Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(435)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Issue 2452903004: Part 2.2: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: After rebasing on part2.1 Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
index 86657a4fdd8a9ca81df5421209ccd30490a40d5e..7c4cd3c66ec241edfd04793d03221a18d4462a9b 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
@@ -445,4 +445,81 @@ TEST_F(CSPSourceTest, IsSimilar) {
}
}
+TEST_F(CSPSourceTest, FirstSubsumesSecond) {
+ struct Source {
+ const char* scheme;
+ const char* host;
+ const char* path;
+ };
+ struct TestCase {
+ const Source returned;
+ String requiredScheme;
+ bool expected;
+ } cases[] = {
+ // Subsumed.
+ {{"http", "example.com", "/"}, "http", true},
+ {{"http", "example.com", "/page.html"}, "http", true},
+ {{"http", "second-example.com", "/"}, "http", true},
+ {{"https", "second-example.com", "/"}, "http", true},
+ {{"http", "second-example.com", "/page.html"}, "http", true},
+ {{"https", "second-example.com", "/page.html"}, "http", true},
+ {{"https", "second-example.com", "/"}, "https", true},
+ {{"https", "second-example.com", "/page.html"}, "https", true},
+ // NOT subsumed.
Mike West 2016/11/10 15:04:54 Scheme-only expressions? Ports?
+ {{"wss", "second-example.com", "/"}, "http", false},
+ {{"http", "non-example.com", "/"}, "http", false},
+ {{"http", "second-example.com", "/"}, "https", false},
+ };
+
+ for (const auto& test : cases) {
+ // Setup default vectors.
+ HeapVector<Member<CSPSource>> required;
+ HeapVector<Member<CSPSource>> returned;
Mike West 2016/11/10 15:04:54 I think |A| and |B| are probably simpler here. |re
+ returned.append(new CSPSource(csp.get(), "http", "example.com", 0, "/",
Mike West 2016/11/10 15:04:55 You're creating these sources every time you go th
+ CSPSource::NoWildcard,
+ CSPSource::NoWildcard));
+ // Empty `required` implies `none` is allowed.
+ EXPECT_FALSE(CSPSource::firstSubsumesSecond(required, returned));
+
+ required.append(new CSPSource(csp.get(), "http", "example.com", 0, "/",
+ CSPSource::NoWildcard,
+ CSPSource::NoWildcard));
+ // Add CSPSources based on the current test.
+ returned.append(new CSPSource(
+ csp.get(), test.returned.scheme, test.returned.host, 0,
+ test.returned.path, CSPSource::NoWildcard, CSPSource::NoWildcard));
+ required.append(
+ new CSPSource(csp.get(), test.requiredScheme, "second-example.com", 0,
+ "/", CSPSource::NoWildcard, CSPSource::NoWildcard));
+ // returned contains: ["http://example.com/", test.returned]
+ // required contains: ["http://example.com/",
+ // test.requiredScheme+"second-example.com/"]
+ EXPECT_EQ(test.expected,
+ CSPSource::firstSubsumesSecond(required, returned));
+
+ // If we add another source to `returned` with a host wildcard,
+ // then the result should definitely be false.
+ returned.append(new CSPSource(csp.get(), "http", "third-example.com", 0,
+ "/", CSPSource::HasWildcard,
+ CSPSource::NoWildcard));
+ EXPECT_FALSE(CSPSource::firstSubsumesSecond(required, returned));
+
+ // If we add another source to `required` with a port wildcard,
+ // it does not make `returned` to be subsumed under `required`.
+ returned.append(new CSPSource(csp.get(), "http", "third-example.com", 0,
+ "/", CSPSource::NoWildcard,
+ CSPSource::HasWildcard));
+ EXPECT_FALSE(CSPSource::firstSubsumesSecond(required, returned));
+
+ // If however we add another source to `required` with both wildcards,
+ // that CSPSource is subsumed, so the answer should be as expected
+ // before.
+ required.append(Member<CSPSource>(
+ new CSPSource(csp.get(), "http", "third-example.com", 0, "/",
+ CSPSource::HasWildcard, CSPSource::HasWildcard)));
+ EXPECT_EQ(test.expected,
+ CSPSource::firstSubsumesSecond(required, returned));
+ }
+}
+
} // namespace blink
« third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698