| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
| 7 | 7 |
| 8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
| 9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
| 10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
| 11 #include "platform/Crypto.h" | 11 #include "platform/Crypto.h" |
| 12 #include "platform/weborigin/KURL.h" | 12 #include "platform/weborigin/KURL.h" |
| 13 #include "platform/weborigin/SecurityOrigin.h" | 13 #include "platform/weborigin/SecurityOrigin.h" |
| 14 #include "wtf/RefPtr.h" | 14 #include "wtf/RefPtr.h" |
| 15 #include "wtf/text/WTFString.h" | 15 #include "wtf/text/WTFString.h" |
| 16 #include <gtest/gtest.h> | 16 #include <gtest/gtest.h> |
| 17 | 17 |
| 18 namespace blink { | 18 namespace blink { |
| 19 | 19 |
| 20 static const char kBasicScript[] = "alert('test');"; | 20 static const char kBasicScript[] = "alert('test');"; |
| 21 static const char kSha256Integrity[] = "ni://sha256;GAF48QOoxRvu0gZAmQivUdJPyBac
qznBAXwnkfpmQX4="; | 21 static const char kSha256Integrity[] = "ni:///sha256;GAF48QOoxRvu0gZAmQivUdJPyBa
cqznBAXwnkfpmQX4="; |
| 22 static const char kSha384Intgrity[] = "ni://sha384;nep3XpvhUxpCMOVXIFPecThAqdY/u
VeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 22 static const char kSha384Integrity[] = "ni:///sha384;nep3XpvhUxpCMOVXIFPecThAqdY
/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
| 23 static const char kSha512Integrity[] = "ni://sha512;TXkJw18PqlVlEUXXjeXbGetop1TK
B3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; | 23 static const char kSha512Integrity[] = "ni:///sha512;TXkJw18PqlVlEUXXjeXbGetop1T
KB3wYQIp1/ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ++ItA=="; |
| 24 static const char kSha384IntegrityLabeledAs256[] = "ni://sha256;nep3XpvhUxpCMOVX
IFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; | 24 static const char kSha384IntegrityLabeledAs256[] = "ni:///sha256;nep3XpvhUxpCMOV
XIFPecThAqdY/uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE"; |
| 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni://sha1;JfLW308qMPKfb
4DaHpUBEESwuPc="; | 25 static const char kUnsupportedHashFunctionIntegrity[] = "ni:///sha1;JfLW308qMPKf
b4DaHpUBEESwuPc="; |
| 26 | 26 |
| 27 TEST(SubresourceIntegrityTest, CheckSubresourceIntegrity) | 27 class SubresourceIntegrityTest : public ::testing::Test { |
| 28 { | 28 public: |
| 29 KURL secureKURL(KURL(), "https://foobar.com:443"); | 29 SubresourceIntegrityTest() |
| 30 KURL insecureKURL(KURL(), "http://foobar.com:80"); | 30 : secureURL(ParsedURLString, "https://example.test:443") |
| 31 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::create(secureKURL); | 31 , insecureURL(ParsedURLString, "http://example.test:80") |
| 32 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::create(insecureKURL)
; | 32 , secureOrigin(SecurityOrigin::create(secureURL)) |
| 33 RefPtrWillBeRawPtr<Document> document = Document::create(); | 33 , insecureOrigin(SecurityOrigin::create(insecureURL)) |
| 34 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement = HTMLScriptElement::cre
ate(*document, true); | 34 { |
| 35 } |
| 36 |
| 37 protected: |
| 38 virtual void SetUp() |
| 39 { |
| 40 document = Document::create(); |
| 41 scriptElement = HTMLScriptElement::create(*document, true); |
| 42 } |
| 43 |
| 44 void expectAlgorithm(const String& text, HashAlgorithm expectedAlgorithm) |
| 45 { |
| 46 Vector<UChar> characters; |
| 47 text.appendTo(characters); |
| 48 const UChar* position = characters.data(); |
| 49 const UChar* end = characters.end(); |
| 50 HashAlgorithm algorithm; |
| 51 |
| 52 EXPECT_TRUE(SubresourceIntegrity::parseAlgorithm(position, end, algorith
m)); |
| 53 EXPECT_EQ(expectedAlgorithm, algorithm); |
| 54 EXPECT_EQ(';', *position); |
| 55 } |
| 56 |
| 57 void expectAlgorithmFailure(const String& text) |
| 58 { |
| 59 Vector<UChar> characters; |
| 60 text.appendTo(characters); |
| 61 const UChar* position = characters.data(); |
| 62 const UChar* begin = characters.data(); |
| 63 const UChar* end = characters.end(); |
| 64 HashAlgorithm algorithm; |
| 65 |
| 66 EXPECT_FALSE(SubresourceIntegrity::parseAlgorithm(position, end, algorit
hm)); |
| 67 EXPECT_EQ(begin, position); |
| 68 } |
| 69 |
| 70 void expectDigest(const String& text, const char* expectedDigest) |
| 71 { |
| 72 Vector<UChar> characters; |
| 73 text.appendTo(characters); |
| 74 const UChar* position = characters.data(); |
| 75 const UChar* end = characters.end(); |
| 76 String digest; |
| 77 |
| 78 EXPECT_TRUE(SubresourceIntegrity::parseDigest(position, end, digest)); |
| 79 EXPECT_EQ(expectedDigest, digest); |
| 80 } |
| 81 |
| 82 void expectDigestFailure(const String& text) |
| 83 { |
| 84 Vector<UChar> characters; |
| 85 text.appendTo(characters); |
| 86 const UChar* position = characters.data(); |
