OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "base/command_line.h" | |
6 #include "base/stringprintf.h" | |
7 #include "base/utf_string_conversions.h" | |
8 #include "chrome/browser/ui/browser.h" | |
9 #include "chrome/browser/ui/browser_commands.h" | |
10 #include "chrome/browser/ui/singleton_tabs.h" | |
11 #include "chrome/browser/ui/tabs/tab_strip_model.h" | |
12 #include "chrome/test/base/in_process_browser_test.h" | |
13 #include "chrome/test/base/ui_test_utils.h" | |
14 #include "content/public/browser/notification_observer.h" | |
15 #include "content/public/browser/notification_service.h" | |
16 #include "content/public/browser/notification_types.h" | |
17 #include "content/public/browser/resource_request_details.h" | |
18 #include "content/public/browser/web_contents_observer.h" | |
19 #include "content/public/common/content_switches.h" | |
20 #include "content/public/test/browser_test_utils.h" | |
21 #include "webkit/glue/glue_serialize.h" | |
jochen (gone - plz use gerrit)
2013/04/02 15:14:25
not needed?
nasko
2013/04/02 18:25:16
Done.
| |
22 | |
23 namespace content { | |
jochen (gone - plz use gerrit)
2013/04/02 15:14:25
no namespace content in chrome/
nasko
2013/04/02 18:25:16
Done.
| |
24 | |
25 // The goal of these tests is to "simulate" exploited renderer processes, which | |
26 // can send arbitrary IPC messages and confuse browser process internal state, | |
27 // leading to security bugs. We are trying to verify that the browser doesn't | |
28 // perform any dangerous operations in such cases. | |
29 // This is similar to the security_exploit_browsertest.cc tests, but also | |
30 // includes chrome/ layer concepts such as extensions. | |
31 class ChromeSecurityExploitBrowserTest : public InProcessBrowserTest { | |
32 public: | |
33 ChromeSecurityExploitBrowserTest() {} | |
jochen (gone - plz use gerrit)
2013/04/02 15:14:25
nit. virtual destructor
nasko
2013/04/02 18:25:16
Done.
| |
34 | |
35 virtual void SetUpCommandLine(CommandLine* command_line) { | |
36 ASSERT_TRUE(test_server()->Start()); | |
37 net::TestServer https_server( | |
38 net::TestServer::TYPE_HTTPS, | |
39 net::TestServer::kLocalhost, | |
40 base::FilePath(FILE_PATH_LITERAL("chrome/test/data"))); | |
41 ASSERT_TRUE(https_server.Start()); | |
42 | |
43 // Add a host resolver rule to map all outgoing requests to the test server. | |
44 // This allows us to use "real" hostnames in URLs, which we can use to | |
45 // create arbitrary SiteInstances. | |
46 command_line->AppendSwitchASCII( | |
47 switches::kHostResolverRules, | |
48 "MAP * " + test_server()->host_port_pair().ToString() + | |
49 ",EXCLUDE localhost"); | |
50 | |
51 // Since we assume exploited renderer process, it can bypass the same origin | |
52 // policy at will. Simulate that by passing the disable-web-security flag. | |
53 command_line->AppendSwitch(switches::kDisableWebSecurity); | |
54 } | |
55 }; | |
jochen (gone - plz use gerrit)
2013/04/02 15:14:25
nit. disallow copy/assign
nasko
2013/04/02 18:25:16
Done.
| |
56 | |
57 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, | |
58 ChromeExtensionResources) { | |
59 // Load a page that requests a chrome-extension:// image through XHR. We | |
60 // expect this load to fail, as it is an illegal request. | |
61 GURL foo("http://foo.com/files/chrome_extension_resource.html"); | |
62 | |
63 content::DOMMessageQueue msg_queue; | |
64 | |
65 ui_test_utils::NavigateToURL(browser(), foo); | |
66 | |
67 std::string status; | |
68 std::string expected_status("0"); | |
69 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); | |
70 EXPECT_STREQ(status.c_str(), expected_status.c_str()); | |
71 } | |
72 | |
73 } | |
OLD | NEW |