chromium/services/network/public/cpp/content_security_policy/csp_source_list_unittest.cc

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "services/network/public/cpp/content_security_policy/csp_source_list.h"

#include "base/memory/raw_ptr.h"
#include "base/ranges/algorithm.h"
#include "net/http/http_response_headers.h"
#include "services/network/public/cpp/content_security_policy/content_security_policy.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/origin.h"

namespace network {

namespace {

// A CSPSource used in test not interested checking the interactions with
// 'self'. It doesn't match any URL.
static const network::mojom::CSPSource no_self;

// Allow() is an abbreviation of CheckCSPSourceList. Useful for writing
// test expectations on one line.
CSPCheckResult Allow(
    const mojom::CSPSourceListPtr& source_list,
    const GURL& url,
    const mojom::CSPSource& self,
    bool is_redirect = false,
    bool is_response_check = false,
    mojom::CSPDirectiveName directive_name = mojom::CSPDirectiveName::FrameSrc,
    bool is_opaque_fenced_frame = false) { … }

std::vector<mojom::ContentSecurityPolicyPtr> Parse(
    const std::vector<std::string>& policies) { … }

mojom::CSPSourceListPtr ParseToSourceList(mojom::CSPDirectiveName directive,
                                          const std::string& value) { … }

std::vector<mojom::CSPSourceListPtr> ParseToVectorOfSourceLists(
    mojom::CSPDirectiveName directive,
    const std::vector<std::string>& values) { … }

std::vector<const mojom::CSPSourceList*> ToRawPointers(
    const std::vector<mojom::CSPSourceListPtr>& list) { … }

}  // namespace

TEST(CSPSourceList, MultipleSource) { … }

TEST(CSPSourceList, AllowStar) { … }

TEST(CSPSourceList, AllowSelf) { … }

TEST(CSPSourceList, AllowStarAndSelf) { … }

TEST(CSPSourceList, AllowSelfWithUnspecifiedPort) { … }

TEST(CSPSourceList, AllowNone) { … }

TEST(CSPSourceTest, SelfIsUnique) { … }

// Test that 'unsafe-allow-redirects' is only applied to navigate-to.
TEST(CSPSourceList, UnsafeAllowRedirects) { … }

TEST(CSPSourceList, Subsume) { … }

TEST(CSPSourceList, SubsumeWithSelf) { … }

TEST(CSPSourceList, SubsumeAllowAllInline) { … }

TEST(CSPSourceList, SubsumeUnsafeAttributes) { … }

TEST(CSPSourceList, SubsumeNoncesAndHashes) { … }

TEST(CSPSourceList, SubsumeStrictDynamic) { … }

TEST(CSPSourceList, SubsumeListWildcard) { … }

TEST(CSPSourceList, SubsumeListNoScheme) { … }

TEST(CSPSourceList, OpaqueURLMatchingAllowStar) { … }

TEST(CSPSourceList, OpaqueURLMatchingAllowSelf) { … }

}  // namespace network