OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
11 #include "platform/Crypto.h" | 11 #include "platform/Crypto.h" |
12 #include "platform/weborigin/KURL.h" | 12 #include "platform/weborigin/KURL.h" |
13 #include "platform/weborigin/SecurityOrigin.h" | 13 #include "platform/weborigin/SecurityOrigin.h" |
14 #include "wtf/RefPtr.h" | 14 #include "wtf/RefPtr.h" |
15 #include "wtf/text/WTFString.h" | 15 #include "wtf/text/WTFString.h" |
16 #include <gtest/gtest.h> | 16 #include <gtest/gtest.h> |
17 | 17 |
18 namespace blink { | 18 namespace blink { |
19 | 19 |
20 static const char kBasicScript[] = "alert('test');"; | 20 static const char kBasicScript[] = "alert('test');"; |
21 static const char kSha256Integrity[] = "ni://sha256;GAF48QOoxRvu0gZAmQivUdJPyBac qznBAXwnkfpmQX4="; | 21 static const char kSha256Integrity[] = "ni:///sha256;GAF48QOoxRvu0gZAmQivUdJPyBa cqznBAXwnkfpmQX4="; |
22 static const char kSha384Intgrity[] = "ni://sha384;nep3XpvhUxpCMOVXIFPecThAqdY/u VeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 22 static const char kSha384Integrity[] = "ni:///sha384;nep3XpvhUxpCMOVXIFPecThAqdY /uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
23 static const char kSha512Integrity[] = "ni://sha512;TXkJw18PqlVlEUXXjeXbGetop1TK B3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; | 23 static const char kSha512Integrity[] = "ni:///sha512;TXkJw18PqlVlEUXXjeXbGetop1T KB3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; |
24 static const char kSha384IntegrityLabeledAs256[] = "ni://sha256;nep3XpvhUxpCMOVX IFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 24 static const char kSha384IntegrityLabeledAs256[] = "ni:///sha256;nep3XpvhUxpCMOV XIFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
25 static const char kUnsupportedHashFunctionIntegrity[] = "ni://sha1;JfLW308qMPKfb 4DaHpUBEESwuPc="; | 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni:///sha1;JfLW308qMPKf b4DaHpUBEESwuPc="; |
26 | 26 |
27 TEST(SubresourceIntegrityTest, CheckSubresourceIntegrity) | 27 class SubresourceIntegrityTest : public ::testing::Test { |
28 { | 28 public: |
29 KURL secureKURL(KURL(), "https://foobar.com:443"); | 29 SubresourceIntegrityTest() |
30 KURL insecureKURL(KURL(), "http://foobar.com:80"); | 30 : secureURL(ParsedURLString, "https://example.test:443") |
31 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::create(secureKURL); | 31 , insecureURL(ParsedURLString, "http://example.test:80") |
32 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::create(insecureKURL) ; | 32 , secureOrigin(SecurityOrigin::create(secureURL)) |
33 RefPtrWillBeRawPtr<Document> document = Document::create(); | 33 , insecureOrigin(SecurityOrigin::create(insecureURL)) |
34 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement = HTMLScriptElement::cre ate(*document, true); | 34 { |
35 } | |
36 | |
37 protected: | |
38 virtual void SetUp() | |
39 { | |
40 document = Document::create(); | |
41 scriptElement = HTMLScriptElement::create(*document, true); | |
42 } | |
43 | |
44 void expectAlgorithm(const String& text, HashAlgorithm expectedAlgorithm) | |
45 { | |
46 Vector<UChar> characters; | |
47 text.appendTo(characters); | |
48 const UChar* position = characters.data(); | |
49 const UChar* end = characters.end(); | |
50 HashAlgorithm algorithm; | |
51 | |
52 EXPECT_TRUE(SubresourceIntegrity::parseAlgorithm(position, end, algorith m)); | |
53 EXPECT_EQ(expectedAlgorithm, algorithm); | |
54 EXPECT_EQ(';', *position); | |
55 } | |
56 | |
57 void expectAlgorithmFailure(const String& text) | |
58 { | |
59 Vector<UChar> characters; | |
60 text.appendTo(characters); | |
61 const UChar* position = characters.data(); | |
62 const UChar* begin = characters.data(); | |
63 const UChar* end = characters.end(); | |
