src/extensions/common/permissions/socket_permission_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <string>
   6
   7 #include "base/pickle.h"
   8 #include "base/values.h"
   9 #include "extensions/common/permissions/permissions_info.h"
  10 #include "extensions/common/permissions/socket_permission.h"
  11 #include "extensions/common/permissions/socket_permission_data.h"
  12 #include "ipc/ipc_message.h"
  13 #include "testing/gtest/include/gtest/gtest.h"
  14
  15 namespace extensions {
  16
  17 namespace {
  18
  19 using content::SocketPermissionRequest;
  20
  21 void ParseTest(const std::string& permission,
  22                const std::string& expected_result) {
  23   SocketPermissionData data;
  24   ASSERT_TRUE(data.ParseForTest(permission)) << "Parse permission \""
  25                                              << permission << "\" failed.";
  26   EXPECT_EQ(expected_result, data.GetAsStringForTest());
  27 }
  28
  29 TEST(SocketPermissionTest, General) {
  30   SocketPermissionData data1, data2;
  31
  32   CHECK(data1.ParseForTest("tcp-connect"));
  33   CHECK(data2.ParseForTest("tcp-connect"));
  34
  35   EXPECT_TRUE(data1 == data2);
  36   EXPECT_FALSE(data1 < data2);
  37
  38   CHECK(data1.ParseForTest("tcp-connect"));
  39   CHECK(data2.ParseForTest("tcp-connect:www.example.com"));
  40
  41   EXPECT_FALSE(data1 == data2);
  42   EXPECT_TRUE(data1 < data2);
  43 }
  44
  45 TEST(SocketPermissionTest, Parse) {
  46   SocketPermissionData data;
  47
  48   EXPECT_FALSE(data.ParseForTest(std::string()));
  49   EXPECT_FALSE(data.ParseForTest("*"));
  50   EXPECT_FALSE(data.ParseForTest("\00\00*"));
  51   EXPECT_FALSE(data.ParseForTest("\01*"));
  52   EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:-1"));
  53   EXPECT_FALSE(data.ParseForTest("tcp-connect:www.example.com:65536"));
  54   EXPECT_FALSE(data.ParseForTest("tcp-connect:::"));
  55   EXPECT_FALSE(data.ParseForTest("tcp-connect::0"));
  56   EXPECT_FALSE(data.ParseForTest("tcp-connect:  www.exmaple.com:  99  "));
  57   EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com :99"));
  58   EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com: 99"));
  59   EXPECT_FALSE(data.ParseForTest("tcp-connect:*.exmaple.com:99 "));
  60   EXPECT_FALSE(data.ParseForTest("tcp-connect:\t*.exmaple.com:99"));
  61   EXPECT_FALSE(data.ParseForTest("tcp-connect:\n*.exmaple.com:99"));
  62   EXPECT_FALSE(data.ParseForTest("resolve-host:exmaple.com:99"));
  63   EXPECT_FALSE(data.ParseForTest("resolve-host:127.0.0.1"));
  64   EXPECT_FALSE(data.ParseForTest("resolve-host:"));
  65   EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com:99"));
  66   EXPECT_FALSE(data.ParseForTest("resolve-proxy:exmaple.com"));
  67
  68   ParseTest("tcp-connect", "tcp-connect:*:*");
  69   ParseTest("tcp-listen", "tcp-listen:*:*");
  70   ParseTest("udp-bind", "udp-bind:*:*");
  71   ParseTest("udp-send-to", "udp-send-to:*:*");
  72   ParseTest("resolve-host", "resolve-host");
  73   ParseTest("resolve-proxy", "resolve-proxy");
  74
  75   ParseTest("tcp-connect:", "tcp-connect:*:*");
  76   ParseTest("tcp-listen:", "tcp-listen:*:*");
  77   ParseTest("udp-bind:", "udp-bind:*:*");
  78   ParseTest("udp-send-to:", "udp-send-to:*:*");
  79
  80   ParseTest("tcp-connect::", "tcp-connect:*:*");
  81   ParseTest("tcp-listen::", "tcp-listen:*:*");
  82   ParseTest("udp-bind::", "udp-bind:*:*");
  83   ParseTest("udp-send-to::", "udp-send-to:*:*");
  84
  85   ParseTest("tcp-connect:*", "tcp-connect:*:*");
  86   ParseTest("tcp-listen:*", "tcp-listen:*:*");
  87   ParseTest("udp-bind:*", "udp-bind:*:*");
  88   ParseTest("udp-send-to:*", "udp-send-to:*:*");
  89
  90   ParseTest("tcp-connect:*:", "tcp-connect:*:*");
  91   ParseTest("tcp-listen:*:", "tcp-listen:*:*");
