OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stddef.h> | 5 #include <stddef.h> |
6 #include <stdint.h> | 6 #include <stdint.h> |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/bind_helpers.h" | 12 #include "base/bind_helpers.h" |
13 #include "base/command_line.h" | 13 #include "base/command_line.h" |
14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
15 #include "base/files/file_util.h" | 15 #include "base/files/file_util.h" |
16 #include "base/files/scoped_temp_dir.h" | 16 #include "base/files/scoped_temp_dir.h" |
17 #include "base/macros.h" | 17 #include "base/macros.h" |
18 #include "base/path_service.h" | 18 #include "base/path_service.h" |
19 #include "base/run_loop.h" | 19 #include "base/run_loop.h" |
20 #include "base/strings/string_util.h" | 20 #include "base/strings/string_util.h" |
| 21 #include "base/strings/stringprintf.h" |
21 #include "base/strings/utf_string_conversions.h" | 22 #include "base/strings/utf_string_conversions.h" |
22 #include "base/test/test_file_util.h" | 23 #include "base/test/test_file_util.h" |
23 #include "build/build_config.h" | 24 #include "build/build_config.h" |
24 #include "chrome/app/chrome_command_ids.h" | 25 #include "chrome/app/chrome_command_ids.h" |
25 #include "chrome/browser/download/chrome_download_manager_delegate.h" | 26 #include "chrome/browser/download/chrome_download_manager_delegate.h" |
26 #include "chrome/browser/download/download_history.h" | 27 #include "chrome/browser/download/download_history.h" |
27 #include "chrome/browser/download/download_prefs.h" | 28 #include "chrome/browser/download/download_prefs.h" |
28 #include "chrome/browser/download/download_service.h" | 29 #include "chrome/browser/download/download_service.h" |
29 #include "chrome/browser/download/download_service_factory.h" | 30 #include "chrome/browser/download/download_service_factory.h" |
30 #include "chrome/browser/download/save_package_file_picker.h" | 31 #include "chrome/browser/download/save_package_file_picker.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 using content::BrowserContext; | 66 using content::BrowserContext; |
66 using content::BrowserThread; | 67 using content::BrowserThread; |
67 using content::DownloadItem; | 68 using content::DownloadItem; |
68 using content::DownloadManager; | 69 using content::DownloadManager; |
69 using content::RenderFrameHost; | 70 using content::RenderFrameHost; |
70 using content::RenderProcessHost; | 71 using content::RenderProcessHost; |
71 using content::WebContents; | 72 using content::WebContents; |
72 using net::URLRequestMockHTTPJob; | 73 using net::URLRequestMockHTTPJob; |
73 using testing::ContainsRegex; | 74 using testing::ContainsRegex; |
74 using testing::HasSubstr; | 75 using testing::HasSubstr; |
| 76 using testing::Not; |
75 | 77 |
76 namespace { | 78 namespace { |
77 | 79 |
78 // Returns file contents with each continuous run of whitespace replaced by a | 80 // Returns file contents with each continuous run of whitespace replaced by a |
79 // single space. | 81 // single space. |
80 std::string ReadFileAndCollapseWhitespace(const base::FilePath& file_path) { | 82 std::string ReadFileAndCollapseWhitespace(const base::FilePath& file_path) { |
81 std::string file_contents; | 83 std::string file_contents; |
82 if (!base::ReadFileToString(file_path, &file_contents)) { | 84 if (!base::ReadFileToString(file_path, &file_contents)) { |
83 ADD_FAILURE() << "Failed to read \"" << file_path.value() << "\" file."; | 85 ADD_FAILURE() << "Failed to read \"" << file_path.value() << "\" file."; |
84 return std::string(); | 86 return std::string(); |
(...skipping 702 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
787 base::FilePath full_file_name, dir; | 789 base::FilePath full_file_name, dir; |
788 SaveCurrentTab(url, content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, | 790 SaveCurrentTab(url, content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, |
789 "iframe-src-is-a-download", 3, &dir, &full_file_name); | 791 "iframe-src-is-a-download", 3, &dir, &full_file_name); |
790 ASSERT_FALSE(HasFailure()); | 792 ASSERT_FALSE(HasFailure()); |
791 | 793 |
792 EXPECT_TRUE(base::PathExists(full_file_name)); | 794 EXPECT_TRUE(base::PathExists(full_file_name)); |
