OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
11 #include "platform/Crypto.h" | 11 #include "platform/Crypto.h" |
12 #include "platform/weborigin/KURL.h" | 12 #include "platform/weborigin/KURL.h" |
13 #include "platform/weborigin/SecurityOrigin.h" | 13 #include "platform/weborigin/SecurityOrigin.h" |
14 #include "wtf/RefPtr.h" | 14 #include "wtf/RefPtr.h" |
15 #include "wtf/text/WTFString.h" | 15 #include "wtf/text/WTFString.h" |
16 #include <gtest/gtest.h> | 16 #include <gtest/gtest.h> |
17 | 17 |
18 namespace blink { | 18 namespace blink { |
19 | 19 |
20 static const char kBasicScript[] = "alert('test');"; | 20 static const char kBasicScript[] = "alert('test');"; |
21 static const char kSha256Integrity[] = "ni://sha256;GAF48QOoxRvu0gZAmQivUdJPyBac
qznBAXwnkfpmQX4="; | 21 static const char kSha256Integrity[] = "ni:///sha256;GAF48QOoxRvu0gZAmQivUdJPyBa
cqznBAXwnkfpmQX4="; |
22 static const char kSha384Intgrity[] = "ni://sha384;nep3XpvhUxpCMOVXIFPecThAqdY/u
VeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 22 static const char kSha384Integrity[] = "ni:///sha384;nep3XpvhUxpCMOVXIFPecThAqdY
/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
23 static const char kSha512Integrity[] = "ni://sha512;TXkJw18PqlVlEUXXjeXbGetop1TK
B3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; | 23 static const char kSha512Integrity[] = "ni:///sha512;TXkJw18PqlVlEUXXjeXbGetop1T
KB3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; |
24 static const char kSha384IntegrityLabeledAs256[] = "ni://sha256;nep3XpvhUxpCMOVX
IFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 24 static const char kSha384IntegrityLabeledAs256[] = "ni:///sha256;nep3XpvhUxpCMOV
XIFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
25 static const char kUnsupportedHashFunctionIntegrity[] = "ni://sha1;JfLW308qMPKfb
4DaHpUBEESwuPc="; | 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni:///sha1;JfLW308qMPKf
b4DaHpUBEESwuPc="; |
26 | 26 |
27 TEST(SubresourceIntegrityTest, CheckSubresourceIntegrity) | 27 class SubresourceIntegrityTest : public ::testing::Test { |
28 { | 28 public: |
29 KURL secureKURL(KURL(), "https://foobar.com:443"); | 29 SubresourceIntegrityTest() |
30 KURL insecureKURL(KURL(), "http://foobar.com:80"); | 30 : secureURL(ParsedURLString, "https://example.test:443") |
31 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::create(secureKURL); | 31 , insecureURL(ParsedURLString, "http://example.test:80") |
32 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::create(insecureKURL)
; | 32 , secureOrigin(SecurityOrigin::create(secureURL)) |
33 RefPtrWillBeRawPtr<Document> document = Document::create(); | 33 , insecureOrigin(SecurityOrigin::create(insecureURL)) |
34 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement = HTMLScriptElement::cre
ate(*document, true); | 34 { |
| 35 } |
| 36 |
| 37 protected: |
| 38 virtual void SetUp() |
| 39 { |
| 40 document = Document::create(); |
| 41 scriptElement = HTMLScriptElement::create(*document, true); |
| 42 } |
| 43 |
| 44 void expectAlgorithm(const String& text, HashAlgorithm expectedAlgorithm) |
| 45 { |
| 46 Vector<UChar> characters; |
| 47 text.appendTo(characters); |
| 48 const UChar* position = characters.data(); |
| 49 const UChar* end = characters.end(); |
| 50 HashAlgorithm algorithm; |
| 51 |
| 52 EXPECT_TRUE(SubresourceIntegrity::parseAlgorithm(position, end, algorith
m)); |
| 53 EXPECT_EQ(expectedAlgorithm, algorithm); |
| 54 EXPECT_EQ(';', *position); |
| 55 } |
| 56 |
| 57 void expectAlgorithmFailure(const String& text) |
| 58 { |
| 59 Vector<UChar> characters; |
| 60 text.appendTo(characters); |
| 61 const UChar* position = characters.data(); |
| 62 const UChar* begin = characters.data(); |
| 63 const UChar* end = characters.end(); |
| 64 HashAlgorithm algorithm; |
| 65 |
| 66 EXPECT_FALSE(SubresourceIntegrity::parseAlgorithm(position, end, algorit
hm)); |
| 67 EXPECT_EQ(begin, position); |
| 68 } |
| 69 |
| 70 void expectDigest(const String& text, const char* expectedDigest) |
| 71 { |
| 72 Vector<UChar> characters; |
| 73 text.appendTo(characters); |
| 74 const UChar* position = characters.data(); |
| 75 const UChar* end = characters.end(); |
| 76 String digest; |
| 77 |
| 78 EXPECT_TRUE(SubresourceIntegrity::parseDigest(position, end, digest)); |
| 79 EXPECT_EQ(expectedDigest, digest); |
| 80 } |
| 81 |
| 82 void expectDigestFailure(const String& text) |
| 83 { |
| 84 Vector<UChar> characters; |
| 85 text.appendTo(characters); |
