Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(376)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_unittest.cc

Issue 2982623002: Revert of Block redirects to renderer-debug urls. (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/frame_host/navigation_handle_impl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "base/files/file_path.h" 8 #include "base/files/file_path.h"
9 #include "content/browser/child_process_security_policy_impl.h" 9 #include "content/browser/child_process_security_policy_impl.h"
10 #include "content/public/common/url_constants.h" 10 #include "content/public/common/url_constants.h"
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
150 150
151 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); 151 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme));
152 } 152 }
153 153
154 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { 154 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
155 ChildProcessSecurityPolicyImpl* p = 155 ChildProcessSecurityPolicyImpl* p =
156 ChildProcessSecurityPolicyImpl::GetInstance(); 156 ChildProcessSecurityPolicyImpl::GetInstance();
157 157
158 p->Add(kRendererID); 158 p->Add(kRendererID);
159 159
160 // Safe to request, redirect or commit. 160 // Safe to request or commit.
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
165 EXPECT_TRUE(p->CanRequestURL( 165 EXPECT_TRUE(p->CanRequestURL(
166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
167 EXPECT_TRUE(p->CanRedirectToURL(GURL("http://www.google.com/")));
168 EXPECT_TRUE(p->CanRedirectToURL(GURL("https://www.paypal.com/")));
169 EXPECT_TRUE(p->CanRedirectToURL(GURL("ftp://ftp.gnu.org/")));
170 EXPECT_TRUE(p->CanRedirectToURL(GURL("data:text/html,<b>Hi</b>")));
171 EXPECT_TRUE(
172 p->CanRedirectToURL(GURL("filesystem:http://localhost/temporary/a.gif")));
173 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
174 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
175 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); 169 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
176 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 170 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
177 EXPECT_TRUE(p->CanCommitURL( 171 EXPECT_TRUE(p->CanCommitURL(
178 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 172 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
179 EXPECT_TRUE( 173 EXPECT_TRUE(
180 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/"))); 174 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
181 EXPECT_TRUE( 175 EXPECT_TRUE(
182 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/"))); 176 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
183 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/"))); 177 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
184 EXPECT_TRUE( 178 EXPECT_TRUE(
185 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>"))); 179 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
186 EXPECT_TRUE(p->CanSetAsOriginHeader( 180 EXPECT_TRUE(p->CanSetAsOriginHeader(
187 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); 181 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
188 182
189 // Dangerous to request, commit, or set as origin header. 183 // Dangerous to request, commit, or set as origin header.
190 EXPECT_FALSE(p->CanRequestURL(kRendererID, 184 EXPECT_FALSE(p->CanRequestURL(kRendererID,
191 GURL("file:///etc/passwd"))); 185 GURL("file:///etc/passwd")));
192 EXPECT_FALSE(p->CanRequestURL(kRendererID, 186 EXPECT_FALSE(p->CanRequestURL(kRendererID,
193 GURL("chrome://foo/bar"))); 187 GURL("chrome://foo/bar")));
194 EXPECT_FALSE(p->CanRequestURL(kRendererID, 188 EXPECT_FALSE(p->CanRequestURL(kRendererID,
195 GURL("view-source:http://www.google.com/"))); 189 GURL("view-source:http://www.google.com/")));
196 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
197 EXPECT_TRUE(p->CanRedirectToURL(GURL("chrome://foo/bar")));
198 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
199 EXPECT_FALSE(p->CanCommitURL(kRendererID, 190 EXPECT_FALSE(p->CanCommitURL(kRendererID,
200 GURL("file:///etc/passwd"))); 191 GURL("file:///etc/passwd")));
201 EXPECT_FALSE(p->CanCommitURL(kRendererID, 192 EXPECT_FALSE(p->CanCommitURL(kRendererID,
202 GURL("chrome://foo/bar"))); 193 GURL("chrome://foo/bar")));
203 EXPECT_FALSE( 194 EXPECT_FALSE(
204 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); 195 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
205 EXPECT_FALSE( 196 EXPECT_FALSE(
206 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 197 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
207 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar"))); 198 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
208 EXPECT_FALSE(p->CanSetAsOriginHeader( 199 EXPECT_FALSE(p->CanSetAsOriginHeader(
(...skipping 23 matching lines...) Expand all
232 kRendererID, GURL("blob:http://username@localhost/some-guid"))); 223 kRendererID, GURL("blob:http://username@localhost/some-guid")));
233 EXPECT_FALSE(p->CanRequestURL( 224 EXPECT_FALSE(p->CanRequestURL(
234 kRendererID, GURL("blob:http://username @localhost/some-guid"))); 225 kRendererID, GURL("blob:http://username @localhost/some-guid")));
235 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid"))); 226 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid")));
236 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid"))); 227 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid")));
237 EXPECT_FALSE(p->CanRequestURL(kRendererID, 228 EXPECT_FALSE(p->CanRequestURL(kRendererID,
238 GURL("blob:filesystem:http://localhost/path"))); 229 GURL("blob:filesystem:http://localhost/path")));
239 EXPECT_FALSE(p->CanRequestURL(kRendererID, 230 EXPECT_FALSE(p->CanRequestURL(kRendererID,
240 GURL("filesystem:blob:http://localhost/guid"))); 231 GURL("filesystem:blob:http://localhost/guid")));
241 232
242 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
243 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:null/some-guid")));
244 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
245 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid")));
246 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid#fragment")));
247 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid?query")));
248 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blobinternal://some-guid")));
249 EXPECT_TRUE(
250 p->CanRedirectToURL(GURL("blob:http://username@localhost/some-guid")));
251 EXPECT_TRUE(p->CanRedirectToURL(
252 GURL("blob:http://username @localhost/some-guid")));
253 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blob:some-guid")));
254 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:some-guid")));
255 EXPECT_TRUE(
256 p->CanRedirectToURL(GURL("blob:filesystem:http://localhost/path")));
257 EXPECT_FALSE(
258 p->CanRedirectToURL(GURL("filesystem:blob:http://localhost/guid")));
259
260 EXPECT_TRUE( 233 EXPECT_TRUE(
261 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid"))); 234 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
262 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid"))); 235 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid")));
