1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/chrome_version_info.h"
12 #include "chrome/common/extensions/extension_test_util.h"
13 #include "chrome/common/extensions/features/feature_channel.h"
14 #include "content/public/common/socket_permission_request.h"
15 #include "extensions/common/error_utils.h"
16 #include "extensions/common/extension.h"
17 #include "extensions/common/extension_builder.h"
18 #include "extensions/common/id_util.h"
19 #include "extensions/common/manifest.h"
20 #include "extensions/common/manifest_constants.h"
21 #include "extensions/common/permissions/api_permission.h"
22 #include "extensions/common/permissions/permission_set.h"
23 #include "extensions/common/permissions/permissions_data.h"
24 #include "extensions/common/permissions/socket_permission.h"
25 #include "extensions/common/switches.h"
26 #include "extensions/common/url_pattern_set.h"
27 #include "extensions/common/value_builder.h"
28 #include "testing/gtest/include/gtest/gtest.h"
31 using base::UTF16ToUTF8;
32 using content::SocketPermissionRequest;
33 using extension_test_util::LoadManifest;
34 using extension_test_util::LoadManifestUnchecked;
35 using extension_test_util::LoadManifestStrict;
37 namespace extensions {
41 const char kAllHostsPermission[] = "*://*/*";
43 bool CheckSocketPermission(
44 scoped_refptr<Extension> extension,
45 SocketPermissionRequest::OperationType type,
48 SocketPermission::CheckParam param(type, host, port);
49 return extension->permissions_data()->CheckAPIPermissionWithParam(
50 APIPermission::kSocket, ¶m);
53 // Creates and returns an extension with the given |id|, |host_permissions|, and
54 // manifest |location|.
55 scoped_refptr<const Extension> GetExtensionWithHostPermission(
56 const std::string& id,
57 const std::string& host_permissions,
58 Manifest::Location location) {
59 ListBuilder permissions;
60 if (!host_permissions.empty())
61 permissions.Append(host_permissions);
63 return ExtensionBuilder()
67 .Set("description", "an extension")
68 .Set("manifest_version", 2)
69 .Set("version", "1.0.0")
70 .Set("permissions", permissions.Pass())
72 .SetLocation(location)
77 bool RequiresActionForScriptExecution(const std::string& extension_id,
78 const std::string& host_permissions,
79 Manifest::Location location) {
80 scoped_refptr<const Extension> extension =
81 GetExtensionWithHostPermission(extension_id,
84 return extension->permissions_data()->RequiresActionForScriptExecution(
86 -1, // Ignore tab id for these.
90 // Checks that urls are properly restricted for the given extension.
91 void CheckRestrictedUrls(const Extension* extension,
92 bool block_chrome_urls) {
93 // We log the name so we know _which_ extension failed here.
94 const std::string& name = extension->name();
95 const GURL chrome_settings_url("chrome://settings/");
96 const GURL chrome_extension_url("chrome-extension://foo/bar.html");
97 const GURL google_url("https://www.google.com/");
98 const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
99 const GURL invalid_url("chrome-debugger://foo/bar.html");
102 EXPECT_EQ(block_chrome_urls,
103 PermissionsData::IsRestrictedUrl(
108 if (block_chrome_urls)
109 EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name;
111 EXPECT_TRUE(error.empty()) << name;
114 EXPECT_EQ(block_chrome_urls,
115 PermissionsData::IsRestrictedUrl(
116 chrome_extension_url,
117 chrome_extension_url,
120 if (block_chrome_urls)
121 EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name;
123 EXPECT_TRUE(error.empty()) << name;
125 // Google should never be a restricted url.
127 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
128 google_url, google_url, extension, &error)) << name;
129 EXPECT_TRUE(error.empty()) << name;
131 // We should always be able to access our own extension pages.
