Part 2.3: Is policy list subsumed under subsuming policy?

third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/csp/SourceListDirective.h"
 
 #include "core/dom/Document.h"
 #include "core/frame/csp/CSPSource.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/network/ResourceRequest.h"
@@ skipping 211 matching lines @@
   EXPECT_TRUE(
       sourceList.allows(KURL(base, "https://example1.com/bar/"),
                         ResourceRequest::RedirectStatus::FollowedRedirect));
 
   EXPECT_FALSE(
       sourceList.allows(KURL(base, "http://example3.com/foo/"),
                         ResourceRequest::RedirectStatus::FollowedRedirect));
 }
 
 TEST_F(SourceListDirectiveTest, GetIntersectCSPSources) {
-  KURL base;
   String sources =
       "http://example1.com/foo/ http://*.example2.com/bar/ "
       "http://*.example3.com:*/bar/";
   SourceListDirective sourceList("script-src", sources, csp.get());
   struct TestCase {
     String sources;
     String expected;
   } cases[] = {
       {"http://example1.com/foo/ http://example2.com/bar/",
        "http://example1.com/foo/ http://example2.com/bar/"},
       // Normalizing schemes.
       {"https://example1.com/foo/ http://example2.com/bar/",
        "https://example1.com/foo/ http://example2.com/bar/"},
       {"https://example1.com/foo/ https://example2.com/bar/",
        "https://example1.com/foo/ https://example2.com/bar/"},
       {"https://example1.com/foo/ wss://example2.com/bar/",
        "https://example1.com/foo/"},
       // Normalizing hosts.
       {"http://*.example1.com/foo/ http://*.example2.com/bar/",
        "http://example1.com/foo/ http://*.example2.com/bar/"},
       {"http://*.example1.com/foo/ http://foo.example2.com/bar/",
        "http://example1.com/foo/ http://foo.example2.com/bar/"},
       // Normalizing ports.
-      {"http://example1.com:80/foo/ http://example2.com/bar/",
-       "http://example1.com:80/foo/ http://example2.com/bar/"},
+      {"http://example1.com/foo/ http://example2.com/bar/",
+       "http://example1.com/foo/ http://example2.com/bar/"},
       {"http://example1.com/foo/ http://example2.com:90/bar/",
        "http://example1.com/foo/"},
       {"http://example1.com:*/foo/ http://example2.com/bar/",
        "http://example1.com/foo/ http://example2.com/bar/"},
       {"http://*.example3.com:100/bar/ http://example1.com/foo/",
        "http://example1.com/foo/ http://*.example3.com:100/bar/"},
       // Normalizing paths.
       {"http://example1.com/ http://example2.com/",
        "http://example1.com/foo/ http://example2.com/bar/"},
       {"http://example1.com/foo/index.html http://example2.com/bar/",
@@ skipping 18 matching lines @@
                   normalized[i]->m_port,         normalized[i]->m_path,
                   normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard};
       Source b = {expected[i]->m_scheme,       expected[i]->m_host,
                   expected[i]->m_port,         expected[i]->m_path,
                   expected[i]->m_hostWildcard, expected[i]->m_portWildcard};
       EXPECT_TRUE(equalSources(a, b));
     }
   }
 }
 
+TEST_F(SourceListDirectiveTest, GetIntersectCSPSourcesSchemes) {
+  SourceListDirective listA("script-src",
+                            "http: http://example1.com/foo/ "
+                            "https://example1.com/foo/ "
+                            "http://example1.com/bar/page.html "
+                            "wss: ws://another.test/bar/",
+                            csp.get());
+  struct TestCase {
+    String sources;
+    String expected;
+    String expectedReversed;
+  } cases[] = {{"http:", "http:"},
+               {"https:", "https:"},
+               {"ws:", "wss: ws://another.test/bar/"},
+               {"wss:", "wss:"},
+               {"https: ws:", "wss: https: ws://another.test/bar/"},
+               {"https: http: wss:", "http: wss:"},
+               {"https: http: wss:", "http: wss:"},
+               {"https: http://another-example1.com/bar/",
+                "https: http://another-example1.com/bar/"},
+               {"http://*.example1.com/",
+                "http://*.example1.com/ http://example1.com/foo/ "
+                "https://example1.com/foo/ http://example1.com/bar/page.html"},
+               {"http://example1.com/foo/ https://example1.com/foo/",
+                "http://example1.com/foo/ https://example1.com/foo/ "
+                "http://example1.com/foo/ https://example1.com/foo/"},
+               {"https://example1.com/foo/ http://example1.com/foo/",
+                "https://example1.com/foo/ http://example1.com/foo/ "
+                "http://example1.com/foo/ https://example1.com/foo/"},
+               // If exaclty the same policy is specified, it is optimized.
+               {"http: http://example1.com/foo/ https://example1.com/foo/ "
+                "http://example1.com/bar/page.html wss: ws://another.test/bar/",
+                "http: wss: ws://another.test/bar/"}};
+
+  for (const auto& test : cases) {
+    SourceListDirective listB("script-src", test.sources, csp.get());
+    HeapVector<Member<CSPSource>> normalized =
+        listA.getIntersectCSPSources(listB.m_list);
+
+    SourceListDirective helperSourceList("script-src", test.expected,
+                                         csp.get());
+    HeapVector<Member<CSPSource>> expected = helperSourceList.m_list;
+    EXPECT_EQ(normalized.size(), expected.size());
+    for (size_t i = 0; i < expected.size(); i++) {
+      Source a = {expected[i]->m_scheme,       expected[i]->m_host,
+                  expected[i]->m_port,         expected[i]->m_path,
+                  expected[i]->m_hostWildcard, expected[i]->m_portWildcard};
+      Source b = {normalized[i]->m_scheme,       normalized[i]->m_host,
+                  normalized[i]->m_port,         normalized[i]->m_path,
+                  normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard};
+      EXPECT_TRUE(equalSources(a, b));
+    }
+  }
+}
+
 TEST_F(SourceListDirectiveTest, Subsumes) {
   KURL base;
   String requiredSources =
       "http://example1.com/foo/ http://*.example2.com/bar/ "
       "http://*.example3.com:*/bar/";
   SourceListDirective required("script-src", requiredSources, csp.get());
 
   struct TestCase {
     std::vector<String> sourcesVector;
     bool expected;
@@ skipping 71 matching lines @@
 
     // If required is empty, any returned should be subsumed by it.
     SourceListDirective requiredIsEmpty("script-src", "", csp.get());
     EXPECT_TRUE(
         requiredIsEmpty.subsumes(HeapVector<Member<SourceListDirective>>()));
     EXPECT_TRUE(requiredIsEmpty.subsumes(returned));
   }
 }
 
 }  // namespace blink