OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/fetch/Resource.h" | 10 #include "core/fetch/Resource.h" |
11 #include "core/fetch/ResourcePtr.h" | 11 #include "core/fetch/ResourcePtr.h" |
12 #include "core/html/HTMLScriptElement.h" | 12 #include "core/html/HTMLScriptElement.h" |
13 #include "platform/Crypto.h" | 13 #include "platform/Crypto.h" |
14 #include "platform/weborigin/KURL.h" | 14 #include "platform/weborigin/KURL.h" |
15 #include "platform/weborigin/SecurityOrigin.h" | 15 #include "platform/weborigin/SecurityOrigin.h" |
16 #include "wtf/RefPtr.h" | 16 #include "wtf/RefPtr.h" |
17 #include "wtf/Vector.h" | 17 #include "wtf/Vector.h" |
18 #include "wtf/dtoa/utils.h" | 18 #include "wtf/dtoa/utils.h" |
19 #include "wtf/text/WTFString.h" | 19 #include "wtf/text/WTFString.h" |
20 #include <gtest/gtest.h> | 20 #include <gtest/gtest.h> |
21 | 21 |
22 namespace blink { | 22 namespace blink { |
23 | 23 |
24 static const char kBasicScript[] = "alert('test');"; | 24 static const char kBasicScript[] = "alert('test');"; |
25 static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBA XwnkfpmQX4="; | 25 static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBA XwnkfpmQX4="; |
26 static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQiv UdJPyBacqznBAXwnkfpmQX4="; | 26 static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQiv UdJPyBacqznBAXwnkfpmQX4="; |
27 static const char kSha256IntegrityWithUnknownOptions[] = "sha256-GAF48QOoxRvu0gZ AmQivUdJPyBacqznBAXwnkfpmQX4=?foo=bar?baz=foz"; | |
Mike West
2015/05/11 03:25:28
Nit: Add a test for a single unknown option as wel
| |
27 static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD 4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 28 static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD 4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
28 static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQ Ip1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA=="; | 29 static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQ Ip1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA=="; |
29 static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPec ThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 30 static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPec ThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
30 static const char kSha256AndSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUd JPyBacqznBAXwnkfpmQX4= sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fT TaFgciTuZk7fmE"; | 31 static const char kSha256AndSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUd JPyBacqznBAXwnkfpmQX4= sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fT TaFgciTuZk7fmE"; |
31 static const char kBadSha256AndGoodSha384Integrities[] = "sha256-deadbeef sha384 -nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 32 static const char kBadSha256AndGoodSha384Integrities[] = "sha256-deadbeef sha384 -nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
32 static const char kGoodSha256AndBadSha384Integrities[] = "sha256-GAF48QOoxRvu0gZ AmQivUdJPyBacqznBAXwnkfpmQX4= sha384-deadbeef"; | 33 static const char kGoodSha256AndBadSha384Integrities[] = "sha256-GAF48QOoxRvu0gZ AmQivUdJPyBacqznBAXwnkfpmQX4= sha384-deadbeef"; |
33 static const char kBadSha256AndBadSha384Integrities[] = "sha256-deadbeef sha384- deadbeef"; | 34 static const char kBadSha256AndBadSha384Integrities[] = "sha256-deadbeef sha384- deadbeef"; |
34 static const char kUnsupportedHashFunctionIntegrity[] = "sha1-JfLW308qMPKfb4DaHp UBEESwuPc="; | 35 static const char kUnsupportedHashFunctionIntegrity[] = "sha1-JfLW308qMPKfb4DaHp UBEESwuPc="; |
35 | 36 |
36 class SubresourceIntegrityTest : public ::testing::Test { | 37 class SubresourceIntegrityTest : public ::testing::Test { |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
93 Vector<UChar> characters; | 94 Vector<UChar> characters; |
94 text.appendTo(characters); | 95 text.appendTo(characters); |
95 const UChar* position = characters.data(); | 96 const UChar* position = characters.data(); |
96 const UChar* end = characters.end(); | 97 const UChar* end = characters.end(); |
97 String digest; | 98 String digest; |
98 | 99 |
99 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); | 100 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); |
100 EXPECT_TRUE(digest.isEmpty()); | 101 EXPECT_TRUE(digest.isEmpty()); |
101 } | 102 } |
102 | 103 |
103 void expectMimeType(const String& text, const char* expectedType) | 104 void expectValidMimeType(const String& text) |
105 { | |
106 EXPECT_TRUE(SubresourceIntegrity::isValidMimeTypeValue(text)); | |
107 } | |
108 | |
109 void expectInvalidMimeType(const String& text) | |
110 { | |
111 EXPECT_FALSE(SubresourceIntegrity::isValidMimeTypeValue(text)); | |
112 } | |
113 | |
114 void expectOption(const String& text, const char* expectedKey, const char* e xpectedValue) | |
104 { | 115 { |
105 Vector<UChar> characters; | 116 Vector<UChar> characters; |
106 text.appendTo(characters); | 117 text.appendTo(characters); |
