Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(717)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/platform/weborigin/SecurityPolicyTest.cpp

Issue 1082173003: Support whitelisting to handle insecure origins as trustworthy origins (blink) (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: no lock (for now) Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/platform/weborigin/SecurityPolicy.cpp ('k') | Source/web/WebSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2014 Google Inc. All rights reserved. 2 * Copyright (C) 2014 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 11 matching lines...) Expand all
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #include "config.h" 31 #include "config.h"
32 #include "platform/weborigin/SecurityOrigin.h"
32 #include "platform/weborigin/SecurityPolicy.h" 33 #include "platform/weborigin/SecurityPolicy.h"
33 34
34 #include "platform/weborigin/KURL.h" 35 #include "platform/weborigin/KURL.h"
35 #include <gtest/gtest.h> 36 #include <gtest/gtest.h>
36 37
37 using blink::KURL; 38 using blink::KURL;
39 using blink::SecurityOrigin;
38 using blink::SecurityPolicy; 40 using blink::SecurityPolicy;
39 41
40 namespace { 42 namespace {
41 43
42 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL) 44 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL)
43 { 45 {
44 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer); 46 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer);
45 } 47 }
46 48
47 TEST(SecurityPolicyTest, GenerateReferrer) 49 TEST(SecurityPolicyTest, GenerateReferrer)
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after
130 << result.referrer.utf8().data() << "'."; 132 << result.referrer.utf8().data() << "'.";
131 } else { 133 } else {
132 EXPECT_TRUE(result.referrer.isEmpty()) 134 EXPECT_TRUE(result.referrer.isEmpty())
133 << "'" << test.referrer << "' to '" << test.destination 135 << "'" << test.referrer << "' to '" << test.destination
134 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'."; 136 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'.";
135 } 137 }
136 EXPECT_EQ(test.policy, result.referrerPolicy); 138 EXPECT_EQ(test.policy, result.referrerPolicy);
137 } 139 }
138 } 140 }
139 141
142 TEST(SecurityPolicyTest, TrustworthyWhiteList)
143 {
144 const char* insecureURLs[] = {
145 "http://a.test/path/to/file.html",
146 "http://b.test/path/to/file.html",
147 "blob:http://c.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde",
148 "filesystem:http://d.test/path/t/file.html",
149 };
150
151 for (const char* url : insecureURLs) {
152 String errorMessage;
153 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url);
154 EXPECT_FALSE(origin->isPotentiallyTrustworthy(errorMessage));
155 SecurityPolicy::addOriginTrustworthyWhiteList(origin);
156 EXPECT_TRUE(origin->isPotentiallyTrustworthy(errorMessage));
157 }
158
159 // Tests that adding URLs that have inner-urls to the whitelist
160 // takes effect on the origins of the inner-urls (and vice versa).
161 struct TestCase {
162 const char* url;
163 const char* anotherUrlInOrigin;
164 };
165 TestCase insecureURLsWithInnerOrigin[] = {
166 {
167 "blob:http://e.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde",
168 "http://e.test/foo.html"
169 }, {
170 "filesystem:http://f.test/path/t/file.html",
171 "http://f.test/bar.html"
172 }, {
173 "http://g.test/foo.html",
174 "blob:http://g.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde"
175 }, {
176 "http://h.test/bar.html",
177 "filesystem:http://h.test/path/t/file.html"
178 },
179 };
180 for (const TestCase& test : insecureURLsWithInnerOrigin) {
181 String errorMessage;
182
183 // Actually origins of both URLs should be same.
184 RefPtr<SecurityOrigin> origin1 = SecurityOrigin::createFromString(test.u rl);
185 RefPtr<SecurityOrigin> origin2 = SecurityOrigin::createFromString(test.a notherUrlInOrigin);
186
187 EXPECT_FALSE(origin1->isPotentiallyTrustworthy(errorMessage));
188 EXPECT_FALSE(origin2->isPotentiallyTrustworthy(errorMessage));
189 SecurityPolicy::addOriginTrustworthyWhiteList(origin1);
190 EXPECT_TRUE(origin1->isPotentiallyTrustworthy(errorMessage));
191 EXPECT_TRUE(origin2->isPotentiallyTrustworthy(errorMessage));
192 }
193 }
194
140 } // namespace 195 } // namespace
141
OLDNEW
« no previous file with comments | « Source/platform/weborigin/SecurityPolicy.cpp ('k') | Source/web/WebSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698