| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/SubresourceIntegrity.h" | 5 #include "core/frame/SubresourceIntegrity.h" |
| 6 | 6 |
| 7 #include "core/HTMLNames.h" | 7 #include "core/HTMLNames.h" |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/fetch/IntegrityMetadata.h" | 9 #include "core/fetch/IntegrityMetadata.h" |
| 10 #include "core/fetch/Resource.h" | 10 #include "core/fetch/Resource.h" |
| (...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | 379 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
| 380 HashAlgorithmSha384); | 380 HashAlgorithmSha384); |
| 381 } | 381 } |
| 382 | 382 |
| 383 // | 383 // |
| 384 // End-to-end tests of ::CheckSubresourceIntegrity. | 384 // End-to-end tests of ::CheckSubresourceIntegrity. |
| 385 // | 385 // |
| 386 | 386 |
| 387 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) | 387 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
| 388 { | 388 { |
| 389 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 389 document->setSecurityOrigin(secureOrigin->isolatedCopy()); |
| 390 | 390 |
| 391 // Verify basic sha256, sha384, and sha512 integrity checks. | 391 // Verify basic sha256, sha384, and sha512 integrity checks. |
| 392 expectIntegrity(kSha256Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); | 392 expectIntegrity(kSha256Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); |
| 393 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, strlen(kBasicSc
ript), secureURL, secureURL); | 393 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, strlen(kBasicSc
ript), secureURL, secureURL); |
| 394 expectIntegrity(kSha384Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); | 394 expectIntegrity(kSha384Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); |
| 395 expectIntegrity(kSha512Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); | 395 expectIntegrity(kSha512Integrity, kBasicScript, strlen(kBasicScript), secure
URL, secureURL); |
| 396 | 396 |
| 397 // Verify multiple hashes in an attribute. | 397 // Verify multiple hashes in an attribute. |
| 398 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, strlen(kBasicScri
pt), secureURL, secureURL); | 398 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, strlen(kBasicScri
pt), secureURL, secureURL); |
| 399 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, strlen(kBa
sicScript), secureURL, secureURL); | 399 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, strlen(kBa
sicScript), secureURL, secureURL); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 417 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, strlen(kBasic
Script), secureURL, secureURL, NoCors); | 417 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, strlen(kBasic
Script), secureURL, secureURL, NoCors); |
| 418 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, strlen(kBasicScrip
t), secureURL, secureURL, NoCors); | 418 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, strlen(kBasicScrip
t), secureURL, secureURL, NoCors); |
| 419 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, strlen(kBasicScri
pt), secureURL, secureURL, NoCors); | 419 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, strlen(kBasicScri
pt), secureURL, secureURL, NoCors); |
| 420 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, strlen(kBasicS
cript), secureURL, secureURL, NoCors); | 420 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, strlen(kBasicS
cript), secureURL, secureURL, NoCors); |
| 421 } | 421 } |
| 422 | 422 |
| 423 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) | 423 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
| 424 { | 424 { |
| 425 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass | 425 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass |
| 426 // here, with the expection of the NoCors check at the end. | 426 // here, with the expection of the NoCors check at the end. |
| 427 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 427 document->setSecurityOrigin(insecureOrigin->isolatedCopy()); |
| 428 | 428 |
| 429 expectIntegrity(kSha256Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); | 429 expectIntegrity(kSha256Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); |
| 430 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, strlen(kBasicSc
ript), secureURL, insecureURL); | 430 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, strlen(kBasicSc
ript), secureURL, insecureURL); |
| 431 expectIntegrity(kSha384Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); | 431 expectIntegrity(kSha384Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); |
| 432 expectIntegrity(kSha512Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); | 432 expectIntegrity(kSha512Integrity, kBasicScript, strlen(kBasicScript), secure
URL, insecureURL); |
| 433 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, strlen(kB
asicScript), secureURL, insecureURL); | 433 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, strlen(kB
asicScript), secureURL, insecureURL); |
| 434 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, strlen(kBas
icScript), secureURL, insecureURL); | 434 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, strlen(kBas
icScript), secureURL, insecureURL); |
| 435 | 435 |
| 436 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, strlen(kBasicScri
pt), secureURL, insecureURL); | 436 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, strlen(kBasicScri
pt), secureURL, insecureURL); |
| 437 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, strlen(kBa
sicScript), secureURL, insecureURL); | 437 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, strlen(kBa
sicScript), secureURL, insecureURL); |
| 438 | 438 |
| 439 expectIntegrityFailure(kSha256Integrity, kBasicScript, strlen(kBasicScript),
secureURL, insecureURL, NoCors); | 439 expectIntegrityFailure(kSha256Integrity, kBasicScript, strlen(kBasicScript),
secureURL, insecureURL, NoCors); |
| 440 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, str
len(kBasicScript), secureURL, insecureURL); | 440 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, str
len(kBasicScript), secureURL, insecureURL); |
| 441 } | 441 } |
| 442 | 442 |
| 443 } // namespace blink | 443 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1655413002:
Merge updateSecurityOrigin() and setSecurityOrigin(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master