extensions/common/csp_validator_unittest.cc - Issue 673183003: Allow *.googleapis.com to be used in CSP

Side by Side Diff: extensions/common/csp_validator_unittest.cc

Issue 673183003: Allow *.googleapis.com to be used in CSP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« extensions/common/csp_validator.cc ('K') | « extensions/common/csp_validator.cc ('k') | no next file » | no next file with comments »

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "extensions/common/csp_validator.h"	5 #include "extensions/common/csp_validator.h"

6 #include "testing/gtest/include/gtest/gtest.h"	6 #include "testing/gtest/include/gtest/gtest.h"

7	7

8 using extensions::csp_validator::ContentSecurityPolicyIsLegal;	8 using extensions::csp_validator::ContentSecurityPolicyIsLegal;

9 using extensions::csp_validator::ContentSecurityPolicyIsSecure;	9 using extensions::csp_validator::ContentSecurityPolicyIsSecure;

10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;	10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;

(...skipping 144 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
155 EXPECT_TRUE(ContentSecurityPolicyIsSecure(	155 EXPECT_TRUE(ContentSecurityPolicyIsSecure(

156 "default-src 'self' blob:", Manifest::TYPE_EXTENSION));	156 "default-src 'self' blob:", Manifest::TYPE_EXTENSION));

157 EXPECT_FALSE(ContentSecurityPolicyIsSecure(	157 EXPECT_FALSE(ContentSecurityPolicyIsSecure(

158 "default-src 'self' blob:http://example.com/XXX",	158 "default-src 'self' blob:http://example.com/XXX",

159 Manifest::TYPE_EXTENSION));	159 Manifest::TYPE_EXTENSION));

160 EXPECT_TRUE(ContentSecurityPolicyIsSecure(	160 EXPECT_TRUE(ContentSecurityPolicyIsSecure(

161 "default-src 'self' filesystem:", Manifest::TYPE_EXTENSION));	161 "default-src 'self' filesystem:", Manifest::TYPE_EXTENSION));

162 EXPECT_FALSE(ContentSecurityPolicyIsSecure(	162 EXPECT_FALSE(ContentSecurityPolicyIsSecure(

163 "default-src 'self' filesystem:http://example.com/XXX",	163 "default-src 'self' filesystem:http://example.com/XXX",

164 Manifest::TYPE_EXTENSION));	164 Manifest::TYPE_EXTENSION));

	165

	166 EXPECT_TRUE(ContentSecurityPolicyIsSecure(

	167 "default-src 'self' https://*.googleapis.com", Manifest::TYPE_EXTENSION));

	168 EXPECT_TRUE(ContentSecurityPolicyIsSecure(

	169 "default-src 'self' https://x.googleapis.com", Manifest::TYPE_EXTENSION));

	170 EXPECT_TRUE(ContentSecurityPolicyIsSecure(

	171 "default-src 'self' https://s3.amazonaws.com", Manifest::TYPE_EXTENSION));
	not at google - send to devlin 2014/10/24 22:16:52 Isn't s3.amazonaws.com considered secure either wa Isn't s3.amazonaws.com considered secure either way (before and after your change)? Can you test something that is affected by the change and/or would have been a regression? robwu 2014/10/24 22:34:08 You're right, I've removed the amazonaws.com excep Show quoted text On 2014/10/24 22:16:52, kalman wrote: > Isn't http://s3.amazonaws.com considered secure either way (before and after your > change)? Can you test something that is affected by the change and/or would have > been a regression? You're right, I've removed the amazonaws.com exception. I mistakenly thought that being a public suffix meant that it cannot be whitelisted.
165 }	172 }

166	173

167 TEST(ExtensionCSPValidator, IsSandboxed) {	174 TEST(ExtensionCSPValidator, IsSandboxed) {

168 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(std::string(),	175 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(std::string(),

169 Manifest::TYPE_EXTENSION));	176 Manifest::TYPE_EXTENSION));

170 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("img-src https://google.com",	177 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("img-src https://google.com",

171 Manifest::TYPE_EXTENSION));	178 Manifest::TYPE_EXTENSION));

172	179

173 // Sandbox directive is required.	180 // Sandbox directive is required.

174 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(	181 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(

(...skipping 15 matching lines...) Expand all Loading...
190 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION));	197 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION));

191 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(	198 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(

192 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP));	199 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP));

193	200

194 // Popups are OK.	201 // Popups are OK.

195 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(	202 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(

196 "sandbox allow-popups", Manifest::TYPE_EXTENSION));	203 "sandbox allow-popups", Manifest::TYPE_EXTENSION));

197 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(	204 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(

198 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP));	205 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP));

199 }	206 }

OLD	NEW