content/child/site_isolation_policy_browsertest.cc - Issue 22254005: UMA data collector for cross-site documents(XSD)

Side by Side Diff: content/child/site_isolation_policy_browsertest.cc

Issue 22254005: UMA data collector for cross-site documents(XSD) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr

Patch Set: blocking code gets simpler and testcase is moved to /content Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/child/site_isolation_policy.cc ('K') | « content/child/site_isolation_policy.cc ('k') | content/child/site_isolation_policy_unittest.cc » ('j') | content/public/common/content_switches.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/command_line.h"

	6 #include "content/public/common/content_switches.h"

	7 #include "content/public/test/browser_test_utils.h"

	8 #include "content/test/content_browser_test.h"

	9 #include "content/test/content_browser_test_utils.h"

	10

	11 namespace content {

	12

	13 // The goal of these tests is to "simulate" exploited renderer processes, which
	Charlie Reis 2013/08/22 18:23:30 The goal of these tests is to "simulate" -> These The goal of these tests is to "simulate" -> These tests simulate dsjang 2013/08/22 19:05:55 Done. Show quoted text On 2013/08/22 18:23:30, creis wrote: > The goal of these tests is to "simulate" -> These tests simulate Done.
	14 // can fetch arbitrary resources from other websites, not constrained by the

	15 // Same Origin Policy. We are trying to verify that the renderer cannot fetch

	16 // any cross-site document responses even when the Same Origin Policy is

	17 // invalidated inside the renderer.
	Charlie Reis 2013/08/22 18:23:30 invalidated -> turned off invalidated -> turned off dsjang 2013/08/22 19:05:55 Done. Show quoted text On 2013/08/22 18:23:30, creis wrote: > invalidated -> turned off Done.
	18 class SiteIsolationPolicyBrowserTest : public ContentBrowserTest {

	19 public:

	20 SiteIsolationPolicyBrowserTest() {}

	21 virtual ~SiteIsolationPolicyBrowserTest() {}

	22

	23 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {

	24 ASSERT_TRUE(test_server()->Start());

	25 net::SpawnedTestServer https_server(

	26 net::SpawnedTestServer::TYPE_HTTPS,

	27 net::SpawnedTestServer::kLocalhost,

	28 base::FilePath(FILE_PATH_LITERAL("content/test/data")));

	29 ASSERT_TRUE(https_server.Start());

	30

	31 // Add a host resolver rule to map all outgoing requests to the test server.

	32 // This allows us to use "real" hostnames in URLs, which we can use to

	33 // create arbitrary SiteInstances.

	34 command_line->AppendSwitchASCII(

	35 switches::kHostResolverRules,

	36 "MAP * " + test_server()->host_port_pair().ToString() +

	37 ",EXCLUDE localhost");

	38

	39 // Since we assume exploited renderer process, it can bypass the same origin

	40 // policy at will. Simulate that by passing the disable-web-security flag.

	41 command_line->AppendSwitch(switches::kDisableWebSecurity);

	42

	43 // We assume that we're using our cross-site document blocking logic which

	44 // is turned on even when the Same Origin Policy is turned off.

	45 command_line->AppendSwitch(switches::kCrossSiteDocumentBlocking);

	46 }

	47

	48 private:

	49 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest);

	50 };

	51

	52 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,

	53 CrossSiteDocumentBlockingForMimeType) {

	54 // Load a page that issues illegal cross-site document requests to bar.com.

	55 // The page uses XHR to request HTML/XML/JSON documents from bar.com, and

	56 // inspect if any of them were successfully received. The XHR requests will
	Charlie Reis 2013/08/22 18:23:30 inspects inspects dsjang 2013/08/22 19:05:55 Done. Show quoted text On 2013/08/22 18:23:30, creis wrote: > inspects Done.
	57 // get a one character string ' ' for a blocked response. This test is only

	58 // possible since we run the browser without the same origin policy.

	59 GURL foo("http://foo.com/files/cross_site_document_request.html");

	60

	61 content::DOMMessageQueue msg_queue;

	62

	63 NavigateToURL(shell(), foo);

	64

	65 std::string status;
	Charlie Reis 2013/08/22 18:23:30 Can you add a comment here saying that the test wi Can you add a comment here saying that the test will return 1 from the DOMAutomationController if it succeeds? Otherwise it's hard to tell what's happening here. dsjang 2013/08/22 19:05:55 Done. Show quoted text On 2013/08/22 18:23:30, creis wrote: > Can you add a comment here saying that the test will return 1 from the > DOMAutomationController if it succeeds? Otherwise it's hard to tell what's > happening here. Done.
	66 std::string expected_status("1");

	67 EXPECT_TRUE(msg_queue.WaitForMessage(&status));

	68 EXPECT_STREQ(status.c_str(), expected_status.c_str());

	69 }

	70

	71 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,

	72 CrossSiteDocumentBlockingForDifferentTargets) {

	73 // This webpage loads a cross-site HTML page in different targets such as

	74 // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one

	75 // character string (' ') is returned instead, this tests that the renderer

	76 // does not crash even when it receives a response body which is " ", whose

	77 // length is different from what's described in "content-length" for such

	78 // different targets.

	79 GURL foo("http://foo.com/files/cross_site_document_request_target.html");

	80 NavigateToURL(shell(), foo);

	81 }

	82

	83 }

OLD	NEW