third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp - Issue 2562953002: Part 5.2: Is policy list subsumed under subsuming policy?

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp

Issue 2562953002: Part 5.2: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: More test cases, removing .get() on members Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/MediaListDirective.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/csp/CSPDirectiveList.h"	5 #include "core/frame/csp/CSPDirectiveList.h"

6	6

7 #include "core/frame/csp/ContentSecurityPolicy.h"	7 #include "core/frame/csp/ContentSecurityPolicy.h"

8 #include "core/frame/csp/SourceListDirective.h"	8 #include "core/frame/csp/SourceListDirective.h"

9 #include "platform/network/ContentSecurityPolicyParsers.h"	9 #include "platform/network/ContentSecurityPolicyParsers.h"

10 #include "platform/network/ResourceRequest.h"	10 #include "platform/network/ResourceRequest.h"

(...skipping 603 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce);	614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce);

615	615

616 HeapVector<Member<CSPDirectiveList>> listB;	616 HeapVector<Member<CSPDirectiveList>> listB;

617 for (const auto& policyB : test.policiesB)	617 for (const auto& policyB : test.policiesB)

618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce));	618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce));

619	619

620 EXPECT_EQ(test.expected, A->subsumes(listB));	620 EXPECT_EQ(test.expected, A->subsumes(listB));

621 }	621 }

622 }	622 }

623	623

	624 TEST_F(CSPDirectiveListTest, SubsumesPluginTypes) {

	625 struct TestCase {

	626 const char* policyA;

	627 const std::vector<const char*> policiesB;

	628 bool expected;

	629 } cases[] = {

	630 // `policyA` subsumes `policiesB`.

	631 {"script-src 'unsafe-inline'",

	632 {"script-src ", "script-src http://example.com",

	633 "plugin-types text/plain"},

	634 true},

	635 {"script-src http://example.com",

	636 {"script-src http://example.com; plugin-types "},

	637 true},

	638 {"script-src http://example.com",

	639 {"script-src http://example.com; plugin-types text/plain"},

	640 true},

	641 {"script-src http://example.com; plugin-types text/plain",

	642 {"script-src http://example.com; plugin-types text/plain"},

	643 true},

	644 {"script-src http://example.com; plugin-types text/plain",

	645 {"script-src http://example.com; plugin-types "},

	646 true},

	647 {"script-src http://example.com; plugin-types text/plain",

	648 {"script-src http://example.com; plugin-types ", "plugin-types "},

	649 true},

	650 {"plugin-types application/pdf text/plain",

	651 {"plugin-types application/pdf text/plain",

	652 "plugin-types application/x-blink-test-plugin"},

	653 true},

	654 {"plugin-types application/pdf text/plain",

	655 {"plugin-types application/pdf text/plain",

	656 "plugin-types application/pdf text/plain "

	657 "application/x-blink-test-plugin"},

	658 true},

	659 {"plugin-types application/x-shockwave-flash application/pdf text/plain",

	660 {"plugin-types application/x-shockwave-flash application/pdf text/plain",

	661 "plugin-types application/x-shockwave-flash"},

	662 true},

	663 {"plugin-types application/x-shockwave-flash",

	664 {"plugin-types application/x-shockwave-flash application/pdf text/plain",

	665 "plugin-types application/x-shockwave-flash"},

	666 true},
	amalika 2016/12/13 14:42:08 This is a test case of the example given: for `typ This is a test case of the example given: for `type/1 type/2 type/3` and `type/1`, the effective result should be subsumed. Mike West 2016/12/13 14:45:25 Great! Show quoted text On 2016/12/13 at 14:42:08, amalika wrote: > This is a test case of the example given: for `type/1 type/2 type/3` and `type/1`, the effective result should be subsumed. Great!
	667 // `policyA` does not subsume `policiesB`.

	668 {"script-src http://example.com; plugin-types text/plain",

	669 {"script-src http://example.com"},

	670 false},

	671 {"plugin-types random-value",

	672 {"script-src 'unsafe-inline'", "plugin-types text/plain"},

	673 false},

	674 {"plugin-types random-value",

	675 {"script-src http://example.com", "script-src http://example.com"},

	676 false},

	677 {"plugin-types random-value",

	678 {"plugin-types text/plain", "plugin-types text/plain"},

	679 false},

	680 {"script-src http://example.com; plugin-types text/plain",

	681 {"plugin-types ", "plugin-types "},

	682 false},

	683 {"plugin-types application/pdf text/plain",

	684 {"plugin-types application/x-blink-test-plugin",

	685 "plugin-types application/x-blink-test-plugin"},

	686 false},

	687 {"plugin-types application/pdf text/plain",

	688 {"plugin-types application/pdf application/x-blink-test-plugin",

	689 "plugin-types application/x-blink-test-plugin"},

	690 false},

	691 };

	692

	693 for (const auto& test : cases) {

	694 CSPDirectiveList* A =

	695 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce);

	696

	697 HeapVector<Member<CSPDirectiveList>> listB;

	698 for (const auto& policyB : test.policiesB)

	699 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce));

	700

	701 EXPECT_EQ(test.expected, A->subsumes(listB));

	702 }

	703 }

	704

624 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) {	705 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) {

625 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault };	706 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault };

626	707

627 struct TestCase {	708 struct TestCase {

628 ContentSecurityPolicy::DirectiveType directive;	709 ContentSecurityPolicy::DirectiveType directive;

629 const DefaultBehaviour type;	710 const DefaultBehaviour type;

630 } cases[] = {	711 } cases[] = {

631 // Directives with default directive.	712 // Directives with default directive.

632 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default},	713 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default},

633 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default},	714 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default},

(...skipping 223 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
857 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(),	938 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(),

858 udpatedTotal);	939 udpatedTotal);

859 EXPECT_EQ(CSPDirectiveList::getSourceVector(	940 EXPECT_EQ(CSPDirectiveList::getSourceVector(

860 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector)	941 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector)

861 .size(),	942 .size(),

862 expectedChildSrc);	943 expectedChildSrc);

863 }	944 }

864 }	945 }

865	946

866 } // namespace blink	947 } // namespace blink

OLD	NEW