summaryrefslogtreecommitdiff
path: root/Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs
diff options
context:
space:
mode:
Diffstat (limited to 'Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs')
-rw-r--r--Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs209
1 files changed, 209 insertions, 0 deletions
diff --git a/Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs b/Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs
new file mode 100644
index 0000000..976ba92
--- /dev/null
+++ b/Runtime/Managed/CrossDomainPolicyParser/Tests/FlashPolicyParserTests.cs
@@ -0,0 +1,209 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+using MonoForks.Mono.Xml;
+using MonoForks.System.Net;
+using NUnit.Framework;
+using MonoForks.System.Windows.Browser.Net;
+using UnityEngine;
+using Uri = MonoForks.System.Uri;
+
+namespace CrossDomainPolicyParserTests
+{
+ [TestFixture]
+ public class FlashPolicyParserTests
+ {
+ static string XDomainGlobal =
+@"<?xml version=""1.0""?>
+<!DOCTYPE cross-domain-policy SYSTEM ""http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"">
+<cross-domain-policy>
+ <allow-access-from domain=""*"" />
+</cross-domain-policy>";
+
+ string http_hosted = "http://www.host.com/coolgame.unity3d";
+ string https_hosted = "https://secure.host.net/coolgame.unity3d";
+ string file_hosted = "file:///coolgame.unity3";
+
+ [Test]
+ public void GlobalXDomainAcceptsRequestOnSameDomain()
+ {
+ string requesturl = "http://www.mach8.nl/index.html";
+
+ Assert.IsTrue(RequestAllowed(XDomainGlobal, requesturl, http_hosted));
+ }
+ [Test]
+ public void GlobalXDomainAcceptsRequestOnSubDomain()
+ {
+ string requesturl = "http://subdomain.mach8.nl/index.html";
+
+ Assert.IsTrue(RequestAllowed(XDomainGlobal, requesturl, http_hosted));
+ }
+
+ [Test]
+ public void GlobalXDomainAllowsSecureRequestWhenHostedNonSecure()
+ {
+ string requesturl = "https://www.mach8.nl/index.html";
+
+ Assert.IsTrue(RequestAllowed(XDomainGlobal, requesturl, http_hosted));
+ }
+ [Test]
+ public void GlobalXDomainAcceptsSecureRequestWhenHostedSecure()
+ {
+ string requesturl = "https://www.mach8.nl/index.html";
+
+ Assert.IsTrue(RequestAllowed(XDomainGlobal, requesturl, https_hosted));
+ }
+ [Test]
+ public void GlobalXDomainDeniesNonSecureRequestWhenHostedSecure()
+ {
+ string requesturl = "http://www.mach8.nl/index.html";
+ Assert.IsFalse(RequestAllowed(XDomainGlobal, requesturl, https_hosted));
+ }
+
+ [Test]
+ public void AllDomain_Secure()
+ {
+ string policy = @"<?xml version=""1.0""?>
+<!DOCTYPE cross-domain-policy SYSTEM ""http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"">
+<cross-domain-policy>
+ <allow-access-from domain=""*"" secure=""true""/>
+</cross-domain-policy>";
+
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void WhenRequestURLMatchesWildCardAccessIsAllowed()
+ {
+ string policy = @"<?xml version=""1.0""?>
+<cross-domain-policy>
+ <allow-access-from domain=""*.mydomain.nl"" />
+</cross-domain-policy>";
+
+ Assert.IsTrue(RequestAllowed(policy, "http://subdomain.mydomain.nl", http_hosted));
+ }
+
+ [Test]
+ public void WhenRequestURLDoesNotMatchWildCardAccessIsDisallowed()
+ {
+ string policy = @"<?xml version=""1.0""?>
+<cross-domain-policy>
+ <allow-access-from domain=""*.mydomain.nl"" />
+</cross-domain-policy>";
+
+ Assert.IsFalse(RequestAllowed(policy, "http://subdomain.myotherdomain.nl", http_hosted));
+ }
+
+
+ [Test]
+ public void AllDomains_NoDTD()
+ {
+ string policy = @"<?xml version='1.0'?><cross-domain-policy><allow-access-from domain='*'/></cross-domain-policy>";
+
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_NoXmlHeader()
+ {
+ string policy = @"<cross-domain-policy>
+ <allow-access-from domain=""*"" to-ports=""*""/>
+</cross-domain-policy> ";
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_PermittedCrossDomainPolicies_All()
+ {
+ // 'all' is the default value
+ // http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html#site-control-permitted-cross-domain-policies
+ string policy = @"<?xml version='1.0'?>
+<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
+<cross-domain-policy>
+ <site-control permitted-cross-domain-policies='all' />
+ <allow-access-from domain='*' />
+</cross-domain-policy>";
+
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_PermittedCrossDomainPolicies_MasterOnly()
+ {
+ string policy = @"<?xml version='1.0'?>
+<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
+<cross-domain-policy>
+ <site-control permitted-cross-domain-policies='master-only' />
+ <allow-access-from domain='*' />
+</cross-domain-policy>";
+
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_PermittedCrossDomainPolicies_None()
+ {
+ string policy = @"<?xml version='1.0'?>
+<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
+<cross-domain-policy>
+ <site-control permitted-cross-domain-policies='none' />
+ <allow-access-from domain='*' />
+</cross-domain-policy>";
+ Assert.IsFalse(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_PermittedCrossDomainPolicies_ByContentType()
+ {
+ string policy = @"<?xml version='1.0'?>
+<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
+<cross-domain-policy>
+ <site-control permitted-cross-domain-policies='by-content-type' />
+ <allow-access-from domain='*' />
+</cross-domain-policy>";
+ Assert.IsFalse(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ public void AllDomains_PermittedCrossDomainPolicies_ByFtpFilename()
+ {
+ string policy = @"<?xml version='1.0'?>
+<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
+<cross-domain-policy>
+ <site-control permitted-cross-domain-policies='by-ftp-filename' />
+ <allow-access-from domain='*' />
+</cross-domain-policy>";
+ Assert.IsTrue(RequestAllowed(policy, "http://www.host.com", http_hosted));
+ }
+
+ [Test]
+ [ExpectedException(typeof(MiniParser.XMLError))]
+ public void IllformedPolicyIsRejected()
+ {
+ FlashCrossDomainPolicyFromString("bogus", "http://www.host.com");
+ }
+
+ [Test]
+ [ExpectedException(typeof(ArgumentException))]
+ public void EmptyPolicyStringIsRejected()
+ {
+ FlashCrossDomainPolicyFromString("", "http://www.host.com");
+ }
+
+ private bool RequestAllowed(string xdomain, string requesturl, string hosturl)
+ {
+ FlashCrossDomainPolicy policy = FlashCrossDomainPolicyFromString(xdomain, hosturl);
+ var wr = new WebRequest(new Uri(requesturl), new Dictionary<string, string>());
+ return policy.IsAllowed(wr);
+ }
+
+ private FlashCrossDomainPolicy FlashCrossDomainPolicyFromString(string xdomain, string hosturl)
+ {
+ UnityCrossDomainHelper.SetWebSecurityHostUriDelegate(() => hosturl);
+
+ var ms = new MemoryStream(Encoding.UTF8.GetBytes(xdomain));
+ return FlashCrossDomainPolicy.FromStream(ms);
+ }
+ }
+}
generated by cgit v1.1-26-g67d0 at 2025-05-18 20:34:53 +0000