extensions/common/manifest_handlers/csp_info_unittest.cc - chromium/src - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "extensions/common/manifest_handlers/csp_info.h"
 #include "base/strings/stringprintf.h"
 #include "components/version_info/channel.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/features/feature_channel.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_test.h"

 namespace extensions {

 namespace {

 namespace errors = manifest_errors;
 namespace keys = manifest_keys;

 std::string GetInvalidManifestKeyError(base::StringPiece key) {
   return ErrorUtils::FormatErrorMessage(errors::kInvalidManifestKey, key);
 };

 }  // namespace

 using CSPInfoUnitTest = ManifestTest;

 TEST_F(CSPInfoUnitTest, SandboxedPages) {
   // Sandboxed pages specified, no custom CSP value.
   scoped_refptr<Extension> extension1(
       LoadAndExpectSuccess("sandboxed_pages_valid_1.json"));

   // No sandboxed pages.
   scoped_refptr<Extension> extension2(
       LoadAndExpectSuccess("sandboxed_pages_valid_2.json"));

   // Sandboxed pages specified with a custom CSP value.
   scoped_refptr<Extension> extension3(
       LoadAndExpectSuccess("sandboxed_pages_valid_3.json"));

   // Sandboxed pages specified with wildcard, no custom CSP value.
   scoped_refptr<Extension> extension4(
       LoadAndExpectSuccess("sandboxed_pages_valid_4.json"));

   // Sandboxed pages specified with filename wildcard, no custom CSP value.
   scoped_refptr<Extension> extension5(
       LoadAndExpectSuccess("sandboxed_pages_valid_5.json"));

   const char kSandboxedCSP[] =
       "sandbox allow-scripts allow-forms allow-popups allow-modals; "
       "script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";
   const char kDefaultCSP[] =
       "script-src 'self' blob: filesystem: chrome-extension-resource:; "
       "object-src 'self' blob: filesystem:;";
   const char kCustomSandboxedCSP[] =
       "sandbox; script-src 'self'; child-src 'self';";

   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension1.get(), "/test"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension1.get(), "/none"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension2.get(), "/test"));
   EXPECT_EQ(kCustomSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                      extension3.get(), "/test"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension3.get(), "/none"));
   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension4.get(), "/test"));
   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension5.get(), "/path/test.ext"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension5.get(), "/test"));

   Testcase testcases[] = {
       Testcase("sandboxed_pages_invalid_1.json",
                errors::kInvalidSandboxedPagesList),
       Testcase("sandboxed_pages_invalid_2.json", errors::kInvalidSandboxedPage),
       Testcase("sandboxed_pages_invalid_3.json",
                errors::kInvalidSandboxedPagesCSP),
       Testcase("sandboxed_pages_invalid_4.json",
                errors::kInvalidSandboxedPagesCSP),
       Testcase("sandboxed_pages_invalid_5.json",
                errors::kInvalidSandboxedPagesCSP)};
   RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
 }

 TEST_F(CSPInfoUnitTest, CSPStringKey) {
   scoped_refptr<Extension> extension =
       LoadAndExpectSuccess("csp_string_valid.json");
   ASSERT_TRUE(extension);
   EXPECT_EQ("script-src 'self'; default-src 'none';",
             CSPInfo::GetContentSecurityPolicy(extension.get()));

   RunTestcase(Testcase("csp_invalid_1.json", GetInvalidManifestKeyError(
                                                  keys::kContentSecurityPolicy)),
               EXPECT_TYPE_ERROR);
 }

 TEST_F(CSPInfoUnitTest, CSPDictionaryKey) {
   const char kDefaultCSP[] =
       "script-src 'self' blob: filesystem: chrome-extension-resource:; "
       "object-src 'self' blob: filesystem:;";
   struct {
     const char* file_name;
     const char* csp;
   } cases[] = {
       {"csp_dictionary_valid.json", "default-src 'none';"},
       {"csp_empty_valid.json", "script-src 'self'; object-src 'self';"},
       {"csp_empty_dictionary_valid.json", kDefaultCSP}};

   // Verify that "content_security_policy" key can be used as a dictionary on
   // trunk.
   {
     ScopedCurrentChannel channel(version_info::Channel::UNKNOWN);
     for (const auto& test_case : cases) {
       SCOPED_TRACE(
           base::StringPrintf("%s on channel %s", test_case.file_name, "trunk"));
       scoped_refptr<Extension> extension =
           LoadAndExpectSuccess(test_case.file_name);
       ASSERT_TRUE(extension.get());
       EXPECT_EQ(test_case.csp,
                 CSPInfo::GetContentSecurityPolicy(extension.get()));
     }
   }

   // Verify that "content_security_policy" key can't be used as a dictionary on
   // Stable.
   {
     ScopedCurrentChannel channel(version_info::Channel::STABLE);
     for (const auto& test_case : cases) {
       SCOPED_TRACE(base::StringPrintf("%s on channel %s", test_case.file_name,
                                       "stable"));
       LoadAndExpectError(
           test_case.file_name,
           GetInvalidManifestKeyError(keys::kContentSecurityPolicy));
     }
   }

   {
     ScopedCurrentChannel channel(version_info::Channel::UNKNOWN);
     const char* kExtensionPagesKey = "content_security_policy.extension_pages";
     Testcase testcases[] = {
         Testcase("csp_invalid_2.json",
                  GetInvalidManifestKeyError(kExtensionPagesKey)),
         Testcase("csp_invalid_3.json",
                  GetInvalidManifestKeyError(kExtensionPagesKey))};
     RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
   }
 }

