OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/strings/string_piece.h" | 5 #include "base/strings/string_piece.h" |
6 #include "base/strings/utf_string_conversions.h" | 6 #include "base/strings/utf_string_conversions.h" |
7 #include "content/child/site_isolation_policy.h" | 7 #include "content/child/site_isolation_policy.h" |
8 #include "content/public/common/context_menu_params.h" | 8 #include "content/public/common/context_menu_params.h" |
9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
10 #include "third_party/WebKit/public/platform/WebURLResponse.h" | 10 #include "third_party/WebKit/public/platform/WebURLResponse.h" |
11 #include "ui/gfx/range/range.h" | 11 #include "ui/gfx/range/range.h" |
12 | 12 |
13 using base::StringPiece; | 13 using base::StringPiece; |
14 | 14 |
15 namespace content { | 15 namespace content { |
16 | 16 |
17 TEST(SiteIsolationPolicyTest, IsBlockableScheme) { | 17 TEST(CrossSiteDocumentClassifierTest, IsBlockableScheme) { |
18 GURL data_url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA=="); | 18 GURL data_url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA=="); |
19 GURL ftp_url("ftp://google.com"); | 19 GURL ftp_url("ftp://google.com"); |
20 GURL mailto_url("mailto:google@google.com"); | 20 GURL mailto_url("mailto:google@google.com"); |
21 GURL about_url("about:chrome"); | 21 GURL about_url("about:chrome"); |
22 GURL http_url("http://google.com"); | 22 GURL http_url("http://google.com"); |
23 GURL https_url("https://google.com"); | 23 GURL https_url("https://google.com"); |
24 | 24 |
25 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(data_url)); | 25 EXPECT_FALSE(CrossSiteDocumentClassifier::IsBlockableScheme(data_url)); |
26 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(ftp_url)); | 26 EXPECT_FALSE(CrossSiteDocumentClassifier::IsBlockableScheme(ftp_url)); |
27 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(mailto_url)); | 27 EXPECT_FALSE(CrossSiteDocumentClassifier::IsBlockableScheme(mailto_url)); |
28 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(about_url)); | 28 EXPECT_FALSE(CrossSiteDocumentClassifier::IsBlockableScheme(about_url)); |
29 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(http_url)); | 29 EXPECT_TRUE(CrossSiteDocumentClassifier::IsBlockableScheme(http_url)); |
30 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(https_url)); | 30 EXPECT_TRUE(CrossSiteDocumentClassifier::IsBlockableScheme(https_url)); |
31 } | 31 } |
32 | 32 |
33 TEST(SiteIsolationPolicyTest, IsSameSite) { | 33 TEST(CrossSiteDocumentClassifierTest, IsSameSite) { |
34 GURL a_com_url0("https://mock1.a.com:8080/page1.html"); | 34 GURL a_com_url0("https://mock1.a.com:8080/page1.html"); |
35 GURL a_com_url1("https://mock2.a.com:9090/page2.html"); | 35 GURL a_com_url1("https://mock2.a.com:9090/page2.html"); |
36 GURL a_com_url2("https://a.com/page3.html"); | 36 GURL a_com_url2("https://a.com/page3.html"); |
37 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url0, a_com_url1)); | 37 EXPECT_TRUE(CrossSiteDocumentClassifier::IsSameSite(a_com_url0, a_com_url1)); |
38 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url1, a_com_url2)); | 38 EXPECT_TRUE(CrossSiteDocumentClassifier::IsSameSite(a_com_url1, a_com_url2)); |
39 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url2, a_com_url0)); | 39 EXPECT_TRUE(CrossSiteDocumentClassifier::IsSameSite(a_com_url2, a_com_url0)); |
40 | 40 |
41 GURL b_com_url0("https://mock1.b.com/index.html"); | 41 GURL b_com_url0("https://mock1.b.com/index.html"); |
42 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, b_com_url0)); | 42 EXPECT_FALSE(CrossSiteDocumentClassifier::IsSameSite(a_com_url0, b_com_url0)); |
43 | 43 |
44 GURL about_blank_url("about:blank"); | 44 GURL about_blank_url("about:blank"); |
45 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, about_blank_url)); | 45 EXPECT_FALSE( |
| 46 CrossSiteDocumentClassifier::IsSameSite(a_com_url0, about_blank_url)); |
46 | 47 |
