// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <memory> #include "base/files/file_path.h" #include "base/functional/callback.h" #include "base/memory/raw_ptr.h" #include "base/memory/scoped_refptr.h" #include "base/memory/weak_ptr.h" #include "base/strings/stringprintf.h" #include "base/test/bind.h" #include "build/build_config.h" #include "chrome/browser/chrome_content_browser_client.h" #include "chrome/browser/extensions/extension_browsertest.h" #include "chrome/browser/extensions/extension_tab_util.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/test/base/ui_test_utils.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_process_host.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_client.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "extensions/browser/api/storage/storage_api.h" #include "extensions/browser/background_script_executor.h" #include "extensions/browser/bad_message.h" #include "extensions/browser/browsertest_util.h" #include "extensions/browser/extension_frame_host.h" #include "extensions/browser/extension_web_contents_observer.h" #include "extensions/browser/process_manager.h" #include "extensions/browser/renderer_startup_helper.h" #include "extensions/browser/script_executor.h" #include "extensions/browser/service_worker/service_worker_host.h" #include "extensions/common/constants.h" #include "extensions/common/extension_features.h" #include "extensions/common/mojom/frame.mojom-test-utils.h" #include "extensions/common/mojom/service_worker_host.mojom-test-utils.h" #include "extensions/test/extension_test_message_listener.h" #include "extensions/test/test_extension_dir.h" #include "ipc/ipc_security_test_util.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/public/mojom/service_worker/service_worker_database.mojom-forward.h" #include "url/gurl.h" #include "chrome/browser/extensions/api/messaging/native_messaging_test_util.h" namespace extensions { // ExtensionFrameHostInterceptor is a helper for: // - Intercepting mojom::LocalFrameHost method calls (e.g. methods // that would normally be handled / implemented by ExtensionFrameHost). // - Allowing the test to mutate the method arguments (e.g. to simulate a // compromised renderer) before passing the method call to the usual handler. class ExtensionFrameHostInterceptor : mojom::LocalFrameHostInterceptorForTesting { … }; class ServiceWorkerHostInterceptorForProcessDeath : public mojom::ServiceWorkerHostInterceptorForTesting { … }; // Waits for a kill of the given RenderProcessHost and returns the // BadMessageReason that caused an //extensions-triggerred kill. // // Example usage: // RenderProcessHostBadIpcMessageWaiter kill_waiter(render_process_host); // ... test code that triggers a renderer kill ... // EXPECT_EQ(bad_message::EFD_BAD_MESSAGE_PROCESS, kill_waiter.Wait()); class RenderProcessHostBadIpcMessageWaiter { … }; // Test suite covering how mojo/IPC messages are verified after being received // from a (potentially compromised) renderer process. class ExtensionSecurityExploitBrowserTest : public ExtensionBrowserTest { … }; // Test suite for covering ExtensionHostMsg_OpenChannelToExtension IPC. class OpenChannelToExtensionExploitTest : public ExtensionSecurityExploitBrowserTest { … }; IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromContentScript_BadExtensionIdInMessagingSource) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromContentScript_UnexpectedNativeAppType) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromContentScript_UnexpectedExtensionType) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromContentScript_NoExtensionIdForExtensionType) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromContentScript_BadSourceUrl_FromFrame) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromServiceWorker_BadSourceUrl) { … } // This is a regression test for https://crbug.com/1379558. IN_PROC_BROWSER_TEST_F(ExtensionSecurityExploitBrowserTest, SendMessageFromContentScriptInDataUrlFrame) { … } IN_PROC_BROWSER_TEST_F(ExtensionSecurityExploitBrowserTest, SpoofedExtensionId_ExtensionFunctionDispatcher) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromUserScript_BadExtensionIdInMessagingSource) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromUserScript_SpoofedExtensionIdInMessagingSource) { … } IN_PROC_BROWSER_TEST_F(OpenChannelToExtensionExploitTest, FromUserScript_TargetingAnotherExtensionId) { … } } // namespace extensions
Codebase Browser
chromium