Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(77)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_unittest.cc

Issue 2332263002: Updated suborigin serialization to latest spec proposal (Closed)
Patch Set: Actually disable test Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/loader/resource_dispatcher_host_impl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "base/files/file_path.h" 8 #include "base/files/file_path.h"
9 #include "content/browser/child_process_security_policy_impl.h" 9 #include "content/browser/child_process_security_policy_impl.h"
10 #include "content/public/common/url_constants.h" 10 #include "content/public/common/url_constants.h"
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme)); 134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme));
135 } 135 }
136 136
137 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { 137 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
138 ChildProcessSecurityPolicyImpl* p = 138 ChildProcessSecurityPolicyImpl* p =
139 ChildProcessSecurityPolicyImpl::GetInstance(); 139 ChildProcessSecurityPolicyImpl::GetInstance();
140 140
141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); 141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); 142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); 143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
144 EXPECT_TRUE(p->IsPseudoScheme(kHttpSuboriginScheme));
145 EXPECT_TRUE(p->IsPseudoScheme(kHttpsSuboriginScheme));
144 146
145 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); 147 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
146 p->RegisterPseudoScheme("registered-pseudo-scheme"); 148 p->RegisterPseudoScheme("registered-pseudo-scheme");
147 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); 149 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
148 150
149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); 151 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme));
150 } 152 }
151 153
152 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { 154 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
153 ChildProcessSecurityPolicyImpl* p = 155 ChildProcessSecurityPolicyImpl* p =
154 ChildProcessSecurityPolicyImpl::GetInstance(); 156 ChildProcessSecurityPolicyImpl::GetInstance();
155 157
156 p->Add(kRendererID); 158 p->Add(kRendererID);
157 159
158 // Safe to request or commit. 160 // Safe to request or commit.
159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
163 EXPECT_TRUE(p->CanRequestURL( 165 EXPECT_TRUE(p->CanRequestURL(
164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 169 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 170 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
169 EXPECT_TRUE(p->CanCommitURL( 171 EXPECT_TRUE(p->CanCommitURL(
170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 172 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
173 EXPECT_TRUE(
174 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
175 EXPECT_TRUE(
176 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
177 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
178 EXPECT_TRUE(
179 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
180 EXPECT_TRUE(p->CanSetAsOriginHeader(
181 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
171 182
172 // Dangerous to request or commit. 183 // Dangerous to request, commit, or set as origin header.
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, 184 EXPECT_FALSE(p->CanRequestURL(kRendererID,
174 GURL("file:///etc/passwd"))); 185 GURL("file:///etc/passwd")));
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, 186 EXPECT_FALSE(p->CanRequestURL(kRendererID,
176 GURL("chrome://foo/bar"))); 187 GURL("chrome://foo/bar")));
177 EXPECT_FALSE(p->CanRequestURL(kRendererID, 188 EXPECT_FALSE(p->CanRequestURL(kRendererID,
178 GURL("view-source:http://www.google.com/"))); 189 GURL("view-source:http://www.google.com/")));
179 EXPECT_FALSE(p->CanCommitURL(kRendererID, 190 EXPECT_FALSE(p->CanCommitURL(kRendererID,
180 GURL("file:///etc/passwd"))); 191 GURL("file:///etc/passwd")));
181 EXPECT_FALSE(p->CanCommitURL(kRendererID, 192 EXPECT_FALSE(p->CanCommitURL(kRendererID,
182 GURL("chrome://foo/bar"))); 193 GURL("chrome://foo/bar")));
183 EXPECT_FALSE( 194 EXPECT_FALSE(
184 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); 195 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
196 EXPECT_FALSE(
197 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
198 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
199 EXPECT_FALSE(p->CanSetAsOriginHeader(
200 kRendererID, GURL("view-source:http://www.google.com/")));
185 201
186 p->Remove(kRendererID); 202 p->Remove(kRendererID);
187 } 203 }
188 204
189 TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) { 205 TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) {
190 ChildProcessSecurityPolicyImpl* p = 206 ChildProcessSecurityPolicyImpl* p =
191 ChildProcessSecurityPolicyImpl::GetInstance(); 207 ChildProcessSecurityPolicyImpl::GetInstance();
192 208
193 p->Add(kRendererID); 209 p->Add(kRendererID);
194 210
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 p->Add(kRendererID); 261 p->Add(kRendererID);
246 262
247 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); 263 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
248 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); 264 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
249 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); 265 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
250 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); 266 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
251 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); 267 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
252 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); 268 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
253 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); 269 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
254 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); 270 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
271 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
272 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
273 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