  92   ParseTest("udp-bind:*:", "udp-bind:*:*");
  93   ParseTest("udp-send-to:*:", "udp-send-to:*:*");
  94
  95   ParseTest("tcp-connect::*", "tcp-connect:*:*");
  96   ParseTest("tcp-listen::*", "tcp-listen:*:*");
  97   ParseTest("udp-bind::*", "udp-bind:*:*");
  98   ParseTest("udp-send-to::*", "udp-send-to:*:*");
  99
 100   ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");
 101   ParseTest("tcp-listen:www.example.com", "tcp-listen:www.example.com:*");
 102   ParseTest("udp-bind:www.example.com", "udp-bind:www.example.com:*");
 103   ParseTest("udp-send-to:www.example.com", "udp-send-to:www.example.com:*");
 104   ParseTest("udp-send-to:wWW.ExAmPlE.cOm", "udp-send-to:www.example.com:*");
 105
 106   ParseTest("tcp-connect:.example.com", "tcp-connect:*.example.com:*");
 107   ParseTest("tcp-listen:.example.com", "tcp-listen:*.example.com:*");
 108   ParseTest("udp-bind:.example.com", "udp-bind:*.example.com:*");
 109   ParseTest("udp-send-to:.example.com", "udp-send-to:*.example.com:*");
 110
 111   ParseTest("tcp-connect:*.example.com", "tcp-connect:*.example.com:*");
 112   ParseTest("tcp-listen:*.example.com", "tcp-listen:*.example.com:*");
 113   ParseTest("udp-bind:*.example.com", "udp-bind:*.example.com:*");
 114   ParseTest("udp-send-to:*.example.com", "udp-send-to:*.example.com:*");
 115
 116   ParseTest("tcp-connect::99", "tcp-connect:*:99");
 117   ParseTest("tcp-listen::99", "tcp-listen:*:99");
 118   ParseTest("udp-bind::99", "udp-bind:*:99");
 119   ParseTest("udp-send-to::99", "udp-send-to:*:99");
 120
 121   ParseTest("tcp-connect:www.example.com", "tcp-connect:www.example.com:*");
 122
 123   ParseTest("tcp-connect:*.example.com:99", "tcp-connect:*.example.com:99");
 124 }
 125
 126 TEST(SocketPermissionTest, Match) {
 127   SocketPermissionData data;
 128   scoped_ptr<SocketPermission::CheckParam> param;
 129
 130   CHECK(data.ParseForTest("tcp-connect"));
 131   param.reset(new SocketPermission::CheckParam(
 132       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 133   EXPECT_TRUE(data.Check(param.get()));
 134   param.reset(new SocketPermission::CheckParam(
 135       SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 80));
 136   EXPECT_FALSE(data.Check(param.get()));
 137
 138   CHECK(data.ParseForTest("udp-send-to::8800"));
 139   param.reset(new SocketPermission::CheckParam(
 140       SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
 141   EXPECT_TRUE(data.Check(param.get()));
 142   param.reset(new SocketPermission::CheckParam(
 143       SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
 144   EXPECT_TRUE(data.Check(param.get()));
 145   param.reset(new SocketPermission::CheckParam(
 146       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 147   EXPECT_FALSE(data.Check(param.get()));
 148
 149   CHECK(data.ParseForTest("udp-send-to:*.example.com:8800"));
 150   param.reset(new SocketPermission::CheckParam(
 151       SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
 152   EXPECT_TRUE(data.Check(param.get()));
 153   param.reset(new SocketPermission::CheckParam(
 154       SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
 155   EXPECT_TRUE(data.Check(param.get()));
 156   param.reset(new SocketPermission::CheckParam(
 157       SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800));
 158   EXPECT_TRUE(data.Check(param.get()));
 159   param.reset(new SocketPermission::CheckParam(
 160       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 161   EXPECT_FALSE(data.Check(param.get()));
 162   param.reset(new SocketPermission::CheckParam(
 163       SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
 164   EXPECT_FALSE(data.Check(param.get()));
 165   param.reset(new SocketPermission::CheckParam(
