OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
246 {"https://example1.com/foo/ https://example2.com/bar/", | 246 {"https://example1.com/foo/ https://example2.com/bar/", |
247 "https://example1.com/foo/ https://example2.com/bar/"}, | 247 "https://example1.com/foo/ https://example2.com/bar/"}, |
248 {"https://example1.com/foo/ wss://example2.com/bar/", | 248 {"https://example1.com/foo/ wss://example2.com/bar/", |
249 "https://example1.com/foo/"}, | 249 "https://example1.com/foo/"}, |
250 // Normalizing hosts. | 250 // Normalizing hosts. |
251 {"http://*.example1.com/foo/ http://*.example2.com/bar/", | 251 {"http://*.example1.com/foo/ http://*.example2.com/bar/", |
252 "http://example1.com/foo/ http://*.example2.com/bar/"}, | 252 "http://example1.com/foo/ http://*.example2.com/bar/"}, |
253 {"http://*.example1.com/foo/ http://foo.example2.com/bar/", | 253 {"http://*.example1.com/foo/ http://foo.example2.com/bar/", |
254 "http://example1.com/foo/ http://foo.example2.com/bar/"}, | 254 "http://example1.com/foo/ http://foo.example2.com/bar/"}, |
255 // Normalizing ports. | 255 // Normalizing ports. |
256 {"http://example1.com:80/foo/ http://example2.com/bar/", | 256 {"http://example1.com/foo/ http://example2.com/bar/", |
257 "http://example1.com:80/foo/ http://example2.com/bar/"}, | 257 "http://example1.com/foo/ http://example2.com/bar/"}, |
258 {"http://example1.com/foo/ http://example2.com:90/bar/", | 258 {"http://example1.com/foo/ http://example2.com:90/bar/", |
259 "http://example1.com/foo/"}, | 259 "http://example1.com/foo/"}, |
260 {"http://example1.com:*/foo/ http://example2.com/bar/", | 260 {"http://example1.com:*/foo/ http://example2.com/bar/", |
261 "http://example1.com/foo/ http://example2.com/bar/"}, | 261 "http://example1.com/foo/ http://example2.com/bar/"}, |
262 {"http://*.example3.com:100/bar/ http://example1.com/foo/", | 262 {"http://*.example3.com:100/bar/ http://example1.com/foo/", |
263 "http://example1.com/foo/ http://*.example3.com:100/bar/"}, | 263 "http://example1.com/foo/ http://*.example3.com:100/bar/"}, |
264 // Normalizing paths. | 264 // Normalizing paths. |
265 {"http://example1.com/ http://example2.com/", | 265 {"http://example1.com/ http://example2.com/", |
266 "http://example1.com/foo/ http://example2.com/bar/"}, | 266 "http://example1.com/foo/ http://example2.com/bar/"}, |
267 {"http://example1.com/foo/index.html http://example2.com/bar/", | 267 {"http://example1.com/foo/index.html http://example2.com/bar/", |
(...skipping 18 matching lines...) Expand all Loading... | |
286 normalized[i]->m_port, normalized[i]->m_path, | 286 normalized[i]->m_port, normalized[i]->m_path, |
287 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; | 287 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; |
288 Source b = {expected[i]->m_scheme, expected[i]->m_host, | 288 Source b = {expected[i]->m_scheme, expected[i]->m_host, |
289 expected[i]->m_port, expected[i]->m_path, | 289 expected[i]->m_port, expected[i]->m_path, |
290 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; | 290 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; |
291 EXPECT_TRUE(equalSources(a, b)); | 291 EXPECT_TRUE(equalSources(a, b)); |
292 } | 292 } |
293 } | 293 } |
294 } | 294 } |
295 | 295 |
296 TEST_F(SourceListDirectiveTest, GetIntersectCSPSourcesSchemes) { | |
297 SourceListDirective listA("script-src", | |
298 "http: http://example1.com/foo/ " | |
299 "https://example1.com/foo/ " | |
300 "http://example1.com/bar/page.html " | |
301 "wss: ws://another.test/bar/", | |
302 csp.get()); | |
303 struct TestCase { | |
304 String sources; | |
305 String expected; | |
306 String expectedReversed; | |
307 } cases[] = {{"http:", "http:"}, | |
308 {"https:", "https:"}, | |
309 {"ws:", "wss: ws://another.test/bar/"}, | |
310 {"wss:", "wss:"}, | |
311 {"https: ws:", "wss: https: ws://another.test/bar/"}, | |
312 {"https: http: wss:", "http: wss:"}, | |
313 {"https: http: wss:", "http: wss:"}, | |
314 {"https: http://another-example1.com/bar/", | |
315 "https: http://another-example1.com/bar/"}, | |
amalika
2016/11/19 18:34:32
The above tests the proper functionality of `getIn
| |
316 {"http://*.example1.com/", | |
317 "http://*.example1.com/ http://example1.com/foo/ " | |
318 "https://example1.com/foo/ http://example1.com/bar/page.html"}, | |
319 {"http://example1.com/foo/ https://example1.com/foo/", | |
320 "http://example1.com/foo/ https://example1.com/foo/ " | |
321 "http://example1.com/foo/ https://example1.com/foo/"}, | |
322 {"https://example1.com/foo/ http://example1.com/foo/", | |
323 "https://example1.com/foo/ http://example1.com/foo/ " | |
324 "http://example1.com/foo/ https://example1.com/foo/"}, | |
amalika
2016/11/19 18:34:32
The normalization of a list of CSPSources is not s
| |
325 // If exaclty the same policy is specified, it is optimized. | |
326 {"http: http://example1.com/foo/ https://example1.com/foo/ " | |
327 "http://example1.com/bar/page.html wss: ws://another.test/bar/", | |
328 "http: wss: ws://another.test/bar/"}}; | |
329 | |
330 for (const auto& test : cases) { | |
331 SourceListDirective listB("script-src", test.sources, csp.get()); | |
332 HeapVector<Member<CSPSource>> normalized = | |
333 listA.getIntersectCSPSources(listB.m_list); | |
334 | |
335 SourceListDirective helperSourceList("script-src", test.expected, | |
336 csp.get()); | |
337 HeapVector<Member<CSPSource>> expected = helperSourceList.m_list; | |
338 EXPECT_EQ(normalized.size(), expected.size()); | |
339 for (size_t i = 0; i < expected.size(); i++) { | |
340 Source a = {expected[i]->m_scheme, expected[i]->m_host, | |
341 expected[i]->m_port, expected[i]->m_path, | |
342 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; | |
343 Source b = {normalized[i]->m_scheme, normalized[i]->m_host, | |
344 normalized[i]->m_port, normalized[i]->m_path, | |
345 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; | |
346 EXPECT_TRUE(equalSources(a, b)); | |
347 } | |
348 } | |
349 } | |
350 | |
296 } // namespace blink | 351 } // namespace blink |
OLD | NEW |