OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 18 matching lines...) Expand all Loading... | |
29 */ | 29 */ |
30 | 30 |
31 #include "platform/weborigin/SecurityOrigin.h" | 31 #include "platform/weborigin/SecurityOrigin.h" |
32 | 32 |
33 #include "platform/RuntimeEnabledFeatures.h" | 33 #include "platform/RuntimeEnabledFeatures.h" |
34 #include "platform/blob/BlobURL.h" | 34 #include "platform/blob/BlobURL.h" |
35 #include "platform/weborigin/KURL.h" | 35 #include "platform/weborigin/KURL.h" |
36 #include "platform/weborigin/SecurityPolicy.h" | 36 #include "platform/weborigin/SecurityPolicy.h" |
37 #include "platform/weborigin/Suborigin.h" | 37 #include "platform/weborigin/Suborigin.h" |
38 #include "testing/gtest/include/gtest/gtest.h" | 38 #include "testing/gtest/include/gtest/gtest.h" |
39 #include "url/url_util.h" | |
39 #include "wtf/text/StringBuilder.h" | 40 #include "wtf/text/StringBuilder.h" |
40 #include "wtf/text/WTFString.h" | 41 #include "wtf/text/WTFString.h" |
41 | 42 |
42 namespace blink { | 43 namespace blink { |
43 | 44 |
44 const int MaxAllowedPort = 65535; | 45 const int MaxAllowedPort = 65535; |
45 | 46 |
46 class SecurityOriginTest : public ::testing::Test { }; | 47 class SecurityOriginTest : public ::testing::Test { |
48 public: | |
49 void SetUp() override | |
50 { | |
51 url::AddStandardScheme("http-so", url::SCHEME_WITH_PORT); | |
52 url::AddStandardScheme("https-so", url::SCHEME_WITH_PORT); | |
53 } | |
54 }; | |
47 | 55 |
48 TEST_F(SecurityOriginTest, InvalidPortsCreateUniqueOrigins) | 56 TEST_F(SecurityOriginTest, InvalidPortsCreateUniqueOrigins) |
49 { | 57 { |
50 int ports[] = { -100, -1, MaxAllowedPort + 1, 1000000 }; | 58 int ports[] = { -100, -1, MaxAllowedPort + 1, 1000000 }; |
51 | 59 |
52 for (size_t i = 0; i < WTF_ARRAY_LENGTH(ports); ++i) { | 60 for (size_t i = 0; i < WTF_ARRAY_LENGTH(ports); ++i) { |
53 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); | 61 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); |
54 EXPECT_TRUE(origin->isUnique()) << "Port " << ports[i] << " should have generated a unique origin."; | 62 EXPECT_TRUE(origin->isUnique()) << "Port " << ports[i] << " should have generated a unique origin."; |
55 } | 63 } |
56 } | 64 } |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
221 RuntimeEnabledFeatures::setSuboriginsEnabled(true); | 229 RuntimeEnabledFeatures::setSuboriginsEnabled(true); |
222 | 230 |
223 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://te st.com"); | 231 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://te st.com"); |
224 Suborigin suborigin; | 232 Suborigin suborigin; |
225 suborigin.setName("foobar"); | 233 suborigin.setName("foobar"); |
