third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp - Issue 2487983003: Part 2.3: Is policy list subsumed under subsuming policy?

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Issue 2487983003: Part 2.3: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: Addressing comments Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/csp/CSPSource.h"	5 #include "core/frame/csp/CSPSource.h"

6	6

7 #include "core/dom/Document.h"	7 #include "core/dom/Document.h"

8 #include "core/frame/csp/ContentSecurityPolicy.h"	8 #include "core/frame/csp/ContentSecurityPolicy.h"

9 #include "platform/network/ResourceRequest.h"	9 #include "platform/network/ResourceRequest.h"

10 #include "platform/weborigin/KURL.h"	10 #include "platform/weborigin/KURL.h"

11 #include "platform/weborigin/SecurityOrigin.h"	11 #include "platform/weborigin/SecurityOrigin.h"

12 #include "testing/gtest/include/gtest/gtest.h"	12 #include "testing/gtest/include/gtest/gtest.h"

13	13

14 namespace blink {	14 namespace blink {

15	15

16 class CSPSourceTest : public ::testing::Test {	16 class CSPSourceTest : public ::testing::Test {

17 public:	17 public:

18 CSPSourceTest() : csp(ContentSecurityPolicy::create()) {}	18 CSPSourceTest() : csp(ContentSecurityPolicy::create()) {}

19	19

20 protected:	20 protected:

21 Persistent<ContentSecurityPolicy> csp;	21 Persistent<ContentSecurityPolicy> csp;

	22 struct Source {

	23 String scheme;

	24 String host;

	25 String path;

	26 const int port;
	Mike West 2016/11/24 14:00:54 Nit: Can you add a comment about the meaning of `0 Nit: Can you add a comment about the meaning of `0`? amalika 2016/11/24 14:50:33 Added! Show quoted text On 2016/11/24 at 14:00:54, Mike West (slow) wrote: > Nit: Can you add a comment about the meaning of `0`? Added!
	27 CSPSource::WildcardDisposition hostWildcard;

	28 CSPSource::WildcardDisposition portWildcard;

	29 };

	30

	31 bool equalSources(const Source& a, const Source& b) {

	32 return a.scheme == b.scheme && a.host == b.host && a.port == b.port &&

	33 a.path == b.path && a.hostWildcard == b.hostWildcard &&

	34 a.portWildcard == b.portWildcard;

	35 }

22 };	36 };

23	37

24 TEST_F(CSPSourceTest, BasicMatching) {	38 TEST_F(CSPSourceTest, BasicMatching) {

25 KURL base;	39 KURL base;

26 CSPSource source(csp.get(), "http", "example.com", 8000, "/foo/",	40 CSPSource source(csp.get(), "http", "example.com", 8000, "/foo/",

27 CSPSource::NoWildcard, CSPSource::NoWildcard);	41 CSPSource::NoWildcard, CSPSource::NoWildcard);

28	42

29 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/")));	43 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/")));

30 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/bar")));	44 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/bar")));

31 EXPECT_TRUE(source.matches(KURL(base, "HTTP://EXAMPLE.com:8000/foo/BAR")));	45 EXPECT_TRUE(source.matches(KURL(base, "HTTP://EXAMPLE.com:8000/foo/BAR")));

(...skipping 501 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
533 listB.append(httpsOnly);	547 listB.append(httpsOnly);

534 EXPECT_FALSE(CSPSource::firstSubsumesSecond(listA, listB));	548 EXPECT_FALSE(CSPSource::firstSubsumesSecond(listA, listB));

535	549

536 // If we add a scheme-source expression of 'http' to `listA`, then it should	550 // If we add a scheme-source expression of 'http' to `listA`, then it should

537 // subsume all current epxression in `listB`.	551 // subsume all current epxression in `listB`.

