OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "base/command_line.h" | |
6 #include "content/public/common/content_switches.h" | |
7 #include "content/public/test/browser_test_utils.h" | |
8 #include "content/test/content_browser_test.h" | |
9 #include "content/test/content_browser_test_utils.h" | |
10 | |
11 namespace content { | |
12 | |
13 // The goal of these tests is to "simulate" exploited renderer processes, which | |
Charlie Reis
2013/08/22 18:23:30
The goal of these tests is to "simulate" -> These
dsjang
2013/08/22 19:05:55
Done.
| |
14 // can fetch arbitrary resources from other websites, not constrained by the | |
15 // Same Origin Policy. We are trying to verify that the renderer cannot fetch | |
16 // any cross-site document responses even when the Same Origin Policy is | |
17 // invalidated inside the renderer. | |
Charlie Reis
2013/08/22 18:23:30
invalidated -> turned off
dsjang
2013/08/22 19:05:55
Done.
| |
18 class SiteIsolationPolicyBrowserTest : public ContentBrowserTest { | |
19 public: | |
20 SiteIsolationPolicyBrowserTest() {} | |
21 virtual ~SiteIsolationPolicyBrowserTest() {} | |
22 | |
23 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | |
24 ASSERT_TRUE(test_server()->Start()); | |
25 net::SpawnedTestServer https_server( | |
26 net::SpawnedTestServer::TYPE_HTTPS, | |
27 net::SpawnedTestServer::kLocalhost, | |
28 base::FilePath(FILE_PATH_LITERAL("content/test/data"))); | |
29 ASSERT_TRUE(https_server.Start()); | |
30 | |
31 // Add a host resolver rule to map all outgoing requests to the test server. | |
32 // This allows us to use "real" hostnames in URLs, which we can use to | |
33 // create arbitrary SiteInstances. | |
34 command_line->AppendSwitchASCII( | |
35 switches::kHostResolverRules, | |
36 "MAP * " + test_server()->host_port_pair().ToString() + | |
37 ",EXCLUDE localhost"); | |
38 | |
39 // Since we assume exploited renderer process, it can bypass the same origin | |
40 // policy at will. Simulate that by passing the disable-web-security flag. | |
41 command_line->AppendSwitch(switches::kDisableWebSecurity); | |
42 | |
43 // We assume that we're using our cross-site document blocking logic which | |
44 // is turned on even when the Same Origin Policy is turned off. | |
45 command_line->AppendSwitch(switches::kCrossSiteDocumentBlocking); | |
46 } | |
47 | |
48 private: | |
49 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest); | |
50 }; | |
51 | |
52 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, | |
53 CrossSiteDocumentBlockingForMimeType) { | |
54 // Load a page that issues illegal cross-site document requests to bar.com. | |
55 // The page uses XHR to request HTML/XML/JSON documents from bar.com, and | |
56 // inspect if any of them were successfully received. The XHR requests will | |
Charlie Reis
2013/08/22 18:23:30
inspects
dsjang
2013/08/22 19:05:55
Done.
| |
57 // get a one character string ' ' for a blocked response. This test is only | |
58 // possible since we run the browser without the same origin policy. | |
59 GURL foo("http://foo.com/files/cross_site_document_request.html"); | |
60 | |
61 content::DOMMessageQueue msg_queue; | |
62 | |
63 NavigateToURL(shell(), foo); | |
64 | |
65 std::string status; | |
Charlie Reis
2013/08/22 18:23:30
Can you add a comment here saying that the test wi
dsjang
2013/08/22 19:05:55
Done.
| |
66 std::string expected_status("1"); | |
67 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); | |
68 EXPECT_STREQ(status.c_str(), expected_status.c_str()); | |
69 } | |
70 | |
71 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, | |
72 CrossSiteDocumentBlockingForDifferentTargets) { | |
73 // This webpage loads a cross-site HTML page in different targets such as | |
74 // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one | |
75 // character string (' ') is returned instead, this tests that the renderer | |
76 // does not crash even when it receives a response body which is " ", whose | |
77 // length is different from what's described in "content-length" for such | |
78 // different targets. | |
79 GURL foo("http://foo.com/files/cross_site_document_request_target.html"); | |
80 NavigateToURL(shell(), foo); | |
81 } | |
82 | |
83 } | |
OLD | NEW |