| Index: Source/core/frame/SubresourceIntegrityTest.cpp
|
| diff --git a/Source/core/frame/SubresourceIntegrityTest.cpp b/Source/core/frame/SubresourceIntegrityTest.cpp
|
| index 399183632de3854a3ce229b6603c3a0a9787659e..4ad63f5d1cf704832c0f98d498cbc94ef5f61d8d 100644
|
| --- a/Source/core/frame/SubresourceIntegrityTest.cpp
|
| +++ b/Source/core/frame/SubresourceIntegrityTest.cpp
|
| @@ -24,6 +24,10 @@ namespace blink {
|
| static const char kBasicScript[] = "alert('test');";
|
| static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=";
|
| static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=";
|
| +static const char kSha256IntegrityWithEmptyOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?";
|
| +static const char kSha256IntegrityWithOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?foo=bar";
|
| +static const char kSha256IntegrityWithOptions[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?foo=bar?baz=foz";
|
| +static const char kSha256IntegrityWithMimeOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?ct=application/javascript";
|
| static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
|
| static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQIp1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA==";
|
| static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
|
| @@ -100,31 +104,7 @@ protected:
|
| EXPECT_TRUE(digest.isEmpty());
|
| }
|
|
|
| - void expectMimeType(const String& text, const char* expectedType)
|
| - {
|
| - Vector<UChar> characters;
|
| - text.appendTo(characters);
|
| - const UChar* position = characters.data();
|
| - const UChar* end = characters.end();
|
| - String type;
|
| -
|
| - EXPECT_TRUE(SubresourceIntegrity::parseMimeType(position, end, type));
|
| - EXPECT_EQ(expectedType, type);
|
| - }
|
| -
|
| - void expectMimeTypeFailure(const String& text)
|
| - {
|
| - Vector<UChar> characters;
|
| - text.appendTo(characters);
|
| - const UChar* position = characters.data();
|
| - const UChar* end = characters.end();
|
| - String type;
|
| -
|
| - EXPECT_FALSE(SubresourceIntegrity::parseMimeType(position, end, type));
|
| - EXPECT_TRUE(type.isEmpty());
|
| - }
|
| -
|
| - void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm, const char* expectedType)
|
| + void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm)
|
| {
|
| Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
|
|
|
| @@ -133,14 +113,13 @@ protected:
|
| if (metadataList.size() > 0) {
|
| EXPECT_EQ(expectedDigest, metadataList[0].digest);
|
| EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm);
|
| - EXPECT_EQ(expectedType, metadataList[0].type);
|
| }
|
| }
|
|
|
| - void expectParseMultipleHashes(const char* integrityAttribute, const SubresourceIntegrity::IntegrityMetadata expectedMetadatArray[], size_t expectedMetadataArraySize)
|
| + void expectParseMultipleHashes(const char* integrityAttribute, const SubresourceIntegrity::IntegrityMetadata expectedMetadataArray[], size_t expectedMetadataArraySize)
|
| {
|
| Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList;
|
| - expectedMetadataList.append(expectedMetadatArray, expectedMetadataArraySize);
|
| + expectedMetadataList.append(expectedMetadataArray, expectedMetadataArraySize);
|
| Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
|
| EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIntegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document));
|
| EXPECT_EQ(expectedMetadataList.size(), metadataList.size());
|
| @@ -148,7 +127,6 @@ protected:
|
| for (size_t i = 0; i < metadataList.size(); i++) {
|
| EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest);
|
| EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].algorithm);
|
| - EXPECT_EQ(expectedMetadataList[i].type, metadataList[i].type);
|
| }
|
| }
|
| }
|
| @@ -173,16 +151,16 @@ protected:
|
| NoCors
|
| };
|
|
|
| - void expectIntegrity(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, const String& mimeType = String(), CorsStatus corsStatus = WithCors)
|
| + void expectIntegrity(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors)
|
| {
|
| scriptElement->setAttribute(HTMLNames::integrityAttr, integrity);
|
| - EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, mimeType, *createTestResource(url, requestorUrl, corsStatus).get()));
|
| + EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, *createTestResource(url, requestorUrl, corsStatus).get()));
|
| }
|
|
|
| - void expectIntegrityFailure(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, const String& mimeType = String(), CorsStatus corsStatus = WithCors)
|
| + void expectIntegrityFailure(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors)
|
| {
|
| scriptElement->setAttribute(HTMLNames::integrityAttr, integrity);
|
| - EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, mimeType, *createTestResource(url, requestorUrl, corsStatus).get()));
|
| + EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, *createTestResource(url, requestorUrl, corsStatus).get()));
|
| }
|
|
|
| ResourcePtr<Resource> createTestResource(const KURL& url, const KURL& allowOriginUrl, CorsStatus corsStatus)
|
| @@ -239,22 +217,6 @@ TEST_F(SubresourceIntegrityTest, ParseDigest)
|
| expectDigestFailure("\x01\x02\x03\x04");
|
| }
|
|
|
| -TEST_F(SubresourceIntegrityTest, ParseMimeType)
|
| -{
|
| - expectMimeType("?ct=application/javascript", "application/javascript");
|
| - expectMimeType("?ct=application/xhtml+xml", "application/xhtml+xml");
|
| - expectMimeType("?ct=text/vnd.abc", "text/vnd.abc");
|
| - expectMimeType("?ct=video/x-ms-wmv", "video/x-ms-wmv");
|
| -
|
| - expectMimeTypeFailure("application/javascript");
|
| - expectMimeTypeFailure("?application/javascript");
|
| - expectMimeTypeFailure("?not-ct=application/javascript");
|
| - expectMimeTypeFailure("?ct==application/javascript");
|
| - expectMimeTypeFailure("?yay=boo&ct=application/javascript");
|
| - expectMimeTypeFailure("?ct=application/javascript&yay=boo");
|
| - expectMimeTypeFailure("?ct=video%2Fx-ms-wmv");
|
| -}
|
| -
|
| //
|
| // End-to-end parsing tests.
