Source/platform/weborigin/SecurityOriginTest.cpp - Issue 1109633002: Basic experimental suborigin CSP directive and SecurityOrigin mods

Side by Side Diff: Source/platform/weborigin/SecurityOriginTest.cpp

Issue 1109633002: Basic experimental suborigin CSP directive and SecurityOrigin mods (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Rebase on ToT Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2013 Google Inc. All rights reserved.	2 * Copyright (C) 2013 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 13 matching lines...) Expand all Loading...
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #include "config.h"	31 #include "config.h"

32 #include "platform/weborigin/SecurityOrigin.h"	32 #include "platform/weborigin/SecurityOrigin.h"

33	33

	34 #include "platform/RuntimeEnabledFeatures.h"

34 #include "platform/weborigin/KURL.h"	35 #include "platform/weborigin/KURL.h"

	36 #include "wtf/text/StringBuilder.h"

	37 #include "wtf/text/WTFString.h"

35 #include <gtest/gtest.h>	38 #include <gtest/gtest.h>

36	39

37 using blink::SecurityOrigin;	40 using blink::SecurityOrigin;

38	41

39 namespace {	42 namespace blink {

40	43

41 const int MaxAllowedPort = 65535;	44 const int MaxAllowedPort = 65535;

42	45

43 TEST(SecurityOriginTest, InvalidPortsCreateUniqueOrigins)	46 class SecurityOriginTest : public ::testing::Test { };

	47

	48 TEST_F(SecurityOriginTest, InvalidPortsCreateUniqueOrigins)

44 {	49 {

45 int ports[] = { -100, -1, MaxAllowedPort + 1, 1000000 };	50 int ports[] = { -100, -1, MaxAllowedPort + 1, 1000000 };

46	51

47 for (size_t i = 0; i < arraysize(ports); ++i) {	52 for (size_t i = 0; i < arraysize(ports); ++i) {

48 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]);	53 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]);

49 EXPECT_TRUE(origin->isUnique()) << "Port " << ports[i] << " should have generated a unique origin.";	54 EXPECT_TRUE(origin->isUnique()) << "Port " << ports[i] << " should have generated a unique origin.";

50 }	55 }

51 }	56 }

52	57

53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins)	58 TEST_F(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins)

54 {	59 {

55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort };	60 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort };

56	61

57 for (size_t i = 0; i < arraysize(ports); ++i) {	62 for (size_t i = 0; i < arraysize(ports); ++i) {

58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]);	63 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]);

59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin.";	64 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin.";

60 }	65 }

61 }	66 }

62	67

63 TEST(SecurityOriginTest, IsPotentiallyTrustworthy)	68 TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy)

64 {	69 {

65 struct TestCase {	70 struct TestCase {

66 bool accessGranted;	71 bool accessGranted;

67 const char* url;	72 const char* url;

68 };	73 };

69	74

70 TestCase inputs[] = {	75 TestCase inputs[] = {

71 // Access is granted to webservers running on localhost.	76 // Access is granted to webservers running on localhost.

72 { true, "http://localhost" },	77 { true, "http://localhost" },

73 { true, "http://LOCALHOST" },	78 { true, "http://LOCALHOST" },

(...skipping 58 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
132 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty());	137 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty());

133 }	138 }

134	139

135 // Unique origins are not considered secure.	140 // Unique origins are not considered secure.

136 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique();	141 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique();

137 String errorMessage;	142 String errorMessage;

138 EXPECT_FALSE(uniqueOrigin->isPotentiallyTrustworthy(errorMessage));	143 EXPECT_FALSE(uniqueOrigin->isPotentiallyTrustworthy(errorMessage));

139 EXPECT_EQ("Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).", e rrorMessage);	144 EXPECT_EQ("Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).", e rrorMessage);

140 }	145 }

141	146

142 TEST(SecurityOriginTest, IsSecure)	147 TEST_F(SecurityOriginTest, IsSecure)

143 {	148 {

144 struct TestCase {	149 struct TestCase {

145 bool isSecure;	150 bool isSecure;

146 const char* url;	151 const char* url;

147 } inputs[] = {	152 } inputs[] = {

148 { false, "blob:ftp://evil:99/578223a1-8c13-17b3-84d5-eca045ae384a" },	153 { false, "blob:ftp://evil:99/578223a1-8c13-17b3-84d5-eca045ae384a" },

149 { false, "blob:http://example.com/578223a1-8c13-17b3-84d5-eca045ae384a" },	154 { false, "blob:http://example.com/578223a1-8c13-17b3-84d5-eca045ae384a" },

