summaryrefslogtreecommitdiffstats
path: root/caps/tests/unit
diff options
context:
space:
mode:
Diffstat (limited to 'caps/tests/unit')
-rw-r--r--caps/tests/unit/test_ipv6_host_literal.js39
-rw-r--r--caps/tests/unit/test_origin.js323
-rw-r--r--caps/tests/unit/test_site_origin.js112
-rw-r--r--caps/tests/unit/test_uri_escaping.js29
-rw-r--r--caps/tests/unit/xpcshell.ini7
5 files changed, 510 insertions, 0 deletions
diff --git a/caps/tests/unit/test_ipv6_host_literal.js b/caps/tests/unit/test_ipv6_host_literal.js
new file mode 100644
index 0000000000..0539e17de5
--- /dev/null
+++ b/caps/tests/unit/test_ipv6_host_literal.js
@@ -0,0 +1,39 @@
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var ssm = Services.scriptSecurityManager;
+function makeURI(uri) {
+ return Services.io.newURI(uri);
+}
+
+function testIPV6Host(aHost, aExpected) {
+ var ipv6Host = ssm.createContentPrincipal(makeURI(aHost), {});
+ Assert.equal(ipv6Host.origin, aExpected);
+}
+
+function run_test() {
+ testIPV6Host("http://[::1]/", "http://[::1]");
+
+ testIPV6Host(
+ "http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/",
+ "http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]"
+ );
+
+ testIPV6Host(
+ "http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/",
+ "http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443"
+ );
+
+ testIPV6Host(
+ "http://[2001:db8:85a3::1319:8a2e:370:7348]/",
+ "http://[2001:db8:85a3:0:1319:8a2e:370:7348]"
+ );
+
+ testIPV6Host(
+ "http://[20D1:0000:3238:DFE1:63:0000:0000:FEFB]/",
+ "http://[20d1:0:3238:dfe1:63::fefb]"
+ );
+
+ testIPV6Host(
+ "http://[20D1:0:3238:DFE1:63::FEFB]/",
+ "http://[20d1:0:3238:dfe1:63::fefb]"
+ );
+}
diff --git a/caps/tests/unit/test_origin.js b/caps/tests/unit/test_origin.js
new file mode 100644
index 0000000000..8407020cba
--- /dev/null
+++ b/caps/tests/unit/test_origin.js
@@ -0,0 +1,323 @@
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var ssm = Services.scriptSecurityManager;
+function makeURI(uri) {
+ return Services.io.newURI(uri);
+}
+
+function checkThrows(f) {
+ var threw = false;
+ try {
+ f();
+ } catch (e) {
+ threw = true;
+ }
+ Assert.ok(threw);
+}
+
+function checkCrossOrigin(a, b) {
+ Assert.ok(!a.equals(b));
+ Assert.ok(!a.equalsConsideringDomain(b));
+ Assert.ok(!a.subsumes(b));
+ Assert.ok(!a.subsumesConsideringDomain(b));
+ Assert.ok(!b.subsumes(a));
+ Assert.ok(!b.subsumesConsideringDomain(a));
+}
+
+function checkOriginAttributes(prin, attrs, suffix) {
+ attrs = attrs || {};
+ Assert.equal(
+ prin.originAttributes.inIsolatedMozBrowser,
+ attrs.inIsolatedMozBrowser || false
+ );
+ Assert.equal(prin.originSuffix, suffix || "");
+ Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
+ Assert.ok(
+ ChromeUtils.originAttributesMatchPattern(prin.originAttributes, attrs)
+ );
+ if (!prin.isNullPrincipal && !prin.origin.startsWith("[")) {
+ Assert.ok(ssm.createContentPrincipalFromOrigin(prin.origin).equals(prin));
+ } else {
+ checkThrows(() => ssm.createContentPrincipalFromOrigin(prin.origin));
+ }
+}
+
+function checkSandboxOriginAttributes(arr, attrs, options) {
+ options = options || {};
+ var sandbox = Cu.Sandbox(arr, options);
+ checkOriginAttributes(
+ Cu.getObjectPrincipal(sandbox),
+ attrs,
+ ChromeUtils.originAttributesToSuffix(attrs)
+ );
+}
+
+// utility function useful for debugging
+function printAttrs(name, attrs) {
+ info(
+ name +
+ " {\n" +
+ "\tuserContextId: " +
+ attrs.userContextId +
+ ",\n" +
+ "\tinIsolatedMozBrowser: " +
+ attrs.inIsolatedMozBrowser +
+ ",\n" +
+ "\tprivateBrowsingId: '" +
+ attrs.privateBrowsingId +
+ "',\n" +
+ "\tfirstPartyDomain: '" +
+ attrs.firstPartyDomain +
+ "'\n}"
+ );
+}
+
+function checkValues(attrs, values) {
+ values = values || {};
+ // printAttrs("attrs", attrs);
+ // printAttrs("values", values);
+ Assert.equal(attrs.userContextId, values.userContextId || 0);
+ Assert.equal(
+ attrs.inIsolatedMozBrowser,
+ values.inIsolatedMozBrowser || false
+ );
+ Assert.equal(attrs.privateBrowsingId, values.privateBrowsingId || "");
+ Assert.equal(attrs.firstPartyDomain, values.firstPartyDomain || "");
+}
+
+function run_test() {
+ // Attributeless origins.