 }  // namespace extensions
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "extensions/common/manifest_handlers/csp_info.h"
	#include "base/strings/stringprintf.h"
	#include "components/version_info/channel.h"
	#include "extensions/common/error_utils.h"
	#include "extensions/common/features/feature_channel.h"
	#include "extensions/common/manifest_constants.h"
	#include "extensions/common/manifest_test.h"

	namespace extensions {

	namespace {

	namespace errors = manifest_errors;
	namespace keys = manifest_keys;

	std::string GetInvalidManifestKeyError(base::StringPiece key) {
	return ErrorUtils::FormatErrorMessage(errors::kInvalidManifestKey, key);
	};

	} // namespace

	using CSPInfoUnitTest = ManifestTest;

	TEST_F(CSPInfoUnitTest, SandboxedPages) {
	// Sandboxed pages specified, no custom CSP value.
	scoped_refptr<Extension> extension1(
	LoadAndExpectSuccess("sandboxed_pages_valid_1.json"));

	// No sandboxed pages.
	scoped_refptr<Extension> extension2(
	LoadAndExpectSuccess("sandboxed_pages_valid_2.json"));

	// Sandboxed pages specified with a custom CSP value.
	scoped_refptr<Extension> extension3(
	LoadAndExpectSuccess("sandboxed_pages_valid_3.json"));

	// Sandboxed pages specified with wildcard, no custom CSP value.
	scoped_refptr<Extension> extension4(
	LoadAndExpectSuccess("sandboxed_pages_valid_4.json"));

	// Sandboxed pages specified with filename wildcard, no custom CSP value.
	scoped_refptr<Extension> extension5(
	LoadAndExpectSuccess("sandboxed_pages_valid_5.json"));

	const char kSandboxedCSP[] =
	"sandbox allow-scripts allow-forms allow-popups allow-modals; "
	"script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";
	const char kDefaultCSP[] =
	"script-src 'self' blob: filesystem: chrome-extension-resource:; "
	"object-src 'self' blob: filesystem:;";
	const char kCustomSandboxedCSP[] =
	"sandbox; script-src 'self'; child-src 'self';";

	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension1.get(), "/test"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension1.get(), "/none"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension2.get(), "/test"));
	EXPECT_EQ(kCustomSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension3.get(), "/test"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension3.get(), "/none"));
	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension4.get(), "/test"));
	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension5.get(), "/path/test.ext"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension5.get(), "/test"));

	Testcase testcases[] = {
	Testcase("sandboxed_pages_invalid_1.json",
	errors::kInvalidSandboxedPagesList),
	Testcase("sandboxed_pages_invalid_2.json", errors::kInvalidSandboxedPage),
	Testcase("sandboxed_pages_invalid_3.json",
	errors::kInvalidSandboxedPagesCSP),
	Testcase("sandboxed_pages_invalid_4.json",
	errors::kInvalidSandboxedPagesCSP),
	Testcase("sandboxed_pages_invalid_5.json",
	errors::kInvalidSandboxedPagesCSP)};
	RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
	}

	TEST_F(CSPInfoUnitTest, CSPStringKey) {
	scoped_refptr<Extension> extension =
	LoadAndExpectSuccess("csp_string_valid.json");
	ASSERT_TRUE(extension);
	EXPECT_EQ("script-src 'self'; default-src 'none';",
	CSPInfo::GetContentSecurityPolicy(extension.get()));

	RunTestcase(Testcase("csp_invalid_1.json", GetInvalidManifestKeyError(
	keys::kContentSecurityPolicy)),
	EXPECT_TYPE_ERROR);
	}

	TEST_F(CSPInfoUnitTest, CSPDictionaryKey) {
	const char kDefaultCSP[] =
	"script-src 'self' blob: filesystem: chrome-extension-resource:; "
	"object-src 'self' blob: filesystem:;";
	struct {
	const char* file_name;
	const char* csp;
	} cases[] = {
	{"csp_dictionary_valid.json", "default-src 'none';"},
	{"csp_empty_valid.json", "script-src 'self'; object-src 'self';"},
	{"csp_empty_dictionary_valid.json", kDefaultCSP}};

	// Verify that "content_security_policy" key can be used as a dictionary on
	// trunk.
	{
	ScopedCurrentChannel channel(version_info::Channel::UNKNOWN);
	for (const auto& test_case : cases) {
	SCOPED_TRACE(
	base::StringPrintf("%s on channel %s", test_case.file_name, "trunk"));
	scoped_refptr<Extension> extension =
	LoadAndExpectSuccess(test_case.file_name);
	ASSERT_TRUE(extension.get());
	EXPECT_EQ(test_case.csp,
	CSPInfo::GetContentSecurityPolicy(extension.get()));
	}
	}

	// Verify that "content_security_policy" key can't be used as a dictionary on
	// Stable.
	{
	ScopedCurrentChannel channel(version_info::Channel::STABLE);
	for (const auto& test_case : cases) {
	SCOPED_TRACE(base::StringPrintf("%s on channel %s", test_case.file_name,
	"stable"));
	LoadAndExpectError(
	test_case.file_name,
	GetInvalidManifestKeyError(keys::kContentSecurityPolicy));
	}
	}

	{
	ScopedCurrentChannel channel(version_info::Channel::UNKNOWN);
	const char* kExtensionPagesKey = "content_security_policy.extension_pages";
	Testcase testcases[] = {
	Testcase("csp_invalid_2.json",
	GetInvalidManifestKeyError(kExtensionPagesKey)),
	Testcase("csp_invalid_3.json",
	GetInvalidManifestKeyError(kExtensionPagesKey))};
	RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
	}
	}

	} // namespace extensions