OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "content/browser/child_process_security_policy_impl.h" | 9 #include "content/browser/child_process_security_policy_impl.h" |
10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme)); | 134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme)); |
135 } | 135 } |
136 | 136 |
137 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { | 137 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
138 ChildProcessSecurityPolicyImpl* p = | 138 ChildProcessSecurityPolicyImpl* p = |
139 ChildProcessSecurityPolicyImpl::GetInstance(); | 139 ChildProcessSecurityPolicyImpl::GetInstance(); |
140 | 140 |
141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); | 141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); |
142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); | 142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); |
143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); | 143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); |
144 EXPECT_TRUE(p->IsPseudoScheme(kHttpSuboriginScheme)); | |
145 EXPECT_TRUE(p->IsPseudoScheme(kHttpsSuboriginScheme)); | |
144 | 146 |
145 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); | 147 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); |
146 p->RegisterPseudoScheme("registered-pseudo-scheme"); | 148 p->RegisterPseudoScheme("registered-pseudo-scheme"); |
147 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); | 149 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); |
148 | 150 |
149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); | 151 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); |
150 } | 152 } |
151 | 153 |
152 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 154 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
153 ChildProcessSecurityPolicyImpl* p = | 155 ChildProcessSecurityPolicyImpl* p = |
154 ChildProcessSecurityPolicyImpl::GetInstance(); | 156 ChildProcessSecurityPolicyImpl::GetInstance(); |
155 | 157 |
156 p->Add(kRendererID); | 158 p->Add(kRendererID); |
157 | 159 |
158 // Safe to request or commit. | 160 // Safe to request or commit. |
159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); |
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); |
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
163 EXPECT_TRUE(p->CanRequestURL( | 165 EXPECT_TRUE(p->CanRequestURL( |
164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); | 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); |
166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); | 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); |
167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 169 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 170 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
169 EXPECT_TRUE(p->CanCommitURL( | 171 EXPECT_TRUE(p->CanCommitURL( |
170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 172 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
173 EXPECT_TRUE( | |
174 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/"))); | |
175 EXPECT_TRUE( | |
176 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/"))); | |
177 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/"))); | |
178 EXPECT_TRUE( | |
179 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | |
180 EXPECT_TRUE(p->CanSetAsOriginHeader( | |
181 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | |
171 | 182 |
172 // Dangerous to request or commit. | 183 // Dangerous to request, commit, or set as origin header. |
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 184 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
174 GURL("file:///etc/passwd"))); | 185 GURL("file:///etc/passwd"))); |
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 186 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
176 GURL("chrome://foo/bar"))); | 187 GURL("chrome://foo/bar"))); |
177 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 188 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
178 GURL("view-source:http://www.google.com/"))); | 189 GURL("view-source:http://www.google.com/"))); |
179 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 190 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
180 GURL("file:///etc/passwd"))); | 191 GURL("file:///etc/passwd"))); |
181 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 192 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
182 GURL("chrome://foo/bar"))); | 193 GURL("chrome://foo/bar"))); |
183 EXPECT_FALSE( | 194 EXPECT_FALSE( |
184 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); | 195 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); |
196 EXPECT_FALSE( | |
197 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
198 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar"))); | |
nasko
2016/09/23 21:59:48
Hmm, do we really want to leak chrome:// origins t
jww
2016/09/23 22:52:27
Well, we already are :-) chrome:// headers already
nasko
2016/09/23 23:29:42
Definitely the job for another CL. We shouldn't be
| |
199 EXPECT_FALSE(p->CanSetAsOriginHeader( | |
200 kRendererID, GURL("view-source:http://www.google.com/"))); | |
185 | 201 |
186 p->Remove(kRendererID); | 202 p->Remove(kRendererID); |
187 } | 203 } |
188 | 204 |
189 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 205 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
190 ChildProcessSecurityPolicyImpl* p = | 206 ChildProcessSecurityPolicyImpl* p = |
191 ChildProcessSecurityPolicyImpl::GetInstance(); | 207 ChildProcessSecurityPolicyImpl::GetInstance(); |
192 | 208 |
193 p->Add(kRendererID); | 209 p->Add(kRendererID); |
194 | 210 |
195 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 211 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
196 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 212 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
197 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 213 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
198 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 214 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
199 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); | 215 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); |
200 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); | 216 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); |
201 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); | 217 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); |
