1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/browser/api/web_request/web_request_permissions.h"
7 #include "base/memory/scoped_ptr.h"
8 #include "base/message_loop/message_loop.h"
9 #include "chrome/common/extensions/extension_test_util.h"
10 #include "content/public/browser/resource_request_info.h"
11 #include "content/public/test/test_browser_thread_bundle.h"
12 #include "extensions/browser/info_map.h"
13 #include "extensions/common/constants.h"
14 #include "ipc/ipc_message.h"
15 #include "net/base/request_priority.h"
16 #include "net/url_request/url_request.h"
17 #include "net/url_request/url_request_test_util.h"
18 #include "testing/gtest/include/gtest/gtest.h"
20 using content::ResourceRequestInfo;
21 using content::ResourceType;
22 using extensions::Extension;
23 using extensions::Manifest;
24 using extension_test_util::LoadManifestUnchecked;
26 class ExtensionWebRequestHelpersTestWithThreadsTest : public testing::Test {
28 ExtensionWebRequestHelpersTestWithThreadsTest()
29 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {}
32 virtual void SetUp() OVERRIDE;
35 net::TestURLRequestContext context;
37 // This extension has Web Request permissions, but no host permission.
38 scoped_refptr<Extension> permissionless_extension_;
39 // This extension has Web Request permissions, and *.com a host permission.
40 scoped_refptr<Extension> com_extension_;
41 scoped_refptr<extensions::InfoMap> extension_info_map_;
44 content::TestBrowserThreadBundle thread_bundle_;
47 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() {
48 testing::Test::SetUp();
51 permissionless_extension_ = LoadManifestUnchecked("permissions",
52 "web_request_no_host.json",
53 Manifest::INVALID_LOCATION,
57 ASSERT_TRUE(permissionless_extension_.get()) << error;
59 LoadManifestUnchecked("permissions",
60 "web_request_com_host_permissions.json",
61 Manifest::INVALID_LOCATION,
65 ASSERT_TRUE(com_extension_.get()) << error;
66 extension_info_map_ = new extensions::InfoMap;
67 extension_info_map_->AddExtension(permissionless_extension_.get(),
69 false /*incognito_enabled*/,
70 false /*notifications_disabled*/);
71 extension_info_map_->AddExtension(
74 false /*incognito_enabled*/,
75 false /*notifications_disabled*/);
78 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) {
79 net::TestURLRequestContext context;
80 const char* sensitive_urls[] = {
81 "http://clients2.google.com",
82 "http://clients22.google.com",
83 "https://clients2.google.com",
84 "http://clients2.google.com/service/update2/crx",
85 "https://clients.google.com",
86 "https://test.clients.google.com",
87 "https://clients2.google.com/service/update2/crx",
88 "http://www.gstatic.com/chrome/extensions/blacklist",
89 "https://www.gstatic.com/chrome/extensions/blacklist",
90 "notregisteredscheme://www.foobar.com",
91 "https://chrome.google.com/webstore/",
92 "https://chrome.google.com/webstore/"
93 "inlineinstall/detail/kcnhkahnjcbndmmehfkdnkjomaanaooo"
95 const char* non_sensitive_urls[] = {
96 "http://www.google.com/"
98 const int kSigninProcessId = 99;
99 extension_info_map_->SetSigninProcess(kSigninProcessId);
101 // Check that requests are rejected based on the destination
102 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) {
103 GURL sensitive_url(sensitive_urls[i]);
104 scoped_ptr<net::URLRequest> request(context.CreateRequest(
105 sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
106 EXPECT_TRUE(WebRequestPermissions::HideRequest(
107 extension_info_map_.get(), request.get())) << sensitive_urls[i];
109 // Check that requests are accepted if they don't touch sensitive urls.
110 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) {
111 GURL non_sensitive_url(non_sensitive_urls[i]);
112 scoped_ptr<net::URLRequest> request(context.CreateRequest(
113 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
114 EXPECT_FALSE(WebRequestPermissions::HideRequest(
115 extension_info_map_.get(), request.get())) << non_sensitive_urls[i];
118 // Check protection of requests originating from the frame showing the Chrome
120 // Normally this request is not protected:
121 GURL non_sensitive_url("http://www.google.com/test.js");
122 scoped_ptr<net::URLRequest> non_sensitive_request(context.CreateRequest(
123 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
124 EXPECT_FALSE(WebRequestPermissions::HideRequest(
125 extension_info_map_.get(), non_sensitive_request.get()));
126 // If the origin is labeled by the WebStoreAppId, it becomes protected.
129 int site_instance_id = 23;
131 scoped_ptr<net::URLRequest> sensitive_request(context.CreateRequest(
132 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
133 ResourceRequestInfo::AllocateForTesting(sensitive_request.get(),
134 content::RESOURCE_TYPE_SCRIPT,
140 extension_info_map_->RegisterExtensionProcess(
141 extensions::kWebStoreAppId, process_id, site_instance_id);
142 EXPECT_TRUE(WebRequestPermissions::HideRequest(
143 extension_info_map_.get(), sensitive_request.get()));
145 // If the process is the signin process, it becomes protected.
147 int process_id = kSigninProcessId;
149 scoped_ptr<net::URLRequest> sensitive_request(context.CreateRequest(
150 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
151 ResourceRequestInfo::AllocateForTesting(sensitive_request.get(),
152 content::RESOURCE_TYPE_SCRIPT,
158 EXPECT_TRUE(WebRequestPermissions::HideRequest(
159 extension_info_map_.get(), sensitive_request.get()));
163 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest,
164 TestCanExtensionAccessURL_HostPermissions) {
165 scoped_ptr<net::URLRequest> request(context.CreateRequest(
166 GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL, NULL));
168 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
169 extension_info_map_.get(),
170 permissionless_extension_->id(),
172 false /*crosses_incognito*/,
173 WebRequestPermissions::DO_NOT_CHECK_HOST));
174 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
175 extension_info_map_.get(),
176 permissionless_extension_->id(),
178 false /*crosses_incognito*/,
179 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
180 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
181 extension_info_map_.get(),
182 com_extension_->id(),
184 false /*crosses_incognito*/,
185 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
186 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
187 extension_info_map_.get(),
188 com_extension_->id(),
190 false /*crosses_incognito*/,
191 WebRequestPermissions::REQUIRE_ALL_URLS));