blob: f8ff8a2252562ab08d06fed1f07b6cdc8db7ce82 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/child/blink_platform_impl.h"
#include <stdint.h>
#include "base/run_loop.h"
#include "base/time/time.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
#include "third_party/WebKit/public/platform/WebString.h"
#include "url/origin.h"
namespace content {
void CheckCastedOriginsAlreadyNormalized(
const blink::WebSecurityOrigin& origin) {
url::Origin checked_origin =
url::Origin::UnsafelyCreateOriginWithoutNormalization(
origin.Protocol().Utf8(), origin.Host().Utf8(),
origin.EffectivePort(), origin.Suborigin().Utf8());
url::Origin non_checked_origin =
url::Origin::CreateFromNormalizedTupleWithSuborigin(
origin.Protocol().Utf8(), origin.Host().Utf8(),
origin.EffectivePort(), origin.Suborigin().Utf8());
EXPECT_EQ(checked_origin.scheme(), non_checked_origin.scheme());
EXPECT_EQ(checked_origin.host(), non_checked_origin.host());
EXPECT_EQ(checked_origin.port(), non_checked_origin.port());
}
TEST(BlinkPlatformTest, CastWebSecurityOrigin) {
struct TestCase {
const char* url;
const char* scheme;
const char* host;
uint16_t port;
const char* suborigin;
} cases[] = {
{"http://example.com", "http", "example.com", 80, ""},
{"http://example.com:80", "http", "example.com", 80, ""},
{"http://example.com:81", "http", "example.com", 81, ""},
{"https://example.com", "https", "example.com", 443, ""},
{"https://example.com:443", "https", "example.com", 443, ""},
{"https://example.com:444", "https", "example.com", 444, ""},
// Copied from url/origin_unittest.cc
// IP Addresses
{"http://192.168.9.1/", "http", "192.168.9.1", 80, ""},
{"http://[2001:db8::1]/", "http", "[2001:db8::1]", 80, ""},
// Punycode
{"http://☃.net/", "http", "xn--n3h.net", 80, ""},
{"blob:http://☃.net/", "http", "xn--n3h.net", 80, ""},
// Generic URLs
{"http://example.com/", "http", "example.com", 80, ""},
{"http://example.com:123/", "http", "example.com", 123, ""},
{"https://example.com/", "https", "example.com", 443, ""},
{"https://example.com:123/", "https", "example.com", 123, ""},
{"http://user:pass@example.com/", "http", "example.com", 80, ""},
{"http://example.com:123/?query", "http", "example.com", 123, ""},
{"https://example.com/#1234", "https", "example.com", 443, ""},
{"https://u:p@example.com:123/?query#1234", "https", "example.com", 123,
""},
// Registered URLs
{"ftp://example.com/", "ftp", "example.com", 21, ""},
{"ws://example.com/", "ws", "example.com", 80, ""},
{"wss://example.com/", "wss", "example.com", 443, ""},
// file: URLs
{"file:///etc/passwd", "file", "", 0, ""},
{"file://example.com/etc/passwd", "file", "example.com", 0, ""},
// Filesystem:
{"filesystem:http://example.com/type/", "http", "example.com", 80, ""},
{"filesystem:http://example.com:123/type/", "http", "example.com", 123,
""},
{"filesystem:https://example.com/type/", "https", "example.com", 443, ""},
{"filesystem:https://example.com:123/type/", "https", "example.com", 123,
""},
// Blob:
{"blob:http://example.com/guid-goes-here", "http", "example.com", 80, ""},
{"blob:http://example.com:123/guid-goes-here", "http", "example.com", 123,
""},
{"blob:https://example.com/guid-goes-here", "https", "example.com", 443,
""},
{"blob:http://u:p@example.com/guid-goes-here", "http", "example.com", 80,
""},
{"blob:https://example.co.uk/guid-goes-here", "https", "example.co.uk",
443, ""},
// Suborigins
{"http-so://foobar.example.com", "http", "example.com", 80, "foobar"},
{"http-so://foobar.example.com:80", "http", "example.com", 80, "foobar"},
{"http-so://foobar.example.com:81", "http", "example.com", 81, "foobar"},
{"https-so://foobar.example.com", "https", "example.com", 443, "foobar"},
{"https-so://foobar.example.com:443", "https", "example.com", 443,
"foobar"},
{"https-so://foobar.example.com:444", "https", "example.com", 444,
"foobar"},
};
for (const auto& test : cases) {
SCOPED_TRACE(testing::Message() << test.url);
blink::WebSecurityOrigin web_origin =
blink::WebSecurityOrigin::CreateFromString(
blink::WebString::FromUTF8(test.url));
EXPECT_EQ(test.scheme, web_origin.Protocol().Utf8());
EXPECT_EQ(test.host, web_origin.Host().Utf8());
EXPECT_EQ(test.port, web_origin.EffectivePort());
EXPECT_EQ(test.suborigin, web_origin.Suborigin().Utf8());
url::Origin url_origin = web_origin;
EXPECT_EQ(test.scheme, url_origin.scheme());
EXPECT_EQ(test.host, url_origin.host());
EXPECT_EQ(test.port, url_origin.port());
EXPECT_EQ(test.suborigin, url_origin.suborigin());
web_origin = url::Origin::Create(GURL(test.url));
EXPECT_EQ(test.scheme, web_origin.Protocol().Utf8());
EXPECT_EQ(test.host, web_origin.Host().Utf8());
EXPECT_EQ(test.port, web_origin.EffectivePort());
EXPECT_EQ(test.suborigin, web_origin.Suborigin().Utf8());
CheckCastedOriginsAlreadyNormalized(web_origin);
}
{
SCOPED_TRACE(testing::Message() << "null");
blink::WebSecurityOrigin web_origin =
blink::WebSecurityOrigin::CreateUnique();
EXPECT_TRUE(web_origin.IsUnique());
url::Origin url_origin = web_origin;
EXPECT_TRUE(url_origin.unique());
EXPECT_EQ("", url_origin.suborigin());
web_origin = url::Origin::Create(GURL(""));
EXPECT_TRUE(web_origin.IsUnique());
}
}
// This test ensures that WebSecurityOrigins can safely use
// url::Origin::CreateFromNormalizedTupleWithSuborigin when doing conversions.
TEST(BlinkPlatformTest, WebSecurityOriginNormalization) {
struct TestCases {
const char* url;
} cases[] = {{""},
{"javascript:alert(1)"},
{"file://example.com:443/etc/passwd"},
{"blob:https://example.com/uuid-goes-here"},
{"filesystem:https://example.com/temporary/yay.png"},
{"data"},
{"blob:"},
{"chrome://,/"},
{"xkcd://927"},
{"filesystem"},
{"data://example.com:80"},
{"http://☃.net:80"},
{"http\nmore://example.com:80"},
{"http\rmore://:example.com:80"},
{"http\n://example.com:80"},
{"http\r://example.com:80"},
{"http://example.com\nnot-example.com:80"},
{"http://example.com\rnot-example.com:80"},
{"http://example.com\n:80"},
{"http://example.com\r:80"},
{"http://example.com:0"},
{"http://EXAMPLE.com"},
{"http://EXAMPLE.com/%3Afoo"},
{"https://example.com:443"},
{"file:///"},
{"file:///root:80"}};
for (const auto& test : cases) {
SCOPED_TRACE(testing::Message() << test.url);
blink::WebSecurityOrigin web_origin =
blink::WebSecurityOrigin::CreateFromString(
blink::WebString::FromUTF8(test.url));
CheckCastedOriginsAlreadyNormalized(web_origin);
}
}
} // namespace content