OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/fetch/Resource.h" | 10 #include "core/fetch/Resource.h" |
11 #include "core/fetch/ResourcePtr.h" | 11 #include "core/fetch/ResourcePtr.h" |
12 #include "core/html/HTMLScriptElement.h" | 12 #include "core/html/HTMLScriptElement.h" |
13 #include "platform/Crypto.h" | 13 #include "platform/Crypto.h" |
14 #include "platform/weborigin/KURL.h" | 14 #include "platform/weborigin/KURL.h" |
15 #include "platform/weborigin/SecurityOrigin.h" | 15 #include "platform/weborigin/SecurityOrigin.h" |
16 #include "wtf/RefPtr.h" | 16 #include "wtf/RefPtr.h" |
17 #include "wtf/Vector.h" | 17 #include "wtf/Vector.h" |
18 #include "wtf/dtoa/utils.h" | 18 #include "wtf/dtoa/utils.h" |
19 #include "wtf/text/WTFString.h" | 19 #include "wtf/text/WTFString.h" |
20 #include <gtest/gtest.h> | 20 #include <gtest/gtest.h> |
21 | 21 |
22 namespace blink { | 22 namespace blink { |
23 | 23 |
24 static const char kBasicScript[] = "alert('test');"; | 24 static const char kBasicScript[] = "alert('test');"; |
25 static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBA
XwnkfpmQX4="; | 25 static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBA
XwnkfpmQX4="; |
26 static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQiv
UdJPyBacqznBAXwnkfpmQX4="; | 26 static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQiv
UdJPyBacqznBAXwnkfpmQX4="; |
| 27 static const char kSha256IntegrityWithEmptyOption[] = "sha256-GAF48QOoxRvu0gZAmQ
ivUdJPyBacqznBAXwnkfpmQX4=?"; |
| 28 static const char kSha256IntegrityWithOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJ
PyBacqznBAXwnkfpmQX4=?foo=bar"; |
| 29 static const char kSha256IntegrityWithOptions[] = "sha256-GAF48QOoxRvu0gZAmQivUd
JPyBacqznBAXwnkfpmQX4=?foo=bar?baz=foz"; |
| 30 static const char kSha256IntegrityWithMimeOption[] = "sha256-GAF48QOoxRvu0gZAmQi
vUdJPyBacqznBAXwnkfpmQX4=?ct=application/javascript"; |
27 static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD
4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 31 static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD
4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
28 static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQ
Ip1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA=="; | 32 static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQ
Ip1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA=="; |
29 static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPec
ThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 33 static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPec
ThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
30 static const char kSha256AndSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUd
JPyBacqznBAXwnkfpmQX4= sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fT
TaFgciTuZk7fmE"; | 34 static const char kSha256AndSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUd
JPyBacqznBAXwnkfpmQX4= sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fT
TaFgciTuZk7fmE"; |
31 static const char kBadSha256AndGoodSha384Integrities[] = "sha256-deadbeef sha384
-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 35 static const char kBadSha256AndGoodSha384Integrities[] = "sha256-deadbeef sha384
-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
32 static const char kGoodSha256AndBadSha384Integrities[] = "sha256-GAF48QOoxRvu0gZ
AmQivUdJPyBacqznBAXwnkfpmQX4= sha384-deadbeef"; | 36 static const char kGoodSha256AndBadSha384Integrities[] = "sha256-GAF48QOoxRvu0gZ
AmQivUdJPyBacqznBAXwnkfpmQX4= sha384-deadbeef"; |
33 static const char kBadSha256AndBadSha384Integrities[] = "sha256-deadbeef sha384-
deadbeef"; | 37 static const char kBadSha256AndBadSha384Integrities[] = "sha256-deadbeef sha384-
deadbeef"; |
34 static const char kUnsupportedHashFunctionIntegrity[] = "sha1-JfLW308qMPKfb4DaHp
UBEESwuPc="; | 38 static const char kUnsupportedHashFunctionIntegrity[] = "sha1-JfLW308qMPKfb4DaHp
UBEESwuPc="; |
35 | 39 |
36 class SubresourceIntegrityTest : public ::testing::Test { | 40 class SubresourceIntegrityTest : public ::testing::Test { |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 Vector<UChar> characters; | 97 Vector<UChar> characters; |
94 text.appendTo(characters); | 98 text.appendTo(characters); |
95 const UChar* position = characters.data(); | 99 const UChar* position = characters.data(); |
96 const UChar* end = characters.end(); | 100 const UChar* end = characters.end(); |
97 String digest; | 101 String digest; |
98 | 102 |
99 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); | 103 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); |
