gears/base/common/security_model_test.cc

   1 // Copyright 2006, Google Inc.
   2 //
   3 // Redistribution and use in source and binary forms, with or without
   4 // modification, are permitted provided that the following conditions are met:
   5 //
   6 //  1. Redistributions of source code must retain the above copyright notice,
   7 //     this list of conditions and the following disclaimer.
   8 //  2. Redistributions in binary form must reproduce the above copyright notice,
   9 //     this list of conditions and the following disclaimer in the documentation
  10 //     and/or other materials provided with the distribution.
  11 //  3. Neither the name of Google Inc. nor the names of its contributors may be
  12 //     used to endorse or promote products derived from this software without
  13 //     specific prior written permission.
  14 //
  15 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
  16 // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  17 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
  18 // EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  19 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  20 // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  21 // OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  22 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  23 // OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  24 // ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  25
  26 #ifdef DEBUG
  27
  28 #include <string>
  29 #include "gears/base/common/common.h"
  30 #include "gears/base/common/security_model.h"
  31
  32 // We don't use google3/testing/base/gunit because our tests depend of
  33 // browser specific code that needs to run in the context of the browser.
  34
  35 #define ASSERT_TRUE(b) \
  36 { \
  37   if (!(b)) { \
  38     LOG(("SecurityModelTests - failed (%d)\n", __LINE__)); \
  39     return false; \
  40   } \
  41 }
  42
  43 #define ASSERT_FALSE(b) ASSERT_TRUE(!(b))
  44
  45 bool TestSecurityModel() {
  46   SecurityOrigin origin;
  47   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"http://www.google.com/")));
  48   ASSERT_TRUE(origin.scheme() == STRING16(L"http"));
  49   ASSERT_TRUE(origin.host() == STRING16(L"www.google.com"));
  50   ASSERT_TRUE(origin.port() == 80);
  51
  52   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"https://www.google.com/")));
  53   ASSERT_TRUE(origin.scheme() == STRING16(L"https"));
  54   ASSERT_TRUE(origin.host() == STRING16(L"www.google.com"));
  55   ASSERT_TRUE(origin.port() == 443);
  56
  57   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"file://whatever/")));
  58   ASSERT_TRUE(origin.scheme() == STRING16(L"file"));
  59   ASSERT_TRUE(origin.host() == kUnknownDomain);
  60   ASSERT_TRUE(origin.port() == 0);
  61
  62   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"http://www.google.com:99/")));
  63   ASSERT_TRUE(origin.scheme() == STRING16(L"http"));
  64   ASSERT_TRUE(origin.host() == STRING16(L"www.google.com"));
  65   ASSERT_TRUE(origin.port() == 99);
  66
  67   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"HTTP://www.GOOGLE.com/")));
  68   ASSERT_TRUE(origin.scheme() == STRING16(L"http"));
  69   ASSERT_TRUE(origin.host() == STRING16(L"www.google.com"));
  70   ASSERT_TRUE(origin.port() == 80);
  71
  72   ASSERT_TRUE(origin.InitFromUrl(STRING16(L"HTTPS://www.GOOGLE.com/")));
  73   ASSERT_TRUE(origin.scheme() == STRING16(L"https"));
  74   ASSERT_TRUE(origin.host() == STRING16(L"www.google.com"));
  75   ASSERT_TRUE(origin.port() == 443);
  76
  77   // Make sure we can crack the generated URL for local hosts
  78   const char16 *kLocalSecurityUrl = STRING16(L"file://_null_.localdomain");
  79   ASSERT_TRUE(origin.InitFromUrl(kLocalSecurityUrl));
  80   ASSERT_TRUE(origin.url() == kLocalSecurityUrl);
  81
  82   // Explicitly disallow urls with userid:password
  83   ASSERT_FALSE(origin.InitFromUrl(
  84     STRING16(L"http://userid:password@www.google.com:33/")));
  85
  86   ASSERT_FALSE(origin.InitFromUrl(STRING16(L"ftp://ftp.google.com/")));
  87   ASSERT_FALSE(origin.InitFromUrl(STRING16(L"blah")));
  88   ASSERT_FALSE(origin.InitFromUrl(STRING16(L"http://")));
  89   ASSERT_FALSE(origin.InitFromUrl(STRING16(L"")));
  90
  91   SecurityOrigin origin2;
  92   const char16 *kScheme = STRING16(L"http");
  93   const char16 *kHost = STRING16(L"file");
  94   const char16 *kFullUrl = STRING16(L"http://dummy.url.not.used/");
  95   const int kPort = 1;
  96   // We use a value for kHost that is a supported scheme to avoid an
  97   // assert in IsDefaultPort about unsupported schemes. The private
  98   // Init method we use below calls thru to that function.
  99
 100   origin.Init(kFullUrl, kScheme, kHost, kPort);
 101   origin2.Init(kFullUrl, kScheme, kHost, kPort);
 102
 103   ASSERT_TRUE(origin.IsSameOrigin(origin2));
 104
 105   origin2.Init(kFullUrl, kScheme, kHost, kPort + 1);
 106   ASSERT_FALSE(origin.IsSameOrigin(origin2));
 107
 108   origin2.Init(kFullUrl, kHost, kHost, kPort);
 109   ASSERT_FALSE(origin.IsSameOrigin(origin2));
 110
 111   origin2.Init(kFullUrl, kScheme, kScheme, kPort);
 112   ASSERT_FALSE(origin.IsSameOrigin(origin2));
 113
 114   LOG(("TestSecurityModel - passed\n"));
 115   return true;
 116 }
 117
 118 #endif  // DEBUG