diff options
Diffstat (limited to 'dom/security/test/general')
| -rw-r--r-- | dom/security/test/general/browser.toml | 10 | ||||
| -rw-r--r-- | dom/security/test/general/browser_test_http_download.js | 275 | ||||
| -rw-r--r-- | dom/security/test/general/file_block_script_wrong_mime_sw.js | 51 | ||||
| -rw-r--r-- | dom/security/test/general/http_download_page.html | 23 | ||||
| -rw-r--r-- | dom/security/test/general/http_download_server.sjs | 20 | ||||
| -rw-r--r-- | dom/security/test/general/mochitest.toml | 1 | ||||
| -rw-r--r-- | dom/security/test/general/test_block_script_wrong_mime.html | 105 |
7 files changed, 146 insertions, 339 deletions
diff --git a/dom/security/test/general/browser.toml b/dom/security/test/general/browser.toml index c6d6b4bf79..0f4ec5b224 100644 --- a/dom/security/test/general/browser.toml +++ b/dom/security/test/general/browser.toml @@ -48,16 +48,6 @@ support-files = [ "file_gpc_server.sjs", ] -["browser_test_http_download.js"] -skip-if = [ - "win11_2009", # Bug 1784764 - "os == 'linux' && !debug", -] -support-files = [ - "http_download_page.html", - "http_download_server.sjs" -] - ["browser_test_referrer_loadInOtherProcess.js"] ["browser_test_report_blocking.js"] diff --git a/dom/security/test/general/browser_test_http_download.js b/dom/security/test/general/browser_test_http_download.js deleted file mode 100644 index 35e3fdfc4b..0000000000 --- a/dom/security/test/general/browser_test_http_download.js +++ /dev/null @@ -1,275 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * https://creativecommons.org/publicdomain/zero/1.0/ */ - -ChromeUtils.defineESModuleGetters(this, { - Downloads: "resource://gre/modules/Downloads.sys.mjs", - DownloadsCommon: "resource:///modules/DownloadsCommon.sys.mjs", -}); - -const HandlerService = Cc[ - "@mozilla.org/uriloader/handler-service;1" -].getService(Ci.nsIHandlerService); - -const MIMEService = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService); - -// Using insecure HTTP URL for a test cases around HTTP downloads -let INSECURE_BASE_URL = - getRootDirectory(gTestPath).replace( - "chrome://mochitests/content/", - // eslint-disable-next-line @microsoft/sdl/no-insecure-url - "http://example.com/" - ) + "http_download_page.html"; - -function promiseFocus() { - return new Promise(resolve => { - waitForFocus(resolve); - }); -} - -async function task_openPanel() { - await promiseFocus(); - - let promise = BrowserTestUtils.waitForPopupEvent( - DownloadsPanel.panel, - "shown" - ); - DownloadsPanel.showPanel(); - await promise; -} - -const downloadMonitoringView = { - _listeners: [], - onDownloadAdded(download) { - for (let listener of this._listeners) { - listener(download); - } - this._listeners = []; - }, - waitForDownload(listener) { - this._listeners.push(listener); - }, -}; - -/** - * Waits until a download is triggered. - * Unless the always_ask_before_handling_new_types pref is true, the download - * will simply be saved, so resolve when the view is notified of the new - * download. Otherwise, it waits until a prompt is shown, selects the choosen - * <action>, then accepts the dialog - * @param [action] Which action to select, either: - * "handleInternally", "save" or "open". - * @returns {Promise} Resolved once done. - */ - -function shouldTriggerDownload(action = "save") { - if ( - Services.prefs.getBoolPref( - "browser.download.always_ask_before_handling_new_types" - ) - ) { - return new Promise((resolve, reject) => { - Services.wm.addListener({ - onOpenWindow(xulWin) { - Services.wm.removeListener(this); - let win = xulWin.docShell.domWindow; - waitForFocus(() => { - if ( - win.location == - "chrome://mozapps/content/downloads/unknownContentType.xhtml" - ) { - let dialog = win.document.getElementById("unknownContentType"); - let button = dialog.getButton("accept"); - let actionRadio = win.document.getElementById(action); - actionRadio.click(); - button.disabled = false; - dialog.acceptDialog(); - resolve(); - } else { - reject(); - } - }, win); - }, - }); - }); - } - return new Promise(res => { - downloadMonitoringView.waitForDownload(res); - }); -} - -const CONSOLE_ERROR_MESSAGE = "We blocked a download thatβs not secure"; - -function shouldConsoleError() { - // Waits until CONSOLE_ERROR_MESSAGE was logged - return new Promise((resolve, reject) => { - function listener(msgObj) { - let text = msgObj.message; - if (text.includes(CONSOLE_ERROR_MESSAGE)) { - Services.console.unregisterListener(listener); - resolve(); - } - } - Services.console.registerListener(listener); - }); -} - -async