OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ResourceRequest.h" | 9 #include "platform/network/ResourceRequest.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
132 KURL base; | 132 KURL base; |
133 CSPSource source(csp.get(), "http", "example.com", 0, "/", | 133 CSPSource source(csp.get(), "http", "example.com", 0, "/", |
134 CSPSource::NoWildcard, CSPSource::HasWildcard); | 134 CSPSource::NoWildcard, CSPSource::HasWildcard); |
135 | 135 |
136 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"))); | 136 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"))); |
137 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/"))); | 137 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/"))); |
138 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/"))); | 138 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/"))); |
139 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/"))); | 139 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/"))); |
140 } | 140 } |
141 | 141 |
| 142 TEST_F(CSPSourceTest, SchemeIsEmpty) { |
| 143 KURL base; |
| 144 |
| 145 // Self scheme is http. |
| 146 { |
| 147 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 148 csp->setupSelf(*SecurityOrigin::createFromString("http://a.com/")); |
| 149 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 150 CSPSource::NoWildcard); |
| 151 EXPECT_TRUE(source.matches(KURL(base, "http://a.com"))); |
| 152 EXPECT_TRUE(source.matches(KURL(base, "https://a.com"))); |
| 153 EXPECT_TRUE(source.matches(KURL(base, "http-so://a.com"))); |
| 154 EXPECT_TRUE(source.matches(KURL(base, "https-so://a.com"))); |
| 155 EXPECT_FALSE(source.matches(KURL(base, "ftp://a.com"))); |
| 156 } |
| 157 |
| 158 // Self scheme is https. |
| 159 { |
| 160 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 161 csp->setupSelf(*SecurityOrigin::createFromString("https://a.com/")); |
| 162 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 163 CSPSource::NoWildcard); |
| 164 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
| 165 EXPECT_TRUE(source.matches(KURL(base, "https://a.com"))); |
| 166 EXPECT_FALSE(source.matches(KURL(base, "http-so://a.com"))); |
| 167 // TODO(mkwst, arthursonzogni): Maybe it should return true. |
| 168 // See http://crbug.com/692442 |
| 169 EXPECT_FALSE(source.matches(KURL(base, "https-so://a.com"))); |
| 170 EXPECT_FALSE(source.matches(KURL(base, "ftp://a.com"))); |
| 171 } |
| 172 |
| 173 // Self scheme is not in the http familly. |
| 174 { |
| 175 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 176 csp->setupSelf(*SecurityOrigin::createFromString("ftp://a.com/")); |
| 177 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 178 CSPSource::NoWildcard); |
| 179 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
| 180 EXPECT_TRUE(source.matches(KURL(base, "ftp://a.com"))); |
| 181 } |
| 182 |
| 183 // Self scheme is unique |
| 184 { |
| 185 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 186 csp->setupSelf( |
| 187 *SecurityOrigin::createFromString("non-standard-scheme://a.com/")); |
| 188 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 189 CSPSource::NoWildcard); |
| 190 // TODO(mkwst, arthursonzogni): This result might be wrong. |
| 191 // See http://crbug.com/692449 |
| 192 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
| 193 // TODO(mkwst, arthursonzogni): This result might be wrong. |
| 194 // See http://crbug.com/692449 |
| 195 EXPECT_FALSE(source.matches(KURL(base, "non-standard-scheme://a.com"))); |
| 196 } |
| 197 } |
| 198 |
142 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { | 199 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
143 KURL base; | 200 KURL base; |
144 CSPSource source(csp.get(), "http", "example.com", 80, "/", | 201 CSPSource source(csp.get(), "http", "example.com", 80, "/", |
145 CSPSource::NoWildcard, CSPSource::NoWildcard); | 202 CSPSource::NoWildcard, CSPSource::NoWildcard); |
146 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); | 203 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
147 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); | 204 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); |
148 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); | 205 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); |
149 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); | 206 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); |
150 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); | 207 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); |
151 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); | 208 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); |
(...skipping 628 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
780 normalized = B->intersect(A); | 837 normalized = B->intersect(A); |
781 Source intersectBA = { | 838 Source intersectBA = { |
782 normalized->m_scheme, normalized->m_host, | 839 normalized->m_scheme, normalized->m_host, |
783 normalized->m_path, normalized->m_port, | 840 normalized->m_path, normalized->m_port, |
784 normalized->m_hostWildcard, normalized->m_portWildcard}; | 841 normalized->m_hostWildcard, normalized->m_portWildcard}; |
785 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); | 842 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); |
786 } | 843 } |
787 } | 844 } |
788 | 845 |
789 } // namespace blink | 846 } // namespace blink |
OLD | NEW |