Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-08 06:55:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

More chrome URL hardenning and tests.

Browse source
This commit is contained in:
Simon Sapin 2016-04-23 18:04:40 +02:00
parent 374679852c
commit e662605138
2 changed files with 41 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

64
tests/unit/net/chrome_loader.rs
View file

@ -5,48 +5,40 @@
use net::chrome_loader::resolve_chrome_url;
use url::Url;
#[test]
fn test_relative() {
let url = Url::parse("chrome://resources/../something").unwrap();
assert!(resolve_chrome_url(&url).is_err());
fn c(s: &str) -> Result<Url, ()> {
resolve_chrome_url(&Url::parse(s).unwrap())
}
#[test]
fn test_relative_2() {
let url = Url::parse("chrome://resources/subdir/../something").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
fn test_resolve_chrome_url() {
assert_eq!(c("chrome://resources/nonexistent.jpg"), Err(()));
assert_eq!(c("chrome://not-resources/badcert.jpg"), Err(()));
assert_eq!(c("chrome://resources/badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/subdir/../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/subdir/../../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/../README.md"), Err(()));
assert_eq!(c("chrome://resources/%2e%2e/README.md"), Err(()));
#[test]
#[cfg(not(target_os = "windows"))]
fn test_absolute() {
let url = Url::parse("chrome://resources/etc/passwd").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
assert_eq!(c("chrome://resources/etc/passwd"), Err(()));
assert_eq!(c("chrome://resources//etc/passwd"), Err(()));
assert_eq!(c("chrome://resources/%2Fetc%2Fpasswd"), Err(()));
#[test]
#[cfg(target_os = "windows")]
fn test_absolute_2() {
let url = Url::parse("chrome://resources/C:\\Windows").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
assert_eq!(c("chrome://resources/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources/C:\\Windows\\notepad.exe"), Err(()));
#[test]
#[cfg(target_os = "windows")]
fn test_absolute_3() {
let url = Url::parse("chrome://resources/\\\\server/C$").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
assert_eq!(c("chrome://resources/localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources//localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources///localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources/\\\\localhost\\C:\\Windows\\notepad.exe"), Err(()));
#[test]
fn test_valid() {
let url = Url::parse("chrome://resources/badcert.jpg").unwrap();
let resolved = resolve_chrome_url(&url).unwrap();
assert_eq!(resolved.scheme(), "file");
}
assert_eq!(c("chrome://resources/%3F/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources//%3F/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources///%3F/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources/\\\\%3F\\C:\\Windows\\notepad.exe"), Err(()));
#[test]
fn test_incorrect_host() {
let url = Url::parse("chrome://not-resources/badcert.jpg").unwrap();
assert!(resolve_chrome_url(&url).is_err());
assert_eq!(c("chrome://resources/%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources//%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources///%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
assert_eq!(c("chrome://resources/\\\\%3F\\UNC\\localhost\\C:\\Windows\\notepad.exe"), Err(()));
}