Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/service_worker/service_worker_dispatcher_host_unittest.cc

Issue 618113005: Kill renderers that dink with Service Workers from non-secure origins. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/service_worker/service_worker_dispatcher_host.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "base/files/file_path.h" 8 #include "base/files/file_path.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "content/browser/browser_thread_impl.h" 10 #include "content/browser/browser_thread_impl.h"
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 EXPECT_TRUE(dispatcher_host_->ipc_sink()->GetUniqueMessageMatching( 117 EXPECT_TRUE(dispatcher_host_->ipc_sink()->GetUniqueMessageMatching(
118 expected_message)); 118 expected_message));
119 dispatcher_host_->ipc_sink()->ClearMessages(); 119 dispatcher_host_->ipc_sink()->ClearMessages();
120 } 120 }
121 121
122 TestBrowserThreadBundle browser_thread_bundle_; 122 TestBrowserThreadBundle browser_thread_bundle_;
123 scoped_ptr<EmbeddedWorkerTestHelper> helper_; 123 scoped_ptr<EmbeddedWorkerTestHelper> helper_;
124 scoped_refptr<TestingServiceWorkerDispatcherHost> dispatcher_host_; 124 scoped_refptr<TestingServiceWorkerDispatcherHost> dispatcher_host_;
125 }; 125 };
126 126
127 TEST_F(ServiceWorkerDispatcherHostTest, Register_SameOrigin) { 127 TEST_F(ServiceWorkerDispatcherHostTest, Register_HTTPS) {
128 const int64 kProviderId = 99; // Dummy value 128 const int64 kProviderId = 99; // Dummy value
129 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost( 129 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
130 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 130 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
131 host->SetDocumentUrl(GURL("https://www.example.com/foo")); 131 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
132 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 132 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
falken 2014/10/02 06:23:59 Not from your patch, but it looks like provider_ho
133 context()->AddProviderHost(host.Pass()); 133 context()->AddProviderHost(host.Pass());
134 134
135 Register(kProviderId, 135 Register(kProviderId,
136 GURL("https://www.example.com/"), 136 GURL("https://www.example.com/"),
137 GURL("https://www.example.com/bar"), 137 GURL("https://www.example.com/bar"),
138 ServiceWorkerMsg_ServiceWorkerRegistered::ID); 138 ServiceWorkerMsg_ServiceWorkerRegistered::ID);
139 } 139 }
140 140
141 TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOrigin) { 141 TEST_F(ServiceWorkerDispatcherHostTest, Register_NonSecureTransportLocalhost) {
142 const int64 kProviderId = 99; // Dummy value 142 const int64 kProviderId = 99; // Dummy value
143 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost( 143 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
144 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 144 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
145 host->SetDocumentUrl(GURL("http://127.0.0.3:81/foo"));
146 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
147 context()->AddProviderHost(host.Pass());
148
149 Register(kProviderId,
150 GURL("http://127.0.0.3:81/bar"),
151 GURL("http://127.0.0.3:81/baz"),
152 ServiceWorkerMsg_ServiceWorkerRegistered::ID);
153 }
154
155 TEST_F(ServiceWorkerDispatcherHostTest, Register_NonSecureOriginShouldFail) {
156 const int64 kProviderId = 99; // Dummy value
157 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
158 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
159 host->SetDocumentUrl(GURL("http://www.example.com/foo"));
160 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
161 context()->AddProviderHost(host.Pass());
162
163 SendRegister(kProviderId,
164 GURL("http://www.example.com/"),
165 GURL("http://www.example.com/bar"));
166 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
167 }
168
169 TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) {
170 const int64 kProviderId = 99; // Dummy value
171 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
172 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
145 host->SetDocumentUrl(GURL("https://www.example.com/foo")); 173 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
146 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 174 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
147 context()->AddProviderHost(host.Pass()); 175 context()->AddProviderHost(host.Pass());
148 176
149 // Script has a different host 177 // Script has a different host
150 SendRegister(kProviderId, 178 SendRegister(kProviderId,
151 GURL("https://www.example.com/"), 179 GURL("https://www.example.com/"),
152 GURL("https://foo.example.com/bar")); 180 GURL("https://foo.example.com/bar"));
153 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_); 181 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
154 182
155 // Scope has a different host 183 // Scope has a different host
156 SendRegister(kProviderId, 184 SendRegister(kProviderId,
157 GURL("https://foo.example.com/"), 185 GURL("https://foo.example.com/"),
158 GURL("https://www.example.com/bar")); 186 GURL("https://www.example.com/bar"));
159 EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_); 187 EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_);
