From 419a0571dda6e5cc297331c845f68da7485302da Mon Sep 17 00:00:00 2001 From: "joaodasilva@chromium.org" Date: Mon, 18 Apr 2011 22:21:46 +0000 Subject: Added DisabledSchemes policy. This is a list of strings. Any protocol scheme listed in this policy is disabled, and URLs using that scheme won't load (either from the Omnibar, links, bookmarks, or when requested from the renderer to the browser). Also introduced ListPrefMember, to track a ListValue preference. "Virtual" or "pseudo" protocol schemes such as "about" and "view-source" are also handled. BUG=57477 TEST=unit_tests, use a policy to disable specific schemes (e.g. "file", "ftp") Review URL: http://codereview.chromium.org/6712065 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82013 0039d316-1c4b-4281-b951-d872f2087c98 --- .../child_process_security_policy_unittest.cc | 33 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) (limited to 'content/browser/child_process_security_policy_unittest.cc') diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc index e20178e..53799b7 100644 --- a/content/browser/child_process_security_policy_unittest.cc +++ b/content/browser/child_process_security_policy_unittest.cc @@ -52,9 +52,25 @@ TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); - EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme")); - p->RegisterPseudoScheme("registered-psuedo-scheme"); - EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme")); + EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); + p->RegisterPseudoScheme("registered-pseudo-scheme"); + EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); +} + +TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) { + ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); + + EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); + std::set disabled_set; + disabled_set.insert("evil-scheme"); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->IsDisabledScheme("evil-scheme")); + EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); + + disabled_set.clear(); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); + EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); } TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { @@ -161,6 +177,17 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + std::set disabled_set; + disabled_set.insert("evil-scheme"); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + disabled_set.clear(); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + // We should forget our state if we repeat a renderer id. p->Remove(kRendererID); p->Add(kRendererID); -- cgit v1.1