Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
index 05d42a15802e9f8243719c10f19dc191b7f48a59..f706bb83f385a906c496654f0d57c299779257b4 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
@@ -123,4 +123,212 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
} |
+TEST_F(CSPSourceTest, IsSubsumedNotSimilar) { |
+ struct TestCase { |
+ String aScheme; |
+ String bScheme; |
+ String aHost; |
+ String bHost; |
+ String aPath; |
+ String bPath; |
+ int aPort; |
+ int bPort; |
+ } cases[] = { |
+ {"http", "http", "example.com", "another.com", "/", "/", 0, 0}, |
+ {"wss", "http", "example.com", "example.com", "/", "/", 0, 0}, |
+ {"wss", "about", "example.com", "example.com", "/", "/", 0, 0}, |
+ {"http", "about", "example.com", "example.com", "/", "/", 0, 0}, |
+ {"http", "http", "example.com", "example.com", "/path1.html", |
+ "/path2.html", 0, 0}, |
+ {"http", "http", "example.com", "example.com", "/", "/", 433, 800}, |
+ }; |
+ for (const auto& test : cases) { |
+ CSPSource* returned = |
+ new CSPSource(csp.get(), test.aScheme, test.aHost, test.aPort, |
+ test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ CSPSource* required = |
+ new CSPSource(csp.get(), test.bScheme, test.bHost, test.bPort, |
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ EXPECT_FALSE(returned->isSubsumed(required)); |
+ // Verify the same test with a and b swapped. |
+ EXPECT_FALSE(required->isSubsumed(returned)); |
+ } |
+} |
+ |
+TEST_F(CSPSourceTest, IsSubsumedNoWildcards) { |
+ struct TestCase { |
+ String aScheme; |
+ String bScheme; |
+ String aPath; |
+ String bPath; |
+ int aPort; |
+ int bPort; |
+ bool expected; |
+ bool expectedWhenSwapped; |
+ } cases[] = { |
+ // Equal signals |
+ {"http", "http", "/", "/", 0, 0, true, true}, |
+ {"https", "https", "/", "/", 0, 0, true, true}, |
+ {"http", "http", "/page1.html", "/page1.html", 0, 0, true, true}, |
+ {"http", "http", "/", "/", 80, 80, true, true}, |
+ {"https", "https", "/", "/", 80, 80, true, true}, |
+ {"https", "https", "/page1.html", "/page1.html", 0, 0, true, true}, |
+ {"http", "http", "/page1.html", "/page1.html", 80, 80, true, true}, |
+ {"https", "https", "/page1.html", "/page1.html", 80, 80, true, true}, |
+ // One stronger signal in the first CSPSource |
+ {"https", "http", "/", "/", 0, 0, true, false}, |
+ {"http", "http", "/page1.html", "/", 0, 0, true, false}, |
+ {"http", "http", "/", "/", 800, 0, false, false}, // ports do not match |
+ // Two stronger signals in the first CSPSource |
+ {"https", "http", "/page1.html", "/", 0, 0, true, false}, |
+ {"https", "http", "/", "/", 800, 0, false, false}, |
+ {"http", "http", "/page1.html", "/", 800, 0, false, false}, |
+ // Three stronger signals in the first CSPSource |
+ {"https", "http", "/page1.html", "/", 800, 0, false, |
+ false}, // ports do not match |
+ // Mixed signals |
+ {"https", "http", "/", "/page1.html", 0, 0, false, false}, |
+ {"https", "http", "/", "/", 0, 800, false, false}, |
+ {"http", "http", "/page1.html", "/", 0, 800, false, false}, |
+ }; |
+ |
+ for (const auto& test : cases) { |
+ CSPSource* returned = |
+ new CSPSource(csp.get(), test.aScheme, "example.com", test.aPort, |
+ test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ |
+ CSPSource* required = |
+ new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort, |
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ |
+ EXPECT_EQ(returned->isSubsumed(required), test.expected); |
+ // Verify the same test with a and b swapped. |
+ EXPECT_EQ(required->isSubsumed(returned), test.expectedWhenSwapped); |
+ } |
+ |
+ // When returned CSP has a wildcard but the required csp does not, then it is |
+ // not subsumed. |
+ // returned csp has a host wildcard. |
+ for (const auto& test : cases) { |
+ CSPSource* returned = new CSPSource( |
+ csp.get(), test.aScheme, "example.com", test.aPort, test.aPath, |
+ CSPSource::HasWildcard, CSPSource::NoWildcard); |
+ |
+ CSPSource* required = |
+ new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort, |
+ test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ |
+ EXPECT_FALSE(returned->isSubsumed(required)); |
