Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(635)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/common/csp_validator_unittest.cc

Issue 481643002: Disallow non-subdomain wildcards in the extension's CSP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . -> , Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/common/csp_validator.h" 5 #include "extensions/common/csp_validator.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 using extensions::csp_validator::ContentSecurityPolicyIsLegal; 8 using extensions::csp_validator::ContentSecurityPolicyIsLegal;
9 using extensions::csp_validator::ContentSecurityPolicyIsSecure; 9 using extensions::csp_validator::ContentSecurityPolicyIsSecure;
10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; 10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 92
93 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 93 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
94 "default-src 'self' *", Manifest::TYPE_EXTENSION)); 94 "default-src 'self' *", Manifest::TYPE_EXTENSION));
95 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 95 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
96 "default-src 'self' *:*", Manifest::TYPE_EXTENSION)); 96 "default-src 'self' *:*", Manifest::TYPE_EXTENSION));
97 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 97 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
98 "default-src 'self' *:*/", Manifest::TYPE_EXTENSION)); 98 "default-src 'self' *:*/", Manifest::TYPE_EXTENSION));
99 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 99 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
100 "default-src 'self' *:*/path", Manifest::TYPE_EXTENSION)); 100 "default-src 'self' *:*/path", Manifest::TYPE_EXTENSION));
101 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 101 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
102 "default-src 'self' https://", Manifest::TYPE_EXTENSION));
103 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
102 "default-src 'self' https://*:*", Manifest::TYPE_EXTENSION)); 104 "default-src 'self' https://*:*", Manifest::TYPE_EXTENSION));
103 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 105 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
104 "default-src 'self' https://*:*/", Manifest::TYPE_EXTENSION)); 106 "default-src 'self' https://*:*/", Manifest::TYPE_EXTENSION));
105 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 107 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
106 "default-src 'self' https://*:*/path", Manifest::TYPE_EXTENSION)); 108 "default-src 'self' https://*:*/path", Manifest::TYPE_EXTENSION));
109 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
110 "default-src 'self' https://*.com", Manifest::TYPE_EXTENSION));
111 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
112 "default-src 'self' https://*.*.google.com/", Manifest::TYPE_EXTENSION));
113 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
114 "default-src 'self' https://*.*.google.com:*/",
115 Manifest::TYPE_EXTENSION));
116 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
117 "default-src 'self' https://www.*.google.com/",
118 Manifest::TYPE_EXTENSION));
119 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
120 "default-src 'self' https://www.*.google.com:*/",
121 Manifest::TYPE_EXTENSION));
122 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
123 "default-src 'self' chrome://*", Manifest::TYPE_EXTENSION));
124 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
125 "default-src 'self' chrome-extension://*", Manifest::TYPE_EXTENSION));
107 126
108 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 127 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
109 "default-src 'self' https://*.google.com", Manifest::TYPE_EXTENSION)); 128 "default-src 'self' https://*.google.com", Manifest::TYPE_EXTENSION));
110 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 129 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
111 "default-src 'self' https://*.google.com:1", Manifest::TYPE_EXTENSION)); 130 "default-src 'self' https://*.google.com:1", Manifest::TYPE_EXTENSION));
112 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 131 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
113 "default-src 'self' https://*.google.com:*", Manifest::TYPE_EXTENSION)); 132 "default-src 'self' https://*.google.com:*", Manifest::TYPE_EXTENSION));
114 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 133 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
115 "default-src 'self' https://*.google.com:1/", Manifest::TYPE_EXTENSION)); 134 "default-src 'self' https://*.google.com:1/", Manifest::TYPE_EXTENSION));
116 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 135 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
171 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION)); 190 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION));
172 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 191 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
173 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP)); 192 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP));
174 193
175 // Popups are OK. 194 // Popups are OK.
176 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 195 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
177 "sandbox allow-popups", Manifest::TYPE_EXTENSION)); 196 "sandbox allow-popups", Manifest::TYPE_EXTENSION));
178 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 197 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
179 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP)); 198 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP));
180 } 199 }
OLDNEW
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698