Skip to content

GitLab

T
tangled
Commit 0ba1b246 authored by David Van Cleve's avatar David Van Cleve Committed by Commit Bot
Browse files
Options

CSP: Distinguish port 0 from a default or empty port 

The CSP data structures in Blink currently use a value of 0 to denote an
unspecified or default-valued port in CSP source expressions. However,
origins can also have ports explicitly set to 0.

In order to resolve behavior inconsistencies between
blink::SecurityOrigin, which currently doesn't support port 0, and
url::Origin, which does, we're updating blink::SecurityOrigin to
distinguish port-0 origins from origins with unspecified
(default-valued) ports. This makes SourceListDirectiveTest.GetSources
CSP tests fail, because it means that a "self" CSPSource created by
ContentSecurityPolicy::SetupSelf from an origin with the default port
will no longer have the same port as a CSPSource created by parsing a
host-source source expression with no port.

To fix this, we update CSPSource's port_ member to have a new default
state denoting an unspecified or default-valued port, distinct from the
value 0 which now specifically represents port 0.

Bug: 1136678
Change-Id: Ic386fc2ba31e13c95676ecf050e24874d4af132e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2477044
Commit-Queue: David Van Cleve <davidvc@chromium.org>
Reviewed-by: default avatarAndy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#823558}
parent 6965e0b1
Hide whitespace changes
Inline Side-by-side
Showing with 380 additions and 235 deletions
third_party/blink/renderer/core/frame/csp/content_security_policy.cc
View file @ 0ba1b246
......@@ -180,7 +180,17 @@ void ContentSecurityPolicy::SetupSelf(const SecurityOrigin& security_origin) {
// Ensure that 'self' processes correctly.
self_protocol_ = security_origin.Protocol();
self_source_ = MakeGarbageCollected<CSPSource>(
this, self_protocol_, security_origin.Host(), security_origin.Port(),
this, self_protocol_, security_origin.Host(),
// CSPSource uses port CSPSource::kPortUnspecified to represent a
// missing port and reserves port 0 specifically for origins with port set
// to 0; SecurityOrigin uses port 0 for origins with port 0 as well as for
// origins without ports.
//
// TODO(crbug.com/1136678): Once SecurityOrigin starts treating port 0 as
// a specifically set port, rather than as a sentinel for an
// omitted or default-valued port, modify this logic.
security_origin.Port() == 0 ? CSPSource::kPortUnspecified
: security_origin.Port(),
String(), CSPSource::kNoWildcard, CSPSource::kNoWildcard);
}
......
third_party/blink/renderer/core/frame/csp/csp_source.cc
View file @ 0ba1b246
......@@ -15,6 +15,8 @@
namespace blink {
constexpr int CSPSource::kPortUnspecified = -1;
CSPSource::CSPSource(ContentSecurityPolicy* policy,
const String& scheme,
const String& host,
......@@ -48,7 +50,8 @@ bool CSPSource::Matches(const KURL& url,
return true;
bool paths_match = (redirect_status == RedirectStatus::kFollowedRedirect) ||
PathMatches(url.GetPath());
PortMatchingResult ports_match = PortMatches(url.Port(), url.Protocol());
PortMatchingResult ports_match = PortMatches(
url.HasPort() ? url.Port() : kPortUnspecified, url.Protocol());
// if either the scheme or the port would require an upgrade (e.g. from http
// to https) then check that both of them can upgrade to ensure that we don't
......@@ -68,7 +71,8 @@ bool CSPSource::MatchesAsSelf(const KURL& url) {
// Step 4.
SchemeMatchingResult schemes_match = SchemeMatches(url.Protocol());
bool hosts_match = HostMatches(url.Host());
PortMatchingResult ports_match = PortMatches(url.Port(), url.Protocol());
PortMatchingResult ports_match = PortMatches(
url.HasPort() ? url.Port() : kPortUnspecified, url.Protocol());
// check if the origin is exactly matching
if (schemes_match == SchemeMatchingResult::kMatchingExact && hosts_match &&
......@@ -82,9 +86,10 @@ bool CSPSource::MatchesAsSelf(const KURL& url) {
bool ports_match_or_defaults =
(ports_match == PortMatchingResult::kMatchingExact ||
((IsDefaultPortForProtocol(port_, self_scheme) || port_ == 0) &&
(IsDefaultPortForProtocol(url.Port(), url.Protocol()) ||
url.Port() == 0)));
((IsDefaultPortForProtocol(port_, self_scheme) ||
port_ == kPortUnspecified) &&
(!url.HasPort() ||
IsDefaultPortForProtocol(url.Port(), url.Protocol()))));
if (hosts_match && ports_match_or_defaults &&
(url.Protocol() == "https" || url.Protocol() == "wss" ||
......@@ -159,7 +164,7 @@ CSPSource::PortMatchingResult CSPSource::PortMatches(
return PortMatchingResult::kMatchingWildcard;
if (port == port_) {
if (port == 0)
if (port == kPortUnspecified)
return PortMatchingResult::kMatchingWildcard;
return PortMatchingResult::kMatchingExact;
}
......@@ -168,18 +173,21 @@ CSPSource::PortMatchingResult CSPSource::PortMatches(
is_scheme_http = scheme_.IsEmpty() ? policy_->ProtocolEqualsSelf("http")
: EqualIgnoringASCIICase("http", scheme_);
if ((port_ == 80 || ((port_ == 0 || port_ == 443) && is_scheme_http)) &&
(port == 443 || (port == 0 && DefaultPortForProtocol(protocol) == 443)))
if ((port_ == 80 ||
((port_ == kPortUnspecified || port_ == 443) && is_scheme_http)) &&
(port == 443 ||
(port == kPortUnspecified && DefaultPortForProtocol(protocol) == 443))) {
return PortMatchingResult::kMatchingUpgrade;
}
if (!port) {
if (port == kPortUnspecified) {
if (IsDefaultPortForProtocol(port_, protocol))
return PortMatchingResult::kMatchingExact;
return PortMatchingResult::kNotMatching;
}
if (!port_) {
if (port_ == kPortUnspecified) {
if (IsDefaultPortForProtocol(port, protocol))
return PortMatchingResult::kMatchingExact;
......@@ -261,7 +269,8 @@ CSPSource* CSPSource::Intersect(CSPSource* other) const {
// Choose this port if the other port is empty, has wildcard or is a port for
// a less secure scheme such as "http" whereas scheme of this is "https", in
// which case the lengths would differ.
