1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h"
7 #include "base/message_loop/message_loop.h"
8 #include "chrome/browser/extensions/extension_info_map.h"
9 #include "chrome/common/extensions/extension_constants.h"
10 #include "chrome/common/extensions/extension_test_util.h"
11 #include "chrome/test/base/testing_profile.h"
12 #include "content/public/browser/resource_request_info.h"
13 #include "content/public/test/test_browser_thread_bundle.h"
14 #include "net/base/request_priority.h"
15 #include "net/url_request/url_request_test_util.h"
16 #include "testing/gtest/include/gtest/gtest.h"
18 using content::ResourceRequestInfo;
19 using extensions::Extension;
20 using extensions::Manifest;
21 using extension_test_util::LoadManifestUnchecked;
23 class ExtensionWebRequestHelpersTestWithThreadsTest : public testing::Test {
25 ExtensionWebRequestHelpersTestWithThreadsTest()
26 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {}
29 virtual void SetUp() OVERRIDE;
32 net::TestURLRequestContext context;
34 // This extension has Web Request permissions, but no host permission.
35 scoped_refptr<Extension> permissionless_extension_;
36 // This extension has Web Request permissions, and *.com a host permission.
37 scoped_refptr<Extension> com_extension_;
38 scoped_refptr<ExtensionInfoMap> extension_info_map_;
41 content::TestBrowserThreadBundle thread_bundle_;
44 void ExtensionWebRequestHelpersTestWithThreadsTest::SetUp() {
45 testing::Test::SetUp();
48 permissionless_extension_ = LoadManifestUnchecked("permissions",
49 "web_request_no_host.json",
50 Manifest::INVALID_LOCATION,
54 ASSERT_TRUE(permissionless_extension_.get()) << error;
56 LoadManifestUnchecked("permissions",
57 "web_request_com_host_permissions.json",
58 Manifest::INVALID_LOCATION,
62 ASSERT_TRUE(com_extension_.get()) << error;
63 extension_info_map_ = new ExtensionInfoMap;
64 extension_info_map_->AddExtension(permissionless_extension_.get(),
66 false /*incognito_enabled*/);
67 extension_info_map_->AddExtension(
68 com_extension_.get(), base::Time::Now(), false /*incognito_enabled*/);
71 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest, TestHideRequestForURL) {
72 net::TestURLRequestContext context;
73 const char* sensitive_urls[] = {
74 "http://clients2.google.com",
75 "http://clients22.google.com",
76 "https://clients2.google.com",
77 "http://clients2.google.com/service/update2/crx",
78 "https://clients.google.com",
79 "https://test.clients.google.com",
80 "https://clients2.google.com/service/update2/crx",
81 "http://www.gstatic.com/chrome/extensions/blacklist",
82 "https://www.gstatic.com/chrome/extensions/blacklist",
83 "notregisteredscheme://www.foobar.com"
85 const char* non_sensitive_urls[] = {
86 "http://www.google.com/"
88 const int kSigninProcessId = 99;
89 extension_info_map_->SetSigninProcess(kSigninProcessId);
91 // Check that requests are rejected based on the destination
92 for (size_t i = 0; i < arraysize(sensitive_urls); ++i) {
93 GURL sensitive_url(sensitive_urls[i]);
94 net::TestURLRequest request(
95 sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
97 WebRequestPermissions::HideRequest(extension_info_map_.get(), &request))
100 // Check that requests are accepted if they don't touch sensitive urls.
101 for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) {
102 GURL non_sensitive_url(non_sensitive_urls[i]);
103 net::TestURLRequest request(
104 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
106 WebRequestPermissions::HideRequest(extension_info_map_.get(), &request))
107 << non_sensitive_urls[i];
110 // Check protection of requests originating from the frame showing the Chrome
112 // Normally this request is not protected:
113 GURL non_sensitive_url("http://www.google.com/test.js");
114 net::TestURLRequest non_sensitive_request(
115 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
116 EXPECT_FALSE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
117 &non_sensitive_request));
118 // If the origin is labeled by the WebStoreAppId, it becomes protected.
121 int site_instance_id = 23;
123 net::TestURLRequest sensitive_request(
124 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
125 ResourceRequestInfo::AllocateForTesting(
126 &sensitive_request, ResourceType::SCRIPT, NULL,
127 process_id, frame_id, false);
128 extension_info_map_->RegisterExtensionProcess(
129 extension_misc::kWebStoreAppId, process_id, site_instance_id);
130 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
131 &sensitive_request));
133 // If the process is the signin process, it becomes protected.
135 int process_id = kSigninProcessId;
137 net::TestURLRequest sensitive_request(
138 non_sensitive_url, net::DEFAULT_PRIORITY, NULL, &context);
139 ResourceRequestInfo::AllocateForTesting(
140 &sensitive_request, ResourceType::SCRIPT, NULL,
141 process_id, frame_id, false);
142 EXPECT_TRUE(WebRequestPermissions::HideRequest(extension_info_map_.get(),
143 &sensitive_request));
147 TEST_F(ExtensionWebRequestHelpersTestWithThreadsTest,
148 TestCanExtensionAccessURL_HostPermissions) {
149 net::TestURLRequest request(
150 GURL("http://example.com"), net::DEFAULT_PRIORITY, NULL, &context);
152 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
153 extension_info_map_.get(),
154 permissionless_extension_->id(),
156 false /*crosses_incognito*/,
157 WebRequestPermissions::DO_NOT_CHECK_HOST));
158 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
159 extension_info_map_.get(),
160 permissionless_extension_->id(),
162 false /*crosses_incognito*/,
163 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
164 EXPECT_TRUE(WebRequestPermissions::CanExtensionAccessURL(
165 extension_info_map_.get(),
166 com_extension_->id(),
168 false /*crosses_incognito*/,
169 WebRequestPermissions::REQUIRE_HOST_PERMISSION));
170 EXPECT_FALSE(WebRequestPermissions::CanExtensionAccessURL(
171 extension_info_map_.get(),
172 com_extension_->id(),
174 false /*crosses_incognito*/,
175 WebRequestPermissions::REQUIRE_ALL_URLS));