OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ResourceRequest.h" | 9 #include "platform/network/ResourceRequest.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
11 #include "platform/weborigin/SecurityOrigin.h" | 11 #include "platform/weborigin/SecurityOrigin.h" |
12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
13 | 13 |
14 namespace blink { | 14 namespace blink { |
15 | 15 |
16 class CSPSourceTest : public ::testing::Test { | 16 class CSPSourceTest : public ::testing::Test { |
17 public: | 17 public: |
18 CSPSourceTest() : csp(ContentSecurityPolicy::create()) {} | 18 CSPSourceTest() : csp(ContentSecurityPolicy::create()) {} |
19 | 19 |
20 protected: | 20 protected: |
21 Persistent<ContentSecurityPolicy> csp; | 21 Persistent<ContentSecurityPolicy> csp; |
22 struct Source { | |
23 String scheme; | |
24 String host; | |
25 String path; | |
26 const int port; | |
Mike West
2016/11/24 14:00:54
Nit: Can you add a comment about the meaning of `0
amalika
2016/11/24 14:50:33
Added!
| |
27 CSPSource::WildcardDisposition hostWildcard; | |
28 CSPSource::WildcardDisposition portWildcard; | |
29 }; | |
30 | |
31 bool equalSources(const Source& a, const Source& b) { | |
32 return a.scheme == b.scheme && a.host == b.host && a.port == b.port && | |
33 a.path == b.path && a.hostWildcard == b.hostWildcard && | |
34 a.portWildcard == b.portWildcard; | |
35 } | |
22 }; | 36 }; |
23 | 37 |
24 TEST_F(CSPSourceTest, BasicMatching) { | 38 TEST_F(CSPSourceTest, BasicMatching) { |
25 KURL base; | 39 KURL base; |
26 CSPSource source(csp.get(), "http", "example.com", 8000, "/foo/", | 40 CSPSource source(csp.get(), "http", "example.com", 8000, "/foo/", |
27 CSPSource::NoWildcard, CSPSource::NoWildcard); | 41 CSPSource::NoWildcard, CSPSource::NoWildcard); |
28 | 42 |
29 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/"))); | 43 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/"))); |
30 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/bar"))); | 44 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/bar"))); |
31 EXPECT_TRUE(source.matches(KURL(base, "HTTP://EXAMPLE.com:8000/foo/BAR"))); | 45 EXPECT_TRUE(source.matches(KURL(base, "HTTP://EXAMPLE.com:8000/foo/BAR"))); |
(...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
533 listB.append(httpsOnly); | 547 listB.append(httpsOnly); |
534 EXPECT_FALSE(CSPSource::firstSubsumesSecond(listA, listB)); | 548 EXPECT_FALSE(CSPSource::firstSubsumesSecond(listA, listB)); |
535 | 549 |
536 // If we add a scheme-source expression of 'http' to `listA`, then it should | 550 // If we add a scheme-source expression of 'http' to `listA`, then it should |
537 // subsume all current epxression in `listB`. | 551 // subsume all current epxression in `listB`. |
538 listA.append(httpOnly); | 552 listA.append(httpOnly); |
539 EXPECT_TRUE(CSPSource::firstSubsumesSecond(listA, listB)); | 553 EXPECT_TRUE(CSPSource::firstSubsumesSecond(listA, listB)); |
540 } | 554 } |
541 } | 555 } |
542 | 556 |
557 TEST_F(CSPSourceTest, Intersect) { | |
558 struct TestCase { | |
559 const Source a; | |
560 const Source b; | |
561 const Source normalized; | |
562 } cases[] = { | |
563 {{"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
564 CSPSource::NoWildcard}, | |
565 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
566 CSPSource::NoWildcard}, | |
567 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
568 CSPSource::NoWildcard}}, | |
569 {{"ws", "example.com", "/", 0, CSPSource::NoWildcard, | |
570 CSPSource::NoWildcard}, | |
571 {"wss", "example.com", "/", 0, CSPSource::NoWildcard, | |
572 CSPSource::NoWildcard}, | |
573 {"wss", "example.com", "/", 0, CSPSource::NoWildcard, | |
574 CSPSource::NoWildcard}}, | |
575 // Wildcards | |
576 {{"http", "example.com", "/", 0, CSPSource::HasWildcard, | |
577 CSPSource::NoWildcard}, | |
