Index: third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp b/third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp |
index d73634abe119d2c8c737a73df7f79a16509aa358..c9f16700d83011311de3b31c057881a96761cb0b 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp |
@@ -20,6 +20,15 @@ class SourceListDirectiveTest : public ::testing::Test { |
SourceListDirectiveTest() : csp(ContentSecurityPolicy::create()) {} |
protected: |
+ struct Source { |
+ String scheme; |
+ String host; |
+ const int port; |
+ String path; |
+ CSPSource::WildcardDisposition hostWildcard; |
+ CSPSource::WildcardDisposition portWildcard; |
+ }; |
+ |
virtual void SetUp() { |
KURL secureURL(ParsedURLString, "https://example.test/image.png"); |
RefPtr<SecurityOrigin> secureOrigin(SecurityOrigin::create(secureURL)); |
@@ -28,6 +37,12 @@ class SourceListDirectiveTest : public ::testing::Test { |
csp->bindToExecutionContext(document.get()); |
} |
+ bool equalSources(const Source& a, const Source& b) { |
+ return a.scheme == b.scheme && a.host == b.host && a.port == b.port && |
+ a.path == b.path && a.hostWildcard == b.hostWildcard && |
+ a.portWildcard == b.portWildcard; |
+ } |
+ |
Persistent<ContentSecurityPolicy> csp; |
Persistent<Document> document; |
}; |
@@ -213,4 +228,69 @@ TEST_F(SourceListDirectiveTest, RedirectMatching) { |
ResourceRequest::RedirectStatus::FollowedRedirect)); |
} |
+TEST_F(SourceListDirectiveTest, GetIntersectCSPSources) { |
+ KURL base; |
+ String sources = |
+ "http://example1.com/foo/ http://*.example2.com/bar/ " |
+ "http://*.example3.com:*/bar/"; |
+ SourceListDirective sourceList("script-src", sources, csp.get()); |
+ struct TestCase { |
+ String sources; |
+ String expected; |
+ } cases[] = { |
+ {"http://example1.com/foo/ http://example2.com/bar/", |
+ "http://example1.com/foo/ http://example2.com/bar/"}, |
+ // Normalizing schemes. |
+ {"https://example1.com/foo/ http://example2.com/bar/", |
+ "https://example1.com/foo/ http://example2.com/bar/"}, |
+ {"https://example1.com/foo/ https://example2.com/bar/", |
+ "https://example1.com/foo/ https://example2.com/bar/"}, |
+ {"https://example1.com/foo/ wss://example2.com/bar/", |
+ "https://example1.com/foo/"}, |
+ // Normalizing hosts. |
+ {"http://*.example1.com/foo/ http://*.example2.com/bar/", |
+ "http://example1.com/foo/ http://*.example2.com/bar/"}, |
+ {"http://*.example1.com/foo/ http://foo.example2.com/bar/", |
+ "http://example1.com/foo/ http://foo.example2.com/bar/"}, |
+ // Normalizing ports. |
+ {"http://example1.com:80/foo/ http://example2.com/bar/", |
+ "http://example1.com:80/foo/ http://example2.com/bar/"}, |
+ {"http://example1.com/foo/ http://example2.com:90/bar/", |
+ "http://example1.com/foo/"}, |
+ {"http://example1.com:*/foo/ http://example2.com/bar/", |
+ "http://example1.com/foo/ http://example2.com/bar/"}, |
+ {"http://*.example3.com:100/bar/ http://example1.com/foo/", |
+ "http://example1.com/foo/ http://*.example3.com:100/bar/"}, |
+ // Normalizing paths. |
+ {"http://example1.com/ http://example2.com/", |
+ "http://example1.com/foo/ http://example2.com/bar/"}, |
+ {"http://example1.com/foo/index.html http://example2.com/bar/", |
+ "http://example1.com/foo/index.html http://example2.com/bar/"}, |
+ {"http://example1.com/bar http://example2.com/bar/", |
+ "http://example2.com/bar/"}, |
+ // Not similar to be normalized |
+ {"http://non-example1.com/foo/ http://non-example2.com/bar/", ""}, |
+ {"https://non-example1.com/foo/ wss://non-example2.com/bar/", ""}, |
+ }; |
+ |
+ for (const auto& test : cases) { |
+ SourceListDirective secondList("script-src", test.sources, csp.get()); |
+ HeapVector<Member<CSPSource>> normalized = |
+ sourceList.getIntersectCSPSources(secondList.m_list); |
+ SourceListDirective helperSourceList("script-src", test.expected, |
+ csp.get()); |
+ HeapVector<Member<CSPSource>> expected = helperSourceList.m_list; |
+ EXPECT_EQ(normalized.size(), expected.size()); |
+ for (size_t i = 0; i < normalized.size(); i++) { |
+ Source a = {normalized[i]->m_scheme, normalized[i]->m_host, |
+ normalized[i]->m_port, normalized[i]->m_path, |
+ normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; |
+ Source b = {expected[i]->m_scheme, expected[i]->m_host, |
+ expected[i]->m_port, expected[i]->m_path, |
+ expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; |
+ EXPECT_TRUE(equalSources(a, b)); |
+ } |
+ } |
+} |
+ |
} // namespace blink |