OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "content/browser/child_process_security_policy_impl.h" | 9 #include "content/browser/child_process_security_policy_impl.h" |
10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
163 EXPECT_TRUE(p->CanRequestURL( | 163 EXPECT_TRUE(p->CanRequestURL( |
164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); | 165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); |
166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); | 166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); |
167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
169 EXPECT_TRUE(p->CanCommitURL( | 169 EXPECT_TRUE(p->CanCommitURL( |
170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
171 | 171 |
172 // Safe to request but not commit. | |
173 EXPECT_TRUE(p->CanRequestURL(kRendererID, | |
174 GURL("view-source:http://www.google.com/"))); | |
175 EXPECT_FALSE(p->CanCommitURL(kRendererID, | |
176 GURL("view-source:http://www.google.com/"))); | |
177 | |
178 // Dangerous to request or commit. | 172 // Dangerous to request or commit. |
179 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 173 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
180 GURL("file:///etc/passwd"))); | 174 GURL("file:///etc/passwd"))); |
181 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 175 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
182 GURL("chrome://foo/bar"))); | 176 GURL("chrome://foo/bar"))); |
| 177 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 178 GURL("view-source:http://www.google.com/"))); |
183 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 179 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
184 GURL("file:///etc/passwd"))); | 180 GURL("file:///etc/passwd"))); |
185 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 181 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
186 GURL("chrome://foo/bar"))); | 182 GURL("chrome://foo/bar"))); |
| 183 EXPECT_FALSE( |
| 184 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); |
187 | 185 |
188 p->Remove(kRendererID); | 186 p->Remove(kRendererID); |
189 } | 187 } |
190 | 188 |
191 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 189 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
192 ChildProcessSecurityPolicyImpl* p = | 190 ChildProcessSecurityPolicyImpl* p = |
193 ChildProcessSecurityPolicyImpl::GetInstance(); | 191 ChildProcessSecurityPolicyImpl::GetInstance(); |
194 | 192 |
195 p->Add(kRendererID); | 193 p->Add(kRendererID); |
196 | 194 |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
293 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 291 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
294 p->Remove(kRendererID); | 292 p->Remove(kRendererID); |
295 } | 293 } |
296 | 294 |
297 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 295 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
298 ChildProcessSecurityPolicyImpl* p = | 296 ChildProcessSecurityPolicyImpl* p = |
299 ChildProcessSecurityPolicyImpl::GetInstance(); | 297 ChildProcessSecurityPolicyImpl::GetInstance(); |
300 | 298 |
301 p->Add(kRendererID); | 299 p->Add(kRendererID); |
302 | 300 |
303 // View source is determined by the embedded scheme. | 301 // Child processes cannot request view source URLs. |
304 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 302 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
305 GURL("view-source:http://www.google.com/"))); | 303 GURL("view-source:http://www.google.com/"))); |
306 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 304 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
307 GURL("view-source:file:///etc/passwd"))); | 305 GURL("view-source:file:///etc/passwd"))); |
308 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 306 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
309 EXPECT_FALSE(p->CanRequestURL( | 307 EXPECT_FALSE(p->CanRequestURL( |
310 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 308 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
311 | 309 |
312 // View source URLs don't actually commit; the renderer is put into view | 310 // View source URLs don't actually commit; the renderer is put into view |
313 // source mode, and the inner URL commits. | 311 // source mode, and the inner URL commits. |
314 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 312 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
315 GURL("view-source:http://www.google.com/"))); | 313 GURL("view-source:http://www.google.com/"))); |
316 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 314 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
317 GURL("view-source:file:///etc/passwd"))); | 315 GURL("view-source:file:///etc/passwd"))); |
318 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
319 EXPECT_FALSE(p->CanCommitURL( | 317 EXPECT_FALSE(p->CanCommitURL( |
320 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 318 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
321 | 319 |
322 | |
323 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 320 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
324 // View source needs to be able to request the embedded scheme. | 321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
325 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 322 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
326 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 323 EXPECT_FALSE( |
327 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 324 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
328 GURL("view-source:file:///etc/passwd"))); | |
329 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 325 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
330 GURL("view-source:file:///etc/passwd"))); | 326 GURL("view-source:file:///etc/passwd"))); |
331 | |
332 p->Remove(kRendererID); | 327 p->Remove(kRendererID); |
333 } | 328 } |
334 | 329 |
335 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { | 330 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
336 ChildProcessSecurityPolicyImpl* p = | 331 ChildProcessSecurityPolicyImpl* p = |
337 ChildProcessSecurityPolicyImpl::GetInstance(); | 332 ChildProcessSecurityPolicyImpl::GetInstance(); |
338 | 333 |
339 p->Add(kRendererID); | 334 p->Add(kRendererID); |
340 | 335 |
341 GURL icon_url("file:///tmp/foo.png"); | 336 GURL icon_url("file:///tmp/foo.png"); |
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
732 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); | 727 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
733 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); | 728 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); |
734 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | 729 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
735 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | 730 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
736 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); | 731 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
737 | 732 |
738 p->Remove(kRendererID); | 733 p->Remove(kRendererID); |
739 } | 734 } |
740 | 735 |
741 } // namespace content | 736 } // namespace content |
OLD | NEW |