100 EXPECT_TRUE(digest.isEmpty()); | 104 EXPECT_TRUE(digest.isEmpty()); |
101 } | 105 } |
102 | 106 |
103 void expectMimeType(const String& text, const char* expectedType) | 107 void expectParse(const char* integrityAttribute, const char* expectedDigest,
HashAlgorithm expectedAlgorithm) |
104 { | |
105 Vector<UChar> characters; | |
106 text.appendTo(characters); | |
107 const UChar* position = characters.data(); | |
108 const UChar* end = characters.end(); | |
109 String type; | |
110 | |
111 EXPECT_TRUE(SubresourceIntegrity::parseMimeType(position, end, type)); | |
112 EXPECT_EQ(expectedType, type); | |
113 } | |
114 | |
115 void expectMimeTypeFailure(const String& text) | |
116 { | |
117 Vector<UChar> characters; | |
118 text.appendTo(characters); | |
119 const UChar* position = characters.data(); | |
120 const UChar* end = characters.end(); | |
121 String type; | |
122 | |
123 EXPECT_FALSE(SubresourceIntegrity::parseMimeType(position, end, type)); | |
124 EXPECT_TRUE(type.isEmpty()); | |
125 } | |
126 | |
127 void expectParse(const char* integrityAttribute, const char* expectedDigest,
HashAlgorithm expectedAlgorithm, const char* expectedType) | |
128 { | 108 { |
129 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 109 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
130 | 110 |
131 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); | 111 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); |
132 EXPECT_EQ(1u, metadataList.size()); | 112 EXPECT_EQ(1u, metadataList.size()); |
133 if (metadataList.size() > 0) { | 113 if (metadataList.size() > 0) { |
134 EXPECT_EQ(expectedDigest, metadataList[0].digest); | 114 EXPECT_EQ(expectedDigest, metadataList[0].digest); |
135 EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm); | 115 EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm); |
136 EXPECT_EQ(expectedType, metadataList[0].type); | |
137 } | 116 } |
138 } | 117 } |
139 | 118 |
140 void expectParseMultipleHashes(const char* integrityAttribute, const Subreso
urceIntegrity::IntegrityMetadata expectedMetadatArray[], size_t expectedMetadata
ArraySize) | 119 void expectParseMultipleHashes(const char* integrityAttribute, const Subreso
urceIntegrity::IntegrityMetadata expectedMetadataArray[], size_t expectedMetadat
aArraySize) |
141 { | 120 { |
142 Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList; | 121 Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList; |
143 expectedMetadataList.append(expectedMetadatArray, expectedMetadataArrayS
ize); | 122 expectedMetadataList.append(expectedMetadataArray, expectedMetadataArray
Size); |
144 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 123 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
145 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); | 124 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); |
146 EXPECT_EQ(expectedMetadataList.size(), metadataList.size()); | 125 EXPECT_EQ(expectedMetadataList.size(), metadataList.size()); |
147 if (expectedMetadataList.size() == metadataList.size()) { | 126 if (expectedMetadataList.size() == metadataList.size()) { |
148 for (size_t i = 0; i < metadataList.size(); i++) { | 127 for (size_t i = 0; i < metadataList.size(); i++) { |
149 EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest
); | 128 EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest
); |
150 EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].alg
orithm); | 129 EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].alg
orithm); |
151 EXPECT_EQ(expectedMetadataList[i].type, metadataList[i].type); | |
152 } | 130 } |
153 } | 131 } |
154 } | 132 } |
155 | 133 |
156 void expectParseFailure(const char* integrityAttribute) | 134 void expectParseFailure(const char* integrityAttribute) |
157 { | 135 { |
158 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 136 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
159 | 137 |
160 EXPECT_EQ(SubresourceIntegrity::IntegrityParseNoValidResult, Subresource
Integrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document))
; | 138 EXPECT_EQ(SubresourceIntegrity::IntegrityParseNoValidResult, Subresource
Integrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document))
; |
161 } | 139 } |
162 | 140 |
163 void expectEmptyParseResult(const char* integrityAttribute) | 141 void expectEmptyParseResult(const char* integrityAttribute) |
164 { | 142 { |
165 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; | 143 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList; |
166 | 144 |
167 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); | 145 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIn
tegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document)); |
