blob: fee161b82b454012b5c67b264a67a27afacbeb5b [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stddef.h>
#include <stdint.h>
#include "base/logging.h"
#include "base/macros.h"
#include "testing/base/public/gunit.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace {
void ExpectParsedUrlsEqual(const GURL& a, const GURL& b) {
EXPECT_EQ(a, b);
const url::Parsed& a_parsed = a.parsed_for_possibly_invalid_spec();
const url::Parsed& b_parsed = b.parsed_for_possibly_invalid_spec();
EXPECT_EQ(a_parsed.scheme.begin, b_parsed.scheme.begin);
EXPECT_EQ(a_parsed.scheme.len, b_parsed.scheme.len);
EXPECT_EQ(a_parsed.username.begin, b_parsed.username.begin);
EXPECT_EQ(a_parsed.username.len, b_parsed.username.len);
EXPECT_EQ(a_parsed.password.begin, b_parsed.password.begin);
EXPECT_EQ(a_parsed.password.len, b_parsed.password.len);
EXPECT_EQ(a_parsed.host.begin, b_parsed.host.begin);
EXPECT_EQ(a_parsed.host.len, b_parsed.host.len);
EXPECT_EQ(a_parsed.port.begin, b_parsed.port.begin);
EXPECT_EQ(a_parsed.port.len, b_parsed.port.len);
EXPECT_EQ(a_parsed.path.begin, b_parsed.path.begin);
EXPECT_EQ(a_parsed.path.len, b_parsed.path.len);
EXPECT_EQ(a_parsed.query.begin, b_parsed.query.begin);
EXPECT_EQ(a_parsed.query.len, b_parsed.query.len);
EXPECT_EQ(a_parsed.ref.begin, b_parsed.ref.begin);
EXPECT_EQ(a_parsed.ref.len, b_parsed.ref.len);
}
TEST(OriginTest, UniqueOriginComparison) {
url::Origin unique_origin;
EXPECT_EQ("", unique_origin.scheme());
EXPECT_EQ("", unique_origin.host());
EXPECT_EQ(0, unique_origin.port());
EXPECT_TRUE(unique_origin.unique());
EXPECT_FALSE(unique_origin.IsSameOriginWith(unique_origin));
const char* const urls[] = {"data:text/html,Hello!",
"javascript:alert(1)",
"file://example.com:443/etc/passwd",
"yay",
"http::///invalid.example.com/"};
for (auto* test_url : urls) {
SCOPED_TRACE(test_url);
GURL url(test_url);
url::Origin origin(url);
EXPECT_EQ("", origin.scheme());
EXPECT_EQ("", origin.host());
EXPECT_EQ(0, origin.port());
EXPECT_TRUE(origin.unique());
EXPECT_FALSE(origin.IsSameOriginWith(origin));
EXPECT_FALSE(unique_origin.IsSameOriginWith(origin));
EXPECT_FALSE(origin.IsSameOriginWith(unique_origin));
ExpectParsedUrlsEqual(GURL(origin.Serialize()), origin.GetURL());
}
}
TEST(OriginTest, ConstructFromTuple) {
struct TestCases {
const char* const scheme;
const char* const host;
const uint16_t port;
const char* const suborigin;
} cases[] = {
{"http", "example.com", 80, ""},
{"http", "example.com", 123, ""},
{"https", "example.com", 443, ""},
{"http-so", "foobar.example.com", 80, "foobar"},
{"http-so", "foobar.example.com", 123, "foobar"},
{"https-so", "foobar.example.com", 443, "foobar"},
};
for (const auto& test_case : cases) {
testing::Message scope_message;
if (test_case.suborigin != std::string()) {
scope_message << test_case.scheme << "-so://" << test_case.suborigin
<< "." << test_case.host << ":" << test_case.port;
} else {
scope_message << test_case.scheme << "://" << test_case.host << ":"
<< test_case.port;
}
SCOPED_TRACE(scope_message);
url::Origin origin_without_suborigin =
url::Origin::CreateFromNormalizedTuple(test_case.scheme, test_case.host,
test_case.port);
url::Origin origin_with_suborigin =
url::Origin::CreateFromNormalizedTupleWithSuborigin(
test_case.scheme, test_case.host, test_case.port,
test_case.suborigin);
EXPECT_EQ(test_case.scheme, origin_without_suborigin.scheme());
EXPECT_EQ(test_case.host, origin_without_suborigin.host());
EXPECT_EQ(test_case.port, origin_without_suborigin.port());
EXPECT_EQ(test_case.scheme, origin_with_suborigin.scheme());
EXPECT_EQ(test_case.host, origin_with_suborigin.host());
EXPECT_EQ(test_case.port, origin_with_suborigin.port());
