Chromium Code Reviews Chromium Code Reviews
Issue 656063002:
Subresource Integrity: Improve parsing. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
| 7 | 7 |
| 8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
| 9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
| 10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
| 11 #include "platform/Crypto.h" | 11 #include "platform/Crypto.h" |
| 12 #include "platform/weborigin/KURL.h" | 12 #include "platform/weborigin/KURL.h" |
| 13 #include "platform/weborigin/SecurityOrigin.h" | 13 #include "platform/weborigin/SecurityOrigin.h" |
| 14 #include "wtf/RefPtr.h" | 14 #include "wtf/RefPtr.h" |
| 15 #include "wtf/text/WTFString.h" | 15 #include "wtf/text/WTFString.h" |
| 16 #include <gtest/gtest.h> | 16 #include <gtest/gtest.h> |
| 17 | 17 |
| 18 namespace blink { | 18 namespace blink { |
| 19 | 19 |
| 20 static const char kBasicScript[] = "alert('test');"; | 20 static const char kBasicScript[] = "alert('test');"; |
| 21 static const char kSha256Integrity[] = "ni://sha256;GAF48QOoxRvu0gZAmQivUdJPyBac qznBAXwnkfpmQX4="; | 21 static const char kSha256Integrity[] = "ni:///sha256;GAF48QOoxRvu0gZAmQivUdJPyBa cqznBAXwnkfpmQX4="; |
| 22 static const char kSha384Intgrity[] = "ni://sha384;nep3XpvhUxpCMOVXIFPecThAqdY/u VeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 22 static const char kSha384Integrity[] = "ni:///sha384;nep3XpvhUxpCMOVXIFPecThAqdY /uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
| 23 static const char kSha512Integrity[] = "ni://sha512;TXkJw18PqlVlEUXXjeXbGetop1TK B3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; | 23 static const char kSha512Integrity[] = "ni:///sha512;TXkJw18PqlVlEUXXjeXbGetop1T KB3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; |
| 24 static const char kSha384IntegrityLabeledAs256[] = "ni://sha256;nep3XpvhUxpCMOVX IFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 24 static const char kSha384IntegrityLabeledAs256[] = "ni:///sha256;nep3XpvhUxpCMOV XIFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
| 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni://sha1;JfLW308qMPKfb 4DaHpUBEESwuPc="; | 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni:///sha1;JfLW308qMPKf b4DaHpUBEESwuPc="; |
| 26 | 26 |
| 27 TEST(SubresourceIntegrityTest, CheckSubresourceIntegrity) | 27 class SubresourceIntegrityTest : public ::testing::Test { |
| 28 { | 28 public: |
| 29 KURL secureKURL(KURL(), "https://foobar.com:443"); | 29 SubresourceIntegrityTest() |
| 30 KURL insecureKURL(KURL(), "http://foobar.com:80"); | 30 : secureURL(ParsedURLString, "https://example.test:443") |
| 31 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::create(secureKURL); | 31 , insecureURL(ParsedURLString, "http://example.test:80") |
| 32 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::create(insecureKURL) ; | 32 , secureOrigin(SecurityOrigin::create(secureURL)) |
| 33 RefPtrWillBeRawPtr<Document> document = Document::create(); | 33 , insecureOrigin(SecurityOrigin::create(insecureURL)) |
| 34 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement = HTMLScriptElement::cre ate(*document, true); | 34 { |
| 35 } | |
| 36 | |
| 37 protected: | |
| 38 virtual void SetUp() | |
| 39 { | |
| 40 document = Document::create(); | |
| 41 scriptElement = HTMLScriptElement::create(*document, true); | |
| 42 } | |
| 43 | |
| 44 void expectAlgorithm(const String& text, HashAlgorithm expectedAlgorithm) | |
| 45 { | |
| 46 Vector<UChar> characters; | |
| 47 text.appendTo(characters); | |
| 48 const UChar* position = characters.data(); | |
| 49 const UChar* end = characters.end(); | |
| 50 HashAlgorithm algorithm; | |
| 51 | |
| 52 EXPECT_TRUE(SubresourceIntegrity::parseAlgorithm(position, end, algorith m)); | |
| 53 EXPECT_EQ(expectedAlgorithm, algorithm); | |
| 54 EXPECT_EQ(';', *position); | |
| 55 } | |
| 56 | |
| 57 void expectAlgorithmFailure(const String& text) | |
| 58 { | |
| 59 Vector<UChar> characters; | |
| 60 text.appendTo(characters); | |
| 61 const UChar* position = characters.data(); | |
