 Chromium Code Reviews
 Chromium Code Reviews Issue 2612793002:
  Implement ContentSecurityPolicy on the browser-side.  (Closed)
    
  
    Issue 2612793002:
  Implement ContentSecurityPolicy on the browser-side.  (Closed) 
  | Index: content/common/content_security_policy/csp_source_unittest.cc | 
| diff --git a/content/common/content_security_policy/csp_source_unittest.cc b/content/common/content_security_policy/csp_source_unittest.cc | 
| new file mode 100644 | 
| index 0000000000000000000000000000000000000000..a98c7ce5a2712e1b401788ae28df5c5c61be7a99 | 
| --- /dev/null | 
| +++ b/content/common/content_security_policy/csp_source_unittest.cc | 
| @@ -0,0 +1,298 @@ | 
| +// Copyright 2017 The Chromium Authors. All rights reserved. | 
| +// Use of this source code is governed by a BSD-style license that can be | 
| +// found in the LICENSE file. | 
| + | 
| +#include "content/common/content_security_policy/csp_context.h" | 
| +#include "testing/gtest/include/gtest/gtest.h" | 
| + | 
| +namespace content { | 
| + | 
| +TEST(CSPSourceTest, BasicMatching) { | 
| + CSPContext context; | 
| + | 
| + CSPSource source("http", "example.com", false, 8000, false, "/foo/"); | 
| 
Mike West
2017/02/13 14:10:51
Can you add a check for a source without a trailin
 
arthursonzogni
2017/02/14 17:07:03
This is done in CSPSourceTest.AllowPath, section "
 | 
| + | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://example.com:8000/foo/"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://example.com:8000/foo/bar"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("HTTP://EXAMPLE.com:8000/foo/BAR"))); | 
| 
Mike West
2017/02/13 14:10:51
Can you add a check that `https://example.com:8000
 
arthursonzogni
2017/02/14 17:07:03
It is the same here, it is done in CSPSourceTest.A
 | 
| + | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://example.com:8000/bar/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("https://example.com:8000/bar/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://example.com:9000/bar/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("HTTP://example.com:8000/FOO/bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("HTTP://example.com:8000/FOO/BAR"))); | 
| +} | 
| + | 
| +TEST(CSPSourceTest, AllowScheme) { | 
| + CSPContext context; | 
| + | 
| + // http -> { http, https}. | 
| + { | 
| + CSPSource source("http", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ws://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("wss://a.com"))); | 
| + } | 
| + | 
| + // ws -> { ws, wss}. | 
| + { | 
| + CSPSource source("ws", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("https://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("ws://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("wss://a.com"))); | 
| + } | 
| + | 
| + // Exact matches required (ftp) | 
| + { | 
| + CSPSource source("ftp", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + } | 
| + | 
| + // Exact matches required (https) | 
| + { | 
| + CSPSource source("https", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + } | 
| + | 
| + // Exact matches required (wss) | 
| + { | 
| + CSPSource source("wss", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("wss://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ws://a.com"))); | 
| + } | 
| + | 
| + // Scheme is empty (ProtocolMatchesSelf). | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + | 
| + // Self's scheme is http. | 
| + context.SetSelf(url::Origin(GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http-so://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https-so://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + | 
| + // Self's is https. | 
| + context.SetSelf(url::Origin(GURL("https://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http-so://a.com"))); | 
| + // REVIEW(): Is it the correct behavior? | 
| + EXPECT_FALSE(source.Allow(&context, GURL("https-so://a.com"))); | 
| 
Mike West
2017/02/13 14:10:51
This seems wrong. We should be treating `https-so`
 
arthursonzogni
2017/02/14 17:07:03
Same results on the renderer-side:
https://coderev
 
Mike West
2017/02/15 16:18:17
Actually, this makes sense now that I think about
 | 
| + EXPECT_FALSE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + | 
| + // Self's scheme is not in the http familly. | 
| + context.SetSelf(url::Origin(GURL("ftp://a.com/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("ftp://a.com"))); | 
| + | 
| + // Self's scheme is unique. | 
| + context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("non-standard-scheme://a.com"))); | 
| 
Mike West
2017/02/13 14:10:51
This seems wrong too. This should match.
That sai
 
arthursonzogni
2017/02/14 17:07:03
Same results on the renderer-side.
https://coderev
 | 
| + } | 
| +} | 
| + | 
| +TEST(CSPSourceTest, AllowHost) { | 
| + CSPContext context; | 
| + context.SetSelf(url::Origin(GURL("http://example.com"))); | 
| + | 
| + // Host is * (source-expression = "http://*") | 
| + { | 
| + CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://."))); | 
| + } | 
| + | 
| + // Host is *.foo.bar | 
| + { | 
| + CSPSource source("", "foo.bar", true, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://foo.bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://o.bar"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://*.foo.bar"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://sub.foo.bar"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://sub.sub.foo.bar"))); | 
| + // FOR-REVIEWER: strange case? | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://.foo.bar"))); | 
| 
Mike West
2017/02/13 14:10:51
Doesn't the `.` get normalized away?
 
