OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) | 53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) |
54 { | 54 { |
55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; | 55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; |
56 | 56 |
57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { | 57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { |
58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example.
com", ports[i]); | 58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example.
com", ports[i]); |
59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not
have generated a unique origin."; | 59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not
have generated a unique origin."; |
60 } | 60 } |
61 } | 61 } |
62 | 62 |
| 63 TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) |
| 64 { |
| 65 struct TestCase { |
| 66 bool accessGranted; |
| 67 const char* url; |
| 68 }; |
| 69 |
| 70 TestCase inputs[] = { |
| 71 // Access is granted to webservers running on localhost. |
| 72 { true, "http://localhost" }, |
| 73 { true, "http://LOCALHOST" }, |
| 74 { true, "http://localhost:100" }, |
| 75 { true, "http://127.0.0.1" }, |
| 76 { true, "http://127.0.0.2" }, |
| 77 { true, "http://127.1.0.2" }, |
| 78 { true, "http://0177.00.00.01" }, |
| 79 { true, "http://[::1]" }, |
| 80 { true, "http://[0:0::1]" }, |
| 81 { true, "http://[0:0:0:0:0:0:0:1]" }, |
| 82 { true, "http://[::1]:21" }, |
| 83 { true, "http://127.0.0.1:8080" }, |
| 84 { true, "ftp://127.0.0.1" }, |
| 85 { true, "ftp://127.0.0.1:443" }, |
| 86 { true, "ws://127.0.0.1" }, |
| 87 |
| 88 // Access is denied to non-localhost over HTTP |
| 89 { false, "http://[1::]" }, |
| 90 { false, "http://[::2]" }, |
| 91 { false, "http://[1::1]" }, |
| 92 { false, "http://[1:2::3]" }, |
| 93 { false, "http://[::127.0.0.1]" }, |
| 94 { false, "http://a.127.0.0.1" }, |
| 95 { false, "http://127.0.0.1.b" }, |
| 96 { false, "http://localhost.a" }, |
| 97 { false, "http://a.localhost" }, |
| 98 |
| 99 // Access is granted to all secure transports. |
| 100 { true, "https://foobar.com" }, |
| 101 { true, "wss://foobar.com" }, |
| 102 |
| 103 // Access is denied to insecure transports. |
| 104 { false, "ftp://foobar.com" }, |
| 105 { false, "http://foobar.com" }, |
| 106 { false, "http://foobar.com:443" }, |
| 107 { false, "ws://foobar.com" }, |
| 108 |
| 109 // Access is granted to local files |
| 110 { true, "file:///home/foobar/index.html" }, |
| 111 |
| 112 // blob: URLs must look to the inner URL's origin, and apply the same |
| 113 // rules as above. Spot check some of them |
| 114 { true, "blob:http://localhost:1000/578223a1-8c13-17b3-84d5-eca045ae384a
" }, |
| 115 { true, "blob:https://foopy:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, |
| 116 { false, "blob:http://baz:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, |
| 117 { false, "blob:ftp://evil:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, |
| 118 |
| 119 // filesystem: URLs work the same as blob: URLs, and look to the inner |
| 120 // URL for security origin. |
| 121 { true, "filesystem:http://localhost:1000/foo" }, |
| 122 { true, "filesystem:https://foopy:99/foo" }, |
| 123 { false, "filesystem:http://baz:99/foo" }, |
| 124 { false, "filesystem:ftp://evil:99/foo" }, |
| 125 }; |
| 126 |
| 127 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(inputs); ++i) { |
| 128 SCOPED_TRACE(i); |
| 129 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(inputs[
i].url); |
| 130 EXPECT_EQ(inputs[i].accessGranted, origin->canAccessFeatureRequiringSecu
reOrigin()); |
| 131 } |
| 132 |
| 133 // Unique origins are not considered secure. |
| 134 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); |
| 135 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin()); |
| 136 } |
| 137 |
63 } // namespace | 138 } // namespace |
64 | 139 |
OLD | NEW |