107 const UChar* position = characters.data(); | 118 const UChar* position = characters.data(); |
108 const UChar* end = characters.end(); | 119 const UChar* end = characters.end(); |
109 String type; | 120 String key, value; |
110 | 121 |
111 EXPECT_TRUE(SubresourceIntegrity::parseMimeType(position, end, type)); | 122 EXPECT_TRUE(SubresourceIntegrity::parseOption(position, end, key, value) ); |
112 EXPECT_EQ(expectedType, type); | 123 EXPECT_EQ(expectedKey, key); |
124 EXPECT_EQ(expectedValue, value); | |
113 } | 125 } |
114 | 126 |
115 void expectMimeTypeFailure(const String& text) | 127 void expectOptionFailure(const String& text) |
116 { | 128 { |
117 Vector<UChar> characters; | 129 Vector<UChar> characters; |
118 text.appendTo(characters); | 130 text.appendTo(characters); |
119 const UChar* position = characters.data(); | 131 const UChar* position = characters.data(); |
120 const UChar* end = characters.end(); | 132 const UChar* end = characters.end(); |
121 String type; | 133 String key, value; |
122 | 134 |
123 EXPECT_FALSE(SubresourceIntegrity::parseMimeType(position, end, type)); | 135 EXPECT_FALSE(SubresourceIntegrity::parseOption(position, end, key, value )); |
Mike West
2015/05/11 03:25:28
Please also EXPECT that `key` and `value` are the
| |
124 EXPECT_TRUE(type.isEmpty()); | |
125 } | 136 } |
126 | 137 |
138 | |
127 void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm, const char* expectedType) | 139 void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm, const char* expectedType) |
128 { | 140 { |
129 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 141 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
130 | 142 |
131 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); | 143 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); |
132 EXPECT_EQ(1u, metadataList.size()); | 144 EXPECT_EQ(1u, metadataList.size()); |
133 if (metadataList.size() > 0) { | 145 if (metadataList.size() > 0) { |
134 EXPECT_EQ(expectedDigest, metadataList[0].digest); | 146 EXPECT_EQ(expectedDigest, metadataList[0].digest); |
135 EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm); | 147 EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm); |
136 EXPECT_EQ(expectedType, metadataList[0].type); | 148 EXPECT_EQ(expectedType, metadataList[0].type); |
137 } | 149 } |
138 } | 150 } |
139 | 151 |
140 void expectParseMultipleHashes(const char* integrityAttribute, const Subreso urceIntegrity::IntegrityMetadata expectedMetadatArray[], size_t expectedMetadata ArraySize) | 152 void expectParseMultipleHashes(const char* integrityAttribute, const Subreso urceIntegrity::IntegrityMetadata expectedMetadataArray[], size_t expectedMetadat aArraySize) |
141 { | 153 { |
142 Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList; | 154 Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList; |
143 expectedMetadataList.append(expectedMetadatArray, expectedMetadataArrayS ize); | 155 expectedMetadataList.append(expectedMetadataArray, expectedMetadataArray Size); |
144 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 156 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
145 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); | 157 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); |
146 EXPECT_EQ(expectedMetadataList.size(), metadataList.size()); | 158 EXPECT_EQ(expectedMetadataList.size(), metadataList.size()); |
147 if (expectedMetadataList.size() == metadataList.size()) { | 159 if (expectedMetadataList.size() == metadataList.size()) { |
148 for (size_t i = 0; i < metadataList.size(); i++) { | 160 for (size_t i = 0; i < metadataList.size(); i++) { |
149 EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest ); | 161 EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest ); |
150 EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].alg orithm); | 162 EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].alg orithm); |
151 EXPECT_EQ(expectedMetadataList[i].type, metadataList[i].type); | 163 EXPECT_EQ(expectedMetadataList[i].type, metadataList[i].type); |
152 } | 164 } |
153 } | 165 } |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
232 expectDigest("abcdefg", "abcdefg"); | 244 expectDigest("abcdefg", "abcdefg"); |
233 expectDigest("abcdefg?", "abcdefg"); | 245 expectDigest("abcdefg?", "abcdefg"); |
234 expectDigest("ab+de/g", "ab+de/g"); | 246 expectDigest("ab+de/g", "ab+de/g"); |
235 expectDigest("ab-de_g", "ab+de/g"); | 247 expectDigest("ab-de_g", "ab+de/g"); |
236 | 248 |
237 expectDigestFailure("?"); | 249 expectDigestFailure("?"); |
238 expectDigestFailure("&&&foobar&&&"); | 250 expectDigestFailure("&&&foobar&&&"); |
239 expectDigestFailure("\x01\x02\x03\x04"); | 251 expectDigestFailure("\x01\x02\x03\x04"); |
240 } | 252 } |
241 | 253 |
242 TEST_F(SubresourceIntegrityTest, ParseMimeType) | 254 TEST_F(SubresourceIntegrityTest, ValidMimeType) |
243 { | 255 { |
244 expectMimeType("?ct=application/javascript", "application/javascript"); | 256 expectValidMimeType("application/javascript"); |
245 expectMimeType("?ct=application/xhtml+xml", "application/xhtml+xml"); | 257 expectValidMimeType("application/xhtml+xml"); |
