Chromium Code Reviews Chromium Code Reviews
Issue 2562953002:
Part 5.2: Is policy list subsumed under subsuming policy? (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/ContentSecurityPolicy.h" | 7 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 8 #include "core/frame/csp/SourceListDirective.h" | 8 #include "core/frame/csp/SourceListDirective.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
| (...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | 614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); |
| 615 | 615 |
| 616 HeapVector<Member<CSPDirectiveList>> listB; | 616 HeapVector<Member<CSPDirectiveList>> listB; |
| 617 for (const auto& policyB : test.policiesB) | 617 for (const auto& policyB : test.policiesB) |
| 618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | 618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); |
| 619 | 619 |
| 620 EXPECT_EQ(test.expected, A->subsumes(listB)); | 620 EXPECT_EQ(test.expected, A->subsumes(listB)); |
| 621 } | 621 } |
| 622 } | 622 } |
| 623 | 623 |
| 624 TEST_F(CSPDirectiveListTest, SubsumesPluginTypes) { | |
| 625 struct TestCase { | |
| 626 const char* policyA; | |
| 627 const std::vector<const char*> policiesB; | |
| 628 bool expected; | |
| 629 } cases[] = { | |
| 630 // `policyA` subsumes `policiesB`. | |
| 631 {"script-src 'unsafe-inline'", | |
| 632 {"script-src ", "script-src http://example.com", | |
| 633 "plugin-types text/plain"}, | |
| 634 true}, | |
| 635 {"script-src http://example.com", | |
| 636 {"script-src http://example.com; plugin-types "}, | |
| 637 true}, | |
| 638 {"script-src http://example.com", | |
| 639 {"script-src http://example.com; plugin-types text/plain"}, | |
| 640 true}, | |
| 641 {"script-src http://example.com; plugin-types text/plain", | |
| 642 {"script-src http://example.com; plugin-types text/plain"}, | |
| 643 true}, | |
| 644 {"script-src http://example.com; plugin-types text/plain", | |
| 645 {"script-src http://example.com; plugin-types "}, | |
| 646 true}, | |
| 647 {"script-src http://example.com; plugin-types text/plain", | |
| 648 {"script-src http://example.com; plugin-types ", "plugin-types "}, | |
| 649 true}, | |
| 650 // `policyA` does not subsume `policiesB`. | |
| 651 {"script-src http://example.com; plugin-types text/plain", | |
| 652 {"script-src http://example.com"}, | |
| 653 false}, | |
| 654 {"plugin-types random-value", | |
| 655 {"script-src 'unsafe-inline'", "plugin-types text/plain"}, | |
| 656 false}, | |
| 657 {"plugin-types random-value", | |
| 658 {"script-src http://example.com", "script-srcs http://example.com"}, | |
|
Mike West
2016/12/13 13:54:47
Is `script-srcs` intentional?
| |
| 659 false}, | |
| 660 {"plugin-types random-value", | |
| 661 {"plugin-types text/plain", "plugin-types text/plain"}, | |
| 662 false}, | |
| 663 {"script-src http://example.com; plugin-types text/plain", | |
| 664 {"plugin-types ", "plugin-types "}, | |
| 665 false}, | |
| 666 }; | |
| 667 | |
| 668 for (const auto& test : cases) { | |
| 669 CSPDirectiveList* A = | |
| 670 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | |
| 671 | |
| 672 HeapVector<Member<CSPDirectiveList>> listB; | |
| 673 for (const auto& policyB : test.policiesB) | |
| 674 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | |
| 675 | |
| 676 EXPECT_EQ(test.expected, A->subsumes(listB)); | |
| 677 } | |
| 678 } | |
| 679 | |
| 624 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { | 680 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { |
| 625 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; | 681 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; |
| 626 | 682 |
| 627 struct TestCase { | 683 struct TestCase { |
| 628 ContentSecurityPolicy::DirectiveType directive; | 684 ContentSecurityPolicy::DirectiveType directive; |
| 629 const DefaultBehaviour type; | 685 const DefaultBehaviour type; |
| 630 } cases[] = { | 686 } cases[] = { |
| 631 // Directives with default directive. | 687 // Directives with default directive. |
| 632 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, | 688 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, |
| 633 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, | 689 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 857 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), | 913 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), |
| 858 udpatedTotal); | 914 udpatedTotal); |
| 859 EXPECT_EQ(CSPDirectiveList::getSourceVector( | 915 EXPECT_EQ(CSPDirectiveList::getSourceVector( |
| 860 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) | 916 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) |
| 861 .size(), | 917 .size(), |
| 862 expectedChildSrc); | 918 expectedChildSrc); |
| 863 } | 919 } |
| 864 } | 920 } |
| 865 | 921 |
| 866 } // namespace blink | 922 } // namespace blink |
| OLD | NEW |
