Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(540)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_source_list_unittest.cc

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Temporary re-add the parser + transmit parsed CSP over IPC. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_source_list.cc ('k') | content/common/content_security_policy/csp_source_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/content_security_policy/csp_context.h"
6 #include "content/common/content_security_policy/csp_source_list.h"
7 #include "testing/gtest/include/gtest/gtest.h"
8
9 namespace content {
10
11 namespace {
12 class CSPContextTest : public CSPContext {
13 public:
14 const std::string& LastConsoleMessage() { return console_message_; }
15
16 private:
17 void LogToConsole(const std::string& message) override {
18 console_message_ = message;
19 }
20 std::string console_message_;
21 };
22 }
23
24 TEST(CSPSourceListTest, MultipleSource) {
25 CSPContextTest context;
26 context.SetSelf(url::Origin(GURL("http://example.com")));
27 CSPSourceList source_list(
28 false, // allow_self
29 false, // allow_star:
30 {CSPSource("", "a.com", false, url::PORT_UNSPECIFIED, false, ""),
31 CSPSource("", "b.com", false, url::PORT_UNSPECIFIED, false, "")});
32 EXPECT_TRUE(source_list.Allow(&context, GURL("http://a.com")));
33 EXPECT_TRUE(source_list.Allow(&context, GURL("http://b.com")));
34 EXPECT_FALSE(source_list.Allow(&context, GURL("http://c.com")));
35 }
36
37 TEST(CSPSourceList, ReportInvalidSourceExpression) {
38 const char console_message[] =
39 "The source list for Content Security Policy directive 'default-src' "
40 "contains an invalid source: ''invalid''. It will be ignored.";
41 CSPContextTest context;
42 CSPSourceList::Parse(&context, "default-src", "'invalid'");
43 EXPECT_EQ(console_message, context.LastConsoleMessage());
44 }
45
46 TEST(CSPSourceList, ReportInvalidSourceExpressionNone) {
47 const char console_message[] =
48 "The source list for Content Security Policy directive 'default-src' "
49 "contains an invalid source: ''none''. It will be ignored. Note that "
50 "'none' has no effect unless it is the only expression in the source "
51 "list.";
52 {
53 CSPContextTest context;
54 CSPSourceList::Parse(&context, "default-src", "'none' 'none'");
55 EXPECT_EQ(console_message, context.LastConsoleMessage());
56 }
57 {
58 CSPContextTest context;
59 CSPSourceList::Parse(&context, "default-src", "'none' 'self'");
60 EXPECT_EQ(console_message, context.LastConsoleMessage());
61 }
62 }
63
64 TEST(CSPSourceList, AllowStar) {
65 CSPContextTest context;
66 context.SetSelf(url::Origin(GURL("http://example.com")));
67 CSPSourceList source_list(false, // allow_self
68 true, // allow_star:
69 std::vector<CSPSource>()); // source_list
70 EXPECT_TRUE(source_list.Allow(&context, GURL("http://not-example.com")));
71 EXPECT_TRUE(source_list.Allow(&context, GURL("https://no-example.com")));
72 EXPECT_TRUE(source_list.Allow(&context, GURL("http-so://no-example.com")));
73 EXPECT_TRUE(source_list.Allow(&context, GURL("https-so://no-example.com")));
74 EXPECT_TRUE(source_list.Allow(&context, GURL("ws://no-example.com")));
75 EXPECT_TRUE(source_list.Allow(&context, GURL("wss://no-example.com")));
76 EXPECT_TRUE(source_list.Allow(&context, GURL("ftp://no-example.com")));
77
78 EXPECT_FALSE(source_list.Allow(&context, GURL("file://no-example.com")));
79 context.SetSelf(url::Origin(GURL("file://example.com")));
80 EXPECT_TRUE(source_list.Allow(&context, GURL("file://no-example.com")));
81 }
82
83 TEST(CSPSourceList, AllowSelf) {
84 CSPContextTest context;
85 context.SetSelf(url::Origin(GURL("http://example.com")));
86 CSPSourceList source_list(true, // allow_self
87 false, // allow_star:
88 std::vector<CSPSource>()); // source_list
89 EXPECT_TRUE(source_list.Allow(&context, GURL("http://example.com")));
90 EXPECT_FALSE(source_list.Allow(&context, GURL("http://not-example.com")));
91 EXPECT_TRUE(source_list.Allow(&context, GURL("https://example.com")));
92 EXPECT_FALSE(source_list.Allow(&context, GURL("ws://example.com")));
93 }
94
95 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_source_list.cc ('k') | content/common/content_security_policy/csp_source_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698