third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp - Issue 2487983003: Part 2.3: Is policy list subsumed under subsuming policy?

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp

Issue 2487983003: Part 2.3: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: Separating scheme to scheme normalization Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/csp/SourceListDirective.h"	5 #include "core/frame/csp/SourceListDirective.h"

6	6

7 #include "core/dom/Document.h"	7 #include "core/dom/Document.h"

8 #include "core/frame/csp/CSPSource.h"	8 #include "core/frame/csp/CSPSource.h"

9 #include "core/frame/csp/ContentSecurityPolicy.h"	9 #include "core/frame/csp/ContentSecurityPolicy.h"

10 #include "platform/network/ResourceRequest.h"	10 #include "platform/network/ResourceRequest.h"

(...skipping 235 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
246 {"https://example1.com/foo/ https://example2.com/bar/",	246 {"https://example1.com/foo/ https://example2.com/bar/",

247 "https://example1.com/foo/ https://example2.com/bar/"},	247 "https://example1.com/foo/ https://example2.com/bar/"},

248 {"https://example1.com/foo/ wss://example2.com/bar/",	248 {"https://example1.com/foo/ wss://example2.com/bar/",

249 "https://example1.com/foo/"},	249 "https://example1.com/foo/"},

250 // Normalizing hosts.	250 // Normalizing hosts.

251 {"http://.example1.com/foo/ http://.example2.com/bar/",	251 {"http://.example1.com/foo/ http://.example2.com/bar/",

252 "http://example1.com/foo/ http://*.example2.com/bar/"},	252 "http://example1.com/foo/ http://*.example2.com/bar/"},

253 {"http://*.example1.com/foo/ http://foo.example2.com/bar/",	253 {"http://*.example1.com/foo/ http://foo.example2.com/bar/",

254 "http://example1.com/foo/ http://foo.example2.com/bar/"},	254 "http://example1.com/foo/ http://foo.example2.com/bar/"},

255 // Normalizing ports.	255 // Normalizing ports.

256 {"http://example1.com:80/foo/ http://example2.com/bar/",	256 {"http://example1.com/foo/ http://example2.com/bar/",

257 "http://example1.com:80/foo/ http://example2.com/bar/"},	257 "http://example1.com/foo/ http://example2.com/bar/"},

258 {"http://example1.com/foo/ http://example2.com:90/bar/",	258 {"http://example1.com/foo/ http://example2.com:90/bar/",

259 "http://example1.com/foo/"},	259 "http://example1.com/foo/"},

260 {"http://example1.com:*/foo/ http://example2.com/bar/",	260 {"http://example1.com:*/foo/ http://example2.com/bar/",

261 "http://example1.com/foo/ http://example2.com/bar/"},	261 "http://example1.com/foo/ http://example2.com/bar/"},

262 {"http://*.example3.com:100/bar/ http://example1.com/foo/",	262 {"http://*.example3.com:100/bar/ http://example1.com/foo/",

263 "http://example1.com/foo/ http://*.example3.com:100/bar/"},	263 "http://example1.com/foo/ http://*.example3.com:100/bar/"},

264 // Normalizing paths.	264 // Normalizing paths.

265 {"http://example1.com/ http://example2.com/",	265 {"http://example1.com/ http://example2.com/",

266 "http://example1.com/foo/ http://example2.com/bar/"},	266 "http://example1.com/foo/ http://example2.com/bar/"},

267 {"http://example1.com/foo/index.html http://example2.com/bar/",	267 {"http://example1.com/foo/index.html http://example2.com/bar/",

(...skipping 18 matching lines...) Expand all Loading...
286 normalized[i]->m_port, normalized[i]->m_path,	286 normalized[i]->m_port, normalized[i]->m_path,

287 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard};	287 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard};

288 Source b = {expected[i]->m_scheme, expected[i]->m_host,	288 Source b = {expected[i]->m_scheme, expected[i]->m_host,

289 expected[i]->m_port, expected[i]->m_path,	289 expected[i]->m_port, expected[i]->m_path,