202 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); | 218 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); |
219 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank"))); | |
220 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK"))); | |
221 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK"))); | |
222 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank"))); | |
203 | 223 |
204 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 224 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
205 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 225 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
206 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 226 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
207 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version"))); | 227 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version"))); |
208 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); | 228 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); |
209 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); | 229 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); |
210 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); | 230 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); |
211 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); | 231 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); |
232 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); | |
233 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache"))); | |
234 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang"))); | |
235 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version"))); | |
212 | 236 |
213 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); | 237 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); |
214 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 238 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
215 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 239 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
216 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); | 240 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); |
217 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); | 241 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); |
218 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); | 242 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); |
219 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); | 243 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); |
244 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); | |
245 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh"))); | |
246 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe"))); | |
247 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); | |
220 | 248 |
221 // Requests for about: pages should be denied. | 249 // Requests for about: pages should be denied. |
222 p->GrantRequestURL(kRendererID, GURL("about:crash")); | 250 p->GrantRequestURL(kRendererID, GURL("about:crash")); |
223 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 251 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
224 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); | 252 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); |
253 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); | |
225 | 254 |
226 // These requests for chrome:// pages should be granted. | 255 // These requests for chrome:// pages should be granted. |
227 GURL chrome_url("chrome://foo"); | 256 GURL chrome_url("chrome://foo"); |
228 p->GrantRequestURL(kRendererID, chrome_url); | 257 p->GrantRequestURL(kRendererID, chrome_url); |
229 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); | 258 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); |
230 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); | 259 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); |
260 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url)); | |
231 | 261 |
232 p->Remove(kRendererID); | 262 p->Remove(kRendererID); |
233 } | 263 } |
234 | 264 |
235 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 265 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
236 ChildProcessSecurityPolicyImpl* p = | 266 ChildProcessSecurityPolicyImpl* p = |
237 ChildProcessSecurityPolicyImpl::GetInstance(); | 267 ChildProcessSecurityPolicyImpl::GetInstance(); |
238 | 268 |
239 p->Add(kRendererID); | 269 p->Add(kRendererID); |
240 | 270 |
241 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 271 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
242 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); | 272 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
273 EXPECT_FALSE( | |
274 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); | |
243 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | 275 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
244 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 276 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
245 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); | 277 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
278 EXPECT_FALSE( | |
279 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); | |
246 | 280 |
247 p->Remove(kRendererID); | 281 p->Remove(kRendererID); |
248 } | 282 } |
283 | |
284 TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) { | |
285 ChildProcessSecurityPolicyImpl* p = | |
286 ChildProcessSecurityPolicyImpl::GetInstance(); | |
287 | |
288 p->Add(kRendererID); | |
289 | |
290 // Suborigin URLs are not requestable or commitable. | |
nasko
2016/09/23 21:59:48
nit: committable?
jww
2016/09/23 22:52:27
Done.
| |
291 EXPECT_FALSE( | |
292 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com"))); | |
293 EXPECT_FALSE( | |
294 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com"))); | |
295 EXPECT_FALSE( | |
296 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com"))); | |
297 EXPECT_FALSE( | |
298 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com"))); | |
299 | |
300 // Suborigin URLs are valid origin headers. | |
301 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, | |
302 GURL("http-so://foobar.example.com"))); | |
303 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, | |
304 GURL("https-so://foobar.example.com"))); | |
305 | |
nasko
2016/09/23 21:59:48
Let's add coverage to ensure that even after calli
jww
2016/09/23 22:52:27
Done.