263 EXPECT_TRUE( 236 EXPECT_TRUE(
264 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid"))); 237 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
265 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid"))); 238 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid")));
266 EXPECT_TRUE( 239 EXPECT_TRUE(
267 p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid#fragment"))); 240 p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
268 EXPECT_TRUE( 241 EXPECT_TRUE(
269 p->CanCommitURL(kRendererID, GURL("blob:blobinternal://some-guid"))); 242 p->CanCommitURL(kRendererID, GURL("blob:blobinternal://some-guid")));
(...skipping 14 matching lines...) Expand all
284 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { 257 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
285 ChildProcessSecurityPolicyImpl* p = 258 ChildProcessSecurityPolicyImpl* p =
286 ChildProcessSecurityPolicyImpl::GetInstance(); 259 ChildProcessSecurityPolicyImpl::GetInstance();
287 260
288 p->Add(kRendererID); 261 p->Add(kRendererID);
289 262
290 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); 263 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
291 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); 264 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
292 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); 265 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
293 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); 266 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
294 EXPECT_TRUE(p->CanRedirectToURL(GURL("about:blank")));
295 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:BlAnK")));
296 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBouT:BlAnK")));
297 EXPECT_TRUE(p->CanRedirectToURL(GURL("aBouT:blank")));
298 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); 267 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
299 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); 268 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
300 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); 269 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
301 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); 270 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
302 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank"))); 271 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
303 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK"))); 272 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
304 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK"))); 273 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
305 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank"))); 274 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
306 275
307 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:srcdoc"))); 276 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:srcdoc")));
308 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:srcdoc")));
309 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:srcdoc"))); 277 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:srcdoc")));
310 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:srcdoc"))); 278 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:srcdoc")));
311 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:SRCDOC"))); 279 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:SRCDOC")));
312 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:SRCDOC"))); 280 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:SRCDOC")));
313 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:SRCDOC"))); 281 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:SRCDOC")));
314 282
315 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 283 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
316 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); 284 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
317 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); 285 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
318 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version"))); 286 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version")));
319 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
320 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:cache")));
321 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:hang")));
322 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:version")));
323 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 287 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
324 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); 288 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
325 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); 289 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
326 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version"))); 290 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
327 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); 291 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
328 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache"))); 292 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
329 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang"))); 293 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
330 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version"))); 294 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
331 295
332 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version"))); 296 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
333 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); 297 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
334 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); 298 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
335 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBoUt:version")));
336 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:CrASh")));
337 EXPECT_FALSE(p->CanRedirectToURL(GURL("abOuT:cAChe")));
338 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 299 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
339 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); 300 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
340 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); 301 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
341 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version"))); 302 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
342 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); 303 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
343 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh"))); 304 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
344 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe"))); 305 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
345 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version"))); 306 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
346 307
347 // Requests for about: pages should be denied. 308 // Requests for about: pages should be denied.