47 GURL chrome_url("chrome://extension"); | 48 GURL chrome_url("chrome://extension"); |
48 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, chrome_url)); | 49 EXPECT_FALSE(CrossSiteDocumentClassifier::IsSameSite(a_com_url0, chrome_url)); |
49 | 50 |
50 GURL empty_url(""); | 51 GURL empty_url(""); |
51 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, empty_url)); | 52 EXPECT_FALSE(CrossSiteDocumentClassifier::IsSameSite(a_com_url0, empty_url)); |
52 } | 53 } |
53 | 54 |
54 TEST(SiteIsolationPolicyTest, IsValidCorsHeaderSet) { | 55 TEST(CrossSiteDocumentClassifierTest, IsValidCorsHeaderSet) { |
55 GURL frame_origin("http://www.google.com"); | 56 GURL frame_origin("http://www.google.com"); |
56 GURL site_origin("http://www.yahoo.com"); | 57 GURL site_origin("http://www.yahoo.com"); |
57 | 58 |
58 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 59 EXPECT_TRUE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
59 frame_origin, site_origin, "*")); | 60 frame_origin, site_origin, "*")); |
60 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 61 EXPECT_FALSE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
61 frame_origin, site_origin, "\"*\"")); | 62 frame_origin, site_origin, "\"*\"")); |
62 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 63 EXPECT_TRUE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
63 frame_origin, site_origin, "http://mail.google.com")); | 64 frame_origin, site_origin, "http://mail.google.com")); |
64 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 65 EXPECT_FALSE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
65 frame_origin, site_origin, "https://mail.google.com")); | 66 frame_origin, site_origin, "https://mail.google.com")); |
66 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 67 EXPECT_FALSE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
67 frame_origin, site_origin, "http://yahoo.com")); | 68 frame_origin, site_origin, "http://yahoo.com")); |
68 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet( | 69 EXPECT_FALSE(CrossSiteDocumentClassifier::IsValidCorsHeaderSet( |
69 frame_origin, site_origin, "www.google.com")); | 70 frame_origin, site_origin, "www.google.com")); |
70 } | 71 } |
71 | 72 |
72 TEST(SiteIsolationPolicyTest, SniffForHTML) { | 73 TEST(CrossSiteDocumentClassifierTest, SniffForHTML) { |
73 StringPiece html_data(" \t\r\n <HtMladfokadfkado"); | 74 StringPiece html_data(" \t\r\n <HtMladfokadfkado"); |
74 StringPiece comment_html_data(" <!-- this is comment --> <html><body>"); | 75 StringPiece comment_html_data(" <!-- this is comment --> <html><body>"); |
75 StringPiece two_comments_html_data( | 76 StringPiece two_comments_html_data( |
76 "<!-- this is comment -->\n<!-- this is comment --><html><body>"); | 77 "<!-- this is comment -->\n<!-- this is comment --><html><body>"); |
77 StringPiece mixed_comments_html_data( | 78 StringPiece mixed_comments_html_data( |
78 "<!-- this is comment <!-- --> <script></script>"); | 79 "<!-- this is comment <!-- --> <script></script>"); |
79 StringPiece non_html_data(" var name=window.location;\nadfadf"); | 80 StringPiece non_html_data(" var name=window.location;\nadfadf"); |
80 StringPiece comment_js_data(" <!-- this is comment -> document.write(1); "); | 81 StringPiece comment_js_data(" <!-- this is comment -> document.write(1); "); |
81 StringPiece empty_data(""); | 82 StringPiece empty_data(""); |
82 | 83 |
83 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(html_data)); | 84 EXPECT_TRUE(CrossSiteDocumentClassifier::SniffForHTML(html_data)); |
84 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(comment_html_data)); | 85 EXPECT_TRUE(CrossSiteDocumentClassifier::SniffForHTML(comment_html_data)); |
85 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(two_comments_html_data)); | 86 EXPECT_TRUE( |
86 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(mixed_comments_html_data)); | 87 CrossSiteDocumentClassifier::SniffForHTML(two_comments_html_data)); |
87 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(non_html_data)); | 88 EXPECT_TRUE( |