246 expectMimeType("?ct=text/vnd.abc", "text/vnd.abc"); | 258 expectValidMimeType("text/vnd.abc"); |
247 expectMimeType("?ct=video/x-ms-wmv", "video/x-ms-wmv"); | 259 expectValidMimeType("video/x-ms-wmv"); |
248 | 260 |
249 expectMimeTypeFailure("application/javascript"); | 261 expectInvalidMimeType("1application/javascript"); |
250 expectMimeTypeFailure("?application/javascript"); | 262 expectInvalidMimeType("app-lication/javascript"); |
251 expectMimeTypeFailure("?not-ct=application/javascript"); | 263 expectInvalidMimeType("video%2Fx-ms-wmv"); |
252 expectMimeTypeFailure("?ct==application/javascript"); | 264 } |
253 expectMimeTypeFailure("?yay=boo&ct=application/javascript"); | 265 |
254 expectMimeTypeFailure("?ct=application/javascript&yay=boo"); | 266 TEST_F(SubresourceIntegrityTest, ParseOption) |
255 expectMimeTypeFailure("?ct=video%2Fx-ms-wmv"); | 267 { |
268 expectOption("?ct=application/javascript", "ct", "application/javascript"); | |
269 expectOption("?ct=application/xhtml+xml", "ct", "application/xhtml+xml"); | |
270 expectOption("?ct=text/vnd.abc", "ct", "text/vnd.abc"); | |
271 expectOption("?ct=video/x-ms-wmv", "ct", "video/x-ms-wmv"); | |
272 expectOption("?foo=bar", "foo", "bar"); | |
273 expectOption("?foo=bar?baz", "foo", "bar"); | |
274 expectOption("?foo=bar?baz=boo", "foo", "bar"); | |
275 | |
276 expectOptionFailure("application/javascript"); | |
277 expectOptionFailure("?application/javascript"); | |
278 expectOptionFailure("?ct==application/javascript"); | |
279 expectOptionFailure("?yay=boo&ct=application/javascript"); | |
280 expectOptionFailure("?ct=application/javascript&yay=boo"); | |
281 expectOptionFailure("?foo=baz bar"); | |
256 } | 282 } |
257 | 283 |
258 // | 284 // |
259 // End-to-end parsing tests. | 285 // End-to-end parsing tests. |
260 // | 286 // |
261 | 287 |
262 TEST_F(SubresourceIntegrityTest, Parsing) | 288 TEST_F(SubresourceIntegrityTest, Parsing) |
263 { | 289 { |
264 expectParseFailure("not_really_a_valid_anything"); | 290 expectParseFailure("not_really_a_valid_anything"); |
265 expectParseFailure("sha256-&&&foobar&&&"); | 291 expectParseFailure("sha256-&&&foobar&&&"); |
266 expectParseFailure("sha256-\x01\x02\x03\x04"); | 292 expectParseFailure("sha256-\x01\x02\x03\x04"); |
267 expectParseFailure("sha256-!!! sha256-!!!"); | 293 expectParseFailure("sha256-!!! sha256-!!!"); |
268 | 294 |
269 expectEmptyParseResult("foobar:///sha256-abcdefg"); | 295 expectEmptyParseResult("foobar:///sha256-abcdefg"); |
270 expectEmptyParseResult("ni://sha256-abcdefg"); | 296 expectEmptyParseResult("ni://sha256-abcdefg"); |
271 expectEmptyParseResult("ni:///sha256-abcdefg"); | 297 expectEmptyParseResult("ni:///sha256-abcdefg"); |
272 expectEmptyParseResult("notsha256atall-abcdefg"); | 298 expectEmptyParseResult("notsha256atall-abcdefg"); |
273 | 299 |
274 expectParse( | 300 expectParse( |
275 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 301 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
276 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 302 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
277 HashAlgorithmSha256, | 303 HashAlgorithmSha256, |
278 ""); | 304 0); |
279 | 305 |
280 expectParse( | 306 expectParse( |
281 "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 307 "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
282 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 308 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
283 HashAlgorithmSha256, | 309 HashAlgorithmSha256, |
284 ""); | 310 0); |
285 | 311 |
286 expectParse( | 312 expectParse( |
287 " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", | 313 " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", |
288 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 314 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
289 HashAlgorithmSha256, | 315 HashAlgorithmSha256, |
290 ""); | 316 0); |
291 | 317 |
292 expectParse( | 318 expectParse( |
293 "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr ", | 319 "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr ", |
294 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 320 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
295 HashAlgorithmSha384, | 321 HashAlgorithmSha384, |
296 ""); | 322 0); |
297 | 323 |
298 expectParse( | 324 expectParse( |
299 "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GP r", | 325 "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GP r", |
300 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 326 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
301 HashAlgorithmSha384, | 327 HashAlgorithmSha384, |
302 ""); | 328 0); |
303 | 329 |
304 expectParse( | 330 expectParse( |
305 "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0M PaIrPAjcHqba5csorDWtKg==", | 331 "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0M PaIrPAjcHqba5csorDWtKg==", |
306 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | 332 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", |
307 HashAlgorithmSha512, | 333 HashAlgorithmSha512, |
