Google Git
Sign in
chromium / chromium / src.git / 13ca61a886be9dc1e3b862e06f2ae52040aa073e^! / . / PRESUBMIT_test.py
commit13ca61a886be9dc1e3b862e06f2ae52040aa073e[log] [tgz]
authorDaniel Cheng <[email protected]>Fri Aug 25 15:11:25 2017
committerCommit Bot <[email protected]>Fri Aug 25 15:11:25 2017
tree2273fbf0d2262280274e32332740983f10e9406e
parent90c212b22504c0774251d4300096fcd56f78d0bd [diff] [blame]
Enforce that mojo manifests are covered by security reviewers.

Since mojo manifests don't have a consistent naming convention, this
simply looks for JSON files with the "interface_provider_specs" key:
there are some manifests that don't specify this, but the important
part for security review is auditing what's exposed between processes.

Bug: 695922
Change-Id: Id30dae51ecc0cbfa35650ead14ef2dfd081c23d7
Reviewed-on: https://chromium-review.googlesource.com/621707
Reviewed-by: Jochen Eisinger <[email protected]>
Reviewed-by: Robert Sesek <[email protected]>
Reviewed-by: Ken Rockot <[email protected]>
Commit-Queue: Daniel Cheng <[email protected]>
Cr-Commit-Position: refs/heads/master@{#497410}
diff --git a/PRESUBMIT_test.py b/PRESUBMIT_test.py
index 0c4c102c..f8feb78f 100755
--- a/PRESUBMIT_test.py
+++ b/PRESUBMIT_test.py

@@ -1160,5 +1160,47 @@
         mock_input_api, mock_output_api)
     self.assertEqual(1, len(errors))
 
+
+class MojoManifestOwnerTest(unittest.TestCase):
+  def testMojoManifestChangeNeedsSecurityOwner(self):
+    mock_input_api = MockInputApi()
+    mock_input_api.files = [
+      MockAffectedFile('services/goat/manifest.json',
+                       [
+                         '{',
+                         '  "name": "teleporter",',
+                         '  "display_name": "Goat Teleporter",'
+                         '  "interface_provider_specs": {',
+                         '  }',
+                         '}',
+                       ])
+    ]
+    mock_output_api = MockOutputApi()
+    errors = PRESUBMIT._CheckIpcOwners(
+        mock_input_api, mock_output_api)
+    self.assertEqual(1, len(errors))
+    self.assertEqual(
+        'Found OWNERS files that need to be updated for IPC security review ' +
+        'coverage.\nPlease update the OWNERS files below:', errors[0].message)
+
+    # No warning if already covered by an OWNERS rule.
+
+  def testNonManifestChangesDoNotRequireSecurityOwner(self):
+    mock_input_api = MockInputApi()
+    mock_input_api.files = [
+      MockAffectedFile('services/goat/species.json',
+                       [
+                         '[',
+                         '  "anglo-nubian",',
+                         '  "angora"',
+                         ']',
+                       ])
+    ]
+    mock_output_api = MockOutputApi()
+    errors = PRESUBMIT._CheckIpcOwners(
+        mock_input_api, mock_output_api)
+    self.assertEqual([], errors)
+
+
 if __name__ == '__main__':
   unittest.main()