Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Issue 1455973003: CSP: Source expressions can no longer lock sites into insecurity. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/CSPSource.h" 6 #include "core/frame/csp/CSPSource.h"
7 7
8 #include "core/dom/Document.h" 8 #include "core/dom/Document.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "platform/weborigin/KURL.h" 10 #include "platform/weborigin/KURL.h"
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8000/bar/"))); 56 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8000/bar/")));
57 } 57 }
58 58
59 TEST_F(CSPSourceTest, RedirectMatching) 59 TEST_F(CSPSourceTest, RedirectMatching)
60 { 60 {
61 KURL base; 61 KURL base;
62 CSPSource source(csp.get(), "http", "example.com", 8000, "/bar/", CSPSource: :NoWildcard, CSPSource::NoWildcard); 62 CSPSource source(csp.get(), "http", "example.com", 8000, "/bar/", CSPSource: :NoWildcard, CSPSource::NoWildcard);
63 63
64 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"), ContentSe curityPolicy::DidRedirect)); 64 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"), ContentSe curityPolicy::DidRedirect));
65 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo"), Conten tSecurityPolicy::DidRedirect)); 65 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo"), Conten tSecurityPolicy::DidRedirect));
66 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/foo"), Conte ntSecurityPolicy::DidRedirect));
66 67
67 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8000/foo"), Cont entSecurityPolicy::DidRedirect));
68 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/foo"), C ontentSecurityPolicy::DidRedirect)); 68 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/foo"), C ontentSecurityPolicy::DidRedirect));
69 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/"), Cont entSecurityPolicy::DidNotRedirect)); 69 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/"), Cont entSecurityPolicy::DidNotRedirect));
70 } 70 }
71 71
72 TEST_F(CSPSourceTest, InsecureSourceMatchesSecure)
73 {
74 KURL base;
75 CSPSource source(csp.get(), "http", "", 0, "/", CSPSource::NoWildcard, CSPSo urce::HasWildcard);
76
77 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/")));
78 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/")));
79 EXPECT_TRUE(source.matches(KURL(base, "http://not-example.com:8000/")));
80 EXPECT_TRUE(source.matches(KURL(base, "https://not-example.com:8000/")));
81 EXPECT_FALSE(source.matches(KURL(base, "ftp://example.com:8000/")));
82 }
83
84 TEST_F(CSPSourceTest, InsecureHostMatchesSecure)
85 {
86 KURL base;
87 CSPSource source(csp.get(), "http", "example.com", 0, "/", CSPSource::NoWild card, CSPSource::HasWildcard);
88
89 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/")));
90 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/")));
91 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/")));
92 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/")));
93 }
94
72 } // namespace 95 } // namespace
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698