150 { false, "file:///etc/passwd" },	155 { false, "file:///etc/passwd" },

151 { false, "ftp://example.com/" },	156 { false, "ftp://example.com/" },

152 { false, "http://example.com/" },	157 { false, "http://example.com/" },

153 { false, "ws://example.com/" },	158 { false, "ws://example.com/" },

154 { true, "blob:https://example.com/578223a1-8c13-17b3-84d5-eca045ae384a" },	159 { true, "blob:https://example.com/578223a1-8c13-17b3-84d5-eca045ae384a" },

155 { true, "https://example.com/" },	160 { true, "https://example.com/" },

156 { true, "wss://example.com/" },	161 { true, "wss://example.com/" },

157	162

158 { true, "about:blank" },	163 { true, "about:blank" },

159 { false, "" },	164 { false, "" },

160 { false, "\0" },	165 { false, "\0" },

161 };	166 };

162	167

163 for (auto test : inputs)	168 for (auto test : inputs)

164 EXPECT_EQ(test.isSecure, SecurityOrigin::isSecure(blink::KURL(blink::Par sedURLString, test.url))) << "URL: '" << test.url << "'";	169 EXPECT_EQ(test.isSecure, SecurityOrigin::isSecure(blink::KURL(blink::Par sedURLString, test.url))) << "URL: '" << test.url << "'";

165	170

166 EXPECT_FALSE(SecurityOrigin::isSecure(blink::KURL()));	171 EXPECT_FALSE(SecurityOrigin::isSecure(blink::KURL()));

167 }	172 }

168	173

	174 TEST_F(SecurityOriginTest, Suborigins)

	175 {

	176 blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true);

	177

	178 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://te st.com");

	179 EXPECT_FALSE(origin->hasSuborigin());

	180 origin->addSuborigin("foobar");

	181 EXPECT_TRUE(origin->hasSuborigin());

	182 EXPECT_EQ("foobar", origin->suboriginName());

	183

	184 origin = SecurityOrigin::createFromString("https://foobar_test.com");

	185 EXPECT_EQ("https", origin->protocol());

	186 EXPECT_EQ("test.com", origin->host());

	187 EXPECT_EQ("foobar", origin->suboriginName());

	188

	189 origin = SecurityOrigin::createFromString("https://foobar_test.com");

	190 EXPECT_TRUE(origin->hasSuborigin());

	191 EXPECT_EQ("foobar", origin->suboriginName());

	192

	193 origin = SecurityOrigin::createFromString("https://foobar+test.com");

	194 EXPECT_FALSE(origin->hasSuborigin());

	195

	196 origin = SecurityOrigin::createFromString("https://_test.com");

	197 EXPECT_FALSE(origin->hasSuborigin());

	198

	199 origin = adoptRef<SecurityOrigin>(new SecurityOrigin);

	200 EXPECT_FALSE(origin->hasSuborigin());

	201

	202 origin = SecurityOrigin::createFromString("https://foobar_test.com");

	203 EXPECT_DEATH(origin->addSuborigin("shouldhitassert"), "");

	204 }

	205

	206 TEST_F(SecurityOriginTest, SuboriginsParsing)

	207 {

	208 blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true);

	209 String host, realHost, suborigin;

	210 host = "test.com";

	211 EXPECT_FALSE(SecurityOrigin::deserializeSuboriginAndHost(host, suborigin, re alHost));

	212

	213 host = "foobar_test.com";

	214 EXPECT_TRUE(SecurityOrigin::deserializeSuboriginAndHost(host, suborigin, rea lHost));

	215 EXPECT_EQ("test.com", realHost);

	216 EXPECT_EQ("foobar", suborigin);

	217

	218 RefPtr<SecurityOrigin> origin;

	219 StringBuilder builder;

	220

	221 origin = SecurityOrigin::createFromString("https://foobar_test.com");

	222 origin->buildRawString(builder);

	223 EXPECT_EQ("https://foobar_test.com", builder.toString());

	224

	225 builder.clear();

	226 origin = SecurityOrigin::createFromString("https://test.com");

	227 origin->addSuborigin("foobar");

	228 origin->buildRawString(builder);

	229 EXPECT_EQ("https://foobar_test.com", builder.toString());

	230 }

	231

169 } // namespace	232 } // namespace

OLD	NEW

« no previous file with comments | « Source/platform/weborigin/SecurityOrigin.cpp ('k') | no next file » | no next file with comments »