168 EXPECT_EQ(0u, metadataList.size()); | 146 EXPECT_EQ(0u, metadataList.size()); |
169 } | 147 } |
170 | 148 |
171 enum CorsStatus { | 149 enum CorsStatus { |
172 WithCors, | 150 WithCors, |
173 NoCors | 151 NoCors |
174 }; | 152 }; |
175 | 153 |
176 void expectIntegrity(const char* integrity, const char* script, const KURL&
url, const KURL& requestorUrl, const String& mimeType = String(), CorsStatus cor
sStatus = WithCors) | 154 void expectIntegrity(const char* integrity, const char* script, const KURL&
url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors) |
177 { | 155 { |
178 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | 156 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
179 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme
nt, script, url, mimeType, *createTestResource(url, requestorUrl, corsStatus).ge
t())); | 157 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme
nt, script, url, *createTestResource(url, requestorUrl, corsStatus).get())); |
180 } | 158 } |
181 | 159 |
182 void expectIntegrityFailure(const char* integrity, const char* script, const
KURL& url, const KURL& requestorUrl, const String& mimeType = String(), CorsSta
tus corsStatus = WithCors) | 160 void expectIntegrityFailure(const char* integrity, const char* script, const
KURL& url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors) |
183 { | 161 { |
184 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | 162 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
185 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem
ent, script, url, mimeType, *createTestResource(url, requestorUrl, corsStatus).g
et())); | 163 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem
ent, script, url, *createTestResource(url, requestorUrl, corsStatus).get())); |
186 } | 164 } |
187 | 165 |
188 ResourcePtr<Resource> createTestResource(const KURL& url, const KURL& allowO
riginUrl, CorsStatus corsStatus) | 166 ResourcePtr<Resource> createTestResource(const KURL& url, const KURL& allowO
riginUrl, CorsStatus corsStatus) |
189 { | 167 { |
190 OwnPtr<ResourceResponse> response = adoptPtr(new ResourceResponse); | 168 OwnPtr<ResourceResponse> response = adoptPtr(new ResourceResponse); |
191 response->setURL(url); | 169 response->setURL(url); |
192 response->setHTTPStatusCode(200); | 170 response->setHTTPStatusCode(200); |
193 if (corsStatus == WithCors) { | 171 if (corsStatus == WithCors) { |
194 response->setHTTPHeaderField("access-control-allow-origin", Security
Origin::create(allowOriginUrl)->toAtomicString()); | 172 response->setHTTPHeaderField("access-control-allow-origin", Security
Origin::create(allowOriginUrl)->toAtomicString()); |
195 response->setHTTPHeaderField("access-control-allow-credentials", "tr
ue"); | 173 response->setHTTPHeaderField("access-control-allow-credentials", "tr
ue"); |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
232 expectDigest("abcdefg", "abcdefg"); | 210 expectDigest("abcdefg", "abcdefg"); |
233 expectDigest("abcdefg?", "abcdefg"); | 211 expectDigest("abcdefg?", "abcdefg"); |
234 expectDigest("ab+de/g", "ab+de/g"); | 212 expectDigest("ab+de/g", "ab+de/g"); |
235 expectDigest("ab-de_g", "ab+de/g"); | 213 expectDigest("ab-de_g", "ab+de/g"); |
236 | 214 |
237 expectDigestFailure("?"); | 215 expectDigestFailure("?"); |
238 expectDigestFailure("&&&foobar&&&"); | 216 expectDigestFailure("&&&foobar&&&"); |
239 expectDigestFailure("\x01\x02\x03\x04"); | 217 expectDigestFailure("\x01\x02\x03\x04"); |
240 } | 218 } |
241 | 219 |
242 TEST_F(SubresourceIntegrityTest, ParseMimeType) | |
243 { | |
244 expectMimeType("?ct=application/javascript", "application/javascript"); | |
245 expectMimeType("?ct=application/xhtml+xml", "application/xhtml+xml"); | |
246 expectMimeType("?ct=text/vnd.abc", "text/vnd.abc"); | |
247 expectMimeType("?ct=video/x-ms-wmv", "video/x-ms-wmv"); | |
248 | |
249 expectMimeTypeFailure("application/javascript"); | |
250 expectMimeTypeFailure("?application/javascript"); | |
251 expectMimeTypeFailure("?not-ct=application/javascript"); | |
252 expectMimeTypeFailure("?ct==application/javascript"); | |
253 expectMimeTypeFailure("?yay=boo&ct=application/javascript"); | |
254 expectMimeTypeFailure("?ct=application/javascript&yay=boo"); | |
255 expectMimeTypeFailure("?ct=video%2Fx-ms-wmv"); | |
256 } | |
257 | |
258 // | 220 // |
259 // End-to-end parsing tests. | 221 // End-to-end parsing tests. |
260 // | 222 // |
261 | 223 |
262 TEST_F(SubresourceIntegrityTest, Parsing) | 224 TEST_F(SubresourceIntegrityTest, Parsing) |
263 { | 225 { |
264 expectParseFailure("not_really_a_valid_anything"); | 226 expectParseFailure("not_really_a_valid_anything"); |