348 p->GrantRequestURL(kRendererID, GURL("about:crash")); 309 p->GrantRequestURL(kRendererID, GURL("about:crash"));
349 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); 310 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
350 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
351 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); 311 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
352 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash"))); 312 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
353 313
354 // These requests for chrome:// pages should be granted. 314 // These requests for chrome:// pages should be granted.
355 GURL chrome_url("chrome://foo"); 315 GURL chrome_url("chrome://foo");
356 p->GrantRequestURL(kRendererID, chrome_url); 316 p->GrantRequestURL(kRendererID, chrome_url);
357 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); 317 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
358 EXPECT_TRUE(p->CanRedirectToURL(GURL(chrome_url)));
359 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); 318 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
360 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url)); 319 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
361 320
362 p->Remove(kRendererID); 321 p->Remove(kRendererID);
363 } 322 }
364 323
365 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { 324 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
366 ChildProcessSecurityPolicyImpl* p = 325 ChildProcessSecurityPolicyImpl* p =
367 ChildProcessSecurityPolicyImpl::GetInstance(); 326 ChildProcessSecurityPolicyImpl::GetInstance();
368 327
369 p->Add(kRendererID); 328 p->Add(kRendererID);
370 329
371 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 330 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
372 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
373 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 331 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
374 EXPECT_FALSE( 332 EXPECT_FALSE(
375 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); 333 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
376 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); 334 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
377 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); 335 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
378 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
379 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); 336 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
380 EXPECT_FALSE( 337 EXPECT_FALSE(
381 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')"))); 338 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
382 339
383 p->Remove(kRendererID); 340 p->Remove(kRendererID);
384 } 341 }
385 342
386 TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) { 343 TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) {
387 ChildProcessSecurityPolicyImpl* p = 344 ChildProcessSecurityPolicyImpl* p =
388 ChildProcessSecurityPolicyImpl::GetInstance(); 345 ChildProcessSecurityPolicyImpl::GetInstance();
389 346
390 p->Add(kRendererID); 347 p->Add(kRendererID);
391 348
392 // Suborigin URLs are not requestable or committable. 349 // Suborigin URLs are not requestable or committable.
393 EXPECT_FALSE( 350 EXPECT_FALSE(
394 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com"))); 351 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com")));
395 EXPECT_FALSE( 352 EXPECT_FALSE(
396 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com"))); 353 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com")));
397 EXPECT_FALSE(p->CanRedirectToURL(GURL("http-so://foobar.example.com")));
398 EXPECT_FALSE(p->CanRedirectToURL(GURL("https-so://foobar.example.com")));
399 EXPECT_FALSE( 354 EXPECT_FALSE(
400 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com"))); 355 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com")));
401 EXPECT_FALSE( 356 EXPECT_FALSE(
402 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com"))); 357 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
403 358
404 // It's not possible to grant suborigins requestable status. 359 // It's not possible to grant suborigins requestable status.
405 p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com")); 360 p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com"));
406 EXPECT_FALSE( 361 EXPECT_FALSE(
407 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com"))); 362 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
408 363
409 // Suborigin URLs are valid origin headers. 364 // Suborigin URLs are valid origin headers.
410 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, 365 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
411 GURL("http-so://foobar.example.com"))); 366 GURL("http-so://foobar.example.com")));
412 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, 367 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
413 GURL("https-so://foobar.example.com"))); 368 GURL("https-so://foobar.example.com")));
414 369
415 p->Remove(kRendererID); 370 p->Remove(kRendererID);
416 } 371 }
417 372
418 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { 373 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
419 ChildProcessSecurityPolicyImpl* p = 374 ChildProcessSecurityPolicyImpl* p =
420 ChildProcessSecurityPolicyImpl::GetInstance(); 375 ChildProcessSecurityPolicyImpl::GetInstance();
421 376
422 p->Add(kRendererID); 377 p->Add(kRendererID);
423 378
424 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be 379 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
425 // requested but not committed. 380 // requested but not committed.