 166       SocketPermissionRequest::UDP_SEND_TO, "wwwexample.com", 8800));
 167   EXPECT_FALSE(data.Check(param.get()));
 168
 169   CHECK(data.ParseForTest("udp-send-to:*.ExAmPlE.cOm:8800"));
 170   param.reset(new SocketPermission::CheckParam(
 171       SocketPermissionRequest::UDP_SEND_TO, "www.example.com", 8800));
 172   EXPECT_TRUE(data.Check(param.get()));
 173   param.reset(new SocketPermission::CheckParam(
 174       SocketPermissionRequest::UDP_SEND_TO, "smtp.example.com", 8800));
 175   EXPECT_TRUE(data.Check(param.get()));
 176   param.reset(new SocketPermission::CheckParam(
 177       SocketPermissionRequest::UDP_SEND_TO, "SMTP.example.com", 8800));
 178   EXPECT_TRUE(data.Check(param.get()));
 179   param.reset(new SocketPermission::CheckParam(
 180       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 181   EXPECT_FALSE(data.Check(param.get()));
 182   param.reset(new SocketPermission::CheckParam(
 183       SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
 184   EXPECT_FALSE(data.Check(param.get()));
 185
 186   ASSERT_TRUE(data.ParseForTest("udp-bind::8800"));
 187   param.reset(new SocketPermission::CheckParam(
 188       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
 189   EXPECT_TRUE(data.Check(param.get()));
 190   param.reset(new SocketPermission::CheckParam(
 191       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888));
 192   EXPECT_FALSE(data.Check(param.get()));
 193   param.reset(new SocketPermission::CheckParam(
 194       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 195   EXPECT_FALSE(data.Check(param.get()));
 196   param.reset(new SocketPermission::CheckParam(
 197       SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
 198   EXPECT_FALSE(data.Check(param.get()));
 199
 200   // Do not wildcard part of ip address.
 201   ASSERT_TRUE(data.ParseForTest("tcp-connect:*.168.0.1:8800"));
 202   param.reset(new SocketPermission::CheckParam(
 203       SocketPermissionRequest::TCP_CONNECT, "192.168.0.1", 8800));
 204   EXPECT_FALSE(data.Check(param.get()));
 205
 206   ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*"));
 207   ASSERT_FALSE(data.ParseForTest("udp-multicast-membership:*:*"));
 208   ASSERT_TRUE(data.ParseForTest("udp-multicast-membership"));
 209   param.reset(new SocketPermission::CheckParam(
 210       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
 211   EXPECT_FALSE(data.Check(param.get()));
 212   param.reset(new SocketPermission::CheckParam(
 213       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8888));
 214   EXPECT_FALSE(data.Check(param.get()));
 215   param.reset(new SocketPermission::CheckParam(
 216       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
 217   EXPECT_FALSE(data.Check(param.get()));
 218   param.reset(new SocketPermission::CheckParam(
 219       SocketPermissionRequest::UDP_SEND_TO, "www.google.com", 8800));
 220   EXPECT_FALSE(data.Check(param.get()));
 221   param.reset(new SocketPermission::CheckParam(
 222       SocketPermissionRequest::UDP_MULTICAST_MEMBERSHIP, "127.0.0.1", 35));
 223   EXPECT_TRUE(data.Check(param.get()));
 224
 225   ASSERT_TRUE(data.ParseForTest("resolve-host"));
 226   param.reset(new SocketPermission::CheckParam(
 227       SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 80));
 228   EXPECT_TRUE(data.Check(param.get()));
 229   param.reset(new SocketPermission::CheckParam(
 230       SocketPermissionRequest::RESOLVE_HOST, "www.example.com", 8080));
 231   EXPECT_TRUE(data.Check(param.get()));
 232   param.reset(new SocketPermission::CheckParam(
 233       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
 234   EXPECT_FALSE(data.Check(param.get()));
 235   param.reset(new SocketPermission::CheckParam(
 236       SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
