OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
222 EXPECT_TRUE( | 222 EXPECT_TRUE( |
223 sourceList.allows(KURL(base, "https://example1.com/bar/"), | 223 sourceList.allows(KURL(base, "https://example1.com/bar/"), |
224 ResourceRequest::RedirectStatus::FollowedRedirect)); | 224 ResourceRequest::RedirectStatus::FollowedRedirect)); |
225 | 225 |
226 EXPECT_FALSE( | 226 EXPECT_FALSE( |
227 sourceList.allows(KURL(base, "http://example3.com/foo/"), | 227 sourceList.allows(KURL(base, "http://example3.com/foo/"), |
228 ResourceRequest::RedirectStatus::FollowedRedirect)); | 228 ResourceRequest::RedirectStatus::FollowedRedirect)); |
229 } | 229 } |
230 | 230 |
231 TEST_F(SourceListDirectiveTest, GetIntersectCSPSources) { | 231 TEST_F(SourceListDirectiveTest, GetIntersectCSPSources) { |
232 KURL base; | |
233 String sources = | 232 String sources = |
234 "http://example1.com/foo/ http://*.example2.com/bar/ " | 233 "http://example1.com/foo/ http://*.example2.com/bar/ " |
235 "http://*.example3.com:*/bar/"; | 234 "http://*.example3.com:*/bar/"; |
236 SourceListDirective sourceList("script-src", sources, csp.get()); | 235 SourceListDirective sourceList("script-src", sources, csp.get()); |
237 struct TestCase { | 236 struct TestCase { |
238 String sources; | 237 String sources; |
239 String expected; | 238 String expected; |
240 } cases[] = { | 239 } cases[] = { |
241 {"http://example1.com/foo/ http://example2.com/bar/", | 240 {"http://example1.com/foo/ http://example2.com/bar/", |
242 "http://example1.com/foo/ http://example2.com/bar/"}, | 241 "http://example1.com/foo/ http://example2.com/bar/"}, |
243 // Normalizing schemes. | 242 // Normalizing schemes. |
244 {"https://example1.com/foo/ http://example2.com/bar/", | 243 {"https://example1.com/foo/ http://example2.com/bar/", |
245 "https://example1.com/foo/ http://example2.com/bar/"}, | 244 "https://example1.com/foo/ http://example2.com/bar/"}, |
246 {"https://example1.com/foo/ https://example2.com/bar/", | 245 {"https://example1.com/foo/ https://example2.com/bar/", |
247 "https://example1.com/foo/ https://example2.com/bar/"}, | 246 "https://example1.com/foo/ https://example2.com/bar/"}, |
248 {"https://example1.com/foo/ wss://example2.com/bar/", | 247 {"https://example1.com/foo/ wss://example2.com/bar/", |
249 "https://example1.com/foo/"}, | 248 "https://example1.com/foo/"}, |
250 // Normalizing hosts. | 249 // Normalizing hosts. |
251 {"http://*.example1.com/foo/ http://*.example2.com/bar/", | 250 {"http://*.example1.com/foo/ http://*.example2.com/bar/", |
252 "http://example1.com/foo/ http://*.example2.com/bar/"}, | 251 "http://example1.com/foo/ http://*.example2.com/bar/"}, |
253 {"http://*.example1.com/foo/ http://foo.example2.com/bar/", | 252 {"http://*.example1.com/foo/ http://foo.example2.com/bar/", |
254 "http://example1.com/foo/ http://foo.example2.com/bar/"}, | 253 "http://example1.com/foo/ http://foo.example2.com/bar/"}, |
255 // Normalizing ports. | 254 // Normalizing ports. |
256 {"http://example1.com:80/foo/ http://example2.com/bar/", | 255 {"http://example1.com/foo/ http://example2.com/bar/", |
257 "http://example1.com:80/foo/ http://example2.com/bar/"}, | 256 "http://example1.com/foo/ http://example2.com/bar/"}, |
258 {"http://example1.com/foo/ http://example2.com:90/bar/", | 257 {"http://example1.com/foo/ http://example2.com:90/bar/", |
259 "http://example1.com/foo/"}, | 258 "http://example1.com/foo/"}, |
260 {"http://example1.com:*/foo/ http://example2.com/bar/", | 259 {"http://example1.com:*/foo/ http://example2.com/bar/", |
261 "http://example1.com/foo/ http://example2.com/bar/"}, | 260 "http://example1.com/foo/ http://example2.com/bar/"}, |
262 {"http://*.example3.com:100/bar/ http://example1.com/foo/", | 261 {"http://*.example3.com:100/bar/ http://example1.com/foo/", |
263 "http://example1.com/foo/ http://*.example3.com:100/bar/"}, | 262 "http://example1.com/foo/ http://*.example3.com:100/bar/"}, |
264 // Normalizing paths. | 263 // Normalizing paths. |
265 {"http://example1.com/ http://example2.com/", | 264 {"http://example1.com/ http://example2.com/", |
266 "http://example1.com/foo/ http://example2.com/bar/"}, | 265 "http://example1.com/foo/ http://example2.com/bar/"}, |
267 {"http://example1.com/foo/index.html http://example2.com/bar/", | 266 {"http://example1.com/foo/index.html http://example2.com/bar/", |
(...skipping 18 matching lines...) Expand all Loading... |
286 normalized[i]->m_port, normalized[i]->m_path, | 285 normalized[i]->m_port, normalized[i]->m_path, |
287 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; | 286 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; |
