extensions/common/manifest_handlers/csp_info_unittest.cc - chromium/src - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "extensions/common/manifest_handlers/csp_info.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_test.h"

 namespace extensions {

 namespace errors = manifest_errors;

 using CSPInfoUnitTest = ManifestTest;

 TEST_F(CSPInfoUnitTest, SandboxedPages) {
   // Sandboxed pages specified, no custom CSP value.
   scoped_refptr<Extension> extension1(
       LoadAndExpectSuccess("sandboxed_pages_valid_1.json"));

   // No sandboxed pages.
   scoped_refptr<Extension> extension2(
       LoadAndExpectSuccess("sandboxed_pages_valid_2.json"));

   // Sandboxed pages specified with a custom CSP value.
   scoped_refptr<Extension> extension3(
       LoadAndExpectSuccess("sandboxed_pages_valid_3.json"));

   // Sandboxed pages specified with wildcard, no custom CSP value.
   scoped_refptr<Extension> extension4(
       LoadAndExpectSuccess("sandboxed_pages_valid_4.json"));

   // Sandboxed pages specified with filename wildcard, no custom CSP value.
   scoped_refptr<Extension> extension5(
       LoadAndExpectSuccess("sandboxed_pages_valid_5.json"));

   const char kSandboxedCSP[] =
       "sandbox allow-scripts allow-forms allow-popups allow-modals; "
       "script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";
   const char kDefaultCSP[] =
       "script-src 'self' blob: filesystem: chrome-extension-resource:; "
       "object-src 'self' blob: filesystem:;";
   const char kCustomSandboxedCSP[] =
       "sandbox; script-src 'self'; child-src 'self';";

   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension1.get(), "/test"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension1.get(), "/none"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension2.get(), "/test"));
   EXPECT_EQ(kCustomSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                      extension3.get(), "/test"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension3.get(), "/none"));
   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension4.get(), "/test"));
   EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
                                extension5.get(), "/path/test.ext"));
   EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
                              extension5.get(), "/test"));

   Testcase testcases[] = {
       Testcase("sandboxed_pages_invalid_1.json",
                errors::kInvalidSandboxedPagesList),
       Testcase("sandboxed_pages_invalid_2.json", errors::kInvalidSandboxedPage),
       Testcase("sandboxed_pages_invalid_3.json",
                errors::kInvalidSandboxedPagesCSP),
       Testcase("sandboxed_pages_invalid_4.json",
                errors::kInvalidSandboxedPagesCSP),
       Testcase("sandboxed_pages_invalid_5.json",
                errors::kInvalidSandboxedPagesCSP)};
   RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
 }

 TEST_F(CSPInfoUnitTest, CSPKey) {
   const char kDefaultCSP[] =
       "script-src 'self' blob: filesystem: chrome-extension-resource:; "
       "object-src 'self' blob: filesystem:;";
   struct {
     const char* file_name;
     const char* csp;
   } success_cases[] = {
       {"csp_string_valid.json", "script-src 'self'; default-src 'none';"},
       {"csp_dictionary_valid.json", "default-src 'none';"},
       {"csp_empty_valid.json", "script-src 'self'; object-src 'self';"},
       {"csp_empty_dictionary_valid.json", kDefaultCSP}};

   for (const auto& test_case : success_cases) {
     SCOPED_TRACE(test_case.file_name);
     scoped_refptr<Extension> extension =
         LoadAndExpectSuccess(test_case.file_name);
     ASSERT_TRUE(extension.get());
     EXPECT_EQ(test_case.csp,
               CSPInfo::GetContentSecurityPolicy(extension.get()));
   }

   auto get_invalid_manifest_key_error = [](base::StringPiece key) {
     return ErrorUtils::FormatErrorMessage(errors::kInvalidManifestKey, key);
   };

   const char* kExtensionPagesKey = "content_security_policy.extension_pages";
   const char* kCSPKey = "content_security_policy";
   Testcase testcases[] = {
       Testcase("csp_invalid_1.json", get_invalid_manifest_key_error(kCSPKey)),
       Testcase("csp_invalid_2.json",
                get_invalid_manifest_key_error(kExtensionPagesKey)),
       Testcase("csp_invalid_3.json",
                get_invalid_manifest_key_error(kExtensionPagesKey))};
   RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
 }