function resetDownloads() { - // Removes all downloads from the download List - const types = new Set(); - let publicList = await Downloads.getList(Downloads.PUBLIC); - let downloads = await publicList.getAll(); - for (let download of downloads) { - if (download.contentType) { - types.add(download.contentType); - } - publicList.remove(download); - await download.finalize(true); - } - - if (types.size) { - // reset handlers for the contentTypes of any files previously downloaded - for (let type of types) { - const mimeInfo = MIMEService.getFromTypeAndExtension(type, ""); - info("resetting handler for type: " + type); - HandlerService.remove(mimeInfo); - } - } -} - -function shouldNotifyDownloadUI() { - return new Promise(res => { - downloadMonitoringView.waitForDownload(async aDownload => { - let { error } = aDownload; - if ( - error.becauseBlockedByReputationCheck && - error.reputationCheckVerdict == Downloads.Error.BLOCK_VERDICT_INSECURE - ) { - // It's an insecure Download, now Check that it has been cleaned up properly - if ((await IOUtils.stat(aDownload.target.path)).size != 0) { - throw new Error(`Download target is not empty!`); - } - if ((await IOUtils.stat(aDownload.target.path)).size != 0) { - throw new Error(`Download partFile was not cleaned up properly`); - } - // Assert that the Referrer is presnt - if (!aDownload.source.referrerInfo) { - throw new Error("The Blocked download is missing the ReferrerInfo"); - } - - res(aDownload); - } else { - ok(false, "No error for download that was expected to error!"); - } - }); - }); -} - -async function runTest(url, link, checkFunction, description) { - await SpecialPowers.pushPrefEnv({ - set: [["dom.block_download_insecure", true]], - }); - await resetDownloads(); - - let tab = BrowserTestUtils.addTab(gBrowser, url); - gBrowser.selectedTab = tab; - - let browser = gBrowser.getBrowserForTab(tab); - await BrowserTestUtils.browserLoaded(browser); - - info("Checking: " + description); - - let checkPromise = checkFunction(); - // Click the Link to trigger the download - SpecialPowers.spawn(gBrowser.selectedBrowser, [link], contentLink => { - content.document.getElementById(contentLink).click(); - }); - - await checkPromise; - - ok(true, description); - BrowserTestUtils.removeTab(tab); - - await SpecialPowers.popPrefEnv(); -} - -add_setup(async () => { - let list = await Downloads.getList(Downloads.ALL); - list.addView(downloadMonitoringView); - registerCleanupFunction(() => list.removeView(downloadMonitoringView)); -}); - -// Test Blocking -add_task(async function test_blocking() { - for (let prefVal of [true, false]) { - await SpecialPowers.pushPrefEnv({ - set: [["browser.download.always_ask_before_handling_new_types", prefVal]], - }); - await runTest( - INSECURE_BASE_URL, - "http-link", - () => - Promise.all([ - shouldTriggerDownload(), - shouldNotifyDownloadUI(), - shouldConsoleError(), - ]), - "Insecure (HTTP) toplevel -> Insecure (HTTP) download should Error" - ); - await SpecialPowers.popPrefEnv(); - } -}); - -// Test Manual Unblocking -add_task(async function test_manual_unblocking() { - for (let prefVal of [true, false]) { - await SpecialPowers.pushPrefEnv({ - set: [["browser.download.always_ask_before_handling_new_types", prefVal]], - }); - await runTest( - INSECURE_BASE_URL, - "http-link", - async () => { - let [, download] = await Promise.all([ - shouldTriggerDownload(), - shouldNotifyDownloadUI(), - ]); - await download.unblock(); - Assert.equal( - download.error, - null, - "There should be no error after unblocking" - ); - }, - "A blocked download should succeed to download after a manual unblock" - ); - await SpecialPowers.popPrefEnv(); - } -}); - -// Test Unblock Download Visible -add_task(async function test_unblock_download_visible() { - for (let prefVal of [true, false]) { - await SpecialPowers.pushPrefEnv({ - set: [["browser.download.always_ask_before_handling_new_types", prefVal]], - }); - await promiseFocus(); - await runTest( - INSECURE_BASE_URL, - "http-link", - async () => { - let panelHasOpened = BrowserTestUtils.waitForPopupEvent( - DownloadsPanel.panel, - "shown" - ); - info("awaiting that the download is triggered and added to the list"); - await Promise.all([shouldTriggerDownload(), shouldNotifyDownloadUI()]); - info("awaiting that the Download list shows itself"); - await panelHasOpened; - DownloadsPanel.hidePanel(); - ok(true, "The Download Panel should have