Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/site_isolation_policy_browsertest.cc

Issue 22254005: UMA data collector for cross-site documents(XSD) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr
Patch Set: Names are corrected Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/child/resource_dispatcher.cc ('K') | « content/child/site_isolation_policy.cc ('k') | content/child/site_isolation_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/site_isolation_policy_browsertest.cc
diff --git a/content/child/site_isolation_policy_browsertest.cc b/content/child/site_isolation_policy_browsertest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..0ebcee66643af17712a9df1f2fba999184ec2334
--- /dev/null
+++ b/content/child/site_isolation_policy_browsertest.cc
@@ -0,0 +1,84 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/command_line.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test_utils.h"
+#include "content/test/content_browser_test.h"
+#include "content/test/content_browser_test_utils.h"
+
+namespace content {
+
+// These tests simulate exploited renderer processes, which can fetch arbitrary
+// resources from other websites, not constrained by the Same Origin Policy. We
+// are trying to verify that the renderer cannot fetch any cross-site document
+// responses even when the Same Origin Policy is turned off inside the renderer.
+class SiteIsolationPolicyBrowserTest : public ContentBrowserTest {
+ public:
+ SiteIsolationPolicyBrowserTest() {}
+ virtual ~SiteIsolationPolicyBrowserTest() {}
+
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+ ASSERT_TRUE(test_server()->Start());
+ net::SpawnedTestServer https_server(
+ net::SpawnedTestServer::TYPE_HTTPS,
+ net::SpawnedTestServer::kLocalhost,
+ base::FilePath(FILE_PATH_LITERAL("content/test/data")));
+ ASSERT_TRUE(https_server.Start());
+
+ // Add a host resolver rule to map all outgoing requests to the test server.
+ // This allows us to use "real" hostnames in URLs, which we can use to
+ // create arbitrary SiteInstances.
+ command_line->AppendSwitchASCII(
+ switches::kHostResolverRules,
+ "MAP * " + test_server()->host_port_pair().ToString() +
+ ",EXCLUDE localhost");
+
+ // Since we assume exploited renderer process, it can bypass the same origin
+ // policy at will. Simulate that by passing the disable-web-security flag.
+ command_line->AppendSwitch(switches::kDisableWebSecurity);
+
+ // We assume that we're using our cross-site document blocking logic which
+ // is turned on even when the Same Origin Policy is turned off.
+ command_line->AppendSwitch(switches::kBlockCrossSiteDocuments);
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest);
+};
+
+IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,
+ CrossSiteDocumentBlockingForMimeType) {
+ // Load a page that issues illegal cross-site document requests to bar.com.
+ // The page uses XHR to request HTML/XML/JSON documents from bar.com, and
+ // inspects if any of them were successfully received. The XHR requests will
+ // get a one character string ' ' for a blocked response. This test is only
+ // possible since we run the browser without the same origin policy.
+ GURL foo("http://foo.com/files/cross_site_document_request.html");
+
+ content::DOMMessageQueue msg_queue;
+
+ NavigateToURL(shell(), foo);
+
+ std::string status;
+ // The page will returns 1 from the DOMAutomationController if it succeeds,
+ // otherwise it will return 0.
+ std::string expected_status("1");
+ EXPECT_TRUE(msg_queue.WaitForMessage(&status));
+ EXPECT_STREQ(status.c_str(), expected_status.c_str());
+}
+
+IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,
+ CrossSiteDocumentBlockingForDifferentTargets) {
+ // This webpage loads a cross-site HTML page in different targets such as
+ // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one
+ // character string (' ') is returned instead, this tests that the renderer
+ // does not crash even when it receives a response body which is " ", whose
+ // length is different from what's described in "content-length" for such
+ // different targets.
+ GURL foo("http://foo.com/files/cross_site_document_request_target.html");
+ NavigateToURL(shell(), foo);
+}
+
+}
« content/child/resource_dispatcher.cc ('K') | « content/child/site_isolation_policy.cc ('k') | content/child/site_isolation_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698