OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/frame/csp/ContentSecurityPolicy.h" | 7 #include "core/frame/csp/ContentSecurityPolicy.h" |
8 #include "core/frame/csp/SourceListDirective.h" | 8 #include "core/frame/csp/SourceListDirective.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | 614 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); |
615 | 615 |
616 HeapVector<Member<CSPDirectiveList>> listB; | 616 HeapVector<Member<CSPDirectiveList>> listB; |
617 for (const auto& policyB : test.policiesB) | 617 for (const auto& policyB : test.policiesB) |
618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | 618 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); |
619 | 619 |
620 EXPECT_EQ(test.expected, A->subsumes(listB)); | 620 EXPECT_EQ(test.expected, A->subsumes(listB)); |
621 } | 621 } |
622 } | 622 } |
623 | 623 |
624 TEST_F(CSPDirectiveListTest, SubsumesPluginTypes) { | |
625 struct TestCase { | |
626 const char* policyA; | |
627 const std::vector<const char*> policiesB; | |
628 bool expected; | |
629 } cases[] = { | |
630 // `policyA` subsumes `policiesB`. | |
631 {"script-src 'unsafe-inline'", | |
632 {"script-src ", "script-src http://example.com", | |
633 "plugin-types text/plain"}, | |
634 true}, | |
635 {"script-src http://example.com", | |
636 {"script-src http://example.com; plugin-types "}, | |
637 true}, | |
638 {"script-src http://example.com", | |
639 {"script-src http://example.com; plugin-types text/plain"}, | |
640 true}, | |
641 {"script-src http://example.com; plugin-types text/plain", | |
642 {"script-src http://example.com; plugin-types text/plain"}, | |
643 true}, | |
644 {"script-src http://example.com; plugin-types text/plain", | |
645 {"script-src http://example.com; plugin-types "}, | |
646 true}, | |
647 {"script-src http://example.com; plugin-types text/plain", | |
648 {"script-src http://example.com; plugin-types ", "plugin-types "}, | |
649 true}, | |
650 {"plugin-types application/pdf text/plain", | |
651 {"plugin-types application/pdf text/plain", | |
652 "plugin-types application/x-blink-test-plugin"}, | |
653 true}, | |
654 {"plugin-types application/pdf text/plain", | |
655 {"plugin-types application/pdf text/plain", | |
656 "plugin-types application/pdf text/plain " | |
657 "application/x-blink-test-plugin"}, | |
658 true}, | |
659 {"plugin-types application/x-shockwave-flash application/pdf text/plain", | |
660 {"plugin-types application/x-shockwave-flash application/pdf text/plain", | |
661 "plugin-types application/x-shockwave-flash"}, | |
662 true}, | |
663 {"plugin-types application/x-shockwave-flash", | |
664 {"plugin-types application/x-shockwave-flash application/pdf text/plain", | |
665 "plugin-types application/x-shockwave-flash"}, | |
666 true}, | |
amalika
2016/12/13 14:42:08
This is a test case of the example given: for `typ
Mike West
2016/12/13 14:45:25
Great!
| |
667 // `policyA` does not subsume `policiesB`. | |
668 {"script-src http://example.com; plugin-types text/plain", | |
669 {"script-src http://example.com"}, | |
670 false}, | |
671 {"plugin-types random-value", | |
672 {"script-src 'unsafe-inline'", "plugin-types text/plain"}, | |
673 false}, | |
674 {"plugin-types random-value", | |
675 {"script-src http://example.com", "script-src http://example.com"}, | |
676 false}, | |
677 {"plugin-types random-value", | |
678 {"plugin-types text/plain", "plugin-types text/plain"}, | |
679 false}, | |
680 {"script-src http://example.com; plugin-types text/plain", | |
681 {"plugin-types ", "plugin-types "}, | |
682 false}, | |
683 {"plugin-types application/pdf text/plain", | |
684 {"plugin-types application/x-blink-test-plugin", | |
685 "plugin-types application/x-blink-test-plugin"}, | |
686 false}, | |
687 {"plugin-types application/pdf text/plain", | |
688 {"plugin-types application/pdf application/x-blink-test-plugin", | |
689 "plugin-types application/x-blink-test-plugin"}, | |
690 false}, | |
691 }; | |
692 | |
693 for (const auto& test : cases) { | |
694 CSPDirectiveList* A = | |
695 createList(test.policyA, ContentSecurityPolicyHeaderTypeEnforce); | |
696 | |
697 HeapVector<Member<CSPDirectiveList>> listB; | |
698 for (const auto& policyB : test.policiesB) | |
699 listB.append(createList(policyB, ContentSecurityPolicyHeaderTypeEnforce)); | |
700 | |
701 EXPECT_EQ(test.expected, A->subsumes(listB)); | |
702 } | |
703 } | |
704 | |
624 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { | 705 TEST_F(CSPDirectiveListTest, OperativeDirectiveGivenType) { |
625 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; | 706 enum DefaultBehaviour { Default, NoDefault, ChildAndDefault }; |
626 | 707 |
627 struct TestCase { | 708 struct TestCase { |
628 ContentSecurityPolicy::DirectiveType directive; | 709 ContentSecurityPolicy::DirectiveType directive; |
629 const DefaultBehaviour type; | 710 const DefaultBehaviour type; |
630 } cases[] = { | 711 } cases[] = { |
631 // Directives with default directive. | 712 // Directives with default directive. |
632 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, | 713 {ContentSecurityPolicy::DirectiveType::ChildSrc, Default}, |
633 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, | 714 {ContentSecurityPolicy::DirectiveType::ConnectSrc, Default}, |
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
857 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), | 938 CSPDirectiveList::getSourceVector(test.directive, policyVector).size(), |
858 udpatedTotal); | 939 udpatedTotal); |
859 EXPECT_EQ(CSPDirectiveList::getSourceVector( | 940 EXPECT_EQ(CSPDirectiveList::getSourceVector( |
860 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) | 941 ContentSecurityPolicy::DirectiveType::ChildSrc, policyVector) |
861 .size(), | 942 .size(), |
862 expectedChildSrc); | 943 expectedChildSrc); |
863 } | 944 } |
864 } | 945 } |
865 | 946 |
866 } // namespace blink | 947 } // namespace blink |
OLD | NEW |