src/chrome/browser/extensions/api/web_request/web_request_permissions_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "extensions/browser/api/web_request/web_request_permissions.h"
   6
   7 #include "base/memory/scoped_ptr.h"
   8 #include "base/message_loop/message_loop.h"
   9 #include "chrome/common/extensions/extension_test_util.h"
  10 #include "content/public/browser/resource_request_info.h"
  11 #include "content/public/test/test_browser_thread_bundle.h"
  12 #include "extensions/browser/info_map.h"
  13 #include "extensions/common/constants.h"
  14 #include "ipc/ipc_message.h"
  15 #include "net/base/request_priority.h"
  16 #include "net/url_request/url_request.h"
  17 #include "net/url_request/url_request_test_util.h"
  18 #include "testing/gtest/include/gtest/gtest.h"
  19
  20 using content::ResourceRequestInfo;
  21 using content::ResourceType;
  22 using extensions::Extension;
  23 using extensions::Manifest;
  24 using extension_test_util::LoadManifestUnchecked;
  25
  26 class ExtensionWebRequestHelpersTestWithThreadsTest : public testing::Test {
  27  public:
  28   ExtensionWebRequestHelpersTestWithThreadsTest()
  29       : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {}
  30
  31  protected:
  32   virtual void SetUp() OVERRIDE;
  33
  34  protected:
  35   net::TestURLRequestContext context;
  36
  37   // This extension has Web Request permissions, but no host permission.
  38   scoped_refptr<Extension> permissionless_extension_;
  39   // This extension has Web Request permissions, and *.com a host permission.
  40   scoped_refptr<Extension> com_extension_;
  41   scoped_refptr<extensions::InfoMap> extension_info_map_;
  42
  43  private:
  44   content::TestBrowserThreadBundle thread_bundle_;
  45 };
  46
  47 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() {
  48   testing::Test::SetUp();
  49
  50   std::string error;
  51   permissionless_extension_ = LoadManifestUnchecked("permissions",
  52                                                     "web_request_no_host.json",
  53                                                     Manifest::INVALID_LOCATION,
  54                                                     Extension::NO_FLAGS,
  55                                                     "ext_id_1",
  56                                                     &error);
  57   ASSERT_TRUE(permissionless_extension_.get()) << error;
  58   com_extension_ =
  59       LoadManifestUnchecked("permissions",
  60                             "web_request_com_host_permissions.json",
  61                             Manifest::INVALID_LOCATION,
  62                             Extension::NO_FLAGS,
  63                             "ext_id_2",
  64                             &error);
  65   ASSERT_TRUE(com_extension_.get()) << error;
  66   extension_info_map_ = new extensions::InfoMap;
  67   extension_info_map_->AddExtension(permissionless_extension_.get(),
  68                                     base::Time::Now(),
  69                                     false /*incognito_enabled*/,
  70                                     false /*notifications_disabled*/);
  71   extension_info_map_->AddExtension(
  72       com_extension_.get(),
  73       base::Time::Now(),
  74       false /*incognito_enabled*/,
  75       false /*notifications_disabled*/);
  76 }
  77
  78 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) {
  79   net::TestURLRequestContext context;
  80   const char* sensitive_urls[] = {
  81       "http://clients2.google.com",
  82       "http://clients22.google.com",
  83       "https://clients2.google.com",
  84       "http://clients2.google.com/service/update2/crx",
  85       "https://clients.google.com",
  86       "https://test.clients.google.com",
  87       "https://clients2.google.com/service/update2/crx",
  88       "http://www.gstatic.com/chrome/extensions/blacklist",
  89       "https://www.gstatic.com/chrome/extensions/blacklist",
  90       "notregisteredscheme://www.foobar.com",
  91       "https://chrome.google.com/webstore/",
  92       "https://chrome.google.com/webstore/"
  93           "inlineinstall/detail/kcnhkahnjcbndmmehfkdnkjomaanaooo"
  94   };
  95   const char* non_sensitive_urls[] = {
  96       "http://www.google.com/"
  97   };
  98   const int kSigninProcessId = 99;
  99   extension_info_map_->SetSigninProcess(kSigninProcessId);
 100
 101   // Check that requests are rejected based on the destination
 102   for (size_t i = 0; i < arraysize(sensitive_urls); ++i) {
 103     GURL sensitive_url(sensitive_urls[i]);
 104     scoped_ptr<net::URLRequest> request(context.CreateRequest(
 105         sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
 106     EXPECT_TRUE(WebRequestPermissions::HideRequest(
 107         extension_info_map_.get(), request.get())) << sensitive_urls[i];
 108   }
 109   // Check that requests are accepted if they don't touch sensitive urls.