308 ""); | 334 0); |
309 | 335 |
310 expectParse( | 336 expectParse( |
311 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==", | 337 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==", |
312 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | 338 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", |
313 HashAlgorithmSha512, | 339 HashAlgorithmSha512, |
314 ""); | 340 0); |
315 | 341 |
316 expectParse( | 342 expectParse( |
317 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript", | 343 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript", |
318 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | 344 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", |
319 HashAlgorithmSha512, | 345 HashAlgorithmSha512, |
320 "application/javascript"); | 346 "application/javascript"); |
321 | 347 |
348 expectParse( | |
349 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml", | |
350 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
351 HashAlgorithmSha512, | |
352 "application/xhtml+xml"); | |
353 | |
354 expectParse( | |
355 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?foo=bar?ct=application/xhtml+xml", | |
356 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
357 HashAlgorithmSha512, | |
358 "application/xhtml+xml"); | |
359 | |
360 expectParse( | |
361 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml?foo=bar", | |
362 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
363 HashAlgorithmSha512, | |
364 "application/xhtml+xml"); | |
365 | |
366 expectParse( | |
367 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0 MPaIrPAjcHqba5csorDWtKg==?baz=foz?ct=application/xhtml+xml?foo=bar", | |
368 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
369 HashAlgorithmSha512, | |
370 "application/xhtml+xml"); | |
371 | |
322 expectParseMultipleHashes("", 0, 0); | 372 expectParseMultipleHashes("", 0, 0); |
323 expectParseMultipleHashes(" ", 0, 0); | 373 expectParseMultipleHashes(" ", 0, 0); |
324 | 374 |
325 const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = { | 375 const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = { |
326 {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", Has hAlgorithmSha384, ""}, | 376 {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", Has hAlgorithmSha384, WTF::String()}, |
327 {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPA jcHqba5csorDWtKg==", HashAlgorithmSha512, ""} | 377 {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPA jcHqba5csorDWtKg==", HashAlgorithmSha512, WTF::String()} |
328 }; | 378 }; |
329 expectParseMultipleHashes( | 379 expectParseMultipleHashes( |
330 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjc Hqba5csorDWtKg==", | 380 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjc Hqba5csorDWtKg==", |
331 kValidSha384AndSha512, | 381 kValidSha384AndSha512, |
332 ARRAY_SIZE(kValidSha384AndSha512)); | 382 ARRAY_SIZE(kValidSha384AndSha512)); |
333 | 383 |
334 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = { | 384 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = { |
335 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, "" }, | 385 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, WT F::String()}, |
336 {"deadbeef", HashAlgorithmSha256, ""} | 386 {"deadbeef", HashAlgorithmSha256, WTF::String()} |
337 }; | 387 }; |
338 expectParseMultipleHashes( | 388 expectParseMultipleHashes( |
339 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef", | 389 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef", |
340 kValidSha256AndSha256, | 390 kValidSha256AndSha256, |
341 ARRAY_SIZE(kValidSha256AndSha256)); | 391 ARRAY_SIZE(kValidSha256AndSha256)); |
342 | 392 |
343 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[] = { | 393 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[] = { |
344 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, "" } | 394 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, WT F::String()} |
345 }; | 395 }; |
346 expectParseMultipleHashes( | 396 expectParseMultipleHashes( |
347 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!", | 397 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!", |
348 kValidSha256AndInvalidSha256, | 398 kValidSha256AndInvalidSha256, |
349 ARRAY_SIZE(kValidSha256AndInvalidSha256)); | 399 ARRAY_SIZE(kValidSha256AndInvalidSha256)); |
350 | 400 |
351 const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[] = { | 401 const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[] = { |
352 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, "" } | 402 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, WT F::String()} |
353 }; | 403 }; |
354 expectParseMultipleHashes( | 404 expectParseMultipleHashes( |
355 "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 405 "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
356 kInvalidSha256AndValidSha256, | 406 kInvalidSha256AndValidSha256, |
357 ARRAY_SIZE(kInvalidSha256AndValidSha256)); | 407 ARRAY_SIZE(kInvalidSha256AndValidSha256)); |
408 | |
409 expectParse( | |
410 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar", | |
