Chromium Code Reviews Chromium Code Reviews
Issue 2563843002:
Restrict app sandbox's CSP to disallow loading web content in them. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 | 6 |
| 7 #include "base/strings/string_split.h" | |
| 7 #include "extensions/common/csp_validator.h" | 8 #include "extensions/common/csp_validator.h" |
| 8 #include "extensions/common/error_utils.h" | 9 #include "extensions/common/error_utils.h" |
| 9 #include "extensions/common/install_warning.h" | 10 #include "extensions/common/install_warning.h" |
| 10 #include "extensions/common/manifest_constants.h" | 11 #include "extensions/common/manifest_constants.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
| 12 | 13 |
| 13 using extensions::csp_validator::ContentSecurityPolicyIsLegal; | 14 using extensions::csp_validator::ContentSecurityPolicyIsLegal; |
| 15 using extensions::csp_validator::GetEffectiveSandoxedPageCSP; | |
| 14 using extensions::csp_validator::SanitizeContentSecurityPolicy; | 16 using extensions::csp_validator::SanitizeContentSecurityPolicy; |
| 15 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; | 17 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; |
| 16 using extensions::csp_validator::OPTIONS_NONE; | 18 using extensions::csp_validator::OPTIONS_NONE; |
| 17 using extensions::csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL; | 19 using extensions::csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL; |
| 18 using extensions::csp_validator::OPTIONS_ALLOW_INSECURE_OBJECT_SRC; | 20 using extensions::csp_validator::OPTIONS_ALLOW_INSECURE_OBJECT_SRC; |
| 19 using extensions::ErrorUtils; | 21 using extensions::ErrorUtils; |
| 20 using extensions::InstallWarning; | 22 using extensions::InstallWarning; |
| 21 using extensions::Manifest; | 23 using extensions::Manifest; |
| 22 | 24 |
| 23 namespace { | 25 namespace { |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 102 const std::string& expected_csp, | 104 const std::string& expected_csp, |
| 103 const std::string& warning1, | 105 const std::string& warning1, |
| 104 const std::string& warning2, | 106 const std::string& warning2, |
| 105 const std::string& warning3) { | 107 const std::string& warning3) { |
| 106 std::vector<std::string> expected_warnings(1, warning1); | 108 std::vector<std::string> expected_warnings(1, warning1); |
| 107 expected_warnings.push_back(warning2); | 109 expected_warnings.push_back(warning2); |
| 108 expected_warnings.push_back(warning3); | 110 expected_warnings.push_back(warning3); |
| 109 return CheckSanitizeCSP(policy, options, expected_csp, expected_warnings); | 111 return CheckSanitizeCSP(policy, options, expected_csp, expected_warnings); |
| 110 } | 112 } |
| 111 | 113 |
| 114 bool CSPEquals(const std::string& csp1, const std::string& csp2) { | |
| 115 std::vector<std::string> csp1_parts = base::SplitString( | |
| 116 csp1, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); | |
| 117 std::sort(csp1_parts.begin(), csp1_parts.end()); | |
| 118 std::vector<std::string> csp2_parts = base::SplitString( | |
| 119 csp2, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); | |
| 120 std::sort(csp2_parts.begin(), csp2_parts.end()); | |
| 121 return csp1_parts == csp2_parts; | |
| 122 } | |
| 123 | |
| 112 }; // namespace | 124 }; // namespace |
| 113 | 125 |
| 114 TEST(ExtensionCSPValidator, IsLegal) { | 126 TEST(ExtensionCSPValidator, IsLegal) { |
| 115 EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo")); | 127 EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo")); |
| 116 EXPECT_TRUE(ContentSecurityPolicyIsLegal( | 128 EXPECT_TRUE(ContentSecurityPolicyIsLegal( |
| 117 "default-src 'self'; script-src http://www.google.com")); | 129 "default-src 'self'; script-src http://www.google.com")); |
| 118 EXPECT_FALSE(ContentSecurityPolicyIsLegal( | 130 EXPECT_FALSE(ContentSecurityPolicyIsLegal( |
| 119 "default-src 'self';\nscript-src http://www.google.com")); | 131 "default-src 'self';\nscript-src http://www.google.com")); |
| 120 EXPECT_FALSE(ContentSecurityPolicyIsLegal( | 132 EXPECT_FALSE(ContentSecurityPolicyIsLegal( |
| 121 "default-src 'self';\rscript-src http://www.google.com")); | 133 "default-src 'self';\rscript-src http://www.google.com")); |
| (...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 447 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION)); | 459 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION)); |
| 448 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( | 460 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( |
| 449 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP)); | 461 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP)); |
| 450 | 462 |
| 451 // Popups are OK. | 463 // Popups are OK. |
| 452 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( | 464 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( |
| 453 "sandbox allow-popups", Manifest::TYPE_EXTENSION)); | 465 "sandbox allow-popups", Manifest::TYPE_EXTENSION)); |
| 454 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( | 466 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( |
| 455 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP)); | 467 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP)); |
| 456 } | 468 } |
| 469 | |
| 470 // TODO(lazyboy): Add comprehensive test cases. | |
|
Devlin
2016/12/09 15:46:01
Can we address this TODO before landing? ;)
lazyboy
2016/12/14 00:49:05
I've expanded the tests a bit and added an api_tes
| |
| 471 TEST(ExtensionCSPValidator, EffectiveSandboxedPageCSP) { | |
| 472 EXPECT_TRUE(CSPEquals("child-src 'self'; script-src 'self';", | |
| 473 GetEffectiveSandoxedPageCSP(""))); | |
| 474 EXPECT_TRUE(CSPEquals( | |
| 475 "child-src 'self'; script-src 'self';", | |
| 476 GetEffectiveSandoxedPageCSP("child-src http://www.google.com"))); | |
| 477 EXPECT_TRUE(CSPEquals("child-src 'none'; script-src 'self';", | |
| 478 GetEffectiveSandoxedPageCSP("child-src 'none'"))); | |
| 479 | |
| 480 // Directive values of 'none' and 'self' are preserved. | |
| 481 EXPECT_TRUE(CSPEquals( | |
| 482 "frame-src 'self'; script-src 'none';", | |
| 483 GetEffectiveSandoxedPageCSP("script-src 'none'; frame-src 'self';"))); | |
| 484 EXPECT_TRUE(CSPEquals( | |
| 485 "frame-src 'self'; script-src 'none';", | |
| 486 GetEffectiveSandoxedPageCSP( | |
| 487 "script-src 'none'; frame-src 'self' http://www.google.com;"))); | |
| 488 | |
| 489 // child-src and frame-src are handled correctly. | |
| 490 EXPECT_TRUE(CSPEquals( | |
| 491 "frame-src 'self'; script-src 'none';", | |
| 492 GetEffectiveSandoxedPageCSP( | |
| 493 "script-src 'none'; frame-src 'self' http://www.google.com;"))); | |
| 494 } | |
| OLD | NEW |
