Bug 808292 - CSP: Implement path-level host-source matching, parser tests (r=grobinson,sstamm)

2024-09-13 09:24:08 -07:00 · 2014-08-12 13:07:34 -07:00 · 2014-08-12 13:07:34 -07:00 · da11be272f
commit da11be272f
parent 72f3476d4a
1 changed files with 103 additions and 85 deletions
--- a/content/base/test/TestCSPParser.cpp
+++ b/content/base/test/TestCSPParser.cpp
@ -287,52 +287,70 @@ nsresult TestIgnorePaths() {
    { "script-src http://www.example.com",
      "script-src http://www.example.com" },
    { "script-src http://www.example.com/",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/" },
    { "script-src http://www.example.com/path-1",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1" },
    { "script-src http://www.example.com/path-1/",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/" },
    { "script-src http://www.example.com/path-1/path_2",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2" },
    { "script-src http://www.example.com/path-1/path_2/",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2/" },
    { "script-src http://www.example.com/path-1/path_2/file.js",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2/file.js" },
    { "script-src http://www.example.com/path-1/path_2/file_1.js",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2/file_1.js" },
    { "script-src http://www.example.com/path-1/path_2/file-2.js",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2/file-2.js" },
    { "script-src http://www.example.com/path-1/path_2/f.js",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1/path_2/f.js" },
    { "script-src http://www.example.com:88",
      "script-src http://www.example.com:88" },
    { "script-src http://www.example.com:88/",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/" },
    { "script-src http://www.example.com:88/path-1",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/path-1" },
    { "script-src http://www.example.com:88/path-1/",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/path-1/" },
    { "script-src http://www.example.com:88/path-1/path_2",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/path-1/path_2" },
    { "script-src http://www.example.com:88/path-1/path_2/",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/path-1/path_2/" },
    { "script-src http://www.example.com:88/path-1/path_2/file.js",
-      "script-src http://www.example.com:88" },
+      "script-src http://www.example.com:88/path-1/path_2/file.js" },
    { "script-src http://www.example.com:*",
      "script-src http://www.example.com:*" },
    { "script-src http://www.example.com:*/",
-      "script-src http://www.example.com:*" },
+      "script-src http://www.example.com:*/" },
    { "script-src http://www.example.com:*/path-1",
-      "script-src http://www.example.com:*" },
+      "script-src http://www.example.com:*/path-1" },
    { "script-src http://www.example.com:*/path-1/",
-      "script-src http://www.example.com:*" },
+      "script-src http://www.example.com:*/path-1/" },
    { "script-src http://www.example.com:*/path-1/path_2",
-      "script-src http://www.example.com:*" },
+      "script-src http://www.example.com:*/path-1/path_2" },
    { "script-src http://www.example.com:*/path-1/path_2/",
-      "script-src http://www.example.com:*" },
+      "script-src http://www.example.com:*/path-1/path_2/" },
    { "script-src http://www.example.com:*/path-1/path_2/file.js",
-      "script-src http://www.example.com:*" },
-    { "report-uri http://www.example.com",
+      "script-src http://www.example.com:*/path-1/path_2/file.js" },
+    { "script-src http://www.example.com#foo",
+      "script-src http://www.example.com" },
+    { "script-src http://www.example.com?foo=bar",
+      "script-src http://www.example.com" },
+    { "script-src http://www.example.com:8888#foo",
+      "script-src http://www.example.com:8888" },
+    { "script-src http://www.example.com:8888?foo",
+      "script-src http://www.example.com:8888" },
+    { "script-src http://www.example.com/#foo",
+      "script-src http://www.example.com/" },
+    { "script-src http://www.example.com/?foo",
+      "script-src http://www.example.com/" },
+    { "script-src http://www.example.com/path-1/file.js#foo",
+      "script-src http://www.example.com/path-1/file.js" },
+    { "script-src http://www.example.com/path-1/file.js?foo",
+      "script-src http://www.example.com/path-1/file.js" },
+    { "script-src http://www.example.com/path-1/file.js?foo#bar",
+      "script-src http://www.example.com/path-1/file.js" },
+    { "report-uri http://www.example.com/",
      "report-uri http://www.example.com/" },
    { "report-uri http://www.example.com:8888/asdf",
      "report-uri http://www.example.com:8888/asdf" },
@ -401,9 +419,9 @@ nsresult TestSimplePolicies() {