290 expected[i]->m_hostWildcard, expected[i]->m_portWildcard};	290 expected[i]->m_hostWildcard, expected[i]->m_portWildcard};

291 EXPECT_TRUE(equalSources(a, b));	291 EXPECT_TRUE(equalSources(a, b));

292 }	292 }

293 }	293 }

294 }	294 }

295	295

	296 TEST_F(SourceListDirectiveTest, GetIntersectCSPSourcesSchemes) {

	297 SourceListDirective listA("script-src",

	298 "http: http://example1.com/foo/ "

	299 "https://example1.com/foo/ "

	300 "http://example1.com/bar/page.html "

	301 "wss: ws://another.test/bar/",

	302 csp.get());

	303 struct TestCase {

	304 String sources;

	305 String expected;

	306 String expectedReversed;

	307 } cases[] = {{"http:", "http:"},

	308 {"https:", "https:"},

	309 {"ws:", "wss: ws://another.test/bar/"},

	310 {"wss:", "wss:"},

	311 {"https: ws:", "wss: https: ws://another.test/bar/"},

	312 {"https: http: wss:", "http: wss:"},

	313 {"https: http: wss:", "http: wss:"},

	314 {"https: http://another-example1.com/bar/",

	315 "https: http://another-example1.com/bar/"},
	amalika 2016/11/19 18:34:32 The above tests the proper functionality of `getIn The above tests the proper functionality of `getIntersectSchemesOnly`
	316 {"http://*.example1.com/",

	317 "http://*.example1.com/ http://example1.com/foo/ "

	318 "https://example1.com/foo/ http://example1.com/bar/page.html"},

	319 {"http://example1.com/foo/ https://example1.com/foo/",

	320 "http://example1.com/foo/ https://example1.com/foo/ "

	321 "http://example1.com/foo/ https://example1.com/foo/"},

	322 {"https://example1.com/foo/ http://example1.com/foo/",

	323 "https://example1.com/foo/ http://example1.com/foo/ "

	324 "http://example1.com/foo/ https://example1.com/foo/"},
	amalika 2016/11/19 18:34:32 The normalization of a list of CSPSources is not s The normalization of a list of CSPSources is not symmetric because we match one list to another one by one. For example, in this case if we were to normalized listB to listA the result would be "https://example1.com/foo/ http://example1.com/foo/". When we normalized listA to listB, we get repetitions because listB does not have `http`, we then try to match all `http` source expressions to make sure we add them. We could make an optimization to check whether a certain CSPSource was already added to avoid adding it again, but not sure if it is necessary?
	325 // If exaclty the same policy is specified, it is optimized.

	326 {"http: http://example1.com/foo/ https://example1.com/foo/ "

	327 "http://example1.com/bar/page.html wss: ws://another.test/bar/",

	328 "http: wss: ws://another.test/bar/"}};

	329

	330 for (const auto& test : cases) {

	331 SourceListDirective listB("script-src", test.sources, csp.get());

	332 HeapVector<Member<CSPSource>> normalized =

	333 listA.getIntersectCSPSources(listB.m_list);

	334

	335 SourceListDirective helperSourceList("script-src", test.expected,

	336 csp.get());

	337 HeapVector<Member<CSPSource>> expected = helperSourceList.m_list;

	338 EXPECT_EQ(normalized.size(), expected.size());

	339 for (size_t i = 0; i < expected.size(); i++) {

	340 Source a = {expected[i]->m_scheme, expected[i]->m_host,

	341 expected[i]->m_port, expected[i]->m_path,

	342 expected[i]->m_hostWildcard, expected[i]->m_portWildcard};

	343 Source b = {normalized[i]->m_scheme, normalized[i]->m_host,

	344 normalized[i]->m_port, normalized[i]->m_path,

	345 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard};

	346 EXPECT_TRUE(equalSources(a, b));

	347 }

	348 }

	349 }

	350

296 } // namespace blink	351 } // namespace blink

OLD	NEW

« third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp ('k') | no next file » | no next file with comments »