Bug 808292 - CSP: Implement path-level host-source matching, mochitests (r=grobinson,sstamm)

2014-08-12 13:08:52 -07:00 · 2014-08-12 13:08:52 -07:00 · 43454d7579
--- a/content/base/test/csp/file_csp_regexp_parsing.html
+++ b/content/base/test/csp/file_csp_regexp_parsing.html
@ -1,10 +1,10 @@
 <!DOCTYPE HTML>
 <html>
  <head>
-    <title>Bug 916054 - URLs with path are ignored by FF's CSP parser</title>
+    <title>Bug 808292 - Implement path-level host-source matching to CSP</title>
  </head>
  <body>
  <div id="testdiv">blocked</div>
-  <script src="http://test1.example.com/tests/content/base/test/csp/file_csp_regexp_parsing.js"></script>
+  <script src="http://test1.example.com/tests/content/base/test/csp/file_csp_path_matching.js#foo"></script>
 </body>
 </html>
--- a/content/base/test/csp/file_csp_regexp_parsing.js
+++ b/content/base/test/csp/file_csp_regexp_parsing.js
--- a/content/base/test/csp/mochitest.ini
+++ b/content/base/test/csp/mochitest.ini
@ -81,9 +81,9 @@ support-files =
  file_hash_source.html^headers^
  file_self_none_as_hostname_confusion.html
  file_self_none_as_hostname_confusion.html^headers^
+  file_csp_path_matching.html
+  file_csp_path_matching.js
  file_csp_testserver.sjs
-  file_csp_regexp_parsing.html
-  file_csp_regexp_parsing.js
  file_report_uri_missing_in_report_only_header.html
  file_report_uri_missing_in_report_only_header.html^headers^
  file_csp_report.html
@ -121,7 +121,7 @@ skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'and
 skip-if = e10s || buildapp == 'b2g' # can't compute hashes in child process (bug 958702)
 [test_self_none_as_hostname_confusion.html]
 [test_bug949549.html]
-[test_csp_regexp_parsing.html]
+[test_csp_path_matching.html]
 [test_report_uri_missing_in_report_only_header.html]
 [test_csp_report.html]
 skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observer not supported in child process (bug 1009632)
--- a/content/base/test/csp/test_csp_regexp_parsing.html
+++ b/content/base/test/csp/test_csp_regexp_parsing.html
@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <title>Bug 916054 - URLs with path are ignored by FF's CSP parser</title>
+  <title>Bug 808292 - Implement path-level host-source matching to CSP</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
@ -16,49 +16,51 @@

 SimpleTest.waitForExplicitFinish();

+/* Description of the test:
+ * We are loading the following url (including a fragment portion):
+ * http://test1.example.com/tests/content/base/test/csp/file_csp_path_matching.js#foo
+ * using different policies and verify that the applied policy is accurately enforced.
+ */
+
 var policies = [
  ["allowed", "*"],
  ["allowed", "test1.example.com"],
  ["allowed", "test1.example.com/"],
-  ["allowed", "test1.example.com/path-1"],
-  ["allowed", "test1.example.com/path-1/"],
-  ["allowed", "test1.example.com/path-1/path_2/"],
-  ["allowed", "test1.example.com/path-1/path_2/file.js"],
-  ["allowed", "test1.example.com/path-1/path_2/file_1.js"],
-  ["allowed", "test1.example.com/path-1/path_2/file-2.js"],
-  ["allowed", "test1.example.com/path-1/path_2/f.js"],
-  ["allowed", "test1.example.com/path-1/path_2/f.oo.js"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/file_csp_path_matching.js"],
+
+  ["allowed", "test1.example.com?foo=val"],
+  ["allowed", "test1.example.com/?foo=val"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/?foo=val"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/file_csp_path_matching.js?foo=val"],
+
+  ["allowed", "test1.example.com#foo"],
+  ["allowed", "test1.example.com/#foo"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/#foo"],
+  ["allowed", "test1.example.com/tests/content/base/test/csp/file_csp_path_matching.js#foo"],
+
  ["allowed", "*.example.com"],
  ["allowed", "*.example.com/"],
-  ["allowed", "*.example.com/path-1"],
-  ["allowed", "*.example.com/path-1/"],
-  ["allowed", "*.example.com/path-1/path_2/"],
-  ["allowed", "*.example.com/path-1/path_2/file.js"],
-  ["allowed", "*.example.com/path-1/path_2/file_1.js"],
-  ["allowed", "*.example.com/path-1/path_2/file-2.js"],
-  ["allowed", "*.example.com/path-1/path_2/f.js"],
-  ["allowed", "*.example.com/path-1/path_2/f.oo.js"],
+  ["allowed", "*.example.com/tests/content/base/test/csp/"],
+  ["allowed", "*.example.com/tests/content/base/test/csp/file_csp_path_matching.js"],
+
  ["allowed", "test1.example.com:80"],
  ["allowed", "test1.example.com:80/"],
-  ["allowed", "test1.example.com:80/path-1"],
-  ["allowed", "test1.example.com:80/path-1/"],
-  ["allowed", "test1.example.com:80/path-1/path_2"],
-  ["allowed", "test1.example.com:80/path-1/path_2/"],
-  ["allowed", "test1.example.com:80/path-1/path_2/file.js"],
-  ["allowed", "test1.example.com:80/path-1/path_2/f.ile.js"],
+  ["allowed", "test1.example.com:80/tests/content/base/test/csp/"],
+  ["allowed", "test1.example.com:80/tests/content/base/test/csp/file_csp_path_matching.js"],
+
  ["allowed", "test1.example.com:*"],
  ["allowed", "test1.example.com:*/"],
-  ["allowed", "test1.example.com:*/path-1"],
-  ["allowed", "test1.example.com:*/path-1/"],
-  ["allowed", "test1.example.com:*/path-1/path_2"],
-  ["allowed", "test1.example.com:*/path-1/path_2/"],
-  ["allowed", "test1.example.com:*/path-1/path_2/file.js"],
-  ["allowed", "test1.example.com:*/path-1/path_2/f.ile.js"],
-  // the following tests should fail
-  ["blocked", "test1.example.com:88path-1/"],
-  ["blocked", "test1.example.com:80.js"],
-  ["blocked", "test1.example.com:*.js"],
-  ["blocked", "test1.example.com:*."]
+  ["allowed", "test1.example.com:*/tests/content/base/test/csp/"],
+  ["allowed", "test1.example.com:*/tests/content/base/test/csp/file_csp_path_matching.js"],
+
+  ["blocked", "test1.example.com/tests"],
+  ["blocked", "test1.example.com/tests/content/base/test/csp"],
+  ["blocked", "test1.example.com/tests/content/base/test/csp/file_csp_path_matching.py"],
+
+  ["blocked", "test1.example.com:8888/tests"],
+  ["blocked", "test1.example.com:8888/tests/content/base/test/csp"],
+  ["blocked", "test1.example.com:8888/tests/content/base/test/csp/file_csp_path_matching.py"],
 ]

 var counter = 0;
@ -72,7 +74,7 @@ function loadNextTest() {
    policy = policies[counter++];
    var src = "file_csp_testserver.sjs";
    // append the file that should be served
-    src += "?file=" + escape("tests/content/base/test/csp/file_csp_regexp_parsing.html");
+    src += "?file=" + escape("tests/content/base/test/csp/file_csp_path_matching.html");
    // append the CSP that should be used to serve the file
    src += "&csp=" + escape("default-src 'none'; script-src " + policy[1]);