    { "script-src 'none' 'none' 'none';",
      "script-src 'none'" },
    { "script-src http://www.example.com/path-1//",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1//" },
    { "script-src http://www.example.com/path-1//path_2",
-      "script-src http://www.example.com" },
+      "script-src http://www.example.com/path-1//path_2" },
    { "default-src 127.0.0.1",
      "default-src http://127.0.0.1" },
    { "default-src 127.0.0.1:*",
@ -619,21 +637,21 @@ nsresult TestGoodGeneratedPolicies() {
    { "connect-src https://three:81",
      "connect-src https://three:81" },
    { "script-src http://self.com:80/foo",
-      "script-src http://self.com:80" },
+      "script-src http://self.com:80/foo" },
    { "object-src http://self.com/foo",
-      "object-src http://self.com" },
+      "object-src http://self.com/foo" },
    { "report-uri /report.py",
      "report-uri http://www.selfuri.com/report.py"},
    { "img-src http://foo.org:34/report.py",
-      "img-src http://foo.org:34" },
+      "img-src http://foo.org:34/report.py" },
    { "media-src foo/bar/report.py",
-      "media-src http://foo" },
+      "media-src http://foo/bar/report.py" },
    { "report-uri /",
      "report-uri http://www.selfuri.com/"},
    { "font-src https://self.com/report.py",
-      "font-src https://self.com" },
+      "font-src https://self.com/report.py" },
    { "connect-src https://foo.com/report.py",
-      "connect-src https://foo.com" },
+      "connect-src https://foo.com/report.py" },
    { "default-src *; report-uri  http://www.reporturi.com/",
      "default-src *; report-uri http://www.reporturi.com/" },
    { "default-src http://first.com",
@ -651,15 +669,15 @@ nsresult TestGoodGeneratedPolicies() {
    { "frame-src http://bar.com",
      "frame-src http://bar.com" },
    { "font-src http://self.com/",
-      "font-src http://self.com" },
+      "font-src http://self.com/" },
    { "script-src 'self'",
      "script-src http://www.selfuri.com" },
    { "default-src http://self.com/foo.png",
-      "default-src http://self.com" },
+      "default-src http://self.com/foo.png" },
    { "script-src http://self.com/foo.js",
-      "script-src http://self.com" },
+      "script-src http://self.com/foo.js" },
    { "object-src http://bar.com/foo.js",
-      "object-src http://bar.com" },
+      "object-src http://bar.com/foo.js" },
    { "style-src http://FOO.COM",
      "style-src http://foo.com" },
    { "img-src HTTP",
@ -697,11 +715,11 @@ nsresult TestGoodGeneratedPolicies() {
    { "frame-ancestors http://self:80",
      "frame-ancestors http://self:80" },
    { "frame-ancestors http://self.com/bar",
-      "frame-ancestors http://self.com" },
+      "frame-ancestors http://self.com/bar" },
    { "default-src 'self'; frame-ancestors 'self'",
      "default-src http://www.selfuri.com; frame-ancestors http://www.selfuri.com" },
    { "frame-ancestors http://bar.com/foo.png",
-      "frame-ancestors http://bar.com" },
+      "frame-ancestors http://bar.com/foo.png" },
  };

  uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
@ -747,111 +765,111 @@ nsresult TestGoodGeneratedPoliciesForPathHandling() {
    { "img-src http://test1.example.com",
      "img-src http://test1.example.com" },
    { "img-src http://test1.example.com/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/" },
    { "img-src http://test1.example.com/path-1",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1" },
    { "img-src http://test1.example.com/path-1/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/" },
    { "img-src http://test1.example.com/path-1/path_2/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/" },
    { "img-src http://test1.example.com/path-1/path_2/file.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file.js" },
    { "img-src http://test1.example.com/path-1/path_2/file_1.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file_1.js" },
    { "img-src http://test1.example.com/path-1/path_2/file-2.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file-2.js" },
    { "img-src http://test1.example.com/path-1/path_2/f.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/f.js" },
    { "img-src http://test1.example.com/path-1/path_2/f.oo.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/f.oo.js" },
    { "img-src test1.example.com",
      "img-src http://test1.example.com" },
    { "img-src test1.example.com/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/" },
    { "img-src test1.example.com/path-1",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1" },
    { "img-src test1.example.com/path-1/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/" },
    { "img-src test1.example.com/path-1/path_2/",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/" },
    { "img-src test1.example.com/path-1/path_2/file.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file.js" },