| |
306 p->Remove(kRendererID); | |
307 } | |
249 | 308 |
250 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { | 309 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
251 ChildProcessSecurityPolicyImpl* p = | 310 ChildProcessSecurityPolicyImpl* p = |
252 ChildProcessSecurityPolicyImpl::GetInstance(); | 311 ChildProcessSecurityPolicyImpl::GetInstance(); |
253 | 312 |
254 p->Add(kRendererID); | 313 p->Add(kRendererID); |
255 | 314 |
256 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be | 315 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be |
257 // requested but not committed. | 316 // requested but not committed. |
258 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 317 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
259 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 318 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
319 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); | |
260 | 320 |
261 // Once we register "asdf", we default to deny. | 321 // Once we register "asdf", we default to deny. |
262 RegisterTestScheme("asdf"); | 322 RegisterTestScheme("asdf"); |
263 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 323 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
264 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 324 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
325 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); | |
265 | 326 |
266 // We can allow new schemes by adding them to the whitelist. | 327 // We can allow new schemes by adding them to the whitelist. |
267 p->RegisterWebSafeScheme("asdf"); | 328 p->RegisterWebSafeScheme("asdf"); |
268 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 329 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
269 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 330 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
331 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); | |
270 | 332 |
271 // Cleanup. | 333 // Cleanup. |
272 p->Remove(kRendererID); | 334 p->Remove(kRendererID); |
273 } | 335 } |
274 | 336 |
275 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { | 337 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
276 ChildProcessSecurityPolicyImpl* p = | 338 ChildProcessSecurityPolicyImpl* p = |
277 ChildProcessSecurityPolicyImpl::GetInstance(); | 339 ChildProcessSecurityPolicyImpl::GetInstance(); |
278 | 340 |
279 p->Add(kRendererID); | 341 p->Add(kRendererID); |
280 | 342 |
281 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 343 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
282 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 344 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
345 EXPECT_FALSE( | |
346 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
283 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | 347 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
284 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 348 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
285 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 349 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
350 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
286 | 351 |
287 // We should forget our state if we repeat a renderer id. | 352 // We should forget our state if we repeat a renderer id. |
288 p->Remove(kRendererID); | 353 p->Remove(kRendererID); |
289 p->Add(kRendererID); | 354 p->Add(kRendererID); |
290 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 355 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
291 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 356 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
357 EXPECT_FALSE( | |
358 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
292 p->Remove(kRendererID); | 359 p->Remove(kRendererID); |
293 } | 360 } |
294 | 361 |
295 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 362 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
296 ChildProcessSecurityPolicyImpl* p = | 363 ChildProcessSecurityPolicyImpl* p = |
297 ChildProcessSecurityPolicyImpl::GetInstance(); | 364 ChildProcessSecurityPolicyImpl::GetInstance(); |
298 | 365 |
299 p->Add(kRendererID); | 366 p->Add(kRendererID); |
300 | 367 |
301 // Child processes cannot request view source URLs. | 368 // Child processes cannot request view source URLs. |
302 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 369 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
303 GURL("view-source:http://www.google.com/"))); | 370 GURL("view-source:http://www.google.com/"))); |
304 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 371 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
305 GURL("view-source:file:///etc/passwd"))); | 372 GURL("view-source:file:///etc/passwd"))); |
306 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 373 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
307 EXPECT_FALSE(p->CanRequestURL( | 374 EXPECT_FALSE(p->CanRequestURL( |
308 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 375 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
309 | 376 |
310 // View source URLs don't actually commit; the renderer is put into view | 377 // View source URLs don't actually commit; the renderer is put into view |
311 // source mode, and the inner URL commits. | 378 // source mode, and the inner URL commits. |
312 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 379 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
313 GURL("view-source:http://www.google.com/"))); | 380 GURL("view-source:http://www.google.com/"))); |
314 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 381 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
315 GURL("view-source:file:///etc/passwd"))); | 382 GURL("view-source:file:///etc/passwd"))); |
316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 383 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
317 EXPECT_FALSE(p->CanCommitURL( | 384 EXPECT_FALSE(p->CanCommitURL( |
318 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 385 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
319 | 386 |
387 // View source URLs should not be setable as origin headers | |
388 EXPECT_FALSE(p->CanSetAsOriginHeader( | |
389 kRendererID, GURL("view-source:http://www.google.com/"))); | |
390 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, | |
391 GURL("view-source:file:///etc/passwd"))); | |
392 EXPECT_FALSE( | |
393 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
394 EXPECT_FALSE(p->CanSetAsOriginHeader( | |
395 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | |
396 | |
320 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 397 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 398 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
322 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 399 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
323 EXPECT_FALSE( | 400 EXPECT_FALSE( |
401 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); | |
402 EXPECT_FALSE( | |
324 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); | 403 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