538 listA.append(httpOnly);	552 listA.append(httpOnly);

539 EXPECT_TRUE(CSPSource::firstSubsumesSecond(listA, listB));	553 EXPECT_TRUE(CSPSource::firstSubsumesSecond(listA, listB));

540 }	554 }

541 }	555 }

542	556

	557 TEST_F(CSPSourceTest, Intersect) {

	558 struct TestCase {

	559 const Source a;

	560 const Source b;

	561 const Source normalized;

	562 } cases[] = {

	563 {{"http", "example.com", "/", 0, CSPSource::NoWildcard,

	564 CSPSource::NoWildcard},

	565 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	566 CSPSource::NoWildcard},

	567 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	568 CSPSource::NoWildcard}},

	569 {{"ws", "example.com", "/", 0, CSPSource::NoWildcard,

	570 CSPSource::NoWildcard},

	571 {"wss", "example.com", "/", 0, CSPSource::NoWildcard,

	572 CSPSource::NoWildcard},

	573 {"wss", "example.com", "/", 0, CSPSource::NoWildcard,

	574 CSPSource::NoWildcard}},

	575 // Wildcards

	576 {{"http", "example.com", "/", 0, CSPSource::HasWildcard,

	577 CSPSource::NoWildcard},

	578 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	579 CSPSource::NoWildcard},

	580 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	581 CSPSource::NoWildcard}},

	582 {{"http", "example.com", "/", 0, CSPSource::HasWildcard,

	583 CSPSource::HasWildcard},

	584 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	585 CSPSource::NoWildcard},

	586 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	587 CSPSource::NoWildcard}},

	588 {{"http", "example.com", "/", 0, CSPSource::HasWildcard,

	589 CSPSource::NoWildcard},

	590 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	591 CSPSource::HasWildcard},

	592 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	593 CSPSource::NoWildcard}},

	594 // Ports

	595 {{"http", "example.com", "/", 80, CSPSource::NoWildcard,

	596 CSPSource::NoWildcard},

	597 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	598 CSPSource::NoWildcard},

	599 {"http", "example.com", "/", 80, CSPSource::NoWildcard,

	600 CSPSource::NoWildcard}},

	601 // Paths

	602 {{"http", "example.com", "/", 0, CSPSource::NoWildcard,

	603 CSPSource::NoWildcard},

	604 {"http", "example.com", "/1.html", 0, CSPSource::NoWildcard,

	605 CSPSource::NoWildcard},

	606 {"http", "example.com", "/1.html", 0, CSPSource::NoWildcard,

	607 CSPSource::NoWildcard}},

	608 {{"http", "example.com", "/", 0, CSPSource::NoWildcard,

	609 CSPSource::NoWildcard},

	610 {"http", "example.com", "", 0, CSPSource::NoWildcard,

	611 CSPSource::NoWildcard},

	612 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	613 CSPSource::NoWildcard}},

	614 {{"http", "example.com", "/", 0, CSPSource::NoWildcard,

	615 CSPSource::NoWildcard},

	616 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard,

	617 CSPSource::NoWildcard},

	618 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard,

	619 CSPSource::NoWildcard}},

	620 {{"http", "example.com", "/a/", 0, CSPSource::NoWildcard,

	621 CSPSource::NoWildcard},

	622 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard,

	623 CSPSource::NoWildcard},

	624 {"http", "example.com", "/a/b/", 0, CSPSource::NoWildcard,

	625 CSPSource::NoWildcard}},

	626 {{"http", "example.com", "/a/", 0, CSPSource::NoWildcard,

	627 CSPSource::NoWildcard},

	628 {"http", "example.com", "/a/b/1.html", 0, CSPSource::NoWildcard,

	629 CSPSource::NoWildcard},

	630 {"http", "example.com", "/a/b/1.html", 0, CSPSource::NoWildcard,

	631 CSPSource::NoWildcard}},

	632 // Mixed

	633 {{"http", "example.com", "/1.html", 0, CSPSource::NoWildcard,

	634 CSPSource::NoWildcard},

	635 {"http", "example.com", "/", 80, CSPSource::NoWildcard,

	636 CSPSource::NoWildcard},

	637 {"http", "example.com", "/1.html", 80, CSPSource::NoWildcard,

	638 CSPSource::NoWildcard}},

	639 };

	640

	641 for (const auto& test : cases) {

	642 CSPSource* A =

	643 new CSPSource(csp.get(), test.a.scheme, test.a.host, test.a.port,

	644 test.a.path, test.a.hostWildcard, test.a.portWildcard);

	645 CSPSource* B =

	646 new CSPSource(csp.get(), test.b.scheme, test.b.host, test.b.port,

	647 test.b.path, test.b.hostWildcard, test.b.portWildcard);

	648

	649 CSPSource* normalized = A->intersect(B);

	650 Source intersectAB = {

	651 normalized->m_scheme, normalized->m_host,

	652 normalized->m_path, normalized->m_port,

	653 normalized->m_hostWildcard, normalized->m_portWildcard};

	654 EXPECT_TRUE(equalSources(intersectAB, test.normalized));

	655

	656 // Verify the same test with A and B swapped. The result should be

	657 // identical.