 }  // namespace extensions
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "extensions/common/manifest_handlers/csp_info.h"
	#include "extensions/common/error_utils.h"
	#include "extensions/common/manifest_constants.h"
	#include "extensions/common/manifest_test.h"

	namespace extensions {

	namespace errors = manifest_errors;

	using CSPInfoUnitTest = ManifestTest;

	TEST_F(CSPInfoUnitTest, SandboxedPages) {
	// Sandboxed pages specified, no custom CSP value.
	scoped_refptr<Extension> extension1(
	LoadAndExpectSuccess("sandboxed_pages_valid_1.json"));

	// No sandboxed pages.
	scoped_refptr<Extension> extension2(
	LoadAndExpectSuccess("sandboxed_pages_valid_2.json"));

	// Sandboxed pages specified with a custom CSP value.
	scoped_refptr<Extension> extension3(
	LoadAndExpectSuccess("sandboxed_pages_valid_3.json"));

	// Sandboxed pages specified with wildcard, no custom CSP value.
	scoped_refptr<Extension> extension4(
	LoadAndExpectSuccess("sandboxed_pages_valid_4.json"));

	// Sandboxed pages specified with filename wildcard, no custom CSP value.
	scoped_refptr<Extension> extension5(
	LoadAndExpectSuccess("sandboxed_pages_valid_5.json"));

	const char kSandboxedCSP[] =
	"sandbox allow-scripts allow-forms allow-popups allow-modals; "
	"script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";
	const char kDefaultCSP[] =
	"script-src 'self' blob: filesystem: chrome-extension-resource:; "
	"object-src 'self' blob: filesystem:;";
	const char kCustomSandboxedCSP[] =
	"sandbox; script-src 'self'; child-src 'self';";

	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension1.get(), "/test"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension1.get(), "/none"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension2.get(), "/test"));
	EXPECT_EQ(kCustomSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension3.get(), "/test"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension3.get(), "/none"));
	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension4.get(), "/test"));
	EXPECT_EQ(kSandboxedCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension5.get(), "/path/test.ext"));
	EXPECT_EQ(kDefaultCSP, CSPInfo::GetResourceContentSecurityPolicy(
	extension5.get(), "/test"));

	Testcase testcases[] = {
	Testcase("sandboxed_pages_invalid_1.json",
	errors::kInvalidSandboxedPagesList),
	Testcase("sandboxed_pages_invalid_2.json", errors::kInvalidSandboxedPage),
	Testcase("sandboxed_pages_invalid_3.json",
	errors::kInvalidSandboxedPagesCSP),
	Testcase("sandboxed_pages_invalid_4.json",
	errors::kInvalidSandboxedPagesCSP),
	Testcase("sandboxed_pages_invalid_5.json",
	errors::kInvalidSandboxedPagesCSP)};
	RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
	}

	TEST_F(CSPInfoUnitTest, CSPKey) {
	const char kDefaultCSP[] =
	"script-src 'self' blob: filesystem: chrome-extension-resource:; "
	"object-src 'self' blob: filesystem:;";
	struct {
	const char* file_name;
	const char* csp;
	} success_cases[] = {
	{"csp_string_valid.json", "script-src 'self'; default-src 'none';"},
	{"csp_dictionary_valid.json", "default-src 'none';"},
	{"csp_empty_valid.json", "script-src 'self'; object-src 'self';"},
	{"csp_empty_dictionary_valid.json", kDefaultCSP}};

	for (const auto& test_case : success_cases) {
	SCOPED_TRACE(test_case.file_name);
	scoped_refptr<Extension> extension =
	LoadAndExpectSuccess(test_case.file_name);
	ASSERT_TRUE(extension.get());
	EXPECT_EQ(test_case.csp,
	CSPInfo::GetContentSecurityPolicy(extension.get()));
	}

	auto get_invalid_manifest_key_error = [](base::StringPiece key) {
	return ErrorUtils::FormatErrorMessage(errors::kInvalidManifestKey, key);
	};

	const char* kExtensionPagesKey = "content_security_policy.extension_pages";
	const char* kCSPKey = "content_security_policy";
	Testcase testcases[] = {
	Testcase("csp_invalid_1.json", get_invalid_manifest_key_error(kCSPKey)),
	Testcase("csp_invalid_2.json",
	get_invalid_manifest_key_error(kExtensionPagesKey)),
	Testcase("csp_invalid_3.json",
	get_invalid_manifest_key_error(kExtensionPagesKey))};
	RunTestcases(testcases, arraysize(testcases), EXPECT_TYPE_ERROR);
	}

	} // namespace extensions