133 EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
134 self_url, self_url, extension, &error)) << name;
135 EXPECT_TRUE(error.empty()) << name;
137 // We should only allow other schemes for extensions when it's a whitelisted
140 bool allow_on_other_schemes =
141 PermissionsData::CanExecuteScriptEverywhere(extension);
142 EXPECT_EQ(!allow_on_other_schemes,
143 PermissionsData::IsRestrictedUrl(
144 invalid_url, invalid_url, extension, &error)) << name;
145 if (!allow_on_other_schemes) {
146 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
147 manifest_errors::kCannotAccessPage,
151 EXPECT_TRUE(error.empty());
157 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
158 scoped_refptr<Extension> extension;
161 extension = LoadManifest("effective_host_permissions", "empty.json");
163 extension->permissions_data()
164 ->GetEffectiveHostPermissions()
167 EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
168 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
170 extension = LoadManifest("effective_host_permissions", "one_host.json");
171 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
172 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
173 EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
174 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
176 extension = LoadManifest("effective_host_permissions",
177 "one_host_wildcard.json");
178 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
179 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
180 EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
181 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
183 extension = LoadManifest("effective_host_permissions", "two_hosts.json");
184 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
185 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
186 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
187 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
189 extension = LoadManifest("effective_host_permissions",
190 "https_not_considered.json");
191 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
192 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
193 EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
194 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
196 extension = LoadManifest("effective_host_permissions",
197 "two_content_scripts.json");
198 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
199 EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
200 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
201 EXPECT_TRUE(extension->permissions_data()
202 ->active_permissions()
203 ->HasEffectiveAccessToURL(GURL("http://www.reddit.com")));
204 EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
206 extension->permissions_data()
207 ->active_permissions()
208 ->HasEffectiveAccessToURL(GURL("http://news.ycombinator.com")));
209 EXPECT_FALSE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
211 extension = LoadManifest("effective_host_permissions", "all_hosts.json");
212 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
213 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
214 EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
215 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
216 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
218 extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
219 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
220 EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
221 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
222 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
224 extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
225 hosts = extension->permissions_data()->GetEffectiveHostPermissions();
226 EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
227 EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
228 EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
229 EXPECT_TRUE(extension->permissions_data()->HasEffectiveAccessToAllHosts());
232 TEST(ExtensionPermissionsTest, SocketPermissions) {
233 // Set feature current channel to appropriate value.
234 ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV);
235 scoped_refptr<Extension> extension;
238 extension = LoadManifest("socket_permissions", "empty.json");
239 EXPECT_FALSE(CheckSocketPermission(extension,
240 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
242 extension = LoadManifestUnchecked("socket_permissions",
244 Manifest::INTERNAL, Extension::NO_FLAGS,
246 EXPECT_TRUE(extension.get() == NULL);
247 std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage(
248 manifest_errors::kInvalidPermissionWithDetail,
250 "NULL or empty permission list");
251 EXPECT_EQ(expected_error_msg_header, error);
253 extension = LoadManifest("socket_permissions", "socket2.json");
254 EXPECT_TRUE(CheckSocketPermission(extension,
255 SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
256 EXPECT_FALSE(CheckSocketPermission(
257 extension, SocketPermissionRequest::UDP_BIND, "", 80));
258 EXPECT_TRUE(CheckSocketPermission(
259 extension, SocketPermissionRequest::UDP_BIND, "", 8888));
261 EXPECT_FALSE(CheckSocketPermission(
262 extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
263 EXPECT_TRUE(CheckSocketPermission(
265 SocketPermissionRequest::UDP_SEND_TO,
266 "239.255.255.250", 1900));
269 TEST(ExtensionPermissionsTest, RequiresActionForScriptExecution) {
270 // Extensions with all_hosts should require action.
271 EXPECT_TRUE(RequiresActionForScriptExecution(
272 "all_hosts_permissions", kAllHostsPermission, Manifest::INTERNAL));
273 // Extensions with nearly all hosts are treated the same way.
274 EXPECT_TRUE(RequiresActionForScriptExecution(
275 "pseudo_all_hosts_permissions", "*://*.com/*", Manifest::INTERNAL));
276 // Extensions with explicit permissions shouldn't require action.
277 EXPECT_FALSE(RequiresActionForScriptExecution(
278 "explicit_permissions", "https://www.google.com/*", Manifest::INTERNAL));
279 // Policy extensions are exempt...
280 EXPECT_FALSE(RequiresActionForScriptExecution(
281 "policy", kAllHostsPermission, Manifest::EXTERNAL_POLICY));
282 // ... as are component extensions.
283 EXPECT_FALSE(RequiresActionForScriptExecution(
284 "component", kAllHostsPermission, Manifest::COMPONENT));
285 // Throw in an external pref extension to make sure that it's not just working
286 // for everything non-internal.