int port = (other->port_wildcard_ == kHasWildcard || !other->port_ ||
int port = (other->port_wildcard_ == kHasWildcard ||
other->port_ == kPortUnspecified ||
scheme_.length() > other->scheme_.length())
? port_
: other->port_;
......@@ -302,12 +311,13 @@ bool CSPSource::FirstSubsumesSecond(
network::mojom::blink::CSPSourcePtr CSPSource::ExposeForNavigationalChecks()
const {
return network::mojom::blink::CSPSource::New(
scheme_ ? scheme_ : "", // scheme
host_ ? host_ : "", // host
port_ == 0 ? -1 /* url::PORT_UNSPECIFIED */ : port_, // port
path_ ? path_ : "", // path
host_wildcard_ == kHasWildcard, // is_host_wildcard
port_wildcard_ == kHasWildcard // is_port_wildcard
scheme_ ? scheme_ : "", // scheme
host_ ? host_ : "", // host
port_ == kPortUnspecified ? -1 /* url::PORT_UNSPECIFIED */
: port_, // port
path_ ? path_ : "", // path
host_wildcard_ == kHasWildcard, // is_host_wildcard
port_wildcard_ == kHasWildcard // is_port_wildcard
);
}
......
third_party/blink/renderer/core/frame/csp/csp_source.h
View file @ 0ba1b246
......@@ -20,6 +20,9 @@ class KURL;
class CORE_EXPORT CSPSource final : public GarbageCollected<CSPSource> {
public:
// Represents the absence of a port.
const static int kPortUnspecified;
enum WildcardDisposition { kNoWildcard, kHasWildcard };
// NotMatching is the only negative member, the rest are different types of
......
third_party/blink/renderer/core/frame/csp/csp_source_test.cc
View file @ 0ba1b246
......@@ -23,8 +23,8 @@ class CSPSourceTest : public testing::Test {
String scheme;
String host;
String path;
// port is 0 if it was not specified so the default port for a given scheme
// will be used.
// port is CSPSource::kPortUnspecified if it was not specified so the
// default port for a given scheme will be used.
const int port;
CSPSource::WildcardDisposition host_wildcard;
CSPSource::WildcardDisposition port_wildcard;
......@@ -77,8 +77,9 @@ TEST_F(CSPSourceTest, BasicPathMatching) {
TEST_F(CSPSourceTest, WildcardMatching) {
KURL base;
CSPSource source(csp.Get(), "http", "example.com", 0, "/",
CSPSource::kHasWildcard, CSPSource::kHasWildcard);
CSPSource source(csp.Get(), "http", "example.com",
CSPSource::kPortUnspecified, "/", CSPSource::kHasWildcard,
CSPSource::kHasWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://foo.example.com:8000/")));
EXPECT_TRUE(source.Matches(KURL(base, "http://foo.example.com:8000/foo")));
......@@ -118,8 +119,8 @@ TEST_F(CSPSourceTest, RedirectMatching) {
TEST_F(CSPSourceTest, InsecureSchemeMatchesSecureScheme) {
KURL base;
CSPSource source(csp.Get(), "http", "", 0, "/", CSPSource::kNoWildcard,
CSPSource::kHasWildcard);
CSPSource source(csp.Get(), "http", "", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kHasWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://example.com:8000/")));
EXPECT_TRUE(source.Matches(KURL(base, "https://example.com:8000/")));
......@@ -130,8 +131,9 @@ TEST_F(CSPSourceTest, InsecureSchemeMatchesSecureScheme) {
TEST_F(CSPSourceTest, InsecureHostSchemeMatchesSecureScheme) {
KURL base;
CSPSource source(csp.Get(), "http", "example.com", 0, "/",
CSPSource::kNoWildcard, CSPSource::kHasWildcard);
CSPSource source(csp.Get(), "http", "example.com",
CSPSource::kPortUnspecified, "/", CSPSource::kNoWildcard,
CSPSource::kHasWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://example.com:8000/")));
EXPECT_FALSE(source.Matches(KURL(base, "http://not-example.com:8000/")));
......@@ -147,8 +149,8 @@ TEST_F(CSPSourceTest, SchemeIsEmpty) {
Persistent<ContentSecurityPolicy> csp(
MakeGarbageCollected<ContentSecurityPolicy>());
csp->SetupSelf(*SecurityOrigin::CreateFromString("http://a.com/"));
CSPSource source(csp.Get(), "", "a.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "a.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://a.com")));
