• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <vector>
6 
7 #include "chrome/browser/extensions/webstore_inline_installer.h"
8 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
9 #include "content/public/browser/web_contents.h"
10 #include "testing/gtest/include/gtest/gtest.h"
11 #include "url/gurl.h"
12 
13 namespace extensions {
14 
15 namespace {
16 
17 // Wraps WebstoreInlineInstaller to provide access to domain verification
18 // methods for testing.
19 class TestWebstoreInlineInstaller : public WebstoreInlineInstaller {
20  public:
21   explicit TestWebstoreInlineInstaller(content::WebContents* contents,
22                                        const std::string& requestor_url);
23 
TestCheckRequestorPermitted(const base::DictionaryValue & webstore_data)24   bool TestCheckRequestorPermitted(const base::DictionaryValue& webstore_data) {
25     std::string error;
26     return CheckRequestorPermitted(webstore_data, &error);
27   }
28 
29  protected:
30   virtual ~TestWebstoreInlineInstaller();
31 };
32 
TestInstallerCallback(bool success,const std::string & error)33 void TestInstallerCallback(bool success, const std::string& error) {}
34 
TestWebstoreInlineInstaller(content::WebContents * contents,const std::string & requestor_url)35 TestWebstoreInlineInstaller::TestWebstoreInlineInstaller(
36     content::WebContents* contents,
37     const std::string& requestor_url)
38     : WebstoreInlineInstaller(contents,
39                               "",
40                               GURL(requestor_url),
41                               base::Bind(&TestInstallerCallback)) {
42 }
43 
~TestWebstoreInlineInstaller()44 TestWebstoreInlineInstaller::~TestWebstoreInlineInstaller() {}
45 
46 // We inherit from ChromeRenderViewHostTestHarness only for
47 // CreateTestWebContents, because we need a mock WebContents to support the
48 // underlying WebstoreInlineInstaller in each test case.
49 class WebstoreInlineInstallerTest : public ChromeRenderViewHostTestHarness {
50  public:
51   // testing::Test
52   virtual void SetUp() OVERRIDE;
53   virtual void TearDown() OVERRIDE;
54 
55   bool TestSingleVerifiedSite(const std::string& requestor_url,
56                               const std::string& verified_site);
57 
58   bool TestMultipleVerifiedSites(
59       const std::string& requestor_url,
60       const std::vector<std::string>& verified_sites);
61 
62  protected:
63   scoped_ptr<content::WebContents> web_contents_;
64 };
65 
SetUp()66 void WebstoreInlineInstallerTest::SetUp() {
67   ChromeRenderViewHostTestHarness::SetUp();
68   web_contents_.reset(CreateTestWebContents());
69 }
70 
TearDown()71 void WebstoreInlineInstallerTest::TearDown() {
72   web_contents_.reset(NULL);
73   ChromeRenderViewHostTestHarness::TearDown();
74 }
75 
76 // Simulates a test against the verified site string from a Webstore item's
77 // "verified_site" manifest entry.
TestSingleVerifiedSite(const std::string & requestor_url,const std::string & verified_site)78 bool WebstoreInlineInstallerTest::TestSingleVerifiedSite(
79     const std::string& requestor_url,
80     const std::string& verified_site) {
81   base::DictionaryValue webstore_data;
82   webstore_data.SetString("verified_site", verified_site);
83 
84   scoped_refptr<TestWebstoreInlineInstaller> installer =
85     new TestWebstoreInlineInstaller(web_contents_.get(), requestor_url);
86   return installer->TestCheckRequestorPermitted(webstore_data);
87 }
88 
89 // Simulates a test against a list of verified site strings from a Webstore
90 // item's "verified_sites" manifest entry.
TestMultipleVerifiedSites(const std::string & requestor_url,const std::vector<std::string> & verified_sites)91 bool WebstoreInlineInstallerTest::TestMultipleVerifiedSites(
92     const std::string& requestor_url,
93     const std::vector<std::string>& verified_sites) {
94   base::ListValue* sites = new base::ListValue();
95   for (std::vector<std::string>::const_iterator it = verified_sites.begin();
96        it != verified_sites.end(); ++it) {
97     sites->Append(new base::StringValue(*it));
98   }
99   base::DictionaryValue webstore_data;
100   webstore_data.Set("verified_sites", sites);
101 
102   scoped_refptr<TestWebstoreInlineInstaller> installer =
103     new TestWebstoreInlineInstaller(web_contents_.get(), requestor_url);
104   return installer->TestCheckRequestorPermitted(webstore_data);
105 }
106 
107 }  // namespace
108 
TEST_F(WebstoreInlineInstallerTest,DomainVerification)109 TEST_F(WebstoreInlineInstallerTest, DomainVerification) {
110   // Exact domain match.
