summaryrefslogtreecommitdiff
path: root/chromium/content/browser/sms/sms_browsertest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/content/browser/sms/sms_browsertest.cc')
-rw-r--r--chromium/content/browser/sms/sms_browsertest.cc101
1 files changed, 78 insertions, 23 deletions
diff --git a/chromium/content/browser/sms/sms_browsertest.cc b/chromium/content/browser/sms/sms_browsertest.cc
index c78c7aa2779..ce32f040cc6 100644
--- a/chromium/content/browser/sms/sms_browsertest.cc
+++ b/chromium/content/browser/sms/sms_browsertest.cc
@@ -3,7 +3,9 @@
// found in the LICENSE file.
#include <memory>
+#include <string>
+#include "base/test/bind_test_util.h"
#include "base/test/metrics/histogram_tester.h"
#include "components/ukm/test_ukm_recorder.h"
#include "content/browser/browser_main_loop.h"
@@ -13,6 +15,7 @@
#include "content/browser/sms/test/mock_sms_web_contents_delegate.h"
#include "content/browser/web_contents/web_contents_impl.h"
#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test.h"
#include "content/public/test/browser_test_utils.h"
#include "content/public/test/content_browser_test.h"
#include "content/public/test/content_browser_test_utils.h"
@@ -24,6 +27,7 @@
#include "testing/gmock/include/gmock/gmock.h"
#include "third_party/blink/public/common/sms/sms_receiver_outcome.h"
+using blink::mojom::SmsStatus;
using ::testing::_;
using ::testing::Invoke;
using ::testing::NiceMock;
@@ -114,9 +118,8 @@ class SmsBrowserTest : public ContentBrowserTest {
cert_verifier_.TearDownInProcessBrowserTestFixture();
}
- SmsFetcherImpl* GetSmsFetcher() {
- return static_cast<SmsFetcherImpl*>(
- SmsFetcher::Get(shell()->web_contents()->GetBrowserContext()));
+ SmsFetcher* GetSmsFetcher() {
+ return SmsFetcher::Get(shell()->web_contents()->GetBrowserContext());
}
ukm::TestAutoSetUkmRecorder* ukm_recorder() { return ukm_recorder_.get(); }
@@ -145,7 +148,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Receive) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
// Test that SMS content can be retrieved after navigator.credentials.get().
std::string script = R"(
@@ -155,7 +158,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Receive) {
}) ();
)";
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).WillOnce(Invoke([&]() {
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).WillOnce(Invoke([&]() {
mock_provider_ptr->NotifyReceive(url::Origin::Create(url), "hello");
ConfirmPrompt();
}));
@@ -187,7 +190,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, AtMostOneSmsRequestPerOrigin) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
std::string script = R"(
(async () => {
@@ -203,7 +206,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, AtMostOneSmsRequestPerOrigin) {
}) ();
)";
- EXPECT_CALL(*mock_provider_ptr, Retrieve())
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_))
.WillOnce(Return())
.WillOnce(Invoke([&]() {
mock_provider_ptr->NotifyReceive(url::Origin::Create(url), "hello");
@@ -230,7 +233,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest,
DISABLED_AtMostOneSmsRequestPerOriginPerTab) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
Shell* tab1 = CreateBrowser();
Shell* tab2 = CreateBrowser();
@@ -243,7 +246,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest,
tab1->web_contents()->SetDelegate(&delegate_);
tab2->web_contents()->SetDelegate(&delegate_);
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).Times(3);
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).Times(3);
// Make 1 request on tab1 that is expected to be cancelled when the 2nd
// request is made.
@@ -329,7 +332,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Reload) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
std::string script = R"(
// kicks off the sms receiver, adding the service
@@ -339,7 +342,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Reload) {
base::RunLoop loop;
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).WillOnce(Invoke([&loop]() {
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).WillOnce(Invoke([&loop]() {
// Deliberately avoid calling NotifyReceive() to simulate
// a request that has been received but not fulfilled.