64 HashAlgorithm algorithm; | |
65 | |
66 EXPECT_FALSE(SubresourceIntegrity::parseAlgorithm(position, end, algorit hm)); | |
67 EXPECT_EQ(begin, position); | |
68 } | |
69 | |
70 void expectDigest(const String& text, const char* expectedDigest) | |
71 { | |
72 Vector<UChar> characters; | |
73 text.appendTo(characters); | |
74 const UChar* position = characters.data(); | |
75 const UChar* end = characters.end(); | |
76 String digest; | |
77 | |
78 EXPECT_TRUE(SubresourceIntegrity::parseDigest(position, end, digest)); | |
79 EXPECT_EQ(expectedDigest, digest); | |
80 } | |
81 | |
82 void expectDigestFailure(const String& text) | |
83 { | |
84 Vector<UChar> characters; | |
85 text.appendTo(characters); | |
86 const UChar* position = characters.data(); | |
87 const UChar* end = characters.end(); | |
88 String digest; | |
89 | |
90 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); | |
91 EXPECT_TRUE(digest.isEmpty()); | |
92 } | |
93 | |
94 void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm) | |
95 { | |
96 String digest; | |
97 HashAlgorithm algorithm; | |
98 | |
99 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttri bute, digest, algorithm, *document)); | |
100 EXPECT_EQ(expectedDigest, digest); | |
101 EXPECT_EQ(expectedAlgorithm, algorithm); | |
102 } | |
103 | |
104 void expectParseFailure(const char* integrityAttribute) | |
105 { | |
106 String digest; | |
107 HashAlgorithm algorithm; | |
108 | |
109 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttr ibute, digest, algorithm, *document)); | |
110 } | |
111 | |
112 void expectIntegrity(const char* integrity, const char* script, const KURL& url) | |
113 { | |
114 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | |
115 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme nt, script, url)); | |
116 } | |
117 | |
118 void expectIntegrityFailure(const char* integrity, const char* script, const KURL& url) | |
119 { | |
120 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); | |
121 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem ent, script, url)); | |
122 } | |
123 | |
124 KURL secureURL; | |
125 KURL insecureURL; | |
126 RefPtr<SecurityOrigin> secureOrigin; | |
127 RefPtr<SecurityOrigin> insecureOrigin; | |
128 | |
129 RefPtrWillBeRawPtr<Document> document; | |
130 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement; | |
131 }; | |
132 | |
133 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) | |
134 { | |
135 expectAlgorithm("sha256;", HashAlgorithmSha256); | |
136 expectAlgorithm("sha384;", HashAlgorithmSha384); | |
137 expectAlgorithm("sha512;", HashAlgorithmSha512); | |
138 | |
139 expectAlgorithmFailure("sha1;"); | |
140 expectAlgorithmFailure("sha-1;"); | |
141 expectAlgorithmFailure("sha-256;"); | |
142 expectAlgorithmFailure("sha-384;"); | |
143 expectAlgorithmFailure("sha-512;"); | |
144 } | |
145 | |
146 TEST_F(SubresourceIntegrityTest, ParseDigest) | |
147 { | |
148 expectDigest("abcdefg", "abcdefg"); | |
149 expectDigest("abcdefg?", "abcdefg"); | |
150 | |
151 expectDigestFailure("?"); | |
152 expectDigestFailure("&&&foobar&&&"); | |
153 expectDigestFailure("\x01\x02\x03\x04"); | |
154 } | |
155 | |
156 // | |
157 // End-to-end parsing tests. | |
158 // | |
159 | |
160 TEST_F(SubresourceIntegrityTest, Parsing) | |
161 { | |
162 expectParseFailure(""); | |
163 expectParseFailure("not/really/a/valid/anything"); | |
164 expectParseFailure("foobar:///sha256;abcdefg"); | |
165 expectParseFailure("ni:///not-sha256-at-all;abcdefg"); | |
166 expectParseFailure("ni:///sha256;&&&foobar&&&"); | |
167 expectParseFailure("ni:///sha256;\x01\x02\x03\x04"); | |
jww
2014/10/15 23:26:04
Maybe add in the ni:// case too, since that's what
Mike West
2014/10/16 06:17:21
Done.