EXPECT_TRUE(source.Matches(KURL(base, "https://a.com")));
EXPECT_FALSE(source.Matches(KURL(base, "ftp://a.com")));
......@@ -159,8 +161,8 @@ TEST_F(CSPSourceTest, SchemeIsEmpty) {
Persistent<ContentSecurityPolicy> csp(
MakeGarbageCollected<ContentSecurityPolicy>());
csp->SetupSelf(*SecurityOrigin::CreateFromString("https://a.com/"));
CSPSource source(csp.Get(), "", "a.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "a.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_FALSE(source.Matches(KURL(base, "http://a.com")));
EXPECT_TRUE(source.Matches(KURL(base, "https://a.com")));
EXPECT_FALSE(source.Matches(KURL(base, "ftp://a.com")));
......@@ -171,8 +173,8 @@ TEST_F(CSPSourceTest, SchemeIsEmpty) {
Persistent<ContentSecurityPolicy> csp(
MakeGarbageCollected<ContentSecurityPolicy>());
csp->SetupSelf(*SecurityOrigin::CreateFromString("ftp://a.com/"));
CSPSource source(csp.Get(), "", "a.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "a.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_FALSE(source.Matches(KURL(base, "http://a.com")));
EXPECT_TRUE(source.Matches(KURL(base, "ftp://a.com")));
}
......@@ -183,8 +185,8 @@ TEST_F(CSPSourceTest, SchemeIsEmpty) {
MakeGarbageCollected<ContentSecurityPolicy>());
csp->SetupSelf(
*SecurityOrigin::CreateFromString("non-standard-scheme://a.com/"));
CSPSource source(csp.Get(), "", "a.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "a.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_FALSE(source.Matches(KURL(base, "http://a.com")));
// The reason matching fails is because the host is parsed as "" when
......@@ -246,8 +248,9 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
// source port is empty
{
CSPSource source(csp.Get(), "http", "example.com", 0, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "http", "example.com",
CSPSource::kPortUnspecified, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://example.com")));
EXPECT_TRUE(source.Matches(KURL(base, "https://example.com")));
......@@ -266,16 +269,16 @@ TEST_F(CSPSourceTest, HostMatches) {
// Host is * (source-expression = "http://*")
{
CSPSource source(csp.Get(), "http", "", 0, "", CSPSource::kHasWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "http", "", CSPSource::kPortUnspecified, "",
CSPSource::kHasWildcard, CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://a.com")));
EXPECT_TRUE(source.Matches(KURL(base, "http://.")));
}
// Host is *.foo.bar
{
CSPSource source(csp.Get(), "", "foo.bar", 0, "", CSPSource::kHasWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "foo.bar", CSPSource::kPortUnspecified, "",
CSPSource::kHasWildcard, CSPSource::kNoWildcard);
EXPECT_FALSE(source.Matches(KURL(base, "http://a.com")));
EXPECT_FALSE(source.Matches(KURL(base, "http://bar")));
EXPECT_FALSE(source.Matches(KURL(base, "http://foo.bar")));
......@@ -289,8 +292,8 @@ TEST_F(CSPSourceTest, HostMatches) {
// Host is exact.
{
CSPSource source(csp.Get(), "", "foo.bar", 0, "", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "foo.bar", CSPSource::kPortUnspecified, "",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://foo.bar")));
EXPECT_FALSE(source.Matches(KURL(base, "http://sub.foo.bar")));
EXPECT_FALSE(source.Matches(KURL(base, "http://bar")));
......@@ -300,16 +303,16 @@ TEST_F(CSPSourceTest, HostMatches) {
// Host matching is case-insensitive.
{
CSPSource source(csp.Get(), "", "FoO.BaR", 0, "", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "FoO.BaR", CSPSource::kPortUnspecified, "",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://foo.bar")));
EXPECT_FALSE(source.Matches(KURL(base, "http://sub.foo.bar")));
}
// Wildcarded host matching is case-insensitive.
