Test the top-level CspContext methods.
diff --git a/net/instaweb/rewriter/csp.cc b/net/instaweb/rewriter/csp.cc
index e6bf168..cc46022 100644
--- a/net/instaweb/rewriter/csp.cc
+++ b/net/instaweb/rewriter/csp.cc
@@ -585,4 +585,8 @@
return true;
}
+void CspContext::AddPolicy(std::unique_ptr<CspPolicy> policy) {
+ policies_.push_back(std::move(policy));
+}
+
} // namespace net_instaweb
diff --git a/net/instaweb/rewriter/csp_test.cc b/net/instaweb/rewriter/csp_test.cc
index 1286491..95fecb2 100644
--- a/net/instaweb/rewriter/csp_test.cc
+++ b/net/instaweb/rewriter/csp_test.cc
@@ -782,6 +782,100 @@
}
}
+TEST(CspContextText, BitField) {
+ {
+ // Base case.
+ CspContext ctx;
+ EXPECT_TRUE(ctx.PermitsEval());
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("script-src 'unsafe-eval'"));
+ ctx.AddPolicy(CspPolicy::Parse("img-src *"));
+ EXPECT_TRUE(ctx.PermitsEval());
+ }
+
+ {
+ // default-src is relevant here.
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("script-src 'unsafe-eval'"));
+ ctx.AddPolicy(CspPolicy::Parse("default-src *"));
+ EXPECT_FALSE(ctx.PermitsEval());
+ }
+}
+
+TEST(CspContext, CanLoadUrl) {
+ {
+ // Base case.
+ CspContext ctx;
+ EXPECT_TRUE(ctx.CanLoadUrl(CspDirective::kImgSrc,
+ GoogleUrl("http://www.example.com"),
+ GoogleUrl("https://www.example.org/foo.png")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("script-src 'unsafe-eval'"));
+ ctx.AddPolicy(CspPolicy::Parse("img-src *"));
+ EXPECT_FALSE(ctx.CanLoadUrl(CspDirective::kImgSrc,
+ GoogleUrl("http://www.example.com"),
+ GoogleUrl("https://www.example.org/foo.png")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("default-src https:"));
+ ctx.AddPolicy(CspPolicy::Parse("img-src *"));
+ EXPECT_TRUE(ctx.CanLoadUrl(CspDirective::kImgSrc,
+ GoogleUrl("http://www.example.com"),
+ GoogleUrl("https://www.example.org/foo.png")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("img-src https:"));
+ ctx.AddPolicy(CspPolicy::Parse("img-src *"));
+ EXPECT_TRUE(ctx.CanLoadUrl(CspDirective::kImgSrc,
+ GoogleUrl("http://www.example.com"),
+ GoogleUrl("https://www.example.org/foo.png")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("img-src 'self'"));
+ ctx.AddPolicy(CspPolicy::Parse("img-src *"));
+ EXPECT_FALSE(ctx.CanLoadUrl(CspDirective::kImgSrc,
+ GoogleUrl("http://www.example.com"),
+ GoogleUrl("https://www.example.org/foo.png")));
+ }
+}
+
+TEST(CspContext, BaseUri) {
+ {
+ // Base case.
+ CspContext ctx;
+ EXPECT_TRUE(ctx.IsBasePermitted(GoogleUrl("http://example.com"),
+ GoogleUrl("https://sub.example.com")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("base-uri https:"));
+ ctx.AddPolicy(CspPolicy::Parse("base-uri *.example.com"));
+ EXPECT_TRUE(ctx.IsBasePermitted(GoogleUrl("http://example.com"),
+ GoogleUrl("https://sub.example.com")));
+ }
+
+ {
+ CspContext ctx;
+ ctx.AddPolicy(CspPolicy::Parse("base-uri https:"));
+ ctx.AddPolicy(CspPolicy::Parse("base-uri *.example.com"));
+ EXPECT_FALSE(ctx.IsBasePermitted(GoogleUrl("http://example.com"),
+ GoogleUrl("https://sub.example.org")));
+ }
+}
+
} // namespace
} // namespace net_instaweb
diff --git a/net/instaweb/rewriter/public/csp.h b/net/instaweb/rewriter/public/csp.h
index 0919e69..5df0dbf 100644
--- a/net/instaweb/rewriter/public/csp.h
+++ b/net/instaweb/rewriter/public/csp.h
@@ -261,6 +261,8 @@
return true;
}
+ void AddPolicy(std::unique_ptr<CspPolicy> policy);
+
private:
typedef bool (CspPolicy::*SimplePredicateFn)() const;
