OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) | 53 TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) |
54 { | 54 { |
55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; | 55 int ports[] = { 0, 80, 443, 5000, MaxAllowedPort }; |
56 | 56 |
57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { | 57 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(ports); ++i) { |
58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); | 58 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("http", "example. com", ports[i]); |
59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin."; | 59 EXPECT_FALSE(origin->isUnique()) << "Port " << ports[i] << " should not have generated a unique origin."; |
60 } | 60 } |
61 } | 61 } |
62 | 62 |
63 TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) | |
64 { | |
65 struct TestCase { | |
66 bool accessGranted; | |
67 const char* url; | |
68 }; | |
69 | |
70 TestCase inputs[] = { | |
71 // Access is granted to webservers running on localhost. | |
72 { true, "http://localhost" }, | |
73 { true, "http://localhost:100" }, | |
74 { true, "http://127.0.0.1" }, | |
75 { true, "http://[::1]" }, | |
76 { true, "http://[::1]:21" }, | |
77 { true, "http://127.0.0.1:8080" }, | |
78 { true, "ftp://127.0.0.1" }, | |
79 { true, "ftp://127.0.0.1:443" }, | |
80 { true, "ws://127.0.0.1" }, | |
81 | |
82 // Access is granted to all secure transports. | |
83 { true, "https://foobar.com" }, | |
84 { true, "wss://foobar.com" }, | |
85 | |
86 // Access is denied to insecure transports. | |
87 { false, "ftp://foobar.com" }, | |
88 { false, "http://foobar.com" }, | |
89 { false, "http://foobar.com:443" }, | |
90 { false, "ws://foobar.com" }, | |
91 | |
92 // In practice it is not possible to initialize a SecurityOrigin with | |
93 // "data" protocol (it is treated as "unique"). | |
94 { false, "data:text/html;charset=utf-8;base64,PHNjcmlwdD5hbGVydCgnaGkhJy k8L3NjcmlwdD4=" }, | |
95 // Same thing for javascript: | |
96 { false, "javascript:alert('hi')" }, | |
abarth-chromium
2014/06/06 20:36:34
Please remove this case. It's an error to constru
eroman
2014/06/10 01:00:11
Done.
| |
97 | |
98 // Access is granted to local files | |
99 { true, "file:///home/foobar/index.html" }, | |
100 | |
101 // blob: URLs must look to the inner URL's origin, and apply the same | |
102 // rules as above. Spot check some of them | |
103 { true, "blob:http://localhost:1000/578223a1-8c13-17b3-84d5-eca045ae384a " }, | |
104 { true, "blob:https://foopy:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, | |
105 { false, "blob:http://baz:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, | |
106 { false, "blob:ftp://evil:99/578223a1-8c13-17b3-84d5-eca045ae384a" }, | |
107 | |
108 // filesystem: URLs work the same as blob: URLs, and look to the inner | |
109 // URL for security origin. | |
110 { true, "filesystem:http://localhost:1000/foo" }, | |
111 { true, "filesystem:https://foopy:99/foo" }, | |
112 { false, "filesystem:http://baz:99/foo" }, | |
113 { false, "filesystem:ftp://evil:99/foo" }, | |
114 }; | |
115 | |
116 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(inputs); ++i) { | |
117 SCOPED_TRACE(i); | |
118 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(inputs[ i].url); | |
119 EXPECT_EQ(inputs[i].accessGranted, origin->canAccessFeatureRequiringSecu reOrigin()); | |
120 } | |
121 | |
122 // Unique origins are not considered secure. | |
123 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); | |
124 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin()); | |
125 } | |
126 | |
63 } // namespace | 127 } // namespace |
64 | 128 |
OLD | NEW |