793 EXPECT_TRUE(base::PathExists(dir.AppendASCII("thisdayinhistory.html"))); | 795 EXPECT_TRUE(base::PathExists(dir.AppendASCII("thisdayinhistory.html"))); |
794 EXPECT_TRUE(base::PathExists(dir.AppendASCII("no-such-file.html"))); | 796 EXPECT_TRUE(base::PathExists(dir.AppendASCII("no-such-file.html"))); |
795 } | 797 } |
796 | 798 |
| 799 // Test that file: URI won't be saved when referred to from an HTTP page. |
| 800 // See also https://crbug.com/616429. |
| 801 IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, SaveUnauthorizedResource) { |
| 802 GURL url = NavigateToMockURL("unauthorized-access"); |
| 803 |
| 804 // Create a test file (that the web page should not have access to). |
| 805 base::ScopedTempDir temp_dir2; |
| 806 ASSERT_TRUE(temp_dir2.CreateUniqueTempDir()); |
| 807 base::FilePath file_path = |
| 808 temp_dir2.path().Append(FILE_PATH_LITERAL("should-not-save.jpg")); |
| 809 std::string file_content("fake-jpg"); |
| 810 ASSERT_LT( |
| 811 0, base::WriteFile(file_path, file_content.data(), file_content.size())); |
| 812 |
| 813 // Refer to the test file from the test page. |
| 814 GURL file_url = net::FilePathToFileURL(file_path); |
| 815 ASSERT_TRUE(ExecuteScript( |
| 816 browser()->tab_strip_model()->GetWebContentsAt(0), |
| 817 base::StringPrintf("document.getElementById('resource1').src = '%s';", |
| 818 file_url.spec().data()))); |
| 819 |
| 820 // Save the current page. |
| 821 base::FilePath full_file_name, dir; |
| 822 SaveCurrentTab(url, content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, |
| 823 "unauthorized-access", 2, &dir, &full_file_name); |
| 824 |
| 825 // We should not save resource that the web page didn't have access to. |
| 826 // (because executing a resource request can have side effects - for example |
| 827 // after https://crbug.com/590714 a website from the internet should not be |
| 828 // able to issue a resource request to an intranet website and trigger |
| 829 // server-side actions in the internet; this test uses a file: URI as a |
| 830 // canary for detecting whether a website can access restricted resources). |
| 831 EXPECT_FALSE(base::PathExists(dir.AppendASCII("should-not-save.jpg"))); |
| 832 |
| 833 // We should not keep references to the unauthorized resource in links of the |
| 834 // saved html - otherwise the malicious website that embeds an unauthorized |
| 835 // link can just wait until the user opens the saved HTML. |
| 836 std::string main_contents; |
| 837 ASSERT_TRUE(base::ReadFileToString(full_file_name, &main_contents)); |
| 838 EXPECT_THAT(main_contents, Not(HasSubstr(file_url.spec()))); |
| 839 EXPECT_THAT(main_contents, ContainsRegex("src=.*resource-failed-to-save")); |
| 840 } |
| 841 |
797 // Test suite that allows testing --site-per-process against cross-site frames. | 842 // Test suite that allows testing --site-per-process against cross-site frames. |
798 // See http://dev.chromium.org/developers/design-documents/site-isolation. | 843 // See http://dev.chromium.org/developers/design-documents/site-isolation. |
799 class SavePageSitePerProcessBrowserTest : public SavePageBrowserTest { | 844 class SavePageSitePerProcessBrowserTest : public SavePageBrowserTest { |
800 public: | 845 public: |
801 SavePageSitePerProcessBrowserTest() {} | 846 SavePageSitePerProcessBrowserTest() {} |
802 | 847 |
803 protected: | 848 protected: |
804 void SetUpCommandLine(base::CommandLine* command_line) override { | 849 void SetUpCommandLine(base::CommandLine* command_line) override { |
805 SavePageBrowserTest::SetUpCommandLine(command_line); | 850 SavePageBrowserTest::SetUpCommandLine(command_line); |
806 | 851 |
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1246 TestOriginalVsSavedPage(save_page_type, url, 1, expected_substrings); | 1291 TestOriginalVsSavedPage(save_page_type, url, 1, expected_substrings); |
1247 } | 1292 } |
1248 | 1293 |
1249 INSTANTIATE_TEST_CASE_P( | 1294 INSTANTIATE_TEST_CASE_P( |
1250 SaveType, | 1295 SaveType, |
1251 SavePageOriginalVsSavedComparisonTest, | 1296 SavePageOriginalVsSavedComparisonTest, |
1252 ::testing::Values(content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, | 1297 ::testing::Values(content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, |
1253 content::SAVE_PAGE_TYPE_AS_MHTML)); | 1298 content::SAVE_PAGE_TYPE_AS_MHTML)); |
1254 | 1299 |
1255 } // namespace | 1300 } // namespace |
OLD | NEW |