From 4f95565b889a281780af332d9f641c5bd5b1eec8 Mon Sep 17 00:00:00 2001 From: Blink WPT Bot Date: Wed, 8 May 2024 16:30:34 +0000 Subject: [PATCH] Bug 1890696 [wpt PR 45638] - Subresource Integrity support for ES modules, using importmaps, a=testonly Automatic update from web-platform-tests Subresource Integrity support for ES modules, using importmaps (#45638) SRI support for ES modules enables using them in documents that require SRI for certain scripts for security reasons, as well as with the move overarching require-sri-for CSP directive. This CL implements https://github.com/whatwg/html/pull/10269 based on https://github.com/guybedford/import-maps-extensions#integrity I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/O2UR3kb-HcI/m/7Jh7_GYsAAAJ?utm_medium=email&utm_source=footer Change-Id: Ida563334048d013ffc658f9783f9401930dd4689 Bug: 334251999 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5441822 Reviewed-by: Domenic Denicola Commit-Queue: Yoav Weiss (@Shopify) Cr-Commit-Position: refs/heads/main@{#1297376} Co-authored-by: Yoav Weiss -- wpt-commits: 7daf23a6329f4577bc3723d5e25eae8eae26e710 wpt-pr: 45638 --- .../tests/import-maps/dynamic-integrity.html | 87 ++++++++++ ...no-referencing-script-integrity-valid.html | 37 ++++ .../no-referencing-script-integrity.html | 34 ++++ .../import-maps/nonimport-integrity.html | 161 ++++++++++++++++++ .../tests/import-maps/static-integrity.html | 68 ++++++++ .../fetch-request-resources.https.html | 75 +++++++- .../fetch-request-resources-iframe.https.html | 43 ++++- 7 files changed, 502 insertions(+), 3 deletions(-) create mode 100644 testing/web-platform/tests/import-maps/dynamic-integrity.html create mode 100644 testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html create mode 100644 testing/web-platform/tests/import-maps/no-referencing-script-integrity.html create mode 100644 testing/web-platform/tests/import-maps/nonimport-integrity.html create mode 100644 testing/web-platform/tests/import-maps/static-integrity.html diff --git a/testing/web-platform/tests/import-maps/dynamic-integrity.html b/testing/web-platform/tests/import-maps/dynamic-integrity.html new file mode 100644 index 0000000000000..7a6fed71086b2 --- /dev/null +++ b/testing/web-platform/tests/import-maps/dynamic-integrity.html @@ -0,0 +1,87 @@ + + + + + + + + diff --git a/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html b/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html new file mode 100644 index 0000000000000..2594459fcbfbc --- /dev/null +++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html b/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html new file mode 100644 index 0000000000000..8025ba3b8993d --- /dev/null +++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/import-maps/nonimport-integrity.html b/testing/web-platform/tests/import-maps/nonimport-integrity.html new file mode 100644 index 0000000000000..1157ee64ee781 --- /dev/null +++ b/testing/web-platform/tests/import-maps/nonimport-integrity.html @@ -0,0 +1,161 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/import-maps/static-integrity.html b/testing/web-platform/tests/import-maps/static-integrity.html new file mode 100644 index 0000000000000..d1d3649339e5b --- /dev/null +++ b/testing/web-platform/tests/import-maps/static-integrity.html @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html b/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html index b4680c3ccd58d..9524e6d4749b2 100644 --- a/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html +++ b/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html @@ -90,7 +90,67 @@ destination: 'script', message: `Script load (url:${actual_url})` }; - frame.contentWindow.load_script_with_integrity(actual_url, integrity); + frame.contentWindow.load_script_with_integrity(actual_url, integrity, /*type=*/null); + return add_promise_to_test(actual_url); +} + +function module_script_integrity_test(frame, url, integrity, expected_integrity) { + const actual_url = url + "_module"; + expected_results[actual_url] = { + url: actual_url, + mode: 'cors', + credentials: 'same-origin', + redirect: 'follow', + integrity: expected_integrity, + destination: 'script', + message: `Module Script load (url:${actual_url})` + }; + frame.contentWindow.load_script_with_integrity(actual_url, integrity, "module"); + return add_promise_to_test(actual_url); +} + +function modulepreload_integrity_test(frame, url, integrity, expected_integrity) { + const actual_url = url + "_modulepreload"; + expected_results[actual_url] = { + url: actual_url, + mode: 'cors', + credentials: 'same-origin', + redirect: 'follow', + integrity: expected_integrity, + destination: 'script', + message: `Module Script load (url:${actual_url})` + }; + frame.contentWindow.load_modulepreload_with_integrity(actual_url, integrity); + return add_promise_to_test(actual_url); +} + +function import_module_integrity_test(frame, url, expected_integrity) { + const actual_url = url + "_moduleimport"; + expected_results[actual_url] = { + url: actual_url, + mode: 'cors', + credentials: 'same-origin', + redirect: 'follow', + integrity: expected_integrity, + destination: 'script', + message: `Module Script load (url:${actual_url})` + }; + frame.contentWindow.import_modulescript(actual_url); + return add_promise_to_test(actual_url); +} + +function import_dynamic_module_integrity_test(frame, url, expected_integrity) { + const actual_url = url + "_moduleimportdynamic"; + expected_results[actual_url] = { + url: actual_url, + mode: 'cors', + credentials: 'same-origin', + redirect: 'follow', + integrity: expected_integrity, + destination: 'script', + message: `Module Script load (url:${actual_url})` + }; + frame.contentWindow.import_dynamic_modulescript(actual_url); return add_promise_to_test(actual_url); } @@ -253,6 +313,19 @@ 'sha256-foo sha384-abc '); await script_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc'); + await module_script_integrity_test(f, LOCAL_URL, + null, + 'sha384-foobar'); + + await modulepreload_integrity_test(f, LOCAL_URL, + null, + 'sha384-foobar'); + + await import_module_integrity_test(f, LOCAL_URL, + 'sha384-foobar'); + + await import_dynamic_module_integrity_test(f, LOCAL_URL, + 'sha384-foobar'); await css_integrity_test(f, LOCAL_URL, ' ', ' '); await css_integrity_test( diff --git a/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html b/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html index 86e9f4bb3598a..37fc491134d0f 100644 --- a/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html +++ b/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html @@ -1,5 +1,15 @@ +