325 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 404 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
326 GURL("view-source:file:///etc/passwd"))); | 405 GURL("view-source:file:///etc/passwd"))); |
406 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, | |
407 GURL("view-source:file:///etc/passwd"))); | |
327 p->Remove(kRendererID); | 408 p->Remove(kRendererID); |
328 } | 409 } |
329 | 410 |
330 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { | 411 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
331 ChildProcessSecurityPolicyImpl* p = | 412 ChildProcessSecurityPolicyImpl* p = |
332 ChildProcessSecurityPolicyImpl::GetInstance(); | 413 ChildProcessSecurityPolicyImpl::GetInstance(); |
333 | 414 |
334 p->Add(kRendererID); | 415 p->Add(kRendererID); |
335 | 416 |
336 GURL icon_url("file:///tmp/foo.png"); | 417 GURL icon_url("file:///tmp/foo.png"); |
337 GURL sensitive_url("file:///etc/passwd"); | 418 GURL sensitive_url("file:///etc/passwd"); |
338 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); | 419 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); |
339 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 420 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
340 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); | 421 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); |
341 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); | 422 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
423 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url)); | |
424 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); | |
342 | 425 |
343 p->GrantRequestSpecificFileURL(kRendererID, icon_url); | 426 p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
344 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 427 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
345 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 428 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
346 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); | 429 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
347 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); | 430 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
431 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); | |
432 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); | |
348 | 433 |
349 p->GrantRequestURL(kRendererID, icon_url); | 434 p->GrantRequestURL(kRendererID, icon_url); |
350 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 435 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
351 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 436 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
352 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); | 437 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
353 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); | 438 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); |
439 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); | |
440 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); | |
354 | 441 |
355 p->Remove(kRendererID); | 442 p->Remove(kRendererID); |
356 } | 443 } |
357 | 444 |
358 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { | 445 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { |
359 ChildProcessSecurityPolicyImpl* p = | 446 ChildProcessSecurityPolicyImpl* p = |
360 ChildProcessSecurityPolicyImpl::GetInstance(); | 447 ChildProcessSecurityPolicyImpl::GetInstance(); |
361 | 448 |
362 p->Add(kRendererID); | 449 p->Add(kRendererID); |
363 std::string read_id = | 450 std::string read_id = |
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
704 GURL url_foo1("chrome://foo/resource1"); | 791 GURL url_foo1("chrome://foo/resource1"); |
705 GURL url_foo2("chrome://foo/resource2"); | 792 GURL url_foo2("chrome://foo/resource2"); |
706 GURL url_bar("chrome://bar/resource3"); | 793 GURL url_bar("chrome://bar/resource3"); |
707 | 794 |
708 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); | 795 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); |
709 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); | 796 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); |
710 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); | 797 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); |
711 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); | 798 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); |
712 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); | 799 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); |
713 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); | 800 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
801 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); | |
802 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); | |
803 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); | |
714 | 804 |
715 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); | 805 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); |
716 | 806 |
717 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); | 807 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); |
718 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); | 808 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
719 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); | 809 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); |
720 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | 810 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
721 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | 811 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
722 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); | 812 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
813 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); | |
814 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); | |
815 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); | |
723 | 816 |
724 p->GrantScheme(kRendererID, kChromeUIScheme); | 817 p->GrantScheme(kRendererID, kChromeUIScheme); |
725 | 818 |
726 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); | 819 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); |
727 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); | 820 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
728 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); | 821 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); |
729 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | 822 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
730 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | 823 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
731 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); | 824 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
825 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); | |
826 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); | |
827 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar)); | |
732 | 828 |
733 p->Remove(kRendererID); | 829 p->Remove(kRendererID); |
734 } | 830 } |
735 | 831 |
736 } // namespace content | 832 } // namespace content |
OLD | NEW |