
406 urls_.insert(https_url);
407 urls_.insert(file_url);
408 urls_.insert(favicon_url);
409 urls_.insert(extension_url);
410 urls_.insert(settings_url);
411 urls_.insert(about_url);
412 // Ignore the policy delegate for this test.
413 PermissionsData::SetPolicyDelegate(NULL);
414 }
415
416 bool AllowedScript(const Extension* extension, const GURL& url,
417 const GURL& top_url) {
418 return AllowedScript(extension, url, top_url, -1);
419 }
420
421 bool AllowedScript(const Extension* extension, const GURL& url,
422 const GURL& top_url, int tab_id) {
423 return extension->permissions_data()->CanAccessPage(
424 extension, url, top_url, tab_id, -1, NULL);
425 }
426
427 bool BlockedScript(const Extension* extension, const GURL& url,
428 const GURL& top_url) {
429 return !extension->permissions_data()->CanAccessPage(
430 extension, url, top_url, -1, -1, NULL);
431 }
432
433 bool Allowed(const Extension* extension, const GURL& url) {
434 return Allowed(extension, url, -1);
435 }
436
437 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
438 return (extension->permissions_data()->CanAccessPage(
439 extension, url, url, tab_id, -1, NULL) &&
440 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL));
441 }
442
443 bool CaptureOnly(const Extension* extension, const GURL& url) {
444 return CaptureOnly(extension, url, -1);
445 }
446
447 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
448 return !extension->permissions_data()->CanAccessPage(
449 extension, url, url, tab_id, -1, NULL) &&
450 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
451 }
452
453 bool ScriptOnly(const Extension* extension, const GURL& url,
454 const GURL& top_url) {
455 return ScriptOnly(extension, url, top_url, -1);
456 }
457
458 bool ScriptOnly(const Extension* extension, const GURL& url,
459 const GURL& top_url, int tab_id) {
460 return AllowedScript(extension, url, top_url, tab_id) &&
461 !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
462 }
463
464 bool Blocked(const Extension* extension, const GURL& url) {
465 return Blocked(extension, url, -1);
466 }
467
468 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
469 return !(extension->permissions_data()->CanAccessPage(
470 extension, url, url, tab_id, -1, NULL) ||
471 extension->permissions_data()->CanCaptureVisiblePage(tab_id,
472 NULL));
473 }
474
475 bool ScriptAllowedExclusivelyOnTab(
476 const Extension* extension,
477 const std::set<GURL>& allowed_urls,
478 int tab_id) {
479 bool result = true;
480 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
481 const GURL& url = *it;
482 if (allowed_urls.count(url))
483 result &= AllowedScript(extension, url, url, tab_id);
484 else
485 result &= Blocked(extension, url, tab_id);
486 }
487 return result;
488 }
489
490 // URLs that are "safe" to provide scripting and capture visible tab access
491 // to if the permissions allow it.
492 const GURL http_url;
493 const GURL http_url_with_path;
494 const GURL https_url;
495 const GURL file_url;
496
497 // We should allow host permission but not scripting permission for favicon
498 // urls.
499 const GURL favicon_url;
500
501 // URLs that regular extensions should never get access to.
502 const GURL extension_url;
503 const GURL settings_url;
504 const GURL about_url;
505
506 private:
507 // The set of all URLs above.
508 std::set<GURL> urls_;
509 };
510
511 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
512 // Test <all_urls> for regular extensions.
513 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
514 "extension_regular_all.json");
515
516 EXPECT_TRUE(Allowed(extension.get(), http_url));
517 EXPECT_TRUE(Allowed(extension.get(), https_url));
518 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
519 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
520 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
521 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
522 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
523
524 // Test access to iframed content.
525 GURL within_extension_url = extension->GetResourceURL("page.html");
526 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
527 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
528 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
529 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
530 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
531 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
532
533 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
534 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url));
535 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
536
537 // Test * for scheme, which implies just the http/https schemes.
538 extension = LoadManifestStrict("script_and_capture",
539 "extension_wildcard.json");
540 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
541 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
542 EXPECT_TRUE(Blocked(extension.get(), settings_url));
543 EXPECT_TRUE(Blocked(extension.get(), about_url));
544 EXPECT_TRUE(Blocked(extension.get(), file_url));
545 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
546 extension =
547 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
548 EXPECT_TRUE(Blocked(extension.get(), settings_url));
549
550 // Having chrome://*/ should not work for regular extensions. Note that
551 // for favicon access, we require the explicit pattern chrome://favicon/*.
