OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/fetch/Resource.h" | 10 #include "core/fetch/Resource.h" |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
179 | 179 |
180 KURL secureURL; | 180 KURL secureURL; |
181 KURL insecureURL; | 181 KURL insecureURL; |
182 RefPtr<SecurityOrigin> secureOrigin; | 182 RefPtr<SecurityOrigin> secureOrigin; |
183 RefPtr<SecurityOrigin> insecureOrigin; | 183 RefPtr<SecurityOrigin> insecureOrigin; |
184 | 184 |
185 RefPtrWillBePersistent<Document> document; | 185 RefPtrWillBePersistent<Document> document; |
186 RefPtrWillBePersistent<HTMLScriptElement> scriptElement; | 186 RefPtrWillBePersistent<HTMLScriptElement> scriptElement; |
187 }; | 187 }; |
188 | 188 |
| 189 TEST_F(SubresourceIntegrityTest, Prioritization) |
| 190 { |
| 191 EXPECT_EQ(HashAlgorithmSha256, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha256, HashAlgorithmSha256)); |
| 192 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha384, HashAlgorithmSha384)); |
| 193 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha512, HashAlgorithmSha512)); |
| 194 |
| 195 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha384, HashAlgorithmSha256)); |
| 196 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha512, HashAlgorithmSha256)); |
| 197 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha512, HashAlgorithmSha384)); |
| 198 |
| 199 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha256, HashAlgorithmSha384)); |
| 200 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha256, HashAlgorithmSha512)); |
| 201 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunct
ion(HashAlgorithmSha384, HashAlgorithmSha512)); |
| 202 } |
| 203 |
189 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) | 204 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) |
190 { | 205 { |
191 expectAlgorithm("sha256-", HashAlgorithmSha256); | 206 expectAlgorithm("sha256-", HashAlgorithmSha256); |
192 expectAlgorithm("sha384-", HashAlgorithmSha384); | 207 expectAlgorithm("sha384-", HashAlgorithmSha384); |
193 expectAlgorithm("sha512-", HashAlgorithmSha512); | 208 expectAlgorithm("sha512-", HashAlgorithmSha512); |
194 expectAlgorithm("sha-256-", HashAlgorithmSha256); | 209 expectAlgorithm("sha-256-", HashAlgorithmSha256); |
195 expectAlgorithm("sha-384-", HashAlgorithmSha384); | 210 expectAlgorithm("sha-384-", HashAlgorithmSha384); |
196 expectAlgorithm("sha-512-", HashAlgorithmSha512); | 211 expectAlgorithm("sha-512-", HashAlgorithmSha512); |
197 | 212 |
198 expectAlgorithmFailure("sha1-", SubresourceIntegrity::AlgorithmUnknown); | 213 expectAlgorithmFailure("sha1-", SubresourceIntegrity::AlgorithmUnknown); |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 expectParse( | 380 expectParse( |
366 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
", | 381 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr
", |
367 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 382 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
368 HashAlgorithmSha384); | 383 HashAlgorithmSha384); |
369 } | 384 } |
370 | 385 |
371 // | 386 // |
372 // End-to-end tests of ::CheckSubresourceIntegrity. | 387 // End-to-end tests of ::CheckSubresourceIntegrity. |
373 // | 388 // |
374 | 389 |
375 TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInSecureOrigi
n) | 390 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
376 { | 391 { |
377 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 392 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); |
378 | 393 |
379 // Verify basic sha256, sha384, and sha512 integrity checks. | 394 // Verify basic sha256, sha384, and sha512 integrity checks. |
380 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL); | 395 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL); |
381 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, secu
reURL); | 396 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, secu
reURL); |
382 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, secureURL); | 397 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, secureURL); |
383 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, secureURL); | 398 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, secureURL); |
384 | 399 |
385 // Verify multiple hashes in an attribute. | 400 // Verify multiple hashes in an attribute. |
386 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, secure
URL); | 401 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, secure
URL); |
387 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
secureURL); | 402 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
secureURL); |
388 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL,
secureURL); | |
389 | 403 |
390 // The hash label must match the hash value. | 404 // The hash label must match the hash value. |
391 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, secureURL); | 405 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, secureURL); |
392 | 406 |
393 // With multiple values, at least one must match. | 407 // With multiple values, at least one must match, and it must be the |
| 408 // strongest hash algorithm. |
| 409 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, sec
ureURL, secureURL); |
394 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu
reURL, secureURL); | 410 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secu
reURL, secureURL); |
395 | 411 |
396 // Unsupported hash functions should succeed. | 412 // Unsupported hash functions should succeed. |
397 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
secureURL); | 413 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
secureURL); |
398 | 414 |
399 // All parameters are fine, and because this is not cross origin, CORS is | 415 // All parameters are fine, and because this is not cross origin, CORS is |
400 // not needed. | 416 // not needed. |
401 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, NoCors
); | 417 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, NoCors
); |
402 | 418 |
403 // Options should be ignored | 419 // Options should be ignored |
404 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, secureURL, se
cureURL, NoCors); | 420 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, secureURL, se
cureURL, NoCors); |
405 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, secureURL, secureU
RL, NoCors); | 421 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, secureURL, secureU
RL, NoCors); |
406 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, secureURL, secure
URL, NoCors); | 422 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, secureURL, secure
URL, NoCors); |
407 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, sec
ureURL, NoCors); | 423 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, sec
ureURL, NoCors); |
408 } | 424 } |
409 | 425 |
410 TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInInsecureOri
gin) | 426 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
411 { | 427 { |
412 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass | 428 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass |
413 // here, with the expection of the NoCors check at the end. | 429 // here, with the expection of the NoCors check at the end. |
414 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 430 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
415 | 431 |
416 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); | 432 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL); |
417 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse
cureURL); | 433 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, inse
cureURL); |
418 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); | 434 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL); |
419 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); | 435 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL); |
420 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, insecureURL); | 436 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
, insecureURL); |
421 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
insecureURL); | 437 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL,
insecureURL); |
422 | 438 |
423 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu
reURL); | 439 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecu
reURL); |
424 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
insecureURL); | 440 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL,
insecureURL); |
425 expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL,
insecureURL); | 441 |
| 442 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, sec
ureURL, insecureURL); |
426 | 443 |
427 // This check should fail because, unlike in the | 444 // This check should fail because, unlike in the |
428 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin | 445 // CheckSubresourceIntegrityInSecureOrigin case, this is cross origin |
429 // (secure origin requesting a resource on an insecure origin) | 446 // (secure origin requesting a resource on an insecure origin) |
430 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR
L, NoCors); | 447 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureUR
L, NoCors); |
431 } | 448 } |
432 | 449 |
433 } // namespace blink | 450 } // namespace blink |
OLD | NEW |