Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_unittest.cc

Issue 1270663002: Validate the Origin HTTP header in the browser process. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/loader/resource_dispatcher_host_impl.cc » ('j') | content/browser/loader/resource_dispatcher_host_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_unittest.cc
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index 678e3d207f844a82f8f6593fa4f4834544d16d01..6f30c93dd4e536e88b7e0afa2f231773465f7b25 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc
@@ -155,21 +155,35 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
p->Add(kRendererID);
- // Safe
+ // Safe to request or commit.
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
- EXPECT_TRUE(p->CanRequestURL(kRendererID,
- GURL("view-source:http://www.google.com/")));
EXPECT_TRUE(p->CanRequestURL(
kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
+ EXPECT_TRUE(p->CanCommitURL(
+ kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
- // Dangerous
+ // Safe to request but not commit.
+ EXPECT_TRUE(p->CanRequestURL(kRendererID,
+ GURL("view-source:http://www.google.com/")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("view-source:http://www.google.com/")));
+
+ // Dangerous to request or commit.
EXPECT_FALSE(p->CanRequestURL(kRendererID,
GURL("file:///etc/passwd")));
EXPECT_FALSE(p->CanRequestURL(kRendererID,
GURL("chrome://foo/bar")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("chrome://foo/bar")));
p->Remove(kRendererID);
}
@@ -184,24 +198,35 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
nasko 2015/08/14 22:14:43 Why not add a test case with capitalized letters i
Charlie Reis 2015/08/14 23:23:32 Done.
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:memory")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:memory")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
// Requests for about: pages should be denied.
p->GrantRequestURL(kRendererID, GURL("about:crash"));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
// These requests for chrome:// pages should be granted.
GURL chrome_url("chrome://foo");
p->GrantRequestURL(kRendererID, chrome_url);
EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
p->Remove(kRendererID);
}
@@ -213,8 +238,10 @@ TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
p->Add(kRendererID);
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
p->Remove(kRendererID);
}
@@ -225,16 +252,20 @@ TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
p->Add(kRendererID);
- // Currently, "asdf" is destined for ShellExecute, so it is allowed.
+ // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
+ // requested but not committed.
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
// Once we register "asdf", we default to deny.
RegisterTestScheme("asdf");
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
// We can allow new schemes by adding them to the whitelist.
p->RegisterWebSafeScheme("asdf");
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
// Cleanup.
p->Remove(kRendererID);
@@ -247,13 +278,16 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
p->Add(kRendererID);
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
// We should forget our state if we repeat a renderer id.
p->Remove(kRendererID);
p->Add(kRendererID);
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
p->Remove(kRendererID);
}
@@ -272,11 +306,25 @@ TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
EXPECT_FALSE(p->CanRequestURL(
kRendererID, GURL("view-source:view-source:http://www.google.com/")));
+ // View source URLs don't actually commit; the renderer is put into view
+ // source mode, and the inner URL commits.
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("view-source:http://www.google.com/")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("view-source:file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(
+ kRendererID, GURL("view-source:view-source:http://www.google.com/")));
+
+
p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
// View source needs to be able to request the embedded scheme.
+ EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
EXPECT_TRUE(p->CanRequestURL(kRendererID,
GURL("view-source:file:///etc/passwd")));
- EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("view-source:file:///etc/passwd")));
p->Remove(kRendererID);
}
@@ -291,14 +339,20 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
GURL sensitive_url("file:///etc/passwd");
EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
p->GrantRequestSpecificFileURL(kRendererID, icon_url);
EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
p->GrantRequestURL(kRendererID, icon_url);
EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
p->Remove(kRendererID);
}
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/loader/resource_dispatcher_host_impl.cc » ('j') | content/browser/loader/resource_dispatcher_host_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698