{
CSPSource source(csp.Get(), "", "FoO.BaR", 0, "", CSPSource::kHasWildcard,
CSPSource::kNoWildcard);
CSPSource source(csp.Get(), "", "FoO.BaR", CSPSource::kPortUnspecified, "",
CSPSource::kHasWildcard, CSPSource::kNoWildcard);
EXPECT_TRUE(source.Matches(KURL(base, "http://sub.foo.bar")));
EXPECT_FALSE(source.Matches(KURL(base, "http://foo.bar")));
}
......@@ -326,12 +329,16 @@ TEST_F(CSPSourceTest, DoesNotSubsume) {
const Source a;
const Source b;
} cases[] = {
{{"http", "example.com", "/", 0}, {"http", "another.com", "/", 0}},
{{"wss", "example.com", "/", 0}, {"http", "example.com", "/", 0}},
{{"wss", "example.com", "/", 0}, {"about", "example.com", "/", 0}},
{{"http", "example.com", "/", 0}, {"about", "example.com", "/", 0}},
{{"http", "example.com", "/1.html", 0},
{"http", "example.com", "/2.html", 0}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "another.com", "/", CSPSource::kPortUnspecified}},
{{"wss", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/", CSPSource::kPortUnspecified}},
{{"wss", "example.com", "/", CSPSource::kPortUnspecified},
{"about", "example.com", "/", CSPSource::kPortUnspecified}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"about", "example.com", "/", CSPSource::kPortUnspecified}},
{{"http", "example.com", "/1.html", CSPSource::kPortUnspecified},
{"http", "example.com", "/2.html", CSPSource::kPortUnspecified}},
{{"http", "example.com", "/", 443}, {"about", "example.com", "/", 800}},
};
for (const auto& test : cases) {
......@@ -362,32 +369,80 @@ TEST_F(CSPSourceTest, Subsumes) {
bool expected_when_swapped;
} cases[] = {
// Equal signals
{{"http", "/", 0}, {"http", "/", 0}, true, true},
{{"https", "/", 0}, {"https", "/", 0}, true, true},
{{"https", "/page1.html", 0}, {"https", "/page1.html", 0}, true, true},
{{"http", "/", CSPSource::kPortUnspecified},
{"http", "/", CSPSource::kPortUnspecified},
true,
true},
{{"https", "/", CSPSource::kPortUnspecified},
{"https", "/", CSPSource::kPortUnspecified},
true,
true},
{{"https", "/page1.html", CSPSource::kPortUnspecified},
{"https", "/page1.html", CSPSource::kPortUnspecified},
true,
true},
{{"http", "/", 70}, {"http", "/", 70}, true, true},
{{"https", "/", 70}, {"https", "/", 70}, true, true},
{{"https", "/page1.html", 0}, {"https", "/page1.html", 0}, true, true},
{{"https", "/page1.html", CSPSource::kPortUnspecified},
{"https", "/page1.html", CSPSource::kPortUnspecified},
true,
true},
{{"http", "/page1.html", 70}, {"http", "/page1.html", 70}, true, true},
{{"https", "/page1.html", 70}, {"https", "/page1.html", 70}, true, true},
{{"http", "/", 0}, {"http", "", 0}, true, true},
{{"http", "/", CSPSource::kPortUnspecified},
{"http", "", CSPSource::kPortUnspecified},
true,
true},
{{"http", "/", 80}, {"http", "", 80}, true, true},
{{"http", "/", 80}, {"https", "", 443}, false, true},
// One stronger signal in the first CSPSource
{{"https", "/", 0}, {"http", "/", 0}, true, false},
{{"http", "/page1.html", 0}, {"http", "/", 0}, true, false},
{{"http", "/", 80}, {"http", "/", 0}, true, true},
{{"http", "/", 700}, {"http", "/", 0}, false, false},
{{"https", "/", CSPSource::kPortUnspecified},
{"http", "/", CSPSource::kPortUnspecified},
true,
false},
{{"http", "/page1.html", CSPSource::kPortUnspecified},
{"http", "/", CSPSource::kPortUnspecified},
true,
false},
{{"http", "/", 80},
{"http", "/", CSPSource::kPortUnspecified},
true,
true},
{{"http", "/", 700},
{"http", "/", CSPSource::kPortUnspecified},
false,
false},
// Two stronger signals in the first CSPSource
{{"https", "/page1.html", 0}, {"http", "/", 0}, true, false},
{{"https", "/", 80}, {"http", "/", 0}, false, false},
{{"http", "/page1.html", 80}, {"http", "/", 0}, true, false},
{{"https", "/page1.html", CSPSource::kPortUnspecified},
{"http", "/", CSPSource::kPortUnspecified},
true,
false},
{{"https", "/", 80},
{"http", "/", CSPSource::kPortUnspecified},
false,
false},
{{"http", "/page1.html", 80},
{"http", "/", CSPSource::kPortUnspecified},
true,
false},
// Three stronger signals in the first CSPSource
{{"https", "/page1.html", 70}, {"http", "/", 0}, false, false},
{{"https", "/page1.html", 70},
{"http", "/", CSPSource::kPortUnspecified},
false,
false},
// Mixed signals
{{"https", "/", 0}, {"http", "/page1.html", 0}, false, false},
{{"https", "/", 0}, {"http", "/", 70}, false, false},
{{"http", "/page1.html", 0}, {"http", "/", 70}, false, false},
{{"https", "/", CSPSource::kPortUnspecified},
{"http", "/page1.html", CSPSource::kPortUnspecified},
false,
false},
{{"https", "/", CSPSource::kPortUnspecified},
{"http", "/", 70},
false,
false},
{{"http", "/page1.html", CSPSource::kPortUnspecified},
{"http", "/", 70},
false,
false},
};
for (const auto& test : cases) {
......@@ -490,18 +545,18 @@ TEST_F(CSPSourceTest, WildcardsSubsumes) {
// has a more specific path.