+ Assert.equal(ssm.getSystemPrincipal().origin, "[System Principal]");
+ checkOriginAttributes(ssm.getSystemPrincipal());
+ var exampleOrg = ssm.createContentPrincipal(
+ makeURI("http://example.org"),
+ {}
+ );
+ Assert.equal(exampleOrg.origin, "http://example.org");
+ checkOriginAttributes(exampleOrg);
+ var exampleCom = ssm.createContentPrincipal(
+ makeURI("https://www.example.com:123"),
+ {}
+ );
+ Assert.equal(exampleCom.origin, "https://www.example.com:123");
+ checkOriginAttributes(exampleCom);
+ var nullPrin = Cu.getObjectPrincipal(new Cu.Sandbox(null));
+ Assert.ok(
+ /^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(nullPrin.origin)
+ );
+ checkOriginAttributes(nullPrin);
+ var ipv6Prin = ssm.createContentPrincipal(
+ makeURI("https://[2001:db8::ff00:42:8329]:123"),
+ {}
+ );
+ Assert.equal(ipv6Prin.origin, "https://[2001:db8::ff00:42:8329]:123");
+ checkOriginAttributes(ipv6Prin);
+ var ipv6NPPrin = ssm.createContentPrincipal(
+ makeURI("https://[2001:db8::ff00:42:8329]"),
+ {}
+ );
+ Assert.equal(ipv6NPPrin.origin, "https://[2001:db8::ff00:42:8329]");
+ checkOriginAttributes(ipv6NPPrin);
+ var ep = Cu.getObjectPrincipal(
+ Cu.Sandbox([exampleCom, nullPrin, exampleOrg])
+ );
+ checkOriginAttributes(ep);
+ checkCrossOrigin(exampleCom, exampleOrg);
+ checkCrossOrigin(exampleOrg, nullPrin);
+
+ // nsEP origins should be in lexical order.
+ Assert.equal(
+ ep.origin,
+ `[Expanded Principal [${exampleOrg.origin}, ${exampleCom.origin}, ${nullPrin.origin}]]`
+ );
+
+ // Make sure createContentPrincipal does what the rest of gecko does.
+ Assert.ok(
+ exampleOrg.equals(
+ Cu.getObjectPrincipal(new Cu.Sandbox("http://example.org"))
+ )
+ );
+
+ //
+ // Test origin attributes.
+ //
+
+ // Just browser.
+ var exampleOrg_browser = ssm.createContentPrincipal(
+ makeURI("http://example.org"),
+ { inIsolatedMozBrowser: true }
+ );
+ var nullPrin_browser = ssm.createNullPrincipal({
+ inIsolatedMozBrowser: true,
+ });
+ checkOriginAttributes(
+ exampleOrg_browser,
+ { inIsolatedMozBrowser: true },
+ "^inBrowser=1"
+ );
+ checkOriginAttributes(
+ nullPrin_browser,
+ { inIsolatedMozBrowser: true },
+ "^inBrowser=1"
+ );
+ Assert.equal(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
+
+ // First party Uri
+ var exampleOrg_firstPartyDomain = ssm.createContentPrincipal(
+ makeURI("http://example.org"),
+ { firstPartyDomain: "example.org" }
+ );
+ checkOriginAttributes(
+ exampleOrg_firstPartyDomain,
+ { firstPartyDomain: "example.org" },
+ "^firstPartyDomain=example.org"
+ );
+ Assert.equal(
+ exampleOrg_firstPartyDomain.origin,
+ "http://example.org^firstPartyDomain=example.org"
+ );
+
+ // Just userContext.
