Bug 1020477 - CSP in C++: Convert test_csp_ignores_path.js to compiled code tests. r=sstamm
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Wed, 04 Jun 2014 16:35:41 -0700
changeset 187070 5ddd73f7562ee2f72a7876d47504a0c06119cf01
parent 187069 63f80cbd7c35600147a0ff4618b8f9c14f29e67f
child 187071 f627995bd6faf00ac5939dc9d99cd662b7dfc71c
push id26909
push useremorley@mozilla.com
push dateFri, 06 Jun 2014 15:55:30 +0000
treeherdermozilla-central@7146e89a7b83 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs1020477
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1020477 - CSP in C++: Convert test_csp_ignores_path.js to compiled code tests. r=sstamm
content/base/src/nsCSPParser.cpp
content/base/test/TestCSPParser.cpp
--- a/content/base/src/nsCSPParser.cpp
+++ b/content/base/src/nsCSPParser.cpp
@@ -255,30 +255,26 @@ nsCSPParser::subPath(nsCSPHostSrc* aCspH
 
   while (!atEnd() && !peek(DOT)) {
     ++charCounter;
     while (hostChar() || accept(UNDERLINE)) {
       /* consume */
       ++charCounter;
     }
     if (accept(SLASH)) {
-      // do not accept double slashes
-      // see http://tools.ietf.org/html/rfc3986#section-3.3
-      if (accept(SLASH)) {
-        const char16_t* params[] = { mCurToken.get() };
-        logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidSource",
-                                 params, ArrayLength(params));
-        return false;
-      }
+      ++charCounter;
       aCspHost->appendPath(mCurValue);
       // Resetting current value since we are appending parts of the path
       // to aCspHost, e.g; "http://www.example.com/path1/path2" then the
       // first part is "/path1", second part "/path2"
       resetCurValue();
     }
+    if (atEnd()) {
+      return true;
+    }
     if (charCounter > kSubHostPathCharacterCutoff) {
       return false;
     }
   }
   aCspHost->appendPath(mCurValue);
   resetCurValue();
   return true;
 }
@@ -300,16 +296,18 @@ nsCSPParser::path(nsCSPHostSrc* aCspHost
     const char16_t* params[] = { mCurToken.get() };
     logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidSource",
                              params, ArrayLength(params));
     return false;
   }
   if (atEnd()) {
     return true;
   }
+  // path can begin with "/" but not "//"
+  // see http://tools.ietf.org/html/rfc3986#section-3.3
   if (!hostChar()) {
     const char16_t* params[] = { mCurToken.get() };
     logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidSource",
                              params, ArrayLength(params));
     return false;
   }
   return subPath(aCspHost);
 }
--- a/content/base/test/TestCSPParser.cpp
+++ b/content/base/test/TestCSPParser.cpp
@@ -386,16 +386,20 @@ nsresult TestSimplePolicies() {
     { "default-src app://{app-host-is-uid}",
       "default-src app://{app-host-is-uid}" },
     { "   ;   default-src abc",
       "default-src http://abc" },
     { " ; ; ; ;     default-src            abc    ; ; ; ;",
       "default-src http://abc" },
     { "script-src 'none' 'none' 'none';",
       "script-src 'none'" },
+    { "script-src http://www.example.com/path-1//",
+      "script-src http://www.example.com" },
+    { "script-src http://www.example.com/path-1//path_2",
+      "script-src http://www.example.com" },
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
   return runTestSuite(policies, policyCount, 1);
 }
 
 // ============================= TestPoliciesThatLogWarning ========================
 
@@ -436,18 +440,16 @@ nsresult TestBadPolicies() {
     { "script-src abc::::::88", "" },
     { "asdf http://test.com", ""},
     { "script-src *.*:*", "" },
     { "img-src *::88", "" },
     { "object-src http://localhost:", "" },
     { "script-src test..com", "" },
     { "script-src sub1.sub2.example+", "" },
     { "script-src http://www.example.com//", "" },
-    { "script-src http://www.example.com/path-1//", "" },
-    { "script-src http://www.example.com/path-1//path_2", "" },
     { "script-src http://www.example.com:88path-1/", "" },
     { "script-src http://www.example.com:88//", "" },
     { "script-src http://www.example.com:88//path-1", "" },
     { "script-src http://www.example.com:88//path-1", "" },
     { "script-src http://www.example.com:88/.js", "" },
     { "script-src http://www.example.com:88.js", "" },
     { "script-src http://www.example.com:*.js", "" },
     { "script-src http://www.example.com:*.", "" },
@@ -714,16 +716,157 @@ nsresult TestBadGeneratedPolicies() {
     { "default-src ", ""},
     { "img-src ", ""}
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
   return runTestSuite(policies, policyCount, 0);
 }
 
