// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h" #include "base/test/scoped_feature_list.h" #include "services/network/public/cpp/features.h" #include "testing/gmock/include/gmock/gmock-matchers.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/public/common/security_context/insecure_request_policy.h" #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h" #include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink.h" #include "third_party/blink/renderer/core/dom/document.h" #include "third_party/blink/renderer/core/dom/document_init.h" #include "third_party/blink/renderer/core/frame/csp/csp_directive_list.h" #include "third_party/blink/renderer/core/frame/csp/test_util.h" #include "third_party/blink/renderer/core/frame/local_dom_window.h" #include "third_party/blink/renderer/core/frame/local_frame.h" #include "third_party/blink/renderer/core/html/html_script_element.h" #include "third_party/blink/renderer/core/testing/dummy_page_holder.h" #include "third_party/blink/renderer/core/testing/null_execution_context.h" #include "third_party/blink/renderer/platform/crypto.h" #include "third_party/blink/renderer/platform/heap/garbage_collected.h" #include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_request.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_response.h" #include "third_party/blink/renderer/platform/network/content_security_policy_parsers.h" #include "third_party/blink/renderer/platform/testing/task_environment.h" #include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/weborigin/scheme_registry.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" namespace blink { namespace { ContentSecurityPolicySource; ContentSecurityPolicyType; Contains; SizeIs; } // namespace class ContentSecurityPolicyTest : public testing::Test { … }; TEST_F(ContentSecurityPolicyTest, ParseInsecureRequestPolicy) { … } MATCHER_P(HasSubstr, s, "") { … } TEST_F(ContentSecurityPolicyTest, AddPolicies) { … } TEST_F(ContentSecurityPolicyTest, IsActiveForConnectionsWithConnectSrc) { … } TEST_F(ContentSecurityPolicyTest, IsActiveForConnectionsWithDefaultSrc) { … } // Tests that sandbox directives are discarded from policies // delivered in <meta> elements. TEST_F(ContentSecurityPolicyTest, SandboxInMeta) { … } // Tests that object-src directives are applied to a request to load a // plugin, but not to subresource requests that the plugin itself // makes. https://crbug.com/603952 TEST_F(ContentSecurityPolicyTest, ObjectSrc) { … } TEST_F(ContentSecurityPolicyTest, ConnectSrc) { … } TEST_F(ContentSecurityPolicyTest, NonceSinglePolicy) { … } TEST_F(ContentSecurityPolicyTest, NonceInline) { … } TEST_F(ContentSecurityPolicyTest, NonceMultiplePolicy) { … } TEST_F(ContentSecurityPolicyTest, DirectiveType) { … } TEST_F(ContentSecurityPolicyTest, RequestsAllowedWhenBypassingCSP) { … } TEST_F(ContentSecurityPolicyTest, FilesystemAllowedWhenBypassingCSP) { … } TEST_F(ContentSecurityPolicyTest, BlobAllowedWhenBypassingCSP) { … } TEST_F(ContentSecurityPolicyTest, CSPBypassDisabledWhenSchemeIsPrivileged) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesNoDirective) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesSimpleDirective) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesWhitespace) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesEmpty) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesStar) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesStarMix) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeDupe) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeDupeStar) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesReserved) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypesReportingStar) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeReportingSimple) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeEnforce) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeReport) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeReportAndEnforce) { … } TEST_F(ContentSecurityPolicyTest, TrustedTypeReportAndNonTTEnforce) { … } TEST_F(ContentSecurityPolicyTest, RequireTrustedTypeForEnforce) { … } TEST_F(ContentSecurityPolicyTest, RequireTrustedTypeForReport) { … } TEST_F(ContentSecurityPolicyTest, DefaultPolicy) { … } TEST_F(ContentSecurityPolicyTest, DirectiveNameCaseInsensitive) { … } // Tests that using an empty CSP works and doesn't impose any policy // restrictions. TEST_F(ContentSecurityPolicyTest, EmptyCSPIsNoOp) { … } TEST_F(ContentSecurityPolicyTest, WasmUnsafeEvalCSPEnable) { … } TEST_F(ContentSecurityPolicyTest, OpaqueOriginBeforeBind) { … } TEST_F(ContentSecurityPolicyTest, SelfForDataMatchesNothing) { … } TEST_F(ContentSecurityPolicyTest, IsStrictPolicyEnforced) { … } TEST_F(ContentSecurityPolicyTest, ReasonableRestrictionMetrics) { … } TEST_F(ContentSecurityPolicyTest, BetterThanReasonableRestrictionMetrics) { … } TEST_F(ContentSecurityPolicyTest, AllowFencedFrameOpaqueURL) { … } } // namespace blink
Codebase Browser
chromium