| |
168 | |
169 expectParse( | |
170 "ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
171 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
172 HashAlgorithmSha256); | |
173 | |
174 expectParse( | |
175 " ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", | |
176 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", | |
177 HashAlgorithmSha256); | |
178 | |
179 expectParse( | |
180 "ni:///sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA 1v5GPr", | |
181 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", | |
182 HashAlgorithmSha384); | |
183 | |
184 expectParse( | |
185 "ni:///sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81 ytlg0MPaIrPAjcHqba5csorDWtKg==", | |
186 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj cHqba5csorDWtKg==", | |
187 HashAlgorithmSha512); | |
188 } | |
189 | |
190 // | |
191 // End-to-end tests of ::CheckSubresourceIntegrity. | |
192 // | |
193 | |
194 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) | |
195 { | |
196 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | |
35 | 197 |
36 // Verify basic sha256, sha384, and sha512 integrity checks. | 198 // Verify basic sha256, sha384, and sha512 integrity checks. |
37 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 199 expectIntegrity(kSha256Integrity, kBasicScript, secureURL); |
38 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 200 expectIntegrity(kSha384Integrity, kBasicScript, secureURL); |
39 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 201 expectIntegrity(kSha512Integrity, kBasicScript, secureURL); |
40 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384Intgrity); | |
41 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | |
42 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha512Integrity); | |
43 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | |
44 | 202 |
45 // The hash label must match the hash value. | 203 // The hash label must match the hash value. |
46 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384IntegrityLabele dAs256); | 204 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL ); |
47 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 205 |
48 | 206 // Unsupported hash functions should fail. |
49 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 207 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu reURL); |
50 // Check should fail if the document is not on an authenticated origin or | 208 } |
51 // if the resource is not on an authenticated origin. | 209 |
210 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) | |
211 { | |
212 // The same checks as CheckSubresourceIntegrityInSecureOrigin should fail he re. | |
52 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 213 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
53 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, secureKURL)); | 214 |
54 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 215 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL); |
55 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, insecureKURL)); | 216 expectIntegrityFailure(kSha384Integrity, kBasicScript, secureURL); |
56 | 217 expectIntegrityFailure(kSha512Integrity, kBasicScript, secureURL); |
57 scriptElement->setAttribute(HTMLNames::integrityAttr, kUnsupportedHashFuncti onIntegrity); | 218 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL ); |
58 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, kBasicScript, insecureKURL)); | 219 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu reURL); |
59 } | |
60 | |
61 TEST(SubresourceIntegrityTest, Parsing) | |
62 { | |
63 String attribute; | |
64 String integrity; | |
65 HashAlgorithm algorithm; | |
66 | |
67 // Verify that empty attribute is not valid. | |
68 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
69 | |
70 // Valid sha256 attribute | |
71 attribute = "ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
72 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
73 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
74 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
75 | |
76 // Another valid sha256 attribute, but this time with whitespace | |
77 attribute = " ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= "; | |
78 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
79 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
80 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
81 | |
82 // Valid sha384 attribute | |
83 attribute = "ni://sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6T EIup/tA1v5GPr"; | |
84 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
85 EXPECT_EQ(integrity, "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIu p/tA1v5GPr"); | |
86 EXPECT_EQ(algorithm, HashAlgorithmSha384); | |
87 | |
88 // Valid sha512 attribute | |
89 attribute = "ni://sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+ 07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg=="; | |
90 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri ty, algorithm)); | |
91 EXPECT_EQ(integrity, "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07y MK81ytlg0MPaIrPAjcHqba5csorDWtKg=="); | |
92 EXPECT_EQ(algorithm, HashAlgorithmSha512); | |
93 | |
94 // Invalid prefix | |
95 attribute = "foobar://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
96 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
97 | |
98 // Invalid hash function | |
99 attribute = "ni://not_a_hash_function;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h 2nFSE="; | |
100 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
101 | |
102 // Invalid integrity (not base64) | |
103 attribute = "ni://sha256;&&&foobar&&&"; | |
104 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
105 attribute = "ni://sha256;\x01\x02\x03\x04"; | |
106 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
107 | |
108 // Just integrity | |
109 attribute = "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
110 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr ity, algorithm)); | |
111 } | 220 } |
112 | 221 |
113 } // namespace blink | 222 } // namespace blink |
OLD | NEW |