287 EXPECT_TRUE(RequiresActionForScriptExecution(
288 "external_pref", kAllHostsPermission, Manifest::EXTERNAL_PREF));
290 // If we grant an extension tab permissions, then it should no longer require
292 scoped_refptr<const Extension> extension =
293 GetExtensionWithHostPermission("all_hosts_permissions",
296 URLPatternSet allowed_hosts;
297 allowed_hosts.AddPattern(
298 URLPattern(URLPattern::SCHEME_HTTPS, "https://www.google.com/*"));
299 scoped_refptr<PermissionSet> tab_permissions(
300 new PermissionSet(APIPermissionSet(),
301 ManifestPermissionSet(),
304 extension->permissions_data()->UpdateTabSpecificPermissions(0,
306 EXPECT_FALSE(extension->permissions_data()->RequiresActionForScriptExecution(
307 extension, 0, GURL("https://www.google.com/")));
310 TEST(ExtensionPermissionsTest, IsRestrictedUrl) {
311 scoped_refptr<const Extension> extension =
312 GetExtensionWithHostPermission("normal_extension",
315 // Chrome urls should be blocked for normal extensions.
316 CheckRestrictedUrls(extension, true);
318 scoped_refptr<const Extension> component =
319 GetExtensionWithHostPermission("component",
321 Manifest::COMPONENT);
322 // Chrome urls should be accessible by component extensions.
323 CheckRestrictedUrls(component, false);
325 base::CommandLine::ForCurrentProcess()->AppendSwitch(
326 switches::kExtensionsOnChromeURLs);
327 // Enabling the switch should allow all extensions to access chrome urls.
328 CheckRestrictedUrls(extension, false);
332 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
333 scoped_refptr<Extension> extension;
334 extension = LoadManifest("permissions", "many-apis.json");
335 std::vector<base::string16> warnings =
336 extension->permissions_data()->GetPermissionMessageStrings();
337 // Warning for "tabs" is suppressed by "history" permission.
338 ASSERT_EQ(5u, warnings.size());
339 EXPECT_EQ("Read and modify your data on api.flickr.com",
340 UTF16ToUTF8(warnings[0]));
341 EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1]));
342 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
343 EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3]));
344 EXPECT_EQ("Manage your apps, extensions, and themes",
345 UTF16ToUTF8(warnings[4]));
348 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) {
349 scoped_refptr<Extension> extension;
350 extension = LoadManifest("permissions", "more-than-3-hosts.json");
351 std::vector<base::string16> warnings =
352 extension->permissions_data()->GetPermissionMessageStrings();
353 std::vector<base::string16> warnings_details =
354 extension->permissions_data()->GetPermissionMessageDetailsStrings();
355 ASSERT_EQ(1u, warnings.size());
356 ASSERT_EQ(1u, warnings_details.size());
357 EXPECT_EQ("Read and modify your data on 5 websites",
358 UTF16ToUTF8(warnings[0]));
359 EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com",
360 UTF16ToUTF8(warnings_details[0]));
363 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) {
364 scoped_refptr<Extension> extension;
365 extension = LoadManifest("permissions",
368 Extension::NO_FLAGS);
369 std::vector<base::string16> warnings =
370 extension->permissions_data()->GetPermissionMessageStrings();
371 ASSERT_EQ(1u, warnings.size());
372 EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
375 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) {
376 scoped_refptr<Extension> extension;
377 extension = LoadManifest("permissions", "many-hosts.json");
378 std::vector<base::string16> warnings =
379 extension->permissions_data()->GetPermissionMessageStrings();
380 ASSERT_EQ(1u, warnings.size());
382 "Read and modify your data on encrypted.google.com and www.google.com",
383 UTF16ToUTF8(warnings[0]));
386 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
387 scoped_refptr<Extension> extension;
388 extension = LoadManifest("permissions", "plugins.json");
389 std::vector<base::string16> warnings =
390 extension->permissions_data()->GetPermissionMessageStrings();
391 // We don't parse the plugins key on Chrome OS, so it should not ask for any
393 #if defined(OS_CHROMEOS)
394 ASSERT_EQ(0u, warnings.size());
396 ASSERT_EQ(1u, warnings.size());
398 "Read and modify all your data on your computer and the websites you "
400 UTF16ToUTF8(warnings[0]));
404 // Base class for testing the CanAccessPage and CanCaptureVisiblePage
405 // methods of Extension for extensions with various permissions.
