[Extensions] Update debugger API checks to use committed URL

We should be using last committed URL for security checks, not visible URL. This requires updating a number of the extension API tests in order to wait for the tab to commit before attaching the debugger; also take this as an opportunity to update a few with some async helpers (like await, etc). Bug: 237908 Change-Id: Ic9fcb010e4d029204d5d2e0b8e6bbbe76738bc1f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2327462Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Commit-Queue: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#794853}

[Extensions] Update debugger API checks to use committed URL
We should be using last committed URL for security checks, not visible URL. This requires updating a number of the extension API tests in order to wait for the tab to commit before attaching the debugger; also take this as an opportunity to update a few with some async helpers (like await, etc). Bug: 237908 Change-Id: Ic9fcb010e4d029204d5d2e0b8e6bbbe76738bc1f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2327462Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Commit-Queue: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#794853}
6ac77aad · Devlin Cronin · Commit Bot · 0e43f403 · 6ac77aad · 6ac77aad
Commit 6ac77aad authored Aug 05, 2020 by Devlin Cronin Committed by Commit Bot Aug 05, 2020
6 changed files
--- a/chrome/browser/extensions/api/debugger/debugger_api.cc
+++ b/chrome/browser/extensions/api/debugger/debugger_api.cc
@@ -416,12 +416,9 @@ bool DebuggerFunction::InitAgentHost(std::string* error) {
        *debuggee_.tab_id, browser_context(), include_incognito_information(),
        &web_contents);
    if (result && web_contents) {
-      // TODO(rdevlin.cronin) This should definitely be GetLastCommittedURL().
-      GURL url = web_contents->GetVisibleURL();
      if (!ExtensionCanAttachToURL(
-              *extension(), url, Profile::FromBrowserContext(browser_context()),
+              *extension(), web_contents->GetLastCommittedURL(),
-              error)) {
+              Profile::FromBrowserContext(browser_context()), error)) {
        return false;
      }

--- a/chrome/test/data/extensions/api_test/bindings/uncaught_exception_logging/test.js
+++ b/chrome/test/data/extensions/api_test/bindings/uncaught_exception_logging/test.js
@@ -2,49 +2,49 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
-function createTestFunction(expected_message) {
+function verifyException(expectedMessage, tabId) {
-  return function(tab) {
+  function onDebuggerEvent(debuggee, method, params) {
-    function onDebuggerEvent(debuggee, method, params) {
+    if (debuggee.tabId == tabId && method == 'Runtime.exceptionThrown') {
-      if (debuggee.tabId == tab.id && method == 'Runtime.exceptionThrown') {
+      var exception = params.exceptionDetails.exception;
-        var exception = params.exceptionDetails.exception;
+      if (exception.value.indexOf(expectedMessage) > -1) {
-        if (exception.value.indexOf(expected_message) > -1) {
+        chrome.debugger.onEvent.removeListener(onDebuggerEvent);
-          chrome.debugger.onEvent.removeListener(onDebuggerEvent);
+        chrome.test.succeed();
-          chrome.test.succeed();
-        }
      }
-    };
+    }
-    chrome.debugger.onEvent.addListener(onDebuggerEvent);
+  };
-    chrome.debugger.attach({ tabId: tab.id }, "1.1", function() {
+  chrome.debugger.onEvent.addListener(onDebuggerEvent);
-      // Enabling console provides both stored and new messages via the
+  chrome.debugger.attach({ tabId: tabId }, "1.1", function() {
-      // Console.messageAdded event.
+    // Enabling console provides both stored and new messages via the
-      chrome.debugger.sendCommand({ tabId: tab.id }, "Runtime.enable");
+    // Console.messageAdded event.
-    });
+    chrome.debugger.sendCommand({ tabId: tabId }, "Runtime.enable");
-  }
+  });
 }
+let openTab;
 chrome.test.runTests([
-  function testExceptionInExtensionPage() {
+  async function testExceptionInExtensionPage() {
-    chrome.tabs.create(
+    ({openTab} = await import('/_test_resources/test_util/tabs_util.js'));
-        {url: chrome.runtime.getURL('extension_page.html')},
+    const tab = await openTab(chrome.runtime.getURL('extension_page.html'));
-        createTestFunction('Exception thrown in extension page.'));
+    verifyException('Exception thrown in extension page.', tab.id);
  },
-  function testExceptionInInjectedScript() {
+  async function testExceptionInInjectedScript() {
    function injectScriptAndSendMessage(tab) {
      chrome.tabs.executeScript(
          tab.id,
          { file: 'content_script.js' },
          function() {
-            createTestFunction('Exception thrown in injected script.')(tab);
+            verifyException('Exception thrown in injected script.', tab.id);
          });
    }
-    chrome.test.getConfig(function(config) {
+    chrome.test.getConfig(async function(config) {
-      var test_url =
+      const testUrl =
-          'http://localhost:PORT/extensions/test_file.html'
+          `http://localhost:${config.testServer.port}/` +
-              .replace(/PORT/, config.testServer.port);
+          'extensions/test_file.html';
+      const tab = await openTab(testUrl);
-      chrome.tabs.create({ url: test_url }, injectScriptAndSendMessage);
+      injectScriptAndSendMessage(tab);
    });
  }
 ]);
--- a/chrome/test/data/extensions/api_test/debugger/background.js
+++ b/chrome/test/data/extensions/api_test/debugger/background.js
--- a/chrome/test/data/extensions/api_test/debugger_extension/background.js
+++ b/chrome/test/data/extensions/api_test/debugger_extension/background.js
@@ -10,13 +10,13 @@ var protocolVersion = "1.3";
 chrome.test.runTests([
-  function attachToWebUI() {
+  async function attachToWebUI() {
-    chrome.tabs.create({url:"chrome://version"}, function(tab) {
+    const {openTab} = await import('/_test_resources/test_util/tabs_util.js');
-      var debuggee = {tabId: tab.id};
+    const tab = await openTab('chrome://version');
-      chrome.debugger.attach(debuggee, protocolVersion,
+    const debuggee = {tabId: tab.id};
-          fail("Cannot attach to this target."));
+    chrome.debugger.attach(debuggee, protocolVersion,
-      chrome.tabs.remove(tab.id);
+                           fail("Cannot attach to this target."));
-    });
+    chrome.tabs.remove(tab.id);
  },
  function attach() {