| 87 const UChar* end = characters.end(); |
| 88 String digest; |
| 89 |
| 90 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest)); |
| 91 EXPECT_TRUE(digest.isEmpty()); |
| 92 } |
| 93 |
| 94 void expectParse(const char* integrityAttribute, const char* expectedDigest,
HashAlgorithm expectedAlgorithm) |
| 95 { |
| 96 String digest; |
| 97 HashAlgorithm algorithm; |
| 98 |
| 99 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttri
bute, digest, algorithm, *document)); |
| 100 EXPECT_EQ(expectedDigest, digest); |
| 101 EXPECT_EQ(expectedAlgorithm, algorithm); |
| 102 } |
| 103 |
| 104 void expectParseFailure(const char* integrityAttribute) |
| 105 { |
| 106 String digest; |
| 107 HashAlgorithm algorithm; |
| 108 |
| 109 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(integrityAttr
ibute, digest, algorithm, *document)); |
| 110 } |
| 111 |
| 112 void expectIntegrity(const char* integrity, const char* script, const KURL&
url) |
| 113 { |
| 114 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
| 115 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptEleme
nt, script, url)); |
| 116 } |
| 117 |
| 118 void expectIntegrityFailure(const char* integrity, const char* script, const
KURL& url) |
| 119 { |
| 120 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity); |
| 121 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElem
ent, script, url)); |
| 122 } |
| 123 |
| 124 KURL secureURL; |
| 125 KURL insecureURL; |
| 126 RefPtr<SecurityOrigin> secureOrigin; |
| 127 RefPtr<SecurityOrigin> insecureOrigin; |
| 128 |
| 129 RefPtrWillBeRawPtr<Document> document; |
| 130 RefPtrWillBeRawPtr<HTMLScriptElement> scriptElement; |
| 131 }; |
| 132 |
| 133 TEST_F(SubresourceIntegrityTest, ParseAlgorithm) |
| 134 { |
| 135 expectAlgorithm("sha256;", HashAlgorithmSha256); |
| 136 expectAlgorithm("sha384;", HashAlgorithmSha384); |
| 137 expectAlgorithm("sha512;", HashAlgorithmSha512); |
| 138 |
| 139 expectAlgorithmFailure("sha1;"); |
| 140 expectAlgorithmFailure("sha-1;"); |
| 141 expectAlgorithmFailure("sha-256;"); |
| 142 expectAlgorithmFailure("sha-384;"); |
| 143 expectAlgorithmFailure("sha-512;"); |
| 144 } |
| 145 |
| 146 TEST_F(SubresourceIntegrityTest, ParseDigest) |
| 147 { |
| 148 expectDigest("abcdefg", "abcdefg"); |
| 149 expectDigest("abcdefg?", "abcdefg"); |
| 150 |
| 151 expectDigestFailure("?"); |
| 152 expectDigestFailure("&&&foobar&&&"); |
| 153 expectDigestFailure("\x01\x02\x03\x04"); |
| 154 } |
| 155 |
| 156 // |
| 157 // End-to-end parsing tests. |
| 158 // |
| 159 |
| 160 TEST_F(SubresourceIntegrityTest, Parsing) |
| 161 { |
| 162 expectParseFailure(""); |
| 163 expectParseFailure("not/really/a/valid/anything"); |
| 164 expectParseFailure("foobar:///sha256;abcdefg"); |
| 165 expectParseFailure("ni://sha256;abcdefg"); |
| 166 expectParseFailure("ni:///not-sha256-at-all;abcdefg"); |
| 167 expectParseFailure("ni:///sha256;&&&foobar&&&"); |
| 168 expectParseFailure("ni:///sha256;\x01\x02\x03\x04"); |
| 169 |
| 170 expectParse( |
| 171 "ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 172 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 173 HashAlgorithmSha256); |
| 174 |
| 175 expectParse( |
| 176 " ni:///sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ", |
| 177 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", |
| 178 HashAlgorithmSha256); |
| 179 |
| 180 expectParse( |
| 181 "ni:///sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA
1v5GPr", |
| 182 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", |
| 183 HashAlgorithmSha384); |
| 184 |
| 185 expectParse( |
| 186 "ni:///sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81
ytlg0MPaIrPAjcHqba5csorDWtKg==", |
| 187 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAj
cHqba5csorDWtKg==", |
| 188 HashAlgorithmSha512); |
| 189 } |
| 190 |
| 191 // |
| 192 // End-to-end tests of ::CheckSubresourceIntegrity. |
| 193 // |
| 194 |
| 195 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin) |
| 196 { |
| 197 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); |
| 35 | 198 |
| 36 // Verify basic sha256, sha384, and sha512 integrity checks. | 199 // Verify basic sha256, sha384, and sha512 integrity checks. |
| 37 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 200 expectIntegrity(kSha256Integrity, kBasicScript, secureURL); |
| 38 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 201 expectIntegrity(kSha384Integrity, kBasicScript, secureURL); |
| 39 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 202 expectIntegrity(kSha512Integrity, kBasicScript, secureURL); |
| 40 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384Intgrity); | |
| 41 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | |
| 42 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha512Integrity); | |