406 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
408 ExtensionScriptAndCaptureVisibleTest()
409 : http_url("http://www.google.com"),
410 http_url_with_path("http://www.google.com/index.html"),
411 https_url("https://www.google.com"),
412 file_url("file:///foo/bar"),
413 favicon_url("chrome://favicon/http://www.google.com"),
414 extension_url("chrome-extension://" +
415 id_util::GenerateIdForPath(
416 base::FilePath(FILE_PATH_LITERAL("foo")))),
417 settings_url("chrome://settings"),
418 about_url("about:flags") {
419 urls_.insert(http_url);
420 urls_.insert(http_url_with_path);
421 urls_.insert(https_url);
422 urls_.insert(file_url);
423 urls_.insert(favicon_url);
424 urls_.insert(extension_url);
425 urls_.insert(settings_url);
426 urls_.insert(about_url);
427 // Ignore the policy delegate for this test.
428 PermissionsData::SetPolicyDelegate(NULL);
431 bool AllowedScript(const Extension* extension, const GURL& url,
432 const GURL& top_url) {
433 return AllowedScript(extension, url, top_url, -1);
436 bool AllowedScript(const Extension* extension, const GURL& url,
437 const GURL& top_url, int tab_id) {
438 return extension->permissions_data()->CanAccessPage(
439 extension, url, top_url, tab_id, -1, NULL);
442 bool BlockedScript(const Extension* extension, const GURL& url,
443 const GURL& top_url) {
444 return !extension->permissions_data()->CanAccessPage(
445 extension, url, top_url, -1, -1, NULL);
448 bool Allowed(const Extension* extension, const GURL& url) {
449 return Allowed(extension, url, -1);
452 bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
453 return (extension->permissions_data()->CanAccessPage(
454 extension, url, url, tab_id, -1, NULL) &&
455 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL));
458 bool CaptureOnly(const Extension* extension, const GURL& url) {
459 return CaptureOnly(extension, url, -1);
462 bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
463 return !extension->permissions_data()->CanAccessPage(
464 extension, url, url, tab_id, -1, NULL) &&
465 extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
468 bool ScriptOnly(const Extension* extension, const GURL& url,
469 const GURL& top_url) {
470 return ScriptOnly(extension, url, top_url, -1);
473 bool ScriptOnly(const Extension* extension, const GURL& url,
474 const GURL& top_url, int tab_id) {
475 return AllowedScript(extension, url, top_url, tab_id) &&
476 !extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
479 bool Blocked(const Extension* extension, const GURL& url) {
480 return Blocked(extension, url, -1);
483 bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
484 return !(extension->permissions_data()->CanAccessPage(
485 extension, url, url, tab_id, -1, NULL) ||
486 extension->permissions_data()->CanCaptureVisiblePage(tab_id,
490 bool ScriptAllowedExclusivelyOnTab(
491 const Extension* extension,
492 const std::set<GURL>& allowed_urls,
495 for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
496 const GURL& url = *it;
497 if (allowed_urls.count(url))
498 result &= AllowedScript(extension, url, url, tab_id);
500 result &= Blocked(extension, url, tab_id);
505 // URLs that are "safe" to provide scripting and capture visible tab access
506 // to if the permissions allow it.
508 const GURL http_url_with_path;
509 const GURL https_url;
512 // We should allow host permission but not scripting permission for favicon
514 const GURL favicon_url;
516 // URLs that regular extensions should never get access to.
517 const GURL extension_url;
518 const GURL settings_url;
519 const GURL about_url;
522 // The set of all URLs above.
523 std::set<GURL> urls_;
526 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
527 // Test <all_urls> for regular extensions.
528 scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
529 "extension_regular_all.json");
531 EXPECT_TRUE(Allowed(extension.get(), http_url));
532 EXPECT_TRUE(Allowed(extension.get(), https_url));
533 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
534 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
535 EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
536 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
537 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
539 // Test access to iframed content.
540 GURL within_extension_url = extension->GetResourceURL("page.html");
541 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
542 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
543 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
544 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
545 EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
546 EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
548 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
549 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(about_url));
550 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
552 // Test * for scheme, which implies just the http/https schemes.
553 extension = LoadManifestStrict("script_and_capture",
554 "extension_wildcard.json");
555 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
556 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
557 EXPECT_TRUE(Blocked(extension.get(), settings_url));
558 EXPECT_TRUE(Blocked(extension.get(), about_url));
559 EXPECT_TRUE(Blocked(extension.get(), file_url));
560 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
562 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
563 EXPECT_TRUE(Blocked(extension.get(), settings_url));
565 // Having chrome://*/ should not work for regular extensions. Note that
566 // for favicon access, we require the explicit pattern chrome://favicon/*.
