Google Git
Sign in
chromium / chromium / src.git / e0d481585dfab19c0b01b7518080164fa001d54c / . / chrome / browser / child_process_security_policy_unittest.cc
blob: 2cfb4894f230a59ae21a18c81e3b6272b3cf9d08 [file] [log] [blame]
license.botbf09a502008-08-24 00:55:55[diff] [blame]1// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
5#include <string>
6
7#include "base/basictypes.h"
[email protected]561abe62009-04-06 18:08:34[diff] [blame]8#include "base/file_path.h"
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]9#include "chrome/browser/child_process_security_policy.h"
[email protected]f255c7fc2009-02-26 18:50:55[diff] [blame]10#include "chrome/common/url_constants.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]11#include "net/url_request/url_request.h"
12#include "net/url_request/url_request_test_job.h"
13#include "testing/gtest/include/gtest/gtest.h"
14
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]15class ChildProcessSecurityPolicyTest : public testing::Test {
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]16protected:
17 // testing::Test
18 virtual void SetUp() {
[email protected]60e448982009-05-06 04:21:16[diff] [blame]19 // In the real world, "chrome:" is a handled scheme.
20 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme,
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]21 &URLRequestTestJob::Factory);
22 }
23 virtual void TearDown() {
[email protected]60e448982009-05-06 04:21:16[diff] [blame]24 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme, NULL);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]25 }
26};
27
28static int kRendererID = 42;
29
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]30TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
31 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]32
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]33 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
34 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
35 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
36 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]37 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]38 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kExtensionScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]39
40 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
41 p->RegisterWebSafeScheme("registered-web-safe-scheme");
42 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
43}
44
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]45TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
46 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]47
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]48 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
49 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
50 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]51
52 EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme"));
53 p->RegisterPseudoScheme("registered-psuedo-scheme");
54 EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme"));
55}
56
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]57TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
58 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]59
60 p->Add(kRendererID);
61
62 // Safe
63 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
64 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
65 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
66 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
67 EXPECT_TRUE(p->CanRequestURL(kRendererID,
68 GURL("view-source:http://www.google.com/")));
[email protected]27eef9c2009-02-14 04:09:51[diff] [blame]69 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("chrome-extension://xy/z")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]70
71 // Dangerous
72 EXPECT_FALSE(p->CanRequestURL(kRendererID,
73 GURL("file:///etc/passwd")));
74 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]75 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]76
77 p->Remove(kRendererID);
78}
79
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]80TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
81 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]82
83 p->Add(kRendererID);
84
85 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
86 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
89
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]90 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
91 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]94
95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
96 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
98
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]99 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL));
100 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]101
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]102 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCrashURL));
103 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]104
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]105 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCacheURL));
106 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]107
[email protected]e0d481582009-09-15 21:06:25[diff] [blame^]108 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutHangURL));
109 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]110
111 p->Remove(kRendererID);
112}
113
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]114TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
115 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]116
117 p->Add(kRendererID);
118
119 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
120 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
121 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
122
123 p->Remove(kRendererID);
124}
125
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]126TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
127 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]128
129 p->Add(kRendererID);
130
131 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
132 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
133
134 // Once we register a ProtocolFactory for "asdf", we default to deny.
135 URLRequest::RegisterProtocolFactory("asdf", &URLRequestTestJob::Factory);
136 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
137
138 // We can allow new schemes by adding them to the whitelist.
139 p->RegisterWebSafeScheme("asdf");
140 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
141
142 // Cleanup.
143 URLRequest::RegisterProtocolFactory("asdf", NULL);
144 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
145
146 p->Remove(kRendererID);
147}
148
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]149TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
150 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]151
152 p->Add(kRendererID);
153
154 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
155 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
156 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
157
158 // We should forget our state if we repeat a renderer id.
159 p->Remove(kRendererID);
160 p->Add(kRendererID);
161 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
162 p->Remove(kRendererID);
163}
164
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]165TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
166 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]167
168 p->Add(kRendererID);
169
170 // View source is determined by the embedded scheme.
171 EXPECT_TRUE(p->CanRequestURL(kRendererID,
172 GURL("view-source:http://www.google.com/")));
173 EXPECT_FALSE(p->CanRequestURL(kRendererID,
174 GURL("view-source:file:///etc/passwd")));
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
176
177 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
178 // View source needs to be able to request the embedded scheme.
179 EXPECT_TRUE(p->CanRequestURL(kRendererID,
180 GURL("view-source:file:///etc/passwd")));
181 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
182
183 p->Remove(kRendererID);
184}
185
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]186TEST_F(ChildProcessSecurityPolicyTest, CanUploadFiles) {
187 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]188
189 p->Add(kRendererID);
190
[email protected]561abe62009-04-06 18:08:34[diff] [blame]191 EXPECT_FALSE(p->CanUploadFile(kRendererID,
192 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
193 p->GrantUploadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
194 EXPECT_TRUE(p->CanUploadFile(kRendererID,
195 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
196 EXPECT_FALSE(p->CanUploadFile(kRendererID,
197 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]198
199 p->Remove(kRendererID);
200 p->Add(kRendererID);
201
[email protected]561abe62009-04-06 18:08:34[diff] [blame]202 EXPECT_FALSE(p->CanUploadFile(kRendererID,
203 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
204 EXPECT_FALSE(p->CanUploadFile(kRendererID,
205 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]206
207 p->Remove(kRendererID);
208}
209
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]210TEST_F(ChildProcessSecurityPolicyTest, CanServiceInspectElement) {
211 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]212
[email protected]60e448982009-05-06 04:21:16[diff] [blame]213 GURL url("chrome://inspector/inspector.html");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]214
215 p->Add(kRendererID);
216
217 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
218 p->GrantInspectElement(kRendererID);
219 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
220
221 p->Remove(kRendererID);
222}
223
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]224TEST_F(ChildProcessSecurityPolicyTest, CanServiceDOMUIBindings) {
225 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]226
[email protected]60e448982009-05-06 04:21:16[diff] [blame]227 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]228
229 p->Add(kRendererID);
230
231 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID));
232 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
233 p->GrantDOMUIBindings(kRendererID);
234 EXPECT_TRUE(p->HasDOMUIBindings(kRendererID));
235 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
236
237 p->Remove(kRendererID);
238}
239
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]240TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
241 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]242
243 GURL url("file:///etc/passwd");
[email protected]561abe62009-04-06 18:08:34[diff] [blame]244 FilePath file(FILE_PATH_LITERAL("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]245
246 p->Add(kRendererID);
247
248 p->GrantRequestURL(kRendererID, url);
249 p->GrantUploadFile(kRendererID, file);
250 p->GrantDOMUIBindings(kRendererID);
251
252 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
253 EXPECT_TRUE(p->CanUploadFile(kRendererID, file));
254 EXPECT_TRUE(p->HasDOMUIBindings(kRendererID));
255
256 p->Remove(kRendererID);
257
258 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]259 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
260 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]261
262 // In this case, we default to secure behavior.
263 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
264 EXPECT_FALSE(p->CanUploadFile(kRendererID, file));
265 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID));
266}