265 expectParseFailure("sha256-&&&foobar&&&"); | 227 expectParseFailure("sha256-&&&foobar&&&"); |
266 expectParseFailure("sha256-\x01\x02\x03\x04"); | 228 expectParseFailure("sha256-\x01\x02\x03\x04"); |
267 expectParseFailure("sha256-!!! sha256-!!!"); | 229 expectParseFailure("sha256-!!! sha256-!!!"); |
268 | 230 |
269 expectEmptyParseResult("foobar:///sha256-abcdefg"); | 231 expectEmptyParseResult("foobar:///sha256-abcdefg"); |
270 expectEmptyParseResult("ni://sha256-abcdefg"); | 232 expectEmptyParseResult("ni://sha256-abcdefg"); |
271 expectEmptyParseResult("ni:///sha256-abcdefg"); | 233 expectEmptyParseResult("ni:///sha256-abcdefg"); |
272 expectEmptyParseResult("notsha256atall-abcdefg"); | 234 expectEmptyParseResult("notsha256atall-abcdefg"); |
273 | 235 |
274 expectParse( | 236 expectParse( |
275 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 237 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
276 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 238 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
277 HashAlgorithmSha256, | 239 HashAlgorithmSha256); |
278 ""); | |
279 | 240 |
280 expectParse( | 241 expectParse( |
281 "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 242 "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
282 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 243 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
283 HashAlgorithmSha256, | 244 HashAlgorithmSha256); |
284 ""); | |
285 | 245 |
286 expectParse( | 246 expectParse( |
287 " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", | 247 " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", |
288 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 248 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
289 HashAlgorithmSha256, | 249 HashAlgorithmSha256); |
290 ""); | |
291 | 250 |
292 expectParse( | 251 expectParse( |
293 "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr
", | 252 "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr
", |
294 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 253 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
295 HashAlgorithmSha384, | 254 HashAlgorithmSha384); |
296 ""); | |
297 | 255 |
298 expectParse( | 256 expectParse( |
299 "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GP
r", | 257 "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GP
r", |
300 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 258 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
301 HashAlgorithmSha384, | 259 HashAlgorithmSha384); |
302 ""); | |
303 | 260 |
304 expectParse( | 261 expectParse( |
305 "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0M
PaIrPAjcHqba5csorDWtKg==", | 262 "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0M
PaIrPAjcHqba5csorDWtKg==", |
306 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", | 263 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
307 HashAlgorithmSha512, | 264 HashAlgorithmSha512); |
308 ""); | |
309 | 265 |
310 expectParse( | 266 expectParse( |
311 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==", | 267 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==", |
312 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", | 268 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
313 HashAlgorithmSha512, | 269 HashAlgorithmSha512); |
314 ""); | |
315 | 270 |
316 expectParse( | 271 expectParse( |
317 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript", | 272 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript", |
318 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", | 273 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
319 HashAlgorithmSha512, | 274 HashAlgorithmSha512); |
320 "application/javascript"); | 275 |
| 276 expectParse( |
| 277 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml", |
| 278 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 279 HashAlgorithmSha512); |
| 280 |
| 281 expectParse( |
| 282 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?foo=bar?ct=application/xhtml+xml", |
| 283 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 284 HashAlgorithmSha512); |
| 285 |
| 286 expectParse( |
| 287 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml?foo=bar", |
| 288 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 289 HashAlgorithmSha512); |
| 290 |
| 291 expectParse( |
| 292 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0
MPaIrPAjcHqba5csorDWtKg==?baz=foz?ct=application/xhtml+xml?foo=bar", |
| 293 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 294 HashAlgorithmSha512); |
321 | 295 |
