Index: content/child/site_isolation_policy_browsertest.cc |
diff --git a/content/child/site_isolation_policy_browsertest.cc b/content/child/site_isolation_policy_browsertest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..38f131b43dd4a739c0436ba6639b43e9e35308f9 |
--- /dev/null |
+++ b/content/child/site_isolation_policy_browsertest.cc |
@@ -0,0 +1,83 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "base/command_line.h" |
+#include "content/public/common/content_switches.h" |
+#include "content/public/test/browser_test_utils.h" |
+#include "content/test/content_browser_test.h" |
+#include "content/test/content_browser_test_utils.h" |
+ |
+namespace content { |
+ |
+// The goal of these tests is to "simulate" exploited renderer processes, which |
Charlie Reis
2013/08/22 18:23:30
The goal of these tests is to "simulate" -> These
dsjang
2013/08/22 19:05:55
Done.
|
+// can fetch arbitrary resources from other websites, not constrained by the |
+// Same Origin Policy. We are trying to verify that the renderer cannot fetch |
+// any cross-site document responses even when the Same Origin Policy is |
+// invalidated inside the renderer. |
Charlie Reis
2013/08/22 18:23:30
invalidated -> turned off
dsjang
2013/08/22 19:05:55
Done.
|
+class SiteIsolationPolicyBrowserTest : public ContentBrowserTest { |
+ public: |
+ SiteIsolationPolicyBrowserTest() {} |
+ virtual ~SiteIsolationPolicyBrowserTest() {} |
+ |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ASSERT_TRUE(test_server()->Start()); |
+ net::SpawnedTestServer https_server( |
+ net::SpawnedTestServer::TYPE_HTTPS, |
+ net::SpawnedTestServer::kLocalhost, |
+ base::FilePath(FILE_PATH_LITERAL("content/test/data"))); |
+ ASSERT_TRUE(https_server.Start()); |
+ |
+ // Add a host resolver rule to map all outgoing requests to the test server. |
+ // This allows us to use "real" hostnames in URLs, which we can use to |
+ // create arbitrary SiteInstances. |
+ command_line->AppendSwitchASCII( |
+ switches::kHostResolverRules, |
+ "MAP * " + test_server()->host_port_pair().ToString() + |
+ ",EXCLUDE localhost"); |
+ |
+ // Since we assume exploited renderer process, it can bypass the same origin |
+ // policy at will. Simulate that by passing the disable-web-security flag. |
+ command_line->AppendSwitch(switches::kDisableWebSecurity); |
+ |
+ // We assume that we're using our cross-site document blocking logic which |
+ // is turned on even when the Same Origin Policy is turned off. |
+ command_line->AppendSwitch(switches::kCrossSiteDocumentBlocking); |
+ } |
+ |
+ private: |
+ DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest); |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, |
+ CrossSiteDocumentBlockingForMimeType) { |
+ // Load a page that issues illegal cross-site document requests to bar.com. |
+ // The page uses XHR to request HTML/XML/JSON documents from bar.com, and |
+ // inspect if any of them were successfully received. The XHR requests will |
Charlie Reis
2013/08/22 18:23:30
inspects
dsjang
2013/08/22 19:05:55
Done.
|
+ // get a one character string ' ' for a blocked response. This test is only |
+ // possible since we run the browser without the same origin policy. |
+ GURL foo("http://foo.com/files/cross_site_document_request.html"); |
+ |
+ content::DOMMessageQueue msg_queue; |
+ |
+ NavigateToURL(shell(), foo); |
+ |
+ std::string status; |
Charlie Reis
2013/08/22 18:23:30
Can you add a comment here saying that the test wi
dsjang
2013/08/22 19:05:55
Done.
|
+ std::string expected_status("1"); |
+ EXPECT_TRUE(msg_queue.WaitForMessage(&status)); |
+ EXPECT_STREQ(status.c_str(), expected_status.c_str()); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, |
+ CrossSiteDocumentBlockingForDifferentTargets) { |
+ // This webpage loads a cross-site HTML page in different targets such as |
+ // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one |
+ // character string (' ') is returned instead, this tests that the renderer |
+ // does not crash even when it receives a response body which is " ", whose |
+ // length is different from what's described in "content-length" for such |
+ // different targets. |
+ GURL foo("http://foo.com/files/cross_site_document_request_target.html"); |
+ NavigateToURL(shell(), foo); |
+} |
+ |
+} |