+ var exampleOrg_userContext = ssm.createContentPrincipal(
+ makeURI("http://example.org"),
+ { userContextId: 42 }
+ );
+ checkOriginAttributes(
+ exampleOrg_userContext,
+ { userContextId: 42 },
+ "^userContextId=42"
+ );
+ Assert.equal(
+ exampleOrg_userContext.origin,
+ "http://example.org^userContextId=42"
+ );
+
+ checkSandboxOriginAttributes(null, {});
+ checkSandboxOriginAttributes("http://example.org", {});
+ checkSandboxOriginAttributes(
+ "http://example.org",
+ {},
+ { originAttributes: {} }
+ );
+ checkSandboxOriginAttributes(["http://example.org"], {});
+ checkSandboxOriginAttributes(
+ ["http://example.org"],
+ {},
+ { originAttributes: {} }
+ );
+
+ // Check that all of the above are cross-origin.
+ checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
+ checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
+ checkCrossOrigin(exampleOrg_userContext, exampleOrg);
+
+ // Check Principal kinds.
+ function checkKind(prin, kind) {
+ Assert.equal(prin.isNullPrincipal, kind == "nullPrincipal");
+ Assert.equal(prin.isContentPrincipal, kind == "contentPrincipal");
+ Assert.equal(prin.isExpandedPrincipal, kind == "expandedPrincipal");
+ Assert.equal(prin.isSystemPrincipal, kind == "systemPrincipal");
+ }
+ checkKind(ssm.createNullPrincipal({}), "nullPrincipal");
+ checkKind(
+ ssm.createContentPrincipal(makeURI("http://www.example.com"), {}),
+ "contentPrincipal"
+ );
+ checkKind(
+ Cu.getObjectPrincipal(
+ Cu.Sandbox([
+ ssm.createContentPrincipal(makeURI("http://www.example.com"), {}),
+ ])
+ ),
+ "expandedPrincipal"
+ );
+ checkKind(ssm.getSystemPrincipal(), "systemPrincipal");
+
+ //
+ // Test Origin Attribute Manipulation
+ //
+
+ // check that we can create an empty origin attributes dict with default
+ // members and values.
+ var emptyAttrs = ChromeUtils.fillNonDefaultOriginAttributes({});
+ checkValues(emptyAttrs);
+
+ var uri = "http://example.org";
+ var tests = [
+ ["", {}],
+ ["^userContextId=3", { userContextId: 3 }],
+ ["^inBrowser=1", { inIsolatedMozBrowser: true }],
+ ["^firstPartyDomain=example.org", { firstPartyDomain: "example.org" }],
+ ];
+
+ // check that we can create an origin attributes from an origin properly
+ tests.forEach(t => {
+ let attrs = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
+ checkValues(attrs, t[1]);
+ Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
+ });
+
+ // check that we can create an origin attributes from a dict properly
+ tests.forEach(t => {
+ let attrs = ChromeUtils.fillNonDefaultOriginAttributes(t[1]);
+ checkValues(attrs, t[1]);
+ Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
+ });
+
+ // each row in the dflt_tests array has these values:
+ // [0] - the suffix used to create an origin attribute from
+ // [1] - the expected result of creating an origin attributes from [0]
+ // [2] - the expected result after setting userContextId to the default
+ // [3] - the expected result of creating a suffix from [2]
+ var dflt_tests = [
+ ["", {}, {}, ""],
+ ["^userContextId=3", { userContextId: 3 }, {}, ""],
+ ];
+
+ // check that we can set the userContextId to default properly
+ dflt_tests.forEach(t => {
+ let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
+ checkValues(orig, t[1]);
+ let mod = orig;
+ mod.userContextId = 0;
+ checkValues(mod, t[2]);
+ Assert.equal(ChromeUtils.originAttributesToSuffix(mod), t[3]);
+ });
+
+ // each row in the dflt2_tests array has these values:
+ // [0] - the suffix used to create an origin attribute from
+ // [1] - the expected result of creating an origin attributes from [0]
+ // [2] - the expected result after setting firstPartyUri to the default
+ // [3] - the expected result of creating a suffix from [2]
+ var dflt2_tests = [
+ ["", {}, {}, ""],
+ ["^firstPartyDomain=foo.com", { firstPartyDomain: "foo.com" }, {}, ""],
+ ];
+
+ // check that we can set the userContextId to default properly
+ dflt2_tests.forEach(t => {
+ let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
+ checkValues(orig, t[1]);
+ let mod = orig;
+ mod.firstPartyDomain = "";
+ checkValues(mod, t[2]);
+ Assert.equal(ChromeUtils.originAttributesToSuffix(mod), t[3]);
+ });
+
+ var fileURI = makeURI("file:///foo/bar").QueryInterface(Ci.nsIFileURL);
+ var fileTests = [
+ [true, fileURI.spec],
+ [false, "file://UNIVERSAL_FILE_URI_ORIGIN"],
+ ];
+ fileTests.forEach(t => {
+ Services.prefs.setBoolPref("security.fileuri.strict_origin_policy", t[0]);
+ var filePrin = ssm.createContentPrincipal(fileURI, {});
+ Assert.equal(filePrin.origin, t[1]);
+ });
+ Services.prefs.clearUserPref("security.fileuri.strict_origin_policy");
+
+ var aboutBlankURI = makeURI("about:blank");
+ var aboutBlankPrin = ssm.createContentPrincipal(aboutBlankURI, {});
+ Assert.ok(
+ /^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(aboutBlankPrin.origin)
+ );
+}
diff --git a/caps/tests/unit/test_site_origin.js b/caps/tests/unit/test_site_origin.js
new file mode 100644
index 0000000000..6ce2d0dfad
--- /dev/null
+++ b/caps/tests/unit/test_site_origin.js
@@ -0,0 +1,112 @@
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const scriptSecMan = Services.scriptSecurityManager;
+
+function makeURI(uri) {
+ return Services.io.newURI(uri);
+}
+
+// SystemPrincipal checks
+let systemPrincipal = scriptSecMan.getSystemPrincipal();
+Assert.ok(systemPrincipal.isSystemPrincipal);
+Assert.equal(systemPrincipal.origin, "[System Principal]");
+Assert.equal(systemPrincipal.originNoSuffix, "[System Principal]");
+Assert.equal(systemPrincipal.siteOrigin, "[System Principal]");
+Assert.equal(systemPrincipal.siteOriginNoSuffix, "[System Principal]");
+
+// ContentPrincipal checks
+let uri1 = Services.io.newURI("http://example.com");
+let prinicpal1 = scriptSecMan.createContentPrincipal(uri1, {
+ userContextId: 11,
+});
+Assert.ok(prinicpal1.isContentPrincipal);
+Assert.equal(prinicpal1.origin, "http://example.com^userContextId=11");
+Assert.equal(prinicpal1.originNoSuffix, "http://example.com");
+Assert.equal(prinicpal1.siteOrigin, "http://example.com^userContextId=11");
+Assert.equal(prinicpal1.siteOriginNoSuffix, "http://example.com");
+
+let uri2 = Services.io.newURI("http://test1.example.com");
+let prinicpal2 = scriptSecMan.createContentPrincipal(uri2, {
+ userContextId: 22,
+});
+Assert.ok(prinicpal2.isContentPrincipal);
+Assert.equal(prinicpal2.origin, "http://test1.example.com^userContextId=22");
+Assert.equal(prinicpal2.originNoSuffix, "http://test1.example.com");
+Assert.equal(prinicpal2.siteOrigin, "http://example.com^userContextId=22");
+Assert.equal(prinicpal2.siteOriginNoSuffix, "http://example.com");
+
+let uri3 = Services.io.newURI("https://test1.test2.example.com:5555");
+let prinicpal3 = scriptSecMan.createContentPrincipal(uri3, {
+ userContextId: 5555,
+});
+Assert.ok(prinicpal3.isContentPrincipal);
+Assert.equal(
+ prinicpal3.origin,
+ "https://test1.test2.example.com:5555^userContextId=5555"
+);
+Assert.equal(prinicpal3.originNoSuffix, "https://test1.test2.example.com:5555");
+Assert.equal(prinicpal3.siteOrigin, "https://example.com^userContextId=5555");
+Assert.equal(prinicpal3.siteOriginNoSuffix, "https://example.com");
+
+let aboutURI = Services.io.newURI("about:preferences");
+let aboutPrincipal = scriptSecMan.createContentPrincipal(aboutURI, {
+ userContextId: 66,
+});
+Assert.ok(aboutPrincipal.isContentPrincipal);
+Assert.equal(aboutPrincipal.origin, "about:preferences^userContextId=66");
+Assert.equal(aboutPrincipal.originNoSuffix, "about:preferences");
+Assert.equal(aboutPrincipal.siteOrigin, "about:preferences^userContextId=66");
+Assert.equal(aboutPrincipal.siteOriginNoSuffix, "about:preferences");
+
+// NullPrincipal checks
+let nullPrincipal = scriptSecMan.createNullPrincipal({ userContextId: 33 });
+Assert.ok(nullPrincipal.isNullPrincipal);
+Assert.ok(nullPrincipal.origin.includes("moz-nullprincipal"));
+Assert.ok(nullPrincipal.origin.includes("^userContextId=33"));
+Assert.ok(nullPrincipal.originNoSuffix.includes("moz-nullprincipal"));
+Assert.ok(!nullPrincipal.originNoSuffix.includes("^userContextId=33"));
+Assert.ok(nullPrincipal.siteOrigin.includes("moz-nullprincipal"));
+Assert.ok(nullPrincipal.siteOrigin.includes("^userContextId=33"));
+Assert.ok(nullPrincipal.siteOriginNoSuffix.includes("moz-nullprincipal"));
+Assert.ok(!nullPrincipal.siteOriginNoSuffix.includes("^userContextId=33"));
+
+// ExpandedPrincipal checks
+let expandedPrincipal = Cu.getObjectPrincipal(Cu.Sandbox([prinicpal2]));
+Assert.ok(expandedPrincipal.isExpandedPrincipal);
+Assert.equal(
+ expandedPrincipal.origin,
+ "[Expanded Principal [http://test1.example.com^userContextId=22]]^userContextId=22"
+);
+Assert.equal(
+ expandedPrincipal.originNoSuffix,
+ "[Expanded Principal [http://test1.example.com^userContextId=22]]"
+);
+Assert.equal(
+ expandedPrincipal.siteOrigin,
+ "[Expanded Principal [http://test1.example.com^userContextId=22]]^userContextId=22"
+);
+Assert.equal(
+ expandedPrincipal.siteOriginNoSuffix,
+ "[Expanded Principal [http://test1.example.com^userContextId=22]]"
+);
+
+let ipv6URI = Services.io.newURI("https://[2001:db8::ff00:42:8329]:123");
+let ipv6Principal = scriptSecMan.createContentPrincipal(ipv6URI, {
+ userContextId: 6,
+});
+Assert.ok(ipv6Principal.isContentPrincipal);
+Assert.equal(
+ ipv6Principal.origin,
+ "https://[2001:db8::ff00:42:8329]:123^userContextId=6"
+);
+Assert.equal(
+ ipv6Principal.originNoSuffix,
+ "https://[2001:db8::ff00:42:8329]:123"
+);
+Assert.equal(
+ ipv6Principal.siteOrigin,
+ "https://[2001:db8::ff00:42:8329]^userContextId=6"
+);
+Assert.equal(
+ ipv6Principal.siteOriginNoSuffix,
+ "https://[2001:db8::ff00:42:8329]"
+);
diff --git a/caps/tests/unit/test_uri_escaping.js b/caps/tests/unit/test_uri_escaping.js
new file mode 100644
index 0000000000..91263b058c
--- /dev/null
+++ b/caps/tests/unit/test_uri_escaping.js
@@ -0,0 +1,29 @@
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var ssm = Services.scriptSecurityManager;
+
+function makeURI(uri) {
+ return Services.io.newURI(uri);
+}
+
+function createPrincipal(aURI) {
+ try {
+ var uri = makeURI(aURI);
+ var principal = ssm.createContentPrincipal(uri, {});
+ return principal;
+ } catch (e) {
+ return null;
+ }
+}
+
+function run_test() {
+ Assert.equal(createPrincipal("http://test^test/foo^bar#x^y"), null);
+
+ Assert.equal(createPrincipal("http://test^test/foo\\bar"), null);
+
+ Assert.equal(createPrincipal("http://test:2^3/foo\\bar"), null);
+
+ Assert.equal(
+ createPrincipal("http://test/foo^bar").exposableSpec,
+ "http://test/foo%5Ebar"
+ );
+}
diff --git a/caps/tests/unit/xpcshell.ini b/caps/tests/unit/xpcshell.ini
new file mode 100644
index 0000000000..a18acf9673
--- /dev/null
+++ b/caps/tests/unit/xpcshell.ini
@@ -0,0 +1,7 @@
+[DEFAULT]
+head =
+
+[test_origin.js]
+[test_uri_escaping.js]
+[test_ipv6_host_literal.js]
+[test_site_origin.js]
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 21:17:36 +0000