third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp - Issue 2526473005: Part 4.1: Is policy list subsumed under subsuming policy?

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Issue 2526473005: Part 4.1: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/core/loader/DocumentLoader.cpp » ('j') | third_party/WebKit/Source/core/loader/DocumentLoader.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/csp/ContentSecurityPolicy.h"	5 #include "core/frame/csp/ContentSecurityPolicy.h"

6	6

7 #include "core/dom/Document.h"	7 #include "core/dom/Document.h"

8 #include "core/fetch/IntegrityMetadata.h"	8 #include "core/fetch/IntegrityMetadata.h"

9 #include "core/frame/csp/CSPDirectiveList.h"	9 #include "core/frame/csp/CSPDirectiveList.h"

10 #include "core/html/HTMLScriptElement.h"	10 #include "core/html/HTMLScriptElement.h"

(...skipping 893 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
904 response, secureOrigin.get()),	904 response, secureOrigin.get()),

905 test.inherits);	905 test.inherits);

906	906

907 response.setHTTPHeaderField(HTTPNames::Allow_CSP_From,	907 response.setHTTPHeaderField(HTTPNames::Allow_CSP_From,

908 AtomicString("https://example.test"));	908 AtomicString("https://example.test"));

909 EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(	909 EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(

910 response, secureOrigin.get()));	910 response, secureOrigin.get()));

911 }	911 }

912 }	912 }

913	913

	914 TEST_F(ContentSecurityPolicyTest, Subsumes) {
	amalika 2016/11/28 11:56:22 Since we test subsumption on other levels + layout Since we test subsumption on other levels + layout tests, this test mainly checks the ContentSecurityPolicyHeaderType and multiplicity of the returned CSP.
	915 ContentSecurityPolicy* other = ContentSecurityPolicy::create();

	916 EXPECT_TRUE(csp->subsumes(*other));

	917 EXPECT_TRUE(other->subsumes(*csp));

	918

	919 csp->didReceiveHeader("default-src http://example.com;",

	920 ContentSecurityPolicyHeaderTypeEnforce,

	921 ContentSecurityPolicyHeaderSourceHTTP);

	922 // If this CSP is not empty, the other must not be empty either.

	923 EXPECT_FALSE(csp->subsumes(*other));

	924 EXPECT_TRUE(other->subsumes(*csp));

	925

	926 // Report-only policies do not impact subsumption.

	927 other->didReceiveHeader("default-src http://example.com;",

	928 ContentSecurityPolicyHeaderTypeReport,

	929 ContentSecurityPolicyHeaderSourceHTTP);

	930 EXPECT_FALSE(csp->subsumes(*other));

	931

	932 // CSPDirectiveLists have to subsume.

	933 other->didReceiveHeader("default-src http://example.com https://another.com;",

	934 ContentSecurityPolicyHeaderTypeEnforce,

	935 ContentSecurityPolicyHeaderSourceHTTP);

	936 EXPECT_FALSE(csp->subsumes(*other));

	937

	938 // `other` is stricter than `this`.

	939 other->didReceiveHeader("default-src https://example.com;",

	940 ContentSecurityPolicyHeaderTypeEnforce,

	941 ContentSecurityPolicyHeaderSourceHTTP);

	942 EXPECT_TRUE(csp->subsumes(*other));

	943 }

	944

914 } // namespace blink	945 } // namespace blink

OLD	NEW