ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance when source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
Review-Url: https://codereview.chromium.org/2646773002
Cr-Commit-Position: refs/heads/master@{#445417}
Committed: https://chromium.googlesource.com/chromium/src/+/8a8b6c2b28a210ca37a500d7e95572ce6126994d

[arthursonzogni, 2017-01-19 14:13:54]

The CQ bit was checked by arthursonzogni@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-19 14:14:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[arthursonzogni, 2017-01-19 14:18:16]

Patchset #1 (id:1) has been deleted

[arthursonzogni, 2017-01-19 14:19:21]

Description was changed from

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problem. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance if source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

to

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problem. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance if source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

[arthursonzogni, 2017-01-19 14:19:21]

arthursonzogni@chromium.org changed reviewers:
+ clamy@chromium.org, mkwst@chromium.org

[arthursonzogni, 2017-01-19 14:20:18]

arthursonzogni@chromium.org changed reviewers:
- clamy@chromium.org

[arthursonzogni, 2017-01-19 14:20:18]

Hi Mike,
Please can you take a look at this patch?

[arthursonzogni, 2017-01-19 14:22:15]

Description was changed from

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problem. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance if source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

to

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance if source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

[Mike West, 2017-01-23 06:44:59]

LGTM, thanks!

[arthursonzogni, 2017-01-23 08:51:50]

Description was changed from

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance if source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

to

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance when source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

[arthursonzogni, 2017-01-23 11:58:08]

The CQ bit was checked by arthursonzogni@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-23 11:58:30]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-23 13:50:13]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-23 13:50:14]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, no build
URL)

[arthursonzogni, 2017-01-23 16:13:27]

The CQ bit was checked by arthursonzogni@chromium.org

[commit-bot: I haz the power, 2017-01-23 16:13:37]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-23 18:37:52]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1485188007002020,
"parent_rev": "f34f92725f250f7028e43df9a40a3813cc82d99a", "commit_rev":
"8a8b6c2b28a210ca37a500d7e95572ce6126994d"}

[commit-bot: I haz the power, 2017-01-23 18:38:33]

Description was changed from

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance when source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673
==========

to

==========
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*"

There were two problems. The first one was that when the host-part was
"*" then CSPSource::IsSchemeOnly() returned true, even if there was a
path or a port to enforce. For instance when source-expression =
'http://*:111' then 'http://a.com:222' was allowed.
The second problem was that in CSPSource::hostmatches(), the
host-part == '*' case was not handled.

This patch adds tests for these special cases.

BUG=682673

Review-Url: https://codereview.chromium.org/2646773002
Cr-Commit-Position: refs/heads/master@{#445417}
Committed:
https://chromium.googlesource.com/chromium/src/+/8a8b6c2b28a210ca37a500d7e955...
==========

[commit-bot: I haz the power, 2017-01-23 18:38:34]

Committed patchset #2 (id:40001) as
https://chromium.googlesource.com/chromium/src/+/8a8b6c2b28a210ca37a500d7e955...