288 Source b = {expected[i]->m_scheme, expected[i]->m_host, | 287 Source b = {expected[i]->m_scheme, expected[i]->m_host, |
289 expected[i]->m_port, expected[i]->m_path, | 288 expected[i]->m_port, expected[i]->m_path, |
290 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; | 289 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; |
291 EXPECT_TRUE(equalSources(a, b)); | 290 EXPECT_TRUE(equalSources(a, b)); |
292 } | 291 } |
293 } | 292 } |
294 } | 293 } |
295 | 294 |
| 295 TEST_F(SourceListDirectiveTest, GetIntersectCSPSourcesSchemes) { |
| 296 SourceListDirective listA("script-src", |
| 297 "http: http://example1.com/foo/ " |
| 298 "https://example1.com/foo/ " |
| 299 "http://example1.com/bar/page.html " |
| 300 "wss: ws://another.test/bar/", |
| 301 csp.get()); |
| 302 struct TestCase { |
| 303 String sources; |
| 304 String expected; |
| 305 String expectedReversed; |
| 306 } cases[] = {{"http:", "http:"}, |
| 307 {"https:", "https:"}, |
| 308 {"ws:", "wss: ws://another.test/bar/"}, |
| 309 {"wss:", "wss:"}, |
| 310 {"https: ws:", "wss: https: ws://another.test/bar/"}, |
| 311 {"https: http: wss:", "http: wss:"}, |
| 312 {"https: http: wss:", "http: wss:"}, |
| 313 {"https: http://another-example1.com/bar/", |
| 314 "https: http://another-example1.com/bar/"}, |
| 315 {"http://*.example1.com/", |
| 316 "http://*.example1.com/ http://example1.com/foo/ " |
| 317 "https://example1.com/foo/ http://example1.com/bar/page.html"}, |
| 318 {"http://example1.com/foo/ https://example1.com/foo/", |
| 319 "http://example1.com/foo/ https://example1.com/foo/ " |
| 320 "http://example1.com/foo/ https://example1.com/foo/"}, |
| 321 {"https://example1.com/foo/ http://example1.com/foo/", |
| 322 "https://example1.com/foo/ http://example1.com/foo/ " |
| 323 "http://example1.com/foo/ https://example1.com/foo/"}, |
| 324 // If exaclty the same policy is specified, it is optimized. |
| 325 {"http: http://example1.com/foo/ https://example1.com/foo/ " |
| 326 "http://example1.com/bar/page.html wss: ws://another.test/bar/", |
| 327 "http: wss: ws://another.test/bar/"}}; |
| 328 |
| 329 for (const auto& test : cases) { |
| 330 SourceListDirective listB("script-src", test.sources, csp.get()); |
| 331 HeapVector<Member<CSPSource>> normalized = |
| 332 listA.getIntersectCSPSources(listB.m_list); |
| 333 |
| 334 SourceListDirective helperSourceList("script-src", test.expected, |
| 335 csp.get()); |
| 336 HeapVector<Member<CSPSource>> expected = helperSourceList.m_list; |
| 337 EXPECT_EQ(normalized.size(), expected.size()); |
| 338 for (size_t i = 0; i < expected.size(); i++) { |
| 339 Source a = {expected[i]->m_scheme, expected[i]->m_host, |
| 340 expected[i]->m_port, expected[i]->m_path, |
| 341 expected[i]->m_hostWildcard, expected[i]->m_portWildcard}; |
| 342 Source b = {normalized[i]->m_scheme, normalized[i]->m_host, |
| 343 normalized[i]->m_port, normalized[i]->m_path, |
| 344 normalized[i]->m_hostWildcard, normalized[i]->m_portWildcard}; |
| 345 EXPECT_TRUE(equalSources(a, b)); |
| 346 } |
| 347 } |
| 348 } |
| 349 |
296 TEST_F(SourceListDirectiveTest, Subsumes) { | 350 TEST_F(SourceListDirectiveTest, Subsumes) { |
297 KURL base; | 351 KURL base; |
298 String requiredSources = | 352 String requiredSources = |
299 "http://example1.com/foo/ http://*.example2.com/bar/ " | 353 "http://example1.com/foo/ http://*.example2.com/bar/ " |
300 "http://*.example3.com:*/bar/"; | 354 "http://*.example3.com:*/bar/"; |
301 SourceListDirective required("script-src", requiredSources, csp.get()); | 355 SourceListDirective required("script-src", requiredSources, csp.get()); |
302 | 356 |
303 struct TestCase { | 357 struct TestCase { |
304 std::vector<String> sourcesVector; | 358 std::vector<String> sourcesVector; |
305 bool expected; | 359 bool expected; |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
377 | 431 |
378 // If required is empty, any returned should be subsumed by it. | 432 // If required is empty, any returned should be subsumed by it. |
379 SourceListDirective requiredIsEmpty("script-src", "", csp.get()); | 433 SourceListDirective requiredIsEmpty("script-src", "", csp.get()); |
380 EXPECT_TRUE( | 434 EXPECT_TRUE( |
381 requiredIsEmpty.subsumes(HeapVector<Member<SourceListDirective>>())); | 435 requiredIsEmpty.subsumes(HeapVector<Member<SourceListDirective>>())); |
382 EXPECT_TRUE(requiredIsEmpty.subsumes(returned)); | 436 EXPECT_TRUE(requiredIsEmpty.subsumes(returned)); |
383 } | 437 } |
384 } | 438 } |
385 | 439 |
386 } // namespace blink | 440 } // namespace blink |
OLD | NEW |