| Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
|
| index 05d42a15802e9f8243719c10f19dc191b7f48a59..f706bb83f385a906c496654f0d57c299779257b4 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
|
| @@ -123,4 +123,212 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
|
| EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/")));
|
| }
|
|
|
| +TEST_F(CSPSourceTest, IsSubsumedNotSimilar) {
|
| + struct TestCase {
|
| + String aScheme;
|
| + String bScheme;
|
| + String aHost;
|
| + String bHost;
|
| + String aPath;
|
| + String bPath;
|
| + int aPort;
|
| + int bPort;
|
| + } cases[] = {
|
| + {"http", "http", "example.com", "another.com", "/", "/", 0, 0},
|
| + {"wss", "http", "example.com", "example.com", "/", "/", 0, 0},
|
| + {"wss", "about", "example.com", "example.com", "/", "/", 0, 0},
|
| + {"http", "about", "example.com", "example.com", "/", "/", 0, 0},
|
| + {"http", "http", "example.com", "example.com", "/path1.html",
|
| + "/path2.html", 0, 0},
|
| + {"http", "http", "example.com", "example.com", "/", "/", 433, 800},
|
| + };
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned =
|
| + new CSPSource(csp.get(), test.aScheme, test.aHost, test.aPort,
|
| + test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| + CSPSource* required =
|
| + new CSPSource(csp.get(), test.bScheme, test.bHost, test.bPort,
|
| + test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| + EXPECT_FALSE(returned->isSubsumed(required));
|
| + // Verify the same test with a and b swapped.
|
| + EXPECT_FALSE(required->isSubsumed(returned));
|
| + }
|
| +}
|
| +
|
| +TEST_F(CSPSourceTest, IsSubsumedNoWildcards) {
|
| + struct TestCase {
|
| + String aScheme;
|
| + String bScheme;
|
| + String aPath;
|
| + String bPath;
|
| + int aPort;
|
| + int bPort;
|
| + bool expected;
|
| + bool expectedWhenSwapped;
|
| + } cases[] = {
|
| + // Equal signals
|
| + {"http", "http", "/", "/", 0, 0, true, true},
|
| + {"https", "https", "/", "/", 0, 0, true, true},
|
| + {"http", "http", "/page1.html", "/page1.html", 0, 0, true, true},
|
| + {"http", "http", "/", "/", 80, 80, true, true},
|
| + {"https", "https", "/", "/", 80, 80, true, true},
|
| + {"https", "https", "/page1.html", "/page1.html", 0, 0, true, true},
|
| + {"http", "http", "/page1.html", "/page1.html", 80, 80, true, true},
|
| + {"https", "https", "/page1.html", "/page1.html", 80, 80, true, true},
|
| + // One stronger signal in the first CSPSource
|
| + {"https", "http", "/", "/", 0, 0, true, false},
|
| + {"http", "http", "/page1.html", "/", 0, 0, true, false},
|
| + {"http", "http", "/", "/", 800, 0, false, false}, // ports do not match
|
| + // Two stronger signals in the first CSPSource
|
| + {"https", "http", "/page1.html", "/", 0, 0, true, false},
|
| + {"https", "http", "/", "/", 800, 0, false, false},
|
| + {"http", "http", "/page1.html", "/", 800, 0, false, false},
|
| + // Three stronger signals in the first CSPSource
|
| + {"https", "http", "/page1.html", "/", 800, 0, false,
|
| + false}, // ports do not match
|
| + // Mixed signals
|
| + {"https", "http", "/", "/page1.html", 0, 0, false, false},
|
| + {"https", "http", "/", "/", 0, 800, false, false},
|
| + {"http", "http", "/page1.html", "/", 0, 800, false, false},
|
| + };
|
| +
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned =
|
| + new CSPSource(csp.get(), test.aScheme, "example.com", test.aPort,
|
| + test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| +
|
| + CSPSource* required =
|
| + new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
|
| + test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| +
|
| + EXPECT_EQ(returned->isSubsumed(required), test.expected);
|
| + // Verify the same test with a and b swapped.
|
| + EXPECT_EQ(required->isSubsumed(returned), test.expectedWhenSwapped);
|
| + }
|
| +
|
| + // When returned CSP has a wildcard but the required csp does not, then it is
|
| + // not subsumed.
|
| + // returned csp has a host wildcard.
