Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_unittest.cc

Issue 7873007: Restricting redirects to chrome: (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: Improving that path so it doesn't break things Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/child_process_security_policy.cc ('K') | « content/browser/child_process_security_policy.cc ('k') | content/browser/renderer_host/resource_dispatcher_host.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <string> 5 #include <string>
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "base/file_path.h" 8 #include "base/file_path.h"
9 #include "base/platform_file.h" 9 #include "base/platform_file.h"
10 #include "content/browser/child_process_security_policy.h" 10 #include "content/browser/child_process_security_policy.h"
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); 49 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
50 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); 50 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
51 51
52 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); 52 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
53 p->RegisterWebSafeScheme("registered-web-safe-scheme"); 53 p->RegisterWebSafeScheme("registered-web-safe-scheme");
54 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); 54 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
55 55
56 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme)); 56 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
57 } 57 }
58 58
59 TEST_F(ChildProcessSecurityPolicyTest, IsWebUISchemeTest) {
60 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
61
62 EXPECT_FALSE(p->IsWebUIScheme(chrome::kHttpScheme));
63 EXPECT_FALSE(p->IsWebUIScheme(chrome::kHttpsScheme));
64 EXPECT_FALSE(p->IsWebUIScheme(chrome::kFtpScheme));
65 EXPECT_FALSE(p->IsWebUIScheme(chrome::kDataScheme));
66 EXPECT_FALSE(p->IsWebUIScheme(chrome::kExtensionScheme));
67 EXPECT_FALSE(p->IsWebUIScheme(chrome::kBlobScheme));
68 EXPECT_FALSE(p->IsWebUIScheme(chrome::kFileSystemScheme));
69 EXPECT_FALSE(p->IsWebUIScheme(chrome::kAboutScheme));
70 EXPECT_FALSE(p->IsWebUIScheme(chrome::kJavaScriptScheme));
71 EXPECT_FALSE(p->IsWebUIScheme(chrome::kViewSourceScheme));
72 EXPECT_TRUE(p->IsWebUIScheme(chrome::kChromeUIScheme));
73
74 EXPECT_FALSE(p->IsWebUIScheme("registered-webui-scheme"));
75 p->RegisterWebUIScheme("registered-webui-scheme");
76 EXPECT_TRUE(p->IsWebUIScheme("registered-webui-scheme"));
77 }
78
59 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { 79 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
60 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); 80 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
61 81
62 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); 82 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
63 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); 83 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
64 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); 84 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme));
65 85
66 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); 86 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
67 p->RegisterPseudoScheme("registered-pseudo-scheme"); 87 p->RegisterPseudoScheme("registered-pseudo-scheme");
68 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); 88 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
234 254
235 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); 255 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
236 // View source needs to be able to request the embedded scheme. 256 // View source needs to be able to request the embedded scheme.
237 EXPECT_TRUE(p->CanRequestURL(kRendererID, 257 EXPECT_TRUE(p->CanRequestURL(kRendererID,
238 GURL("view-source:file:///etc/passwd"))); 258 GURL("view-source:file:///etc/passwd")));
239 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 259 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
240 260
241 p->Remove(kRendererID); 261 p->Remove(kRendererID);
242 } 262 }
243 263
264 TEST_F(ChildProcessSecurityPolicyTest, CanRedirectURL) {
265 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
266
267 p->Add(kRendererID);
268
269 // Behaves the same as CanRequestURL, except for chrome: Urls
270 EXPECT_TRUE(p->CanRedirectURL(kRendererID, GURL("http://www.google.com")));
271 EXPECT_TRUE(p->CanRedirectURL(kRendererID, GURL("evil-scheme://path")));
272 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("chrome://settings")));
273 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("chrome://flags")));
274 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("about://flags")));
275
276 p->Remove(kRendererID);
277 }
278
244 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { 279 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
245 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); 280 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
246 281
247 p->Add(kRendererID); 282 p->Add(kRendererID);
248 283
249 EXPECT_FALSE(p->CanReadFile(kRendererID, 284 EXPECT_FALSE(p->CanReadFile(kRendererID,
250 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); 285 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
251 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); 286 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
252 EXPECT_TRUE(p->CanReadFile(kRendererID, 287 EXPECT_TRUE(p->CanReadFile(kRendererID,
253 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); 288 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after
432 467
433 // Renderers are added and removed on the UI thread, but the policy can be 468 // Renderers are added and removed on the UI thread, but the policy can be
434 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be 469 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
435 // prepared to answer policy questions about renderers who no longer exist. 470 // prepared to answer policy questions about renderers who no longer exist.
436 471
437 // In this case, we default to secure behavior. 472 // In this case, we default to secure behavior.
438 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); 473 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
439 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); 474 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
440 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); 475 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
441 } 476 }
OLDNEW
« content/browser/child_process_security_policy.cc ('K') | « content/browser/child_process_security_policy.cc ('k') | content/browser/renderer_host/resource_dispatcher_host.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698