Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(485)

Unified Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Issue 2442513004: Part 1.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Separating functionalities Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
index 05d42a15802e9f8243719c10f19dc191b7f48a59..f706bb83f385a906c496654f0d57c299779257b4 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
@@ -123,4 +123,212 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/")));
}
+TEST_F(CSPSourceTest, IsSubsumedNotSimilar) {
+ struct TestCase {
+ String aScheme;
+ String bScheme;
+ String aHost;
+ String bHost;
+ String aPath;
+ String bPath;
+ int aPort;
+ int bPort;
+ } cases[] = {
+ {"http", "http", "example.com", "another.com", "/", "/", 0, 0},
+ {"wss", "http", "example.com", "example.com", "/", "/", 0, 0},
+ {"wss", "about", "example.com", "example.com", "/", "/", 0, 0},
+ {"http", "about", "example.com", "example.com", "/", "/", 0, 0},
+ {"http", "http", "example.com", "example.com", "/path1.html",
+ "/path2.html", 0, 0},
+ {"http", "http", "example.com", "example.com", "/", "/", 433, 800},
+ };
+ for (const auto& test : cases) {
+ CSPSource* returned =
+ new CSPSource(csp.get(), test.aScheme, test.aHost, test.aPort,
+ test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
+ CSPSource* required =
+ new CSPSource(csp.get(), test.bScheme, test.bHost, test.bPort,
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
+ EXPECT_FALSE(returned->isSubsumed(required));
+ // Verify the same test with a and b swapped.
+ EXPECT_FALSE(required->isSubsumed(returned));
+ }
+}
+
+TEST_F(CSPSourceTest, IsSubsumedNoWildcards) {
+ struct TestCase {
+ String aScheme;
+ String bScheme;
+ String aPath;
+ String bPath;
+ int aPort;
+ int bPort;
+ bool expected;
+ bool expectedWhenSwapped;
+ } cases[] = {
+ // Equal signals
+ {"http", "http", "/", "/", 0, 0, true, true},
+ {"https", "https", "/", "/", 0, 0, true, true},
+ {"http", "http", "/page1.html", "/page1.html", 0, 0, true, true},
+ {"http", "http", "/", "/", 80, 80, true, true},
+ {"https", "https", "/", "/", 80, 80, true, true},
+ {"https", "https", "/page1.html", "/page1.html", 0, 0, true, true},
+ {"http", "http", "/page1.html", "/page1.html", 80, 80, true, true},
+ {"https", "https", "/page1.html", "/page1.html", 80, 80, true, true},
+ // One stronger signal in the first CSPSource
+ {"https", "http", "/", "/", 0, 0, true, false},
+ {"http", "http", "/page1.html", "/", 0, 0, true, false},
+ {"http", "http", "/", "/", 800, 0, false, false}, // ports do not match
+ // Two stronger signals in the first CSPSource
+ {"https", "http", "/page1.html", "/", 0, 0, true, false},
+ {"https", "http", "/", "/", 800, 0, false, false},
+ {"http", "http", "/page1.html", "/", 800, 0, false, false},
+ // Three stronger signals in the first CSPSource
+ {"https", "http", "/page1.html", "/", 800, 0, false,
+ false}, // ports do not match
+ // Mixed signals
+ {"https", "http", "/", "/page1.html", 0, 0, false, false},
+ {"https", "http", "/", "/", 0, 800, false, false},
+ {"http", "http", "/page1.html", "/", 0, 800, false, false},
+ };
+
+ for (const auto& test : cases) {
+ CSPSource* returned =
+ new CSPSource(csp.get(), test.aScheme, "example.com", test.aPort,
+ test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
+
+ CSPSource* required =
+ new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
+
+ EXPECT_EQ(returned->isSubsumed(required), test.expected);
+ // Verify the same test with a and b swapped.
+ EXPECT_EQ(required->isSubsumed(returned), test.expectedWhenSwapped);
+ }
+
+ // When returned CSP has a wildcard but the required csp does not, then it is
+ // not subsumed.
+ // returned csp has a host wildcard.