411 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
412 HashAlgorithmSha256, | |
413 0); | |
414 | |
415 expectParse( | |
416 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz", | |
417 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
418 HashAlgorithmSha256, | |
419 0); | |
420 | |
421 expectParseFailure("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo= bar?"); | |
422 expectParseFailure("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo: bar"); | |
358 } | 423 } |
359 | 424 |
360 TEST_F(SubresourceIntegrityTest, ParsingBase64) | 425 TEST_F(SubresourceIntegrityTest, ParsingBase64) |
361 { | 426 { |
362 expectParse( | 427 expectParse( |
363 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr ", | 428 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr ", |
364 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 429 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
365 HashAlgorithmSha384, | 430 HashAlgorithmSha384, |
366 ""); | 431 0); |
367 } | 432 } |
368 | 433 |
369 // | 434 // |
370 // End-to-end tests of ::CheckSubresourceIntegrity. | 435 // End-to-end tests of ::CheckSubresourceIntegrity. |
371 // | 436 // |
372 | 437 |
373 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) | 438 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
374 { | 439 { |
375 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 440 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); |
376 | 441 |
(...skipping 13 matching lines...) Expand all Loading... | |
390 | 455 |
391 // With multiple values, at least one must match. | 456 // With multiple values, at least one must match. |
392 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu reURL, secureURL); | 457 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu reURL, secureURL); |
393 | 458 |
394 // Unsupported hash functions should succeed. | 459 // Unsupported hash functions should succeed. |
395 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, secureURL); | 460 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, secureURL); |
396 | 461 |
397 // All parameters are fine, and because this is not cross origin, CORS is | 462 // All parameters are fine, and because this is not cross origin, CORS is |
398 // not needed. | 463 // not needed. |
399 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, String (), NoCors); | 464 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, String (), NoCors); |
465 | |
466 // Unknown options should be ignored | |
467 expectIntegrity(kSha256IntegrityWithUnknownOptions, kBasicScript, secureURL, secureURL, String(), NoCors); | |
400 } | 468 } |
401 | 469 |
402 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) | 470 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
403 { | 471 { |
404 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass | 472 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass |
405 // here, with the expection of the NoCors check at the end. | 473 // here, with the expection of the NoCors check at the end. |
406 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 474 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
407 | 475 |
408 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); | 476 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); |
409 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse cureURL); | 477 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse cureURL); |
410 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); | 478 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); |
411 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); | 479 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); |
412 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL , insecureURL); | 480 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL , insecureURL); |
413 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, insecureURL); | 481 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, insecureURL); |
414 | 482 |
415 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu reURL); | 483 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu reURL); |
416 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, insecureURL); | 484 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, insecureURL); |
417 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, insecureURL); | 485 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, insecureURL); |
418 | 486 |
419 // This check should fail because, unlike in the | 487 // This check should fail because, unlike in the |
420 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin | 488 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin |
421 // (secure origin requesting a resource on an insecure origin) | 489 // (secure origin requesting a resource on an insecure origin) |
422 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR L, String(), NoCors); | 490 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR L, String(), NoCors); |
423 } | 491 } |
424 | 492 |
425 } // namespace blink | 493 } // namespace blink |
OLD | NEW |