160 188
161 // Script has a different port 189 // Script has a different port
162 SendRegister(kProviderId, 190 SendRegister(kProviderId,
163 GURL("https://www.example.com/"), 191 GURL("https://www.example.com/"),
164 GURL("https://www.example.com:8080/bar")); 192 GURL("https://www.example.com:8080/bar"));
165 EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_); 193 EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_);
166 194
167 // Scope has a different transport 195 // Scope has a different transport
168 SendRegister(kProviderId, 196 SendRegister(kProviderId,
169 GURL("wss://www.example.com/"), 197 GURL("wss://www.example.com/"),
170 GURL("https://www.example.com/bar")); 198 GURL("https://www.example.com/bar"));
171 EXPECT_EQ(4, dispatcher_host_->bad_messages_received_count_); 199 EXPECT_EQ(4, dispatcher_host_->bad_messages_received_count_);
172 200
173 // Script and scope have different hosts 201 // Script and scope have a different host but match each other
174 SendRegister(kProviderId, 202 SendRegister(kProviderId,
175 GURL("https://foo.example.com/"), 203 GURL("https://foo.example.com/"),
176 GURL("https://foo.example.com/bar")); 204 GURL("https://foo.example.com/bar"));
177 EXPECT_EQ(5, dispatcher_host_->bad_messages_received_count_); 205 EXPECT_EQ(5, dispatcher_host_->bad_messages_received_count_);
178 206
179 // Script and scope URLs are invalid 207 // Script and scope URLs are invalid
180 SendRegister(kProviderId, 208 SendRegister(kProviderId,
181 GURL(), 209 GURL(),
182 GURL("h@ttps://@")); 210 GURL("h@ttps://@"));
183 EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_); 211 EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_);
184 } 212 }
185 213
186 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_SameOrigin) { 214 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_HTTPS) {
187 const int64 kProviderId = 99; // Dummy value 215 const int64 kProviderId = 99; // Dummy value
188 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost( 216 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
189 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 217 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
190 host->SetDocumentUrl(GURL("http://www.example.com/foo")); 218 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
191 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 219 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
192 context()->AddProviderHost(host.Pass()); 220 context()->AddProviderHost(host.Pass());
193 221
194 Unregister(kProviderId, 222 Unregister(kProviderId,
195 GURL("http://www.example.com/"), 223 GURL("https://www.example.com/"),
196 ServiceWorkerMsg_ServiceWorkerUnregistered::ID); 224 ServiceWorkerMsg_ServiceWorkerUnregistered::ID);
197 } 225 }
198 226
199 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_CrossOrigin) { 227 TEST_F(ServiceWorkerDispatcherHostTest,
228 Unregister_NonSecureTransportLocalhost) {
200 const int64 kProviderId = 99; // Dummy value 229 const int64 kProviderId = 99; // Dummy value
201 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost( 230 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
202 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 231 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
232 host->SetDocumentUrl(GURL("http://localhost/foo"));
233 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
234 context()->AddProviderHost(host.Pass());
235
236 Unregister(kProviderId,
237 GURL("http://localhost/"),
238 ServiceWorkerMsg_ServiceWorkerUnregistered::ID);
239 }
240
241 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_CrossOriginShouldFail) {
242 const int64 kProviderId = 99; // Dummy value
243 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
244 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
245 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
246 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
247 context()->AddProviderHost(host.Pass());
248
249 SendUnregister(kProviderId, GURL("https://foo.example.com/"));
250 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
251 }
252
253 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_NonSecureOriginShouldFail) {
254 const int64 kProviderId = 99; // Dummy value
255 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
256 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
203 host->SetDocumentUrl(GURL("http://www.example.com/foo")); 257 host->SetDocumentUrl(GURL("http://www.example.com/foo"));
204 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 258 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
205 context()->AddProviderHost(host.Pass()); 259 context()->AddProviderHost(host.Pass());
206 260
207 SendUnregister(kProviderId, GURL("http://foo.example.com/")); 261 SendUnregister(kProviderId, GURL("http://www.example.com/"));
208 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_); 262 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
209 } 263 }
210 264
211 TEST_F(ServiceWorkerDispatcherHostTest, EarlyContextDeletion) { 265 TEST_F(ServiceWorkerDispatcherHostTest, EarlyContextDeletion) {
212 helper_->ShutdownContext(); 266 helper_->ShutdownContext();
213 267
214 // Let the shutdown reach the simulated IO thread. 268 // Let the shutdown reach the simulated IO thread.