111   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com", "example.com"));
112 
113   // The HTTPS scheme is allowed.
114   EXPECT_TRUE(TestSingleVerifiedSite("https://example.com", "example.com"));
115 
116   // The file: scheme is not allowed.
117   EXPECT_FALSE(TestSingleVerifiedSite("file:///example.com", "example.com"));
118 
119   // Trailing slash in URL.
120   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/", "example.com"));
121 
122   // Page on the domain.
123   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/page.html",
124                                      "example.com"));
125 
126   // Page on a subdomain.
127   EXPECT_TRUE(TestSingleVerifiedSite("http://sub.example.com/page.html",
128                                      "example.com"));
129 
130   // Root domain when only a subdomain is verified.
131   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/",
132                                       "sub.example.com"));
133 
134   // Different subdomain when only a subdomain is verified.
135   EXPECT_FALSE(TestSingleVerifiedSite("http://www.example.com/",
136                                       "sub.example.com"));
137 
138   // Port matches.
139   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com:123/",
140                                      "example.com:123"));
141 
142   // Port doesn't match.
143   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com:456/",
144                                       "example.com:123"));
145 
146   // Port is missing in the requestor URL.
147   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/",
148                                       "example.com:123"));
149 
150   // Port is missing in the verified site (any port matches).
151   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com:123/", "example.com"));
152 
153   // Path matches.
154   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path",
155                                      "example.com/path"));
156 
157   // Path doesn't match.
158   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com/foo",
159                                       "example.com/path"));
160 
161   // Path is missing.
162   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com",
163                                       "example.com/path"));
164 
165   // Path matches (with trailing slash).
166   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path/",
167                                      "example.com/path"));
168 
169   // Path matches (is a file under the path).
170   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com/path/page.html",
171                                      "example.com/path"));
172 
173   // Path and port match.
174   EXPECT_TRUE(TestSingleVerifiedSite(
175       "http://example.com:123/path/page.html", "example.com:123/path"));
176 
177   // Match specific valid schemes
178   EXPECT_TRUE(TestSingleVerifiedSite("http://example.com",
179                                      "http://example.com"));
180   EXPECT_TRUE(TestSingleVerifiedSite("https://example.com",
181                                      "https://example.com"));
182 
183   // Mismatch specific vaild schemes
184   EXPECT_FALSE(TestSingleVerifiedSite("https://example.com",
185                                       "http://example.com"));
186   EXPECT_FALSE(TestSingleVerifiedSite("http://example.com",
187                                       "https://example.com"));
188 
189   // Invalid scheme spec
190   EXPECT_FALSE(TestSingleVerifiedSite("file://example.com",
191                                       "file://example.com"));
192 
193   std::vector<std::string> verified_sites;
194   verified_sites.push_back("foo.example.com");
195   verified_sites.push_back("bar.example.com:123");
196   verified_sites.push_back("example.com/unicorns");
197 
198   // Test valid examples against the site list.
199 
200   EXPECT_TRUE(TestMultipleVerifiedSites("http://foo.example.com",
201                                         verified_sites));
202 
203   EXPECT_TRUE(TestMultipleVerifiedSites("http://bar.example.com:123",
204                                         verified_sites));
205 
206   EXPECT_TRUE(TestMultipleVerifiedSites(
207       "http://cooking.example.com/unicorns/bacon.html", verified_sites));
208 
209   // Test invalid examples against the site list.
210 
211   EXPECT_FALSE(TestMultipleVerifiedSites("http://example.com",
212                                          verified_sites));
213 
214   EXPECT_FALSE(TestMultipleVerifiedSites("file://foo.example.com",
215                                          verified_sites));
216 
217   EXPECT_FALSE(TestMultipleVerifiedSites("http://baz.example.com",
218                                          verified_sites));
219 
220   EXPECT_FALSE(TestMultipleVerifiedSites("http://bar.example.com:456",
221                                          verified_sites));
222 }
223 
224 }  // namespace extensions
225