Source/platform/weborigin/SecurityPolicyTest.cpp - Issue 1082173003: Support whitelisting to handle insecure origins as trustworthy origins (blink)

Side by Side Diff: Source/platform/weborigin/SecurityPolicyTest.cpp

Issue 1082173003: Support whitelisting to handle insecure origins as trustworthy origins (blink) (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2014 Google Inc. All rights reserved.	2 * Copyright (C) 2014 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 11 matching lines...) Expand all Loading...
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT	23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #include "config.h"	31 #include "config.h"

	32 #include "platform/weborigin/SecurityOrigin.h"

32 #include "platform/weborigin/SecurityPolicy.h"	33 #include "platform/weborigin/SecurityPolicy.h"

33	34

34 #include "platform/weborigin/KURL.h"	35 #include "platform/weborigin/KURL.h"

35 #include <gtest/gtest.h>	36 #include <gtest/gtest.h>

36	37

37 using blink::KURL;	38 using blink::KURL;

	39 using blink::SecurityOrigin;

38 using blink::SecurityPolicy;	40 using blink::SecurityPolicy;

39	41

40 namespace {	42 namespace {

41	43

42 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL)	44 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL)

43 {	45 {

44 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer);	46 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer);

45 }	47 }

46	48

47 TEST(SecurityPolicyTest, GenerateReferrer)	49 TEST(SecurityPolicyTest, GenerateReferrer)

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
130 << result.referrer.utf8().data() << "'.";	132 << result.referrer.utf8().data() << "'.";

131 } else {	133 } else {

132 EXPECT_TRUE(result.referrer.isEmpty())	134 EXPECT_TRUE(result.referrer.isEmpty())

133 << "'" << test.referrer << "' to '" << test.destination	135 << "'" << test.referrer << "' to '" << test.destination

134 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'.";	136 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'.";

135 }	137 }

136 EXPECT_EQ(test.policy, result.referrerPolicy);	138 EXPECT_EQ(test.policy, result.referrerPolicy);

137 }	139 }

138 }	140 }

139	141

	142 TEST(SecurityPolicyTest, TrustworthyWhiteList)

	143 {

	144 const char* insecureURLs[] = {

	145 "http://a.test/path/to/file.html",

	146 "http://b.test/path/to/file.html",

	147 "blob:http://c.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde",

	148 "filesystem:http://d.test/path/t/file.html",
	Mike West 2015/04/20 09:25:00 I think we also need to verify that whitelisting ` I think we also need to verify that whitelisting `blob:[origin]` also whitelists `[origin]`. That might not be clear to someone just skimming this test. It probably means breaking out of the nice `for`-loop style, though. :( kinuko 2015/04/20 15:43:18 Good point, done. Show quoted text On 2015/04/20 09:25:00, Mike West wrote: > I think we also need to verify that whitelisting `blob:[origin]` also whitelists > `[origin]`. That might not be clear to someone just skimming this test. It > probably means breaking out of the nice `for`-loop style, though. :( Good point, done.
	149 };

	150

	151 for (const char* url : insecureURLs) {

	152 String errorMessage;

	153 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url);

	154 EXPECT_FALSE(origin->isPotentiallyTrustworthy(errorMessage));

	155 SecurityPolicy::addOriginTrustworthyWhiteList(*origin);

	156 EXPECT_TRUE(origin->isPotentiallyTrustworthy(errorMessage));

	157 }

	158 }

	159

140 } // namespace	160 } // namespace

141

OLD	NEW

« Source/platform/weborigin/SecurityPolicy.cpp ('K') | « Source/platform/weborigin/SecurityPolicy.cpp ('k') | Source/web/WebSecurityPolicy.cpp » ('j') | public/web/WebSecurityPolicy.h » ('J')