Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chrome_security_exploit_browsertest.cc

Issue 1378123003: Adding SSL ETS Tests (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ets
Patch Set: Rebase. Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client_browsertest.cc ('k') | chrome/browser/chrome_service_worker_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/command_line.h" 5 #include "base/command_line.h"
6 #include "base/strings/stringprintf.h" 6 #include "base/strings/stringprintf.h"
7 #include "base/strings/utf_string_conversions.h" 7 #include "base/strings/utf_string_conversions.h"
8 #include "chrome/browser/ui/browser.h" 8 #include "chrome/browser/ui/browser.h"
9 #include "chrome/browser/ui/browser_commands.h" 9 #include "chrome/browser/ui/browser_commands.h"
10 #include "chrome/browser/ui/singleton_tabs.h" 10 #include "chrome/browser/ui/singleton_tabs.h"
(...skipping 13 matching lines...) Expand all
24 // leading to security bugs. We are trying to verify that the browser doesn't 24 // leading to security bugs. We are trying to verify that the browser doesn't
25 // perform any dangerous operations in such cases. 25 // perform any dangerous operations in such cases.
26 // This is similar to the security_exploit_browsertest.cc tests, but also 26 // This is similar to the security_exploit_browsertest.cc tests, but also
27 // includes chrome/ layer concepts such as extensions. 27 // includes chrome/ layer concepts such as extensions.
28 class ChromeSecurityExploitBrowserTest : public InProcessBrowserTest { 28 class ChromeSecurityExploitBrowserTest : public InProcessBrowserTest {
29 public: 29 public:
30 ChromeSecurityExploitBrowserTest() {} 30 ChromeSecurityExploitBrowserTest() {}
31 ~ChromeSecurityExploitBrowserTest() override {} 31 ~ChromeSecurityExploitBrowserTest() override {}
32 32
33 void SetUpCommandLine(base::CommandLine* command_line) override { 33 void SetUpCommandLine(base::CommandLine* command_line) override {
34 ASSERT_TRUE(test_server()->Start()); 34 ASSERT_TRUE(embedded_test_server()->Start());
35 net::SpawnedTestServer https_server(
36 net::SpawnedTestServer::TYPE_HTTPS,
37 net::SpawnedTestServer::kLocalhost,
38 base::FilePath(FILE_PATH_LITERAL("chrome/test/data")));
39 ASSERT_TRUE(https_server.Start());
40 35
41 // Add a host resolver rule to map all outgoing requests to the test server. 36 // Add a host resolver rule to map all outgoing requests to the test server.
42 // This allows us to use "real" hostnames in URLs, which we can use to 37 // This allows us to use "real" hostnames in URLs, which we can use to
43 // create arbitrary SiteInstances. 38 // create arbitrary SiteInstances.
44 command_line->AppendSwitchASCII( 39 command_line->AppendSwitchASCII(
45 switches::kHostResolverRules, 40 switches::kHostResolverRules,
46 "MAP * " + test_server()->host_port_pair().ToString() + 41 "MAP * " + embedded_test_server()->host_port_pair().ToString() +
47 ",EXCLUDE localhost"); 42 ",EXCLUDE localhost");
48 43
49 // Since we assume exploited renderer process, it can bypass the same origin 44 // Since we assume exploited renderer process, it can bypass the same origin
50 // policy at will. Simulate that by passing the disable-web-security flag. 45 // policy at will. Simulate that by passing the disable-web-security flag.
51 command_line->AppendSwitch(switches::kDisableWebSecurity); 46 command_line->AppendSwitch(switches::kDisableWebSecurity);
52 } 47 }
53 48
54 private: 49 private:
55 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityExploitBrowserTest); 50 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityExploitBrowserTest);
56 }; 51 };
57 52
58 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest, 53 IN_PROC_BROWSER_TEST_F(ChromeSecurityExploitBrowserTest,
59 ChromeExtensionResources) { 54 ChromeExtensionResources) {
60 // Load a page that requests a chrome-extension:// image through XHR. We 55 // Load a page that requests a chrome-extension:// image through XHR. We
61 // expect this load to fail, as it is an illegal request. 56 // expect this load to fail, as it is an illegal request.
62 GURL foo("http://foo.com/files/chrome_extension_resource.html"); 57 GURL foo("http://foo.com/chrome_extension_resource.html");
63 58
64 content::DOMMessageQueue msg_queue; 59 content::DOMMessageQueue msg_queue;
65 60
66 ui_test_utils::NavigateToURL(browser(), foo); 61 ui_test_utils::NavigateToURL(browser(), foo);
67 62
68 std::string status; 63 std::string status;
69 std::string expected_status("0"); 64 std::string expected_status("0");
70 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); 65 EXPECT_TRUE(msg_queue.WaitForMessage(&status));
71 EXPECT_STREQ(status.c_str(), expected_status.c_str()); 66 EXPECT_STREQ(status.c_str(), expected_status.c_str());
72 } 67 }
OLDNEW
« no previous file with comments | « chrome/browser/chrome_content_browser_client_browsertest.cc ('k') | chrome/browser/chrome_service_worker_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698