// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/hash/hash.h" #include "base/memory/ref_counted_memory.h" #include "base/path_service.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_restrictions.h" #include "content/browser/child_process_security_policy_impl.h" #include "content/browser/process_lock.h" #include "content/browser/renderer_host/frame_tree_node.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/browser/webui/web_ui_controller_factory_registry.h" #include "content/common/content_navigation_policy.h" #include "content/public/browser/site_isolation_policy.h" #include "content/public/browser/url_data_source.h" #include "content/public/browser/web_ui.h" #include "content/public/browser/web_ui_controller.h" #include "content/public/browser/web_ui_data_source.h" #include "content/public/browser/webui_config_map.h" #include "content/public/common/bindings_policy.h" #include "content/public/common/content_paths.h" #include "content/public/common/content_switches.h" #include "content/public/common/url_constants.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/scoped_web_ui_controller_factory_registration.h" #include "content/public/test/test_frame_navigation_observer.h" #include "content/public/test/test_navigation_observer.h" #include "content/public/test/test_utils.h" #include "content/public/test/web_ui_browsertest_util.h" #include "content/shell/browser/shell.h" #include "content/test/content_browser_test_utils_internal.h" #include "net/base/url_util.h" #include "ui/webui/untrusted_web_ui_browsertest_util.h" #include "url/gurl.h" namespace content { class WebUISecurityTest : public ContentBrowserTest { … }; // Verify chrome-untrusted:// have no bindings. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, UntrustedNoBindings) { … } // Loads a WebUI which does not have any bindings. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, NoBindings) { … } // Loads a WebUI which has WebUI bindings. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUIBindings) { … } // Loads a WebUI which has Mojo bindings. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, MojoBindings) { … } // Loads a WebUI which has both WebUI and Mojo bindings. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUIAndMojoBindings) { … } // Verify that reloading a WebUI document or navigating between documents on // the same WebUI will result in using the same SiteInstance, and will reuse // the same WebUI instance if the RenderFrameHost is reused. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUIReuse) { … } // Verify that a WebUI can add a subframe for its own WebUI. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUISameSiteSubframe) { … } // Verify that a WebUI can add a subframe to another WebUI and they will be // correctly isolated in separate SiteInstances and processes. The subframe // also uses WebUI with bindings different than the parent to ensure this is // successfully handled. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUICrossSiteSubframe) { … } // Verify that SiteInstance and WebUI reuse happens in subframes as well. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUIReuseInSubframe) { … } // Verify that if one WebUI does a window.open() to another WebUI, then the two // are not sharing a BrowsingInstance, are isolated from each other, and both // processes have bindings granted to them. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WindowOpenWebUI) { … } // Test to verify correctness of WebUI and process model in the following // sequence of navigations: // * successful navigation to WebUI // * failed navigation to WebUI // * failed navigation to http URL IN_PROC_BROWSER_TEST_F(WebUISecurityTest, WebUIFailedNavigation) { … } // Verify load script from chrome-untrusted:// is blocked. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowResourceRequestToChromeUntrusted) { … } // Verify chrome-untrusted://resources can't be loaded from the Web. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowWebRequestToSharedResources) { … } namespace { class UntrustedSourceWithCorsSupport : public URLDataSource { … }; enum FetchMode { … }; EvalJsResult PerformFetch(Shell* shell, const GURL& fetch_url, FetchMode fetch_mode = FetchMode::CORS) { … } } // namespace // Verify fetch request from web pages to chrome-untrusted:// is blocked, // because web pages don't have WebUIURLLoaderFactory for chrome-untrusted:// // scheme. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowWebPageFetchRequestToChromeUntrusted) { … } // Verify a chrome-untrusted:// document can fetch itself. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, ChromeUntrustedFetchRequestToSelf) { … } // Verify cross-origin fetch request from a chrome-untrusted:// page to another // chrome-untrusted:// page is blocked by the default "default-src 'self'" // Content Security Policy on URLDataSource. IN_PROC_BROWSER_TEST_F( WebUISecurityTest, DisallowCrossOriginFetchRequestToChromeUntrustedByDefault) { … } // Verify cross-origin fetch request from a chrome-untrusted:// page to another // chrome-untrusted:// page succeeds if Content Security Policy allows it. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, CrossOriginFetchRequestToChromeUntrusted) { … } // Verify fetch request from a chrome-untrusted:// page to a chrome:// page // is blocked because chrome-untrusted:// pages don't have WebUIURLLoaderFactory // for chrome:// scheme, even if CSP allows this. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowChromeUntrustedFetchRequestToChrome) { … } namespace { EvalJsResult PerformXHRRequest(Shell* shell, const GURL& xhr_url) { … } } // namespace // Verify XHR request from web pages to chrome-untrusted:// is blocked, because // web pages don't have WebUIURLLoader required to load chrome-untrusted:// // resources. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowWebPageXHRRequestToChromeUntrusted) { … } // Verify a chrome-untrusted:// document can XHR itself. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, AllowChromeUntrustedXHRRequestToSelf) { … } // Verify cross-origin XHR request from a chrome-untrusted:// page to another // chrome-untrusted:// page is blocked by "default-src 'self';" Content Security // Policy. IN_PROC_BROWSER_TEST_F( WebUISecurityTest, DisallowCrossOriginXHRRequestToChromeUntrustedByDefault) { … } // Verify cross-origin XHR request from a chrome-untrusted:// page to another // chrome-untrusted:// page is successful, if Content Security Policy allows it, // and the requested resource presents an Access-Control-Allow-Origin header. IN_PROC_BROWSER_TEST_F( WebUISecurityTest, CrossOriginXHRRequestToChromeUntrustedIfContenSecurityPolicyAllowsIt) { … } // Verify XHR request from a chrome-untrusted:// page to a chrome:// page is // blocked, even if CSP allows this. IN_PROC_BROWSER_TEST_F(WebUISecurityTest, DisallowChromeUntrustedXHRRequestToChrome) { … } // Test that there's no crash when a navigation to a WebUI page reuses an // inactive RenderViewHost. Previously, this led to a browser process crash in // WebUI pages that use MojoWebUIController, which tried to use the // RenderViewHost's GetPrimaryMainFrame() when it was invalid in // RenderViewCreated(). See https://crbug.com/627027. Flaky on Mac. See // https://crbug.com/1044335. #if BUILDFLAG(IS_MAC) #define MAYBE_ReuseRVHWithWebUI … #else #define MAYBE_ReuseRVHWithWebUI … #endif IN_PROC_BROWSER_TEST_F(WebUISecurityTest, MAYBE_ReuseRVHWithWebUI) { … } class WebUIBrowserSideSecurityTest : public WebUISecurityTest { … }; IN_PROC_BROWSER_TEST_F(WebUIBrowserSideSecurityTest, DenyWebAccessToSharedResources) { … } // Test base class that disables site isolation to ensure security properties // of WebUIs hold true even in that mode. class WebUISecurityTestSiteIsolationDisabled : public WebUISecurityTest { … }; // Verify that navigating to WebUI puts it in a locked process even when site // isolation is disabled. IN_PROC_BROWSER_TEST_F(WebUISecurityTestSiteIsolationDisabled, EnsureProcessLockWithoutSiteIsolation) { … } } // namespace content
Codebase Browser
chromium