Google Git
Sign in
chromium / chromium / src / 6ebff0f8de665d2ea2a7d109ef1aeca753993396 / . / third_party / WebKit / Source / core / frame / csp / CSPSourceTest.cpp
blob: 00b142b253ec643d9478a8449819a4afe4a1ca8f [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "core/frame/csp/CSPSource.h"
#include "core/dom/Document.h"
#include "core/frame/csp/ContentSecurityPolicy.h"
#include "platform/weborigin/KURL.h"
#include "platform/weborigin/SecurityOrigin.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace blink {
class CSPSourceTest : public ::testing::Test {
public:
CSPSourceTest()
: csp(ContentSecurityPolicy::create())
{
}
protected:
Persistent<ContentSecurityPolicy> csp;
};
TEST_F(CSPSourceTest, BasicMatching)
{
KURL base;
CSPSource source(csp.get(), "http", "example.com", 8000, "/foo/", CSPSource::NoWildcard, CSPSource::NoWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/")));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo/bar")));
EXPECT_TRUE(source.matches(KURL(base, "HTTP://EXAMPLE.com:8000/foo/BAR")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8000/bar/")));
EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8000/bar/")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/bar/")));
EXPECT_FALSE(source.matches(KURL(base, "HTTP://example.com:8000/FOO/bar")));
EXPECT_FALSE(source.matches(KURL(base, "HTTP://example.com:8000/FOO/BAR")));
}
TEST_F(CSPSourceTest, WildcardMatching)
{
KURL base;
CSPSource source(csp.get(), "http", "example.com", 0, "/", CSPSource::HasWildcard, CSPSource::HasWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://foo.example.com:8000/")));
EXPECT_TRUE(source.matches(KURL(base, "http://foo.example.com:8000/foo")));
EXPECT_TRUE(source.matches(KURL(base, "http://foo.example.com:9000/foo/")));
EXPECT_TRUE(source.matches(KURL(base, "HTTP://FOO.EXAMPLE.com:8000/foo/BAR")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8000/foo")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.foo.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "https://example.foo.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8000/bar/")));
}
TEST_F(CSPSourceTest, RedirectMatching)
{
KURL base;
CSPSource source(csp.get(), "http", "example.com", 8000, "/bar/", CSPSource::NoWildcard, CSPSource::NoWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"), ContentSecurityPolicy::DidRedirect));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/foo"), ContentSecurityPolicy::DidRedirect));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/foo"), ContentSecurityPolicy::DidRedirect));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/foo"), ContentSecurityPolicy::DidRedirect));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:9000/foo/"), ContentSecurityPolicy::DidNotRedirect));
}
TEST_F(CSPSourceTest, InsecureSchemeMatchesSecureScheme)
{
KURL base;
CSPSource source(csp.get(), "http", "", 0, "/", CSPSource::NoWildcard, CSPSource::HasWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/")));
EXPECT_TRUE(source.matches(KURL(base, "http://not-example.com:8000/")));
EXPECT_TRUE(source.matches(KURL(base, "https://not-example.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "ftp://example.com:8000/")));
}
TEST_F(CSPSourceTest, InsecureHostSchemeMatchesSecureScheme)
{
KURL base;
CSPSource source(csp.get(), "http", "example.com", 0, "/", CSPSource::NoWildcard, CSPSource::HasWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/")));
}
TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort)
{
KURL base;
CSPSource source(csp.get(), "http", "example.com", 80, "/", CSPSource::NoWildcard, CSPSource::NoWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com/")));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/")));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/")));
EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/")));
}
} // namespace blink