EXPECT_EQ(test_case.suborigin, origin_with_suborigin.suborigin());
}
}
TEST(OriginTest, ConstructFromGURL) {
url::Origin different_origin(GURL("https://not-in-the-list.test/"));
struct TestCases {
const char* const url;
const char* const expected_scheme;
const char* const expected_host;
const uint16_t expected_port;
} cases[] = {
// IP Addresses
{"http://192.168.9.1/", "http", "192.168.9.1", 80},
{"http://[2001:db8::1]/", "http", "[2001:db8::1]", 80},
// Punycode
{"http://☃.net/", "http", "xn--n3h.net", 80},
{"blob:http://☃.net/", "http", "xn--n3h.net", 80},
// Generic URLs
{"http://example.com/", "http", "example.com", 80},
{"http://example.com:123/", "http", "example.com", 123},
{"https://example.com/", "https", "example.com", 443},
{"https://example.com:123/", "https", "example.com", 123},
{"http://user:pass@example.com/", "http", "example.com", 80},
{"http://example.com:123/?query", "http", "example.com", 123},
{"https://example.com/#1234", "https", "example.com", 443},
{"https://u:p@example.com:123/?query#1234", "https", "example.com", 123},
// Registered URLs
{"ftp://example.com/", "ftp", "example.com", 21},
{"gopher://example.com/", "gopher", "example.com", 70},
{"ws://example.com/", "ws", "example.com", 80},
{"wss://example.com/", "wss", "example.com", 443},
// file: URLs
{"file:///etc/passwd", "file", "", 0},
{"file://example.com/etc/passwd", "file", "example.com", 0},
// Filesystem:
{"filesystem:http://example.com/type/", "http", "example.com", 80},
{"filesystem:http://example.com:123/type/", "http", "example.com", 123},
{"filesystem:https://example.com/type/", "https", "example.com", 443},
{"filesystem:https://example.com:123/type/", "https", "example.com", 123},
// Blob:
{"blob:http://example.com/guid-goes-here", "http", "example.com", 80},
{"blob:http://example.com:123/guid-goes-here", "http", "example.com", 123},
{"blob:https://example.com/guid-goes-here", "https", "example.com", 443},
{"blob:http://u:p@example.com/guid-goes-here", "http", "example.com", 80},
};
for (const auto& test_case : cases) {
SCOPED_TRACE(test_case.url);
GURL url(test_case.url);
EXPECT_TRUE(url.is_valid());
url::Origin origin(url);
EXPECT_EQ(test_case.expected_scheme, origin.scheme());
EXPECT_EQ(test_case.expected_host, origin.host());
EXPECT_EQ(test_case.expected_port, origin.port());
EXPECT_FALSE(origin.unique());
EXPECT_TRUE(origin.IsSameOriginWith(origin));
EXPECT_FALSE(different_origin.IsSameOriginWith(origin));
EXPECT_FALSE(origin.IsSameOriginWith(different_origin));
ExpectParsedUrlsEqual(GURL(origin.Serialize()), origin.GetURL());
}
}
TEST(OriginTest, Serialization) {
struct TestCases {
const char* const url;
const char* const expected;
} cases[] = {
{"http://192.168.9.1/", "http://192.168.9.1"},
{"http://[2001:db8::1]/", "http://[2001:db8::1]"},
{"http://☃.net/", "http://xn--n3h.net"},
{"http://example.com/", "http://example.com"},
{"http://example.com:123/", "http://example.com:123"},
{"https://example.com/", "https://example.com"},
{"https://example.com:123/", "https://example.com:123"},
{"file:///etc/passwd", "file://"},
{"file://example.com/etc/passwd", "file://"},
};
for (const auto& test_case : cases) {
SCOPED_TRACE(test_case.url);
GURL url(test_case.url);
EXPECT_TRUE(url.is_valid());
url::Origin origin(url);
EXPECT_TRUE(origin.suborigin().empty());
std::string serialized = origin.Serialize();
std::string serialized_physical_origin =
origin.GetPhysicalOrigin().Serialize();
ExpectParsedUrlsEqual(GURL(serialized), origin.GetURL());
EXPECT_EQ(test_case.expected, serialized);
EXPECT_EQ(test_case.expected, serialized_physical_origin);
// The '<<' operator should produce the same serialization as Serialize().
