OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) | 53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) |
54 { | 54 { |
55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; | 55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; |
56 | 56 |
57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { | 57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { |
58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); | 58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); |
59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin."; | 59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin."; |
60 } | 60 } |
61 } | 61 } |
62 | 62 |
63 TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) | |
64 { | |
65 struct TestCase { | |
66 bool accessGranted; | |
67 const char* url; | |
68 }; | |
69 | |
70 TestCase inputs[] = { | |
71 // Access is granted to webservers running on localhost. | |
72 { true, "http://localhost" }, | |
73 { true, "http://localhost:100" }, | |
74 { true, "http://127.0.0.1" }, | |
75 { true, "http://[::1]" }, | |
76 { true, "http://[::1]:21" }, | |
77 { true, "http://127.0.0.1:8080" }, | |
78 { true, "ftp://127.0.0.1" }, | |
79 { true, "ftp://127.0.0.1:443" }, | |
80 { true, "ws://127.0.0.1" }, | |
81 | |
82 // Access is granted to all secure transports. | |
darin (slow to review)
2014/05/29 05:08:14
What about blob URLs generated from https:// pages
| |
83 { true, "https://foobar.com" }, | |
84 { true, "wss://foobar.com" }, | |
85 | |
86 // Access is denied to insecure transports. | |
87 { false, "ftp://foobar.com" }, | |
88 { false, "http://foobar.com" }, | |
89 { false, "http://foobar.com:443" }, | |
90 { false, "ws://foobar.com" }, | |
91 { false, "data:text/html;charset=utf-8;base64,PHNjcmlwdD5hbGVydCgnaGkhJy k8L3NjcmlwdD4=" }, | |
92 { false, "javascript:alert('hi')" }, | |
93 | |
94 // Access is granted to local files | |
95 { true, "file:///home/foobar/index.html" }, | |
96 }; | |
97 | |
98 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(inputs); ++i) { | |
99 SCOPED_TRACE(i); | |
100 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(inputs[ i].url); | |
101 EXPECT_EQ(inputs[i].accessGranted, origin->canAccessFeatureRequiringSecu reOrigin()); | |
102 } | |
103 | |
104 // Unique origins are not considered secure. | |
105 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); | |
106 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin()); | |
107 } | |
108 | |
63 } // namespace | 109 } // namespace |
64 | 110 |
OLD | NEW |