mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Run subset of CSP tests by default. (#36402)
This will establish a baseline for the changes from #36363. Testing: New tests in CI. Fixes: Part of #4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
parent
95eedb997a
commit
ce4ca9ee98
48 changed files with 333 additions and 0 deletions
8
tests/wpt/include.ini
vendored
8
tests/wpt/include.ini
vendored
|
@ -12,6 +12,14 @@ skip: true
|
|||
[samesite]
|
||||
skip: true
|
||||
[content-security-policy]
|
||||
[child-src]
|
||||
skip: false
|
||||
[connect-src]
|
||||
skip: false
|
||||
[default-src]
|
||||
skip: false
|
||||
[securitypolicyviolation]
|
||||
skip: false
|
||||
[unsafe-eval]
|
||||
skip: false
|
||||
[wasm-unsafe-eval]
|
||||
|
|
3
tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[child-src-blocked.sub.html]
|
||||
[Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[child-src-conflicting-frame-src.sub.html]
|
||||
[Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
|
||||
expected: FAIL
|
3
tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[child-src-cross-origin-load.sub.html]
|
||||
[Two of the three iframe are expected to load.]
|
||||
expected: FAIL
|
3
tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[child-src-redirect-blocked.sub.html]
|
||||
[Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
|
||||
expected: FAIL
|
7
tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
vendored
Normal file
7
tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
[child-src-worker-blocked.sub.html]
|
||||
expected: ERROR
|
||||
[Should throw a securitypolicyviolation event]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Should block worker because it does not match any directive including the deprecated 'child-src']
|
||||
expected: TIMEOUT
|
3
tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[connect-src-beacon-allowed.sub.html]
|
||||
[Expecting logs: ["Pass"\]]
|
||||
expected: NOTRUN
|
3
tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[connect-src-beacon-blocked.sub.html]
|
||||
[Expecting logs: ["Pass", "violated-directive=connect-src"\]]
|
||||
expected: NOTRUN
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-beacon-redirect-to-blocked.sub.html]
|
||||
[Expecting logs: ["violated-directive=connect-src"\]]
|
||||
expected: NOTRUN
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-eventsource-blocked.sub.html]
|
||||
[Expecting logs: ["blocked","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-eventsource-redirect-to-blocked.sub.html]
|
||||
[Expecting logs: ["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE", "violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,2 @@
|
|||
[connect-src-json-import-allowed.sub.html]
|
||||
expected: ERROR
|
|
@ -0,0 +1,2 @@
|
|||
[connect-src-json-import-blocked.sub.html]
|
||||
expected: ERROR
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-syncxmlhttprequest-blocked.sub.html]
|
||||
[Expecting logs: ["Pass","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html]
|
||||
[Expecting logs: ["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-websocket-blocked.sub.html]
|
||||
[Expecting logs: ["blocked","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-xmlhttprequest-blocked.sub.html]
|
||||
[Expecting logs: ["Pass","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[connect-src-xmlhttprequest-redirect-to-blocked.sub.html]
|
||||
[Expecting logs: ["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,4 @@
|
|||
[shared-worker-connect-src-allowed.sub.html]
|
||||
expected: ERROR
|
||||
[Expecting logs: ["xhr allowed","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
|
@ -0,0 +1,3 @@
|
|||
[shared-worker-connect-src-blocked.sub.html]
|
||||
[Expecting logs: ["xhr blocked","TEST COMPLETE"\]]
|
||||
expected: NOTRUN
|
3
tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[worker-connect-src-blocked.sub.html]
|
||||
[Expecting logs: ["xhr blocked","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
3
tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[worker-from-guid.sub.html]
|
||||
[Expecting logs: ["violated-directive=connect-src","xhr blocked","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
3
tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[default-src-inline-blocked.sub.html]
|
||||
[Expecting logs: ["violated-directive=script-src-elem","violated-directive=script-src-elem"\]]
|
||||
expected: FAIL
|
9
tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini
vendored
Normal file
9
tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
[default-src-sri_hash.sub.html]
|
||||
[multiple matching integrity]
|
||||
expected: FAIL
|
||||
|
||||
[partially matching integrity]
|
||||
expected: FAIL
|
||||
|
||||
[External script in a script tag with matching SRI hash should run.]
|
||||
expected: FAIL
|
|
@ -0,0 +1,4 @@
|
|||
[default-src-strict_dynamic_and_unsafe_inline.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire a security policy violation for the inline block]
|
||||
expected: NOTRUN
|
4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini
vendored
Normal file
4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
[blockeduri-eval.html]
|
||||
expected: TIMEOUT
|
||||
[Eval violations have a blockedURI of 'eval']
|
||||
expected: TIMEOUT
|
4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini
vendored
Normal file
4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
[blockeduri-inline.html]
|
||||
expected: TIMEOUT
|
||||
[Inline violations have a blockedURI of 'inline']
|
||||
expected: TIMEOUT
|
13
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
vendored
Normal file
13
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
[blockeduri-ws-wss-scheme.html]
|
||||
expected: TIMEOUT
|
||||
[ws]
|
||||
expected: FAIL
|
||||
|
||||
[wss]
|
||||
expected: FAIL
|
||||
|
||||
[cross-origin]
|
||||
expected: FAIL
|
||||
|
||||
[redirect]
|
||||
expected: TIMEOUT
|
54
tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini
vendored
Normal file
54
tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini
vendored
Normal file
|
@ -0,0 +1,54 @@
|
|||
[idlharness.window.html]
|
||||
[CSPViolationReportBody interface: existence and properties of interface object]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface object length]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface object name]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: existence and properties of interface prototype object]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: operation toJSON()]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute documentURL]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute referrer]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute blockedURL]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute effectiveDirective]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute originalPolicy]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute sourceFile]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute sample]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute disposition]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute statusCode]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute lineNumber]
|
||||
expected: FAIL
|
||||
|
||||
[CSPViolationReportBody interface: attribute columnNumber]
|
||||
expected: FAIL
|
|
@ -0,0 +1,4 @@
|
|||
[img-src-redirect-upgrade-reporting.https.html]
|
||||
expected: TIMEOUT
|
||||
[Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests]
|
||||
expected: TIMEOUT
|
3
tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[img-src-redirect.sub.html]
|
||||
[The blocked URI in the security policy violation event should be the original URI before redirects.]