std::stringstream out;
out << origin;
EXPECT_EQ(test_case.expected, out.str());
}
}
TEST(OriginTest, SuboriginSerialization) {
struct TestCases {
const char* const url;
const char* const expected;
const char* const expected_physical_origin;
const char* const expected_suborigin;
} cases[] = {
{"http-so://foobar.example.com/", "http-so://foobar.example.com",
"http://example.com", "foobar"},
{"http-so://foobar.example.com:123/", "http-so://foobar.example.com:123",
"http://example.com:123", "foobar"},
{"https-so://foobar.example.com/", "https-so://foobar.example.com",
"https://example.com", "foobar"},
{"https-so://foobar.example.com:123/",
"https-so://foobar.example.com:123", "https://example.com:123",
"foobar"},
{"http://example.com/", "http://example.com", "http://example.com", ""},
{"http-so://foobar.example.com/some/path", "http-so://foobar.example.com",
"http://example.com", "foobar"},
{"http-so://foobar.example.com/some/path?query",
"http-so://foobar.example.com", "http://example.com", "foobar"},
{"http-so://foobar.example.com/some/path#fragment",
"http-so://foobar.example.com", "http://example.com", "foobar"},
{"http-so://foobar.example.com/some/path?query#fragment",
"http-so://foobar.example.com", "http://example.com", "foobar"},
{"http-so://foobar.example.com:1234/some/path?query#fragment",
"http-so://foobar.example.com:1234", "http://example.com:1234",
"foobar"},
};
for (const auto& test_case : cases) {
SCOPED_TRACE(test_case.url);
GURL url(test_case.url);
EXPECT_TRUE(url.is_valid());
url::Origin origin(url);
std::string serialized = origin.Serialize();
std::string serialized_physical_origin =
origin.GetPhysicalOrigin().Serialize();
EXPECT_FALSE(origin.unique());
EXPECT_EQ(test_case.expected_suborigin, origin.suborigin());
ExpectParsedUrlsEqual(GURL(serialized), origin.GetURL());
EXPECT_EQ(test_case.expected, serialized);
EXPECT_EQ(test_case.expected_physical_origin, serialized_physical_origin);
// The '<<' operator should produce the same serialization as Serialize().