 110   for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) {
 111     GURL non_sensitive_url(non_sensitive_urls[i]);
 112     scoped_ptr<net::URLRequest> request(context.CreateRequest(
 113         non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
 114     EXPECT_FALSE(WebRequestPermissions::HideRequest(
 115         extension_info_map_.get(), request.get())) << non_sensitive_urls[i];
 116   }
 117
 118   // Check protection of requests originating from the frame showing the Chrome
 119   // WebStore.
 120   // Normally this request is not protected:
 121   GURL non_sensitive_url("http://www.google.com/test.js");
 122   scoped_ptr<net::URLRequest> non_sensitive_request(context.CreateRequest(
 123       non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
 124   EXPECT_FALSE(WebRequestPermissions::HideRequest(
 125       extension_info_map_.get(), non_sensitive_request.get()));
 126   // If the origin is labeled by the WebStoreAppId, it becomes protected.
 127   {
 128     int process_id = 42;
 129     int site_instance_id = 23;
 130     int view_id = 17;
 131     scoped_ptr<net::URLRequest> sensitive_request(context.CreateRequest(
 132         non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
 133     ResourceRequestInfo::AllocateForTesting(sensitive_request.get(),
 134                                             content::RESOURCE_TYPE_SCRIPT,
 135                                             NULL,
 136                                             process_id,
 137                                             view_id,
 138                                             MSG_ROUTING_NONE,
 139                                             false);
 140     extension_info_map_->RegisterExtensionProcess(
 141         extensions::kWebStoreAppId, process_id, site_instance_id);
 142     EXPECT_TRUE(WebRequestPermissions::HideRequest(
 143         extension_info_map_.get(), sensitive_request.get()));
 144   }
 145   // If the process is the signin process, it becomes protected.
 146   {
 147     int process_id = kSigninProcessId;
 148     int view_id = 19;
 149     scoped_ptr<net::URLRequest> sensitive_request(context.CreateRequest(
 150         non_sensitive_url, net::DEFAULT_PRIORITY, NULL, NULL));
 151     ResourceRequestInfo::AllocateForTesting(sensitive_request.get(),
 152                                             content::RESOURCE_TYPE_SCRIPT,
 153                                             NULL,
 154                                             process_id,
 155                                             view_id,
 156                                             MSG_ROUTING_NONE,
 157                                             false);
 158     EXPECT_TRUE(WebRequestPermissions::HideRequest(
 159         extension_info_map_.get(), sensitive_request.get()));
 160   }
 161 }
 162
 163 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest,
 164        TestCanExtensionAccessURL_HostPermissions) {
 165   scoped_ptr<net::URLRequest> request(context.CreateRequest(
 166       GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL, NULL));
 167
 168   EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
 169       extension_info_map_.get(),
 170       permissionless_extension_->id(),
 171       request->url(),
 172       false /*crosses_incognito*/,
 173       WebRequestPermissions::DO_NOT_CHECK_HOST));
 174   EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
 175       extension_info_map_.get(),
 176       permissionless_extension_->id(),
 177       request->url(),
 178       false /*crosses_incognito*/,
 179       WebRequestPermissions::REQUIRE_HOST_PERMISSION));
 180   EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
 181       extension_info_map_.get(),
 182       com_extension_->id(),
 183       request->url(),
 184       false /*crosses_incognito*/,
 185       WebRequestPermissions::REQUIRE_HOST_PERMISSION));
 186   EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
 187       extension_info_map_.get(),
 188       com_extension_->id(),
 189       request->url(),
 190       false /*crosses_incognito*/,
 191       WebRequestPermissions::REQUIRE_ALL_URLS));
 192 }