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned = new CSPSource(
|
| + csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
|
| + CSPSource::HasWildcard, CSPSource::NoWildcard);
|
| +
|
| + CSPSource* required =
|
| + new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
|
| + test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| +
|
| + EXPECT_FALSE(returned->isSubsumed(required));
|
| + }
|
| +
|
| + // required csp has a host wildcard now too.
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned = new CSPSource(
|
| + csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
|
| + CSPSource::HasWildcard, CSPSource::NoWildcard);
|
| +
|
| + CSPSource* required = new CSPSource(
|
| + csp.get(), test.bScheme, "example.com", test.bPort, test.bPath,
|
| + CSPSource::HasWildcard, CSPSource::NoWildcard);
|
| +
|
| + EXPECT_EQ(returned->isSubsumed(required), test.expected);
|
| + }
|
| +}
|
| +
|
| +TEST_F(CSPSourceTest, IsSubsumedWildcards) {
|
| + // Hosts must be equal, schemes matching as well as paths.
|
| + struct TestCase {
|
| + CSPSource::WildcardDisposition aHostDispotion;
|
| + CSPSource::WildcardDisposition aPortDispotion;
|
| + CSPSource::WildcardDisposition bHostDispotion;
|
| + CSPSource::WildcardDisposition bPortDispotion;
|
| + bool expected;
|
| + } cases[] = {
|
| + // One out of four possible wildcards.
|
| + {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
|
| + CSPSource::NoWildcard, false},
|
| + {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
|
| + CSPSource::NoWildcard, false},
|
| + {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
|
| + CSPSource::NoWildcard, true},
|
| + // Two out of four possible wildcards.
|
| + {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
|
| + CSPSource::NoWildcard, false},
|
| + {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
|
| + CSPSource::NoWildcard, true},
|
| + {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
|
| + CSPSource::HasWildcard, false},
|
| + {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
|
| + CSPSource::NoWildcard, false},
|
| + {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + // Three out of four possible wildcards.
|
| + {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
|
| + CSPSource::NoWildcard, false},
|
| + {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
|
| + CSPSource::HasWildcard, false},
|
| + {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + // Four out of four possible wildcards.
|
| + {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
|
| + CSPSource::HasWildcard, true},
|
| + };
|
| + // There are different cases for wildcards but now also the second CSPSource
|
| + // has a more specific path.
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned =
|
| + new CSPSource(csp.get(), "http", "example.com", 0, "/",
|
| + test.aHostDispotion, test.aPortDispotion);
|
| + CSPSource* required =
|
| + new CSPSource(csp.get(), "http", "example.com", 0, "/",
|
| + test.bHostDispotion, test.bPortDispotion);
|
| + EXPECT_EQ(returned->isSubsumed(required), test.expected);
|
| +
|
| + // Wildcards should not matter when required csp is stricter than returned
|
| + // csp.
|
| + CSPSource* required2 =
|
| + new CSPSource(csp.get(), "https", "example.com", 0, "/",
|
| + test.bHostDispotion, test.bPortDispotion);
|
| + EXPECT_FALSE(returned->isSubsumed(required2));
|
| + }
|
| +}
|
| +
|
| +TEST_F(CSPSourceTest, IsSubsumedSchemesOnly) {
|
| + struct TestCase {
|
| + String aScheme;
|
| + String bScheme;
|
| + bool expected;
|
| + } cases[] = {
|
| + // HTTP
|
| + {"http", "http", true},
|
| + {"http", "https", false},
|
| + {"https", "http", true},
|
| + {"https", "https", true},
|
| + // WSS
|
| + {"ws", "ws", true},
|
| + {"ws", "wss", false},
|
| + {"wss", "ws", true},
|
| + {"wss", "wss", true},
|
| + // Unequal
|
| + {"ws", "http", false},
|
| + {"http", "ws", false},
|
| + {"http", "about", false},
|
| + };
|
| + for (const auto& test : cases) {
|
| + CSPSource* returned =
|
| + new CSPSource(csp.get(), test.aScheme, "example.com", 0, "/",
|
| + CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| + CSPSource* required =
|
| + new CSPSource(csp.get(), test.bScheme, "example.com", 0, "/",
|
| + CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| + EXPECT_EQ(returned->isSubsumed(required), test.expected);
|
| + }
|
| +}
|
| +
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2442513004:
Part 1.1: Is policy list subsumed under subsuming policy? (Closed)