| 86 const UChar* position = characters.data(); |
| 87 const UChar* end = characters.end(); |
| 88 String digest; |
| 89 |
| 90 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); |
| 91 EXPECT_TRUE(digest.isEmpty()); |
| 92 } |
| 93 |
| 94 void expectParse(const char* integrityAttribute, const char* expectedDigest,
HashAlgorithm expectedAlgorithm) |
| 95 { |
| 96 String digest; |
| 97 HashAlgorithm algorithm; |
| 98 |
| 99 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttri
bute, digest, algorithm, *document)); |
| 100 EXPECT_EQ(expectedDigest, digest); |
| 101 EXPECT_EQ(expectedAlgorithm, algorithm); |
| 102 } |
| 103 |
| 104 void expectParseFailure(const char* integrityAttribute) |
| 105 { |
| 106 String digest; |
| 107 HashAlgorithm algorithm; |
| 108 |
| 109 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttr
ibute, digest, algorithm, *document)); |
| 110 } |
| 111 |
| 112 void expectIntegrity(const char* integrity, const char* script, const KURL&
url) |
| 113 { |
| 114 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
| 115 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme
nt, script, url)); |
| 116 } |
| 117 |
| 118 void expectIntegrityFailure(const char* integrity, const char* script, const
KURL& url) |
| 119 { |
| 120 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
| 121 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem
ent, script, url)); |
| 122 } |
| 123 |
| 124 KURL secureURL; |
| 125 KURL insecureURL; |
| 126 RefPtr<SecurityOrigin> secureOrigin; |
| 127 RefPtr<SecurityOrigin> insecureOrigin; |
| 128 |
| 129 RefPtrWillBeRawPtr<Document> document; |
| 130 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement; |
| 131 }; |
| 132 |
| 133 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) |
| 134 { |
| 135 expectAlgorithm("sha256;", HashAlgorithmSha256); |
| 136 expectAlgorithm("sha384;", HashAlgorithmSha384); |
| 137 expectAlgorithm("sha512;", HashAlgorithmSha512); |
| 138 |
| 139 expectAlgorithmFailure("sha1;"); |
| 140 expectAlgorithmFailure("sha-1;"); |
| 141 expectAlgorithmFailure("sha-256;"); |
| 142 expectAlgorithmFailure("sha-384;"); |
| 143 expectAlgorithmFailure("sha-512;"); |
| 144 } |
| 145 |
| 146 TEST_F(SubresourceIntegrityTest, ParseDigest) |
| 147 { |
| 148 expectDigest("abcdefg", "abcdefg"); |
| 149 expectDigest("abcdefg?", "abcdefg"); |
| 150 |
| 151 expectDigestFailure("?"); |
| 152 expectDigestFailure("&&&foobar&&&"); |
| 153 expectDigestFailure("\x01\x02\x03\x04"); |
| 154 } |
| 155 |
| 156 // |
| 157 // End-to-end parsing tests. |
| 158 // |
| 159 |
| 160 TEST_F(SubresourceIntegrityTest, Parsing) |
| 161 { |
| 162 expectParseFailure(""); |
| 163 expectParseFailure("not/really/a/valid/anything"); |
| 164 expectParseFailure("foobar:///sha256;abcdefg"); |
| 165 expectParseFailure("ni://sha256;abcdefg"); |
| 166 expectParseFailure("ni:///not-sha256-at-all;abcdefg"); |
| 167 expectParseFailure("ni:///sha256;&&&foobar&&&"); |
| 168 expectParseFailure("ni:///sha256;\x01\x02\x03\x04"); |
| 169 |
| 170 expectParse( |
| 171 "ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 172 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 173 HashAlgorithmSha256); |
| 174 |
| 175 expectParse( |
| 176 " ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", |
| 177 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 178 HashAlgorithmSha256); |
| 179 |
| 180 expectParse( |
| 181 "ni:///sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA
1v5GPr", |
| 182 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
| 183 HashAlgorithmSha384); |
| 184 |
| 185 expectParse( |
| 186 "ni:///sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81
ytlg0MPaIrPAjcHqba5csorDWtKg==", |
| 187 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 188 HashAlgorithmSha512); |
| 189 } |
| 190 |
| 191 // |
| 192 // End-to-end tests of ::CheckSubresourceIntegrity. |
| 193 // |
| 194 |
| 195 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
| 196 { |
| 197 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); |
35 | 198 |
36 // Verify basic sha256, sha384, and sha512 integrity checks. | 199 // Verify basic sha256, sha384, and sha512 integrity checks. |
37 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 200 expectIntegrity(kSha256Integrity, kBasicScript, secureURL); |
38 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 201 expectIntegrity(kSha384Integrity, kBasicScript, secureURL); |
39 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 202 expectIntegrity(kSha512Integrity, kBasicScript, secureURL); |