215 base::RunLoop().RunUntilIdle(); 269 base::RunLoop().RunUntilIdle();
216 270
217 Register(-1, 271 Register(-1,
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
257 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 311 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
258 host->SetDocumentUrl(GURL("https://www.example.com/foo")); 312 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
259 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 313 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
260 context()->AddProviderHost(host.Pass()); 314 context()->AddProviderHost(host.Pass());
261 315
262 GetRegistration(kProviderId, 316 GetRegistration(kProviderId,
263 GURL("https://www.example.com/"), 317 GURL("https://www.example.com/"),
264 ServiceWorkerMsg_DidGetRegistration::ID); 318 ServiceWorkerMsg_DidGetRegistration::ID);
265 } 319 }
266 320
267 TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_CrossOrigin) { 321 TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_CrossOriginShouldFail) {
268 const int64 kProviderId = 99; // Dummy value 322 const int64 kProviderId = 99; // Dummy value
269 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost( 323 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
270 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL)); 324 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
271 host->SetDocumentUrl(GURL("https://www.example.com/foo")); 325 host->SetDocumentUrl(GURL("https://www.example.com/foo"));
272 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr(); 326 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
273 context()->AddProviderHost(host.Pass()); 327 context()->AddProviderHost(host.Pass());
274 328
275 SendGetRegistration(kProviderId, GURL("https://foo.example.com/")); 329 SendGetRegistration(kProviderId, GURL("https://foo.example.com/"));
276 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_); 330 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
277 } 331 }
278 332
333 TEST_F(ServiceWorkerDispatcherHostTest,
334 GetRegistration_NotSecureOriginShouldFail) {
335 const int64 kProviderId = 99; // Dummy value
336 scoped_ptr<ServiceWorkerProviderHost> host(new ServiceWorkerProviderHost(
337 kRenderProcessId, kProviderId, context()->AsWeakPtr(), NULL));
338 host->SetDocumentUrl(GURL("http://www.example.com/foo"));
339 base::WeakPtr<ServiceWorkerProviderHost> provider_host = host->AsWeakPtr();
340 context()->AddProviderHost(host.Pass());
341
342 SendGetRegistration(kProviderId, GURL("http://www.example.com/"));
343 EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
344 }
345
279 TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_EarlyContextDeletion) { 346 TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_EarlyContextDeletion) {
280 helper_->ShutdownContext(); 347 helper_->ShutdownContext();
281 348
282 // Let the shutdown reach the simulated IO thread. 349 // Let the shutdown reach the simulated IO thread.
283 base::RunLoop().RunUntilIdle(); 350 base::RunLoop().RunUntilIdle();
284 351
285 GetRegistration(-1, 352 GetRegistration(-1,
286 GURL(), 353 GURL(),
287 ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID); 354 ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID);
288 } 355 }
289 356
290 } // namespace content 357 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/service_worker/service_worker_dispatcher_host.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698