std::stringstream out;
out << origin;
EXPECT_EQ(test_case.expected, out.str());
}
const char* const failure_cases[] = {
"http-so://.", "http-so://foo", "http-so://.foo", "http-so://foo.",
"https-so://.", "https-so://foo", "https-so://.foo", "https-so://foo.",
};
for (const auto& test_case : failure_cases) {
SCOPED_TRACE(test_case);
GURL url(test_case);
EXPECT_TRUE(url.is_valid());
url::Origin origin(url);
std::string serialized = origin.Serialize();
std::string serialized_physical_origin =
origin.GetPhysicalOrigin().Serialize();
EXPECT_TRUE(origin.unique());
EXPECT_EQ("", origin.suborigin());
ExpectParsedUrlsEqual(GURL(serialized), origin.GetURL());
EXPECT_EQ("null", serialized);
EXPECT_EQ("null", serialized_physical_origin);
}
}
TEST(OriginTest, SuboriginIsSameOriginWith) {
struct TestCases {
const char* const url1;
const char* const url2;
bool is_same_origin;
bool is_same_physical_origin;
} cases[]{
{"http-so://foobar1.example.com/", "http-so://foobar1.example.com", true,
true},
{"http-so://foobar2.example.com/", "https-so://foobar2.example.com",
false, false},
{"http-so://foobar3.example.com/", "http://example.com", false, true},
{"https-so://foobar4.example.com/", "https-so://foobar4.example.com",
true, true},
{"https-so://foobar5.example.com/", "https://example.com", false, true},
{"http-so://foobar6.example.com/", "http-so://bazbar.example.com", false,
true},
{"http-so://foobar7.example.com/", "http-so://foobar7.google.com", false,
false},
};
for (const auto& test_case : cases) {
SCOPED_TRACE(test_case.url1);
url::Origin origin1(GURL(test_case.url1));
url::Origin origin2(GURL(test_case.url2));
EXPECT_TRUE(origin1.IsSameOriginWith(origin1));
EXPECT_TRUE(origin2.IsSameOriginWith(origin2));
EXPECT_EQ(test_case.is_same_origin, origin1.IsSameOriginWith(origin2));
EXPECT_EQ(test_case.is_same_origin, origin2.IsSameOriginWith(origin1));
EXPECT_TRUE(origin1.IsSamePhysicalOriginWith(origin1));
EXPECT_TRUE(origin2.IsSamePhysicalOriginWith(origin2));
EXPECT_EQ(test_case.is_same_physical_origin,
origin1.IsSamePhysicalOriginWith(origin2));
EXPECT_EQ(test_case.is_same_physical_origin,
origin2.IsSamePhysicalOriginWith(origin1));
}
}
TEST(OriginTest, Comparison) {
// These URLs are arranged in increasing order:
const char* const urls[] = {
"data:uniqueness",
"http://a:80",
"http://b:80",
"https://a:80",
"https://b:80",
"http://a:81",
"http://b:81",
"https://a:81",
"https://b:81",
};
for (size_t i = 0; i < arraysize(urls); i++) {
GURL current_url(urls[i]);
url::Origin current(current_url);
for (size_t j = i; j < arraysize(urls); j++) {
GURL compare_url(urls[j]);
url::Origin to_compare(compare_url);
EXPECT_EQ(i < j, current < to_compare) << i << " < " << j;
EXPECT_EQ(j < i, to_compare < current) << j << " < " << i;
}
}
}
TEST(OriginTest, UnsafelyCreate) {
struct TestCase {
const char* scheme;
const char* host;
uint16_t port;
} cases[] = {
{"http", "example.com", 80},
{"http", "example.com", 123},
{"https", "example.com", 443},
{"https", "example.com", 123},
{"file", "", 0},
{"file", "example.com", 0},
};
for (const auto& test : cases) {
SCOPED_TRACE(testing::Message() << test.scheme << "://" << test.host << ":"
<< test.port);
url::Origin origin = url::Origin::UnsafelyCreateOriginWithoutNormalization(
test.scheme, test.host, test.port);
EXPECT_EQ(test.scheme, origin.scheme());
EXPECT_EQ(test.host, origin.host());
EXPECT_EQ(test.port, origin.port());
EXPECT_FALSE(origin.unique());
EXPECT_TRUE(origin.IsSameOriginWith(origin));
ExpectParsedUrlsEqual(GURL(origin.Serialize()), origin.GetURL());
}
}
TEST(OriginTest, UnsafelyCreateUniqueOnInvalidInput) {
struct TestCases {
const char* scheme;
const char* host;
uint16_t port;
} cases[] = {{"", "", 0},
{"data", "", 0},
{"blob", "", 0},