274 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
255 275
256 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 276 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
257 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); 277 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
258 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); 278 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
259 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version"))); 279 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version")));
260 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 280 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
261 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); 281 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
262 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); 282 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
263 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); 283 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
284 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
285 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
286 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
287 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
264 288
265 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); 289 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
266 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); 290 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
267 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); 291 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
268 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 292 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
269 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); 293 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
270 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); 294 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
271 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 295 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
296 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
297 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
298 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
299 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
272 300
273 // Requests for about: pages should be denied. 301 // Requests for about: pages should be denied.
274 p->GrantRequestURL(kRendererID, GURL("about:crash")); 302 p->GrantRequestURL(kRendererID, GURL("about:crash"));
275 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 303 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
276 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 304 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
305 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
277 306
278 // These requests for chrome:// pages should be granted. 307 // These requests for chrome:// pages should be granted.
279 GURL chrome_url("chrome://foo"); 308 GURL chrome_url("chrome://foo");
280 p->GrantRequestURL(kRendererID, chrome_url); 309 p->GrantRequestURL(kRendererID, chrome_url);
281 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); 310 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
282 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); 311 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
312 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
283 313
284 p->Remove(kRendererID); 314 p->Remove(kRendererID);
285 } 315 }
286 316
287 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { 317 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
288 ChildProcessSecurityPolicyImpl* p = 318 ChildProcessSecurityPolicyImpl* p =
289 ChildProcessSecurityPolicyImpl::GetInstance(); 319 ChildProcessSecurityPolicyImpl::GetInstance();
290 320
291 p->Add(kRendererID); 321 p->Add(kRendererID);
292 322
293 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 323 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
294 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 324 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
325 EXPECT_FALSE(
326 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
295 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); 327 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
296 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 328 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
297 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 329 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
330 EXPECT_FALSE(
331 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
298 332
299 p->Remove(kRendererID); 333 p->Remove(kRendererID);
300 } 334 }
335
336 TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) {
337 ChildProcessSecurityPolicyImpl* p =
338 ChildProcessSecurityPolicyImpl::GetInstance();
339
340 p->Add(kRendererID);
341
342 // Suborigin URLs are not requestable or committable.
343 EXPECT_FALSE(
344 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com")));
345 EXPECT_FALSE(
346 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com")));
347 EXPECT_FALSE(
348 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com")));
349 EXPECT_FALSE(
350 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
351
352 // It's not possible to grant suborigins requestable status.
353 p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com"));
354 EXPECT_FALSE(
355 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
356
357 // Suborigin URLs are valid origin headers.
358 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
359 GURL("http-so://foobar.example.com")));
360 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
361 GURL("https-so://foobar.example.com")));
362
363 p->Remove(kRendererID);
364 }
301 365
302 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { 366 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
303 ChildProcessSecurityPolicyImpl* p = 367 ChildProcessSecurityPolicyImpl* p =
304 ChildProcessSecurityPolicyImpl::GetInstance(); 368 ChildProcessSecurityPolicyImpl::GetInstance();
305 369
306 p->Add(kRendererID); 370 p->Add(kRendererID);
307 371
308 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be 372 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
309 // requested but not committed. 373 // requested but not committed.