| 62 const UChar* begin = characters.data(); | |
| 63 const UChar* end = characters.end(); | |
| 64 HashAlgorithm algorithm; | |
| 65 | |
| 66 EXPECT_FALSE(SubresourceIntegrity::parseAlgorithm(position, end, algorit hm)); | |
| 67 EXPECT_EQ(begin, position); | |
| 68 } | |
| 69 | |
| 70 void expectDigest(const String& text, const char* expectedDigest) | |
| 71 { | |
| 72 Vector<UChar> characters; | |
| 73 text.appendTo(characters); | |
| 74 const UChar* position = characters.data(); | |
| 75 const UChar* end = characters.end(); | |
| 76 String digest; | |
| 77 | |
| 78 EXPECT_TRUE(SubresourceIntegrity::parseDigest(position, end, digest)); | |
| 79 EXPECT_EQ(expectedDigest, digest); | |
| 80 } | |
| 81 | |
| 82 void expectDigestFailure(const String& text) | |
| 83 { | |
| 84 Vector<UChar> characters; | |
| 85 text.appendTo(characters); | |
| 86 const UChar* position = characters.data(); | |
| 87 const UChar* end = characters.end(); | |
| 88 String digest; | |
| 89 | |
| 90 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); | |
| 91 EXPECT_TRUE(digest.isEmpty()); | |
| 92 } | |
| 93 | |
| 94 void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm) | |
| 95 { | |
| 96 String digest; | |
| 97 HashAlgorithm algorithm; | |
| 98 | |
| 99 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttri bute, digest, algorithm, *document)); | |
| 100 EXPECT_EQ(expectedDigest, digest); | |
| 101 EXPECT_EQ(expectedAlgorithm, algorithm); | |
| 102 } | |
| 103 | |
| 104 void expectParseFailure(const char* integrityAttribute) | |
| 105 { | |
| 106 String digest; | |
| 107 HashAlgorithm algorithm; | |
| 108 | |
| 109 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttr ibute, digest, algorithm, *document)); | |
| 110 } | |
| 111 | |
| 112 void expectIntegrity(const char* integrity, const char* script, const KURL& url) | |
| 113 { | |
| 114 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | |
| 115 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme nt, script, url)); | |
| 116 } | |
| 117 | |
| 118 void expectIntegrityFailure(const char* integrity, const char* script, const KURL& url) | |
| 119 { | |
| 120 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | |
| 121 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem ent, script, url)); | |
| 122 } | |
| 123 | |
| 124 KURL secureURL; | |
| 125 KURL insecureURL; | |
| 126 RefPtr<SecurityOrigin> secureOrigin; | |
| 127 RefPtr<SecurityOrigin> insecureOrigin; | |
| 128 | |
| 129 RefPtrWillBeRawPtr<Document> document; | |
| 130 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement; | |
| 131 }; | |
| 132 | |
| 133 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) | |
| 134 { | |
| 135 expectAlgorithm("sha256;", HashAlgorithmSha256); | |
| 136 expectAlgorithm("sha384;", HashAlgorithmSha384); | |
| 137 expectAlgorithm("sha512;", HashAlgorithmSha512); | |
| 138 | |
| 139 expectAlgorithmFailure("sha1;"); | |
| 140 expectAlgorithmFailure("sha-1;"); | |
| 141 expectAlgorithmFailure("sha-256;"); | |
| 142 expectAlgorithmFailure("sha-384;"); | |
| 143 expectAlgorithmFailure("sha-512;"); | |
| 144 } | |
| 145 | |
| 146 TEST_F(SubresourceIntegrityTest, ParseDigest) | |
| 147 { | |
| 148 expectDigest("abcdefg", "abcdefg"); | |
| 149 expectDigest("abcdefg?", "abcdefg"); | |
| 150 | |
| 151 expectDigestFailure("?"); | |
| 152 expectDigestFailure("&&&foobar&&&"); | |
| 153 expectDigestFailure("\x01\x02\x03\x04"); | |
| 154 } | |
| 155 | |
| 156 // | |
| 157 // End-to-end parsing tests. | |
| 158 // | |
| 159 | |
| 160 TEST_F(SubresourceIntegrityTest, Parsing) | |
| 161 { | |
| 162 expectParseFailure(""); | |
| 163 expectParseFailure("not/really/a/valid/anything"); | |
| 164 expectParseFailure("foobar:///sha256;abcdefg"); | |
| 165 expectParseFailure("ni:///not-sha256-at-all;abcdefg"); | |
| 166 expectParseFailure("ni:///sha256;&&&foobar&&&"); | |
| 167 expectParseFailure("ni:///sha256;\x01\x02\x03\x04"); | |
|
jww
2014/10/15 23:26:04
Maybe add in the ni:// case too, since that's what
Mike West
2014/10/16 06:17:21
Done.
