OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 #include "content/common/content_security_policy_header.h" | 6 #include "content/common/content_security_policy_header.h" |
7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
8 | 8 |
9 namespace content { | 9 namespace content { |
10 | 10 |
(...skipping 27 matching lines...) Expand all Loading... |
38 blink::WebContentSecurityPolicyTypeEnforce, | 38 blink::WebContentSecurityPolicyTypeEnforce, |
39 blink::WebContentSecurityPolicySourceHTTP, | 39 blink::WebContentSecurityPolicySourceHTTP, |
40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, | 40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, |
41 std::vector<std::string>(), // report_end_points | 41 std::vector<std::string>(), // report_end_points |
42 std::string()); // header | 42 std::string()); // header |
43 } | 43 } |
44 | 44 |
45 } // namespace; | 45 } // namespace; |
46 | 46 |
47 TEST(CSPContextTest, SchemeShouldBypassCSP) { | 47 TEST(CSPContextTest, SchemeShouldBypassCSP) { |
| 48 CSPContextTest context; |
48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); | 49 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); |
49 CSPContextTest context; | 50 ContentSecurityPolicy policy = |
50 context.AddContentSecurityPolicy( | 51 BuildPolicy(CSPDirective::DefaultSrc, {source}); |
51 BuildPolicy(CSPDirective::DefaultSrc, {source})); | 52 EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc, |
52 | 53 GURL("data:text/html,<html></html>"))); |
53 EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc, | |
54 GURL("data:text/html,<html></html>"))); | |
55 | |
56 context.AddSchemeToBypassCSP("data"); | 54 context.AddSchemeToBypassCSP("data"); |
57 | 55 EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc, |
58 EXPECT_TRUE(context.IsAllowedByCsp(CSPDirective::FrameSrc, | 56 GURL("data:text/html,<html></html>"))); |
59 GURL("data:text/html,<html></html>"))); | |
60 } | 57 } |
61 | 58 |
62 TEST(CSPContextTest, MultiplePolicies) { | 59 TEST(CSPContextTest, MultiplePolicies) { |
63 CSPContextTest context; | 60 CSPContextTest context; |
64 context.SetSelf(url::Origin(GURL("http://example.com"))); | 61 context.SetSelf(url::Origin(GURL("http://example.com"))); |
65 | 62 |
66 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 63 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); |
67 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, ""); | 64 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, ""); |
68 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, ""); | 65 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, ""); |
69 | 66 |
70 context.AddContentSecurityPolicy( | 67 ContentSecurityPolicy policy1 = |
71 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b})); | 68 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b}); |
72 context.AddContentSecurityPolicy( | 69 ContentSecurityPolicy policy2 = |
73 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c})); | 70 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c}); |
| 71 |
| 72 std::vector<ContentSecurityPolicy> policies = {policy1, policy2}; |
74 | 73 |
75 EXPECT_TRUE( | 74 EXPECT_TRUE( |
76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); | 75 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com"))); |
77 EXPECT_FALSE( | 76 EXPECT_FALSE( |
78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); | 77 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com"))); |
79 EXPECT_FALSE( | 78 EXPECT_FALSE( |
80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); | 79 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com"))); |
81 EXPECT_FALSE( | 80 EXPECT_FALSE( |
82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); | 81 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com"))); |
83 } | 82 } |
84 | 83 |
85 } // namespace content | 84 } // namespace content |
OLD | NEW |