1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h"
7 #include "base/message_loop/message_loop.h"
8 #include "chrome/common/extensions/extension_constants.h"
9 #include "chrome/common/extensions/extension_test_util.h"
10 #include "chrome/test/base/testing_profile.h"
11 #include "content/public/browser/resource_request_info.h"
12 #include "content/public/test/test_browser_thread_bundle.h"
13 #include "extensions/browser/info_map.h"
14 #include "ipc/ipc_message.h"
15 #include "net/base/request_priority.h"
16 #include "net/url_request/url_request_test_util.h"
17 #include "testing/gtest/include/gtest/gtest.h"
19 using content::ResourceRequestInfo;
20 using content::ResourceType;
21 using extensions::Extension;
22 using extensions::Manifest;
23 using extension_test_util::LoadManifestUnchecked;
25 class ExtensionWebRequestHelpersTestWithThreadsTest : public testing::Test {
27 ExtensionWebRequestHelpersTestWithThreadsTest()
28 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {}
31 virtual void SetUp() OVERRIDE;
34 net::TestURLRequestContext context;
36 // This extension has Web Request permissions, but no host permission.
37 scoped_refptr<Extension> permissionless_extension_;
38 // This extension has Web Request permissions, and *.com a host permission.
39 scoped_refptr<Extension> com_extension_;
40 scoped_refptr<extensions::InfoMap> extension_info_map_;
43 content::TestBrowserThreadBundle thread_bundle_;
46 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() {
47 testing::Test::SetUp();
50 permissionless_extension_ = LoadManifestUnchecked("permissions",
51 "web_request_no_host.json",
52 Manifest::INVALID_LOCATION,
56 ASSERT_TRUE(permissionless_extension_.get()) << error;
58 LoadManifestUnchecked("permissions",
59 "web_request_com_host_permissions.json",
60 Manifest::INVALID_LOCATION,
64 ASSERT_TRUE(com_extension_.get()) << error;
65 extension_info_map_ = new extensions::InfoMap;
66 extension_info_map_->AddExtension(permissionless_extension_.get(),
68 false /*incognito_enabled*/,
69 false /*notifications_disabled*/);
70 extension_info_map_->AddExtension(
73 false /*incognito_enabled*/,
74 false /*notifications_disabled*/);
77 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) {
78 net::TestURLRequestContext context;
79 const char* sensitive_urls[] = {
80 "http://clients2.google.com",
81 "http://clients22.google.com",
82 "https://clients2.google.com",
83 "http://clients2.google.com/service/update2/crx",
84 "https://clients.google.com",
85 "https://test.clients.google.com",
86 "https://clients2.google.com/service/update2/crx",
87 "http://www.gstatic.com/chrome/extensions/blacklist",
88 "https://www.gstatic.com/chrome/extensions/blacklist",
89 "notregisteredscheme://www.foobar.com",
90 "https://chrome.google.com/webstore/",
91 "https://chrome.google.com/webstore/"
92 "inlineinstall/detail/kcnhkahnjcbndmmehfkdnkjomaanaooo"
94 const char* non_sensitive_urls[] = {
95 "http://www.google.com/"
97 const int kSigninProcessId = 99;
98 extension_info_map_->SetSigninProcess(kSigninProcessId);
100 // Check that requests are rejected based on the destination
101 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) {
102 GURL sensitive_url(sensitive_urls[i]);
103 net::TestURLRequest request(
104 sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
106 WebRequestPermissions::HideRequest(extension_info_map_.get(), &request))
107 << sensitive_urls[i];
109 // Check that requests are accepted if they don't touch sensitive urls.
110 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) {
111 GURL non_sensitive_url(non_sensitive_urls[i]);
112 net::TestURLRequest request(
113 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
115 WebRequestPermissions::HideRequest(extension_info_map_.get(), &request))
116 << non_sensitive_urls[i];
119 // Check protection of requests originating from the frame showing the Chrome
121 // Normally this request is not protected:
122 GURL non_sensitive_url("http://www.google.com/test.js");
123 net::TestURLRequest non_sensitive_request(
124 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
125 EXPECT_FALSE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
126 &non_sensitive_request));
127 // If the origin is labeled by the WebStoreAppId, it becomes protected.
130 int site_instance_id = 23;
132 net::TestURLRequest sensitive_request(
133 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
134 ResourceRequestInfo::AllocateForTesting(&sensitive_request,
135 content::RESOURCE_TYPE_SCRIPT,
141 extension_info_map_->RegisterExtensionProcess(
142 extension_misc::kWebStoreAppId, process_id, site_instance_id);
143 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
144 &sensitive_request));
146 // If the process is the signin process, it becomes protected.
148 int process_id = kSigninProcessId;
150 net::TestURLRequest sensitive_request(
151 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
152 ResourceRequestInfo::AllocateForTesting(&sensitive_request,
153 content::RESOURCE_TYPE_SCRIPT,
159 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
160 &sensitive_request));
164 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest,
165 TestCanExtensionAccessURL_HostPermissions) {
166 net::TestURLRequest request(
167 GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL, &context);
169 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
170 extension_info_map_.get(),
171 permissionless_extension_->id(),
173 false /*crosses_incognito*/,
174 WebRequestPermissions::DO_NOT_CHECK_HOST));
175 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
176 extension_info_map_.get(),
177 permissionless_extension_->id(),
179 false /*crosses_incognito*/,
180 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
181 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
182 extension_info_map_.get(),
183 com_extension_->id(),
185 false /*crosses_incognito*/,
186 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
187 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
188 extension_info_map_.get(),
189 com_extension_->id(),
191 false /*crosses_incognito*/,
192 WebRequestPermissions::REQUIRE_ALL_URLS));