Index: chrome/browser/download/save_page_browsertest.cc |
diff --git a/chrome/browser/download/save_page_browsertest.cc b/chrome/browser/download/save_page_browsertest.cc |
index f25a5a5624031f72633d5087d0dade55624292c1..74b8ff8bc944703c51309bd186b65c56aae3d4fc 100644 |
--- a/chrome/browser/download/save_page_browsertest.cc |
+++ b/chrome/browser/download/save_page_browsertest.cc |
@@ -18,6 +18,7 @@ |
#include "base/path_service.h" |
#include "base/run_loop.h" |
#include "base/strings/string_util.h" |
+#include "base/strings/stringprintf.h" |
#include "base/strings/utf_string_conversions.h" |
#include "base/test/test_file_util.h" |
#include "build/build_config.h" |
@@ -72,6 +73,7 @@ using content::WebContents; |
using net::URLRequestMockHTTPJob; |
using testing::ContainsRegex; |
using testing::HasSubstr; |
+using testing::Not; |
namespace { |
@@ -794,6 +796,49 @@ IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, SaveDownloadableIFrame) { |
EXPECT_TRUE(base::PathExists(dir.AppendASCII("no-such-file.html"))); |
} |
+// Test that file: URI won't be saved when referred to from an HTTP page. |
+// See also https://crbug.com/616429. |
+IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, SaveUnauthorizedResource) { |
+ GURL url = NavigateToMockURL("unauthorized-access"); |
+ |
+ // Create a test file (that the web page should not have access to). |
+ base::ScopedTempDir temp_dir2; |
+ ASSERT_TRUE(temp_dir2.CreateUniqueTempDir()); |
+ base::FilePath file_path = |
+ temp_dir2.path().Append(FILE_PATH_LITERAL("should-not-save.jpg")); |
+ std::string file_content("fake-jpg"); |
+ ASSERT_LT( |
+ 0, base::WriteFile(file_path, file_content.data(), file_content.size())); |
+ |
+ // Refer to the test file from the test page. |
+ GURL file_url = net::FilePathToFileURL(file_path); |
+ ASSERT_TRUE(ExecuteScript( |
+ browser()->tab_strip_model()->GetWebContentsAt(0), |
+ base::StringPrintf("document.getElementById('resource1').src = '%s';", |
+ file_url.spec().data()))); |
+ |
+ // Save the current page. |
+ base::FilePath full_file_name, dir; |
+ SaveCurrentTab(url, content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, |
+ "unauthorized-access", 2, &dir, &full_file_name); |
+ |
+ // We should not save resource that the web page didn't have access to. |
+ // (because executing a resource request can have side effects - for example |
+ // after https://crbug.com/590714 a website from the internet should not be |
+ // able to issue a resource request to an intranet website and trigger |
+ // server-side actions in the internet; this test uses a file: URI as a |
+ // canary for detecting whether a website can access restricted resources). |
+ EXPECT_FALSE(base::PathExists(dir.AppendASCII("should-not-save.jpg"))); |
+ |
+ // We should not keep references to the unauthorized resource in links of the |
+ // saved html - otherwise the malicious website that embeds an unauthorized |
+ // link can just wait until the user opens the saved HTML. |
+ std::string main_contents; |
+ ASSERT_TRUE(base::ReadFileToString(full_file_name, &main_contents)); |
+ EXPECT_THAT(main_contents, Not(HasSubstr(file_url.spec()))); |
+ EXPECT_THAT(main_contents, ContainsRegex("src=.*resource-failed-to-save")); |
+} |
+ |
// Test suite that allows testing --site-per-process against cross-site frames. |
// See http://dev.chromium.org/developers/design-documents/site-isolation. |
class SavePageSitePerProcessBrowserTest : public SavePageBrowserTest { |