310 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 374 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
311 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 375 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
376 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
312 377
313 // Once we register "asdf", we default to deny. 378 // Once we register "asdf", we default to deny.
314 RegisterTestScheme("asdf"); 379 RegisterTestScheme("asdf");
315 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 380 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 381 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
382 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
317 383
318 // We can allow new schemes by adding them to the whitelist. 384 // We can allow new schemes by adding them to the whitelist.
319 p->RegisterWebSafeScheme("asdf"); 385 p->RegisterWebSafeScheme("asdf");
320 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 386 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
321 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 387 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
388 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
322 389
323 // Cleanup. 390 // Cleanup.
324 p->Remove(kRendererID); 391 p->Remove(kRendererID);
325 } 392 }
326 393
327 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { 394 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
328 ChildProcessSecurityPolicyImpl* p = 395 ChildProcessSecurityPolicyImpl* p =
329 ChildProcessSecurityPolicyImpl::GetInstance(); 396 ChildProcessSecurityPolicyImpl::GetInstance();
330 397
331 p->Add(kRendererID); 398 p->Add(kRendererID);
332 399
333 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 400 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
334 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 401 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
402 EXPECT_FALSE(
403 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
335 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); 404 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
336 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 405 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
337 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 406 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
407 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
338 408
339 // We should forget our state if we repeat a renderer id. 409 // We should forget our state if we repeat a renderer id.
340 p->Remove(kRendererID); 410 p->Remove(kRendererID);
341 p->Add(kRendererID); 411 p->Add(kRendererID);
342 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 412 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
343 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 413 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
414 EXPECT_FALSE(
415 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
344 p->Remove(kRendererID); 416 p->Remove(kRendererID);
345 } 417 }
346 418
347 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { 419 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
348 ChildProcessSecurityPolicyImpl* p = 420 ChildProcessSecurityPolicyImpl* p =
349 ChildProcessSecurityPolicyImpl::GetInstance(); 421 ChildProcessSecurityPolicyImpl::GetInstance();
350 422
351 p->Add(kRendererID); 423 p->Add(kRendererID);
352 424
353 // Child processes cannot request view source URLs. 425 // Child processes cannot request view source URLs.
354 EXPECT_FALSE(p->CanRequestURL(kRendererID, 426 EXPECT_FALSE(p->CanRequestURL(kRendererID,
355 GURL("view-source:http://www.google.com/"))); 427 GURL("view-source:http://www.google.com/")));
356 EXPECT_FALSE(p->CanRequestURL(kRendererID, 428 EXPECT_FALSE(p->CanRequestURL(kRendererID,
357 GURL("view-source:file:///etc/passwd"))); 429 GURL("view-source:file:///etc/passwd")));
358 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 430 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
359 EXPECT_FALSE(p->CanRequestURL( 431 EXPECT_FALSE(p->CanRequestURL(
360 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 432 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
361 433
362 // View source URLs don't actually commit; the renderer is put into view 434 // View source URLs don't actually commit; the renderer is put into view
363 // source mode, and the inner URL commits. 435 // source mode, and the inner URL commits.