+ } |
+ |
+ // required csp has a host wildcard now too. |
+ for (const auto& test : cases) { |
+ CSPSource* returned = new CSPSource( |
+ csp.get(), test.aScheme, "example.com", test.aPort, test.aPath, |
+ CSPSource::HasWildcard, CSPSource::NoWildcard); |
+ |
+ CSPSource* required = new CSPSource( |
+ csp.get(), test.bScheme, "example.com", test.bPort, test.bPath, |
+ CSPSource::HasWildcard, CSPSource::NoWildcard); |
+ |
+ EXPECT_EQ(returned->isSubsumed(required), test.expected); |
+ } |
+} |
+ |
+TEST_F(CSPSourceTest, IsSubsumedWildcards) { |
+ // Hosts must be equal, schemes matching as well as paths. |
+ struct TestCase { |
+ CSPSource::WildcardDisposition aHostDispotion; |
+ CSPSource::WildcardDisposition aPortDispotion; |
+ CSPSource::WildcardDisposition bHostDispotion; |
+ CSPSource::WildcardDisposition bPortDispotion; |
+ bool expected; |
+ } cases[] = { |
+ // One out of four possible wildcards. |
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
+ CSPSource::NoWildcard, false}, |
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
+ CSPSource::NoWildcard, false}, |
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
+ CSPSource::HasWildcard, true}, |
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
+ CSPSource::NoWildcard, true}, |
+ // Two out of four possible wildcards. |
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
+ CSPSource::NoWildcard, false}, |
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
+ CSPSource::NoWildcard, true}, |
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
+ CSPSource::HasWildcard, false}, |
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
+ CSPSource::NoWildcard, false}, |
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
+ CSPSource::HasWildcard, true}, |
+ {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
+ CSPSource::HasWildcard, true}, |
+ // Three out of four possible wildcards. |
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
+ CSPSource::NoWildcard, false}, |
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
+ CSPSource::HasWildcard, false}, |
+ {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
+ CSPSource::HasWildcard, true}, |
+ {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
+ CSPSource::HasWildcard, true}, |
+ // Four out of four possible wildcards. |
+ {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
+ CSPSource::HasWildcard, true}, |
+ }; |
+ // There are different cases for wildcards but now also the second CSPSource |
+ // has a more specific path. |
+ for (const auto& test : cases) { |
+ CSPSource* returned = |
+ new CSPSource(csp.get(), "http", "example.com", 0, "/", |
+ test.aHostDispotion, test.aPortDispotion); |
+ CSPSource* required = |
+ new CSPSource(csp.get(), "http", "example.com", 0, "/", |
+ test.bHostDispotion, test.bPortDispotion); |
+ EXPECT_EQ(returned->isSubsumed(required), test.expected); |
+ |
+ // Wildcards should not matter when required csp is stricter than returned |
+ // csp. |
+ CSPSource* required2 = |
+ new CSPSource(csp.get(), "https", "example.com", 0, "/", |
+ test.bHostDispotion, test.bPortDispotion); |
+ EXPECT_FALSE(returned->isSubsumed(required2)); |
+ } |
+} |
+ |
+TEST_F(CSPSourceTest, IsSubsumedSchemesOnly) { |
+ struct TestCase { |
+ String aScheme; |
+ String bScheme; |
+ bool expected; |
+ } cases[] = { |
+ // HTTP |
+ {"http", "http", true}, |
+ {"http", "https", false}, |
+ {"https", "http", true}, |
+ {"https", "https", true}, |
+ // WSS |
+ {"ws", "ws", true}, |
+ {"ws", "wss", false}, |
+ {"wss", "ws", true}, |
+ {"wss", "wss", true}, |
+ // Unequal |
+ {"ws", "http", false}, |
+ {"http", "ws", false}, |
+ {"http", "about", false}, |
+ }; |
+ for (const auto& test : cases) { |
+ CSPSource* returned = |
+ new CSPSource(csp.get(), test.aScheme, "example.com", 0, "/", |
+ CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ CSPSource* required = |
+ new CSPSource(csp.get(), test.bScheme, "example.com", 0, "/", |
+ CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ EXPECT_EQ(returned->isSubsumed(required), test.expected); |
+ } |
+} |
+ |
} // namespace blink |