| |
| 168 | |
| 169 expectParse( | |
| 170 "ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
| 171 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
| 172 HashAlgorithmSha256); | |
| 173 | |
| 174 expectParse( | |
| 175 " ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", | |
| 176 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
| 177 HashAlgorithmSha256); | |
| 178 | |
| 179 expectParse( | |
| 180 "ni:///sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA 1v5GPr", | |
| 181 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | |
| 182 HashAlgorithmSha384); | |
| 183 | |
| 184 expectParse( | |
| 185 "ni:///sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81 ytlg0MPaIrPAjcHqba5csorDWtKg==", | |
| 186 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
| 187 HashAlgorithmSha512); | |
| 188 } | |
| 189 | |
| 190 // | |
| 191 // End-to-end tests of ::CheckSubresourceIntegrity. | |
| 192 // | |
| 193 | |
| 194 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) | |
| 195 { | |
| 196 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | |
| 35 | 197 |
| 36 // Verify basic sha256, sha384, and sha512 integrity checks. | 198 // Verify basic sha256, sha384, and sha512 integrity checks. |
| 37 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 199 expectIntegrity(kSha256Integrity, kBasicScript, secureURL); |
| 38 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 200 expectIntegrity(kSha384Integrity, kBasicScript, secureURL); |
| 39 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 201 expectIntegrity(kSha512Integrity, kBasicScript, secureURL); |
| 40 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384Intgrity); | |
| 41 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | |
| 42 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha512Integrity); | |
| 43 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | |
| 44 | 202 |
| 45 // The hash label must match the hash value. | 203 // The hash label must match the hash value. |
| 46 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384IntegrityLabele dAs256); | 204 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL ); |
| 47 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 205 |
| 48 | 206 // Unsupported hash functions should fail. |
| 49 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 207 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu reURL); |
| 50 // Check should fail if the document is not on an authenticated origin or | 208 } |
| 51 // if the resource is not on an authenticated origin. | 209 |
| 210 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) | |
| 211 { | |
| 212 // The same checks as CheckSubresourceIntegrityInSecureOrigin should fail he re. | |
| 52 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 213 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
| 53 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 214 |
| 54 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 215 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL); |
| 55 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, insecureKURL)); | 216 expectIntegrityFailure(kSha384Integrity, kBasicScript, secureURL); |
| 56 | 217 expectIntegrityFailure(kSha512Integrity, kBasicScript, secureURL); |
| 57 scriptElement->setAttribute(HTMLNames::integrityAttr, kUnsupportedHashFuncti onIntegrity); | 218 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL ); |
| 58 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, insecureKURL)); | 219 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu reURL); |
| 59 } | |
| 60 | |
| 61 TEST(SubresourceIntegrityTest, Parsing) | |
| 62 { | |
| 63 String attribute; | |
| 64 String integrity; | |
| 65 HashAlgorithm algorithm; | |
| 66 | |
| 67 // Verify that empty attribute is not valid. | |
| 68 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 69 | |
| 70 // Valid sha256 attribute | |
| 71 attribute = "ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 72 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
| 73 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
| 74 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
| 75 | |
| 76 // Another valid sha256 attribute, but this time with whitespace | |
| 77 attribute = " ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= "; | |
| 78 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
| 79 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
| 80 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
| 81 | |
| 82 // Valid sha384 attribute | |
| 83 attribute = "ni://sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6T EIup/tA1v5GPr"; | |
| 84 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
| 85 EXPECT_EQ(integrity, "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIu p/tA1v5GPr"); | |
| 86 EXPECT_EQ(algorithm, HashAlgorithmSha384); | |
| 87 | |
| 88 // Valid sha512 attribute | |
| 89 attribute = "ni://sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+ 07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg=="; | |
| 90 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
| 91 EXPECT_EQ(integrity, "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07y MK81ytlg0MPaIrPAjcHqba5csorDWtKg=="); | |
| 92 EXPECT_EQ(algorithm, HashAlgorithmSha512); | |
| 93 | |
| 94 // Invalid prefix | |
| 95 attribute = "foobar://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 96 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 97 | |
| 98 // Invalid hash function | |
| 99 attribute = "ni://not_a_hash_function;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h 2nFSE="; | |
| 100 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 101 | |
| 102 // Invalid integrity (not base64) | |
| 103 attribute = "ni://sha256;&&&foobar&&&"; | |
| 104 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 105 attribute = "ni://sha256;\x01\x02\x03\x04"; | |
| 106 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 107 | |
| 108 // Just integrity | |
| 109 attribute = "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 110 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
| 111 } | 220 } |
| 112 | 221 |
| 113 } // namespace blink | 222 } // namespace blink |
| OLD | NEW |