	658 normalized = B->intersect(A);

	659 Source intersectBA = {

	660 normalized->m_scheme, normalized->m_host,

	661 normalized->m_path, normalized->m_port,

	662 normalized->m_hostWildcard, normalized->m_portWildcard};

	663 EXPECT_TRUE(equalSources(intersectBA, test.normalized));

	664 }

	665 }

	666

	667 TEST_F(CSPSourceTest, IntersectSchemesOnly) {

	668 struct TestCase {

	669 const Source a;

	670 const Source b;

	671 const Source normalized;

	672 } cases[] = {

	673 // Both sources are schemes only.

	674 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	675 {"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	676 {"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}},

	677 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	678 {"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	679 {"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}},

	680 {{"ws", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	681 {"wss", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	682 {"wss", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard}},

	683 // One source is a scheme only and the other one has no wildcards.

	684 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	685 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	686 CSPSource::NoWildcard},

	687 {"http", "example.com", "/", 0, CSPSource::NoWildcard,

	688 CSPSource::NoWildcard}},

	689 {{"http", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	690 {"https", "example.com", "/", 80, CSPSource::NoWildcard,

	691 CSPSource::NoWildcard},

	692 {"https", "example.com", "/", 80, CSPSource::NoWildcard,

	693 CSPSource::NoWildcard}},

	694 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	695 {"http", "example.com", "/page.html", 80, CSPSource::NoWildcard,

	696 CSPSource::NoWildcard},

	697 {"https", "example.com", "/page.html", 80, CSPSource::NoWildcard,

	698 CSPSource::NoWildcard}},

	699 // One source is a scheme only and the other has one or two wildcards.

	700 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	701 {"http", "example.com", "/page.html", 80, CSPSource::HasWildcard,

	702 CSPSource::NoWildcard},

	703 {"https", "example.com", "/page.html", 80, CSPSource::HasWildcard,

	704 CSPSource::NoWildcard}},

	705 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	706 {"http", "example.com", "/page.html", 80, CSPSource::NoWildcard,

	707 CSPSource::HasWildcard},

	708 {"https", "example.com", "/page.html", 80, CSPSource::NoWildcard,

	709 CSPSource::HasWildcard}},

	710 {{"https", "", "", 0, CSPSource::NoWildcard, CSPSource::NoWildcard},

	711 {"http", "example.com", "/page.html", 80, CSPSource::HasWildcard,

	712 CSPSource::HasWildcard},

	713 {"https", "example.com", "/page.html", 80, CSPSource::HasWildcard,

	714 CSPSource::HasWildcard}},

	715 };

	716

	717 for (const auto& test : cases) {

	718 CSPSource* A =

	719 new CSPSource(csp.get(), test.a.scheme, test.a.host, test.a.port,

	720 test.a.path, test.a.hostWildcard, test.a.portWildcard);

	721

	722 CSPSource* B =

	723 new CSPSource(csp.get(), test.b.scheme, test.b.host, test.b.port,

	724 test.b.path, test.b.hostWildcard, test.b.portWildcard);

	725

	726 CSPSource* normalized = A->intersect(B);

	727 Source intersectAB = {

	728 normalized->m_scheme, normalized->m_host,

	729 normalized->m_path, normalized->m_port,

	730 normalized->m_hostWildcard, normalized->m_portWildcard};

	731 EXPECT_TRUE(equalSources(intersectAB, test.normalized));

	732

	733 // Verify the same test with A and B swapped. The result should be

	734 // identical.

	735 normalized = B->intersect(A);

	736 Source intersectBA = {

	737 normalized->m_scheme, normalized->m_host,

	738 normalized->m_path, normalized->m_port,

	739 normalized->m_hostWildcard, normalized->m_portWildcard};

	740 EXPECT_TRUE(equalSources(intersectBA, test.normalized));

	741 }

	742 }

	743

543 } // namespace blink	744 } // namespace blink

OLD	NEW