OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/containers/hash_tables.h" | 8 #include "base/containers/hash_tables.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
(...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
394 | 394 |
395 // Send a second message from the interstitial page, and make sure that the | 395 // Send a second message from the interstitial page, and make sure that the |
396 // "evil" message doesn't arrive in the intervening period. | 396 // "evil" message doesn't arrive in the intervening period. |
397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), | 397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), |
398 "window.domAutomationController.send(\"okay2\");")); | 398 "window.domAutomationController.send(\"okay2\");")); |
399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); | 399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); |
400 ASSERT_EQ("\"okay2\"", message); | 400 ASSERT_EQ("\"okay2\"", message); |
401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); | 401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); |
402 } | 402 } |
403 | 403 |
404 class IsolatedAppContentBrowserClient : public TestContentBrowserClient { | 404 class IsolatedAppContentBrowserClient : public TestContentBrowserClient { |
jam
2016/08/01 20:06:01
not needed anymore
ananta
2016/08/02 00:40:50
Done.
| |
405 public: | 405 public: |
406 bool IsIllegalOrigin(content::ResourceContext* resource_context, | 406 bool IsIllegalOrigin(content::ResourceContext* resource_context, |
407 int child_process_id, | 407 int child_process_id, |
408 const GURL& origin) override { | 408 const GURL& origin) override { |
409 // Simulate a case where an app origin is not in an app process. | 409 // Simulate a case where an app origin is not in an app process. |
410 return true; | 410 return true; |
411 } | 411 } |
412 }; | 412 }; |
413 | 413 |
414 // Renderer processes should not be able to spoof Origin HTTP headers. | 414 // Renderer processes should not be able to spoof Origin HTTP headers. |
415 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { | 415 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
416 // Create a set of IPC messages with various Origin headers. | 416 // Create a set of IPC messages with various Origin headers. |
417 ResourceRequest chrome_origin_msg( | 417 ResourceRequest chrome_origin_msg( |
418 CreateXHRRequestWithOrigin("chrome://settings")); | 418 CreateXHRRequestWithOrigin("chrome://settings")); |
419 ResourceRequest embedder_isolated_origin_msg( | 419 ResourceRequest embedder_isolated_origin_msg( |
420 CreateXHRRequestWithOrigin("https://isolated.bar.com")); | 420 CreateXHRRequestWithOrigin("https://isolated.bar.com")); |
421 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); | 421 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); |
422 ResourceRequest invalid_scheme_origin_msg( | 422 ResourceRequest invalid_scheme_origin_msg( |
423 CreateXHRRequestWithOrigin("fake-scheme://foo")); | 423 CreateXHRRequestWithOrigin("fake-scheme://foo")); |
424 | 424 |
425 GURL web_url("http://foo.com/simple_page.html"); | 425 GURL web_url("http://foo.com/simple_page.html"); |
426 NavigateToURL(shell(), web_url); | 426 NavigateToURL(shell(), web_url); |
427 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); | 427 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); |
428 | 428 |
429 ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https"); | |
430 | |
431 ResourceDispatcherHost::Get()->AddOriginAccessInformation( | |
432 shell()->web_contents()->GetBrowserContext()->GetResourceContext(), | |
433 "https://isolated.bar.com"); | |
434 | |
429 // Web processes cannot make XHRs with chrome:// Origin headers. | 435 // Web processes cannot make XHRs with chrome:// Origin headers. |
430 { | 436 { |
431 RenderProcessHostWatcher web_process_killed( | 437 RenderProcessHostWatcher web_process_killed( |
432 web_rfh->GetProcess(), | 438 web_rfh->GetProcess(), |
433 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 439 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
434 IPC::IpcSecurityTestUtil::PwnMessageReceived( | 440 IPC::IpcSecurityTestUtil::PwnMessageReceived( |
435 web_rfh->GetProcess()->GetChannel(), | 441 web_rfh->GetProcess()->GetChannel(), |
436 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), | 442 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), |
437 kRequestIdNotPreviouslyUsed, | 443 kRequestIdNotPreviouslyUsed, |
438 chrome_origin_msg)); | 444 chrome_origin_msg)); |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
550 // separate task of the message loop, so ensure that the process is still | 556 // separate task of the message loop, so ensure that the process is still |
551 // considered alive. | 557 // considered alive. |
552 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); | 558 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); |
553 | 559 |
554 exit_observer.Wait(); | 560 exit_observer.Wait(); |
555 EXPECT_FALSE(exit_observer.did_exit_normally()); | 561 EXPECT_FALSE(exit_observer.did_exit_normally()); |
556 ResourceDispatcherHost::Get()->SetDelegate(nullptr); | 562 ResourceDispatcherHost::Get()->SetDelegate(nullptr); |
557 } | 563 } |
558 | 564 |
559 } // namespace content | 565 } // namespace content |
OLD | NEW |