Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(751)

Side by Side Diff: content/browser/security_exploit_browsertest.cc

Issue 712713002: IPC: a way for browsertests to simulate the appearance of a malicious IPC. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@interstitial
Patch Set: Move test util to ipc test support library Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | ipc/ipc.gyp » ('j') | ipc/ipc_security_test_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/command_line.h" 5 #include "base/command_line.h"
6 #include "base/containers/hash_tables.h" 6 #include "base/containers/hash_tables.h"
7 #include "content/browser/dom_storage/dom_storage_context_wrapper.h" 7 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
8 #include "content/browser/dom_storage/session_storage_namespace_impl.h" 8 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
9 #include "content/browser/frame_host/navigator.h" 9 #include "content/browser/frame_host/navigator.h"
10 #include "content/browser/renderer_host/render_view_host_factory.h" 10 #include "content/browser/renderer_host/render_view_host_factory.h"
11 #include "content/browser/renderer_host/render_view_host_impl.h" 11 #include "content/browser/renderer_host/render_view_host_impl.h"
12 #include "content/browser/web_contents/web_contents_impl.h" 12 #include "content/browser/web_contents/web_contents_impl.h"
13 #include "content/common/frame_messages.h"
13 #include "content/common/view_messages.h" 14 #include "content/common/view_messages.h"
14 #include "content/public/browser/browser_context.h" 15 #include "content/public/browser/browser_context.h"
16 #include "content/public/browser/interstitial_page.h"
17 #include "content/public/browser/interstitial_page_delegate.h"
15 #include "content/public/browser/storage_partition.h" 18 #include "content/public/browser/storage_partition.h"
16 #include "content/public/common/content_switches.h" 19 #include "content/public/common/content_switches.h"
17 #include "content/public/test/browser_test_utils.h" 20 #include "content/public/test/browser_test_utils.h"
18 #include "content/public/test/content_browser_test.h" 21 #include "content/public/test/content_browser_test.h"
19 #include "content/public/test/content_browser_test_utils.h" 22 #include "content/public/test/content_browser_test_utils.h"
20 #include "content/public/test/test_utils.h" 23 #include "content/public/test/test_utils.h"
21 #include "content/shell/browser/shell.h" 24 #include "content/shell/browser/shell.h"
25 #include "ipc/ipc_security_test_util.h"
26
27 using IPC::IpcSecurityTestUtil;
22 28
23 namespace content { 29 namespace content {
24 30
25 namespace { 31 namespace {
26 32
27 // This is a helper function for the tests which attempt to create a 33 // This is a helper function for the tests which attempt to create a
28 // duplicate RenderViewHost or RenderWidgetHost. It tries to create two objects 34 // duplicate RenderViewHost or RenderWidgetHost. It tries to create two objects
29 // with the same process and routing ids, which causes a collision. 35 // with the same process and routing ids, which causes a collision.
30 // It creates a couple of windows in process 1, which causes a few routing ids 36 // It creates a couple of windows in process 1, which causes a few routing ids
31 // to be allocated. Then a cross-process navigation is initiated, which causes a 37 // to be allocated. Then a cross-process navigation is initiated, which causes a
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after
159 165
160 // Since this test executes on the UI thread and hopping threads might cause 166 // Since this test executes on the UI thread and hopping threads might cause
161 // different timing in the test, let's simulate a CreateNewWidget call coming 167 // different timing in the test, let's simulate a CreateNewWidget call coming
162 // from the IO thread. Use the existing window routing id to cause a 168 // from the IO thread. Use the existing window routing id to cause a
163 // deliberate collision. 169 // deliberate collision.
164 pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypeSelect); 170 pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypeSelect);
165 171
166 // If the above operation doesn't crash, the test has succeeded! 172 // If the above operation doesn't crash, the test has succeeded!
167 } 173 }
168 174
175 class SecurityExploitTestInterstitialPage : public InterstitialPageDelegate {
176 public:
177 explicit SecurityExploitTestInterstitialPage(WebContents* contents) {
178 InterstitialPage* interstitial = InterstitialPage::Create(
179 contents, false, contents->GetLastCommittedURL(), this);
180 interstitial->Show();
181 }
182
183 // InterstitialPageDelegate implementation.
184 void CommandReceived(const std::string& command) override {
185 last_command_ = command;
186 }
187
188 std::string GetHTMLContents() override {
189 return "<html><head><script>"
190 "window.domAutomationController.send(\"okay\");"
191 "</script></head>"
192 "<body>like a body wholly body</body></html>";
193 }
194
195 std::string last_command() { return last_command_; }
196
197 private:
198 std::string last_command_;
199 DISALLOW_COPY_AND_ASSIGN(SecurityExploitTestInterstitialPage);
200 };
201
202 // The interstitial should not be controllable by the underlying content.
203 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
204 InterstitialCommandFromContentRenderer) {
205
206 // Start off with initial navigation, to allocate the process.
207 GURL foo("http://foo.com/files/simple_page.html");
208 NavigateToURL(shell(), foo);
209
210 // Install and show an interstitial page.
211 SecurityExploitTestInterstitialPage* interstitial =
212 new SecurityExploitTestInterstitialPage(shell()->web_contents());
213 ASSERT_EQ("", interstitial->last_command());
214
215 // Send an automation message from the current renderer. It should not
216 // be received by the interstitial.
217 content::RenderFrameHost* compromised_renderer =
218 shell()->web_contents()->GetMainFrame();
219 FrameHostMsg_DomOperationResponse evil(compromised_renderer->GetRoutingID(),
220 "evil", MSG_ROUTING_NONE);
221 IpcSecurityTestUtil::PwnMessageReceived(
222 compromised_renderer->GetProcess()->GetChannel(), evil);
223
224 ASSERT_EQ("", interstitial->last_command())
225 << "Interstitial should not be affected";
226 }
227
169 } // namespace content 228 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | ipc/ipc.gyp » ('j') | ipc/ipc_security_test_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698