Chromium Code Reviews Chromium Code Reviews
Issue 2869423002:
PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | |
| 6 | |
| 5 #include "content/common/content_security_policy/csp_context.h" | 7 #include "content/common/content_security_policy/csp_context.h" |
| 6 #include "content/common/content_security_policy_header.h" | 8 #include "content/common/content_security_policy_header.h" |
| 7 #include "content/common/navigation_params.h" | 9 #include "content/common/navigation_params.h" |
| 8 #include "testing/gtest/include/gtest/gtest.h" | 10 #include "testing/gtest/include/gtest/gtest.h" |
| 9 | 11 |
| 10 namespace content { | 12 namespace content { |
| 11 | 13 |
| 12 namespace { | 14 namespace { |
| 13 | 15 |
| 14 class CSPContextTest : public CSPContext { | 16 class CSPContextTest : public CSPContext { |
| 15 public: | 17 public: |
| 16 const std::string& LastConsoleMessage() { return console_message_; } | 18 const CSPViolationParams& LastViolation() { return last_violation_; } |
|
alexmos
2017/05/16 05:56:49
nit: last_violation()
arthursonzogni
2017/05/16 12:48:44
Done.
| |
| 17 | 19 |
| 18 void AddSchemeToBypassCSP(const std::string& scheme) { | 20 void AddSchemeToBypassCSP(const std::string& scheme) { |
| 19 scheme_to_bypass_.push_back(scheme); | 21 scheme_to_bypass_.insert(scheme); |
| 20 } | 22 } |
| 21 | 23 |
| 22 bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override { | 24 bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override { |
| 23 return std::find(scheme_to_bypass_.begin(), scheme_to_bypass_.end(), | 25 return scheme_to_bypass_.count(scheme.as_string()); |
| 24 scheme) != scheme_to_bypass_.end(); | 26 } |
| 27 | |
| 28 void SetSanitizeDataForUseInCspViolation(bool value) { | |
|
alexmos
2017/05/16 05:56:49
nit: can use lowercase_with_underscores() for simp
arthursonzogni
2017/05/16 12:48:44
Done.
| |
| 29 sanitize_data_for_use_in_csp_violation = value; | |
| 30 } | |
| 31 | |
| 32 void SanitizeDataForUseInCspViolation( | |
| 33 GURL* blocked_url, | |
| 34 SourceLocation* source_location, | |
| 35 bool is_redirect, | |
| 36 CSPDirective::Name directive) const override { | |
| 37 if (!sanitize_data_for_use_in_csp_violation) | |
| 38 return; | |
| 39 *blocked_url = blocked_url->GetOrigin(); | |
| 40 *source_location = | |
| 41 SourceLocation(GURL(source_location->url).GetOrigin().spec(), 0u, 0u); | |
| 25 } | 42 } |
| 26 | 43 |
| 27 private: | 44 private: |
| 28 void ReportContentSecurityPolicyViolation( | 45 void ReportContentSecurityPolicyViolation( |
| 29 const CSPViolationParams& violation_params) override { | 46 const CSPViolationParams& violation_params) override { |
| 30 console_message_ = violation_params.console_message; | 47 last_violation_ = violation_params; |
| 31 } | 48 } |
| 32 std::string console_message_; | 49 CSPViolationParams last_violation_; |
| 33 std::vector<std::string> scheme_to_bypass_; | 50 SourceLocation source_location_; |
|
alexmos
2017/05/16 05:56:49
nit: looks unused?
arthursonzogni
2017/05/16 12:48:44
Yes!
| |
| 51 std::set<std::string> scheme_to_bypass_; | |
| 52 bool sanitize_data_for_use_in_csp_violation = false; | |
|
alexmos
2017/05/16 05:56:49
nit: end member var name with _
arthursonzogni
2017/05/16 12:48:44
Done.