226 EXPECT_FALSE(origin->hasSuborigin()); | 234 EXPECT_FALSE(origin->hasSuborigin()); |
227 origin->addSuborigin(suborigin); | 235 origin->addSuborigin(suborigin); |
228 EXPECT_TRUE(origin->hasSuborigin()); | 236 EXPECT_TRUE(origin->hasSuborigin()); |
229 EXPECT_EQ("foobar", origin->suborigin()->name()); | 237 EXPECT_EQ("foobar", origin->suborigin()->name()); |
230 | 238 |
231 origin = SecurityOrigin::createFromString("https://foobar_test.com"); | 239 origin = SecurityOrigin::createFromString("https-so://foobar.test.com"); |
232 EXPECT_EQ("https", origin->protocol()); | 240 EXPECT_EQ("https", origin->protocol()); |
233 EXPECT_EQ("test.com", origin->host()); | 241 EXPECT_EQ("test.com", origin->host()); |
234 EXPECT_EQ("foobar", origin->suborigin()->name()); | 242 EXPECT_EQ("foobar", origin->suborigin()->name()); |
235 | 243 |
236 origin = SecurityOrigin::createFromString("https://foobar_test.com"); | 244 origin = SecurityOrigin::createFromString("https-so://foobar.test.com"); |
237 EXPECT_TRUE(origin->hasSuborigin()); | 245 EXPECT_TRUE(origin->hasSuborigin()); |
238 EXPECT_EQ("foobar", origin->suborigin()->name()); | 246 EXPECT_EQ("foobar", origin->suborigin()->name()); |
239 | 247 |
240 origin = SecurityOrigin::createFromString("https://foobar+test.com"); | 248 origin = SecurityOrigin::createFromString("https://foobar+test.com"); |
241 EXPECT_FALSE(origin->hasSuborigin()); | 249 EXPECT_FALSE(origin->hasSuborigin()); |
242 | 250 |
251 origin = SecurityOrigin::createFromString("https.so://foobar+test.com"); | |
252 EXPECT_FALSE(origin->hasSuborigin()); | |
253 | |
243 origin = SecurityOrigin::createFromString("https://_test.com"); | 254 origin = SecurityOrigin::createFromString("https://_test.com"); |
244 EXPECT_FALSE(origin->hasSuborigin()); | 255 EXPECT_FALSE(origin->hasSuborigin()); |
245 | 256 |
257 origin = SecurityOrigin::createFromString("https-so://_test.com"); | |
258 EXPECT_TRUE(origin->hasSuborigin()); | |
259 EXPECT_EQ("_test", origin->suborigin()->name()); | |
260 | |
246 origin = adoptRef<SecurityOrigin>(new SecurityOrigin); | 261 origin = adoptRef<SecurityOrigin>(new SecurityOrigin); |
247 EXPECT_FALSE(origin->hasSuborigin()); | 262 EXPECT_FALSE(origin->hasSuborigin()); |
248 | 263 |
249 origin = SecurityOrigin::createFromString("https://foobar_test.com"); | 264 origin = SecurityOrigin::createFromString("https-so://foobar.test.com"); |
250 Suborigin emptySuborigin; | 265 Suborigin emptySuborigin; |
251 EXPECT_DEATH(origin->addSuborigin(emptySuborigin), ""); | 266 EXPECT_DEATH(origin->addSuborigin(emptySuborigin), ""); |
252 } | 267 } |
nasko
2016/09/19 22:20:21
What about "http-so-so://foobar.test.com"?
jww
2016/09/20 00:24:32
Test added to reject.