|
| //
|
| @@ -274,57 +236,69 @@ TEST_F(SubresourceIntegrityTest, Parsing)
|
| expectParse(
|
| "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| - HashAlgorithmSha256,
|
| - "");
|
| + HashAlgorithmSha256);
|
|
|
| expectParse(
|
| "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| - HashAlgorithmSha256,
|
| - "");
|
| + HashAlgorithmSha256);
|
|
|
| expectParse(
|
| " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ",
|
| "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| - HashAlgorithmSha256,
|
| - "");
|
| + HashAlgorithmSha256);
|
|
|
| expectParse(
|
| "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr",
|
| "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
|
| - HashAlgorithmSha384,
|
| - "");
|
| + HashAlgorithmSha384);
|
|
|
| expectParse(
|
| "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr",
|
| "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
|
| - HashAlgorithmSha384,
|
| - "");
|
| + HashAlgorithmSha384);
|
|
|
| expectParse(
|
| "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| - HashAlgorithmSha512,
|
| - "");
|
| + HashAlgorithmSha512);
|
|
|
| expectParse(
|
| "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| - HashAlgorithmSha512,
|
| - "");
|
| + HashAlgorithmSha512);
|
|
|
| expectParse(
|
| "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript",
|
| "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| - HashAlgorithmSha512,
|
| - "application/javascript");
|
| + HashAlgorithmSha512);
|
| +
|
| + expectParse(
|
| + "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml",
|
| + "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| + HashAlgorithmSha512);
|
| +
|
| + expectParse(
|
| + "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?foo=bar?ct=application/xhtml+xml",
|
| + "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| + HashAlgorithmSha512);
|
| +
|
| + expectParse(
|
| + "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml?foo=bar",
|
| + "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| + HashAlgorithmSha512);
|
| +
|
| + expectParse(
|
| + "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?baz=foz?ct=application/xhtml+xml?foo=bar",
|
| + "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| + HashAlgorithmSha512);
|
|
|
| expectParseMultipleHashes("", 0, 0);
|
| expectParseMultipleHashes(" ", 0, 0);
|
|
|
| const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = {
|
| - {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", HashAlgorithmSha384, ""},
|
| - {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==", HashAlgorithmSha512, ""}
|
| + {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", HashAlgorithmSha384},
|
| + {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==", HashAlgorithmSha512}
|
| };
|
| expectParseMultipleHashes(
|
| "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
|
| @@ -332,8 +306,8 @@ TEST_F(SubresourceIntegrityTest, Parsing)
|
| ARRAY_SIZE(kValidSha384AndSha512));
|
|
|
| const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = {
|
| - {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""},
|
| - {"deadbeef", HashAlgorithmSha256, ""}
|
| + {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256},
|
| + {"deadbeef", HashAlgorithmSha256}
|
| };
|
| expectParseMultipleHashes(
|
| "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef",
|
| @@ -341,7 +315,7 @@ TEST_F(SubresourceIntegrityTest, Parsing)
|
| ARRAY_SIZE(kValidSha256AndSha256));
|
|
|
| const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[] = {
|
| - {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""}
|
| + {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256}
|
| };
|
| expectParseMultipleHashes(
|
| "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!",
|
| @@ -349,12 +323,41 @@ TEST_F(SubresourceIntegrityTest, Parsing)
|
| ARRAY_SIZE(kValidSha256AndInvalidSha256));
|
|
|
| const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[] = {
|
| - {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256, ""}
|
| + {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256}
|
| };
|
| expectParseMultipleHashes(
|
| "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| kInvalidSha256AndValidSha256,
|
| ARRAY_SIZE(kInvalidSha256AndValidSha256));
|
| +
|
| + expectParse(
|
| + "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| +
|
| + expectParse(
|
| + "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| +
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| + expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo:bar",
|
| + "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
|
| + HashAlgorithmSha256);
|
| }
|
|
|
| TEST_F(SubresourceIntegrityTest, ParsingBase64)
|
| @@ -362,8 +365,7 @@ TEST_F(SubresourceIntegrityTest, ParsingBase64)
|
| expectParse(
|
| "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
|
| "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
|
| - HashAlgorithmSha384,
|
| - "");
|
| + HashAlgorithmSha384);
|
| }
|
|
|
| //
|
| @@ -396,7 +398,13 @@ TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin)
|
|
|
| // All parameters are fine, and because this is not cross origin, CORS is
|
| // not needed.
|
| - expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, String(), NoCors);
|
| + expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, NoCors);
|
| +
|
| + // Options should be ignored
|
| + expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, secureURL, secureURL, NoCors);
|
| + expectIntegrity(kSha256IntegrityWithOption, kBasicScript, secureURL, secureURL, NoCors);
|
| + expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, secureURL, secureURL, NoCors);
|
| + expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, secureURL, NoCors);
|
| }
|
|
|
| TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin)
|
| @@ -419,7 +427,7 @@ TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin)
|
| // This check should fail because, unlike in the
|
| // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin
|
| // (secure origin requesting a resource on an insecure origin)
|
| - expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureURL, String(), NoCors);
|
| + expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureURL, NoCors);
|
| }
|
|
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 1126343003:
Ignore unknown options to subresource integrity (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master