OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/frame/SubresourceIntegrity.h" | 7 #include "core/frame/SubresourceIntegrity.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "core/frame/csp/SourceListDirective.h" | 9 #include "core/frame/csp/SourceListDirective.h" |
10 #include "platform/loader/fetch/ResourceRequest.h" | 10 #include "platform/loader/fetch/ResourceRequest.h" |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
150 "https://example.com/script/script.js", true}, | 150 "https://example.com/script/script.js", true}, |
151 {"default-src https://example.com", "https://not.example.com/script.js", | 151 {"default-src https://example.com", "https://not.example.com/script.js", |
152 false}, | 152 false}, |
153 {"default-src https://*.example.com", "https://not.example.com/script.js", | 153 {"default-src https://*.example.com", "https://not.example.com/script.js", |
154 true}, | 154 true}, |
155 {"default-src https://*.example.com", "https://example.com/script.js", | 155 {"default-src https://*.example.com", "https://example.com/script.js", |
156 false}, | 156 false}, |
157 }; | 157 }; |
158 | 158 |
159 for (const auto& test : cases) { | 159 for (const auto& test : cases) { |
160 SCOPED_TRACE(testing::Message() << "List: `" << test.list << "`, URL: `" | 160 SCOPED_TRACE(testing::Message() |
161 << test.url << "`"); | 161 << "List: `" << test.list << "`, URL: `" << test.url << "`"); |
162 KURL script_src = KURL(KURL(), test.url); | 162 KURL script_src = KURL(KURL(), test.url); |
163 | 163 |
164 // Report-only | 164 // Report-only |
165 Member<CSPDirectiveList> directive_list = | 165 Member<CSPDirectiveList> directive_list = |
166 CreateList(test.list, kContentSecurityPolicyHeaderTypeReport); | 166 CreateList(test.list, kContentSecurityPolicyHeaderTypeReport); |
167 EXPECT_EQ(test.expected, | 167 EXPECT_EQ(test.expected, |
168 directive_list->AllowScriptFromSource( | 168 directive_list->AllowScriptFromSource( |
169 script_src, String(), IntegrityMetadataSet(), kParserInserted, | 169 script_src, String(), IntegrityMetadataSet(), kParserInserted, |
170 ResourceRequest::RedirectStatus::kNoRedirect, | 170 ResourceRequest::RedirectStatus::kNoRedirect, |
171 SecurityViolationReportingPolicy::kSuppressReporting)); | 171 SecurityViolationReportingPolicy::kSuppressReporting)); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 // Does affect URLs that don't. | 206 // Does affect URLs that don't. |
207 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "yay", | 207 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "yay", |
208 true}, | 208 true}, |
209 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "boo", | 209 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "boo", |
210 false}, | 210 false}, |
211 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "", | 211 {"https://example.com 'nonce-yay'", "https://not.example.com/file", "", |
212 false}, | 212 false}, |
213 }; | 213 }; |
214 | 214 |
215 for (const auto& test : cases) { | 215 for (const auto& test : cases) { |
216 SCOPED_TRACE(testing::Message() << "List: `" << test.list << "`, URL: `" | 216 SCOPED_TRACE(testing::Message() |
217 << test.url << "`"); | 217 << "List: `" << test.list << "`, URL: `" << test.url << "`"); |
218 KURL resource = KURL(KURL(), test.url); | 218 KURL resource = KURL(KURL(), test.url); |
219 | 219 |
220 // Report-only 'script-src' | 220 // Report-only 'script-src' |
221 Member<CSPDirectiveList> directive_list = | 221 Member<CSPDirectiveList> directive_list = |
222 CreateList(String("script-src ") + test.list, | 222 CreateList(String("script-src ") + test.list, |
223 kContentSecurityPolicyHeaderTypeReport); | 223 kContentSecurityPolicyHeaderTypeReport); |
224 EXPECT_EQ(test.expected, | 224 EXPECT_EQ(test.expected, |
225 directive_list->AllowScriptFromSource( | 225 directive_list->AllowScriptFromSource( |
226 resource, String(test.nonce), IntegrityMetadataSet(), | 226 resource, String(test.nonce), IntegrityMetadataSet(), |
227 kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect, | 227 kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect, |
(...skipping 906 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1134 udpated_total); | 1134 udpated_total); |
1135 EXPECT_EQ( | 1135 EXPECT_EQ( |
1136 CSPDirectiveList::GetSourceVector( | 1136 CSPDirectiveList::GetSourceVector( |
1137 ContentSecurityPolicy::DirectiveType::kChildSrc, policy_vector) | 1137 ContentSecurityPolicy::DirectiveType::kChildSrc, policy_vector) |
1138 .size(), | 1138 .size(), |
1139 expected_child_src); | 1139 expected_child_src); |
1140 } | 1140 } |
1141 } | 1141 } |
1142 | 1142 |
1143 } // namespace blink | 1143 } // namespace blink |
OLD | NEW |