for (const auto& test : cases) {
CSPSource* returned = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "example.com", 0, "/", test.a.host_dispotion,
test.a.port_dispotion);
csp.Get(), "http", "example.com", CSPSource::kPortUnspecified, "/",
test.a.host_dispotion, test.a.port_dispotion);
CSPSource* required = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "example.com", 0, "/", test.b.host_dispotion,
test.b.port_dispotion);
csp.Get(), "http", "example.com", CSPSource::kPortUnspecified, "/",
test.b.host_dispotion, test.b.port_dispotion);
EXPECT_EQ(required->Subsumes(returned), test.expected);
// Wildcards should not matter when required csp is stricter than returned
// csp.
CSPSource* required2 = MakeGarbageCollected<CSPSource>(
csp.Get(), "https", "example.com", 0, "/", test.b.host_dispotion,
test.b.port_dispotion);
csp.Get(), "https", "example.com", CSPSource::kPortUnspecified, "/",
test.b.host_dispotion, test.b.port_dispotion);
EXPECT_FALSE(required2->Subsumes(returned));
}
}
......@@ -530,11 +585,11 @@ TEST_F(CSPSourceTest, SchemesOnlySubsumes) {
for (const auto& test : cases) {
CSPSource* returned = MakeGarbageCollected<CSPSource>(
csp.Get(), test.a_scheme, "example.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
csp.Get(), test.a_scheme, "example.com", CSPSource::kPortUnspecified,
"/", CSPSource::kNoWildcard, CSPSource::kNoWildcard);
CSPSource* required = MakeGarbageCollected<CSPSource>(
csp.Get(), test.b_scheme, "example.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
csp.Get(), test.b_scheme, "example.com", CSPSource::kPortUnspecified,
"/", CSPSource::kNoWildcard, CSPSource::kNoWildcard);
EXPECT_EQ(required->Subsumes(returned), test.expected);
}
}
......@@ -552,21 +607,29 @@ TEST_F(CSPSourceTest, IsSimilar) {
bool is_similar;
} cases[] = {
// Similar
{{"http", "example.com", "/", 0}, {"http", "example.com", "/", 0}, true},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/", CSPSource::kPortUnspecified},
true},
// Schemes
{{"https", "example.com", "/", 0},
{"https", "example.com", "/", 0},
{{"https", "example.com", "/", CSPSource::kPortUnspecified},
{"https", "example.com", "/", CSPSource::kPortUnspecified},
true},
{{"https", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/", CSPSource::kPortUnspecified},
true},
{{"ws", "example.com", "/", CSPSource::kPortUnspecified},
{"wss", "example.com", "/", CSPSource::kPortUnspecified},
true},
{{"https", "example.com", "/", 0}, {"http", "example.com", "/", 0}, true},
{{"ws", "example.com", "/", 0}, {"wss", "example.com", "/", 0}, true},
// Ports
{{"http", "example.com", "/", 90},
{"http", "example.com", "/", 90},
true},
{{"wss", "example.com", "/", 0},
{"wss", "example.com", "/", 0},
{{"wss", "example.com", "/", CSPSource::kPortUnspecified},
{"wss", "example.com", "/", CSPSource::kPortUnspecified},
true}, // use default port
{{"http", "example.com", "/", 80}, {"http", "example.com", "/", 0}, true},
{{"http", "example.com", "/", 80},
{"http", "example.com", "/", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/", 80},
{"https", "example.com", "/", 443},
true},
......@@ -574,30 +637,34 @@ TEST_F(CSPSourceTest, IsSimilar) {
{"https", "example.com", "/", 444},
false},
// Paths
{{"http", "example.com", "/", 0},
{"http", "example.com", "/1.html", 0},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/1.html", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/", 0}, {"http", "example.com", "", 0}, true},
{{"http", "example.com", "/", 0},
{"http", "example.com", "/a/b/", 0},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/a/", 0},
{"http", "example.com", "/a/", 0},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/a/", 0},
{"http", "example.com", "/a/b/", 0},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified},
{"http", "example.com", "/a/", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/a/", 0},
{"http", "example.com", "/a/b/1.html", 0},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/1.html", 0},
{"http", "example.com", "/1.html", 0},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified},
{"http", "example.com", "/a/b/1.html", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/1.html", CSPSource::kPortUnspecified},
{"http", "example.com", "/1.html", CSPSource::kPortUnspecified},
true},
// Mixed
{{"http", "example.com", "/1.html", 90},
{"http", "example.com", "/", 90},
true},
{{"https", "example.com", "/", 0}, {"http", "example.com", "/", 0}, true},
{{"https", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/", CSPSource::kPortUnspecified},
true},
{{"http", "example.com", "/a/", 90},
{"https", "example.com", "", 90},
true},
......@@ -608,23 +675,29 @@ TEST_F(CSPSourceTest, IsSimilar) {
{"https", "example.com", "/a/b/", 90},
