Permalink
Browse files

Squawk about permissions for the wrong app type (bug 839723)

  • Loading branch information...
1 parent 7704423 commit 5f1f59f2e73c608f8b5eb4383bdc415463f39a12 @mattbasta committed Feb 13, 2013
Showing with 148 additions and 0 deletions.
  1. +13 −0 appvalidator/constants.py
  2. +35 −0 appvalidator/testcases/webappbase.py
  3. +100 −0 tests/test_webapp_permissions.py
View
@@ -26,6 +26,19 @@
ICON_LIMIT = 10
+PERMISSIONS = {
+ 'web': set([
+ 'geolocation', 'alarms', 'fmradio', 'desktop-notification', 'storage',
+ 'audio-channel-normal', 'audio-channel-content'
+ ]),
+ 'privileged': set([
+ 'device-storage:pictures', 'device-storage:videos',
+ 'device-storage:music', 'device-storage:sdcard', 'tcp-socket',
+ 'browser', 'systemXHR', 'audio-channel-notification',
+ 'audio-channel-alarm'
+ ]),
+}
+
# Graciously provided by @kumar in bug 614574
if (not SPIDERMONKEY_INSTALLATION or
not os.path.exists(SPIDERMONKEY_INSTALLATION)):
@@ -10,6 +10,9 @@
from ..webapp import detect_webapp_string
+TYPE_URL = "https://developer.mozilla.org/en-US/docs/Apps/Manifest#type"
+
+
@register_test(tier=1)
def test_app_manifest(err, package):
@@ -29,6 +32,38 @@ def test_app_manifest(err, package):
err.save_resource("manifest", webapp)
+@register_test(tier=2)
+def test_permissions(err, package):
+
+ if (not err.get_resource("permissions") or
+ not err.get_resource("manifest")):
+ return
+
+ app_type = err.get_resource("manifest").get("type", "web")
+
+ def error(permission):
+ err.error(
+ err_id=("webappbase", "test_permissions", "unauthorized"),
+ error="App requested unavailable permission",
+ description=["A permission requested by the app is not available "
+ "for the app's type. See %s for more information." %
+ TYPE_URL,
+ "Requested permission: %s" % permission,
+ "App's type: %s" % app_type])
+
+ if app_type == "web":
+ for perm in err.get_resource("permissions"):
+ if perm not in constants.PERMISSIONS["web"]:
+ error(perm)
+ elif app_type == "privileged":
+ available_perms = (constants.PERMISSIONS["web"] |
+ constants.PERMISSIONS["privileged"])
+
+ for perm in err.get_resource("permissions"):
+ if perm not in available_perms:
+ error(perm)
+
+
class DataURIException(Exception):
pass
@@ -0,0 +1,100 @@
+from helper import TestCase
+from appvalidator.errorbundle import ErrorBundle
+import appvalidator.testcases.webappbase as appbase
+
+
+CERT_PERM = "cellbroadcast"
+PRIV_PERM = "tcp-socket"
+WEB_PERM = "fmradio"
+
+
+class TestWebappPermissions(TestCase):
+ """Test that apps can't request permissions that are unavailable to them.
+
+ """
+
+ def setUp(self):
+ super(TestWebappPermissions, self).setUp()
+
+ self.manifest = {"permissions": {}}
+
+ self.setup_err()
+ self.err.save_resource("manifest", self.manifest)
+
+ def analyze(self):
+ self.err.save_resource(
+ "permissions", self.manifest.get("permissions", {}).keys())
+ appbase.test_permissions(self.err, None)
+
+ def test_no_perms(self):
+ self.analyze()
+ self.assert_silent()
+
+ def test_certified_perms(self):
+ self.manifest["permissions"][CERT_PERM] = True
+ self.manifest["type"] = "certified"
+ self.analyze()
+ self.assert_silent()
+
+ def test_certified_perms_priv(self):
+ self.manifest["permissions"][CERT_PERM] = True
+ self.manifest["type"] = "privileged"
+ self.analyze()
+ self.assert_failed(with_errors=True)
+
+ def test_certified_perms_web(self):
+ self.manifest["permissions"][CERT_PERM] = True
+ self.manifest["type"] = "web"
+ self.analyze()
+ self.assert_failed(with_errors=True)
+
+ def test_certified_perms_web_implicit(self):
+ self.manifest["permissions"][CERT_PERM] = True
+ self.analyze()
+ self.assert_failed(with_errors=True)
+
+ def test_privileged_perms(self):
+ self.manifest["permissions"][PRIV_PERM] = True
+ self.manifest["type"] = "privileged"
+ self.analyze()
+ self.assert_silent()
+
+ def test_privileged_perms_cert(self):
+ self.manifest["permissions"][PRIV_PERM] = True
+ self.manifest["type"] = "certified"
+ self.analyze()
+ self.assert_silent()
+
+ def test_privileged_perms_web(self):
+ self.manifest["permissions"][PRIV_PERM] = True
+ self.manifest["type"] = "web"
+ self.analyze()
+ self.assert_failed(with_errors=True)
+
+ def test_privileged_perms_web_implicit(self):
+ self.manifest["permissions"][PRIV_PERM] = True
+ self.analyze()
+ self.assert_failed(with_errors=True)
+
+ def test_web_perms_cert(self):
+ self.manifest["permissions"][WEB_PERM] = True
+ self.manifest["type"] = "certified"
+ self.analyze()
+ self.assert_silent()
+
+ def test_web_perms_priv(self):
+ self.manifest["permissions"][WEB_PERM] = True
+ self.manifest["type"] = "privileged"
+ self.analyze()
+ self.assert_silent()
+
+ def test_web_perms_web(self):
+ self.manifest["permissions"][WEB_PERM] = True
+ self.manifest["type"] = "web"
+ self.analyze()
+ self.assert_silent()
+
+ def test_web_perms_web_implicit(self):
+ self.manifest["permissions"][WEB_PERM] = True
+ self.analyze()
+ self.assert_silent()

0 comments on commit 5f1f59f

Please sign in to comment.