| Index: content/browser/child_process_security_policy_unittest.cc
|
| diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
|
| index ea722fcd95416cf168ffc1e2745896126ea56bfc..432434881827b742288c5af0d8cf9a0da17e645c 100644
|
| --- a/content/browser/child_process_security_policy_unittest.cc
|
| +++ b/content/browser/child_process_security_policy_unittest.cc
|
| @@ -141,6 +141,8 @@ TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
|
| EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
|
| EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
|
| EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
|
| + EXPECT_TRUE(p->IsPseudoScheme(kHttpSuboriginScheme));
|
| + EXPECT_TRUE(p->IsPseudoScheme(kHttpsSuboriginScheme));
|
|
|
| EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
|
| p->RegisterPseudoScheme("registered-pseudo-scheme");
|
| @@ -168,8 +170,17 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
|
| EXPECT_TRUE(p->CanCommitURL(
|
| kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
|
| + EXPECT_TRUE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
|
| + EXPECT_TRUE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
|
| + EXPECT_TRUE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(
|
| + kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
|
|
|
| - // Dangerous to request or commit.
|
| + // Dangerous to request, commit, or set as origin header.
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| @@ -182,6 +193,11 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
|
| GURL("chrome://foo/bar")));
|
| EXPECT_FALSE(
|
| p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(
|
| + kRendererID, GURL("view-source:http://www.google.com/")));
|
|
|
| p->Remove(kRendererID);
|
| }
|
| @@ -252,6 +268,10 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
|
|
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
|
| @@ -261,6 +281,10 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
|
|
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
|
| @@ -269,17 +293,23 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
|
|
|
| // Requests for about: pages should be denied.
|
| p->GrantRequestURL(kRendererID, GURL("about:crash"));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
|
|
|
| // These requests for chrome:// pages should be granted.
|
| GURL chrome_url("chrome://foo");
|
| p->GrantRequestURL(kRendererID, chrome_url);
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
|
|
|
| p->Remove(kRendererID);
|
| }
|
| @@ -292,9 +322,43 @@ TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
|
|
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
|
| p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
|
| +
|
| + p->Remove(kRendererID);
|
| +}
|
| +
|
| +TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) {
|
| + ChildProcessSecurityPolicyImpl* p =
|
| + ChildProcessSecurityPolicyImpl::GetInstance();
|
| +
|
| + p->Add(kRendererID);
|
| +
|
| + // Suborigin URLs are not requestable or committable.
|
| + EXPECT_FALSE(
|
| + p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com")));
|
| + EXPECT_FALSE(
|
| + p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com")));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com")));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
|
| +
|
| + // It's not possible to grant suborigins requestable status.
|
| + p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com"));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
|
| +
|
| + // Suborigin URLs are valid origin headers.
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
|
| + GURL("http-so://foobar.example.com")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
|
| + GURL("https-so://foobar.example.com")));
|
|
|
| p->Remove(kRendererID);
|
| }
|
| @@ -309,16 +373,19 @@ TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
|
| // requested but not committed.
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
|
|
|
| // Once we register "asdf", we default to deny.
|
| RegisterTestScheme("asdf");
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
|
|
|
| // We can allow new schemes by adding them to the whitelist.
|
| p->RegisterWebSafeScheme("asdf");
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
|
|
|
| // Cleanup.
|
| p->Remove(kRendererID);
|
| @@ -332,15 +399,20 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
|
|
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
| p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
|
|
| // We should forget our state if we repeat a renderer id.
|
| p->Remove(kRendererID);
|
| p->Add(kRendererID);
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
| p->Remove(kRendererID);
|
| }
|
|
|
| @@ -369,13 +441,27 @@ TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
|
| EXPECT_FALSE(p->CanCommitURL(
|
| kRendererID, GURL("view-source:view-source:http://www.google.com/")));
|
|
|
| + // View source URLs should not be setable as origin headers
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(
|
| + kRendererID, GURL("view-source:http://www.google.com/")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
|
| + GURL("view-source:file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(
|
| + kRendererID, GURL("view-source:view-source:http://www.google.com/")));
|
| +
|
| p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(
|
| + p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| GURL("view-source:file:///etc/passwd")));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
|
| + GURL("view-source:file:///etc/passwd")));
|
| p->Remove(kRendererID);
|
| }
|
|
|
| @@ -391,18 +477,24 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
|
|
|
| p->GrantRequestSpecificFileURL(kRendererID, icon_url);
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
|
|
|
| p->GrantRequestURL(kRendererID, icon_url);
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
|
| EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
|
|
|
| p->Remove(kRendererID);
|
| }
|
| @@ -763,6 +855,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
|
|
|
| p->GrantOrigin(kRendererID, url::Origin(url_foo1));
|
|
|
| @@ -772,6 +867,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
|
| + EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
|
|
|
| p->GrantScheme(kRendererID, kChromeUIScheme);
|
|
|
| @@ -781,6 +879,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
|
| EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
|
| + EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
|
|
|
| p->Remove(kRendererID);
|
| }
|
|
|
Chromium Code Reviews
Issue 2332263002:
Updated suborigin serialization to latest spec proposal (Closed)