| |
253 | 268 |
254 TEST_F(SecurityOriginTest, SuboriginsParsing) | 269 TEST_F(SecurityOriginTest, SuboriginsParsing) |
255 { | 270 { |
256 RuntimeEnabledFeatures::setSuboriginsEnabled(true); | 271 RuntimeEnabledFeatures::setSuboriginsEnabled(true); |
257 String host, realHost, suborigin; | 272 String protocol, realProtocol, host, realHost, suborigin; |
273 protocol = "https"; | |
258 host = "test.com"; | 274 host = "test.com"; |
259 EXPECT_FALSE(SecurityOrigin::deserializeSuboriginAndHost(host, suborigin, re alHost)); | 275 EXPECT_FALSE(SecurityOrigin::deserializeSuboriginAndProtocolAndHost(protocol , host, suborigin, realProtocol, realHost)); |
260 | 276 |
261 host = "foobar_test.com"; | 277 protocol = "https-so"; |
262 EXPECT_TRUE(SecurityOrigin::deserializeSuboriginAndHost(host, suborigin, rea lHost)); | 278 host = "foobar.test.com"; |
279 EXPECT_TRUE(SecurityOrigin::deserializeSuboriginAndProtocolAndHost(protocol, host, suborigin, realProtocol, realHost)); | |
280 EXPECT_EQ("https", realProtocol); | |
263 EXPECT_EQ("test.com", realHost); | 281 EXPECT_EQ("test.com", realHost); |
264 EXPECT_EQ("foobar", suborigin); | 282 EXPECT_EQ("foobar", suborigin); |
265 | 283 |
266 RefPtr<SecurityOrigin> origin; | 284 RefPtr<SecurityOrigin> origin; |
267 StringBuilder builder; | 285 StringBuilder builder; |
268 | 286 |
269 origin = SecurityOrigin::createFromString("https://foobar_test.com"); | 287 origin = SecurityOrigin::createFromString("https-so://foobar.test.com"); |
270 origin->buildRawString(builder, true); | 288 origin->buildRawString(builder, true); |
271 EXPECT_EQ("https://foobar_test.com", builder.toString()); | 289 EXPECT_EQ("https-so://foobar.test.com", builder.toString()); |
272 EXPECT_EQ("https://foobar_test.com", origin->toString()); | 290 EXPECT_EQ("https-so://foobar.test.com", origin->toString()); |
273 builder.clear(); | 291 builder.clear(); |
274 origin->buildRawString(builder, false); | 292 origin->buildRawString(builder, false); |
275 EXPECT_EQ("https://test.com", builder.toString()); | 293 EXPECT_EQ("https://test.com", builder.toString()); |
276 EXPECT_EQ("https://test.com", origin->toPhysicalOriginString()); | 294 EXPECT_EQ("https://test.com", origin->toPhysicalOriginString()); |
277 | 295 |
278 Suborigin suboriginObj; | 296 Suborigin suboriginObj; |
279 suboriginObj.setName("foobar"); | 297 suboriginObj.setName("foobar"); |
280 builder.clear(); | 298 builder.clear(); |
281 origin = SecurityOrigin::createFromString("https://test.com"); | 299 origin = SecurityOrigin::createFromString("https://test.com"); |
282 origin->addSuborigin(suboriginObj); | 300 origin->addSuborigin(suboriginObj); |
283 origin->buildRawString(builder, true); | 301 origin->buildRawString(builder, true); |
284 EXPECT_EQ("https://foobar_test.com", builder.toString()); | 302 EXPECT_EQ("https-so://foobar.test.com", builder.toString()); |
285 EXPECT_EQ("https://foobar_test.com", origin->toString()); | 303 EXPECT_EQ("https-so://foobar.test.com", origin->toString()); |
286 builder.clear(); | 304 builder.clear(); |
287 origin->buildRawString(builder, false); | 305 origin->buildRawString(builder, false); |
288 EXPECT_EQ("https://test.com", builder.toString()); | 306 EXPECT_EQ("https://test.com", builder.toString()); |
289 EXPECT_EQ("https://test.com", origin->toPhysicalOriginString()); | 307 EXPECT_EQ("https://test.com", origin->toPhysicalOriginString()); |
290 } | 308 } |
291 | 309 |
292 TEST_F(SecurityOriginTest, SuboriginsIsSameSchemeHostPortAndSuborigin) | 310 TEST_F(SecurityOriginTest, SuboriginsIsSameSchemeHostPortAndSuborigin) |
293 { | 311 { |
