| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <string> | |
| 6 | |
| 7 #include "base/basictypes.h" | |
| 8 #include "base/file_path.h" | |
| 9 #include "chrome/browser/renderer_host/renderer_security_policy.h" | |
| 10 #include "chrome/common/url_constants.h" | |
| 11 #include "net/url_request/url_request.h" | |
| 12 #include "net/url_request/url_request_test_job.h" | |
| 13 #include "testing/gtest/include/gtest/gtest.h" | |
| 14 | |
| 15 class RendererSecurityPolicyTest : public testing::Test { | |
| 16 protected: | |
| 17 // testing::Test | |
| 18 virtual void SetUp() { | |
| 19 // In the real world, "chrome:" is a handled scheme. | |
| 20 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme, | |
| 21 &URLRequestTestJob::Factory); | |
| 22 } | |
| 23 virtual void TearDown() { | |
| 24 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme, NULL); | |
| 25 } | |
| 26 }; | |
| 27 | |
| 28 static int kRendererID = 42; | |
| 29 | |
| 30 TEST_F(RendererSecurityPolicyTest, IsWebSafeSchemeTest) { | |
| 31 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 32 | |
| 33 EXPECT_TRUE(p->IsWebSafeScheme("http")); | |
| 34 EXPECT_TRUE(p->IsWebSafeScheme("https")); | |
| 35 EXPECT_TRUE(p->IsWebSafeScheme("ftp")); | |
| 36 EXPECT_TRUE(p->IsWebSafeScheme("data")); | |
| 37 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | |
| 38 EXPECT_TRUE(p->IsWebSafeScheme("chrome-extension")); | |
| 39 | |
| 40 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); | |
| 41 p->RegisterWebSafeScheme("registered-web-safe-scheme"); | |
| 42 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); | |
| 43 } | |
| 44 | |
| 45 TEST_F(RendererSecurityPolicyTest, IsPseudoSchemeTest) { | |
| 46 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 47 | |
| 48 EXPECT_TRUE(p->IsPseudoScheme("about")); | |
| 49 EXPECT_TRUE(p->IsPseudoScheme("javascript")); | |
| 50 EXPECT_TRUE(p->IsPseudoScheme("view-source")); | |
| 51 | |
| 52 EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme")); | |
| 53 p->RegisterPseudoScheme("registered-psuedo-scheme"); | |
| 54 EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme")); | |
| 55 } | |
| 56 | |
| 57 TEST_F(RendererSecurityPolicyTest, StandardSchemesTest) { | |
| 58 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 59 | |
| 60 p->Add(kRendererID); | |
| 61 | |
| 62 // Safe | |
| 63 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | |
| 64 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | |
| 65 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | |
| 66 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | |
| 67 EXPECT_TRUE(p->CanRequestURL(kRendererID, | |
| 68 GURL("view-source:http://www.google.com/"))); | |
| 69 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("chrome-extension://xy/z"))); | |
| 70 | |
| 71 // Dangerous | |
| 72 EXPECT_FALSE(p->CanRequestURL(kRendererID, | |
| 73 GURL("file:///etc/passwd"))); | |
| 74 EXPECT_FALSE(p->CanRequestURL(kRendererID, | |
| 75 GURL("view-cache:http://www.google.com/"))); | |
| 76 EXPECT_FALSE(p->CanRequestURL(kRendererID, | |
| 77 GURL("chrome://foo/bar"))); | |
| 78 | |
| 79 p->Remove(kRendererID); | |
| 80 } | |
| 81 | |
| 82 TEST_F(RendererSecurityPolicyTest, AboutTest) { | |
| 83 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 84 | |
| 85 p->Add(kRendererID); | |
| 86 | |
| 87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | |
| 88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | |
| 89 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | |
| 90 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | |
| 91 | |
| 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | |
| 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | |
| 94 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | |
| 95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | |
| 96 | |
| 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | |
| 98 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | |
| 99 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | |
| 100 | |
| 101 p->GrantRequestURL(kRendererID, GURL("about:memory")); | |
| 102 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | |
| 103 | |
| 104 p->GrantRequestURL(kRendererID, GURL("about:crash")); | |
| 105 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | |
| 106 | |
| 107 p->GrantRequestURL(kRendererID, GURL("about:cache")); | |
| 108 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | |
| 109 | |
| 110 p->GrantRequestURL(kRendererID, GURL("about:hang")); | |
| 111 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | |
| 112 | |
| 113 p->Remove(kRendererID); | |
| 114 } | |
| 115 | |
| 116 TEST_F(RendererSecurityPolicyTest, JavaScriptTest) { | |
| 117 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 118 | |
| 119 p->Add(kRendererID); | |
| 120 | |
| 121 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | |
| 122 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | |
| 123 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | |
| 124 | |
| 125 p->Remove(kRendererID); | |
| 126 } | |
| 127 | |
| 128 TEST_F(RendererSecurityPolicyTest, RegisterWebSafeSchemeTest) { | |
| 129 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 130 | |
| 131 p->Add(kRendererID); | |
| 132 | |
| 133 // Currently, "asdf" is destined for ShellExecute, so it is allowed. | |
| 134 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | |
| 135 | |
| 136 // Once we register a ProtocolFactory for "asdf", we default to deny. | |