opened on blocked download"); - }, - "A blocked download should open the download panel" - ); - await SpecialPowers.popPrefEnv(); - } -}); diff --git a/dom/security/test/general/file_block_script_wrong_mime_sw.js b/dom/security/test/general/file_block_script_wrong_mime_sw.js new file mode 100644 index 0000000000..4d8d667af4 --- /dev/null +++ b/dom/security/test/general/file_block_script_wrong_mime_sw.js @@ -0,0 +1,51 @@ +/** + * Service Worker that runs in 2 modes: 1) direct pass-through via + * fetch(event.request) and 2) indirect pass-through via + * fetch(event.request.url). + * + * Because this is updating a pre-existing mochitest that didn't use a SW and + * used a single test document, we use a SW idiom where the SW claims the + * existing window client. And because we operate in two modes and we + * parameterize via URL, we also ensure that we skipWaiting. + **/ + +/* eslint-env serviceworker */ + +// We are parameterized by "mode". +const params = new URLSearchParams(location.search); +const fetchMode = params.get("fetchMode"); + +// When activating on initial install, claim the existing window client. +// For synchronziation, also message the controlled document to report our mode. +self.addEventListener("activate", event => { + event.waitUntil( + (async () => { + await clients.claim(); + const allClients = await clients.matchAll(); + for (const client of allClients) { + client.postMessage({ + fetchMode, + }); + } + })() + ); +}); + +// When updating the SW to change our mode of operation, skipWaiting so we +// advance directly to activating without waiting for the test window client +// to stop being controlled by our previous configuration. +self.addEventListener("install", () => { + self.skipWaiting(); +}); + +self.addEventListener("fetch", event => { + switch (fetchMode) { + case "direct": + event.respondWith(fetch(event.request)); + break; + + case "indirect": + event.respondWith(fetch(event.request.url)); + break; + } +}); diff --git a/dom/security/test/general/http_download_page.html b/dom/security/test/general/http_download_page.html deleted file mode 100644 index c5461eaed3..0000000000 --- a/dom/security/test/general/http_download_page.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE HTML> -<html> - <head> - <title>Test for the download attribute</title> - </head> - <body> - hi - - <script> - const host = window.location.host; - const path = location.pathname.replace("http_download_page.html","http_download_server.sjs"); - - const insecureLink = document.createElement("a"); - // eslint-disable-next-line @microsoft/sdl/no-insecure-url - insecureLink.href=`http://${host}/${path}`; - insecureLink.download="true"; - insecureLink.id="http-link"; - insecureLink.textContent="Not secure Link"; - - document.body.append(insecureLink); - </script> - </body> -</html> diff --git a/dom/security/test/general/http_download_server.sjs b/dom/security/test/general/http_download_server.sjs deleted file mode 100644 index e659df2f40..0000000000 --- a/dom/security/test/general/http_download_server.sjs +++ /dev/null @@ -1,20 +0,0 @@ -// force the Browser to Show a Download Prompt - -function handleRequest(request, response) { - let type = "image/png"; - let filename = "hello.png"; - request.queryString.split("&").forEach(val => { - var [key, value] = val.split("="); - if (key == "type") { - type = value; - } - if (key == "name") { - filename = value; - } - }); - - response.setHeader("Cache-Control", "no-cache", false); - response.setHeader("Content-Disposition", `attachment; filename=${filename}`); - response.setHeader("Content-Type", type); - response.write("πππ΅π"); -} diff --git a/dom/security/test/general/mochitest.toml b/dom/security/test/general/mochitest.toml index c46b5ecf57..22024fcc67 100644 --- a/dom/security/test/general/mochitest.toml +++ b/dom/security/test/general/mochitest.toml @@ -8,6 +8,7 @@ support-files = [ "file_block_toplevel_data_navigation2.html", "file_block_toplevel_data_navigation3.html", "file_block_toplevel_data_redirect.sjs", + "file_block_script_wrong_mime_sw.js", "file_block_subresource_redir_to_data.sjs", "file_same_site_cookies_subrequest.sjs", "file_same_site_cookies_toplevel_nav.sjs", diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html index 7122363dfc..896823a417 100644 --- a/dom/security/test/general/test_block_script_wrong_mime.html +++ b/dom/security/test/general/test_block_script_wrong_mime.html @@ -29,7 +29,7 @@ function testScript([mime, shouldLoad]) { let