552 std::string error;
553 extension = LoadManifestUnchecked("script_and_capture",
554 "extension_wildcard_chrome.json",
555 Manifest::INTERNAL, Extension::NO_FLAGS,
556 &error);
557 std::vector<InstallWarning> warnings = extension->install_warnings();
558 EXPECT_FALSE(warnings.empty());
559 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
560 manifest_errors::kInvalidPermissionScheme,
561 "chrome://*/"),
562 warnings[0].message);
563 EXPECT_TRUE(Blocked(extension.get(), settings_url));
564 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
565 EXPECT_TRUE(Blocked(extension.get(), about_url));
566
567 // Having chrome://favicon/* should not give you chrome://*
568 extension = LoadManifestStrict("script_and_capture",
569 "extension_chrome_favicon_wildcard.json");
570 EXPECT_TRUE(Blocked(extension.get(), settings_url));
571 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
572 EXPECT_TRUE(Blocked(extension.get(), about_url));
573 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
574
575 // Having http://favicon should not give you chrome://favicon
576 extension = LoadManifestStrict("script_and_capture",
577 "extension_http_favicon.json");
578 EXPECT_TRUE(Blocked(extension.get(), settings_url));
579 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
580
581 // Component extensions with <all_urls> should get everything.
582 extension = LoadManifest("script_and_capture", "extension_component_all.json",
583 Manifest::COMPONENT, Extension::NO_FLAGS);
584 EXPECT_TRUE(Allowed(extension.get(), http_url));
585 EXPECT_TRUE(Allowed(extension.get(), https_url));
586 EXPECT_TRUE(Allowed(extension.get(), settings_url));
587 EXPECT_TRUE(Allowed(extension.get(), about_url));
588 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
589 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
590
591 // Component extensions should only get access to what they ask for.
592 extension = LoadManifest("script_and_capture",
593 "extension_component_google.json", Manifest::COMPONENT,
594 Extension::NO_FLAGS);
595 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
596 EXPECT_TRUE(Blocked(extension.get(), https_url));
597 EXPECT_TRUE(Blocked(extension.get(), file_url));
598 EXPECT_TRUE(Blocked(extension.get(), settings_url));
599 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
600 EXPECT_TRUE(Blocked(extension.get(), about_url));
601 EXPECT_TRUE(Blocked(extension.get(), extension_url));
602 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
603 }
604
605 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
606 base::CommandLine::ForCurrentProcess()->AppendSwitch(
607 switches::kExtensionsOnChromeURLs);
608
609 scoped_refptr<Extension> extension;
610
611 // Test <all_urls> for regular extensions.
612 extension = LoadManifestStrict("script_and_capture",
613 "extension_regular_all.json");
614 EXPECT_TRUE(Allowed(extension.get(), http_url));
615 EXPECT_TRUE(Allowed(extension.get(), https_url));
616 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
617 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
618 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
619 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
620 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
621
622 // Test access to iframed content.
623 GURL within_extension_url = extension->GetResourceURL("page.html");
624 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
625 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
626 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
627 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
628 EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url));
629 EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url));
630
631 const PermissionsData* permissions_data = extension->permissions_data();
632 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url));
633 EXPECT_FALSE(permissions_data->HasHostPermission(about_url));
634 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url));
635
636 // Test * for scheme, which implies just the http/https schemes.
637 extension = LoadManifestStrict("script_and_capture",
638 "extension_wildcard.json");
639 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
640 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
641 EXPECT_TRUE(Blocked(extension.get(), settings_url));
642 EXPECT_TRUE(Blocked(extension.get(), about_url));
643 EXPECT_TRUE(Blocked(extension.get(), file_url));
644 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
645 extension =
646 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
647 EXPECT_TRUE(Blocked(extension.get(), settings_url));
648
649 // Having chrome://*/ should work for regular extensions with the flag
650 // enabled.