578 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
579 CSPSource::NoWildcard}, | |
580 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
581 CSPSource::NoWildcard}}, | |
582 {{"http", "example.com", "/", 0, CSPSource::HasWildcard, | |
583 CSPSource::HasWildcard}, | |
584 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
585 CSPSource::NoWildcard}, | |
586 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
587 CSPSource::NoWildcard}}, | |
588 {{"http", "example.com", "/", 0, CSPSource::HasWildcard, | |
589 CSPSource::NoWildcard}, | |
590 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
591 CSPSource::HasWildcard}, | |
592 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
593 CSPSource::NoWildcard}}, | |
594 // Ports | |
595 {{"http", "example.com", "/", 80, CSPSource::NoWildcard, | |
596 CSPSource::NoWildcard}, | |
597 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
598 CSPSource::NoWildcard}, | |
599 {"http", "example.com", "/", 80, CSPSource::NoWildcard, | |
600 CSPSource::NoWildcard}}, | |
601 // Paths | |
602 {{"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
603 CSPSource::NoWildcard}, | |
604 {"http", "example.com", "/1.html", 0, CSPSource::NoWildcard, | |
605 CSPSource::NoWildcard}, | |
606 {"http", "example.com", "/1.html", 0, CSPSource::NoWildcard, | |
607 CSPSource::NoWildcard}}, | |
608 {{"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
609 CSPSource::NoWildcard}, | |
610 {"http", "example.com", "", 0, CSPSource::NoWildcard, | |
611 CSPSource::NoWildcard}, | |
612 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
613 CSPSource::NoWildcard}}, | |
614 {{"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
615 CSPSource::NoWildcard}, | |
616 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard, | |
617 CSPSource::NoWildcard}, | |
618 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard, | |
619 CSPSource::NoWildcard}}, | |
620 {{"http", "example.com", "/a/", 0, CSPSource::NoWildcard, | |
621 CSPSource::NoWildcard}, | |
622 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard, | |
623 CSPSource::NoWildcard}, | |
624 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard, | |
625 CSPSource::NoWildcard}}, | |
626 {{"http", "example.com", "/a/", 0, CSPSource::NoWildcard, | |
627 CSPSource::NoWildcard}, | |
628 {"http", "example.com", "/a/b/1.html", 0, CSPSource::NoWildcard, | |
629 CSPSource::NoWildcard}, | |
630 {"http", "example.com", "/a/b/1.html", 0, CSPSource::NoWildcard, | |
631 CSPSource::NoWildcard}}, | |
632 // Mixed | |
633 {{"http", "example.com", "/1.html", 0, CSPSource::NoWildcard, | |
634 CSPSource::NoWildcard}, | |
635 {"http", "example.com", "/", 80, CSPSource::NoWildcard, | |
636 CSPSource::NoWildcard}, | |
637 {"http", "example.com", "/1.html", 80, CSPSource::NoWildcard, | |
638 CSPSource::NoWildcard}}, | |
639 }; | |
640 | |
641 for (const auto& test : cases) { | |
642 CSPSource* A = | |
643 new CSPSource(csp.get(), test.a.scheme, test.a.host, test.a.port, | |
644 test.a.path, test.a.hostWildcard, test.a.portWildcard); | |
645 CSPSource* B = | |
646 new CSPSource(csp.get(), test.b.scheme, test.b.host, test.b.port, | |
647 test.b.path, test.b.hostWildcard, test.b.portWildcard); | |
648 | |
649 CSPSource* normalized = A->intersect(B); | |
650 Source intersectAB = { | |
651 normalized->m_scheme, normalized->m_host, | |
652 normalized->m_path, normalized->m_port, | |
653 normalized->m_hostWildcard, normalized->m_portWildcard}; | |
654 EXPECT_TRUE(equalSources(intersectAB, test.normalized)); | |
655 | |
656 // Verify the same test with A and B swapped. The result should be | |
657 // identical. | |
658 normalized = B->intersect(A); | |
659 Source intersectBA = { | |
660 normalized->m_scheme, normalized->m_host, | |
661 normalized->m_path, normalized->m_port, | |
662 normalized->m_hostWildcard, normalized->m_portWildcard}; | |
