Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_unittest.cc

Issue 2399853003: [M54 merge] Lock down creation of blob:chrome-extension URLs from non-extension processes. (Closed)
Patch Set: Rebase Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/frame_host/frame_tree_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "base/files/file_path.h" 8 #include "base/files/file_path.h"
9 #include "content/browser/child_process_security_policy_impl.h" 9 #include "content/browser/child_process_security_policy_impl.h"
10 #include "content/public/common/url_constants.h" 10 #include "content/public/common/url_constants.h"
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
163 EXPECT_TRUE(p->CanRequestURL( 163 EXPECT_TRUE(p->CanRequestURL(
164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); 165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); 166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
169 EXPECT_TRUE(p->CanCommitURL( 169 EXPECT_TRUE(p->CanCommitURL(
170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
171 EXPECT_TRUE(
172 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
173 EXPECT_TRUE(
174 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
175 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
176 EXPECT_TRUE(
177 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
178 EXPECT_TRUE(p->CanSetAsOriginHeader(
179 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
171 180
172 // Dangerous to request or commit. 181 // Dangerous to request, commit, or set as origin header.
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, 182 EXPECT_FALSE(p->CanRequestURL(kRendererID,
174 GURL("file:///etc/passwd"))); 183 GURL("file:///etc/passwd")));
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, 184 EXPECT_FALSE(p->CanRequestURL(kRendererID,
176 GURL("chrome://foo/bar"))); 185 GURL("chrome://foo/bar")));
177 EXPECT_FALSE(p->CanRequestURL(kRendererID, 186 EXPECT_FALSE(p->CanRequestURL(kRendererID,
178 GURL("view-source:http://www.google.com/"))); 187 GURL("view-source:http://www.google.com/")));
179 EXPECT_FALSE(p->CanCommitURL(kRendererID, 188 EXPECT_FALSE(p->CanCommitURL(kRendererID,
180 GURL("file:///etc/passwd"))); 189 GURL("file:///etc/passwd")));
181 EXPECT_FALSE(p->CanCommitURL(kRendererID, 190 EXPECT_FALSE(p->CanCommitURL(kRendererID,
182 GURL("chrome://foo/bar"))); 191 GURL("chrome://foo/bar")));
183 EXPECT_FALSE( 192 EXPECT_FALSE(
184 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); 193 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
194 EXPECT_FALSE(
195 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
196 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
197 EXPECT_FALSE(p->CanSetAsOriginHeader(
198 kRendererID, GURL("view-source:http://www.google.com/")));
185 199
186 p->Remove(kRendererID); 200 p->Remove(kRendererID);
187 } 201 }
202
203 TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) {
204 ChildProcessSecurityPolicyImpl* p =
205 ChildProcessSecurityPolicyImpl::GetInstance();
206
207 p->Add(kRendererID);
208
209 EXPECT_TRUE(
210 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
211 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:null/some-guid")));
212 EXPECT_TRUE(
213 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
214 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid")));
215 EXPECT_TRUE(
216 p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
217 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid?query")));
218 EXPECT_TRUE(
219 p->CanRequestURL(kRendererID, GURL("blob:blobinternal://some-guid")));
220 EXPECT_FALSE(p->CanRequestURL(
221 kRendererID, GURL("blob:http://username@localhost/some-guid")));
222 EXPECT_FALSE(p->CanRequestURL(
223 kRendererID, GURL("blob:http://username @localhost/some-guid")));
224 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid")));
225 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid")));
226 EXPECT_FALSE(p->CanRequestURL(kRendererID,
227 GURL("blob:filesystem:http://localhost/path")));
228 EXPECT_FALSE(p->CanRequestURL(kRendererID,
229 GURL("filesystem:blob:http://localhost/guid")));
230
231 EXPECT_TRUE(
232 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
233 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid")));
234 EXPECT_TRUE(
235 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
236 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid")));
237 EXPECT_TRUE(
238 p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
239 EXPECT_TRUE(
240 p->CanCommitURL(kRendererID, GURL("blob:blobinternal://some-guid")));
241 EXPECT_FALSE(p->CanCommitURL(
242 kRendererID, GURL("blob:http://username@localhost/some-guid")));
243 EXPECT_FALSE(p->CanCommitURL(
244 kRendererID, GURL("blob:http://username @localhost/some-guid")));
245 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:blob:some-guid")));
246 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:some-guid")));
247 EXPECT_FALSE(p->CanCommitURL(kRendererID,
248 GURL("blob:filesystem:http://localhost/path")));
249 EXPECT_FALSE(p->CanCommitURL(kRendererID,
250 GURL("filesystem:blob:http://localhost/guid")));
251
252 p->Remove(kRendererID);
253 }
188 254
189 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { 255 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
190 ChildProcessSecurityPolicyImpl* p = 256 ChildProcessSecurityPolicyImpl* p =
191 ChildProcessSecurityPolicyImpl::GetInstance(); 257 ChildProcessSecurityPolicyImpl::GetInstance();
192 258
193 p->Add(kRendererID); 259 p->Add(kRendererID);
194 260
195 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); 261 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
196 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); 262 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
197 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); 263 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
198 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); 264 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
199 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); 265 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
200 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); 266 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
201 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); 267 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
202 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); 268 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
269 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
270 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
271 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
272 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
203 273
204 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 274 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
205 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); 275 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
206 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); 276 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
207 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version"))); 277 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version")));
208 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 278 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
209 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); 279 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
210 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); 280 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
211 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); 281 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
282 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
283 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
284 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
285 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
212 286
213 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); 287 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
214 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); 288 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
215 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); 289 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
216 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 290 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
217 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); 291 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
218 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); 292 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
219 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 293 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
294 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
295 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
296 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
297 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
220 298
221 // Requests for about: pages should be denied. 299 // Requests for about: pages should be denied.
