Home | History | Annotate | Download | only in child 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "base/command_line.h"
      6 #include "content/public/common/content_switches.h"
      7 #include "content/public/test/browser_test_utils.h"
      8 #include "content/test/content_browser_test.h"
      9 #include "content/test/content_browser_test_utils.h"
     10 
     11 namespace content {
     12 
     13 // These tests simulate exploited renderer processes, which can fetch arbitrary
     14 // resources from other websites, not constrained by the Same Origin Policy.  We
     15 // are trying to verify that the renderer cannot fetch any cross-site document
     16 // responses even when the Same Origin Policy is turned off inside the renderer.
     17 class SiteIsolationPolicyBrowserTest : public ContentBrowserTest {
     18  public:
     19   SiteIsolationPolicyBrowserTest() {}
     20   virtual ~SiteIsolationPolicyBrowserTest() {}
     21 
     22   virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
     23     ASSERT_TRUE(test_server()->Start());
     24     net::SpawnedTestServer https_server(
     25         net::SpawnedTestServer::TYPE_HTTPS,
     26         net::SpawnedTestServer::kLocalhost,
     27         base::FilePath(FILE_PATH_LITERAL("content/test/data")));
     28     ASSERT_TRUE(https_server.Start());
     29 
     30     // Add a host resolver rule to map all outgoing requests to the test server.
     31     // This allows us to use "real" hostnames in URLs, which we can use to
     32     // create arbitrary SiteInstances.
     33     command_line->AppendSwitchASCII(
     34         switches::kHostResolverRules,
     35         "MAP * " + test_server()->host_port_pair().ToString() +
     36             ",EXCLUDE localhost");
     37 
     38     // Since we assume exploited renderer process, it can bypass the same origin
     39     // policy at will. Simulate that by passing the disable-web-security flag.
     40     command_line->AppendSwitch(switches::kDisableWebSecurity);
     41 
     42     // We assume that we're using our cross-site document blocking logic which
     43     // is turned on even when the Same Origin Policy is turned off.
     44     command_line->AppendSwitch(switches::kBlockCrossSiteDocuments);
     45   }
     46 
     47  private:
     48   DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicyBrowserTest);
     49 };
     50 
     51 // TODO(dsjang): we cannot run these tests on Android since SetUpCommandLine()
     52 // is executed before the I/O thread is created on Android. After this bug
     53 // (crbug.com/278425) is resolved, we can enable this test case on Android.
     54 #if defined(OS_ANDROID)
     55 #define MAYBE_CrossSiteDocumentBlockingForMimeType \
     56   DISABLED_CrossSiteDocumentBlockingForMimeType
     57 #else
     58 #define MAYBE_CrossSiteDocumentBlockingForMimeType \
     59   CrossSiteDocumentBlockingForMimeType
     60 #endif
     61 
     62 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,
     63                        MAYBE_CrossSiteDocumentBlockingForMimeType) {
     64   // Load a page that issues illegal cross-site document requests to bar.com.
     65   // The page uses XHR to request HTML/XML/JSON documents from bar.com, and
     66   // inspects if any of them were successfully received. The XHR requests will
     67   // get a one character string ' ' for a blocked response. This test is only
     68   // possible since we run the browser without the same origin policy.
     69   GURL foo("http://foo.com/files/cross_site_document_request.html");
     70 
     71   content::DOMMessageQueue msg_queue;
     72 
     73   NavigateToURL(shell(), foo);
     74 
     75   std::string status;
     76   // The page will return 1 from the DOMAutomationController if it succeeds,
     77   // otherwise it will return 0.
     78   std::string expected_status("1");
     79   EXPECT_TRUE(msg_queue.WaitForMessage(&status));
     80   EXPECT_STREQ(status.c_str(), expected_status.c_str());
     81 }
     82 
     83 // TODO(dsjang): we cannot run these tests on Android since SetUpCommandLine()
     84 // is executed before the I/O thread is created on Android. After this bug
     85 // (crbug.com/278425) is resolved, we can enable this test case on Android.
     86 #if defined(OS_ANDROID)
     87 #define MAYBE_CrossSiteDocumentBlockingForDifferentTargets \
     88   DISABLED_CrossSiteDocumentBlockingForDifferentTargets
     89 #else
     90 #define MAYBE_CrossSiteDocumentBlockingForDifferentTargets \
     91   CrossSiteDocumentBlockingForDifferentTargets
     92 #endif
     93 
     94 IN_PROC_BROWSER_TEST_F(SiteIsolationPolicyBrowserTest,
     95                        MAYBE_CrossSiteDocumentBlockingForDifferentTargets) {
     96   // This webpage loads a cross-site HTML page in different targets such as
     97   // <img>,<link>,<embed>, etc. Since the requested document is blocked, and one
     98   // character string (' ') is returned instead, this tests that the renderer
     99   // does not crash even when it receives a response body which is " ", whose
    100   // length is different from what's described in "content-length" for such
    101   // different targets.
    102   GURL foo("http://foo.com/files/cross_site_document_request_target.html");
    103   NavigateToURL(shell(), foo);
    104 }
    105 
    106 }
    107