OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSourceList.h" | 5 #include "core/frame/csp/CSPSourceList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/"))); | 86 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/"))); |
87 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/bar"))); | 87 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/bar"))); |
88 | 88 |
89 EXPECT_FALSE(sourceList.matches(KURL(base, "data:https://example.test/"))); | 89 EXPECT_FALSE(sourceList.matches(KURL(base, "data:https://example.test/"))); |
90 EXPECT_FALSE(sourceList.matches(KURL(base, "blob:https://example.test/"))); | 90 EXPECT_FALSE(sourceList.matches(KURL(base, "blob:https://example.test/"))); |
91 EXPECT_FALSE(sourceList.matches(KURL(base, "filesystem:https://example.test/
"))); | 91 EXPECT_FALSE(sourceList.matches(KURL(base, "filesystem:https://example.test/
"))); |
92 EXPECT_FALSE(sourceList.matches(KURL(base, "file:///etc/hosts"))); | 92 EXPECT_FALSE(sourceList.matches(KURL(base, "file:///etc/hosts"))); |
93 EXPECT_FALSE(sourceList.matches(KURL(base, "applewebdata://example.test/")))
; | 93 EXPECT_FALSE(sourceList.matches(KURL(base, "applewebdata://example.test/")))
; |
94 } | 94 } |
95 | 95 |
| 96 TEST_F(CSPSourceListTest, StarMatchesSelf) |
| 97 { |
| 98 KURL base; |
| 99 String sources = "*"; |
| 100 CSPSourceList sourceList(csp.get(), "script-src"); |
| 101 parseSourceList(sourceList, sources); |
| 102 |
| 103 |
| 104 // With a protocol of 'file', '*' matches 'file:': |
| 105 RefPtr<SecurityOrigin> origin = SecurityOrigin::create("file", "", 0); |
| 106 csp->setupSelf(*origin); |
| 107 EXPECT_TRUE(sourceList.matches(KURL(base, "file:///etc/hosts"))); |
| 108 |
| 109 // The other results are the same as above: |
| 110 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/"))); |
| 111 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/"))); |
| 112 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar"))); |
| 113 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/"))); |
| 114 EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/bar"))); |
| 115 |
| 116 EXPECT_FALSE(sourceList.matches(KURL(base, "data:https://example.test/"))); |
| 117 EXPECT_FALSE(sourceList.matches(KURL(base, "blob:https://example.test/"))); |
| 118 EXPECT_FALSE(sourceList.matches(KURL(base, "filesystem:https://example.test/
"))); |
| 119 EXPECT_FALSE(sourceList.matches(KURL(base, "applewebdata://example.test/")))
; |
| 120 } |
| 121 |
96 TEST_F(CSPSourceListTest, BasicMatchingSelf) | 122 TEST_F(CSPSourceListTest, BasicMatchingSelf) |
97 { | 123 { |
98 KURL base; | 124 KURL base; |
99 String sources = "'self'"; | 125 String sources = "'self'"; |
100 CSPSourceList sourceList(csp.get(), "script-src"); | 126 CSPSourceList sourceList(csp.get(), "script-src"); |
101 parseSourceList(sourceList, sources); | 127 parseSourceList(sourceList, sources); |
102 | 128 |
103 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); | 129 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); |
104 EXPECT_FALSE(sourceList.matches(KURL(base, "https://not-example.com/"))); | 130 EXPECT_FALSE(sourceList.matches(KURL(base, "https://not-example.com/"))); |
105 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.test/"))); | 131 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.test/"))); |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
194 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); | 220 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); |
195 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); | 221 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); |
196 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); | 222 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Resou
rceRequest::RedirectStatus::FollowedRedirect)); |
197 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); | 223 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); |
198 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); | 224 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); |
199 | 225 |
200 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); | 226 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Reso
urceRequest::RedirectStatus::FollowedRedirect)); |
201 } | 227 } |
202 | 228 |
203 } // namespace blink | 229 } // namespace blink |
OLD | NEW |