| 43 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | |
| 44 | 203 |
| 45 // The hash label must match the hash value. | 204 // The hash label must match the hash value. |
| 46 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha384IntegrityLabele
dAs256); | 205 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
); |
| 47 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 206 |
| 48 | 207 // Unsupported hash functions should fail. |
| 49 scriptElement->setAttribute(HTMLNames::integrityAttr, kSha256Integrity); | 208 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu
reURL); |
| 50 // Check should fail if the document is not on an authenticated origin or | 209 } |
| 51 // if the resource is not on an authenticated origin. | 210 |
| 211 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin) |
| 212 { |
| 213 // The same checks as CheckSubresourceIntegrityInSecureOrigin should fail he
re. |
| 52 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); | 214 document->updateSecurityOrigin(insecureOrigin->isolatedCopy()); |
| 53 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, secureKURL)); | 215 |
| 54 document->updateSecurityOrigin(secureOrigin->isolatedCopy()); | 216 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL); |
| 55 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, insecureKURL)); | 217 expectIntegrityFailure(kSha384Integrity, kBasicScript, secureURL); |
| 56 | 218 expectIntegrityFailure(kSha512Integrity, kBasicScript, secureURL); |
| 57 scriptElement->setAttribute(HTMLNames::integrityAttr, kUnsupportedHashFuncti
onIntegrity); | 219 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL
); |
| 58 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement,
kBasicScript, insecureKURL)); | 220 expectIntegrityFailure(kUnsupportedHashFunctionIntegrity, kBasicScript, secu
reURL); |
| 59 } | |
| 60 | |
| 61 TEST(SubresourceIntegrityTest, Parsing) | |
| 62 { | |
| 63 String attribute; | |
| 64 String integrity; | |
| 65 HashAlgorithm algorithm; | |
| 66 | |
| 67 // Verify that empty attribute is not valid. | |
| 68 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 69 | |
| 70 // Valid sha256 attribute | |
| 71 attribute = "ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 72 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
| 73 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
| 74 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
| 75 | |
| 76 // Another valid sha256 attribute, but this time with whitespace | |
| 77 attribute = " ni://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=
"; | |
| 78 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
| 79 EXPECT_EQ(integrity, "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="); | |
| 80 EXPECT_EQ(algorithm, HashAlgorithmSha256); | |
| 81 | |
| 82 // Valid sha384 attribute | |
| 83 attribute = "ni://sha384;XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6T
EIup/tA1v5GPr"; | |
| 84 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
| 85 EXPECT_EQ(integrity, "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIu
p/tA1v5GPr"); | |
| 86 EXPECT_EQ(algorithm, HashAlgorithmSha384); | |
| 87 | |
| 88 // Valid sha512 attribute | |
| 89 attribute = "ni://sha512;tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+
07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg=="; | |
| 90 EXPECT_TRUE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integri
ty, algorithm)); | |
| 91 EXPECT_EQ(integrity, "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07y
MK81ytlg0MPaIrPAjcHqba5csorDWtKg=="); | |
| 92 EXPECT_EQ(algorithm, HashAlgorithmSha512); | |
| 93 | |
| 94 // Invalid prefix | |
| 95 attribute = "foobar://sha256;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 96 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 97 | |
| 98 // Invalid hash function | |
| 99 attribute = "ni://not_a_hash_function;BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h
2nFSE="; | |
| 100 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 101 | |
| 102 // Invalid integrity (not base64) | |
| 103 attribute = "ni://sha256;&&&foobar&&&"; | |
| 104 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 105 attribute = "ni://sha256;\x01\x02\x03\x04"; | |
| 106 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 107 | |
| 108 // Just integrity | |
| 109 attribute = "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE="; | |
| 110 EXPECT_FALSE(SubresourceIntegrity::parseIntegrityAttribute(attribute, integr
ity, algorithm)); | |
| 111 } | 221 } |
| 112 | 222 |
| 113 } // namespace blink | 223 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 656063002:
Subresource Integrity: Improve parsing. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master