script = document.createElement("script"); script.onload = () => { document.body.removeChild(script); - ok(shouldLoad, `script with mime '${mime}' should load`); + ok(shouldLoad, `script with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`); resolve(); }; script.onerror = () => { @@ -47,7 +47,7 @@ function testWorker([mime, shouldLoad]) { return new Promise((resolve) => { let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime); worker.onmessage = (event) => { - ok(shouldLoad, `worker with mime '${mime}' should load`) + ok(shouldLoad, `worker with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`); is(event.data, "worker-loaded", "worker should send correct message"); resolve(); }; @@ -65,7 +65,7 @@ function testWorkerImportScripts([mime, shouldLoad]) { return new Promise((resolve) => { let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime); worker.onmessage = (event) => { - ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`) + ok(shouldLoad, `worker/importScripts with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`); is(event.data, "worker-loaded", "worker should send correct message"); resolve(); }; @@ -73,20 +73,103 @@ function testWorkerImportScripts([mime, shouldLoad]) { ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`); error.preventDefault(); resolve(); + // The worker doesn't self-terminate via close, so let's do it. + worker.terminate(); } worker.postMessage("dummy"); }); } -SimpleTest.waitForExplicitFinish(); -Promise.all(MIMETypes.map(testScript)).then(() => { - return Promise.all(MIMETypes.map(testWorker)); -}).then(() => { - return Promise.all(MIMETypes.map(testWorkerImportScripts)); -}).then(() => { - return SpecialPowers.popPrefEnv(); -}).then(SimpleTest.finish); +async function runMimeTypePermutations() { + info("### Running document script MIME checks."); + for (const mimeType of MIMETypes) { + await testScript(mimeType); + } + info("### Running worker top-level script MIME checks."); + for (const mimeType of MIMETypes) { + await testWorker(mimeType); + } + + info("### Running worker importScripts MIME checks."); + for (const mimeType of MIMETypes) { + await testWorkerImportScripts(mimeType); + } +} + +let gRegistration; + +/** + * Register and wait for the helper ServiceWorker to be active in the given + * mode. + */ +async function useServiceWorker({ fetchMode }) { + info(`### Registering ServiceWorker with mode '${fetchMode}'`); + const activePromise = new Promise((resolve, reject) => { + navigator.serviceWorker.addEventListener( + "message", + event => { + if (event.data.fetchMode === fetchMode) { + resolve(); + } else { + reject(`wrong fetchMode: ${fetchMode}`); + } + is(fetchMode, event.data.fetchMode, "right fetch mode"); + }, + { once: true }); + }); + + const reg = gRegistration = await navigator.serviceWorker.register( + `file_block_script_wrong_mime_sw.js?fetchMode=${fetchMode}`); + info("register resolved. " + + `installing: ${!!reg.installing} ` + + `waiting: ${!!reg.waiting} ` + + `active: ${!!reg.active}`); + + await activePromise; +} + +/** + * Unregister the ServiceWorker, with the caveat that the ServiceWorker will + * still be controlling us until this window goes away. + */ +async function cleanupServiceWorkerWithCaveat() { + await gRegistration.unregister(); +} + +/** + * Top-level test that runs the MIME type checks in different ServiceWorker/ + * network configurations. + * + * We use the ServiceWorker mechanism that allows ServiceWorkers to claim + * existing scope-matching clients in order to make this window controlled and + * then run the tests. When changing the SW behavior the SW also needs to + * skipWaiting in order to advance to active. + */ +async function runNetworkPermutations() { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.serviceWorkers.enabled", true], + ["dom.serviceWorkers.exemptFromPerDomainMax", true], + ["dom.serviceWorkers.testing.enabled", true], + ], + }); + + info("## Run tests without a ServiceWorker involved."); + await runMimeTypePermutations(); + + info("## Run tests with a pass-through fetch(event.request) handler."); + await useServiceWorker({ fetchMode: "direct" }); + await runMimeTypePermutations(); + + info("## Run tests with a naive URL propagating fetch(event.request.url) handler."); + await useServiceWorker({ fetchMode: "indirect" }); + await runMimeTypePermutations(); + + await cleanupServiceWorkerWithCaveat(); +} + +add_task(runNetworkPermutations); </script> </body> </html> |