--- a/chrome/test/data/extensions/api_test/debugger_file_access/background.js
+++ b/chrome/test/data/extensions/api_test/debugger_file_access/background.js
@@ -10,29 +10,30 @@ function checkUrlsEqual(expected, actual) {
                       new URL(actual).href);
 }
-function runNotAllowedTest(method, params, expectAllowed) {
+let openTab;
+async function runNotAllowedTest(method, params, expectAllowed) {
  const NOT_ALLOWED = "Not allowed";
-  chrome.tabs.create({url: 'dummy.html'}, function(tab) {
+  const tab = await openTab(chrome.runtime.getURL('dummy.html'));
-    var debuggee = {tabId: tab.id};
+  const debuggee = {tabId: tab.id};
-    chrome.debugger.attach(debuggee, '1.2', function() {
+  chrome.debugger.attach(debuggee, '1.2', function() {
-      chrome.test.assertNoLastError();
+    chrome.test.assertNoLastError();
-      chrome.debugger.sendCommand(debuggee, method, params, onResponse);
+    chrome.debugger.sendCommand(debuggee, method, params, onResponse);
-      function onResponse() {
+    function onResponse() {
-        var message;
+      var message;
-        try {
+      try {
-          message = JSON.parse(chrome.runtime.lastError.message).message;
+        message = JSON.parse(chrome.runtime.lastError.message).message;
-        } catch (e) {
+      } catch (e) {
-        }
-        chrome.debugger.detach(debuggee, () => {
-          const allowed = message !== NOT_ALLOWED;
-          if (allowed === expectAllowed)
-            chrome.test.succeed();
-          else
-            chrome.test.fail('' + message);
-        });
      }
-    });
+      chrome.debugger.detach(debuggee, () => {
+        const allowed = message !== NOT_ALLOWED;
+        if (allowed === expectAllowed)
+          chrome.test.succeed();
+        else
+          chrome.test.fail('' + message);
+      });
+    }
  });
 }
@@ -42,7 +43,8 @@ function runNotAllowedTest(method, params, expectAllowed) {
                 });
  const fileUrl = config.testDataDirectory + '/../body1.html';
  const expectFileAccess = !!config.customArg;
-  const { openTab } = await import('/_test_resources/test_util/tabs_util.js');
+  ({ openTab } = await import('/_test_resources/test_util/tabs_util.js'));
  console.log(fileUrl);

--- a/chrome/test/data/extensions/api_test/debugger_inspect_worker/background.js
+++ b/chrome/test/data/extensions/api_test/debugger_inspect_worker/background.js
@@ -6,8 +6,8 @@ const protocolVersion = '1.3';
 chrome.test.getConfig(config => chrome.test.runTests([
  async function testInspectWorkerForbidden() {
-    const tab = await new Promise(resolve =>
+    const {openTab} = await import('/_test_resources/test_util/tabs_util.js');
-        chrome.tabs.create({url: config.customArg}, resolve));
+    const tab = await openTab(config.customArg);
    const debuggee = {tabId: tab.id};
    await new Promise(resolve =>
        chrome.debugger.attach(debuggee, protocolVersion, resolve));