Chromium Code Reviews Chromium Code Reviews
Issue 11416121:
Prevent cross-site pages when --site-per-process is passed (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/browser/child_process_security_policy_unittest.cc |
| diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc |
| index 90befd6d8aae9587de14c67cbef773c03d6b356b..10262d6ca2127014fbe3535144ae1ec8266fcc9c 100644 |
| --- a/content/browser/child_process_security_policy_unittest.cc |
| +++ b/content/browser/child_process_security_policy_unittest.cc |
| @@ -130,20 +130,28 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
| p->Add(kRendererID); |
| // Safe |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"), |
| + ResourceType::MAIN_FRAME)); |
|
Charlie Reis
2012/11/28 18:58:26
Just to test both code paths, let's make this one
|
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"), |
| + ResourceType::MAIN_FRAME)); |
| EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| - GURL("view-source:http://www.google.com/"))); |
| + GURL("view-source:http://www.google.com/"), |
| + ResourceType::MAIN_FRAME)); |
| EXPECT_TRUE(p->CanRequestURL( |
| - kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| + kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"), |
| + ResourceType::LAST_TYPE)); |
|
irobert
2012/11/28 01:27:57
For these tests, resource type does not matter the
Charlie Reis
2012/11/28 18:58:26
Sure, but might as well use something realistic.
|
| // Dangerous |
| EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| - GURL("file:///etc/passwd"))); |
| + GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
| EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| - GURL("chrome://foo/bar"))); |
| + GURL("chrome://foo/bar"), |
| + ResourceType::LAST_TYPE)); |
| p->Remove(kRendererID); |
| } |
| @@ -154,28 +162,41 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
| p->Add(kRendererID); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| - |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
| - |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"), |
| + ResourceType::MAIN_FRAME)); |
| + |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"), |
| + ResourceType::MAIN_FRAME)); |
| + |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"), |
| + ResourceType::MAIN_FRAME)); |
| // Requests for about: pages should be denied. |
| p->GrantRequestURL(kRendererID, GURL("about:crash")); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"), |
| + ResourceType::MAIN_FRAME)); |
| // These requests for chrome:// pages should be granted. |
| GURL chrome_url("chrome://foo"); |
| p->GrantRequestURL(kRendererID, chrome_url); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url, |
| + ResourceType::MAIN_FRAME)); |
| p->Remove(kRendererID); |
| } |
| @@ -186,9 +207,11 @@ TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
| p->Add(kRendererID); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"), |
| + ResourceType::MAIN_FRAME)); |
| p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"), |
| + ResourceType::MAIN_FRAME)); |
| p->Remove(kRendererID); |
| } |
| @@ -200,15 +223,18 @@ TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
| p->Add(kRendererID); |
| // Currently, "asdf" is destined for ShellExecute, so it is allowed. |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
| + ResourceType::MAIN_FRAME)); |
| // Once we register "asdf", we default to deny. |
| RegisterTestScheme("asdf"); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
| + ResourceType::MAIN_FRAME)); |
| // We can allow new schemes by adding them to the whitelist. |
| p->RegisterWebSafeScheme("asdf"); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
| + ResourceType::MAIN_FRAME)); |
| // Cleanup. |
| p->Remove(kRendererID); |
| @@ -220,25 +246,33 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
| p->Add(kRendererID); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
|
Charlie Reis
2012/11/28 18:58:26
Let's make these all MAIN_FRAME, since the intent
|
| p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), |
| + ResourceType::LAST_TYPE)); |
| std::set<std::string> disabled_set; |
| disabled_set.insert("evil-scheme"); |
| p->RegisterDisabledSchemes(disabled_set); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"), |
| + ResourceType::LAST_TYPE)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), |
| + ResourceType::LAST_TYPE)); |
| disabled_set.clear(); |
| p->RegisterDisabledSchemes(disabled_set); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), |
| + ResourceType::LAST_TYPE)); |
| // We should forget our state if we repeat a renderer id. |
| p->Remove(kRendererID); |
| p->Add(kRendererID); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
| p->Remove(kRendererID); |
| } |
| @@ -250,18 +284,24 @@ TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
| // View source is determined by the embedded scheme. |
| EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| - GURL("view-source:http://www.google.com/"))); |
| + GURL("view-source:http://www.google.com/"), |
| + ResourceType::MAIN_FRAME)); |
| EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| - GURL("view-source:file:///etc/passwd"))); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| + GURL("view-source:file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
|
Charlie Reis
2012/11/28 18:58:26
Same: these should all be MAIN_FRAME.
|
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
| EXPECT_FALSE(p->CanRequestURL( |
| - kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| + kRendererID, GURL("view-source:view-source:http://www.google.com/"), |
| + ResourceType::MAIN_FRAME)); |
| p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
| // View source needs to be able to request the embedded scheme. |
| EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| - GURL("view-source:file:///etc/passwd"))); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| + GURL("view-source:file:///etc/passwd"), |
| + ResourceType::MAIN_FRAME)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
| + ResourceType::LAST_TYPE)); |
| p->Remove(kRendererID); |
| } |
| @@ -274,16 +314,22 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
| GURL icon_url("file:///tmp/foo.png"); |
| GURL sensitive_url("file:///etc/passwd"); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url, |
| + ResourceType::IMAGE)); |
|
Charlie Reis
2012/11/28 18:58:26
Even though this is an image, let's treat these al
|
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url, |
| + ResourceType::LAST_TYPE)); |
| p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url, |
| + ResourceType::IMAGE)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url, |
| + ResourceType::LAST_TYPE)); |
| p->GrantRequestURL(kRendererID, icon_url); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url, |
| + ResourceType::IMAGE)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url, |
| + ResourceType::LAST_TYPE)); |
| p->Remove(kRendererID); |
| } |
| @@ -497,10 +543,12 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| p->Add(kRendererID); |
| EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, url, |
| + ResourceType::MAIN_FRAME)); |
| p->GrantWebUIBindings(kRendererID); |
| EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, url, |
| + ResourceType::MAIN_FRAME)); |
| p->Remove(kRendererID); |
| } |
| @@ -518,7 +566,8 @@ TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
| p->GrantReadFile(kRendererID, file); |
| p->GrantWebUIBindings(kRendererID); |
| - EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| + EXPECT_TRUE(p->CanRequestURL(kRendererID, url, |
| + ResourceType::LAST_TYPE)); |
|
Charlie Reis
2012/11/28 18:58:26
MAIN_FRAME
|
| EXPECT_TRUE(p->CanReadFile(kRendererID, file)); |
| EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| @@ -529,7 +578,8 @@ TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
| // prepared to answer policy questions about renderers who no longer exist. |
| // In this case, we default to secure behavior. |
| - EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, url, |
| + ResourceType::MAIN_FRAME)); |
| EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| } |
