diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-06 12:48:11 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-13 09:33:43 +0000 |
| commit | 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (patch) | |
| tree | fa14ba0ca8d2683ba2efdabd246dc9b18a1229c6 /chromium/PRESUBMIT_test.py | |
| parent | 79b4f909db1049fca459c07cca55af56a9b54fe3 (diff) | |
| download | qtwebengine-chromium-7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3.tar.gz | |
BASELINE: Update Chromium to 84.0.4147.141
Change-Id: Ib85eb4cfa1cbe2b2b81e5022c8cad5c493969535
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/PRESUBMIT_test.py')
| -rwxr-xr-x | chromium/PRESUBMIT_test.py | 287 |
1 files changed, 256 insertions, 31 deletions
diff --git a/chromium/PRESUBMIT_test.py b/chromium/PRESUBMIT_test.py index d2a156f0ddc..a15c15fa029 100755 --- a/chromium/PRESUBMIT_test.py +++ b/chromium/PRESUBMIT_test.py @@ -1022,6 +1022,90 @@ class IncludeGuardTest(unittest.TestCase): 'Header using the wrong include guard name ' 'WrongInBlink_h') +class AccessibilityRelnotesFieldTest(unittest.TestCase): + def testRelnotesPresent(self): + mock_input_api = MockInputApi() + mock_output_api = MockOutputApi() + + mock_input_api.files = [MockAffectedFile('ui/accessibility/foo.bar', [''])] + mock_input_api.change.footers['AX-Relnotes'] = [ + 'Important user facing change'] + + msgs = PRESUBMIT._CheckAccessibilityRelnotesField( + mock_input_api, mock_output_api) + self.assertEqual(0, len(msgs), + 'Expected %d messages, found %d: %s' + % (0, len(msgs), msgs)) + + def testRelnotesMissingFromAccessibilityChange(self): + mock_input_api = MockInputApi() + mock_output_api = MockOutputApi() + + mock_input_api.files = [ + MockAffectedFile('some/file', ['']), + MockAffectedFile('ui/accessibility/foo.bar', ['']), + MockAffectedFile('some/other/file', ['']) + ] + + msgs = PRESUBMIT._CheckAccessibilityRelnotesField( + mock_input_api, mock_output_api) + self.assertEqual(1, len(msgs), + 'Expected %d messages, found %d: %s' + % (1, len(msgs), msgs)) + self.assertTrue("Missing 'AX-Relnotes:' field" in msgs[0].message, + 'Missing AX-Relnotes field message not found in errors') + + # The relnotes footer is not required for changes which do not touch any + # accessibility directories. + def testIgnoresNonAccesssibilityCode(self): + mock_input_api = MockInputApi() + mock_output_api = MockOutputApi() + + mock_input_api.files = [ + MockAffectedFile('some/file', ['']), + MockAffectedFile('some/other/file', ['']) + ] + + msgs = PRESUBMIT._CheckAccessibilityRelnotesField( + mock_input_api, mock_output_api) + self.assertEqual(0, len(msgs), + 'Expected %d messages, found %d: %s' + % (0, len(msgs), msgs)) + + # Test that our presubmit correctly raises an error for a set of known paths. + def testExpectedPaths(self): + filesToTest = [ + "chrome/browser/accessibility/foo.py", + "chrome/browser/chromeos/arc/accessibility/foo.cc", + "chrome/browser/ui/views/accessibility/foo.h", + "chrome/browser/extensions/api/automation/foo.h", + "chrome/browser/extensions/api/automation_internal/foo.cc", + "chrome/renderer/extensions/accessibility_foo.h", + "chrome/tests/data/accessibility/foo.html", + "content/browser/accessibility/foo.cc", + "content/renderer/accessibility/foo.h", + "content/tests/data/accessibility/foo.cc", + "extensions/renderer/api/automation/foo.h", + "ui/accessibility/foo/bar/baz.cc", + "ui/views/accessibility/foo/bar/baz.h", + ] + + for testFile in filesToTest: + mock_input_api = MockInputApi() + mock_output_api = MockOutputApi() + + mock_input_api.files = [ + MockAffectedFile(testFile, ['']) + ] + + msgs = PRESUBMIT._CheckAccessibilityRelnotesField( + mock_input_api, mock_output_api) + self.assertEqual(1, len(msgs), + 'Expected %d messages, found %d: %s, for file %s' + % (1, len(msgs), msgs, testFile)) + self.assertTrue("Missing 'AX-Relnotes:' field" in msgs[0].message, + ('Missing AX-Relnotes field message not found in errors ' + ' for file %s' % (testFile))) class AndroidDeprecatedTestAnnotationTest(unittest.TestCase): def testCheckAndroidTestAnnotationUsage(self): @@ -1919,74 +2003,215 @@ class CorrectProductNameInMessagesTest(unittest.TestCase): class ServiceManifestOwnerTest(unittest.TestCase): - def testServiceManifestJsonChangeNeedsSecurityOwner(self): + def