+// ============ TestGoodGeneratedPoliciesForPathHandling ============
+
+nsresult TestGoodGeneratedPoliciesForPathHandling() {
+  // Once bug 808292 (Implement path-level host-source matching to CSP)
+  // lands we have to update the expected output to include the parsed path
+
+  static const PolicyTest policies[] =
+  {
+    { "img-src http://test1.example.com",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/file.js",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/file_1.js",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/file-2.js",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/f.js",
+      "img-src http://test1.example.com" },
+    { "img-src http://test1.example.com/path-1/path_2/f.oo.js",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/file.js",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/file_1.js",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/file-2.js",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/f.js",
+      "img-src http://test1.example.com" },
+    { "img-src test1.example.com/path-1/path_2/f.oo.js",
+      "img-src http://test1.example.com" },
+    { "img-src *.example.com",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/file.js",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/file_1.js",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/file-2.js",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/f.js",
+      "img-src http://*.example.com" },
+    { "img-src *.example.com/path-1/path_2/f.oo.js",
+      "img-src http://*.example.com" },
+    { "img-src test1.example.com:80",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1/",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1/path_2",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1/path_2/",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1/path_2/file.js",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:80/path-1/path_2/f.ile.js",
+      "img-src http://test1.example.com:80" },
+    { "img-src test1.example.com:*",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1/",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1/path_2",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1/path_2/",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1/path_2/file.js",
+      "img-src http://test1.example.com:*" },
+    { "img-src test1.example.com:*/path-1/path_2/f.ile.js",
+      "img-src http://test1.example.com:*" },
+    { "img-src http://test1.example.com/abc//",
+      "img-src http://test1.example.com" },
+    { "img-src https://test1.example.com/abc/def//",
+      "img-src https://test1.example.com" },
+    { "img-src https://test1.example.com/abc/def/ghi//",
+      "img-src https://test1.example.com" },
+    { "img-src http://test1.example.com:80/abc//",
+      "img-src http://test1.example.com:80" },
+    { "img-src https://test1.example.com:80/abc/def//",
+      "img-src https://test1.example.com:80" },
+    { "img-src https://test1.example.com:80/abc/def/ghi//",
+      "img-src https://test1.example.com:80" },
+    { "img-src https://test1.example.com/abc////////////def/",
+      "img-src https://test1.example.com" },
+    { "img-src https://test1.example.com/abc////////////",
+      "img-src https://test1.example.com" },
+  };
+
+  uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
+  return runTestSuite(policies, policyCount, 1);
+}
+
+// ============ TestBadGeneratedPoliciesForPathHandling ============
+
+nsresult TestBadGeneratedPoliciesForPathHandling() {
+
+  static const PolicyTest policies[] =
+  {
+    { "img-src test1.example.com:88path-1/", "" },
+    { "img-src test1.example.com:80.js", "" },
+    { "img-src test1.example.com:*.js", "" },
+    { "img-src test1.example.com:*.", "" },
+    { "img-src http://test1.example.com//", "" },
+    { "img-src http://test1.example.com:80//", "" },
+    { "img-src http://test1.example.com:80abc", "" },
+  };
+
+  uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
+  return runTestSuite(policies, policyCount, 0);
+}
+
 // ============================= TestFuzzyPolicies ========================
 
 // Use a policy, eliminate one character at a time,
 // and feed it as input to the parser.
 
 nsresult TestShorteningPolicies() {
 
   char pol[] = "default-src http://www.sub1.sub2.example.com:88/path1/path2/ 'unsafe-inline' 'none'";
@@ -870,27 +1013,29 @@ nsresult TestFuzzyPoliciesIncDirLimASCII
 
 int main(int argc, char** argv) {
 
   ScopedXPCOM xpcom("ContentSecurityPolicyParser");
   if (xpcom.failed()) {
     return 1;
   }
 
-  if (NS_FAILED(TestDirectives()))                   { return 1; }
-  if (NS_FAILED(TestKeywords()))                     { return 1; }
-  if (NS_FAILED(TestIgnoreUpperLowerCasePolicies())) { return 1; }
-  if (NS_FAILED(TestIgnorePaths()))                  { return 1; }
-  if (NS_FAILED(TestSimplePolicies()))               { return 1; }
-  if (NS_FAILED(TestPoliciesThatLogWarning()))       { return 1; }
-  if (NS_FAILED(TestBadPolicies()))                  { return 1; }
-  if (NS_FAILED(TestGoodGeneratedPolicies()))        { return 1; }
-  if (NS_FAILED(TestBadGeneratedPolicies()))         { return 1; }
-  if (NS_FAILED(TestShorteningPolicies()))           { return 1; }
+  if (NS_FAILED(TestDirectives()))                           { return 1; }
+  if (NS_FAILED(TestKeywords()))                             { return 1; }
+  if (NS_FAILED(TestIgnoreUpperLowerCasePolicies()))         { return 1; }
+  if (NS_FAILED(TestIgnorePaths()))                          { return 1; }
+  if (NS_FAILED(TestSimplePolicies()))                       { return 1; }
+  if (NS_FAILED(TestPoliciesThatLogWarning()))               { return 1; }
+  if (NS_FAILED(TestBadPolicies()))                          { return 1; }
+  if (NS_FAILED(TestGoodGeneratedPolicies()))                { return 1; }
+  if (NS_FAILED(TestBadGeneratedPolicies()))                 { return 1; }
+  if (NS_FAILED(TestGoodGeneratedPoliciesForPathHandling())) { return 1; }
+  if (NS_FAILED(TestBadGeneratedPoliciesForPathHandling()))  { return 1; }
+  if (NS_FAILED(TestShorteningPolicies()))                   { return 1; }
 
 #if RUN_OFFLINE_TESTS
-  if (NS_FAILED(TestFuzzyPolicies()))                { return 1; }
-  if (NS_FAILED(TestFuzzyPoliciesIncDir()))          { return 1; }
-  if (NS_FAILED(TestFuzzyPoliciesIncDirLimASCII()))  { return 1; }
+  if (NS_FAILED(TestFuzzyPolicies()))                        { return 1; }
+  if (NS_FAILED(TestFuzzyPoliciesIncDir()))                  { return 1; }
+  if (NS_FAILED(TestFuzzyPoliciesIncDirLimASCII()))          { return 1; }
 #endif
 
   return 0;
 }