// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "third_party/blink/renderer/platform/loader/subresource_integrity.h" #include <algorithm> #include "base/memory/scoped_refptr.h" #include "services/network/public/mojom/fetch_api.mojom-blink.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/renderer/platform/crypto.h" #include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h" #include "third_party/blink/renderer/platform/loader/fetch/raw_resource.h" #include "third_party/blink/renderer/platform/loader/fetch/resource.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_load_scheduler.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_loader.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_response.h" #include "third_party/blink/renderer/platform/loader/testing/mock_fetch_context.h" #include "third_party/blink/renderer/platform/runtime_enabled_features.h" #include "third_party/blink/renderer/platform/testing/runtime_enabled_features_test_helpers.h" #include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" #include "third_party/blink/renderer/platform/wtf/text/string_builder.h" #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" #include "third_party/blink/renderer/platform/wtf/vector.h" namespace blink { static const char kBasicScript[] = …; static const char kSha256Integrity[] = …; static const char kSha256IntegrityLenientSyntax[] = …; static const char kSha256IntegrityWithEmptyOption[] = …; static const char kSha256IntegrityWithOption[] = …; static const char kSha256IntegrityWithOptions[] = …; static const char kSha256IntegrityWithMimeOption[] = …; static const char kSha384Integrity[] = …; static const char kSha512Integrity[] = …; static const char kSha384IntegrityLabeledAs256[] = …; static const char kSha256AndSha384Integrities[] = …; static const char kBadSha256AndGoodSha384Integrities[] = …; static const char kGoodSha256AndBadSha384Integrities[] = …; static const char kBadSha256AndBadSha384Integrities[] = …; static const char kUnsupportedHashFunctionIntegrity[] = …; class SubresourceIntegrityTest : public testing::Test { … }; // Test the prioritization (i.e. selecting the "strongest" algorithm. // This effectively tests the definition of IntegrityAlgorithm in // IntegrityMetadata. The test is here, because SubresourceIntegrity is the // class that relies on this working as expected.) TEST_F(SubresourceIntegrityTest, Prioritization) { … } TEST_F(SubresourceIntegrityTest, ParseAlgorithm) { … } TEST_F(SubresourceIntegrityTest, ParseDigest) { … } // // End-to-end parsing tests. // TEST_F(SubresourceIntegrityTest, Parsing) { … } TEST_F(SubresourceIntegrityTest, ParsingBase64) { … } // Tests that SubresourceIntegrity::CheckSubresourceIntegrity behaves correctly // when faced with secure or insecure origins, same origin and cross origin // requests, successful and failing CORS checks as well as when the response was // handled by a service worker. TEST_F(SubresourceIntegrityTest, OriginIntegrity) { … } TEST_F(SubresourceIntegrityTest, FindBestAlgorithm) { … } } // namespace blink
Codebase Browser
chromium