294 blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true); | 312 blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true); |
295 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://fo obar_test.com"); | 313 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https-so:/ /foobar.test.com"); |
296 RefPtr<SecurityOrigin> other1 = SecurityOrigin::createFromString("https://ba zbar_test.com"); | 314 RefPtr<SecurityOrigin> other1 = SecurityOrigin::createFromString("https-so:/ /bazbar.test.com"); |
297 RefPtr<SecurityOrigin> other2 = SecurityOrigin::createFromString("http://foo bar_test.com"); | 315 RefPtr<SecurityOrigin> other2 = SecurityOrigin::createFromString("http-so:// foobar.test.com"); |
298 RefPtr<SecurityOrigin> other3 = SecurityOrigin::createFromString("https://fo obar_test.com:1234"); | 316 RefPtr<SecurityOrigin> other3 = SecurityOrigin::createFromString("https-so:/ /foobar.test.com:1234"); |
299 RefPtr<SecurityOrigin> other4 = SecurityOrigin::createFromString("https://te st.com"); | 317 RefPtr<SecurityOrigin> other4 = SecurityOrigin::createFromString("https://te st.com"); |
300 | 318 |
301 EXPECT_TRUE(origin->isSameSchemeHostPortAndSuborigin(origin.get())); | 319 EXPECT_TRUE(origin->isSameSchemeHostPortAndSuborigin(origin.get())); |
302 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other1.get())); | 320 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other1.get())); |
303 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other2.get())); | 321 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other2.get())); |
304 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other3.get())); | 322 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other3.get())); |
305 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other4.get())); | 323 EXPECT_FALSE(origin->isSameSchemeHostPortAndSuborigin(other4.get())); |
306 } | 324 } |
307 | 325 |
308 TEST_F(SecurityOriginTest, CanAccess) | 326 TEST_F(SecurityOriginTest, CanAccess) |
309 { | 327 { |
310 RuntimeEnabledFeatures::setSuboriginsEnabled(true); | 328 RuntimeEnabledFeatures::setSuboriginsEnabled(true); |
311 | 329 |
312 struct TestCase { | 330 struct TestCase { |
313 bool canAccess; | 331 bool canAccess; |
314 bool canAccessCheckSuborigins; | 332 bool canAccessCheckSuborigins; |
315 const char* origin1; | 333 const char* origin1; |
316 const char* origin2; | 334 const char* origin2; |
317 }; | 335 }; |
318 | 336 |
319 TestCase tests[] = { | 337 TestCase tests[] = { |
320 { true, true, "https://foobar.com", "https://foobar.com" }, | 338 { true, true, "https://foobar.com", "https://foobar.com" }, |
321 { false, false, "https://foobar.com", "https://bazbar.com" }, | 339 { false, false, "https://foobar.com", "https://bazbar.com" }, |
322 { true, false, "https://foobar.com", "https://name_foobar.com" }, | 340 { true, false, "https://foobar.com", "https-so://name.foobar.com" }, |
323 { true, false, "https://name_foobar.com", "https://foobar.com" }, | 341 { true, false, "https-so://name.foobar.com", "https://foobar.com" }, |
324 { true, true, "https://name_foobar.com", "https://name_foobar.com" }, | 342 { true, true, "https-so://name.foobar.com", "https-so://name.foobar.com" }, |
325 }; | 343 }; |
326 | 344 |
327 for (size_t i = 0; i < WTF_ARRAY_LENGTH(tests); ++i) { | 345 for (size_t i = 0; i < WTF_ARRAY_LENGTH(tests); ++i) { |
328 RefPtr<SecurityOrigin> origin1 = SecurityOrigin::createFromString(tests[ i].origin1); | 346 RefPtr<SecurityOrigin> origin1 = SecurityOrigin::createFromString(tests[ i].origin1); |