222 p->GrantRequestURL(kRendererID, GURL("about:crash")); 300 p->GrantRequestURL(kRendererID, GURL("about:crash"));
223 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 301 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
224 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 302 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
303 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
225 304
226 // These requests for chrome:// pages should be granted. 305 // These requests for chrome:// pages should be granted.
227 GURL chrome_url("chrome://foo"); 306 GURL chrome_url("chrome://foo");
228 p->GrantRequestURL(kRendererID, chrome_url); 307 p->GrantRequestURL(kRendererID, chrome_url);
229 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); 308 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
230 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); 309 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
310 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
231 311
232 p->Remove(kRendererID); 312 p->Remove(kRendererID);
233 } 313 }
234 314
235 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { 315 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
236 ChildProcessSecurityPolicyImpl* p = 316 ChildProcessSecurityPolicyImpl* p =
237 ChildProcessSecurityPolicyImpl::GetInstance(); 317 ChildProcessSecurityPolicyImpl::GetInstance();
238 318
239 p->Add(kRendererID); 319 p->Add(kRendererID);
240 320
241 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
242 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 322 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
323 EXPECT_FALSE(
324 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
243 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); 325 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
244 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 326 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
245 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 327 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
328 EXPECT_FALSE(
329 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
246 330
247 p->Remove(kRendererID); 331 p->Remove(kRendererID);
248 } 332 }
249 333
250 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { 334 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
251 ChildProcessSecurityPolicyImpl* p = 335 ChildProcessSecurityPolicyImpl* p =
252 ChildProcessSecurityPolicyImpl::GetInstance(); 336 ChildProcessSecurityPolicyImpl::GetInstance();
253 337
254 p->Add(kRendererID); 338 p->Add(kRendererID);
255 339
256 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be 340 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
257 // requested but not committed. 341 // requested but not committed.
258 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 342 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
259 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 343 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
344 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
260 345
261 // Once we register "asdf", we default to deny. 346 // Once we register "asdf", we default to deny.
262 RegisterTestScheme("asdf"); 347 RegisterTestScheme("asdf");
263 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 348 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
264 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 349 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
350 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
265 351
266 // We can allow new schemes by adding them to the whitelist. 352 // We can allow new schemes by adding them to the whitelist.
267 p->RegisterWebSafeScheme("asdf"); 353 p->RegisterWebSafeScheme("asdf");
268 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 354 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
269 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 355 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
356 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
270 357
271 // Cleanup. 358 // Cleanup.
272 p->Remove(kRendererID); 359 p->Remove(kRendererID);
273 } 360 }
274 361
275 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { 362 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
276 ChildProcessSecurityPolicyImpl* p = 363 ChildProcessSecurityPolicyImpl* p =
277 ChildProcessSecurityPolicyImpl::GetInstance(); 364 ChildProcessSecurityPolicyImpl::GetInstance();
278 365
279 p->Add(kRendererID); 366 p->Add(kRendererID);
280 367
281 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 368 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
282 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 369 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
370 EXPECT_FALSE(
371 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
283 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); 372 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
284 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 373 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
285 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 374 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
375 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
286 376
287 // We should forget our state if we repeat a renderer id. 377 // We should forget our state if we repeat a renderer id.
288 p->Remove(kRendererID); 378 p->Remove(kRendererID);
289 p->Add(kRendererID); 379 p->Add(kRendererID);
290 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 380 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
291 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 381 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
382 EXPECT_FALSE(
383 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
292 p->Remove(kRendererID); 384 p->Remove(kRendererID);
293 } 385 }
294 386
295 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { 387 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
296 ChildProcessSecurityPolicyImpl* p = 388 ChildProcessSecurityPolicyImpl* p =
297 ChildProcessSecurityPolicyImpl::GetInstance(); 389 ChildProcessSecurityPolicyImpl::GetInstance();
298 390
299 p->Add(kRendererID); 391 p->Add(kRendererID);
300 392
301 // Child processes cannot request view source URLs. 393 // Child processes cannot request view source URLs.