loop.Quit();
@@ -373,11 +376,11 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Close) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
base::RunLoop loop;
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).WillOnce(Invoke([&loop]() {
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).WillOnce(Invoke([&loop]() {
loop.Quit();
}));
@@ -402,7 +405,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Close) {
IN_PROC_BROWSER_TEST_F(SmsBrowserTest, DISABLED_TwoTabsSameOrigin) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
Shell* tab1 = CreateBrowser();
Shell* tab2 = CreateBrowser();
@@ -415,7 +418,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, DISABLED_TwoTabsSameOrigin) {
tab1->web_contents()->SetDelegate(&delegate_);
tab2->web_contents()->SetDelegate(&delegate_);
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).Times(2);
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).Times(2);
std::string script = R"(
var otp = navigator.credentials.get({otp: {transport: ["sms"]}})
@@ -483,7 +486,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, DISABLED_TwoTabsSameOrigin) {
IN_PROC_BROWSER_TEST_F(SmsBrowserTest, DISABLED_TwoTabsDifferentOrigin) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
Shell* tab1 = CreateBrowser();
Shell* tab2 = CreateBrowser();
@@ -507,7 +510,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, DISABLED_TwoTabsDifferentOrigin) {
base::RunLoop loop;
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).Times(2);
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).Times(2);
tab1->web_contents()->SetDelegate(&delegate_);
tab2->web_contents()->SetDelegate(&delegate_);
@@ -559,11 +562,11 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, SmsReceivedAfterTabIsClosed) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
base::RunLoop loop;
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).WillOnce(Invoke([&loop]() {
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).WillOnce(Invoke([&loop]() {
loop.Quit();
}));
@@ -588,7 +591,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Cancels) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
shell()->web_contents()->SetDelegate(&delegate_);
@@ -596,7 +599,7 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, Cancels) {
ExpectSmsPrompt();
- EXPECT_CALL(*mock_provider_ptr, Retrieve()).WillOnce(Invoke([&]() {
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_)).WillOnce(Invoke([&]() {
mock_provider_ptr->NotifyReceive(url::Origin::Create(url), "hello");
DismissPrompt();
}));
@@ -628,13 +631,13 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, AbortAfterSmsRetrieval) {
auto provider = std::make_unique<MockSmsProvider>();
MockSmsProvider* mock_provider_ptr = provider.get();
- GetSmsFetcher()->SetSmsProviderForTesting(std::move(provider));
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(std::move(provider));
shell()->web_contents()->SetDelegate(&delegate_);
ExpectSmsPrompt();
- EXPECT_CALL(*mock_provider_ptr, Retrieve())
+ EXPECT_CALL(*mock_provider_ptr, Retrieve(_))
.WillOnce(Invoke([&mock_provider_ptr, &url]() {
mock_provider_ptr->NotifyReceive(url::Origin::Create(url), "hello");
}));
@@ -665,4 +668,56 @@ IN_PROC_BROWSER_TEST_F(SmsBrowserTest, AbortAfterSmsRetrieval) {
ExpectOutcomeUKM(url, blink::SMSReceiverOutcome::kAborted);
}
+IN_PROC_BROWSER_TEST_F(SmsBrowserTest, SmsFetcherUAF) {
+ base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+ switches::kWebOtpBackend, switches::kWebOtpBackendUserConsent);
+ GURL url = GetTestUrl(nullptr, "simple_page.html");
+ EXPECT_TRUE(NavigateToURL(shell(), url));
+
+ auto* provider = new NiceMock<MockSmsProvider>();
+ BrowserMainLoop::GetInstance()->SetSmsProviderForTesting(
+ base::WrapUnique(provider));
+
+ shell()->web_contents()->SetDelegate(&delegate_);
+
+ auto* fetcher = SmsFetcher::Get(shell()->web_contents()->GetBrowserContext());
+ auto* fetcher2 =
+ SmsFetcher::Get(shell()->web_contents()->GetBrowserContext());
+ mojo::Remote<blink::mojom::SmsReceiver> service;
+ mojo::Remote<blink::mojom::SmsReceiver> service2;
+
+ RenderFrameHost* render_frame_host = shell()->web_contents()->GetMainFrame();
+ SmsService::Create(fetcher, render_frame_host,
+ service.BindNewPipeAndPassReceiver());
+ SmsService::Create(fetcher2, render_frame_host,
+ service2.BindNewPipeAndPassReceiver());
+
+ base::RunLoop navigate;
+
+ EXPECT_CALL(*provider, Retrieve(_))
+ .WillOnce(Invoke([&]() {
+ static_cast<SmsFetcherImpl*>(fetcher)->OnReceive(
+ url::Origin::Create(url), "ABC234");
+ }))
+ .WillOnce(Invoke([&]() {
+ static_cast<SmsFetcherImpl*>(fetcher2)->OnReceive(
+ url::Origin::Create(url), "DEF567");
+ }));
+
+ service->Receive(base::BindLambdaForTesting(
+ [](SmsStatus status, const base::Optional<std::string>& otp) {
+ EXPECT_EQ(SmsStatus::kSuccess, status);
+ EXPECT_EQ("ABC234", otp);
+ }));
+
+ service2->Receive(base::BindLambdaForTesting(
+ [&navigate](SmsStatus status, const base::Optional<std::string>& otp) {
+ EXPECT_EQ(SmsStatus::kSuccess, status);
+ EXPECT_EQ("DEF567", otp);
+ navigate.Quit();
+ }));
+
+ navigate.Run();
+}
+
} // namespace content
View Lorry Controller Status