OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <string> | 5 #include <string> |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/platform_file.h" | 9 #include "base/platform_file.h" |
10 #include "content/browser/child_process_security_policy.h" | 10 #include "content/browser/child_process_security_policy.h" |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); | 49 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); |
50 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); | 50 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); |
51 | 51 |
52 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 52 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
53 p->RegisterWebSafeScheme("registered-web-safe-scheme"); | 53 p->RegisterWebSafeScheme("registered-web-safe-scheme"); |
54 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 54 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
55 | 55 |
56 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme)); | 56 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme)); |
57 } | 57 } |
58 | 58 |
| 59 TEST_F(ChildProcessSecurityPolicyTest, IsWebUISchemeTest) { |
| 60 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 61 |
| 62 EXPECT_FALSE(p->IsWebUIScheme(chrome::kHttpScheme)); |
| 63 EXPECT_FALSE(p->IsWebUIScheme(chrome::kHttpsScheme)); |
| 64 EXPECT_FALSE(p->IsWebUIScheme(chrome::kFtpScheme)); |
| 65 EXPECT_FALSE(p->IsWebUIScheme(chrome::kDataScheme)); |
| 66 EXPECT_FALSE(p->IsWebUIScheme(chrome::kExtensionScheme)); |
| 67 EXPECT_FALSE(p->IsWebUIScheme(chrome::kBlobScheme)); |
| 68 EXPECT_FALSE(p->IsWebUIScheme(chrome::kFileSystemScheme)); |
| 69 EXPECT_FALSE(p->IsWebUIScheme(chrome::kAboutScheme)); |
| 70 EXPECT_FALSE(p->IsWebUIScheme(chrome::kJavaScriptScheme)); |
| 71 EXPECT_FALSE(p->IsWebUIScheme(chrome::kViewSourceScheme)); |
| 72 EXPECT_TRUE(p->IsWebUIScheme(chrome::kChromeUIScheme)); |
| 73 |
| 74 EXPECT_FALSE(p->IsWebUIScheme("registered-webui-scheme")); |
| 75 p->RegisterWebUIScheme("registered-webui-scheme"); |
| 76 EXPECT_TRUE(p->IsWebUIScheme("registered-webui-scheme")); |
| 77 } |
| 78 |
59 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { | 79 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
60 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 80 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
61 | 81 |
62 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); | 82 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); |
63 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); | 83 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); |
64 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); | 84 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); |
65 | 85 |
66 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); | 86 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); |
67 p->RegisterPseudoScheme("registered-pseudo-scheme"); | 87 p->RegisterPseudoScheme("registered-pseudo-scheme"); |
68 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); | 88 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); |
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
234 | 254 |
235 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 255 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
236 // View source needs to be able to request the embedded scheme. | 256 // View source needs to be able to request the embedded scheme. |
237 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 257 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
238 GURL("view-source:file:///etc/passwd"))); | 258 GURL("view-source:file:///etc/passwd"))); |
239 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 259 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
240 | 260 |
241 p->Remove(kRendererID); | 261 p->Remove(kRendererID); |
242 } | 262 } |
243 | 263 |
| 264 TEST_F(ChildProcessSecurityPolicyTest, CanRedirectURL) { |
| 265 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 266 |
| 267 p->Add(kRendererID); |
| 268 |
| 269 // Behaves the same as CanRequestURL, except for chrome: Urls |
| 270 EXPECT_TRUE(p->CanRedirectURL(kRendererID, GURL("http://www.google.com"))); |
| 271 EXPECT_TRUE(p->CanRedirectURL(kRendererID, GURL("evil-scheme://path"))); |
| 272 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("chrome://settings"))); |
| 273 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("chrome://flags"))); |
| 274 EXPECT_FALSE(p->CanRedirectURL(kRendererID, GURL("about://flags"))); |
| 275 |
| 276 p->Remove(kRendererID); |
| 277 } |
| 278 |
244 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { | 279 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { |
245 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 280 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
246 | 281 |
247 p->Add(kRendererID); | 282 p->Add(kRendererID); |
248 | 283 |
249 EXPECT_FALSE(p->CanReadFile(kRendererID, | 284 EXPECT_FALSE(p->CanReadFile(kRendererID, |
250 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 285 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
251 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); | 286 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); |
252 EXPECT_TRUE(p->CanReadFile(kRendererID, | 287 EXPECT_TRUE(p->CanReadFile(kRendererID, |
253 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 288 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
432 | 467 |
433 // Renderers are added and removed on the UI thread, but the policy can be | 468 // Renderers are added and removed on the UI thread, but the policy can be |
434 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 469 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
435 // prepared to answer policy questions about renderers who no longer exist. | 470 // prepared to answer policy questions about renderers who no longer exist. |
436 | 471 |
437 // In this case, we default to secure behavior. | 472 // In this case, we default to secure behavior. |
438 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 473 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
439 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 474 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
440 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 475 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
441 } | 476 } |
OLD | NEW |