true},
// Not Similar
{{"http", "example.com", "/a/", 0},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified},
{"https", "example.com", "", 90},
false},
{{"https", "example.com", "/", 0},
{{"https", "example.com", "/", CSPSource::kPortUnspecified},
{"https", "example.com", "/", 90},
false},
{{"http", "example.com", "/", 0}, {"http", "another.com", "/", 0}, false},
{{"wss", "example.com", "/", 0}, {"http", "example.com", "/", 0}, false},
{{"wss", "example.com", "/", 0}, {"about", "example.com", "/", 0}, false},
{{"http", "example.com", "/", 0},
{"about", "example.com", "/", 0},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "another.com", "/", CSPSource::kPortUnspecified},
false},
{{"wss", "example.com", "/", CSPSource::kPortUnspecified},
{"http", "example.com", "/", CSPSource::kPortUnspecified},
false},
{{"wss", "example.com", "/", CSPSource::kPortUnspecified},
{"about", "example.com", "/", CSPSource::kPortUnspecified},
false},
{{"http", "example.com", "/", CSPSource::kPortUnspecified},
{"about", "example.com", "/", CSPSource::kPortUnspecified},
false},
{{"http", "example.com", "/1.html", 0},
{"http", "example.com", "/2.html", 0},
{{"http", "example.com", "/1.html", CSPSource::kPortUnspecified},
{"http", "example.com", "/2.html", CSPSource::kPortUnspecified},
false},
{{"http", "example.com", "/a/1.html", 0},
{"http", "example.com", "/a/b/", 0},
{{"http", "example.com", "/a/1.html", CSPSource::kPortUnspecified},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified},
false},
{{"http", "example.com", "/", 443},
{"about", "example.com", "/", 800},
......@@ -659,39 +732,55 @@ TEST_F(CSPSourceTest, FirstSubsumesSecond) {
bool expected;
} cases[] = {
// Subsumed.
{{"http", "example.com", 0, "/"}, "http", true},
{{"http", "example.com", 0, "/page.html"}, "http", true},
{{"http", "example.com", CSPSource::kPortUnspecified, "/"}, "http", true},
{{"http", "example.com", CSPSource::kPortUnspecified, "/page.html"},
"http",
true},
{{"http", "second-example.com", 80, "/"}, "http", true},
{{"https", "second-example.com", 0, "/"}, "http", true},
{{"http", "second-example.com", 0, "/page.html"}, "http", true},
{{"https", "second-example.com", CSPSource::kPortUnspecified, "/"},
"http",
true},
{{"http", "second-example.com", CSPSource::kPortUnspecified,
"/page.html"},
"http",
true},
{{"https", "second-example.com", 80, "/page.html"}, "http", true},
{{"https", "second-example.com", 0, "/"}, "https", true},
{{"https", "second-example.com", 0, "/page.html"}, "https", true},
{{"https", "second-example.com", CSPSource::kPortUnspecified, "/"},
"https",
true},
{{"https", "second-example.com", CSPSource::kPortUnspecified,
"/page.html"},
"https",
true},
{{"http", "example.com", 900, "/"}, "http", true},
// NOT subsumed.
{{"http", "second-example.com", 0, "/"}, "wss", false},
{{"http", "second-example.com", CSPSource::kPortUnspecified, "/"},
"wss",
false},
{{"http", "non-example.com", 900, "/"}, "http", false},
{{"http", "second-example.com", 0, "/"}, "https", false},
{{"http", "second-example.com", CSPSource::kPortUnspecified, "/"},
"https",
false},
};
CSPSource* no_wildcards = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "example.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
csp.Get(), "http", "example.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
CSPSource* host_wildcard = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "third-example.com", 0, "/", CSPSource::kHasWildcard,
CSPSource::kNoWildcard);
csp.Get(), "http", "third-example.com", CSPSource::kPortUnspecified, "/",
CSPSource::kHasWildcard, CSPSource::kNoWildcard);
CSPSource* port_wildcard = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "third-example.com", 0, "/", CSPSource::kNoWildcard,
CSPSource::kHasWildcard);
csp.Get(), "http", "third-example.com", CSPSource::kPortUnspecified, "/",
CSPSource::kNoWildcard, CSPSource::kHasWildcard);
CSPSource* both_wildcards = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "third-example.com", 0, "/", CSPSource::kHasWildcard,
CSPSource::kHasWildcard);
csp.Get(), "http", "third-example.com", CSPSource::kPortUnspecified, "/",
CSPSource::kHasWildcard, CSPSource::kHasWildcard);
CSPSource* http_only = MakeGarbageCollected<CSPSource>(
csp.Get(), "http", "", 0, "", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
csp.Get(), "http", "", CSPSource::kPortUnspecified, "",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
CSPSource* https_only = MakeGarbageCollected<CSPSource>(
csp.Get(), "https", "", 0, "", CSPSource::kNoWildcard,
CSPSource::kNoWildcard);
csp.Get(), "https", "", CSPSource::kPortUnspecified, "",
CSPSource::kNoWildcard, CSPSource::kNoWildcard);
for (const auto& test : cases) {
// Setup default vectors.