+ for (const auto& test : cases) {
+ CSPSource* returned = new CSPSource(
+ csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
+ CSPSource::HasWildcard, CSPSource::NoWildcard);
+
+ CSPSource* required =
+ new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
+
+ EXPECT_FALSE(returned->isSubsumed(required));
+ }
+
+ // required csp has a host wildcard now too.
+ for (const auto& test : cases) {
+ CSPSource* returned = new CSPSource(
+ csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
+ CSPSource::HasWildcard, CSPSource::NoWildcard);
+
+ CSPSource* required = new CSPSource(
+ csp.get(), test.bScheme, "example.com", test.bPort, test.bPath,
+ CSPSource::HasWildcard, CSPSource::NoWildcard);
+
+ EXPECT_EQ(returned->isSubsumed(required), test.expected);
+ }
+}
+
+TEST_F(CSPSourceTest, IsSubsumedWildcards) {
+ // Hosts must be equal, schemes matching as well as paths.
+ struct TestCase {
+ CSPSource::WildcardDisposition aHostDispotion;
+ CSPSource::WildcardDisposition aPortDispotion;
+ CSPSource::WildcardDisposition bHostDispotion;
+ CSPSource::WildcardDisposition bPortDispotion;
+ bool expected;
+ } cases[] = {
+ // One out of four possible wildcards.
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
+ CSPSource::NoWildcard, false},
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
+ CSPSource::NoWildcard, false},
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
+ CSPSource::HasWildcard, true},
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
+ CSPSource::NoWildcard, true},
+ // Two out of four possible wildcards.
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
+ CSPSource::NoWildcard, false},
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
+ CSPSource::NoWildcard, true},
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
+ CSPSource::HasWildcard, false},
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
+ CSPSource::NoWildcard, false},
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
+ CSPSource::HasWildcard, true},
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
+ CSPSource::HasWildcard, true},
+ // Three out of four possible wildcards.
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
+ CSPSource::NoWildcard, false},
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
+ CSPSource::HasWildcard, false},
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
+ CSPSource::HasWildcard, true},
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
+ CSPSource::HasWildcard, true},
+ // Four out of four possible wildcards.
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
+ CSPSource::HasWildcard, true},
+ };
+ // There are different cases for wildcards but now also the second CSPSource
+ // has a more specific path.
+ for (const auto& test : cases) {
+ CSPSource* returned =
+ new CSPSource(csp.get(), "http", "example.com", 0, "/",
+ test.aHostDispotion, test.aPortDispotion);
+ CSPSource* required =
+ new CSPSource(csp.get(), "http", "example.com", 0, "/",
+ test.bHostDispotion, test.bPortDispotion);
+ EXPECT_EQ(returned->isSubsumed(required), test.expected);
+
+ // Wildcards should not matter when required csp is stricter than returned
+ // csp.
+ CSPSource* required2 =
+ new CSPSource(csp.get(), "https", "example.com", 0, "/",
+ test.bHostDispotion, test.bPortDispotion);
+ EXPECT_FALSE(returned->isSubsumed(required2));
+ }
+}
+
+TEST_F(CSPSourceTest, IsSubsumedSchemesOnly) {
+ struct TestCase {
+ String aScheme;
+ String bScheme;
+ bool expected;
+ } cases[] = {
+ // HTTP
+ {"http", "http", true},
+ {"http", "https", false},
+ {"https", "http", true},
+ {"https", "https", true},
+ // WSS
+ {"ws", "ws", true},
+ {"ws", "wss", false},
+ {"wss", "ws", true},
+ {"wss", "wss", true},
+ // Unequal
+ {"ws", "http", false},
+ {"http", "ws", false},
+ {"http", "about", false},
+ };
+ for (const auto& test : cases) {
+ CSPSource* returned =
+ new CSPSource(csp.get(), test.aScheme, "example.com", 0, "/",
+ CSPSource::NoWildcard, CSPSource::NoWildcard);
+ CSPSource* required =
+ new CSPSource(csp.get(), test.bScheme, "example.com", 0, "/",
+ CSPSource::NoWildcard, CSPSource::NoWildcard);
+ EXPECT_EQ(returned->isSubsumed(required), test.expected);
+ }
+}
+
} // namespace blink

Powered by Google App Engine
This is Rietveld 408576698