Tests for Bug 631040 - parse CSP default-src as equivalent to allow, r=jst,geekboy
authorBrandon Sterne <bsterne@mozilla.com>
Sun, 10 Apr 2011 11:23:23 -0700
changeset 67758 abd037fb8da41a3f652a69a0365a2c18b0f85d31
parent 67757 90140c158e789994c6615d7090dc7f7031fac504
child 67786 21ce62e6aebe67bfcdf4b9c2f32ce30a4bff3ea2
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjst, geekboy
bugs631040
milestone2.2a1pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Tests for Bug 631040 - parse CSP default-src as equivalent to allow, r=jst,geekboy
content/base/test/file_CSP_main.html^headers^
content/base/test/test_bug548193.html
content/base/test/unit/test_csputils.js
--- a/content/base/test/file_CSP_main.html^headers^
+++ b/content/base/test/file_CSP_main.html^headers^
@@ -1,1 +1,1 @@
-X-Content-Security-Policy: allow 'self'
+X-Content-Security-Policy: default-src 'self'
--- a/content/base/test/test_bug548193.html
+++ b/content/base/test/test_bug548193.html
@@ -86,17 +86,17 @@ window.checkResults = function(reportObj
   is(cspReport["request"],
      "GET http://mochi.test:8888/tests/content/base/test/" + testFile + " HTTP/1.1",
      "Incorrect violating request");
   // correct blocked-uri
   is(cspReport["blocked-uri"],
      "http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png",
      "Incorrect blocked uri");
   // correct violated-directive
-  is(cspReport["violated-directive"], "allow http://mochi.test:8888",
+  is(cspReport["violated-directive"], "default-src http://mochi.test:8888",
      "Incorrect violated directive");
   // not practical to test request-headers as header names and values will
   // change with the trunk
 }
 
 window.examiner = new examiner();
 
 SimpleTest.waitForExplicitFinish();
--- a/content/base/test/unit/test_csputils.js
+++ b/content/base/test/unit/test_csputils.js
@@ -68,21 +68,21 @@ function do_check_in_array(arr, val, sta
 }
 
 // helper to assert that an object or array must have a given key
 function do_check_has_key(foo, key, stack) {
   if (!stack) 
     stack = Components.stack.caller;
 
   var keys = [];
-  for(let k in keys) { keys.push(k); }
+  for (let k in foo) { keys.push(k); }
   var text = key + " in [" + keys.join(",") + "]";
 
-  for(var x in foo) {
-    if(x == key) {
+  for (var x in foo) {
+    if (x == key) {
       //succeed
       ++_passedChecks;
       dump("TEST-PASS | " + stack.filename + " | [" + stack.name + " : " +
            stack.lineNumber + "] " + text + "\n");
       return;
     }
   }
   do_throw(text, stack);
@@ -354,36 +354,67 @@ test(
 test(
     function test_CSPRep_fromString() {
 
       // check default init
       //ASSERT(!(new CSPRep())._isInitialized, "Uninitialized rep thinks it is.")
 
       var cspr;
       var cspr_allowval;
+      var SD = CSPRep.SRC_DIRECTIVES;
 
       // check default policy "allow *"
       cspr = CSPRep.fromString("allow *", "http://self.com:80");
-      //"ALLOW directive is missing when specified in fromString"
-      do_check_has_key(cspr._directives, CSPRep.SRC_DIRECTIVES.ALLOW);
+      // "DEFAULT_SRC directive is missing when specified in fromString"
+      do_check_has_key(cspr._directives, SD.DEFAULT_SRC);
 
       // ... and check that the other directives were auto-filled with the
-      // ALLOW one.
-      var SD = CSPRep.SRC_DIRECTIVES;
-      cspr_allowval = cspr._directives[SD.ALLOW];
-      for(var d in CSPRep.SRC_DIRECTIVES) {
+      // DEFAULT_SRC one.
+      cspr_allowval = cspr._directives[SD.DEFAULT_SRC];
+      for(var d in SD) {
         //"Missing key " + d
         do_check_has_key(cspr._directives, SD[d]);
         //"Implicit directive " + d + " has non-allow value."
         do_check_eq(cspr._directives[SD[d]].toString(), cspr_allowval.toString());
       }
     });
 
 
 test(
+    function test_CSPRep_defaultSrc() {
+      var cspr, cspr_default_val, cspr_allow;
+      var SD = CSPRep.SRC_DIRECTIVES;
+
+      // apply policy of "default-src *" (e.g. "allow *")
+      cspr = CSPRep.fromString("default-src *", "http://self.com:80");
+      // "DEFAULT_SRC directive is missing when specified in fromString"
+      do_check_has_key(cspr._directives, SD.DEFAULT_SRC);
+
+      // check that the other directives were auto-filled with the
+      // DEFAULT_SRC one.
+      cspr_default_val = cspr._directives[SD.DEFAULT_SRC];
+      for (var d in SD) {
+        do_check_has_key(cspr._directives, SD[d]);
+        // "Implicit directive " + d + " has non-default-src value."
+        do_check_eq(cspr._directives[SD[d]].toString(), cspr_default_val.toString());
+      }
+
+      // check that |allow *| and |default-src *| are parsed equivalently and
+      // result in the same set of explicit policy directives
+      cspr = CSPRep.fromString("default-src *", "http://self.com:80");
+      cspr_allow = CSPRep.fromString("allow *", "http://self.com:80");
+
+      for (var d in SD) {
+        do_check_equivalent(cspr._directives[SD[d]],
+                            cspr_allow._directives[SD[d]]);
+      }
+    });
+
+
+test(
     function test_CSPRep_fromString_oneDir() {
 
       var cspr;
       var SD = CSPRep.SRC_DIRECTIVES;
       var DEFAULTS = [SD.STYLE_SRC, SD.MEDIA_SRC, SD.IMG_SRC, SD.FRAME_SRC];
 
       // check one-directive policies
       cspr = CSPRep.fromString("allow bar.com; script-src https://foo.com",