1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/command_line.h" 6#include "content/public/common/content_switches.h" 7#include "content/public/test/browser_test_utils.h" 8#include "content/public/test/content_browser_test.h" 9#include "content/public/test/content_browser_test_utils.h" 10 11namespace content { 12 13// These tests simulate exploited renderer processes, which can fetch arbitrary 14// resources from other websites, not constrained by the Same Origin Policy. We 15// are trying to verify that the renderer cannot fetch any cross-site document 16// responses even when the Same Origin Policy is turned off inside the renderer. 17class SiteIsolationPolicyBrowserTest : public ContentBrowserTest { 18 public: 19 SiteIsolationPolicyBrowserTest() {} 20 virtual ~SiteIsolationPolicyBrowserTest() {} 21 22 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 23 ASSERT_TRUE(test_server()->Start()); 24 net::SpawnedTestServer https_server( 25 net::SpawnedTestServer::TYPE_HTTPS, 26 net::SpawnedTestServer::kLocalhost, 27 base::FilePath(FILE_PATH_LITERAL("content/test/data"))); 28 ASSERT_TRUE(https_server.Start()); 29 30 // Add a host resolver rule to map all outgoing requests to the test server. 31 // This allows us to use "real" hostnames in URLs, which we can use to 32 // create arbitrary SiteInstances. 33 command_line->AppendSwitchASCII( 34 switches::kHostResolverRules, 35 "MAP * " + test_server()->host_port_pair().ToString() + 36 ",EXCLUDE localhost"); 37 38 // Since we assume exploited renderer process, it can bypass the same origin 39 // policy at will. Simulate that by passing the disable-web-security flag. 40 command_line->AppendSwitch(switches::kDisableWebSecurity); 41 42 // We assume that we're using our cross-site document blocking logic which 43 // is turned on even when the Same Origin Policy is turned off. 44 command_line->AppendSwitch(switches::kBlockCrossSiteDocuments); 45 } 46 47 private: 48 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest); 49}; 50 51// TODO(dsjang): we cannot run these tests on Android since SetUpCommandLine() 52// is executed before the I/O thread is created on Android. After this bug 53// (crbug.com/278425) is resolved, we can enable this test case on Android. 54#if defined(OS_ANDROID) 55#define MAYBE_CrossSiteDocumentBlockingForMimeType \ 56 DISABLED_CrossSiteDocumentBlockingForMimeType 57#else 58#define MAYBE_CrossSiteDocumentBlockingForMimeType \ 59 CrossSiteDocumentBlockingForMimeType 60#endif 61 62IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, 63 MAYBE_CrossSiteDocumentBlockingForMimeType) { 64 // Load a page that issues illegal cross-site document requests to bar.com. 65 // The page uses XHR to request HTML/XML/JSON documents from bar.com, and 66 // inspects if any of them were successfully received. The XHR requests will 67 // get a one character string ' ' for a blocked response. This test is only 68 // possible since we run the browser without the same origin policy. 69 GURL foo("http://foo.com/files/cross_site_document_request.html"); 70 71 content::DOMMessageQueue msg_queue; 72 73 NavigateToURL(shell(), foo); 74 75 std::string status; 76 // The page will return 1 from the DOMAutomationController if it succeeds, 77 // otherwise it will return 0. 78 std::string expected_status("1"); 79 EXPECT_TRUE(msg_queue.WaitForMessage(&status)); 80 EXPECT_STREQ(status.c_str(), expected_status.c_str()); 81} 82 83// TODO(dsjang): we cannot run these tests on Android since SetUpCommandLine() 84// is executed before the I/O thread is created on Android. After this bug 85// (crbug.com/278425) is resolved, we can enable this test case on Android. 86#if defined(OS_ANDROID) 87#define MAYBE_CrossSiteDocumentBlockingForDifferentTargets \ 88 DISABLED_CrossSiteDocumentBlockingForDifferentTargets 89#else 90#define MAYBE_CrossSiteDocumentBlockingForDifferentTargets \ 91 CrossSiteDocumentBlockingForDifferentTargets 92#endif 93 94IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest, 95 MAYBE_CrossSiteDocumentBlockingForDifferentTargets) { 96 // This webpage loads a cross-site HTML page in different targets such as 97 // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one 98 // character string (' ') is returned instead, this tests that the renderer 99 // does not crash even when it receives a response body which is " ", whose 100 // length is different from what's described in "content-length" for such 101 // different targets. 102 GURL foo("http://foo.com/files/cross_site_document_request_target.html"); 103 NavigateToURL(shell(), foo); 104} 105 106} 107