| |
| 34 }; | 53 }; |
| 35 | 54 |
| 36 // Build a new policy made of only one directive and no report endpoints. | 55 // Build a new policy made of only one directive and no report endpoints. |
| 37 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, | 56 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, |
| 38 std::vector<CSPSource> sources) { | 57 std::vector<CSPSource> sources) { |
| 39 return ContentSecurityPolicy( | 58 return ContentSecurityPolicy( |
| 40 ContentSecurityPolicyHeader(std::string(), // header | 59 ContentSecurityPolicyHeader(std::string(), // header |
| 41 blink::kWebContentSecurityPolicyTypeEnforce, | 60 blink::kWebContentSecurityPolicyTypeEnforce, |
| 42 blink::kWebContentSecurityPolicySourceHTTP), | 61 blink::kWebContentSecurityPolicySourceHTTP), |
| 43 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, | 62 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 EXPECT_TRUE(context.IsAllowedByCsp( | 98 EXPECT_TRUE(context.IsAllowedByCsp( |
| 80 CSPDirective::FrameSrc, GURL("http://a.com"), false, SourceLocation())); | 99 CSPDirective::FrameSrc, GURL("http://a.com"), false, SourceLocation())); |
| 81 EXPECT_FALSE(context.IsAllowedByCsp( | 100 EXPECT_FALSE(context.IsAllowedByCsp( |
| 82 CSPDirective::FrameSrc, GURL("http://b.com"), false, SourceLocation())); | 101 CSPDirective::FrameSrc, GURL("http://b.com"), false, SourceLocation())); |
| 83 EXPECT_FALSE(context.IsAllowedByCsp( | 102 EXPECT_FALSE(context.IsAllowedByCsp( |
| 84 CSPDirective::FrameSrc, GURL("http://c.com"), false, SourceLocation())); | 103 CSPDirective::FrameSrc, GURL("http://c.com"), false, SourceLocation())); |
| 85 EXPECT_FALSE(context.IsAllowedByCsp( | 104 EXPECT_FALSE(context.IsAllowedByCsp( |
| 86 CSPDirective::FrameSrc, GURL("http://d.com"), false, SourceLocation())); | 105 CSPDirective::FrameSrc, GURL("http://d.com"), false, SourceLocation())); |
| 87 } | 106 } |
| 88 | 107 |
| 108 TEST(CSPContextTest, SanitizeDataForUseInCspViolation) { | |
| 109 CSPContextTest context; | |
| 110 context.SetSelf(url::Origin(GURL("http://a.com"))); | |
| 111 | |
| 112 // Content-Security-Policy: frame-src "a.com/iframe" | |
| 113 context.AddContentSecurityPolicy( | |
| 114 BuildPolicy(CSPDirective::FrameSrc, | |
| 115 {CSPSource("", "a.com", false, url::PORT_UNSPECIFIED, false, | |
| 116 "/iframe")})); | |
| 117 | |
| 118 GURL blocked_url("http://a.com/login?password=1234"); | |
| 119 SourceLocation source_location("http://a.com/login", 10u, 20u); | |
| 120 | |
| 121 // When the |blocked_url| and |source_location| aren't sensitive information. | |
| 122 { | |
| 123 EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc, blocked_url, | |
| 124 false, source_location)); | |
| 125 EXPECT_EQ(context.LastViolation().blocked_url, blocked_url); | |
| 126 EXPECT_EQ(context.LastViolation().source_location.url, | |
| 127 "http://a.com/login"); | |
| 128 EXPECT_EQ(context.LastViolation().source_location.line_number, 10u); | |
| 129 EXPECT_EQ(context.LastViolation().source_location.column_number, 20u); | |
| 130 EXPECT_EQ(context.LastViolation().console_message, | |
| 131 "Refused to frame 'http://a.com/login?password=1234' because it " | |
| 132 "violates the following Content Security Policy directive: " | |
| 133 "\"frame-src a.com/iframe\".\n"); | |
| 134 } | |
| 135 | |
| 136 context.SetSanitizeDataForUseInCspViolation(true); | |
| 137 | |
| 138 // When the |blocked_url| and |source_location| are sensitive information. | |
| 139 { | |
| 140 EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc, blocked_url, | |
| 141 false, source_location)); | |
| 142 EXPECT_EQ(context.LastViolation().blocked_url, blocked_url.GetOrigin()); | |
| 143 EXPECT_EQ(context.LastViolation().source_location.url, "http://a.com/"); | |
| 144 EXPECT_EQ(context.LastViolation().source_location.line_number, 0u); | |
| 145 EXPECT_EQ(context.LastViolation().source_location.column_number, 0u); | |
| 146 EXPECT_EQ(context.LastViolation().console_message, | |
| 147 "Refused to frame 'http://a.com/' because it violates the " | |
| 148 "following Content Security Policy directive: \"frame-src " | |
| 149 "a.com/iframe\".\n"); | |
| 150 } | |
| 151 } | |
| 152 | |
| 89 } // namespace content | 153 } // namespace content |
| OLD | NEW |
