Chromium Code Reviews Chromium Code Reviews
Issue 2708873002:
Stop CSP from matching independent scheme/port upgrades (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
| 6 | 6 |
| 7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ResourceRequest.h" | 9 #include "platform/network/ResourceRequest.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 98 KURL base; | 98 KURL base; |
| 99 CSPSource source(csp.get(), "http", "example.com", 8000, "/bar/", | 99 CSPSource source(csp.get(), "http", "example.com", 8000, "/bar/", |
| 100 CSPSource::NoWildcard, CSPSource::NoWildcard); | 100 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 101 | 101 |
| 102 EXPECT_TRUE( | 102 EXPECT_TRUE( |
| 103 source.matches(KURL(base, "http://example.com:8000/"), | 103 source.matches(KURL(base, "http://example.com:8000/"), |
| 104 ResourceRequest::RedirectStatus::FollowedRedirect)); | 104 ResourceRequest::RedirectStatus::FollowedRedirect)); |
| 105 EXPECT_TRUE( | 105 EXPECT_TRUE( |
| 106 source.matches(KURL(base, "http://example.com:8000/foo"), | 106 source.matches(KURL(base, "http://example.com:8000/foo"), |
| 107 ResourceRequest::RedirectStatus::FollowedRedirect)); | 107 ResourceRequest::RedirectStatus::FollowedRedirect)); |
| 108 EXPECT_TRUE( | 108 // Should not allow upgrade of port or scheme without upgrading both |
| 109 EXPECT_FALSE( | |
| 109 source.matches(KURL(base, "https://example.com:8000/foo"), | 110 source.matches(KURL(base, "https://example.com:8000/foo"), |
| 110 ResourceRequest::RedirectStatus::FollowedRedirect)); | 111 ResourceRequest::RedirectStatus::FollowedRedirect)); |
| 111 | |
| 112 EXPECT_FALSE( | 112 EXPECT_FALSE( |
| 113 source.matches(KURL(base, "http://not-example.com:8000/foo"), | 113 source.matches(KURL(base, "http://not-example.com:8000/foo"), |
| 114 ResourceRequest::RedirectStatus::FollowedRedirect)); | 114 ResourceRequest::RedirectStatus::FollowedRedirect)); |
| 115 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/"), | 115 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/"), |
| 116 ResourceRequest::RedirectStatus::NoRedirect)); | 116 ResourceRequest::RedirectStatus::NoRedirect)); |
| 117 } | 117 } |
| 118 | 118 |
| 119 TEST_F(CSPSourceTest, InsecureSchemeMatchesSecureScheme) { | 119 TEST_F(CSPSourceTest, InsecureSchemeMatchesSecureScheme) { |
| 120 KURL base; | 120 KURL base; |
| 121 CSPSource source(csp.get(), "http", "", 0, "/", CSPSource::NoWildcard, | 121 CSPSource source(csp.get(), "http", "", 0, "/", CSPSource::NoWildcard, |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 157 | 157 |
| 158 // Self scheme is https. | 158 // Self scheme is https. |
| 159 { | 159 { |
| 160 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); | 160 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 161 csp->setupSelf(*SecurityOrigin::createFromString("https://a.com/")); | 161 csp->setupSelf(*SecurityOrigin::createFromString("https://a.com/")); |
| 162 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, | 162 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 163 CSPSource::NoWildcard); | 163 CSPSource::NoWildcard); |
| 164 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); | 164 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
| 165 EXPECT_TRUE(source.matches(KURL(base, "https://a.com"))); | 165 EXPECT_TRUE(source.matches(KURL(base, "https://a.com"))); |
| 166 EXPECT_FALSE(source.matches(KURL(base, "http-so://a.com"))); | 166 EXPECT_FALSE(source.matches(KURL(base, "http-so://a.com"))); |
| 167 // TODO(mkwst, arthursonzogni): Maybe it should return true. | 167 EXPECT_TRUE(source.matches(KURL(base, "https-so://a.com"))); |
|
andypaicu
2017/02/24 08:41:00
Added 692442 since this will also fix that bug
Mike West
2017/02/24 10:56:28
Hrm. I'm not actually sure this is a bug. :(
This
andypaicu
2017/03/13 10:07:20
I've added the comment and let Jochen know.