 237   EXPECT_FALSE(data.Check(param.get()));
 238
 239   ASSERT_TRUE(data.ParseForTest("resolve-proxy"));
 240   param.reset(new SocketPermission::CheckParam(
 241       SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 80));
 242   EXPECT_TRUE(data.Check(param.get()));
 243   param.reset(new SocketPermission::CheckParam(
 244       SocketPermissionRequest::RESOLVE_PROXY, "www.example.com", 8080));
 245   EXPECT_TRUE(data.Check(param.get()));
 246   param.reset(new SocketPermission::CheckParam(
 247       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
 248   EXPECT_FALSE(data.Check(param.get()));
 249   param.reset(new SocketPermission::CheckParam(
 250       SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
 251   EXPECT_FALSE(data.Check(param.get()));
 252
 253   ASSERT_TRUE(data.ParseForTest("network-state"));
 254   param.reset(new SocketPermission::CheckParam(
 255       SocketPermissionRequest::NETWORK_STATE, std::string(), 0));
 256   EXPECT_TRUE(data.Check(param.get()));
 257   param.reset(new SocketPermission::CheckParam(
 258       SocketPermissionRequest::UDP_BIND, "127.0.0.1", 8800));
 259   EXPECT_FALSE(data.Check(param.get()));
 260   param.reset(new SocketPermission::CheckParam(
 261       SocketPermissionRequest::TCP_CONNECT, "127.0.0.1", 8800));
 262   EXPECT_FALSE(data.Check(param.get()));
 263 }
 264
 265 TEST(SocketPermissionTest, IPC) {
 266   const APIPermissionInfo* permission_info =
 267       PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
 268
 269   {
 270     IPC::Message m;
 271
 272     scoped_ptr<APIPermission> permission1(
 273         permission_info->CreateAPIPermission());
 274     scoped_ptr<APIPermission> permission2(
 275         permission_info->CreateAPIPermission());
 276
 277     permission1->Write(&m);
 278     PickleIterator iter(m);
 279     permission2->Read(&m, &iter);
 280
 281     EXPECT_TRUE(permission1->Equal(permission2.get()));
 282   }
 283
 284   {
 285     IPC::Message m;
 286
 287     scoped_ptr<APIPermission> permission1(
 288         permission_info->CreateAPIPermission());
 289     scoped_ptr<APIPermission> permission2(
 290         permission_info->CreateAPIPermission());
 291
 292     scoped_ptr<base::ListValue> value(new base::ListValue());
 293     value->AppendString("tcp-connect:*.example.com:80");
 294     value->AppendString("udp-bind::8080");
 295     value->AppendString("udp-send-to::8888");
 296     ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL));
 297
 298     EXPECT_FALSE(permission1->Equal(permission2.get()));
 299
 300     permission1->Write(&m);
 301     PickleIterator iter(m);
 302     permission2->Read(&m, &iter);
 303     EXPECT_TRUE(permission1->Equal(permission2.get()));
 304   }
 305 }
 306
 307 TEST(SocketPermissionTest, Value) {
 308   const APIPermissionInfo* permission_info =
 309       PermissionsInfo::GetInstance()->GetByID(APIPermission::kSocket);
 310
 311   scoped_ptr<APIPermission> permission1(permission_info->CreateAPIPermission());
 312   scoped_ptr<APIPermission> permission2(permission_info->CreateAPIPermission());
 313
 314   scoped_ptr<base::ListValue> value(new base::ListValue());
 315   value->AppendString("tcp-connect:*.example.com:80");
 316   value->AppendString("udp-bind::8080");
 317   value->AppendString("udp-send-to::8888");
 318   ASSERT_TRUE(permission1->FromValue(value.get(), NULL, NULL));
 319
 320   EXPECT_FALSE(permission1->Equal(permission2.get()));
 321
 322   scoped_ptr<base::Value> vtmp(permission1->ToValue());
 323   ASSERT_TRUE(vtmp);
 324   ASSERT_TRUE(permission2->FromValue(vtmp.get(), NULL, NULL));
 325   EXPECT_TRUE(permission1->Equal(permission2.get()));
 326 }
 327
 328 }  // namespace
 329
 330 }  // namespace extensions