arthursonzogni
2017/02/14 17:07:03
No, I tried and got:
GURL("http://foo.bar") != GUR
 | 
| + } | 
| + | 
| + // Host is exact. | 
| + { | 
| + CSPSource source("", "foo.bar", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://foo.bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://sub.foo.bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://bar"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://.foo.bar"))); | 
| 
Mike West
2017/02/13 14:10:51
This surprises me.
 
arthursonzogni
2017/02/14 17:07:03
Same result on the renderer-side:
https://coderevi
 | 
| + } | 
| +} | 
| + | 
| +TEST(CSPSourceTest, AllowPort) { | 
| + CSPContext context; | 
| + context.SetSelf(url::Origin(GURL("http://example.com"))); | 
| + | 
| + // Source's port unspecified. | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:80"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com:8080"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com:443"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("https://a.com:80"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("https://a.com:8080"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com:443"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("unknown://a.com:80"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| 
Mike West
2017/02/13 14:10:51
Can you add `https://a.com` as well?
 
arthursonzogni
2017/02/14 17:07:03
Done.
 | 
| + } | 
| + | 
| + // Source's port is "*". | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, true, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:80"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:8080"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com:8080"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com:0"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + } | 
| + | 
| + // Source has a port. | 
| + { | 
| + CSPSource source("", "a.com", false, 80, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:80"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com:8080"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com"))); | 
| + } | 
| + | 
| + // Allow upgrade from :80 to :443 | 
| + { | 
| + CSPSource source("", "a.com", false, 80, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com:443"))); | 
| + // REVIEW(arthursonzogni): Is it expected? | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:443"))); | 
| 
Mike West
2017/02/13 14:10:51
Seems weird. Does this work in Blink today?
 
arthursonzogni
2017/02/14 17:07:03
Yes it works on blink today.
Please see: https://c
 | 
| + } | 
| + | 
| + // Host is * but port is specified | 
| + { | 
| + CSPSource source("http", "", true, 111, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:111"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com:222"))); | 
| + } | 
| +} | 
| + | 
| +TEST(CSPSourceTest, AllowPath) { | 
| + CSPContext context; | 
| + context.SetSelf(url::Origin(GURL("http://example.com"))); | 
| + | 
| + // Path to a file | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, | 
| + "/path/to/file"); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/file"))); | 
| 
Mike West
2017/02/13 14:10:51
Please add an expectation for `/path/to/file/with/
 
arthursonzogni
2017/02/14 17:07:03
Nice catch. Done!
 | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com/path/to/"))); | 
| + EXPECT_FALSE( | 
| + source.Allow(&context, GURL("http://a.com/path/to/something"))); | 
| + } | 
| + | 
| + // Path to a directory | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, | 
| + "/path/to/"); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/file"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com/path/"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com/path/to"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com/path/to"))); | 
| + } | 
| + | 
| + // Empty path | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/file"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + } | 
| + | 
| + // Almost empty path | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, "/"); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/file"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/path/to/"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com"))); | 
| + } | 
| + | 
| + // Path encoded. | 
| + { | 
| + CSPSource source("http", "a.com", false, url::PORT_UNSPECIFIED, false, | 
| + "/Hello Günter"); | 
| + EXPECT_TRUE( | 
| + source.Allow(&context, GURL("http://a.com/Hello%20G%C3%BCnter"))); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/Hello Günter"))); | 
| + } | 
| + | 
| + // Host is * but path is specified. | 
| + { | 
| + CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, | 
| + "/allowed-path"); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com/allowed-path"))); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com/disallowed-path"))); | 
| + } | 
| +} | 
| + | 
| +TEST(CSPSourceTest, RedirectMatching) { | 
| + CSPContext context; | 
| + CSPSource source("http", "a.com", false, 8000, false, "/bar/"); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:8000/"), true)); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("http://a.com:8000/foo"), true)); | 
| + EXPECT_TRUE(source.Allow(&context, GURL("https://a.com:8000/foo"), true)); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://not-a.com:8000/foo"), true)); | 
| + EXPECT_FALSE(source.Allow(&context, GURL("http://a.com:9000/foo/"), false)); | 
| +} | 
| + | 
| +TEST(CSPSourceTest, ToString) { | 
| + { | 
| + CSPSource source("http", "", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_EQ("http:", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("http", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_EQ("http://a.com", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_EQ("a.com", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "a.com", true, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_EQ("*.a.com", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "", true, url::PORT_UNSPECIFIED, false, ""); | 
| + EXPECT_EQ("*", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "a.com", false, 80, false, ""); | 
| + EXPECT_EQ("a.com:80", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, true, ""); | 
| + EXPECT_EQ("a.com:*", source.ToString()); | 
| + } | 
| + { | 
| + CSPSource source("", "a.com", false, url::PORT_UNSPECIFIED, false, "/path"); | 
| + EXPECT_EQ("a.com/path", source.ToString()); | 
| + } | 
| +} | 
| + | 
| +} // namespace content |