| 137 URLRequest::RegisterProtocolFactory("asdf", &URLRequestTestJob::Factory); | |
| 138 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | |
| 139 | |
| 140 // We can allow new schemes by adding them to the whitelist. | |
| 141 p->RegisterWebSafeScheme("asdf"); | |
| 142 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | |
| 143 | |
| 144 // Cleanup. | |
| 145 URLRequest::RegisterProtocolFactory("asdf", NULL); | |
| 146 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | |
| 147 | |
| 148 p->Remove(kRendererID); | |
| 149 } | |
| 150 | |
| 151 TEST_F(RendererSecurityPolicyTest, CanServiceCommandsTest) { | |
| 152 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 153 | |
| 154 p->Add(kRendererID); | |
| 155 | |
| 156 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | |
| 157 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | |
| 158 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | |
| 159 | |
| 160 // We should forget our state if we repeat a renderer id. | |
| 161 p->Remove(kRendererID); | |
| 162 p->Add(kRendererID); | |
| 163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | |
| 164 p->Remove(kRendererID); | |
| 165 } | |
| 166 | |
| 167 TEST_F(RendererSecurityPolicyTest, ViewSource) { | |
| 168 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 169 | |
| 170 p->Add(kRendererID); | |
| 171 | |
| 172 // View source is determined by the embedded scheme. | |
| 173 EXPECT_TRUE(p->CanRequestURL(kRendererID, | |
| 174 GURL("view-source:http://www.google.com/"))); | |
| 175 EXPECT_FALSE(p->CanRequestURL(kRendererID, | |
| 176 GURL("view-source:file:///etc/passwd"))); | |
| 177 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | |
| 178 | |
| 179 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | |
| 180 // View source needs to be able to request the embedded scheme. | |
| 181 EXPECT_TRUE(p->CanRequestURL(kRendererID, | |
| 182 GURL("view-source:file:///etc/passwd"))); | |
| 183 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | |
| 184 | |
| 185 p->Remove(kRendererID); | |
| 186 } | |
| 187 | |
| 188 TEST_F(RendererSecurityPolicyTest, CanUploadFiles) { | |
| 189 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 190 | |
| 191 p->Add(kRendererID); | |
| 192 | |
| 193 EXPECT_FALSE(p->CanUploadFile(kRendererID, | |
| 194 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | |
| 195 p->GrantUploadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); | |
| 196 EXPECT_TRUE(p->CanUploadFile(kRendererID, | |
| 197 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | |
| 198 EXPECT_FALSE(p->CanUploadFile(kRendererID, | |
| 199 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); | |
| 200 | |
| 201 p->Remove(kRendererID); | |
| 202 p->Add(kRendererID); | |
| 203 | |
| 204 EXPECT_FALSE(p->CanUploadFile(kRendererID, | |
| 205 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | |
| 206 EXPECT_FALSE(p->CanUploadFile(kRendererID, | |
| 207 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); | |
| 208 | |
| 209 p->Remove(kRendererID); | |
| 210 } | |
| 211 | |
| 212 TEST_F(RendererSecurityPolicyTest, CanServiceInspectElement) { | |
| 213 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 214 | |
| 215 GURL url("chrome://inspector/inspector.html"); | |
| 216 | |
| 217 p->Add(kRendererID); | |
| 218 | |
| 219 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | |
| 220 p->GrantInspectElement(kRendererID); | |
| 221 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | |
| 222 | |
| 223 p->Remove(kRendererID); | |
| 224 } | |
| 225 | |
| 226 TEST_F(RendererSecurityPolicyTest, CanServiceDOMUIBindings) { | |
| 227 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 228 | |
| 229 GURL url("chrome://thumb/http://www.google.com/"); | |
| 230 | |
| 231 p->Add(kRendererID); | |
| 232 | |
| 233 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); | |
| 234 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | |
| 235 p->GrantDOMUIBindings(kRendererID); | |
| 236 EXPECT_TRUE(p->HasDOMUIBindings(kRendererID)); | |
| 237 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | |
| 238 | |
| 239 p->Remove(kRendererID); | |
| 240 } | |
| 241 | |
| 242 TEST_F(RendererSecurityPolicyTest, RemoveRace) { | |
| 243 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | |
| 244 | |
| 245 GURL url("file:///etc/passwd"); | |
| 246 FilePath file(FILE_PATH_LITERAL("/etc/passwd")); | |
| 247 | |
| 248 p->Add(kRendererID); | |
| 249 | |
| 250 p->GrantRequestURL(kRendererID, url); | |
| 251 p->GrantUploadFile(kRendererID, file); | |
| 252 p->GrantDOMUIBindings(kRendererID); | |
| 253 | |
| 254 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | |
| 255 EXPECT_TRUE(p->CanUploadFile(kRendererID, file)); | |
| 256 EXPECT_TRUE(p->HasDOMUIBindings(kRendererID)); | |
| 257 | |
| 258 p->Remove(kRendererID); | |
| 259 | |
| 260 // Renderers are added and removed on the UI thread, but the policy can be | |
| 261 // queried on the IO thread. The RendererSecurityPolicy needs to be prepared | |
| 262 // to answer policy questions about renderers who no longer exist. | |
| 263 | |
| 264 // In this case, we default to secure behavior. | |
| 265 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | |
| 266 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); | |
| 267 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); | |
| 268 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 113488:
Rename RendererSecurityPolicy and move it to browser\. No code change. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/