......@@ -704,11 +793,13 @@ TEST_F(CSPSourceTest, FirstSubsumesSecond) {
list_a.push_back(no_wildcards);
// Add CSPSources based on the current test.
list_b.push_back(MakeGarbageCollected<CSPSource>(
csp.Get(), test.source_b.scheme, test.source_b.host, 0,
test.source_b.path, CSPSource::kNoWildcard, CSPSource::kNoWildcard));
csp.Get(), test.source_b.scheme, test.source_b.host,
CSPSource::kPortUnspecified, test.source_b.path, CSPSource::kNoWildcard,
CSPSource::kNoWildcard));
list_a.push_back(MakeGarbageCollected<CSPSource>(
csp.Get(), test.scheme_a, "second-example.com", 0, "/",
CSPSource::kNoWildcard, CSPSource::kNoWildcard));
csp.Get(), test.scheme_a, "second-example.com",
CSPSource::kPortUnspecified, "/", CSPSource::kNoWildcard,
CSPSource::kNoWildcard));
// listB contains: ["http://example.com/", test.listB]
// listA contains: ["http://example.com/",
// test.schemeA + "://second-example.com/"]
......@@ -748,42 +839,42 @@ TEST_F(CSPSourceTest, Intersect) {
const Source b;
const Source normalized;
} cases[] = {
{{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"ws", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"wss", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"wss", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"ws", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"wss", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"wss", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
// Wildcards
{{"http", "example.com", "/", 0, CSPSource::kHasWildcard,
CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", 0, CSPSource::kHasWildcard,
CSPSource::kHasWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", 0, CSPSource::kHasWildcard,
CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kHasWildcard},
{"http", "sub.example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kHasWildcard, CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kHasWildcard, CSPSource::kHasWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kHasWildcard, CSPSource::kNoWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kHasWildcard},
{"http", "sub.example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
// Ports
{{"http", "example.com", "/", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", 80, CSPSource::kNoWildcard,
......@@ -799,39 +890,39 @@ TEST_F(CSPSourceTest, Intersect) {
{"https", "example.com", "/", 443, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
// Paths
{{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/1.html", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/1.html", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/a/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/a/", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/1.html", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/1.html", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/1.html", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/1.html", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "example.com", "/a/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/1.html", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/a/b/1.html", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
// Mixed
{{"http", "example.com", "/1.html", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{{"http", "example.com", "/1.html", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/1.html", 80, CSPSource::kNoWildcard,
......@@ -851,7 +942,15 @@ TEST_F(CSPSourceTest, Intersect) {
normalized->scheme_, normalized->host_,
normalized->path_, normalized->port_,
normalized->host_wildcard_, normalized->port_wildcard_};
EXPECT_TRUE(EqualSources(intersect_ab, test.normalized));
EXPECT_TRUE(EqualSources(intersect_ab, test.normalized))
<<
"intersect_ab=" << normalized->scheme_ << normalized->host_
<< normalized->path_ << normalized->port_ << normalized->host_wildcard_
<< normalized->port_wildcard_
<< ", test.normalized=" << test.normalized.scheme
<< test.normalized.host << test.normalized.path << test.normalized.port
<< test.normalized.host_wildcard << test.normalized.port_wildcard;
// Verify the same test with A and B swapped. The result should be
// identical.
......@@ -860,7 +959,15 @@ TEST_F(CSPSourceTest, Intersect) {
normalized->scheme_, normalized->host_,
normalized->path_, normalized->port_,
normalized->host_wildcard_, normalized->port_wildcard_};
EXPECT_TRUE(EqualSources(intersect_ba, test.normalized));
EXPECT_TRUE(EqualSources(intersect_ba, test.normalized))
<<
"intersect_ba=" << normalized->scheme_ << normalized->host_
<< normalized->path_ << normalized->port_ << normalized->host_wildcard_
<< normalized->port_wildcard_
<< ", test.normalized=" << test.normalized.scheme
<< test.normalized.host << test.normalized.path << test.normalized.port
<< test.normalized.host_wildcard << test.normalized.port_wildcard;
}
}
......@@ -871,43 +978,58 @@ TEST_F(CSPSourceTest, IntersectSchemesOnly) {
const Source normalized;
} cases[] = {
// Both sources are schemes only.
{{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"ws", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"wss", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"wss", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
// One source is a scheme only and the other one has no wildcards.
{{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
{{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", 0, CSPSource::kNoWildcard,
{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"ws", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"wss", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"wss", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"http", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
// One source is a scheme only and the other one has no wildcards.