88 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(comment_js_data)); | 89 CrossSiteDocumentClassifier::SniffForHTML(mixed_comments_html_data)); |
| 90 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForHTML(non_html_data)); |
| 91 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForHTML(comment_js_data)); |
89 | 92 |
90 // Basic bounds check. | 93 // Basic bounds check. |
91 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(empty_data)); | 94 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForHTML(empty_data)); |
92 } | 95 } |
93 | 96 |
94 TEST(SiteIsolationPolicyTest, SniffForXML) { | 97 TEST(CrossSiteDocumentClassifierTest, SniffForXML) { |
95 StringPiece xml_data(" \t \r \n <?xml version=\"1.0\"?>\n <catalog"); | 98 StringPiece xml_data(" \t \r \n <?xml version=\"1.0\"?>\n <catalog"); |
96 StringPiece non_xml_data(" var name=window.location;\nadfadf"); | 99 StringPiece non_xml_data(" var name=window.location;\nadfadf"); |
97 StringPiece empty_data(""); | 100 StringPiece empty_data(""); |
98 | 101 |
99 EXPECT_TRUE(SiteIsolationPolicy::SniffForXML(xml_data)); | 102 EXPECT_TRUE(CrossSiteDocumentClassifier::SniffForXML(xml_data)); |
100 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(non_xml_data)); | 103 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForXML(non_xml_data)); |
101 | 104 |
102 // Basic bounds check. | 105 // Basic bounds check. |
103 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(empty_data)); | 106 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForXML(empty_data)); |
104 } | 107 } |
105 | 108 |
106 TEST(SiteIsolationPolicyTest, SniffForJSON) { | 109 TEST(CrossSiteDocumentClassifierTest, SniffForJSON) { |
107 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", "); | 110 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", "); |
108 StringPiece non_json_data0("\t\t\r\n { name : \"chrome\", "); | 111 StringPiece non_json_data0("\t\t\r\n { name : \"chrome\", "); |
109 StringPiece non_json_data1("\t\t\r\n foo({ \"name\" : \"chrome\", "); | 112 StringPiece non_json_data1("\t\t\r\n foo({ \"name\" : \"chrome\", "); |
110 StringPiece empty_data(""); | 113 StringPiece empty_data(""); |
111 | 114 |
112 EXPECT_TRUE( | 115 EXPECT_TRUE(CrossSiteDocumentClassifier::SniffForJSON(json_data)); |
113 SiteIsolationPolicy::SniffForJSON(json_data)); | 116 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForJSON(non_json_data0)); |
114 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data0)); | 117 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForJSON(non_json_data1)); |
115 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data1)); | |
116 | 118 |
117 // Basic bounds check. | 119 // Basic bounds check. |
118 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(empty_data)); | 120 EXPECT_FALSE(CrossSiteDocumentClassifier::SniffForJSON(empty_data)); |
119 } | 121 } |
120 | 122 |
121 TEST(SiteIsolationPolicyTest, SniffForJS) { | 123 TEST(SiteIsolationStatsGathererTest, SniffForJS) { |
122 StringPiece basic_js_data("var a = 4"); | 124 StringPiece basic_js_data("var a = 4"); |
123 StringPiece js_data("\t\t\r\n var a = 4"); | 125 StringPiece js_data("\t\t\r\n var a = 4"); |
124 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", "); | 126 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", "); |
125 StringPiece empty_data(""); | 127 StringPiece empty_data(""); |
126 | 128 |
127 EXPECT_TRUE(SiteIsolationPolicy::SniffForJS(js_data)); | 129 EXPECT_TRUE(SiteIsolationStatsGatherer::SniffForJS(js_data)); |
128 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(json_data)); | 130 EXPECT_FALSE(SiteIsolationStatsGatherer::SniffForJS(json_data)); |
129 | 131 |
130 // Basic bounds check. | 132 // Basic bounds check. |
131 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(empty_data)); | 133 EXPECT_FALSE(SiteIsolationStatsGatherer::SniffForJS(empty_data)); |
132 } | 134 } |
133 | 135 |
134 } // namespace content | 136 } // namespace content |
OLD | NEW |