OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/frame/csp/ContentSecurityPolicy.h" | 7 #include "core/frame/csp/ContentSecurityPolicy.h" |
8 #include "core/frame/csp/SourceListDirective.h" | 8 #include "core/frame/csp/SourceListDirective.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | 614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); |
615 | 615 |
616 HeapVector<Member<CSPDirectiveList>> listB; | 616 HeapVector<Member<CSPDirectiveList>> listB; |
617 for (const auto& policyB : test.policiesB) | 617 for (const auto& policyB : test.policiesB) |
618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | 618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); |
619 | 619 |
620 EXPECT_EQ(test.expected, A->subsumes(listB)); | 620 EXPECT_EQ(test.expected, A->subsumes(listB)); |
621 } | 621 } |
622 } | 622 } |
623 | 623 |
624 TEST_F(CSPDirectiveListTest, SubsumesPluginTypes) { | |
amalika
2016/12/09 10:24:40
Subsumption of pluginTypes has been tested in Medi
| |
625 struct TestCase { | |
626 const char* policyA; | |
627 const std::vector<const char*> policiesB; | |
628 bool expected; | |
629 } cases[] = { | |
630 // `policyA` subsumes `policiesB`. | |
631 {"script-src 'unsafe-inline'", | |
632 {"script-src ", "script-src http://example.com", | |
633 "plugin-types text/plain"}, | |
634 true}, | |
635 {"script-src http://example.com", | |
636 {"script-src http://example.com; plugin-types "}, | |
637 true}, | |
638 {"script-src http://example.com", | |
639 {"script-src http://example.com; plugin-types text/plain"}, | |
640 true}, | |
641 {"script-src http://example.com; plugin-types text/plain", | |
642 {"script-src http://example.com; plugin-types text/plain"}, | |
643 true}, | |
644 {"script-src http://example.com; plugin-types text/plain", | |
645 {"script-src http://example.com; plugin-types "}, | |
646 true}, | |
647 {"script-src http://example.com; plugin-types text/plain", | |
648 {"script-src http://example.com; plugin-types ", "plugin-types "}, | |
649 true}, | |
650 // `policyA` does not subsume `policiesB`. | |
651 {"script-src http://example.com; plugin-types text/plain", | |
652 {"script-src http://example.com"}, | |
653 false}, | |
654 {"plugin-types random-value", | |
655 {"script-src 'unsafe-inline'", "plugin-types text/plain"}, | |
656 false}, | |
657 {"plugin-types random-value", | |
658 {"script-src http://example.com", "script-srcs http://example.com"}, | |
659 false}, | |
660 {"plugin-types random-value", | |
661 {"plugin-types text/plain", "plugin-types text/plain"}, | |
662 false}, | |
663 {"script-src http://example.com; plugin-types text/plain", | |
664 {"plugin-types ", "plugin-types "}, | |
665 false}, | |
666 }; | |
667 | |
668 for (const auto& test : cases) { | |
669 CSPDirectiveList* A = | |
670 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | |
671 | |
672 HeapVector<Member<CSPDirectiveList>> listB; | |
673 for (const auto& policyB : test.policiesB) | |
674 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | |
675 | |
676 EXPECT_EQ(test.expected, A->subsumes(listB)); | |
677 } | |
678 } | |
679 | |
624 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { | 680 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { |
625 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; | 681 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; |
626 | 682 |
627 struct TestCase { | 683 struct TestCase { |
628 ContentSecurityPolicy::DirectiveType directive; | 684 ContentSecurityPolicy::DirectiveType directive; |
629 const DefaultBehaviour type; | 685 const DefaultBehaviour type; |
630 } cases[] = { | 686 } cases[] = { |
631 // Directives with default directive. | 687 // Directives with default directive. |
632 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, | 688 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, |
633 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, | 689 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, |
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
857 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), | 913 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), |
858 udpatedTotal); | 914 udpatedTotal); |
859 EXPECT_EQ(CSPDirectiveList::getSourceVector( | 915 EXPECT_EQ(CSPDirectiveList::getSourceVector( |
860 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) | 916 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) |
861 .size(), | 917 .size(), |
862 expectedChildSrc); | 918 expectedChildSrc); |
863 } | 919 } |
864 } | 920 } |
865 | 921 |
866 } // namespace blink | 922 } // namespace blink |
OLD | NEW |