Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp

Issue 2538623003: Part 3.4: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Removing strict-dynamic from consideration Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/frame/csp/SourceListDirective.h" 5 #include "core/frame/csp/SourceListDirective.h"
6 6
7 #include "core/dom/Document.h" 7 #include "core/dom/Document.h"
8 #include "core/frame/csp/CSPSource.h" 8 #include "core/frame/csp/CSPSource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "platform/network/ResourceRequest.h" 10 #include "platform/network/ResourceRequest.h"
(...skipping 712 matching lines...) Expand 10 before | Expand all | Expand 10 after
723 for (const auto& sources : test.sourcesB) { 723 for (const auto& sources : test.sourcesB) {
724 SourceListDirective* member = new SourceListDirective( 724 SourceListDirective* member = new SourceListDirective(
725 test.isScriptSrc ? "script-src" : "style-src", sources, cspB); 725 test.isScriptSrc ? "script-src" : "style-src", sources, cspB);
726 vectorB.append(member); 726 vectorB.append(member);
727 } 727 }
728 728
729 EXPECT_EQ(A.subsumes(vectorB), test.expected); 729 EXPECT_EQ(A.subsumes(vectorB), test.expected);
730 } 730 }
731 } 731 }
732 732
733 TEST_F(SourceListDirectiveTest, SubsumesUnsafeAttributes) {
734 struct TestCase {
735 bool isScriptSrc;
736 String sourcesA;
737 std::vector<String> sourcesB;
738 bool expected;
739 } cases[] = {
740 // A or policiesB contain `unsafe-eval`.
741 {false,
742 "http://example1.com/foo/ 'self' 'unsafe-inline' 'strict-dynamic' "
743 "'unsafe-eval'",
744 {"http://example1.com/foo/bar.html 'unsafe-eval'"},
745 true},
746 {true,
747 "http://example1.com/foo/ 'self' 'unsafe-eval'",
748 {"http://example1.com/foo/ 'unsafe-inline'"},
749 false},
750 {true,
751 "http://example1.com/foo/ 'self' 'unsafe-eval'",
752 {"http://example1.com/foo/ 'unsafe-inline' 'unsafe-eval'"},
753 false},
754 {true,
755 "http://example1.com/foo/ 'self' 'unsafe-eval'",
756 {"http://example1.com/foo/ 'unsafe-eval'",
757 "http://example1.com/foo/bar 'self' unsafe-eval'",
758 "http://non-example.com/foo/ 'unsafe-eval' 'self'"},
759 true},
760 {true,
761 "http://example1.com/foo/ 'self'",
762 {"http://example1.com/foo/ 'unsafe-eval'"},
763 false},
764 {true,
765 "http://example1.com/foo/ 'self' 'unsafe-inline'",
766 {"http://example1.com/foo/ 'unsafe-eval'",
767 "http://example1.com/foo/bar 'self' 'unsafe-eval'",
768 "http://non-example.com/foo/ 'unsafe-eval' 'self'"},
769 false},
770 // A or policiesB contain `unsafe-hashed-attributes`.
771 {false,
772 "http://example1.com/foo/ 'self' 'unsafe-inline' 'unsafe-eval' "
773 "'strict-dynamic' "
774 "'unsafe-hashed-attributes'",
775 {"http://example1.com/foo/bar.html 'unsafe-hashed-attributes'"},
776 true},
777 {true,
778 "http://example1.com/foo/ 'self' 'unsafe-hashed-attributes'",
779 {"http://example1.com/foo/ 'unsafe-inline'"},
780 false},
781 {true,
782 "http://example1.com/foo/ 'self' 'unsafe-hashed-attributes'",
783 {"http://example1.com/foo/ 'unsafe-inline' 'unsafe-hashed-attributes'"},
784 false},
785 {true,
786 "http://example1.com/foo/ 'self' 'unsafe-eval' "
787 "'unsafe-hashed-attributes'",
788 {"http://example1.com/foo/ 'unsafe-eval' 'unsafe-hashed-attributes'",
789 "http://example1.com/foo/bar 'self' 'unsafe-hashed-attributes'",
790 "http://non-example.com/foo/ 'unsafe-hashed-attributes' 'self'"},
791 true},
792 {true,
793 "http://example1.com/foo/ 'self'",
794 {"http://example1.com/foo/ 'unsafe-hashed-attributes'"},
795 false},
796 {true,
797 "http://example1.com/foo/ 'self' 'unsafe-inline'",
798 {"http://example1.com/foo/ 'unsafe-hashed-attributes'",
799 "http://example1.com/foo/bar 'self' 'unsafe-hashed-attributes'",
800 "https://example1.com/foo/bar 'unsafe-hashed-attributes' 'self'"},
801 false},
802 };
803
804 ContentSecurityPolicy* cspB =
805 SetUpWithOrigin("https://another.test/image.png");
806
807 for (const auto& test : cases) {
808 SourceListDirective A(test.isScriptSrc ? "script-src" : "style-src",
809 test.sourcesA, csp.get());
810
811 HeapVector<Member<SourceListDirective>> vectorB;
812 for (const auto& sources : test.sourcesB) {
813 SourceListDirective* member = new SourceListDirective(
814 test.isScriptSrc ? "script-src" : "style-src", sources, cspB);
815 vectorB.append(member);
816 }
817
818 EXPECT_EQ(A.subsumes(vectorB), test.expected);
819 }
820 }
821
733 } // namespace blink 822 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698