Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(220)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webkit/plugins/ppapi/url_request_info_unittest.cc

Issue 7645010: Fix security bug that allowed invalid header fields to be injected by (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« webkit/plugins/ppapi/ppb_url_request_info_impl.cc ('K') | « webkit/plugins/ppapi/ppb_url_request_info_impl.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "ppapi/thunk/thunk.h" 5 #include "ppapi/thunk/thunk.h"
6 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h" 6 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"
7 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrameClient.h" 7 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrameClient.h"
8 #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" 8 #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h"
9 #include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h" 9 #include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h"
10 #include "webkit/plugins/ppapi/ppapi_plugin_instance.h" 10 #include "webkit/plugins/ppapi/ppapi_plugin_instance.h"
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 info_->SetStringProperty(PP_URLREQUESTPROPERTY_URL, url); 201 info_->SetStringProperty(PP_URLREQUESTPROPERTY_URL, url);
202 ASSERT_TRUE(info_->RequiresUniversalAccess()); 202 ASSERT_TRUE(info_->RequiresUniversalAccess());
203 } 203 }
204 204
205 TEST_F(URLRequestInfoTest, SetMethod) { 205 TEST_F(URLRequestInfoTest, SetMethod) {
206 // Test default method is "GET". 206 // Test default method is "GET".
207 ASSERT_TRUE(IsExpected(GetMethod(), "GET")); 207 ASSERT_TRUE(IsExpected(GetMethod(), "GET"));
208 ASSERT_TRUE(info_->SetStringProperty( 208 ASSERT_TRUE(info_->SetStringProperty(
209 PP_URLREQUESTPROPERTY_METHOD, "POST")); 209 PP_URLREQUESTPROPERTY_METHOD, "POST"));
210 ASSERT_TRUE(IsExpected(GetMethod(), "POST")); 210 ASSERT_TRUE(IsExpected(GetMethod(), "POST"));
211
212 // Test that method names are converted to upper case.
213 ASSERT_TRUE(info_->SetStringProperty(
214 PP_URLREQUESTPROPERTY_METHOD, "get"));
215 ASSERT_TRUE(IsExpected(GetMethod(), "GET"));
216 ASSERT_TRUE(info_->SetStringProperty(
217 PP_URLREQUESTPROPERTY_METHOD, "post"));
218 ASSERT_TRUE(IsExpected(GetMethod(), "POST"));
219 }
220
221 TEST_F(URLRequestInfoTest, SetInvalidMethod) {
222 ASSERT_FALSE(info_->SetStringProperty(
223 PP_URLREQUESTPROPERTY_METHOD, "CONNECT"));
224 ASSERT_FALSE(info_->SetStringProperty(
225 PP_URLREQUESTPROPERTY_METHOD, "connect"));
226 ASSERT_FALSE(info_->SetStringProperty(
227 PP_URLREQUESTPROPERTY_METHOD, "TRACE"));
228 ASSERT_FALSE(info_->SetStringProperty(
229 PP_URLREQUESTPROPERTY_METHOD, "trace"));
230 ASSERT_FALSE(info_->SetStringProperty(
231 PP_URLREQUESTPROPERTY_METHOD, "TRACK"));
232 ASSERT_FALSE(info_->SetStringProperty(
233 PP_URLREQUESTPROPERTY_METHOD, "track"));
234
235 ASSERT_FALSE(info_->SetStringProperty(
236 PP_URLREQUESTPROPERTY_METHOD, "POST\x0d\x0ax-csrf-token:\x20test1234"));
211 } 237 }
212 238
213 TEST_F(URLRequestInfoTest, SetValidHeaders) { 239 TEST_F(URLRequestInfoTest, SetValidHeaders) {
214 // Test default header field. 240 // Test default header field.
215 ASSERT_TRUE(IsExpected( 241 ASSERT_TRUE(IsExpected(
216 GetHeaderValue("foo"), "")); 242 GetHeaderValue("foo"), ""));
217 // Test that we can set a header field. 243 // Test that we can set a header field.
218 ASSERT_TRUE(info_->SetStringProperty( 244 ASSERT_TRUE(info_->SetStringProperty(
219 PP_URLREQUESTPROPERTY_HEADERS, "foo: bar")); 245 PP_URLREQUESTPROPERTY_HEADERS, "foo: bar"));
220 ASSERT_TRUE(IsExpected( 246 ASSERT_TRUE(IsExpected(
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
272 ASSERT_FALSE(info_->SetStringProperty( 298 ASSERT_FALSE(info_->SetStringProperty(
273 PP_URLREQUESTPROPERTY_HEADERS, "foo: bar\ncookie: foo")); 299 PP_URLREQUESTPROPERTY_HEADERS, "foo: bar\ncookie: foo"));
274 ASSERT_TRUE(IsNullOrEmpty(GetHeaderValue("cookie"))); 300 ASSERT_TRUE(IsNullOrEmpty(GetHeaderValue("cookie")));
275 } 301 }
276 302
277 // TODO(bbudge) Unit tests for AppendDataToBody, AppendFileToBody. 303 // TODO(bbudge) Unit tests for AppendDataToBody, AppendFileToBody.
278 304
279 } // namespace ppapi 305 } // namespace ppapi
280 } // namespace webkit 306 } // namespace webkit
281 307
OLDNEW
« webkit/plugins/ppapi/ppb_url_request_info_impl.cc ('K') | « webkit/plugins/ppapi/ppb_url_request_info_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698