Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(590)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Issue 2940933003: DO NOT SUBMIT results of new clang-format (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp ('k') | third_party/WebKit/Source/core/html/HTMLAreaElement.cpp » ('j') | third_party/WebKit/Source/core/inspector/ConsoleTypes.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/frame/csp/ContentSecurityPolicy.h" 5 #include "core/frame/csp/ContentSecurityPolicy.h"
6 6
7 #include "core/frame/csp/CSPDirectiveList.h" 7 #include "core/frame/csp/CSPDirectiveList.h"
8 #include "core/html/HTMLScriptElement.h" 8 #include "core/html/HTMLScriptElement.h"
9 #include "core/testing/NullExecutionContext.h" 9 #include "core/testing/NullExecutionContext.h"
10 #include "platform/Crypto.h" 10 #include "platform/Crypto.h"
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 } cases[] = {{"default-src 'none'", kLeaveInsecureRequestsAlone}, 51 } cases[] = {{"default-src 'none'", kLeaveInsecureRequestsAlone},
52 {"upgrade-insecure-requests", kUpgradeInsecureRequests}, 52 {"upgrade-insecure-requests", kUpgradeInsecureRequests},
53 {"block-all-mixed-content", kBlockAllMixedContent}, 53 {"block-all-mixed-content", kBlockAllMixedContent},
54 {"upgrade-insecure-requests; block-all-mixed-content", 54 {"upgrade-insecure-requests; block-all-mixed-content",
55 kUpgradeInsecureRequests | kBlockAllMixedContent}, 55 kUpgradeInsecureRequests | kBlockAllMixedContent},
56 {"upgrade-insecure-requests, block-all-mixed-content", 56 {"upgrade-insecure-requests, block-all-mixed-content",
57 kUpgradeInsecureRequests | kBlockAllMixedContent}}; 57 kUpgradeInsecureRequests | kBlockAllMixedContent}};
58 58
59 // Enforced 59 // Enforced
60 for (const auto& test : cases) { 60 for (const auto& test : cases) {
61 SCOPED_TRACE(testing::Message() << "[Enforce] Header: `" << test.header 61 SCOPED_TRACE(testing::Message()
62 << "`"); 62 << "[Enforce] Header: `" << test.header << "`");
63 csp = ContentSecurityPolicy::Create(); 63 csp = ContentSecurityPolicy::Create();
64 csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeEnforce, 64 csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeEnforce,
65 kContentSecurityPolicyHeaderSourceHTTP); 65 kContentSecurityPolicyHeaderSourceHTTP);
66 EXPECT_EQ(test.expected_policy, csp->GetInsecureRequestPolicy()); 66 EXPECT_EQ(test.expected_policy, csp->GetInsecureRequestPolicy());
67 67
68 execution_context = CreateExecutionContext(); 68 execution_context = CreateExecutionContext();
69 execution_context->SetSecurityOrigin(secure_origin); 69 execution_context->SetSecurityOrigin(secure_origin);
70 execution_context->SetURL(secure_url); 70 execution_context->SetURL(secure_url);
71 csp->BindToExecutionContext(execution_context.Get()); 71 csp->BindToExecutionContext(execution_context.Get());
72 EXPECT_EQ(test.expected_policy, 72 EXPECT_EQ(test.expected_policy,
73 execution_context->GetInsecureRequestPolicy()); 73 execution_context->GetInsecureRequestPolicy());
74 bool expect_upgrade = test.expected_policy & kUpgradeInsecureRequests; 74 bool expect_upgrade = test.expected_policy & kUpgradeInsecureRequests;
75 EXPECT_EQ(expect_upgrade, 75 EXPECT_EQ(expect_upgrade,
76 execution_context->InsecureNavigationsToUpgrade()->Contains( 76 execution_context->InsecureNavigationsToUpgrade()->Contains(
77 execution_context->Url().Host().Impl()->GetHash())); 77 execution_context->Url().Host().Impl()->GetHash()));
78 } 78 }
79 79
80 // Report-Only 80 // Report-Only
81 for (const auto& test : cases) { 81 for (const auto& test : cases) {
82 SCOPED_TRACE(testing::Message() << "[Report-Only] Header: `" << test.header 82 SCOPED_TRACE(testing::Message()
83 << "`"); 83 << "[Report-Only] Header: `" << test.header << "`");
84 csp = ContentSecurityPolicy::Create(); 84 csp = ContentSecurityPolicy::Create();