322 expectParseMultipleHashes("", 0, 0); | 296 expectParseMultipleHashes("", 0, 0); |
323 expectParseMultipleHashes(" ", 0, 0); | 297 expectParseMultipleHashes(" ", 0, 0); |
324 | 298 |
325 const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = { | 299 const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = { |
326 {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", Has
hAlgorithmSha384, ""}, | 300 {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", Has
hAlgorithmSha384}, |
327 {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPA
jcHqba5csorDWtKg==", HashAlgorithmSha512, ""} | 301 {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPA
jcHqba5csorDWtKg==", HashAlgorithmSha512} |
328 }; | 302 }; |
329 expectParseMultipleHashes( | 303 expectParseMultipleHashes( |
330 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjc
Hqba5csorDWtKg==", | 304 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjc
Hqba5csorDWtKg==", |
331 kValidSha384AndSha512, | 305 kValidSha384AndSha512, |
332 ARRAY_SIZE(kValidSha384AndSha512)); | 306 ARRAY_SIZE(kValidSha384AndSha512)); |
333 | 307 |
334 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = { | 308 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = { |
335 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""
}, | 309 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256}, |
336 {"deadbeef", HashAlgorithmSha256, ""} | 310 {"deadbeef", HashAlgorithmSha256} |
337 }; | 311 }; |
338 expectParseMultipleHashes( | 312 expectParseMultipleHashes( |
339 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef", | 313 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef", |
340 kValidSha256AndSha256, | 314 kValidSha256AndSha256, |
341 ARRAY_SIZE(kValidSha256AndSha256)); | 315 ARRAY_SIZE(kValidSha256AndSha256)); |
342 | 316 |
343 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[]
= { | 317 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[]
= { |
344 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""
} | 318 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256} |
345 }; | 319 }; |
346 expectParseMultipleHashes( | 320 expectParseMultipleHashes( |
347 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!", | 321 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!", |
348 kValidSha256AndInvalidSha256, | 322 kValidSha256AndInvalidSha256, |
349 ARRAY_SIZE(kValidSha256AndInvalidSha256)); | 323 ARRAY_SIZE(kValidSha256AndInvalidSha256)); |
350 | 324 |
351 const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[]
= { | 325 const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[]
= { |
352 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""
} | 326 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256} |
353 }; | 327 }; |
354 expectParseMultipleHashes( | 328 expectParseMultipleHashes( |
355 "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | 329 "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
356 kInvalidSha256AndValidSha256, | 330 kInvalidSha256AndValidSha256, |
357 ARRAY_SIZE(kInvalidSha256AndValidSha256)); | 331 ARRAY_SIZE(kInvalidSha256AndValidSha256)); |
| 332 |
| 333 expectParse( |
| 334 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar", |
| 335 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 336 HashAlgorithmSha256); |
| 337 |
| 338 expectParse( |
| 339 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz", |
| 340 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 341 HashAlgorithmSha256); |
| 342 |
| 343 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?", |
| 344 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 345 HashAlgorithmSha256); |
| 346 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar", |
| 347 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 348 HashAlgorithmSha256); |
| 349 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz
=foz", |
| 350 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 351 HashAlgorithmSha256); |
| 352 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo", |
| 353 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 354 HashAlgorithmSha256); |
| 355 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?", |
| 356 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 357 HashAlgorithmSha256); |
| 358 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo:bar", |
| 359 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 360 HashAlgorithmSha256); |
358 } | 361 } |
359 | 362 |
360 TEST_F(SubresourceIntegrityTest, ParsingBase64) | 363 TEST_F(SubresourceIntegrityTest, ParsingBase64) |
361 { | 364 { |
362 expectParse( | 365 expectParse( |
363 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
