PlzNavigate: Do not disclose urls between cross-origin renderers.

content/common/content_security_policy/csp_context_unittest.cc

Index: content/common/content_security_policy/csp_context_unittest.cc
diff --git a/content/common/content_security_policy/csp_context_unittest.cc b/content/common/content_security_policy/csp_context_unittest.cc
index c0fdfd99f7f8ef733f440188c9a97f7dee0b9b28..245249c04e61d7b3e236430a612ba3917cb22c84 100644
--- a/content/common/content_security_policy/csp_context_unittest.cc
+++ b/content/common/content_security_policy/csp_context_unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <set>
+
 #include "content/common/content_security_policy/csp_context.h"
 #include "content/common/content_security_policy_header.h"
 #include "content/common/navigation_params.h"
@@ -13,24 +15,41 @@ namespace {
 
 class CSPContextTest : public CSPContext {
  public:
-  const std::string& LastConsoleMessage() { return console_message_; }
+  const CSPViolationParams& LastViolation() { return last_violation_; }

[alexmos, 2017/05/16 05:56:49]

nit: last_violation()

[arthursonzogni, 2017/05/16 12:48:44]

Done.

 
   void AddSchemeToBypassCSP(const std::string& scheme) {
-    scheme_to_bypass_.push_back(scheme);
+    scheme_to_bypass_.insert(scheme);
   }
 
   bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override {
-    return std::find(scheme_to_bypass_.begin(), scheme_to_bypass_.end(),
-                     scheme) != scheme_to_bypass_.end();
+    return scheme_to_bypass_.count(scheme.as_string());
+  }
+
+  void SetSanitizeDataForUseInCspViolation(bool value) {

[alexmos, 2017/05/16 05:56:49]

nit: can use lowercase_with_underscores() for simple setter

[arthursonzogni, 2017/05/16 12:48:44]

Done.

+    sanitize_data_for_use_in_csp_violation = value;
+  }
+
+  void SanitizeDataForUseInCspViolation(
+      GURL* blocked_url,
+      SourceLocation* source_location,
+      bool is_redirect,
+      CSPDirective::Name directive) const override {
+    if (!sanitize_data_for_use_in_csp_violation)
+      return;
+    *blocked_url = blocked_url->GetOrigin();
+    *source_location =
+        SourceLocation(GURL(source_location->url).GetOrigin().spec(), 0u, 0u);
   }
 
  private:
   void ReportContentSecurityPolicyViolation(
       const CSPViolationParams& violation_params) override {
-    console_message_ = violation_params.console_message;
+    last_violation_ = violation_params;
   }
-  std::string console_message_;
-  std::vector<std::string> scheme_to_bypass_;
+  CSPViolationParams last_violation_;
+  SourceLocation source_location_;

[alexmos, 2017/05/16 05:56:49]

nit: looks unused?

[arthursonzogni, 2017/05/16 12:48:44]

Yes!

+  std::set<std::string> scheme_to_bypass_;
+  bool sanitize_data_for_use_in_csp_violation = false;

[alexmos, 2017/05/16 05:56:49]

nit: end member var name with _

[arthursonzogni, 2017/05/16 12:48:44]

Done.

 };
 
 // Build a new policy made of only one directive and no report endpoints.
@@ -86,4 +105,49 @@ TEST(CSPContextTest, MultiplePolicies) {
       CSPDirective::FrameSrc, GURL("http://d.com"), false, SourceLocation()));
 }
 
+TEST(CSPContextTest, SanitizeDataForUseInCspViolation) {
+  CSPContextTest context;
+  context.SetSelf(url::Origin(GURL("http://a.com")));
+
+  // Content-Security-Policy: frame-src "a.com/iframe"
+  context.AddContentSecurityPolicy(
+      BuildPolicy(CSPDirective::FrameSrc,
+                  {CSPSource("", "a.com", false, url::PORT_UNSPECIFIED, false,
+                             "/iframe")}));
+
+  GURL blocked_url("http://a.com/login?password=1234");
+  SourceLocation source_location("http://a.com/login", 10u, 20u);
+
+  // When the |blocked_url| and |source_location| aren't sensitive information.
+  {
+    EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc, blocked_url,
+                                        false, source_location));
+    EXPECT_EQ(context.LastViolation().blocked_url, blocked_url);
+    EXPECT_EQ(context.LastViolation().source_location.url,
+              "http://a.com/login");
+    EXPECT_EQ(context.LastViolation().source_location.line_number, 10u);
+    EXPECT_EQ(context.LastViolation().source_location.column_number, 20u);
+    EXPECT_EQ(context.LastViolation().console_message,
+              "Refused to frame 'http://a.com/login?password=1234' because it "
+              "violates the following Content Security Policy directive: "
+              "\"frame-src a.com/iframe\".\n");
+  }
+
+  context.SetSanitizeDataForUseInCspViolation(true);
+
+  // When the |blocked_url| and |source_location| are sensitive information.
+  {
+    EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc, blocked_url,
+                                        false, source_location));
+    EXPECT_EQ(context.LastViolation().blocked_url, blocked_url.GetOrigin());
+    EXPECT_EQ(context.LastViolation().source_location.url, "http://a.com/");
+    EXPECT_EQ(context.LastViolation().source_location.line_number, 0u);
+    EXPECT_EQ(context.LastViolation().source_location.column_number, 0u);
+    EXPECT_EQ(context.LastViolation().console_message,
+              "Refused to frame 'http://a.com/' because it violates the "
+              "following Content Security Policy directive: \"frame-src "
+              "a.com/iframe\".\n");
+  }
+}
+
 }  // namespace content