329 RefPtr<SecurityOrigin> origin2 = SecurityOrigin::createFromString(tests[ i].origin2); | 347 RefPtr<SecurityOrigin> origin2 = SecurityOrigin::createFromString(tests[ i].origin2); |
330 EXPECT_EQ(tests[i].canAccess, origin1->canAccess(origin2.get())); | 348 EXPECT_EQ(tests[i].canAccess, origin1->canAccess(origin2.get())); |
331 EXPECT_EQ(tests[i].canAccessCheckSuborigins, origin1->canAccessCheckSubo rigins(origin2.get())); | 349 EXPECT_EQ(tests[i].canAccessCheckSuborigins, origin1->canAccessCheckSubo rigins(origin2.get())); |
332 } | 350 } |
333 } | 351 } |
334 | 352 |
335 TEST_F(SecurityOriginTest, CanRequest) | 353 TEST_F(SecurityOriginTest, CanRequest) |
336 { | 354 { |
337 RuntimeEnabledFeatures::setSuboriginsEnabled(true); | 355 RuntimeEnabledFeatures::setSuboriginsEnabled(true); |
338 | 356 |
339 struct TestCase { | 357 struct TestCase { |
340 bool canRequest; | 358 bool canRequest; |
341 bool canRequestNoSuborigin; | 359 bool canRequestNoSuborigin; |
342 const char* origin; | 360 const char* origin; |
343 const char* url; | 361 const char* url; |
344 }; | 362 }; |
345 | 363 |
346 TestCase tests[] = { | 364 TestCase tests[] = { |
347 { true, true, "https://foobar.com", "https://foobar.com" }, | 365 { true, true, "https://foobar.com", "https://foobar.com" }, |
348 { false, false, "https://foobar.com", "https://bazbar.com" }, | 366 { false, false, "https://foobar.com", "https://bazbar.com" }, |
349 { true, false, "https://name_foobar.com", "https://foobar.com" }, | 367 { true, false, "https-so://name.foobar.com", "https://foobar.com" }, |
350 { false, false, "https://name_foobar.com", "https://bazbar.com" }, | 368 { false, false, "https-so://name.foobar.com", "https://bazbar.com" }, |
351 }; | 369 }; |
352 | 370 |
353 for (size_t i = 0; i < WTF_ARRAY_LENGTH(tests); ++i) { | 371 for (size_t i = 0; i < WTF_ARRAY_LENGTH(tests); ++i) { |
354 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(tests[i ].origin); | 372 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(tests[i ].origin); |
355 blink::KURL url(blink::ParsedURLString, tests[i].url); | 373 blink::KURL url(blink::ParsedURLString, tests[i].url); |
356 EXPECT_EQ(tests[i].canRequest, origin->canRequest(url)); | 374 EXPECT_EQ(tests[i].canRequest, origin->canRequest(url)); |
357 EXPECT_EQ(tests[i].canRequestNoSuborigin, origin->canRequestNoSuborigin( url)); | 375 EXPECT_EQ(tests[i].canRequestNoSuborigin, origin->canRequestNoSuborigin( url)); |
358 } | 376 } |
359 } | 377 } |
360 | 378 |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
440 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); | 458 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); |
441 RefPtr<SecurityOrigin> tupleOrigin = SecurityOrigin::createFromString("http: //example.com"); | 459 RefPtr<SecurityOrigin> tupleOrigin = SecurityOrigin::createFromString("http: //example.com"); |
442 | 460 |
443 EXPECT_TRUE(uniqueOrigin->isSameSchemeHostPort(uniqueOrigin.get())); | 461 EXPECT_TRUE(uniqueOrigin->isSameSchemeHostPort(uniqueOrigin.get())); |
444 EXPECT_FALSE(SecurityOrigin::createUnique()->isSameSchemeHostPort(uniqueOrig in.get())); | 462 EXPECT_FALSE(SecurityOrigin::createUnique()->isSameSchemeHostPort(uniqueOrig in.get())); |
445 EXPECT_FALSE(tupleOrigin->isSameSchemeHostPort(uniqueOrigin.get())); | 463 EXPECT_FALSE(tupleOrigin->isSameSchemeHostPort(uniqueOrigin.get())); |
446 EXPECT_FALSE(uniqueOrigin->isSameSchemeHostPort(tupleOrigin.get())); | 464 EXPECT_FALSE(uniqueOrigin->isSameSchemeHostPort(tupleOrigin.get())); |
447 } | 465 } |
448 | 466 |
449 } // namespace blink | 467 } // namespace blink |
OLD | NEW |