426 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 381 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
427 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
428 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 382 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
429 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); 383 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
430 384
431 // Once we register "asdf", we default to deny. 385 // Once we register "asdf", we default to deny.
432 RegisterTestScheme("asdf"); 386 RegisterTestScheme("asdf");
433 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 387 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
434 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
435 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 388 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
436 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); 389 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
437 390
438 // We can allow new schemes by adding them to the whitelist. 391 // We can allow new schemes by adding them to the whitelist.
439 p->RegisterWebSafeScheme("asdf"); 392 p->RegisterWebSafeScheme("asdf");
440 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); 393 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
441 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
442 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); 394 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
443 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers"))); 395 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
444 396
445 // Cleanup. 397 // Cleanup.
446 p->Remove(kRendererID); 398 p->Remove(kRendererID);
447 } 399 }
448 400
449 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { 401 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
450 ChildProcessSecurityPolicyImpl* p = 402 ChildProcessSecurityPolicyImpl* p =
451 ChildProcessSecurityPolicyImpl::GetInstance(); 403 ChildProcessSecurityPolicyImpl::GetInstance();
452 404
453 p->Add(kRendererID); 405 p->Add(kRendererID);
454 406
455 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 407 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
456 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
457 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 408 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
458 EXPECT_FALSE( 409 EXPECT_FALSE(
459 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 410 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
460 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); 411 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
461 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 412 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
462 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
463 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 413 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
464 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 414 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
465 415
466 // We should forget our state if we repeat a renderer id. 416 // We should forget our state if we repeat a renderer id.
467 p->Remove(kRendererID); 417 p->Remove(kRendererID);
468 p->Add(kRendererID); 418 p->Add(kRendererID);
469 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 419 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
470 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
471 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 420 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
472 EXPECT_FALSE( 421 EXPECT_FALSE(
473 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 422 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
474 p->Remove(kRendererID); 423 p->Remove(kRendererID);
475 } 424 }
476 425
477 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { 426 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
478 ChildProcessSecurityPolicyImpl* p = 427 ChildProcessSecurityPolicyImpl* p =
479 ChildProcessSecurityPolicyImpl::GetInstance(); 428 ChildProcessSecurityPolicyImpl::GetInstance();
480 429
481 p->Add(kRendererID); 430 p->Add(kRendererID);
482 431
483 // Child processes cannot request view source URLs. 432 // Child processes cannot request view source URLs.
484 EXPECT_FALSE(p->CanRequestURL(kRendererID, 433 EXPECT_FALSE(p->CanRequestURL(kRendererID,
485 GURL("view-source:http://www.google.com/"))); 434 GURL("view-source:http://www.google.com/")));
486 EXPECT_FALSE(p->CanRequestURL(kRendererID, 435 EXPECT_FALSE(p->CanRequestURL(kRendererID,
487 GURL("view-source:file:///etc/passwd"))); 436 GURL("view-source:file:///etc/passwd")));
488 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 437 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
489 EXPECT_FALSE(p->CanRequestURL( 438 EXPECT_FALSE(p->CanRequestURL(
490 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 439 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
491 440
492 // Child processes cannot be redirected to view source URLs.
493 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
494 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
495 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
496 EXPECT_FALSE(p->CanRedirectToURL(
497 GURL("view-source:view-source:http://www.google.com/")));
498
499 // View source URLs don't actually commit; the renderer is put into view 441 // View source URLs don't actually commit; the renderer is put into view
500 // source mode, and the inner URL commits. 442 // source mode, and the inner URL commits.