364 EXPECT_FALSE(p->CanCommitURL(kRendererID, 436 EXPECT_FALSE(p->CanCommitURL(kRendererID,
365 GURL("view-source:http://www.google.com/"))); 437 GURL("view-source:http://www.google.com/")));
366 EXPECT_FALSE(p->CanCommitURL(kRendererID, 438 EXPECT_FALSE(p->CanCommitURL(kRendererID,
367 GURL("view-source:file:///etc/passwd"))); 439 GURL("view-source:file:///etc/passwd")));
368 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 440 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
369 EXPECT_FALSE(p->CanCommitURL( 441 EXPECT_FALSE(p->CanCommitURL(
370 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 442 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
371 443
444 // View source URLs should not be setable as origin headers
445 EXPECT_FALSE(p->CanSetAsOriginHeader(
446 kRendererID, GURL("view-source:http://www.google.com/")));
447 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
448 GURL("view-source:file:///etc/passwd")));
449 EXPECT_FALSE(
450 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
451 EXPECT_FALSE(p->CanSetAsOriginHeader(
452 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
453
372 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); 454 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
373 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 455 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
374 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 456 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
375 EXPECT_FALSE( 457 EXPECT_FALSE(
458 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
459 EXPECT_FALSE(
376 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); 460 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
377 EXPECT_FALSE(p->CanCommitURL(kRendererID, 461 EXPECT_FALSE(p->CanCommitURL(kRendererID,
378 GURL("view-source:file:///etc/passwd"))); 462 GURL("view-source:file:///etc/passwd")));
463 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
464 GURL("view-source:file:///etc/passwd")));
379 p->Remove(kRendererID); 465 p->Remove(kRendererID);
380 } 466 }
381 467
382 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { 468 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
383 ChildProcessSecurityPolicyImpl* p = 469 ChildProcessSecurityPolicyImpl* p =
384 ChildProcessSecurityPolicyImpl::GetInstance(); 470 ChildProcessSecurityPolicyImpl::GetInstance();
385 471
386 p->Add(kRendererID); 472 p->Add(kRendererID);
387 473
388 GURL icon_url("file:///tmp/foo.png"); 474 GURL icon_url("file:///tmp/foo.png");
389 GURL sensitive_url("file:///etc/passwd"); 475 GURL sensitive_url("file:///etc/passwd");
390 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); 476 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
391 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 477 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
392 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); 478 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
393 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 479 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
480 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
481 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
394 482
395 p->GrantRequestSpecificFileURL(kRendererID, icon_url); 483 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
396 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 484 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
397 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 485 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
398 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 486 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
399 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 487 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
488 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
489 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
400 490
401 p->GrantRequestURL(kRendererID, icon_url); 491 p->GrantRequestURL(kRendererID, icon_url);
402 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 492 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
403 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); 493 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
404 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 494 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
405 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); 495 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
496 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
497 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
406 498
407 p->Remove(kRendererID); 499 p->Remove(kRendererID);
408 } 500 }
409 501
410 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { 502 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
411 ChildProcessSecurityPolicyImpl* p = 503 ChildProcessSecurityPolicyImpl* p =
412 ChildProcessSecurityPolicyImpl::GetInstance(); 504 ChildProcessSecurityPolicyImpl::GetInstance();
413 505
414 p->Add(kRendererID); 506 p->Add(kRendererID);
415 std::string read_id = 507 std::string read_id =
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after
756 GURL url_foo1("chrome://foo/resource1"); 848 GURL url_foo1("chrome://foo/resource1");
757 GURL url_foo2("chrome://foo/resource2"); 849 GURL url_foo2("chrome://foo/resource2");
758 GURL url_bar("chrome://bar/resource3"); 850 GURL url_bar("chrome://bar/resource3");
759 851
760 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); 852 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1));
761 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); 853 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2));
762 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 854 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
763 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); 855 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
764 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); 856 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
765 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 857 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
858 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
859 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
860 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
766 861
767 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); 862 p->GrantOrigin(kRendererID, url::Origin(url_foo1));
768 863
769 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 864 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
770 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 865 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
771 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 866 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
772 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 867 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
773 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 868 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
774 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 869 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
870 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
871 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
872 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
775 873
776 p->GrantScheme(kRendererID, kChromeUIScheme); 874 p->GrantScheme(kRendererID, kChromeUIScheme);
777 875
778 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 876 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
779 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 877 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
780 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); 878 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar));
781 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 879 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
782 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 880 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
783 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); 881 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
882 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
883 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
884 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
784 885
785 p->Remove(kRendererID); 886 p->Remove(kRendererID);
786 } 887 }
787 888
788 } // namespace content 889 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/loader/resource_dispatcher_host_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698