663 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); | |
664 } | |
665 } | |
666 | |
667 TEST_F(CSPSourceTest, IntersectSchemesOnly) { | |
668 struct TestCase { | |
669 const Source a; | |
670 const Source b; | |
671 const Source normalized; | |
672 } cases[] = { | |
673 // Both sources are schemes only. | |
674 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
675 {"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
676 {"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}}, | |
677 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
678 {"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
679 {"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}}, | |
680 {{"ws", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
681 {"wss", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
682 {"wss", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}}, | |
683 // One source is a scheme only and the other one has no wildcards. | |
684 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
685 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
686 CSPSource::NoWildcard}, | |
687 {"http", "example.com", "/", 0, CSPSource::NoWildcard, | |
688 CSPSource::NoWildcard}}, | |
689 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
690 {"https", "example.com", "/", 80, CSPSource::NoWildcard, | |
691 CSPSource::NoWildcard}, | |
692 {"https", "example.com", "/", 80, CSPSource::NoWildcard, | |
693 CSPSource::NoWildcard}}, | |
694 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
695 {"http", "example.com", "/page.html", 80, CSPSource::NoWildcard, | |
696 CSPSource::NoWildcard}, | |
697 {"https", "example.com", "/page.html", 80, CSPSource::NoWildcard, | |
698 CSPSource::NoWildcard}}, | |
699 // One source is a scheme only and the other has one or two wildcards. | |
700 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
701 {"http", "example.com", "/page.html", 80, CSPSource::HasWildcard, | |
702 CSPSource::NoWildcard}, | |
703 {"https", "example.com", "/page.html", 80, CSPSource::HasWildcard, | |
704 CSPSource::NoWildcard}}, | |
705 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
706 {"http", "example.com", "/page.html", 80, CSPSource::NoWildcard, | |
707 CSPSource::HasWildcard}, | |
708 {"https", "example.com", "/page.html", 80, CSPSource::NoWildcard, | |
709 CSPSource::HasWildcard}}, | |
710 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}, | |
711 {"http", "example.com", "/page.html", 80, CSPSource::HasWildcard, | |
712 CSPSource::HasWildcard}, | |
713 {"https", "example.com", "/page.html", 80, CSPSource::HasWildcard, | |
714 CSPSource::HasWildcard}}, | |
715 }; | |
716 | |
717 for (const auto& test : cases) { | |
718 CSPSource* A = | |
719 new CSPSource(csp.get(), test.a.scheme, test.a.host, test.a.port, | |
720 test.a.path, test.a.hostWildcard, test.a.portWildcard); | |
721 | |
722 CSPSource* B = | |
723 new CSPSource(csp.get(), test.b.scheme, test.b.host, test.b.port, | |
724 test.b.path, test.b.hostWildcard, test.b.portWildcard); | |
725 | |
726 CSPSource* normalized = A->intersect(B); | |
727 Source intersectAB = { | |
728 normalized->m_scheme, normalized->m_host, | |
729 normalized->m_path, normalized->m_port, | |
730 normalized->m_hostWildcard, normalized->m_portWildcard}; | |
731 EXPECT_TRUE(equalSources(intersectAB, test.normalized)); | |
732 | |
733 // Verify the same test with A and B swapped. The result should be | |
734 // identical. | |
735 normalized = B->intersect(A); | |
736 Source intersectBA = { | |
737 normalized->m_scheme, normalized->m_host, | |
738 normalized->m_path, normalized->m_port, | |
739 normalized->m_hostWildcard, normalized->m_portWildcard}; | |
740 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); | |
741 } | |
742 } | |
743 | |
543 } // namespace blink | 744 } // namespace blink |
OLD | NEW |