OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/ContentSecurityPolicy.h" | 5 #include "core/frame/csp/ContentSecurityPolicy.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/fetch/IntegrityMetadata.h" | 8 #include "core/fetch/IntegrityMetadata.h" |
9 #include "core/frame/csp/CSPDirectiveList.h" | 9 #include "core/frame/csp/CSPDirectiveList.h" |
10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
(...skipping 940 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
951 ContentSecurityPolicy::getDirectiveName(test.type); | 951 ContentSecurityPolicy::getDirectiveName(test.type); |
952 ContentSecurityPolicy::DirectiveType typeFromName = | 952 ContentSecurityPolicy::DirectiveType typeFromName = |
953 ContentSecurityPolicy::getDirectiveType(test.name); | 953 ContentSecurityPolicy::getDirectiveType(test.name); |
954 EXPECT_EQ(nameFromType, test.name); | 954 EXPECT_EQ(nameFromType, test.name); |
955 EXPECT_EQ(typeFromName, test.type); | 955 EXPECT_EQ(typeFromName, test.type); |
956 EXPECT_EQ(test.type, ContentSecurityPolicy::getDirectiveType(nameFromType)); | 956 EXPECT_EQ(test.type, ContentSecurityPolicy::getDirectiveType(nameFromType)); |
957 EXPECT_EQ(test.name, ContentSecurityPolicy::getDirectiveName(typeFromName)); | 957 EXPECT_EQ(test.name, ContentSecurityPolicy::getDirectiveName(typeFromName)); |
958 } | 958 } |
959 } | 959 } |
960 | 960 |
| 961 TEST_F(ContentSecurityPolicyTest, Subsumes) { |
| 962 ContentSecurityPolicy* other = ContentSecurityPolicy::create(); |
| 963 EXPECT_TRUE(csp->subsumes(*other)); |
| 964 EXPECT_TRUE(other->subsumes(*csp)); |
| 965 |
| 966 csp->didReceiveHeader("default-src http://example.com;", |
| 967 ContentSecurityPolicyHeaderTypeEnforce, |
| 968 ContentSecurityPolicyHeaderSourceHTTP); |
| 969 // If this CSP is not empty, the other must not be empty either. |
| 970 EXPECT_FALSE(csp->subsumes(*other)); |
| 971 EXPECT_TRUE(other->subsumes(*csp)); |
| 972 |
| 973 // Report-only policies do not impact subsumption. |
| 974 other->didReceiveHeader("default-src http://example.com;", |
| 975 ContentSecurityPolicyHeaderTypeReport, |
| 976 ContentSecurityPolicyHeaderSourceHTTP); |
| 977 EXPECT_FALSE(csp->subsumes(*other)); |
| 978 |
| 979 // CSPDirectiveLists have to subsume. |
| 980 other->didReceiveHeader("default-src http://example.com https://another.com;", |
| 981 ContentSecurityPolicyHeaderTypeEnforce, |
| 982 ContentSecurityPolicyHeaderSourceHTTP); |
| 983 EXPECT_FALSE(csp->subsumes(*other)); |
| 984 |
| 985 // `other` is stricter than `this`. |
| 986 other->didReceiveHeader("default-src https://example.com;", |
| 987 ContentSecurityPolicyHeaderTypeEnforce, |
| 988 ContentSecurityPolicyHeaderSourceHTTP); |
| 989 EXPECT_TRUE(csp->subsumes(*other)); |
| 990 } |
| 991 |
961 } // namespace blink | 992 } // namespace blink |
OLD | NEW |