{"filesystem", "", 0},
{"data", "example.com", 80},
{"http", "☃.net", 80},
{"http\nmore", "example.com", 80},
{"http\rmore", "example.com", 80},
{"http\n", "example.com", 80},
{"http\r", "example.com", 80},
{"http", "example.com\nnot-example.com", 80},
{"http", "example.com\rnot-example.com", 80},
{"http", "example.com\n", 80},
{"http", "example.com\r", 80},
{"http", "example.com", 0},
{"file", "", 80}};
for (const auto& test : cases) {
SCOPED_TRACE(testing::Message() << test.scheme << "://" << test.host << ":"
<< test.port);
url::Origin origin = url::Origin::UnsafelyCreateOriginWithoutNormalization(
test.scheme, test.host, test.port);
EXPECT_EQ("", origin.scheme());
EXPECT_EQ("", origin.host());
EXPECT_EQ(0, origin.port());
EXPECT_TRUE(origin.unique());
EXPECT_FALSE(origin.IsSameOriginWith(origin));
ExpectParsedUrlsEqual(GURL(origin.Serialize()), origin.GetURL());
}
}
TEST(OriginTest, UnsafelyCreateUniqueViaEmbeddedNulls) {
struct TestCases {
const char* scheme;
size_t scheme_length;
const char* host;
size_t host_length;
uint16_t port;
} cases[] = {{"http\0more", 9, "example.com", 11, 80},
{"http\0", 5, "example.com", 11, 80},
{"\0http", 5, "example.com", 11, 80},
{"http", 4, "example.com\0not-example.com", 27, 80},
{"http", 4, "example.com\0", 12, 80},
{"http", 4, "\0example.com", 12, 80}};
for (const auto& test : cases) {
SCOPED_TRACE(testing::Message() << test.scheme << "://" << test.host << ":"
<< test.port);
url::Origin origin = url::Origin::UnsafelyCreateOriginWithoutNormalization(
std::string(test.scheme, test.scheme_length),
std::string(test.host, test.host_length), test.port);
EXPECT_EQ("", origin.scheme());
EXPECT_EQ("", origin.host());
EXPECT_EQ(0, origin.port());
EXPECT_TRUE(origin.unique());
EXPECT_FALSE(origin.IsSameOriginWith(origin));
ExpectParsedUrlsEqual(GURL(origin.Serialize()), origin.GetURL());
}
}
TEST(OriginTest, DomainIs) {
const struct {
const char* url;
const char* lower_ascii_domain;
bool expected_domain_is;
} kTestCases[] = {
{"http://google.com/foo", "google.com", true},
{"http://www.google.com:99/foo", "google.com", true},
{"http://www.google.com.cn/foo", "google.com", false},
{"http://www.google.comm", "google.com", false},
{"http://www.iamnotgoogle.com/foo", "google.com", false},
{"http://www.google.com/foo", "Google.com", false},
// If the host ends with a dot, it matches domains with or without a dot.
{"http://www.google.com./foo", "google.com", true},
{"http://www.google.com./foo", "google.com.", true},
{"http://www.google.com./foo", ".com", true},
{"http://www.google.com./foo", ".com.", true},
// But, if the host doesn't end with a dot and the input domain does, then
// it's considered to not match.
{"http://google.com/foo", "google.com.", false},
// If the host ends with two dots, it doesn't match.
{"http://www.google.com../foo", "google.com", false},
// Filesystem scheme.
{"filesystem:http://www.google.com:99/foo/", "google.com", true},
{"filesystem:http://www.iamnotgoogle.com/foo/", "google.com", false},
// File scheme.
{"file:///home/user/text.txt", "", false},
{"file:///home/user/text.txt", "txt", false},
};
for (const auto& test_case : kTestCases) {
SCOPED_TRACE(testing::Message() << "(url, domain): (" << test_case.url
<< ", " << test_case.lower_ascii_domain
<< ")");
GURL url(test_case.url);
ASSERT_TRUE(url.is_valid());
url::Origin origin(url);
EXPECT_EQ(test_case.expected_domain_is,
origin.DomainIs(test_case.lower_ascii_domain));
}
// If the URL is invalid, DomainIs returns false.
GURL invalid_url("google.com");
ASSERT_FALSE(invalid_url.is_valid());
EXPECT_FALSE(url::Origin(invalid_url).DomainIs("google.com"));
// Unique origins.
EXPECT_FALSE(url::Origin().DomainIs(""));
EXPECT_FALSE(url::Origin().DomainIs("com"));
}
} // namespace url