Index: content/browser/child_process_security_policy_unittest.cc |
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc |
index ea722fcd95416cf168ffc1e2745896126ea56bfc..432434881827b742288c5af0d8cf9a0da17e645c 100644 |
--- a/content/browser/child_process_security_policy_unittest.cc |
+++ b/content/browser/child_process_security_policy_unittest.cc |
@@ -141,6 +141,8 @@ TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); |
EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); |
EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); |
+ EXPECT_TRUE(p->IsPseudoScheme(kHttpSuboriginScheme)); |
+ EXPECT_TRUE(p->IsPseudoScheme(kHttpsSuboriginScheme)); |
EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); |
p->RegisterPseudoScheme("registered-pseudo-scheme"); |
@@ -168,8 +170,17 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
EXPECT_TRUE(p->CanCommitURL( |
kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
+ EXPECT_TRUE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/"))); |
+ EXPECT_TRUE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
+ EXPECT_TRUE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader( |
+ kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
- // Dangerous to request or commit. |
+ // Dangerous to request, commit, or set as origin header. |
EXPECT_FALSE(p->CanRequestURL(kRendererID, |
GURL("file:///etc/passwd"))); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, |
@@ -182,6 +193,11 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
GURL("chrome://foo/bar"))); |
EXPECT_FALSE( |
p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader( |
+ kRendererID, GURL("view-source:http://www.google.com/"))); |
p->Remove(kRendererID); |
} |
@@ -252,6 +268,10 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank"))); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
@@ -261,6 +281,10 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version"))); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
@@ -269,17 +293,23 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); |
// Requests for about: pages should be denied. |
p->GrantRequestURL(kRendererID, GURL("about:crash")); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); |
// These requests for chrome:// pages should be granted. |
GURL chrome_url("chrome://foo"); |
p->GrantRequestURL(kRendererID, chrome_url); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url)); |
p->Remove(kRendererID); |
} |
@@ -292,9 +322,43 @@ TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); |
p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); |
+ |
+ p->Remove(kRendererID); |
+} |
+ |
+TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) { |
+ ChildProcessSecurityPolicyImpl* p = |
+ ChildProcessSecurityPolicyImpl::GetInstance(); |
+ |
+ p->Add(kRendererID); |
+ |
+ // Suborigin URLs are not requestable or committable. |
+ EXPECT_FALSE( |
+ p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com"))); |
+ EXPECT_FALSE( |
+ p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com"))); |
+ EXPECT_FALSE( |
+ p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com"))); |
+ EXPECT_FALSE( |
+ p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com"))); |
+ |
+ // It's not possible to grant suborigins requestable status. |
+ p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com")); |
+ EXPECT_FALSE( |
+ p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com"))); |
+ |
+ // Suborigin URLs are valid origin headers. |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, |
+ GURL("http-so://foobar.example.com"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, |
+ GURL("https-so://foobar.example.com"))); |
p->Remove(kRendererID); |
} |
@@ -309,16 +373,19 @@ TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
// requested but not committed. |
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); |
// Once we register "asdf", we default to deny. |
RegisterTestScheme("asdf"); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); |
// We can allow new schemes by adding them to the whitelist. |
p->RegisterWebSafeScheme("asdf"); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); |
// Cleanup. |
p->Remove(kRendererID); |
@@ -332,15 +399,20 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
// We should forget our state if we repeat a renderer id. |
p->Remove(kRendererID); |
p->Add(kRendererID); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
p->Remove(kRendererID); |
} |
@@ -369,13 +441,27 @@ TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
EXPECT_FALSE(p->CanCommitURL( |
kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
+ // View source URLs should not be setable as origin headers |
+ EXPECT_FALSE(p->CanSetAsOriginHeader( |
+ kRendererID, GURL("view-source:http://www.google.com/"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, |
+ GURL("view-source:file:///etc/passwd"))); |
+ EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader( |
+ kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
+ |
p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
EXPECT_FALSE( |
+ p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); |
+ EXPECT_FALSE( |
p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, |
GURL("view-source:file:///etc/passwd"))); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, |
+ GURL("view-source:file:///etc/passwd"))); |
p->Remove(kRendererID); |
} |
@@ -391,18 +477,24 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); |
p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); |
p->GrantRequestURL(kRendererID, icon_url); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); |
p->Remove(kRendererID); |
} |
@@ -763,6 +855,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); |
p->GrantOrigin(kRendererID, url::Origin(url_foo1)); |
@@ -772,6 +867,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); |
+ EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); |
p->GrantScheme(kRendererID, kChromeUIScheme); |
@@ -781,6 +879,9 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); |
+ EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar)); |
p->Remove(kRendererID); |
} |