testServiceManifestChangeNeedsSecurityOwner(self): mock_input_api = MockInputApi() mock_input_api.files = [ - MockAffectedFile('services/goat/manifest.json', + MockAffectedFile('services/goat/public/cpp/manifest.cc', [ - '{', - ' "name": "teleporter",', - ' "display_name": "Goat Teleporter",' - ' "interface_provider_specs": {', - ' }', - '}', - ]) - ] + '#include "services/goat/public/cpp/manifest.h"', + 'const service_manager::Manifest& GetManifest() {}', + ])] mock_output_api = MockOutputApi() - errors = PRESUBMIT._CheckIpcOwners( + errors = PRESUBMIT._CheckSecurityOwners( mock_input_api, mock_output_api) self.assertEqual(1, len(errors)) self.assertEqual( 'Found OWNERS files that need to be updated for IPC security review ' + 'coverage.\nPlease update the OWNERS files below:', errors[0].message) - # No warning if already covered by an OWNERS rule. - - def testNonManifestJsonChangesDoNotRequireSecurityOwner(self): + def testNonServiceManifestSourceChangesDoNotRequireSecurityOwner(self): mock_input_api = MockInputApi() mock_input_api.files = [ - MockAffectedFile('services/goat/species.json', + MockAffectedFile('some/non/service/thing/foo_manifest.cc', [ - '[', - ' "anglo-nubian",', - ' "angora"', - ']', - ]) - ] + 'const char kNoEnforcement[] = "not a manifest!";', + ])] mock_output_api = MockOutputApi() - errors = PRESUBMIT._CheckIpcOwners( + errors = PRESUBMIT._CheckSecurityOwners( mock_input_api, mock_output_api) self.assertEqual([], errors) - def testServiceManifestChangeNeedsSecurityOwner(self): + +class FuchsiaSecurityOwnerTest(unittest.TestCase): + def testFidlChangeNeedsSecurityOwner(self): mock_input_api = MockInputApi() mock_input_api.files = [ - MockAffectedFile('services/goat/public/cpp/manifest.cc', + MockAffectedFile('potentially/scary/ipc.fidl', [ - '#include "services/goat/public/cpp/manifest.h"', - 'const service_manager::Manifest& GetManifest() {}', + 'library test.fidl' ])] mock_output_api = MockOutputApi() - errors = PRESUBMIT._CheckIpcOwners( + errors = PRESUBMIT._CheckSecurityOwners( mock_input_api, mock_output_api) self.assertEqual(1, len(errors)) self.assertEqual( 'Found OWNERS files that need to be updated for IPC security review ' + 'coverage.\nPlease update the OWNERS files below:', errors[0].message) - def testNonServiceManifestSourceChangesDoNotRequireSecurityOwner(self): + def testComponentManifestV1ChangeNeedsSecurityOwner(self): mock_input_api = MockInputApi() mock_input_api.files = [ - MockAffectedFile('some/non/service/thing/foo_manifest.cc', + MockAffectedFile('potentially/scary/v2_manifest.cmx', [ - 'const char kNoEnforcement[] = "not a manifest!";', + '{ "that is no": "manifest!" }' + ])] + mock_output_api = MockOutputApi() + errors = PRESUBMIT._CheckSecurityOwners( + mock_input_api, mock_output_api) + self.assertEqual(1, len(errors)) + self.assertEqual( + 'Found OWNERS files that need to be updated for IPC security review ' + + 'coverage.\nPlease update the OWNERS files below:', errors[0].message) + + def testComponentManifestV2NeedsSecurityOwner(self): + mock_input_api = MockInputApi() + mock_input_api.files = [ + MockAffectedFile('potentially/scary/v2_manifest.cml', + [ + '{ "that is no": "manifest!" }' ])] mock_output_api = MockOutputApi() - errors = PRESUBMIT._CheckIpcOwners( + errors = PRESUBMIT._CheckSecurityOwners( + mock_input_api, mock_output_api) + self.assertEqual(1, len(errors)) + self.assertEqual( + 'Found OWNERS files that need to be updated for IPC security review ' + + 'coverage.\nPlease update the OWNERS files below:', errors[0].message) + + def testOtherFuchsiaChangesDoNotRequireSecurityOwner(self): + mock_input_api = MockInputApi() + mock_input_api.files = [ + MockAffectedFile('some/non/service/thing/fuchsia_fidl_cml_cmx_magic.cc', + [ + 'const char kNoEnforcement[] = "Security?!? Pah!";', + ])] + mock_output_api = MockOutputApi() + errors = PRESUBMIT._CheckSecurityOwners( mock_input_api, mock_output_api) self.assertEqual([], errors) +class SecurityChangeTest(unittest.TestCase): + class _MockOwnersDB(object): + def __init__(self): + self.email_regexp = '.