40 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384Intgrity); | |
41 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | |
42 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha512Integrity); | |
43 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | |
44 | 203 |
45 // The hash label must match the hash value. | 204 // The hash label must match the hash value. |
46 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384IntegrityLabele
dAs256); | 205 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
); |
47 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 206 |
48 | 207 // Unsupported hash functions should fail. |
49 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 208 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu
reURL); |
50 // Check should fail if the document is not on an authenticated origin or | 209 } |
51 // if the resource is not on an authenticated origin. | 210 |
| 211 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
| 212 { |
| 213 // The same checks as CheckSubresourceIntegrityInSecureOrigin should fail he
re. |
52 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 214 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
53 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 215 |
54 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 216 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL); |
55 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, insecureKURL)); | 217 expectIntegrityFailure(kSha384Integrity, kBasicScript, secureURL); |
56 | 218 expectIntegrityFailure(kSha512Integrity, kBasicScript, secureURL); |
57 scriptElement->setAttribute(HTMLNames::integrityAttr, kUnsupportedHashFuncti
onIntegrity); | 219 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
); |
58 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, insecureKURL)); | 220 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu
reURL); |
59 } | |
60 | |
61 TEST(SubresourceIntegrityTest, Parsing) | |
62 { | |
63 String attribute; | |
64 String integrity; | |
65 HashAlgorithm algorithm; | |
66 | |
67 // Verify that empty attribute is not valid. | |
68 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
69 | |
70 // Valid sha256 attribute | |
71 attribute = "ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
72 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
73 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
74 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
75 | |
76 // Another valid sha256 attribute, but this time with whitespace | |
77 attribute = " ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=
"; | |
78 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
79 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
80 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
81 | |
82 // Valid sha384 attribute | |
83 attribute = "ni://sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6T
EIup/tA1v5GPr"; | |
84 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
85 EXPECT_EQ(integrity, "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIu
p/tA1v5GPr"); | |
86 EXPECT_EQ(algorithm, HashAlgorithmSha384); | |
87 | |
88 // Valid sha512 attribute | |
89 attribute = "ni://sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+
07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg=="; | |
90 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
91 EXPECT_EQ(integrity, "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07y
MK81ytlg0MPaIrPAjcHqba5csorDWtKg=="); | |
92 EXPECT_EQ(algorithm, HashAlgorithmSha512); | |
93 | |
94 // Invalid prefix | |
95 attribute = "foobar://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
96 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
97 | |
98 // Invalid hash function | |
99 attribute = "ni://not_a_hash_function;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h
2nFSE="; | |
100 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
101 | |
102 // Invalid integrity (not base64) | |
103 attribute = "ni://sha256;&&&foobar&&&"; | |
104 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
105 attribute = "ni://sha256;\x01\x02\x03\x04"; | |
106 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
107 | |
108 // Just integrity | |
109 attribute = "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
110 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
111 } | 221 } |
112 | 222 |
113 } // namespace blink | 223 } // namespace blink |
OLD | NEW |