568 extension = LoadManifestUnchecked("script_and_capture",
569 "extension_wildcard_chrome.json",
570 Manifest::INTERNAL, Extension::NO_FLAGS,
572 std::vector<InstallWarning> warnings = extension->install_warnings();
573 EXPECT_FALSE(warnings.empty());
574 EXPECT_EQ(ErrorUtils::FormatErrorMessage(
575 manifest_errors::kInvalidPermissionScheme,
577 warnings[0].message);
578 EXPECT_TRUE(Blocked(extension.get(), settings_url));
579 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
580 EXPECT_TRUE(Blocked(extension.get(), about_url));
582 // Having chrome://favicon/* should not give you chrome://*
583 extension = LoadManifestStrict("script_and_capture",
584 "extension_chrome_favicon_wildcard.json");
585 EXPECT_TRUE(Blocked(extension.get(), settings_url));
586 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
587 EXPECT_TRUE(Blocked(extension.get(), about_url));
588 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
590 // Having http://favicon should not give you chrome://favicon
591 extension = LoadManifestStrict("script_and_capture",
592 "extension_http_favicon.json");
593 EXPECT_TRUE(Blocked(extension.get(), settings_url));
594 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
596 // Component extensions with <all_urls> should get everything.
597 extension = LoadManifest("script_and_capture", "extension_component_all.json",
598 Manifest::COMPONENT, Extension::NO_FLAGS);
599 EXPECT_TRUE(Allowed(extension.get(), http_url));
600 EXPECT_TRUE(Allowed(extension.get(), https_url));
601 EXPECT_TRUE(Allowed(extension.get(), settings_url));
602 EXPECT_TRUE(Allowed(extension.get(), about_url));
603 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
604 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
606 // Component extensions should only get access to what they ask for.
607 extension = LoadManifest("script_and_capture",
608 "extension_component_google.json", Manifest::COMPONENT,
609 Extension::NO_FLAGS);
610 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
611 EXPECT_TRUE(Blocked(extension.get(), https_url));
612 EXPECT_TRUE(Blocked(extension.get(), file_url));
613 EXPECT_TRUE(Blocked(extension.get(), settings_url));
614 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
615 EXPECT_TRUE(Blocked(extension.get(), about_url));
616 EXPECT_TRUE(Blocked(extension.get(), extension_url));
617 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
620 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
621 CommandLine::ForCurrentProcess()->AppendSwitch(
622 switches::kExtensionsOnChromeURLs);
624 scoped_refptr<Extension> extension;
626 // Test <all_urls> for regular extensions.
627 extension = LoadManifestStrict("script_and_capture",
628 "extension_regular_all.json");
629 EXPECT_TRUE(Allowed(extension.get(), http_url));
630 EXPECT_TRUE(Allowed(extension.get(), https_url));
631 EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
632 EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
633 EXPECT_TRUE(Allowed(extension.get(), favicon_url)); // chrome:// requested
634 EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
635 EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
637 // Test access to iframed content.
638 GURL within_extension_url = extension->GetResourceURL("page.html");
639 EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
640 EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
641 EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
642 EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
643 EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url));
644 EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url));
646 const PermissionsData* permissions_data = extension->permissions_data();
647 EXPECT_FALSE(permissions_data->HasHostPermission(settings_url));
648 EXPECT_FALSE(permissions_data->HasHostPermission(about_url));
649 EXPECT_TRUE(permissions_data->HasHostPermission(favicon_url));
651 // Test * for scheme, which implies just the http/https schemes.
652 extension = LoadManifestStrict("script_and_capture",
653 "extension_wildcard.json");
654 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
655 EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
656 EXPECT_TRUE(Blocked(extension.get(), settings_url));
657 EXPECT_TRUE(Blocked(extension.get(), about_url));
658 EXPECT_TRUE(Blocked(extension.get(), file_url));
659 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
661 LoadManifest("script_and_capture", "extension_wildcard_settings.json");
662 EXPECT_TRUE(Blocked(extension.get(), settings_url));
664 // Having chrome://*/ should work for regular extensions with the flag
667 extension = LoadManifestUnchecked("script_and_capture",
668 "extension_wildcard_chrome.json",
669 Manifest::INTERNAL, Extension::NO_FLAGS,
671 EXPECT_FALSE(extension.get() == NULL);
672 EXPECT_TRUE(Blocked(extension.get(), http_url));
673 EXPECT_TRUE(Blocked(extension.get(), https_url));
674 EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url));
675 EXPECT_TRUE(Blocked(extension.get(), about_url));
676 EXPECT_TRUE(Blocked(extension.get(), file_url));
677 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
679 // Having chrome://favicon/* should not give you chrome://*
680 extension = LoadManifestStrict("script_and_capture",
681 "extension_chrome_favicon_wildcard.json");
682 EXPECT_TRUE(Blocked(extension.get(), settings_url));
683 EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
684 EXPECT_TRUE(Blocked(extension.get(), about_url));
685 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
687 // Having http://favicon should not give you chrome://favicon
688 extension = LoadManifestStrict("script_and_capture",
689 "extension_http_favicon.json");
690 EXPECT_TRUE(Blocked(extension.get(), settings_url));
691 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
693 // Component extensions with <all_urls> should get everything.