", | 366 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
", |
364 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 367 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
365 HashAlgorithmSha384, | 368 HashAlgorithmSha384); |
366 ""); | |
367 } | 369 } |
368 | 370 |
369 // | 371 // |
370 // End-to-end tests of ::CheckSubresourceIntegrity. | 372 // End-to-end tests of ::CheckSubresourceIntegrity. |
371 // | 373 // |
372 | 374 |
373 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) | 375 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
374 { | 376 { |
375 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 377 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); |
376 | 378 |
(...skipping 12 matching lines...) Expand all Loading... |
389 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, secureURL); | 391 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, secureURL); |
390 | 392 |
391 // With multiple values, at least one must match. | 393 // With multiple values, at least one must match. |
392 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu
reURL, secureURL); | 394 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu
reURL, secureURL); |
393 | 395 |
394 // Unsupported hash functions should succeed. | 396 // Unsupported hash functions should succeed. |
395 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
secureURL); | 397 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
secureURL); |
396 | 398 |
397 // All parameters are fine, and because this is not cross origin, CORS is | 399 // All parameters are fine, and because this is not cross origin, CORS is |
398 // not needed. | 400 // not needed. |
399 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, String
(), NoCors); | 401 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, NoCors
); |
| 402 |
| 403 // Options should be ignored |
| 404 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, secureURL, se
cureURL, NoCors); |
| 405 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, secureURL, secureU
RL, NoCors); |
| 406 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, secureURL, secure
URL, NoCors); |
| 407 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, sec
ureURL, NoCors); |
400 } | 408 } |
401 | 409 |
402 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) | 410 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
403 { | 411 { |
404 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass | 412 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass |
405 // here, with the expection of the NoCors check at the end. | 413 // here, with the expection of the NoCors check at the end. |
406 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 414 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
407 | 415 |
408 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); | 416 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); |
409 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse
cureURL); | 417 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse
cureURL); |
410 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); | 418 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); |
411 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); | 419 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); |
412 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, insecureURL); | 420 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, insecureURL); |
413 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
insecureURL); | 421 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
insecureURL); |
414 | 422 |
415 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu
reURL); | 423 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu
reURL); |
416 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
insecureURL); | 424 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
insecureURL); |
417 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL,
insecureURL); | 425 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL,
insecureURL); |
418 | 426 |
419 // This check should fail because, unlike in the | 427 // This check should fail because, unlike in the |
420 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin | 428 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin |
421 // (secure origin requesting a resource on an insecure origin) | 429 // (secure origin requesting a resource on an insecure origin) |
422 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR
L, String(), NoCors); | 430 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR
L, NoCors); |
423 } | 431 } |
424 | 432 |
425 } // namespace blink | 433 } // namespace blink |
OLD | NEW |