| |
| 168 // See http://crbug.com/692442 | |
| 169 EXPECT_FALSE(source.matches(KURL(base, "https-so://a.com"))); | |
| 170 EXPECT_FALSE(source.matches(KURL(base, "ftp://a.com"))); | 168 EXPECT_FALSE(source.matches(KURL(base, "ftp://a.com"))); |
| 171 } | 169 } |
| 172 | 170 |
| 173 // Self scheme is not in the http familly. | 171 // Self scheme is not in the http familly. |
| 174 { | 172 { |
| 175 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); | 173 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 176 csp->setupSelf(*SecurityOrigin::createFromString("ftp://a.com/")); | 174 csp->setupSelf(*SecurityOrigin::createFromString("ftp://a.com/")); |
| 177 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, | 175 CSPSource source(csp.get(), "", "a.com", 0, "/", CSPSource::NoWildcard, |
| 178 CSPSource::NoWildcard); | 176 CSPSource::NoWildcard); |
| 179 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); | 177 EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 198 | 196 |
| 199 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { | 197 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
| 200 KURL base; | 198 KURL base; |
| 201 | 199 |
| 202 // source scheme is "http" | 200 // source scheme is "http" |
| 203 { | 201 { |
| 204 CSPSource source(csp.get(), "http", "example.com", 80, "/", | 202 CSPSource source(csp.get(), "http", "example.com", 80, "/", |
| 205 CSPSource::NoWildcard, CSPSource::NoWildcard); | 203 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 206 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); | 204 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
| 207 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); | 205 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); |
| 208 // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the | 206 |
| 209 // sheme. See http://crbug.com/692499 | 207 // Should not allow scheme upgrades unless both port and scheme are upgraded |
| 210 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); | 208 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:443/"))); |
| 211 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); | 209 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); |
| 212 // TODO(mkwst, arthursonzogni): It is weird to upgrade the scheme without | 210 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:80/"))); |
| 213 // the port. See http://crbug.com/692499 | 211 |
| 214 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); | |
| 215 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); | 212 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); |
| 216 | 213 |
| 217 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); | 214 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); |
| 218 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); | 215 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); |
| 219 | 216 |
| 220 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); | 217 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); |
| 221 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); | 218 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); |
| 222 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); | 219 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); |
| 223 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); | 220 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); |
| 224 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); | 221 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); |
| 225 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); | 222 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
| 226 } | 223 } |
| 227 | 224 |
| 228 // source scheme is empty | 225 // source scheme is empty |
| 229 { | 226 { |
| 230 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); | 227 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 231 csp->setupSelf(*SecurityOrigin::createFromString("http://example.com")); | 228 csp->setupSelf(*SecurityOrigin::createFromString("http://example.com")); |
| 232 CSPSource source(csp.get(), "", "example.com", 80, "/", | 229 CSPSource source(csp.get(), "", "example.com", 80, "/", |
| 233 CSPSource::NoWildcard, CSPSource::NoWildcard); | 230 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 234 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); | 231 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
| 235 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443"))); | 232 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443"))); |
| 236 // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the | 233 // Should not allow upgrade of port or scheme without upgrading both |
| 237 // sheme. See http://crbug.com/692499 | 234 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:443"))); |
| 238 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443"))); | 235 } |
| 236 | |
| 237 // source port is empty | |
| 238 { | |
| 239 CSPSource source(csp.get(), "http", "example.com", 0, "/", | |
| 240 CSPSource::NoWildcard, CSPSource::NoWildcard); | |
| 241 | |
| 242 EXPECT_TRUE(source.matches(KURL(base, "http://example.com"))); | |
| 243 EXPECT_TRUE(source.matches(KURL(base, "https://example.com"))); | |
| 244 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443"))); | |
| 245 // Should not allow upgrade of port or scheme without upgrading both | |
| 246 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:80"))); | |
| 247 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:443"))); | |
| 239 } | 248 } |
| 240 } | 249 } |
| 241 | 250 |
| 242 TEST_F(CSPSourceTest, HostMatches) { | 251 TEST_F(CSPSourceTest, HostMatches) { |
| 243 KURL base; | 252 KURL base; |
| 244 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); | 253 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 245 csp->setupSelf(*SecurityOrigin::createFromString("http://a.com")); | 254 csp->setupSelf(*SecurityOrigin::createFromString("http://a.com")); |
| 246 | 255 |
| 247 // Host is * (source-expression = "http://*") | 256 // Host is * (source-expression = "http://*") |
| 248 { | 257 { |
| (...skipping 649 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 898 normalized = B->intersect(A); | 907 normalized = B->intersect(A); |
| 899 Source intersectBA = { | 908 Source intersectBA = { |
| 900 normalized->m_scheme, normalized->m_host, | 909 normalized->m_scheme, normalized->m_host, |
| 901 normalized->m_path, normalized->m_port, | 910 normalized->m_path, normalized->m_port, |
| 902 normalized->m_hostWildcard, normalized->m_portWildcard}; | 911 normalized->m_hostWildcard, normalized->m_portWildcard}; |
| 903 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); | 912 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); |
| 904 } | 913 } |
| 905 } | 914 } |
| 906 | 915 |
| 907 } // namespace blink | 916 } // namespace blink |
| OLD | NEW |
