Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(990)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/frame/SubresourceIntegrityTest.cpp

Issue 1156413005: Implement hash function prioritization for SRI. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebase on ToT Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.cpp ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/frame/SubresourceIntegrityTest.cpp
diff --git a/Source/core/frame/SubresourceIntegrityTest.cpp b/Source/core/frame/SubresourceIntegrityTest.cpp
index 2ac6d6e6b76bc15f815f4c99440994957280b05c..f906768d7c61cdf227528a4fb6efbe6081610998 100644
--- a/Source/core/frame/SubresourceIntegrityTest.cpp
+++ b/Source/core/frame/SubresourceIntegrityTest.cpp
@@ -186,6 +186,21 @@ protected:
RefPtrWillBePersistent<HTMLScriptElement> scriptElement;
};
+TEST_F(SubresourceIntegrityTest, Prioritization)
+{
+ EXPECT_EQ(HashAlgorithmSha256, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha256));
+ EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha384));
+ EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha512));
+
+ EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha256));
+ EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha256));
+ EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha384));
+
+ EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha384));
+ EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha512));
+ EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha512));
+}
+
TEST_F(SubresourceIntegrityTest, ParseAlgorithm)
{
expectAlgorithm("sha256-", HashAlgorithmSha256);
@@ -372,7 +387,7 @@ TEST_F(SubresourceIntegrityTest, ParsingBase64)
// End-to-end tests of ::CheckSubresourceIntegrity.
//
-TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInSecureOrigin)
+TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin)
{
document->updateSecurityOrigin(secureOrigin->isolatedCopy());
@@ -385,12 +400,13 @@ TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInSecureOrigi
// Verify multiple hashes in an attribute.
expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, secureURL);
expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, secureURL);
- expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, secureURL);
// The hash label must match the hash value.
expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL, secureURL);
- // With multiple values, at least one must match.
+ // With multiple values, at least one must match, and it must be the
+ // strongest hash algorithm.
+ expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, secureURL);
expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secureURL, secureURL);
// Unsupported hash functions should succeed.
@@ -407,7 +423,7 @@ TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInSecureOrigi
expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, secureURL, NoCors);
}
-TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInInsecureOrigin)
+TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin)
{
// The same checks as CheckSubresourceIntegrityInSecureOrigin should pass
// here, with the expection of the NoCors check at the end.
@@ -422,7 +438,8 @@ TEST_F(SubresourceIntegrityTest, DISABLED_CheckSubresourceIntegrityInInsecureOri
expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecureURL);
expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, insecureURL);
- expectIntegrity(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, insecureURL);
+
+ expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, insecureURL);
// This check should fail because, unlike in the
// CheckSubresourceIntegrityInSecureOrigin case, this is cross origin
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698