|
||||
expected: FAIL
|
|
@ -0,0 +1,7 @@
|
|||
[inside-dedicated-worker.html]
|
||||
expected: TIMEOUT
|
||||
[SecurityPolicyViolation event fired on global.]
|
||||
expected: FAIL
|
||||
|
||||
[SecurityPolicyViolation event fired on global with the correct blockedURI.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,2 @@
|
|||
[inside-service-worker.https.html]
|
||||
expected: TIMEOUT
|
2
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
vendored
Normal file
2
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
[inside-shared-worker.html]
|
||||
expected: ERROR
|
3
tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
[linenumber.tentative.html]
|
||||
[linenumber]
|
||||
expected: FAIL
|
13
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
vendored
Normal file
13
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
[script-sample-no-opt-in.html]
|
||||
expected: ERROR
|
||||
[Inline script should not have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Inline event handlers should not have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[JavaScript URLs in iframes should not have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[eval()-alikes should not have a sample.]
|
||||
expected: TIMEOUT
|
19
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
vendored
Normal file
19
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
[script-sample.html]
|
||||
expected: ERROR
|
||||
[Inline script should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Inline event handlers should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[JavaScript URLs in iframes should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[eval() should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[setInterval() should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[setTimeout() should have a sample.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[securitypolicyviolation-block-cross-origin-image.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[securitypolicyviolation-block-image-from-script.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[securitypolicyviolation-block-image.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected same-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[source-file-blob-scheme.html]
|
||||
expected: TIMEOUT
|
||||
[Violations from data:-URL scripts have a sourceFile of 'blob']
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,4 @@
|
|||
[source-file-data-scheme.html]
|
||||
expected: TIMEOUT
|
||||
[Violations from data:-URL scripts have a sourceFile of 'data']
|
||||
expected: TIMEOUT
|
51
tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini
vendored
Normal file
51
tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini
vendored
Normal file
|
@ -0,0 +1,51 @@
|
|||
[source-file.html]
|
||||
[Basic HTTPS URL]
|
||||
expected: FAIL
|
||||
|
||||
[Basic HTTP URL]
|
||||
expected: FAIL
|
||||
|
||||
[Basic WSS URL]
|
||||
expected: FAIL
|
||||
|
||||
[Basic WS URL]
|
||||
expected: FAIL
|
||||
|
||||
[Fragment]
|
||||
expected: FAIL
|
||||
|
||||
[Query]
|
||||
expected: FAIL
|
||||
|
||||
[Port]
|
||||
expected: FAIL
|
||||
|
||||
[User:password]
|
||||
expected: FAIL
|
||||
|
||||
[User]
|
||||
expected: FAIL
|
||||
|
||||
[Invalid URL]
|
||||
expected: FAIL
|
||||
|
||||
[file:]
|
||||
expected: FAIL
|
||||
|
||||
[Custom protocol]
|
||||
expected: FAIL
|
||||
|
||||
[about:blank]
|
||||
expected: FAIL
|
||||
|
||||
[about:custom]
|
||||
expected: FAIL
|
||||
|
||||
[data:]
|
||||
expected: FAIL
|
||||
|
||||
[blob:]
|
||||
expected: FAIL
|
||||
|
||||
[javascript:]
|
||||
expected: FAIL
|
|
@ -0,0 +1,7 @@
|
|||
[style-sample-no-opt-in.html]
|
||||
expected: TIMEOUT
|
||||
[Inline style blocks should not have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Inline style attributes should not have a sample.]
|
||||
expected: TIMEOUT
|
7
tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
vendored
Normal file
7
tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
[style-sample.html]
|
||||
expected: TIMEOUT
|
||||
[Inline style blocks should have a sample.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Inline style attributes should have a sample.]
|
||||
expected: TIMEOUT
|
16
tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
vendored
Normal file
16
tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
[targeting.html]
|
||||
expected: TIMEOUT
|
||||
[These tests should not fail.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Inline violations target the right element.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Correct targeting inside shadow tree (inline handler).]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Correct targeting inside shadow tree (style).]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.]
|
||||
expected: TIMEOUT
|
|
@ -0,0 +1,10 @@
|
|||
[upgrade-insecure-requests-reporting.https.html]
|
||||
expected: TIMEOUT
|
||||
[Upgraded image is reported]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Upgraded iframe is reported]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Navigated iframe is upgraded and reported]
|
||||
expected: TIMEOUT
|
Loading…
Add table
Add a link
Reference in a new issue