501 EXPECT_FALSE(p->CanCommitURL(kRendererID, 443 EXPECT_FALSE(p->CanCommitURL(kRendererID,
502 GURL("view-source:http://www.google.com/"))); 444 GURL("view-source:http://www.google.com/")));
503 EXPECT_FALSE(p->CanCommitURL(kRendererID, 445 EXPECT_FALSE(p->CanCommitURL(kRendererID,
504 GURL("view-source:file:///etc/passwd"))); 446 GURL("view-source:file:///etc/passwd")));
505 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 447 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
506 EXPECT_FALSE(p->CanCommitURL( 448 EXPECT_FALSE(p->CanCommitURL(
507 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 449 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
508 450
509 // View source URLs should not be setable as origin headers 451 // View source URLs should not be setable as origin headers
510 EXPECT_FALSE(p->CanSetAsOriginHeader( 452 EXPECT_FALSE(p->CanSetAsOriginHeader(
511 kRendererID, GURL("view-source:http://www.google.com/"))); 453 kRendererID, GURL("view-source:http://www.google.com/")));
512 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, 454 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
513 GURL("view-source:file:///etc/passwd"))); 455 GURL("view-source:file:///etc/passwd")));
514 EXPECT_FALSE( 456 EXPECT_FALSE(
515 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 457 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
516 EXPECT_FALSE(p->CanSetAsOriginHeader( 458 EXPECT_FALSE(p->CanSetAsOriginHeader(
517 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); 459 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
518 460
519 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); 461 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
520 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); 462 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
521 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
522 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); 463 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
523 EXPECT_FALSE( 464 EXPECT_FALSE(
524 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd"))); 465 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
525 EXPECT_FALSE( 466 EXPECT_FALSE(
526 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); 467 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
527 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
528 EXPECT_FALSE(p->CanCommitURL(kRendererID, 468 EXPECT_FALSE(p->CanCommitURL(kRendererID,
529 GURL("view-source:file:///etc/passwd"))); 469 GURL("view-source:file:///etc/passwd")));
530 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, 470 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
531 GURL("view-source:file:///etc/passwd"))); 471 GURL("view-source:file:///etc/passwd")));
532 p->Remove(kRendererID); 472 p->Remove(kRendererID);
533 } 473 }
534 474
535 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { 475 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
536 ChildProcessSecurityPolicyImpl* p = 476 ChildProcessSecurityPolicyImpl* p =
537 ChildProcessSecurityPolicyImpl::GetInstance(); 477 ChildProcessSecurityPolicyImpl::GetInstance();
538 478
539 p->Add(kRendererID); 479 p->Add(kRendererID);
540 480
541 GURL icon_url("file:///tmp/foo.png"); 481 GURL icon_url("file:///tmp/foo.png");
542 GURL sensitive_url("file:///etc/passwd"); 482 GURL sensitive_url("file:///etc/passwd");
543 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); 483 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
544 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 484 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
545 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
546 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
547 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); 485 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
548 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 486 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
549 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url)); 487 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
550 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); 488 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
551 489
552 p->GrantRequestSpecificFileURL(kRendererID, icon_url); 490 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
553 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 491 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
554 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); 492 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
555 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
556 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
557 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 493 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
558 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); 494 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
559 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); 495 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
560 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); 496 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
561 497
562 p->GrantRequestURL(kRendererID, icon_url); 498 p->GrantRequestURL(kRendererID, icon_url);
563 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); 499 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
564 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); 500 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
565 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
566 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
567 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); 501 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
568 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); 502 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
569 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url)); 503 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
570 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url)); 504 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
571 505
572 p->Remove(kRendererID); 506 p->Remove(kRendererID);
573 } 507 }
574 508
575 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { 509 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
576 ChildProcessSecurityPolicyImpl* p = 510 ChildProcessSecurityPolicyImpl* p =
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after
867 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { 801 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
868 ChildProcessSecurityPolicyImpl* p = 802 ChildProcessSecurityPolicyImpl* p =
869 ChildProcessSecurityPolicyImpl::GetInstance(); 803 ChildProcessSecurityPolicyImpl::GetInstance();
870 804
871 GURL url("chrome://thumb/http://www.google.com/"); 805 GURL url("chrome://thumb/http://www.google.com/");
872 806
873 p->Add(kRendererID); 807 p->Add(kRendererID);
874 808
875 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); 809 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
876 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); 810 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
877 EXPECT_TRUE(p->CanRedirectToURL(url));
878 p->GrantWebUIBindings(kRendererID); 811 p->GrantWebUIBindings(kRendererID);
879 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); 812 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
880 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); 813 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
881 EXPECT_TRUE(p->CanRedirectToURL(url));
882 814
883 p->Remove(kRendererID); 815 p->Remove(kRendererID);
884 } 816 }
885 817
886 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { 818 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
887 ChildProcessSecurityPolicyImpl* p = 819 ChildProcessSecurityPolicyImpl* p =
888 ChildProcessSecurityPolicyImpl::GetInstance(); 820 ChildProcessSecurityPolicyImpl::GetInstance();
889 821
890 GURL url("file:///etc/passwd"); 822 GURL url("file:///etc/passwd");
891 base::FilePath file(TEST_PATH("/etc/passwd")); 823 base::FilePath file(TEST_PATH("/etc/passwd"));
892 824
893 p->Add(kRendererID); 825 p->Add(kRendererID);
894 826
895 p->GrantRequestURL(kRendererID, url); 827 p->GrantRequestURL(kRendererID, url);
896 p->GrantReadFile(kRendererID, file); 828 p->GrantReadFile(kRendererID, file);
897 p->GrantWebUIBindings(kRendererID); 829 p->GrantWebUIBindings(kRendererID);
898 830
899 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); 831 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
900 EXPECT_TRUE(p->CanRedirectToURL(url));
901 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); 832 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
902 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); 833 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
903 834
904 p->Remove(kRendererID); 835 p->Remove(kRendererID);
905 836
906 // Renderers are added and removed on the UI thread, but the policy can be 837 // Renderers are added and removed on the UI thread, but the policy can be
907 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be 838 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
908 // prepared to answer policy questions about renderers who no longer exist. 839 // prepared to answer policy questions about renderers who no longer exist.
