services/network/initiator_lock_compatibility_unittest.cc - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "services/network/initiator_lock_compatibility.h"

 #include "base/optional.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/mojom/network_context.mojom.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/origin.h"

 namespace network {

 InitiatorLockCompatibility VerifyRequestInitiatorSiteLock(
     int process_id,
     base::Optional<url::Origin> lock,
     base::Optional<url::Origin> initiator) {
   auto factory_params = mojom::URLLoaderFactoryParams::New();
   factory_params->process_id = process_id;
   factory_params->request_initiator_site_lock = lock;

   ResourceRequest request;
   request.request_initiator = initiator;

   return VerifyRequestInitiatorLock(*factory_params, request);
 }

 TEST(InitiatorLockCompatibilityTest, VerifyRequestInitiatorSiteLock) {
   url::Origin opaque_origin = url::Origin();
   url::Origin opaque_origin2 = url::Origin();

   url::Origin ip_origin1 = url::Origin::Create(GURL("http://127.0.0.1/"));
   url::Origin ip_origin2 = url::Origin::Create(GURL("http://217.17.45.162/"));

   url::Origin example_com = url::Origin::Create(GURL("http://example.com"));
   url::Origin foo_example_com =
       url::Origin::Create(GURL("http://foo.example.com"));
   url::Origin bar_example_com =
       url::Origin::Create(GURL("http://bar.example.com"));
   url::Origin foo_example_com_dot =
       url::Origin::Create(GURL("http://foo.example.com."));
   url::Origin bar_foo_example_com =
       url::Origin::Create(GURL("http://bar.foo.example.com"));

   url::Origin other_site = url::Origin::Create(GURL("http://other.com"));
   constexpr int kRendererProcessId = 123;

   // Cases without a lock.
   EXPECT_EQ(InitiatorLockCompatibility::kBrowserProcess,
             VerifyRequestInitiatorSiteLock(mojom::kBrowserProcessId,
                                            base::nullopt, base::nullopt));
   EXPECT_EQ(InitiatorLockCompatibility::kNoLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, base::nullopt,
                                            base::nullopt));

   // Opaque initiator is always safe (and so results in kCompatibleLock).
   // OTOH, opaque lock is only compatible with an opaque initiator.
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId,
                                            bar_foo_example_com, opaque_origin));
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin,
                                            opaque_origin2));
   EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin,
                                            bar_foo_example_com));

   // Regular origin equality.
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(
                 kRendererProcessId, bar_foo_example_com, bar_foo_example_com));

   // Regular origin inequality.
   EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId,
                                            bar_foo_example_com, other_site));

   // IP addresses have to be special-cased in some places (e.g. they shouldn't
   // be subject to DomainIs / eTLD+1 comparisons).
   EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1,
                                            ip_origin2));
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1,
                                            ip_origin1));

   // Compatibility check shouldn't strip the lock down to eTLD+1.
   EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
                                            bar_example_com));

   // Site-URL-based comparisons.
   //
   // TODO(lukasza): These should result in kIncorrectLock eventually (once
   // request_initiator_site_lock becomes request_initiator_origin_lock - see
   // https://crbug.com/888079 and https://crbug.com/891872.
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, example_com,
                                            bar_foo_example_com));
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
                                            bar_foo_example_com));

   // The trailing dot is not important (at least for site-URL-based
   // comparisons).
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(
                 kRendererProcessId, foo_example_com_dot, foo_example_com));
   EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
             VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
                                            foo_example_com_dot));
 }

 }  // namespace network
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "services/network/initiator_lock_compatibility.h"

	#include "base/optional.h"
	#include "services/network/public/cpp/resource_request.h"
	#include "services/network/public/mojom/network_context.mojom.h"
	#include "testing/gtest/include/gtest/gtest.h"
	#include "url/origin.h"

	namespace network {

	InitiatorLockCompatibility VerifyRequestInitiatorSiteLock(
	int process_id,
	base::Optional<url::Origin> lock,
	base::Optional<url::Origin> initiator) {
	auto factory_params = mojom::URLLoaderFactoryParams::New();
	factory_params->process_id = process_id;
	factory_params->request_initiator_site_lock = lock;

	ResourceRequest request;
	request.request_initiator = initiator;

	return VerifyRequestInitiatorLock(*factory_params, request);
	}

	TEST(InitiatorLockCompatibilityTest, VerifyRequestInitiatorSiteLock) {
	url::Origin opaque_origin = url::Origin();
	url::Origin opaque_origin2 = url::Origin();

	url::Origin ip_origin1 = url::Origin::Create(GURL("http://127.0.0.1/"));
	url::Origin ip_origin2 = url::Origin::Create(GURL("http://217.17.45.162/"));

	url::Origin example_com = url::Origin::Create(GURL("http://example.com"));
	url::Origin foo_example_com =
	url::Origin::Create(GURL("http://foo.example.com"));
	url::Origin bar_example_com =
	url::Origin::Create(GURL("http://bar.example.com"));
	url::Origin foo_example_com_dot =
	url::Origin::Create(GURL("http://foo.example.com."));
	url::Origin bar_foo_example_com =
	url::Origin::Create(GURL("http://bar.foo.example.com"));

	url::Origin other_site = url::Origin::Create(GURL("http://other.com"));
	constexpr int kRendererProcessId = 123;

	// Cases without a lock.
	EXPECT_EQ(InitiatorLockCompatibility::kBrowserProcess,
	VerifyRequestInitiatorSiteLock(mojom::kBrowserProcessId,
	base::nullopt, base::nullopt));
	EXPECT_EQ(InitiatorLockCompatibility::kNoLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, base::nullopt,
	base::nullopt));

	// Opaque initiator is always safe (and so results in kCompatibleLock).
	// OTOH, opaque lock is only compatible with an opaque initiator.
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId,
	bar_foo_example_com, opaque_origin));
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin,
	opaque_origin2));
	EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin,
	bar_foo_example_com));

	// Regular origin equality.
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(
	kRendererProcessId, bar_foo_example_com, bar_foo_example_com));

	// Regular origin inequality.
	EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId,
	bar_foo_example_com, other_site));

	// IP addresses have to be special-cased in some places (e.g. they shouldn't
	// be subject to DomainIs / eTLD+1 comparisons).
	EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1,
	ip_origin2));
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1,
	ip_origin1));

	// Compatibility check shouldn't strip the lock down to eTLD+1.
	EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
	bar_example_com));

	// Site-URL-based comparisons.
	//
	// TODO(lukasza): These should result in kIncorrectLock eventually (once
	// request_initiator_site_lock becomes request_initiator_origin_lock - see
	// https://crbug.com/888079 and https://crbug.com/891872.
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, example_com,
	bar_foo_example_com));
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
	bar_foo_example_com));

	// The trailing dot is not important (at least for site-URL-based
	// comparisons).
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(
	kRendererProcessId, foo_example_com_dot, foo_example_com));
	EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock,
	VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com,
	foo_example_com_dot));
	}

	} // namespace network