85 csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeReport, 85 csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeReport,
86 kContentSecurityPolicyHeaderSourceHTTP); 86 kContentSecurityPolicyHeaderSourceHTTP);
87 EXPECT_EQ(kLeaveInsecureRequestsAlone, csp->GetInsecureRequestPolicy()); 87 EXPECT_EQ(kLeaveInsecureRequestsAlone, csp->GetInsecureRequestPolicy());
88 88
89 execution_context = CreateExecutionContext(); 89 execution_context = CreateExecutionContext();
90 execution_context->SetSecurityOrigin(secure_origin); 90 execution_context->SetSecurityOrigin(secure_origin);
91 csp->BindToExecutionContext(execution_context.Get()); 91 csp->BindToExecutionContext(execution_context.Get());
92 EXPECT_EQ(kLeaveInsecureRequestsAlone, 92 EXPECT_EQ(kLeaveInsecureRequestsAlone,
93 execution_context->GetInsecureRequestPolicy()); 93 execution_context->GetInsecureRequestPolicy());
(...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after
658 {"script-src 'nonce-yay'", "https://example.com/js", "yay", true}, 658 {"script-src 'nonce-yay'", "https://example.com/js", "yay", true},
659 {"script-src https://example.com", "https://example.com/js", "", true}, 659 {"script-src https://example.com", "https://example.com/js", "", true},
660 {"script-src https://example.com", "https://example.com/js", "yay", true}, 660 {"script-src https://example.com", "https://example.com/js", "yay", true},
661 {"script-src https://example.com 'nonce-yay'", 661 {"script-src https://example.com 'nonce-yay'",
662 "https://not.example.com/js", "", false}, 662 "https://not.example.com/js", "", false},
663 {"script-src https://example.com 'nonce-yay'", 663 {"script-src https://example.com 'nonce-yay'",
664 "https://not.example.com/js", "yay", true}, 664 "https://not.example.com/js", "yay", true},
665 }; 665 };
666 666
667 for (const auto& test : cases) { 667 for (const auto& test : cases) {
668 SCOPED_TRACE(testing::Message() << "Policy: `" << test.policy << "`, URL: `" 668 SCOPED_TRACE(testing::Message()
669 << test.url << "`, Nonce: `" << test.nonce 669 << "Policy: `" << test.policy << "`, URL: `" << test.url
670 << "`"); 670 << "`, Nonce: `" << test.nonce << "`");
671 KURL resource = KURL(KURL(), test.url); 671 KURL resource = KURL(KURL(), test.url);
672 672
673 unsigned expected_reports = test.allowed ? 0u : 1u; 673 unsigned expected_reports = test.allowed ? 0u : 1u;
674 674
675 // Single enforce-mode policy should match `test.expected`: 675 // Single enforce-mode policy should match `test.expected`:
676 Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create(); 676 Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
677 policy->BindToExecutionContext(execution_context.Get()); 677 policy->BindToExecutionContext(execution_context.Get());
678 policy->DidReceiveHeader(test.policy, 678 policy->DidReceiveHeader(test.policy,
679 kContentSecurityPolicyHeaderTypeEnforce, 679 kContentSecurityPolicyHeaderTypeEnforce,
680 kContentSecurityPolicyHeaderSourceHTTP); 680 kContentSecurityPolicyHeaderSourceHTTP);
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after
1258 "script-src http://127.0.0.1:8000 'none'")); 1258 "script-src http://127.0.0.1:8000 'none'"));
1259 EXPECT_FALSE( 1259 EXPECT_FALSE(
1260 ContentSecurityPolicy::IsValidCSPAttr("script-src 'none' 'none' 'none'")); 1260 ContentSecurityPolicy::IsValidCSPAttr("script-src 'none' 'none' 'none'"));
1261 1261
1262 // comma separated 1262 // comma separated
1263 EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( 1263 EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr(
1264 "script-src 'none', object-src 'none'")); 1264 "script-src 'none', object-src 'none'"));
1265 } 1265 }
1266 1266
1267 } // namespace blink 1267 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp ('k') | third_party/WebKit/Source/core/html/HTMLAreaElement.cpp » ('j') | third_party/WebKit/Source/core/inspector/ConsoleTypes.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698