{{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{"http", "example.com", "/", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard}},
{{"http", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"https", "example.com", "/", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"https", "example.com", "/", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
{{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/page.html", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"https", "example.com", "/page.html", 80, CSPSource::kNoWildcard,
CSPSource::kNoWildcard}},
// One source is a scheme only and the other has one or two wildcards.
{{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/page.html", 80, CSPSource::kHasWildcard,
CSPSource::kNoWildcard},
{"https", "example.com", "/page.html", 80, CSPSource::kHasWildcard,
CSPSource::kNoWildcard}},
{{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/page.html", 80, CSPSource::kNoWildcard,
CSPSource::kHasWildcard},
{"https", "example.com", "/page.html", 80, CSPSource::kNoWildcard,
CSPSource::kHasWildcard}},
{{"https", "", "", 0, CSPSource::kNoWildcard, CSPSource::kNoWildcard},
{{"https", "", "", CSPSource::kPortUnspecified, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{"http", "example.com", "/page.html", 80, CSPSource::kHasWildcard,
CSPSource::kHasWildcard},
{"https", "example.com", "/page.html", 80, CSPSource::kHasWildcard,
......@@ -1002,8 +1124,8 @@ TEST_F(CSPSourceTest, MatchingAsSelf) {
"wss://example.com:443/",
true},
// Ports not set (aka default)
{{"https", "example.com", "", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{{"https", "example.com", "", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
"wss://example.com:443/",
true},
{{"https", "example.com", "", 443, CSPSource::kNoWildcard,
......@@ -1042,8 +1164,8 @@ TEST_F(CSPSourceTest, MatchingAsSelf) {
CSPSource::kNoWildcard},
"custom-scheme://example.com/some-path",
false},
{{"http", "example.com", "", 0, CSPSource::kNoWildcard,
CSPSource::kNoWildcard},
{{"http", "example.com", "", CSPSource::kPortUnspecified,
CSPSource::kNoWildcard, CSPSource::kNoWildcard},
"custom-scheme://example.com/some-path",
false},
};
......
third_party/blink/renderer/core/frame/csp/source_list_directive.cc
View file @ 0ba1b246
......@@ -161,7 +161,7 @@ void SourceListDirective::Parse(const UChar* begin, const UChar* end) {
SkipWhile<UChar, IsSourceCharacter>(position, end);
String scheme, host, path;
int port = 0;
int port = CSPSource::kPortUnspecified;
CSPSource::WildcardDisposition host_wildcard = CSPSource::kNoWildcard;
CSPSource::WildcardDisposition port_wildcard = CSPSource::kNoWildcard;
......@@ -339,7 +339,7 @@ bool SourceListDirective::ParseSource(
if (!ParsePort(begin_port, begin_path, port, port_wildcard))
return false;
} else {
*port = 0;
*port = CSPSource::kPortUnspecified;
}
if (begin_path != end) {
......@@ -559,7 +559,7 @@ bool SourceListDirective::ParsePort(
int* port,
CSPSource::WildcardDisposition* port_wildcard) {
DCHECK(begin <= end);
DCHECK_EQ(*port, 0);
DCHECK_EQ(*port, CSPSource::kPortUnspecified);
DCHECK(*port_wildcard == CSPSource::kNoWildcard);
if (!SkipExactly<UChar>(begin, end, ':'))
......@@ -569,7 +569,7 @@ bool SourceListDirective::ParsePort(
return false;
if (end - begin == 1 && *begin == '*') {
*port = 0;
*port = CSPSource::kPortUnspecified;
*port_wildcard = CSPSource::kHasWildcard;
return true;
}
......@@ -672,18 +672,18 @@ HeapVector<Member<CSPSource>> SourceListDirective::GetSources(
HeapVector<Member<CSPSource>> sources = list_;
if (allow_star_) {
sources.push_back(MakeGarbageCollected<CSPSource>(
policy_, "ftp", String(), 0, String(), CSPSource::kNoWildcard,
CSPSource::kNoWildcard));
policy_, "ftp", String(), CSPSource::kPortUnspecified, String(),
CSPSource::kNoWildcard, CSPSource::kNoWildcard));
sources.push_back(MakeGarbageCollected<CSPSource>(
policy_, "ws", String(), 0, String(), CSPSource::kNoWildcard,
CSPSource::kNoWildcard));
policy_, "ws", String(), CSPSource::kPortUnspecified, String(),
CSPSource::kNoWildcard, CSPSource::kNoWildcard));
sources.push_back(MakeGarbageCollected<CSPSource>(
policy_, "http", String(), 0, String(), CSPSource::kNoWildcard,
CSPSource::kNoWildcard));
policy_, "http", String(), CSPSource::kPortUnspecified, String(),
CSPSource::kNoWildcard, CSPSource::kNoWildcard));
if (self) {
sources.push_back(MakeGarbageCollected<CSPSource>(
policy_, self->GetScheme(), String(), 0, String(),
CSPSource::kNoWildcard, CSPSource::kNoWildcard));
policy_, self->GetScheme(), String(), CSPSource::kPortUnspecified,
String(), CSPSource::kNoWildcard, CSPSource::kNoWildcard));
}
} else if (allow_self_ && self) {
sources.push_back(self);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment