Adding upstream version 86.0.1.upstream/86.0.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

7 files changed, 550 insertions, 0 deletions

diff --git a/toolkit/system/osxproxy/ProxyUtils.h b/toolkit/system/osxproxy/ProxyUtils.h
new file mode 100644
index 0000000000..8a449f10a8
--- /dev/null
+++ b/toolkit/system/osxproxy/ProxyUtils.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_toolkit_system_osxproxy_ProxyUtils_h
+#define mozilla_toolkit_system_osxproxy_ProxyUtils_h
+
+#include "nsString.h"
+
+namespace mozilla {
+namespace toolkit {
+namespace system {
+
+bool IsHostProxyEntry(const nsACString& aHost, const nsACString& aOverride);
+
+}  // namespace system
+}  // namespace toolkit
+}  // namespace mozilla
+
+#endif  // mozilla_toolkit_system_osxproxy_ProxyUtils_h
diff --git a/toolkit/system/osxproxy/ProxyUtils.mm b/toolkit/system/osxproxy/ProxyUtils.mm
new file mode 100644
index 0000000000..cade1c5fae
--- /dev/null
+++ b/toolkit/system/osxproxy/ProxyUtils.mm
@@ -0,0 +1,150 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ProxyUtils.h"
+#include "nsTArray.h"
+#include "prnetdb.h"
+#include "prtypes.h"
+
+namespace mozilla {
+namespace toolkit {
+namespace system {
+
+/**
+ * Normalize the short IP form into the complete form.
+ * For example, it converts "192.168" into "192.168.0.0"
+ */
+static void NormalizeAddr(const nsACString& aAddr, nsCString& aNormalized) {
+  nsTArray<nsCString> addr;
+  ParseString(aAddr, '.', addr);
+  aNormalized = "";
+  for (uint32_t i = 0; i < 4; ++i) {
+    if (i != 0) {
+      aNormalized.AppendLiteral(".");
+    }
+    if (i < addr.Length()) {
+      aNormalized.Append(addr[i]);
+    } else {
+      aNormalized.AppendLiteral("0");
+    }
+  }
+}
+
+static PRUint32 MaskIPv4Addr(PRUint32 aAddr, uint16_t aMaskLen) {
+  if (aMaskLen == 32) {
+    return aAddr;
+  }
+  return PR_htonl(PR_ntohl(aAddr) & (~0L << (32 - aMaskLen)));
+}
+
+static void MaskIPv6Addr(PRIPv6Addr& aAddr, uint16_t aMaskLen) {
+  if (aMaskLen == 128) {
+    return;
+  }
+
+  if (aMaskLen > 96) {
+    aAddr.pr_s6_addr32[3] = PR_htonl(PR_ntohl(aAddr.pr_s6_addr32[3]) & (~0L << (128 - aMaskLen)));
+  } else if (aMaskLen > 64) {
+    aAddr.pr_s6_addr32[3] = 0;
+    aAddr.pr_s6_addr32[2] = PR_htonl(PR_ntohl(aAddr.pr_s6_addr32[2]) & (~0L << (96 - aMaskLen)));
+  } else if (aMaskLen > 32) {
+    aAddr.pr_s6_addr32[3] = 0;
+    aAddr.pr_s6_addr32[2] = 0;
+    aAddr.pr_s6_addr32[1] = PR_htonl(PR_ntohl(aAddr.pr_s6_addr32[1]) & (~0L << (64 - aMaskLen)));
+  } else {
+    aAddr.pr_s6_addr32[3] = 0;
+    aAddr.pr_s6_addr32[2] = 0;
+    aAddr.pr_s6_addr32[1] = 0;
+    aAddr.pr_s6_addr32[0] = PR_htonl(PR_ntohl(aAddr.pr_s6_addr32[0]) & (~0L << (32 - aMaskLen)));
+  }
+
+  return;
+}
+
+static bool IsMatchMask(const nsACString& aHost, const nsACString& aOverride) {
+  nsresult rv;
+
+  auto tokenEnd = aOverride.FindChar('/');
+  if (tokenEnd == -1) {
+    return false;
+  }
+
+  nsAutoCString prefixStr(Substring(aOverride, tokenEnd + 1, aOverride.Length() - tokenEnd - 1));
+  auto maskLen = prefixStr.ToInteger(&rv);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+
+  nsAutoCString override(aOverride);
+  NormalizeAddr(Substring(aOverride, 0, tokenEnd), override);
+
+  PRNetAddr prAddrHost;
+  PRNetAddr prAddrOverride;
+  if (PR_SUCCESS != PR_StringToNetAddr(PromiseFlatCString(aHost).get(), &prAddrHost) ||
+      PR_SUCCESS != PR_StringToNetAddr(override.get(), &prAddrOverride)) {
+    return false;
+  }
+
+  if (prAddrHost.raw.family == PR_AF_INET && prAddrOverride.raw.family == PR_AF_INET) {
+    return MaskIPv4Addr(prAddrHost.inet.ip, maskLen) ==
+           MaskIPv4Addr(prAddrOverride.inet.ip, maskLen);
+  } else if (prAddrHost.raw.family == PR_AF_INET6 && prAddrOverride.raw.family == PR_AF_INET6) {
+    MaskIPv6Addr(prAddrHost.ipv6.ip, maskLen);
+    MaskIPv6Addr(prAddrOverride.ipv6.ip, maskLen);
+
+    return memcmp(&prAddrHost.ipv6.ip, &prAddrOverride.ipv6.ip, sizeof(PRIPv6Addr)) == 0;
+  }
+
+  return false;
+}
+
+static bool IsMatchWildcard(const nsACString& aHost, const nsACString& aOverride) {
+  nsAutoCString host(aHost);
+  nsAutoCString override(aOverride);
+
+  int32_t overrideLength = override.Length();
+  int32_t tokenStart = 0;
+  int32_t offset = 0;
+  bool star = false;
+
+  while (tokenStart < overrideLength) {
+    int32_t tokenEnd = override.FindChar('*', tokenStart);
+    if (tokenEnd == tokenStart) {
+      // Star is the first character in the token.
+      star = true;
+      tokenStart++;
+      // If the character following the '*' is a '.' character then skip
+      // it so that "*.foo.com" allows "foo.com".
+      if (override.FindChar('.', tokenStart) == tokenStart) {
+        nsAutoCString token(Substring(override, tokenStart + 1, overrideLength - tokenStart - 1));
+        if (host.Equals(token)) {
+          return true;
+        }
+      }
+    } else {
+      if (tokenEnd == -1) {
+        tokenEnd = overrideLength;  // no '*' char, match rest of string
+      }
+      nsAutoCString token(Substring(override, tokenStart, tokenEnd - tokenStart));
+      offset = host.Find(token, /* aIgnoreCase = */ false, offset);
+      if (offset == -1 || (!star && offset)) {
+        return false;
+      }
+      star = false;
+      tokenStart = tokenEnd;
+      offset += token.Length();
+    }
+  }
+
+  return (star || (offset == static_cast<int32_t>(host.Length())));
+}
+
+bool IsHostProxyEntry(const nsACString& aHost, const nsACString& aOverride) {
+  return IsMatchMask(aHost, aOverride) || IsMatchWildcard(aHost, aOverride);
+}
+
+}  // namespace system
+}  // namespace toolkit
+}  // namespace mozilla
diff --git a/toolkit/system/osxproxy/components.conf b/toolkit/system/osxproxy/components.conf
new file mode 100644
index 0000000000..b3e3c464b6
--- /dev/null
+++ b/toolkit/system/osxproxy/components.conf
@@ -0,0 +1,13 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Classes = [
+    {
+        'cid': '{9afcd4b8-2e0f-41f4-8f1f-3bf0d3cf67de}',
+        'contract_ids': ['@mozilla.org/system-proxy-settings;1'],
+        'type': 'nsOSXSystemProxySettings',
+    },
+]
diff --git a/toolkit/system/osxproxy/moz.build b/toolkit/system/osxproxy/moz.build
new file mode 100644
index 0000000000..387e636d28
--- /dev/null
+++ b/toolkit/system/osxproxy/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "Networking")
+
+TEST_DIRS += ["tests/gtest"]
+
+SOURCES += [
+    "nsOSXSystemProxySettings.mm",
+    "ProxyUtils.mm",
+]
+
+XPCOM_MANIFESTS += [
+    "components.conf",
+]
+
+FINAL_LIBRARY = "xul"
diff --git a/toolkit/system/osxproxy/nsOSXSystemProxySettings.mm b/toolkit/system/osxproxy/nsOSXSystemProxySettings.mm
new file mode 100644
index 0000000000..e22eedd866
--- /dev/null
+++ b/toolkit/system/osxproxy/nsOSXSystemProxySettings.mm
@@ -0,0 +1,280 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#import <Cocoa/Cocoa.h>
+#import <SystemConfiguration/SystemConfiguration.h>
+
+#include "nsISystemProxySettings.h"
+#include "mozilla/Components.h"
+#include "nsPrintfCString.h"
+#include "nsNetCID.h"
+#include "nsObjCExceptions.h"
+#include "mozilla/Attributes.h"
+#include "ProxyUtils.h"
+
+class nsOSXSystemProxySettings final : public nsISystemProxySettings {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISYSTEMPROXYSETTINGS
+
+  nsOSXSystemProxySettings();
+  nsresult Init();
+
+  // called by OSX when the proxy settings have changed
+  void ProxyHasChanged();
+
+  // is there a PAC url specified in the system configuration
+  bool IsAutoconfigEnabled() const;
+  // retrieve the pac url
+  nsresult GetAutoconfigURL(nsAutoCString& aResult) const;
+
+  // Find the SystemConfiguration proxy & port for a given URI
+  nsresult FindSCProxyPort(const nsACString& aScheme, nsACString& aResultHost, int32_t& aResultPort,
+                           bool& aResultSocksProxy);
+
+  // is host:port on the proxy exception list?
+  bool IsInExceptionList(const nsACString& aHost) const;
+
+ private:
+  ~nsOSXSystemProxySettings();
+
+  SCDynamicStoreContext mContext;
+  SCDynamicStoreRef mSystemDynamicStore;
+  NSDictionary* mProxyDict;
+
+  // Mapping of URI schemes to SystemConfiguration keys
+  struct SchemeMapping {
+    const char* mScheme;
+    CFStringRef mEnabled;
+    CFStringRef mHost;
+    CFStringRef mPort;
+    bool mIsSocksProxy;
+  };
+  static const SchemeMapping gSchemeMappingList[];
+};
+
+NS_IMPL_ISUPPORTS(nsOSXSystemProxySettings, nsISystemProxySettings)
+
+NS_IMETHODIMP
+nsOSXSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
+  *aMainThreadOnly = true;
+  return NS_OK;
+}
+
+// Mapping of URI schemes to SystemConfiguration keys
+const nsOSXSystemProxySettings::SchemeMapping nsOSXSystemProxySettings::gSchemeMappingList[] = {
+    {"http", kSCPropNetProxiesHTTPEnable, kSCPropNetProxiesHTTPProxy, kSCPropNetProxiesHTTPPort,
+     false},
+    {"https", kSCPropNetProxiesHTTPSEnable, kSCPropNetProxiesHTTPSProxy, kSCPropNetProxiesHTTPSPort,
+     false},
+    {"ftp", kSCPropNetProxiesFTPEnable, kSCPropNetProxiesFTPProxy, kSCPropNetProxiesFTPPort, false},
+    {"socks", kSCPropNetProxiesSOCKSEnable, kSCPropNetProxiesSOCKSProxy, kSCPropNetProxiesSOCKSPort,
+     true},
+    {NULL, NULL, NULL, NULL, false},
+};
+
+static void ProxyHasChangedWrapper(SCDynamicStoreRef aStore, CFArrayRef aChangedKeys, void* aInfo) {
+  static_cast<nsOSXSystemProxySettings*>(aInfo)->ProxyHasChanged();
+}
+
+nsOSXSystemProxySettings::nsOSXSystemProxySettings() : mSystemDynamicStore(NULL), mProxyDict(NULL) {
+  mContext = (SCDynamicStoreContext){0, this, NULL, NULL, NULL};
+}
+
+nsresult nsOSXSystemProxySettings::Init() {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
+
+  // Register for notification of proxy setting changes
+  // See:
+  // http://developer.apple.com/documentation/Networking/Conceptual/CFNetwork/CFStreamTasks/chapter_4_section_5.html
+  mSystemDynamicStore =
+      SCDynamicStoreCreate(NULL, CFSTR("Mozilla"), ProxyHasChangedWrapper, &mContext);
+  if (!mSystemDynamicStore) return NS_ERROR_FAILURE;
+
+  // Set up the store to monitor any changes to the proxies
+  CFStringRef proxiesKey = SCDynamicStoreKeyCreateProxies(NULL);
+  if (!proxiesKey) return NS_ERROR_FAILURE;
+
+  CFArrayRef keyArray = CFArrayCreate(NULL, (const void**)(&proxiesKey), 1, &kCFTypeArrayCallBacks);
+  CFRelease(proxiesKey);
+  if (!keyArray) return NS_ERROR_FAILURE;
+
+  SCDynamicStoreSetNotificationKeys(mSystemDynamicStore, keyArray, NULL);
+  CFRelease(keyArray);
+
+  // Add the dynamic store to the run loop
+  CFRunLoopSourceRef storeRLSource =
+      SCDynamicStoreCreateRunLoopSource(NULL, mSystemDynamicStore, 0);
+  if (!storeRLSource) return NS_ERROR_FAILURE;
+  CFRunLoopAddSource(CFRunLoopGetCurrent(), storeRLSource, kCFRunLoopCommonModes);
+  CFRelease(storeRLSource);
+
+  // Load the initial copy of proxy info
+  mProxyDict = (NSDictionary*)SCDynamicStoreCopyProxies(mSystemDynamicStore);
+  if (!mProxyDict) return NS_ERROR_FAILURE;
+
+  return NS_OK;
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_NSRESULT;
+}
+
+nsOSXSystemProxySettings::~nsOSXSystemProxySettings() {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
+
+  [mProxyDict release];
+
+  if (mSystemDynamicStore) {
+    // Invalidate the dynamic store's run loop source
+    // to get the store out of the run loop
+    CFRunLoopSourceRef rls = SCDynamicStoreCreateRunLoopSource(NULL, mSystemDynamicStore, 0);
+    if (rls) {
+      CFRunLoopSourceInvalidate(rls);
+      CFRelease(rls);
+    }
+    CFRelease(mSystemDynamicStore);
+  }
+
+  NS_OBJC_END_TRY_ABORT_BLOCK;
+}
+
+void nsOSXSystemProxySettings::ProxyHasChanged() {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
+
+  [mProxyDict release];
+  mProxyDict = (NSDictionary*)SCDynamicStoreCopyProxies(mSystemDynamicStore);
+
+  NS_OBJC_END_TRY_ABORT_BLOCK;
+}
+
+nsresult nsOSXSystemProxySettings::FindSCProxyPort(const nsACString& aScheme,
+                                                   nsACString& aResultHost, int32_t& aResultPort,
+                                                   bool& aResultSocksProxy) {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
+
+  NS_ENSURE_TRUE(mProxyDict != NULL, NS_ERROR_FAILURE);
+
+  for (const SchemeMapping* keys = gSchemeMappingList; keys->mScheme != NULL; ++keys) {
+    // Check for matching scheme (when appropriate)
+    if (strcasecmp(keys->mScheme, PromiseFlatCString(aScheme).get()) && !keys->mIsSocksProxy)
+      continue;
+
+    // Check the proxy is enabled
+    NSNumber* enabled = [mProxyDict objectForKey:(NSString*)keys->mEnabled];
+    NS_ENSURE_TRUE(enabled == NULL || [enabled isKindOfClass:[NSNumber class]], NS_ERROR_FAILURE);
+    if ([enabled intValue] == 0) continue;
+
+    // Get the proxy host
+    NSString* host = [mProxyDict objectForKey:(NSString*)keys->mHost];
+    if (host == NULL) break;
+    NS_ENSURE_TRUE([host isKindOfClass:[NSString class]], NS_ERROR_FAILURE);
+    aResultHost.Assign([host UTF8String]);
+
+    // Get the proxy port
+    NSNumber* port = [mProxyDict objectForKey:(NSString*)keys->mPort];
+    NS_ENSURE_TRUE([port isKindOfClass:[NSNumber class]], NS_ERROR_FAILURE);
+    aResultPort = [port intValue];
+
+    aResultSocksProxy = keys->mIsSocksProxy;
+
+    return NS_OK;
+  }
+
+  return NS_ERROR_FAILURE;
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_NSRESULT;
+}
+
+bool nsOSXSystemProxySettings::IsAutoconfigEnabled() const {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_RETURN;
+
+  NSNumber* value = [mProxyDict objectForKey:(NSString*)kSCPropNetProxiesProxyAutoConfigEnable];
+  NS_ENSURE_TRUE(value == NULL || [value isKindOfClass:[NSNumber class]], false);
+  return ([value intValue] != 0);
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_RETURN(false);
+}
+
+nsresult nsOSXSystemProxySettings::GetAutoconfigURL(nsAutoCString& aResult) const {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
+
+  NSString* value = [mProxyDict objectForKey:(NSString*)kSCPropNetProxiesProxyAutoConfigURLString];
+  if (value != NULL) {
+    NS_ENSURE_TRUE([value isKindOfClass:[NSString class]], NS_ERROR_FAILURE);
+    aResult.Assign([value UTF8String]);
+    return NS_OK;
+  }
+
+  return NS_ERROR_FAILURE;
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_NSRESULT;
+}
+
+bool nsOSXSystemProxySettings::IsInExceptionList(const nsACString& aHost) const {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_RETURN;
+
+  NS_ENSURE_TRUE(mProxyDict != NULL, false);
+
+  NSArray* exceptionList = [mProxyDict objectForKey:(NSString*)kSCPropNetProxiesExceptionsList];
+  NS_ENSURE_TRUE(exceptionList == NULL || [exceptionList isKindOfClass:[NSArray class]], false);
+
+  NSEnumerator* exceptionEnumerator = [exceptionList objectEnumerator];
+  NSString* currentValue = NULL;
+  while ((currentValue = [exceptionEnumerator nextObject])) {
+    NS_ENSURE_TRUE([currentValue isKindOfClass:[NSString class]], false);
+    nsAutoCString overrideStr([currentValue UTF8String]);
+    if (mozilla::toolkit::system::IsHostProxyEntry(aHost, overrideStr)) return true;
+  }
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_RETURN(false);
+}
+
+nsresult nsOSXSystemProxySettings::GetPACURI(nsACString& aResult) {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
+
+  NS_ENSURE_TRUE(mProxyDict != NULL, NS_ERROR_FAILURE);
+
+  nsAutoCString pacUrl;
+  if (IsAutoconfigEnabled() && NS_SUCCEEDED(GetAutoconfigURL(pacUrl))) {
+    aResult.Assign(pacUrl);
+    return NS_OK;
+  }
+
+  return NS_ERROR_FAILURE;
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_NSRESULT;
+}
+
+nsresult nsOSXSystemProxySettings::GetProxyForURI(const nsACString& aSpec,
+                                                  const nsACString& aScheme,
+                                                  const nsACString& aHost, const int32_t aPort,
+                                                  nsACString& aResult) {
+  NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
+
+  int32_t proxyPort;
+  nsAutoCString proxyHost;
+  bool proxySocks;
+  nsresult rv = FindSCProxyPort(aScheme, proxyHost, proxyPort, proxySocks);
+
+  if (NS_FAILED(rv) || IsInExceptionList(aHost)) {
+    aResult.AssignLiteral("DIRECT");
+  } else if (proxySocks) {
+    aResult.Assign("SOCKS "_ns + proxyHost + nsPrintfCString(":%d", proxyPort));
+  } else {
+    aResult.Assign("PROXY "_ns + proxyHost + nsPrintfCString(":%d", proxyPort));
+  }
+
+  return NS_OK;
+
+  NS_OBJC_END_TRY_ABORT_BLOCK_NSRESULT;
+}
+
+NS_IMPL_COMPONENT_FACTORY(nsOSXSystemProxySettings) {
+  auto settings = mozilla::MakeRefPtr<nsOSXSystemProxySettings>();
+  if (NS_SUCCEEDED(settings->Init())) {
+    return settings.forget().downcast<nsISupports>();
+  }
+  return nullptr;
+}
diff --git a/toolkit/system/osxproxy/tests/gtest/TestProxyBypassRules.cpp b/toolkit/system/osxproxy/tests/gtest/TestProxyBypassRules.cpp
new file mode 100644
index 0000000000..826011f13e
--- /dev/null
+++ b/toolkit/system/osxproxy/tests/gtest/TestProxyBypassRules.cpp
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "ProxyUtils.h"
+
+using namespace mozilla::toolkit::system;
+
+TEST(OSXProxy, TestProxyBypassRules)
+{
+  EXPECT_TRUE(IsHostProxyEntry("mozilla.org"_ns, "mozilla.org"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("mozilla.org"_ns, "*mozilla.org"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("mozilla.org"_ns, "*.mozilla.org"_ns));
+  EXPECT_FALSE(IsHostProxyEntry("notmozilla.org"_ns, "*.mozilla.org"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("www.mozilla.org"_ns, "*mozilla.org"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("www.mozilla.org"_ns, "*.mozilla.org"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("www.mozilla.com"_ns, "*.mozilla.*"_ns));
+}
+
+TEST(OSXProxy, TestProxyBypassRulesIPv4)
+{
+  EXPECT_TRUE(IsHostProxyEntry("192.168.1.1"_ns, "192.168.1.*"_ns));
+  EXPECT_FALSE(IsHostProxyEntry("192.168.1.1"_ns, "192.168.2.*"_ns));
+
+  EXPECT_TRUE(IsHostProxyEntry("10.1.2.3"_ns, "10.0.0.0/8"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("192.168.192.1"_ns, "192.168/16"_ns));
+  EXPECT_FALSE(IsHostProxyEntry("192.168.192.1"_ns, "192.168/17"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("192.168.192.1"_ns, "192.168.128/17"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("192.168.1.1"_ns, "192.168.1.1/32"_ns));
+}
+
+TEST(OSXProxy, TestProxyBypassRulesIPv6)
+{
+  EXPECT_TRUE(IsHostProxyEntry("2001:0DB8:ABCD:0012:0123:4567:89AB:CDEF"_ns,
+                               "2001:db8:abcd:0012::0/64"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("2001:0DB8:ABCD:0012:0000:4567:89AB:CDEF"_ns,
+                               "2001:db8:abcd:0012::0/80"_ns));
+  EXPECT_FALSE(IsHostProxyEntry("2001:0DB8:ABCD:0012:0123:4567:89AB:CDEF"_ns,
+                                "2001:db8:abcd:0012::0/80"_ns));
+  EXPECT_TRUE(IsHostProxyEntry("2001:0DB8:ABCD:0012:0000:0000:89AB:CDEF"_ns,
+                               "2001:db8:abcd:0012::0/96"_ns));
+  EXPECT_FALSE(IsHostProxyEntry("2001:0DB8:ABCD:0012:0123:4567:89AB:CDEF"_ns,
+                                "2001:db8:abcd:0012::0/96"_ns));
+}
diff --git a/toolkit/system/osxproxy/tests/gtest/moz.build b/toolkit/system/osxproxy/tests/gtest/moz.build
new file mode 100644
index 0000000000..976c83a07e
--- /dev/null
+++ b/toolkit/system/osxproxy/tests/gtest/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at http://mozilla.org/MPL/2.0/.
+
+UNIFIED_SOURCES += [
+    "TestProxyBypassRules.cpp",
+]
+
+LOCAL_INCLUDES += [
+    "/toolkit/system/osxproxy",
+]
+
+FINAL_LIBRARY = "xul-gtest"
+
+if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+    CXXFLAGS += ["-Wshadow"]