webkit/database/database_util_unittest.cc - Issue 12212091: WebDatabase: check path traversal in origin_identifier

Side by Side Diff: webkit/database/database_util_unittest.cc

Issue 12212091: WebDatabase: check path traversal in origin_identifier (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: more testcases Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

	5 #include "base/string_piece.h"

5 #include "base/utf_string_conversions.h"	6 #include "base/utf_string_conversions.h"

6 #include "testing/gtest/include/gtest/gtest.h"	7 #include "testing/gtest/include/gtest/gtest.h"

7 #include "webkit/database/database_util.h"	8 #include "webkit/database/database_util.h"

8	9

9 using webkit_database::DatabaseUtil;	10 using webkit_database::DatabaseUtil;

10	11

11 static void TestVfsFilePath(bool expected_result,	12 static void TestVfsFilePath(bool expected_result,

12 const char* vfs_file_name,	13 const char* vfs_file_name,

13 const char* expected_origin_identifier = "",	14 const char* expected_origin_identifier = "",

14 const char* expected_database_name = "",	15 const char* expected_database_name = "",

15 const char* expected_sqlite_suffix = "") {	16 const char* expected_sqlite_suffix = "") {

16 string16 origin_identifier;	17 string16 origin_identifier;

17 string16 database_name;	18 string16 database_name;

18 string16 sqlite_suffix;	19 string16 sqlite_suffix;

19 EXPECT_EQ(expected_result,	20 EXPECT_EQ(expected_result,

20 DatabaseUtil::CrackVfsFileName(ASCIIToUTF16(vfs_file_name),	21 DatabaseUtil::CrackVfsFileName(ASCIIToUTF16(vfs_file_name),

21 &origin_identifier,	22 &origin_identifier,

22 &database_name,	23 &database_name,

23 &sqlite_suffix));	24 &sqlite_suffix));

24 EXPECT_EQ(ASCIIToUTF16(expected_origin_identifier), origin_identifier);	25 EXPECT_EQ(ASCIIToUTF16(expected_origin_identifier), origin_identifier);

25 EXPECT_EQ(ASCIIToUTF16(expected_database_name), database_name);	26 EXPECT_EQ(ASCIIToUTF16(expected_database_name), database_name);

26 EXPECT_EQ(ASCIIToUTF16(expected_sqlite_suffix), sqlite_suffix);	27 EXPECT_EQ(ASCIIToUTF16(expected_sqlite_suffix), sqlite_suffix);

27 }	28 }

28	29

29 static GURL ToAndFromOriginIdentifier(const GURL origin_url) {	30 static GURL ToAndFromOriginIdentifier(const GURL origin_url) {

30 string16 id = DatabaseUtil::GetOriginIdentifier(origin_url);	31 string16 id = DatabaseUtil::GetOriginIdentifier(origin_url);

31 return DatabaseUtil::GetOriginFromIdentifier(id);	32 return DatabaseUtil::GetOriginFromIdentifier(id);

32 }	33 }

33	34

	35 static void TestValidOriginIdentifier(bool expected_result,

	36 const base::StringPiece id) {

	37 EXPECT_EQ(expected_result,

	38 DatabaseUtil::IsValidOriginIdentifier(ASCIIToUTF16(id)));

	39 }

	40

34 namespace webkit_database {	41 namespace webkit_database {

35	42

36 // Test DatabaseUtil::CrackVfsFilePath on various inputs.	43 // Test DatabaseUtil::CrackVfsFilePath on various inputs.

37 TEST(DatabaseUtilTest, CrackVfsFilePathTest) {	44 TEST(DatabaseUtilTest, CrackVfsFilePathTest) {

38 TestVfsFilePath(true, "origin/#", "origin", "", "");	45 TestVfsFilePath(true, "origin/#", "origin", "", "");

39 TestVfsFilePath(true, "origin/#suffix", "origin", "", "suffix");	46 TestVfsFilePath(true, "origin/#suffix", "origin", "", "suffix");

40 TestVfsFilePath(true, "origin/db_name#", "origin", "db_name", "");	47 TestVfsFilePath(true, "origin/db_name#", "origin", "db_name", "");

41 TestVfsFilePath(true, "origin/db_name#suffix", "origin", "db_name", "suffix");	48 TestVfsFilePath(true, "origin/db_name#suffix", "origin", "db_name", "suffix");

42 TestVfsFilePath(false, "origindb_name#");	49 TestVfsFilePath(false, "origindb_name#");

43 TestVfsFilePath(false, "origindb_name#suffix");	50 TestVfsFilePath(false, "origindb_name#suffix");

44 TestVfsFilePath(false, "origin/db_name");	51 TestVfsFilePath(false, "origin/db_name");

45 TestVfsFilePath(false, "origin#db_name/suffix");	52 TestVfsFilePath(false, "origin#db_name/suffix");

46 TestVfsFilePath(false, "/db_name#");	53 TestVfsFilePath(false, "/db_name#");

47 TestVfsFilePath(false, "/db_name#suffix");	54 TestVfsFilePath(false, "/db_name#suffix");

48 }	55 }

49	56

50 TEST(DatabaseUtilTest, OriginIdentifiers) {	57 TEST(DatabaseUtilTest, OriginIdentifiers) {

51 const GURL kFileOrigin(GURL("file:///").GetOrigin());	58 const GURL kFileOrigin(GURL("file:///").GetOrigin());

52 const GURL kHttpOrigin(GURL("http://bar/").GetOrigin());	59 const GURL kHttpOrigin(GURL("http://bar/").GetOrigin());

53 EXPECT_EQ(kFileOrigin, ToAndFromOriginIdentifier(kFileOrigin));	60 EXPECT_EQ(kFileOrigin, ToAndFromOriginIdentifier(kFileOrigin));

54 EXPECT_EQ(kHttpOrigin, ToAndFromOriginIdentifier(kHttpOrigin));	61 EXPECT_EQ(kHttpOrigin, ToAndFromOriginIdentifier(kHttpOrigin));

55 }	62 }

56	63

	64 TEST(DatabaseUtilTest, IsValidOriginIdentifier) {

	65 TestValidOriginIdentifier(true, "http_bar_0");

	66 TestValidOriginIdentifier(true, "");

	67 TestValidOriginIdentifier(false, "bad..id");

	68 TestValidOriginIdentifier(false, "bad/id");

	69 TestValidOriginIdentifier(false, "bad\\id");

	70 TestValidOriginIdentifier(false, base::StringPiece("bad\0id", 6));

	71 }

	72

57 } // namespace webkit_database	73 } // namespace webkit_database

OLD	NEW

« no previous file with comments | « webkit/database/database_util.cc ('k') | no next file » | no next file with comments »