651 std::string error;
652 extension = LoadManifestUnchecked("script_and_capture",
653 "extension_wildcard_chrome.json",
654 Manifest::INTERNAL, Extension::NO_FLAGS,
655 &error);
656 EXPECT_FALSE(extension.get() == NULL);
657 EXPECT_TRUE(Blocked(extension.get(), http_url));
658 EXPECT_TRUE(Blocked(extension.get(), https_url));
659 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url));
660 EXPECT_TRUE(Blocked(extension.get(), about_url));
661 EXPECT_TRUE(Blocked(extension.get(), file_url));
662 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
663
664 // Having chrome://favicon/* should not give you chrome://*
665 extension = LoadManifestStrict("script_and_capture",
666 "extension_chrome_favicon_wildcard.json");
667 EXPECT_TRUE(Blocked(extension.get(), settings_url));
668 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
669 EXPECT_TRUE(Blocked(extension.get(), about_url));
670 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
671
672 // Having http://favicon should not give you chrome://favicon
673 extension = LoadManifestStrict("script_and_capture",
674 "extension_http_favicon.json");
675 EXPECT_TRUE(Blocked(extension.get(), settings_url));
676 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
677
678 // Component extensions with <all_urls> should get everything.
679 extension = LoadManifest("script_and_capture", "extension_component_all.json",
680 Manifest::COMPONENT, Extension::NO_FLAGS);
681 EXPECT_TRUE(Allowed(extension.get(), http_url));
682 EXPECT_TRUE(Allowed(extension.get(), https_url));
683 EXPECT_TRUE(Allowed(extension.get(), settings_url));
684 EXPECT_TRUE(Allowed(extension.get(), about_url));
685 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
686 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
687
688 // Component extensions should only get access to what they ask for.
689 extension = LoadManifest("script_and_capture",
690 "extension_component_google.json", Manifest::COMPONENT,
691 Extension::NO_FLAGS);
692 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
693 EXPECT_TRUE(Blocked(extension.get(), https_url));
694 EXPECT_TRUE(Blocked(extension.get(), file_url));
695 EXPECT_TRUE(Blocked(extension.get(), settings_url));
696 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
697 EXPECT_TRUE(Blocked(extension.get(), about_url));
698 EXPECT_TRUE(Blocked(extension.get(), extension_url));
699 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
700 }
701
702 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
703 scoped_refptr<Extension> extension =
704 LoadManifestStrict("script_and_capture", "tab_specific.json");
705
706 const PermissionsData* permissions_data = extension->permissions_data();
707 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
708 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get());
709 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(2).get());
710
711 std::set<GURL> no_urls;
712
713 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
714 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
715 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
716
717 URLPatternSet allowed_hosts;
718 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
719 http_url.spec()));
720 std::set<GURL> allowed_urls;
721 allowed_urls.insert(http_url);
722 // http_url_with_path() will also be allowed, because Extension should be
723 // considering the security origin of the URL not the URL itself, and
724 // http_url is in allowed_hosts.
725 allowed_urls.insert(http_url_with_path);
726
727 {
728 scoped_refptr<PermissionSet> permissions(
729 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
730 allowed_hosts, URLPatternSet()));
731 permissions_data->UpdateTabSpecificPermissions(0, permissions);
732 EXPECT_EQ(permissions->explicit_hosts(),
733 permissions_data->GetTabSpecificPermissionsForTesting(0)
734 ->explicit_hosts());
735 }
736
737 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
738 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
739 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
740
741 permissions_data->ClearTabSpecificPermissions(0);
742 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
743
744 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
745 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
746 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
747
748 std::set<GURL> more_allowed_urls = allowed_urls;
749 more_allowed_urls.insert(https_url);
750 URLPatternSet more_allowed_hosts = allowed_hosts;
751 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
752 https_url.spec()));
753
754 {
755 scoped_refptr<PermissionSet> permissions(
756 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
757 allowed_hosts, URLPatternSet()));
758 permissions_data->UpdateTabSpecificPermissions(0, permissions);
759 EXPECT_EQ(permissions->explicit_hosts(),
760 permissions_data->GetTabSpecificPermissionsForTesting(0)
761 ->explicit_hosts());
762
763 permissions = new PermissionSet(APIPermissionSet(),
764 ManifestPermissionSet(),
765 more_allowed_hosts,
766 URLPatternSet());
767 permissions_data->UpdateTabSpecificPermissions(1, permissions);
768 EXPECT_EQ(permissions->explicit_hosts(),
769 permissions_data->GetTabSpecificPermissionsForTesting(1)
770 ->explicit_hosts());
771 }
772
773 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
774 EXPECT_TRUE(
775 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
776 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
777
778 permissions_data->ClearTabSpecificPermissions(0);
779 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0).get());
780
781 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
782 EXPECT_TRUE(
783 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
784 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
785
786 permissions_data->ClearTabSpecificPermissions(1);
787 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1).get());
788
789 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
790 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
791 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
792 }
793
794 } // namespace extensions