694 extension = LoadManifest("script_and_capture", "extension_component_all.json",
695 Manifest::COMPONENT, Extension::NO_FLAGS);
696 EXPECT_TRUE(Allowed(extension.get(), http_url));
697 EXPECT_TRUE(Allowed(extension.get(), https_url));
698 EXPECT_TRUE(Allowed(extension.get(), settings_url));
699 EXPECT_TRUE(Allowed(extension.get(), about_url));
700 EXPECT_TRUE(Allowed(extension.get(), favicon_url));
701 EXPECT_TRUE(extension->permissions_data()->HasHostPermission(favicon_url));
703 // Component extensions should only get access to what they ask for.
704 extension = LoadManifest("script_and_capture",
705 "extension_component_google.json", Manifest::COMPONENT,
706 Extension::NO_FLAGS);
707 EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
708 EXPECT_TRUE(Blocked(extension.get(), https_url));
709 EXPECT_TRUE(Blocked(extension.get(), file_url));
710 EXPECT_TRUE(Blocked(extension.get(), settings_url));
711 EXPECT_TRUE(Blocked(extension.get(), favicon_url));
712 EXPECT_TRUE(Blocked(extension.get(), about_url));
713 EXPECT_TRUE(Blocked(extension.get(), extension_url));
714 EXPECT_FALSE(extension->permissions_data()->HasHostPermission(settings_url));
717 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
718 scoped_refptr<Extension> extension =
719 LoadManifestStrict("script_and_capture", "tab_specific.json");
721 const PermissionsData* permissions_data = extension->permissions_data();
722 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0));
723 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1));
724 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(2));
726 std::set<GURL> no_urls;
728 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
729 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
730 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
732 URLPatternSet allowed_hosts;
733 allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
735 std::set<GURL> allowed_urls;
736 allowed_urls.insert(http_url);
737 // http_url_with_path() will also be allowed, because Extension should be
738 // considering the security origin of the URL not the URL itself, and
739 // http_url is in allowed_hosts.
740 allowed_urls.insert(http_url_with_path);
743 scoped_refptr<PermissionSet> permissions(
744 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
745 allowed_hosts, URLPatternSet()));
746 permissions_data->UpdateTabSpecificPermissions(0, permissions);
747 EXPECT_EQ(permissions->explicit_hosts(),
748 permissions_data->GetTabSpecificPermissionsForTesting(0)
752 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
753 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
754 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
756 permissions_data->ClearTabSpecificPermissions(0);
757 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0));
759 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
760 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
761 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
763 std::set<GURL> more_allowed_urls = allowed_urls;
764 more_allowed_urls.insert(https_url);
765 URLPatternSet more_allowed_hosts = allowed_hosts;
766 more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
770 scoped_refptr<PermissionSet> permissions(
771 new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
772 allowed_hosts, URLPatternSet()));
773 permissions_data->UpdateTabSpecificPermissions(0, permissions);
774 EXPECT_EQ(permissions->explicit_hosts(),
775 permissions_data->GetTabSpecificPermissionsForTesting(0)
778 permissions = new PermissionSet(APIPermissionSet(),
779 ManifestPermissionSet(),
782 permissions_data->UpdateTabSpecificPermissions(1, permissions);
783 EXPECT_EQ(permissions->explicit_hosts(),
784 permissions_data->GetTabSpecificPermissionsForTesting(1)
788 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
790 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
791 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
793 permissions_data->ClearTabSpecificPermissions(0);
794 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(0));
796 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
798 ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
799 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
801 permissions_data->ClearTabSpecificPermissions(1);
802 EXPECT_FALSE(permissions_data->GetTabSpecificPermissionsForTesting(1));
804 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
805 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
806 EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
809 } // namespace extensions