| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
| 6 | 6 |
| 7 #include "core/frame/SubresourceIntegrity.h" | 7 #include "core/frame/SubresourceIntegrity.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "core/frame/csp/SourceListDirective.h" | 9 #include "core/frame/csp/SourceListDirective.h" |
| 10 #include "platform/loader/fetch/ResourceRequest.h" | 10 #include "platform/loader/fetch/ResourceRequest.h" |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 "https://example.com/script/script.js", true}, | 150 "https://example.com/script/script.js", true}, |
| 151 {"default-src https://example.com", "https://not.example.com/script.js", | 151 {"default-src https://example.com", "https://not.example.com/script.js", |
| 152 false}, | 152 false}, |
| 153 {"default-src https://*.example.com", "https://not.example.com/script.js", | 153 {"default-src https://*.example.com", "https://not.example.com/script.js", |
| 154 true}, | 154 true}, |
| 155 {"default-src https://*.example.com", "https://example.com/script.js", | 155 {"default-src https://*.example.com", "https://example.com/script.js", |
| 156 false}, | 156 false}, |
| 157 }; | 157 }; |
| 158 | 158 |
| 159 for (const auto& test : cases) { | 159 for (const auto& test : cases) { |
| 160 SCOPED_TRACE(testing::Message() << "List: `" << test.list << "`, URL: `" | 160 SCOPED_TRACE(testing::Message() |
| 161 << test.url << "`"); | 161 << "List: `" << test.list << "`, URL: `" << test.url << "`"); |
| 162 KURL script_src = KURL(KURL(), test.url); | 162 KURL script_src = KURL(KURL(), test.url); |
| 163 | 163 |
| 164 // Report-only | 164 // Report-only |
| 165 Member<CSPDirectiveList> directive_list = | 165 Member<CSPDirectiveList> directive_list = |
| 166 CreateList(test.list, kContentSecurityPolicyHeaderTypeReport); | 166 CreateList(test.list, kContentSecurityPolicyHeaderTypeReport); |
| 167 EXPECT_EQ(test.expected, | 167 EXPECT_EQ(test.expected, |
| 168 directive_list->AllowScriptFromSource( | 168 directive_list->AllowScriptFromSource( |
| 169 script_src, String(), IntegrityMetadataSet(), kParserInserted, | 169 script_src, String(), IntegrityMetadataSet(), kParserInserted, |
| 170 ResourceRequest::RedirectStatus::kNoRedirect, | 170 ResourceRequest::RedirectStatus::kNoRedirect, |
| 171 SecurityViolationReportingPolicy::kSuppressReporting)); | 171 SecurityViolationReportingPolicy::kSuppressReporting)); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 // Does affect URLs that don't. | 206 // Does affect URLs that don't. |
| 207 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "yay", | 207 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "yay", |
| 208 true}, | 208 true}, |
| 209 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "boo", | 209 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "boo", |
| 210 false}, | 210 false}, |
| 211 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "", | 211 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "", |
| 212 false}, | 212 false}, |
| 213 }; | 213 }; |
| 214 | 214 |
| 215 for (const auto& test : cases) { | 215 for (const auto& test : cases) { |
| 216 SCOPED_TRACE(testing::Message() << "List: `" << test.list << "`, URL: `" | 216 SCOPED_TRACE(testing::Message() |
| 217 << test.url << "`"); | 217 << "List: `" << test.list << "`, URL: `" << test.url << "`"); |
| 218 KURL resource = KURL(KURL(), test.url); | 218 KURL resource = KURL(KURL(), test.url); |
| 219 | 219 |
| 220 // Report-only 'script-src' | 220 // Report-only 'script-src' |
| 221 Member<CSPDirectiveList> directive_list = | 221 Member<CSPDirectiveList> directive_list = |
| 222 CreateList(String("script-src ") + test.list, | 222 CreateList(String("script-src ") + test.list, |
| 223 kContentSecurityPolicyHeaderTypeReport); | 223 kContentSecurityPolicyHeaderTypeReport); |
| 224 EXPECT_EQ(test.expected, | 224 EXPECT_EQ(test.expected, |
| 225 directive_list->AllowScriptFromSource( | 225 directive_list->AllowScriptFromSource( |
| 226 resource, String(test.nonce), IntegrityMetadataSet(), | 226 resource, String(test.nonce), IntegrityMetadataSet(), |
| 227 kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect, | 227 kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect, |
| (...skipping 906 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1134 udpated_total); | 1134 udpated_total); |
| 1135 EXPECT_EQ( | 1135 EXPECT_EQ( |
| 1136 CSPDirectiveList::GetSourceVector( | 1136 CSPDirectiveList::GetSourceVector( |
| 1137 ContentSecurityPolicy::DirectiveType::kChildSrc, policy_vector) | 1137 ContentSecurityPolicy::DirectiveType::kChildSrc, policy_vector) |
| 1138 .size(), | 1138 .size(), |
| 1139 expected_child_src); | 1139 expected_child_src); |
| 1140 } | 1140 } |
| 1141 } | 1141 } |
| 1142 | 1142 |
| 1143 } // namespace blink | 1143 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2940933003:
DO NOT SUBMIT results of new clang-format (Closed)