    { "img-src test1.example.com/path-1/path_2/file_1.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file_1.js" },
    { "img-src test1.example.com/path-1/path_2/file-2.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/file-2.js" },
    { "img-src test1.example.com/path-1/path_2/f.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/f.js" },
    { "img-src test1.example.com/path-1/path_2/f.oo.js",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/path-1/path_2/f.oo.js" },
    { "img-src *.example.com",
      "img-src http://*.example.com" },
    { "img-src *.example.com/",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/" },
    { "img-src *.example.com/path-1",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1" },
    { "img-src *.example.com/path-1/",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/" },
    { "img-src *.example.com/path-1/path_2/",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/" },
    { "img-src *.example.com/path-1/path_2/file.js",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/file.js" },
    { "img-src *.example.com/path-1/path_2/file_1.js",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/file_1.js" },
    { "img-src *.example.com/path-1/path_2/file-2.js",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/file-2.js" },
    { "img-src *.example.com/path-1/path_2/f.js",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/f.js" },
    { "img-src *.example.com/path-1/path_2/f.oo.js",
-      "img-src http://*.example.com" },
+      "img-src http://*.example.com/path-1/path_2/f.oo.js" },
    { "img-src test1.example.com:80",
      "img-src http://test1.example.com:80" },
    { "img-src test1.example.com:80/",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/" },
    { "img-src test1.example.com:80/path-1",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1" },
    { "img-src test1.example.com:80/path-1/",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1/" },
    { "img-src test1.example.com:80/path-1/path_2",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1/path_2" },
    { "img-src test1.example.com:80/path-1/path_2/",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1/path_2/" },
    { "img-src test1.example.com:80/path-1/path_2/file.js",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1/path_2/file.js" },
    { "img-src test1.example.com:80/path-1/path_2/f.ile.js",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/path-1/path_2/f.ile.js" },
    { "img-src test1.example.com:*",
      "img-src http://test1.example.com:*" },
    { "img-src test1.example.com:*/",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/" },
    { "img-src test1.example.com:*/path-1",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1" },
    { "img-src test1.example.com:*/path-1/",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1/" },
    { "img-src test1.example.com:*/path-1/path_2",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1/path_2" },
    { "img-src test1.example.com:*/path-1/path_2/",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1/path_2/" },
    { "img-src test1.example.com:*/path-1/path_2/file.js",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1/path_2/file.js" },
    { "img-src test1.example.com:*/path-1/path_2/f.ile.js",
-      "img-src http://test1.example.com:*" },
+      "img-src http://test1.example.com:*/path-1/path_2/f.ile.js" },
    { "img-src http://test1.example.com/abc//",
-      "img-src http://test1.example.com" },
+      "img-src http://test1.example.com/abc//" },
    { "img-src https://test1.example.com/abc/def//",
-      "img-src https://test1.example.com" },
+      "img-src https://test1.example.com/abc/def//" },
    { "img-src https://test1.example.com/abc/def/ghi//",
-      "img-src https://test1.example.com" },
+      "img-src https://test1.example.com/abc/def/ghi//" },
    { "img-src http://test1.example.com:80/abc//",
-      "img-src http://test1.example.com:80" },
+      "img-src http://test1.example.com:80/abc//" },
    { "img-src https://test1.example.com:80/abc/def//",
-      "img-src https://test1.example.com:80" },
+      "img-src https://test1.example.com:80/abc/def//" },
    { "img-src https://test1.example.com:80/abc/def/ghi//",
-      "img-src https://test1.example.com:80" },
+      "img-src https://test1.example.com:80/abc/def/ghi//" },
    { "img-src https://test1.example.com/abc////////////def/",
-      "img-src https://test1.example.com" },
+      "img-src https://test1.example.com/abc////////////def/" },
    { "img-src https://test1.example.com/abc////////////",
-      "img-src https://test1.example.com" },
+      "img-src https://test1.example.com/abc////////////" },
  };

  uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);