909 840
910 // In this case, we default to secure behavior. 841 // In this case, we default to secure behavior.
911 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); 842 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
912 EXPECT_TRUE(p->CanRedirectToURL(url));
913 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); 843 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
914 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); 844 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
915 } 845 }
916 846
917 // Test the granting of origin permissions, and their interactions with 847 // Test the granting of origin permissions, and their interactions with
918 // granting scheme permissions. 848 // granting scheme permissions.
919 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { 849 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
920 ChildProcessSecurityPolicyImpl* p = 850 ChildProcessSecurityPolicyImpl* p =
921 ChildProcessSecurityPolicyImpl::GetInstance(); 851 ChildProcessSecurityPolicyImpl::GetInstance();
922 852
923 p->Add(kRendererID); 853 p->Add(kRendererID);
924 854
925 GURL url_foo1("chrome://foo/resource1"); 855 GURL url_foo1("chrome://foo/resource1");
926 GURL url_foo2("chrome://foo/resource2"); 856 GURL url_foo2("chrome://foo/resource2");
927 GURL url_bar("chrome://bar/resource3"); 857 GURL url_bar("chrome://bar/resource3");
928 858
929 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); 859 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1));
930 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); 860 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2));
931 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 861 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
932 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
933 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
934 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
935 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); 862 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
936 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); 863 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
937 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 864 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
938 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); 865 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
939 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); 866 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
940 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); 867 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
941 868
942 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); 869 p->GrantOrigin(kRendererID, url::Origin(url_foo1));
943 870
944 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 871 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
945 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 872 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
946 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); 873 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
947 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
948 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
949 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
950 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 874 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
951 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 875 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
952 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); 876 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
953 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); 877 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
954 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); 878 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
955 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar)); 879 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
956 880
957 p->GrantScheme(kRendererID, kChromeUIScheme); 881 p->GrantScheme(kRendererID, kChromeUIScheme);
958 882
959 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); 883 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
960 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); 884 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
961 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); 885 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar));
962 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
963 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
964 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
965 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); 886 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
966 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); 887 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
967 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); 888 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
968 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); 889 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
969 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); 890 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
970 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar)); 891 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
971 892
972 p->Remove(kRendererID); 893 p->Remove(kRendererID);
973 } 894 }
974 895
(...skipping 16 matching lines...) Expand all
991 EXPECT_EQ(4U, policy->isolated_origins_.size()); 912 EXPECT_EQ(4U, policy->isolated_origins_.size());
992 EXPECT_TRUE( 913 EXPECT_TRUE(
993 policy->IsIsolatedOrigin(url::Origin(GURL("http://isolated.foo.com")))); 914 policy->IsIsolatedOrigin(url::Origin(GURL("http://isolated.foo.com"))));
994 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("http://a.com")))); 915 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("http://a.com"))));
995 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("https://b.com")))); 916 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("https://b.com"))));
996 EXPECT_TRUE( 917 EXPECT_TRUE(
997 policy->IsIsolatedOrigin(url::Origin(GURL("https://c.com:8000")))); 918 policy->IsIsolatedOrigin(url::Origin(GURL("https://c.com:8000"))));
998 } 919 }
999 920
1000 } // namespace content 921 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/frame_host/navigation_handle_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698