OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2014 Google Inc. All rights reserved. | 2 * Copyright (C) 2014 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 11 matching lines...) Expand all Loading... |
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #include "config.h" | 31 #include "config.h" |
| 32 #include "platform/weborigin/SecurityOrigin.h" |
32 #include "platform/weborigin/SecurityPolicy.h" | 33 #include "platform/weborigin/SecurityPolicy.h" |
33 | 34 |
34 #include "platform/weborigin/KURL.h" | 35 #include "platform/weborigin/KURL.h" |
35 #include <gtest/gtest.h> | 36 #include <gtest/gtest.h> |
36 | 37 |
37 using blink::KURL; | 38 using blink::KURL; |
| 39 using blink::SecurityOrigin; |
38 using blink::SecurityPolicy; | 40 using blink::SecurityPolicy; |
39 | 41 |
40 namespace { | 42 namespace { |
41 | 43 |
42 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL) | 44 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL) |
43 { | 45 { |
44 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli
cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8(
"chrome://somepage/")).referrer); | 46 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli
cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8(
"chrome://somepage/")).referrer); |
45 } | 47 } |
46 | 48 |
47 TEST(SecurityPolicyTest, GenerateReferrer) | 49 TEST(SecurityPolicyTest, GenerateReferrer) |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 << result.referrer.utf8().data() << "'."; | 132 << result.referrer.utf8().data() << "'."; |
131 } else { | 133 } else { |
132 EXPECT_TRUE(result.referrer.isEmpty()) | 134 EXPECT_TRUE(result.referrer.isEmpty()) |
133 << "'" << test.referrer << "' to '" << test.destination | 135 << "'" << test.referrer << "' to '" << test.destination |
134 << "' should have been empty: was '" << result.referrer.utf8().d
ata() << "'."; | 136 << "' should have been empty: was '" << result.referrer.utf8().d
ata() << "'."; |
135 } | 137 } |
136 EXPECT_EQ(test.policy, result.referrerPolicy); | 138 EXPECT_EQ(test.policy, result.referrerPolicy); |
137 } | 139 } |
138 } | 140 } |
139 | 141 |
| 142 TEST(SecurityPolicyTest, TrustworthyWhiteList) |
| 143 { |
| 144 const char* insecureURLs[] = { |
| 145 "http://a.test/path/to/file.html", |
| 146 "http://b.test/path/to/file.html", |
| 147 "blob:http://c.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde", |
| 148 "filesystem:http://d.test/path/t/file.html", |
| 149 }; |
| 150 |
| 151 for (const char* url : insecureURLs) { |
| 152 String errorMessage; |
| 153 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url); |
| 154 EXPECT_FALSE(origin->isPotentiallyTrustworthy(errorMessage)); |
| 155 SecurityPolicy::addOriginTrustworthyWhiteList(origin); |
| 156 EXPECT_TRUE(origin->isPotentiallyTrustworthy(errorMessage)); |
| 157 } |
| 158 |
| 159 // Tests that adding URLs that have inner-urls to the whitelist |
| 160 // takes effect on the origins of the inner-urls (and vice versa). |
| 161 struct TestCase { |
| 162 const char* url; |
| 163 const char* anotherUrlInOrigin; |
| 164 }; |
| 165 TestCase insecureURLsWithInnerOrigin[] = { |
| 166 { |
| 167 "blob:http://e.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde", |
| 168 "http://e.test/foo.html" |
| 169 }, { |
| 170 "filesystem:http://f.test/path/t/file.html", |
| 171 "http://f.test/bar.html" |
| 172 }, { |
| 173 "http://g.test/foo.html", |
| 174 "blob:http://g.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde" |
| 175 }, { |
| 176 "http://h.test/bar.html", |
| 177 "filesystem:http://h.test/path/t/file.html" |
| 178 }, |
| 179 }; |
| 180 for (const TestCase& test : insecureURLsWithInnerOrigin) { |
| 181 String errorMessage; |
| 182 |
| 183 // Actually origins of both URLs should be same. |
| 184 RefPtr<SecurityOrigin> origin1 = SecurityOrigin::createFromString(test.u
rl); |
| 185 RefPtr<SecurityOrigin> origin2 = SecurityOrigin::createFromString(test.a
notherUrlInOrigin); |
| 186 |
| 187 EXPECT_FALSE(origin1->isPotentiallyTrustworthy(errorMessage)); |
| 188 EXPECT_FALSE(origin2->isPotentiallyTrustworthy(errorMessage)); |
| 189 SecurityPolicy::addOriginTrustworthyWhiteList(origin1); |
| 190 EXPECT_TRUE(origin1->isPotentiallyTrustworthy(errorMessage)); |
| 191 EXPECT_TRUE(origin2->isPotentiallyTrustworthy(errorMessage)); |
| 192 } |
| 193 } |
| 194 |
140 } // namespace | 195 } // namespace |
141 | |
OLD | NEW |