1 // Copyright 2010 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include "net/http/url_security_manager.h"
11
12 #include <utility>
13
14 #include "net/base/net_errors.h"
15 #include "net/http/http_auth_filter.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17 #include "url/gurl.h"
18 #include "url/scheme_host_port.h"
19
20 namespace net {
21
22 namespace {
23
24 struct TestData {
25 const char* const scheme_host_port;
26 bool succeds_in_windows_default;
27 bool succeeds_in_allowlist;
28 };
29
30 const char kTestAuthAllowlist[] = "*example.com,*foobar.com,baz";
31
32 // Under Windows the following will be allowed by default:
33 // localhost
34 // host names without a period.
35 // In Posix systems (or on Windows if an allowlist is specified explicitly),
36 // everything depends on the allowlist.
37 const TestData kTestDataList[] = {
38 { "http://localhost", true, false },
39 { "http://bat", true, false },
40 { "http://www.example.com", false, true },
41 { "http://example.com", false, true },
42 { "http://foobar.com", false, true },
43 { "http://boo.foobar.com", false, true },
44 { "http://baz", true, true },
45 { "http://www.exampl.com", false, false },
46 { "http://example.org", false, false },
47 { "http://foobar.net", false, false },
48 { "http://boo.fubar.com", false, false },
49 };
50
51 } // namespace
52
TEST(URLSecurityManager,UseDefaultCredentials)53 TEST(URLSecurityManager, UseDefaultCredentials) {
54 auto auth_filter =
55 std::make_unique<HttpAuthFilterAllowlist>(kTestAuthAllowlist);
56 ASSERT_TRUE(auth_filter);
57 // The URL security manager takes ownership of |auth_filter|.
58 std::unique_ptr<URLSecurityManager> url_security_manager(
59 URLSecurityManager::Create());
60 url_security_manager->SetDefaultAllowlist(std::move(auth_filter));
61 ASSERT_TRUE(url_security_manager.get());
62
63 for (size_t i = 0; i < std::size(kTestDataList); ++i) {
64 url::SchemeHostPort scheme_host_port(
65 GURL(kTestDataList[i].scheme_host_port));
66 bool can_use_default =
67 url_security_manager->CanUseDefaultCredentials(scheme_host_port);
68
69 EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_use_default)
70 << " Run: " << i << " scheme_host_port: '"
71 << scheme_host_port.Serialize() << "'";
72 }
73 }
74
TEST(URLSecurityManager,CanDelegate)75 TEST(URLSecurityManager, CanDelegate) {
76 auto auth_filter =
77 std::make_unique<HttpAuthFilterAllowlist>(kTestAuthAllowlist);
78 ASSERT_TRUE(auth_filter);
79 // The URL security manager takes ownership of |auth_filter|.
80 std::unique_ptr<URLSecurityManager> url_security_manager(
81 URLSecurityManager::Create());
82 url_security_manager->SetDelegateAllowlist(std::move(auth_filter));
83 ASSERT_TRUE(url_security_manager.get());
84
85 for (size_t i = 0; i < std::size(kTestDataList); ++i) {
86 url::SchemeHostPort scheme_host_port(
87 GURL(kTestDataList[i].scheme_host_port));
88 bool can_delegate = url_security_manager->CanDelegate(scheme_host_port);
89 EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_delegate)
90 << " Run: " << i << " scheme_host_port: '"
91 << scheme_host_port.Serialize() << "'";
92 }
93 }
94
TEST(URLSecurityManager,CanDelegate_NoAllowlist)95 TEST(URLSecurityManager, CanDelegate_NoAllowlist) {
96 // Nothing can delegate in this case.
97 std::unique_ptr<URLSecurityManager> url_security_manager(
98 URLSecurityManager::Create());
99 ASSERT_TRUE(url_security_manager.get());
100
101 for (const auto& test : kTestDataList) {
102 url::SchemeHostPort scheme_host_port(GURL(test.scheme_host_port));
103 bool can_delegate = url_security_manager->CanDelegate(scheme_host_port);
104 EXPECT_FALSE(can_delegate);
105 }
106 }
107
108 } // namespace net
109