*' + + def owners_rooted_at_file(self, f): + return ['apple@chromium.org', 'orange@chromium.org'] + + def _mockChangeOwnerAndReviewers(self, input_api, owner, reviewers): + def __MockOwnerAndReviewers(input_api, email_regexp, approval_needed=False): + return [owner, reviewers] + input_api.canned_checks.GetCodereviewOwnerAndReviewers = \ + __MockOwnerAndReviewers + + def testDiffWithSandboxType(self): + mock_input_api = MockInputApi() + mock_input_api.files = [ + MockAffectedFile( + 'services/goat/teleporter_host.cc', + [ + 'content::ServiceProcessHost::Launch<mojom::GoatTeleporter>(', + ' content::ServiceProcessHost::LaunchOptions()', + ' .WithSandboxType(content::SandboxType::kGoaty)', + ' .WithDisplayName("goat_teleporter")', + ' .Build())' + ] + ), + ] + files_to_functions = PRESUBMIT._GetFilesUsingSecurityCriticalFunctions( + mock_input_api) + self.assertEqual({ + 'services/goat/teleporter_host.cc': set([ + 'content::ServiceProcessHost::LaunchOptions::WithSandboxType' + ])}, + files_to_functions) + + def testDiffRemovingLine(self): + mock_input_api = MockInputApi() + mock_file = MockAffectedFile('services/goat/teleporter_host.cc', '') + mock_file._scm_diff = """--- old 2020-05-04 14:08:25.000000000 -0400 ++++ new 2020-05-04 14:08:32.000000000 -0400 +@@ -1,5 +1,4 @@ + content::ServiceProcessHost::Launch<mojom::GoatTeleporter>( + content::ServiceProcessHost::LaunchOptions() +- .WithSandboxType(content::SandboxType::kGoaty) + .WithDisplayName("goat_teleporter") + .Build()) +""" + mock_input_api.files = [mock_file] + files_to_functions = PRESUBMIT._GetFilesUsingSecurityCriticalFunctions( + mock_input_api) + self.assertEqual({ + 'services/goat/teleporter_host.cc': set([ + 'content::ServiceProcessHost::LaunchOptions::WithSandboxType' + ])}, + files_to_functions) + + def testChangeOwnersMissing(self): + mock_input_api = MockInputApi() + mock_input_api.owners_db = self._MockOwnersDB() + mock_input_api.is_committing = False + mock_input_api.files = [ + MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)']) + ] + mock_output_api = MockOutputApi() + self._mockChangeOwnerAndReviewers( + mock_input_api, 'owner@chromium.org', ['banana@chromium.org']) + result = PRESUBMIT._CheckSecurityChanges(mock_input_api, mock_output_api) + self.assertEquals(1, len(result)) + self.assertEquals(result[0].type, 'notify') + self.assertEquals(result[0].message, + 'The following files change calls to security-sensive functions\n' \ + 'that need to be reviewed by ipc/SECURITY_OWNERS.\n' + ' file.cc\n' + ' content::ServiceProcessHost::LaunchOptions::WithSandboxType\n\n') + + def testChangeOwnersMissingAtCommit(self): + mock_input_api = MockInputApi() + mock_input_api.owners_db = self._MockOwnersDB() + mock_input_api.is_committing = True + mock_input_api.files = [ + MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)']) + ] + mock_output_api = MockOutputApi() + self._mockChangeOwnerAndReviewers( + mock_input_api, 'owner@chromium.org', ['banana@chromium.org']) + result = PRESUBMIT._CheckSecurityChanges(mock_input_api, mock_output_api) + self.assertEquals(1, len(result)) + self.assertEquals(result[0].type, 'error') + self.assertEquals(result[0].message, + 'The following files change calls to security-sensive functions\n' \ + 'that need to be reviewed by ipc/SECURITY_OWNERS.\n' + ' file.cc\n' + ' content::ServiceProcessHost::LaunchOptions::WithSandboxType\n\n') + + def testChangeOwnersPresent(self): + mock_input_api = MockInputApi() + mock_input_api.owners_db = self._MockOwnersDB() + mock_input_api.files = [ + MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)']) + ] + mock_output_api = MockOutputApi() + self._mockChangeOwnerAndReviewers( + mock_input_api, 'owner@chromium.org', + ['apple@chromium.org', 'banana@chromium.org']) + result = PRESUBMIT._CheckSecurityChanges(mock_input_api, mock_output_api) + self.assertEquals(0, len(result)) + + def testChangeOwnerIsSecurityOwner(self): + mock_input_api = MockInputApi() + mock_input_api.owners_db = self._MockOwnersDB() + mock_input_api.files = [ + MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)']) + ] + mock_output_api = MockOutputApi() + self._mockChangeOwnerAndReviewers( + mock_input_api, 'orange@chromium.org', ['pear@chromium.org']) + result = PRESUBMIT._CheckSecurityChanges(mock_input_api, mock_output_api) + self.assertEquals(1, len(result)) + + class BannedTypeCheckTest(unittest.TestCase): def testBannedCppFunctions(self): |