302 EXPECT_FALSE(p->CanRequestURL(kRendererID, 394 EXPECT_FALSE(p->CanRequestURL(kRendererID,
303 GURL("view-source:http://www.google.com/"))); 395 GURL("view-source:http://www.google.com/")));
304 EXPECT_FALSE(p->CanRequestURL(kRendererID, 396 EXPECT_FALSE(p->CanRequestURL(kRendererID,
305 GURL("view-source:file:///etc/passwd"))); 397 GURL("view-source:file:///etc/passwd")));
306 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 398 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
307 EXPECT_FALSE(p->CanRequestURL( 399 EXPECT_FALSE(p->CanRequestURL(
308 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 400 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
309 401
310 // View source URLs don't actually commit; the renderer is put into view 402 // View source URLs don't actually commit; the renderer is put into view
311 // source mode, and the inner URL commits. 403 // source mode, and the inner URL commits.
312 EXPECT_FALSE(p->CanCommitURL(kRendererID, 404 EXPECT_FALSE(p->CanCommitURL(kRendererID,
313 GURL("view-source:http://www.google.com/"))); 405 GURL("view-source:http://www.google.com/")));
314 EXPECT_FALSE(p->CanCommitURL(kRendererID, 406 EXPECT_FALSE(p->CanCommitURL(kRendererID,
315 GURL("view-source:file:///etc/passwd"))); 407 GURL("view-source:file:///etc/passwd")));
316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 408 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
317 EXPECT_FALSE(p->CanCommitURL( 409 EXPECT_FALSE(p->CanCommitURL(
318 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 410 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
319 411
412 // View source URLs should not be setable as origin headers
413 EXPECT_FALSE(p->CanSetAsOriginHeader(
414 kRendererID, GURL("view-source:http://www.google.com/")));
415 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
416 GURL("view-source:file:///etc/passwd")));
417 EXPECT_FALSE(
418 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
419 EXPECT_FALSE(p->CanSetAsOriginHeader(
420 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
421
320 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); 422 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 423 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
322 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 424 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
323 EXPECT_FALSE( 425 EXPECT_FALSE(
426 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
427 EXPECT_FALSE(
324 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); 428 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
325 EXPECT_FALSE(p->CanCommitURL(kRendererID, 429 EXPECT_FALSE(p->CanCommitURL(kRendererID,
326 GURL("view-source:file:///etc/passwd"))); 430 GURL("view-source:file:///etc/passwd")));
431 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
432 GURL("view-source:file:///etc/passwd")));
327 p->Remove(kRendererID); 433 p->Remove(kRendererID);
328 } 434 }
329 435
330 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { 436 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
331 ChildProcessSecurityPolicyImpl* p = 437 ChildProcessSecurityPolicyImpl* p =
332 ChildProcessSecurityPolicyImpl::GetInstance(); 438 ChildProcessSecurityPolicyImpl::GetInstance();
333 439
334 p->Add(kRendererID); 440 p->Add(kRendererID);
335 441
336 GURL icon_url("file:///tmp/foo.png"); 442 GURL icon_url("file:///tmp/foo.png");
337 GURL sensitive_url("file:///etc/passwd"); 443 GURL sensitive_url("file:///etc/passwd");
338 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); 444 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
339 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 445 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
340 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); 446 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
341 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 447 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
448 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
449 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
342 450
343 p->GrantRequestSpecificFileURL(kRendererID, icon_url); 451 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
344 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 452 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
345 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 453 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
346 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 454 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
347 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 455 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
456 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
457 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
348 458
349 p->GrantRequestURL(kRendererID, icon_url); 459 p->GrantRequestURL(kRendererID, icon_url);
350 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 460 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
351 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); 461 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
352 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 462 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
353 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); 463 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
464 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
465 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
354 466
355 p->Remove(kRendererID); 467 p->Remove(kRendererID);
356 } 468 }
357 469
358 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { 470 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
359 ChildProcessSecurityPolicyImpl* p = 471 ChildProcessSecurityPolicyImpl* p =
360 ChildProcessSecurityPolicyImpl::GetInstance(); 472 ChildProcessSecurityPolicyImpl::GetInstance();
361 473
362 p->Add(kRendererID); 474 p->Add(kRendererID);
363 std::string read_id = 475 std::string read_id =
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after
704 GURL url_foo1("chrome://foo/resource1"); 816 GURL url_foo1("chrome://foo/resource1");
705 GURL url_foo2("chrome://foo/resource2"); 817 GURL url_foo2("chrome://foo/resource2");
706 GURL url_bar("chrome://bar/resource3"); 818 GURL url_bar("chrome://bar/resource3");
707 819
708 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); 820 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1));
709 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); 821 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2));
710 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 822 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
711 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); 823 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
712 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); 824 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
713 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 825 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
826 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
827 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
828 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
714 829
715 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); 830 p->GrantOrigin(kRendererID, url::Origin(url_foo1));
716 831
717 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 832 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
718 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 833 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
719 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 834 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
720 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 835 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
721 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 836 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
722 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 837 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
838 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
839 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
840 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
723 841
724 p->GrantScheme(kRendererID, kChromeUIScheme); 842 p->GrantScheme(kRendererID, kChromeUIScheme);
725 843
726 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 844 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
727 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 845 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
728 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); 846 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar));
729 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 847 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
730 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 848 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
731 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); 849 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
850 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
851 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
852 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
732 853
733 p->Remove(kRendererID); 854 p->Remove(kRendererID);
734 } 855 }
735 856
736 } // namespace content 857 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/frame_host/frame_tree_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698