From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../components/cleardata/ClearDataService.sys.mjs | 2076 ++++++++++++++++++++ .../cleardata/PrincipalsCollector.sys.mjs | 178 ++ .../cleardata/ServiceWorkerCleanUp.sys.mjs | 87 + .../components/cleardata/SiteDataTestUtils.sys.mjs | 411 ++++ toolkit/components/cleardata/components.conf | 16 + toolkit/components/cleardata/moz.build | 38 + .../components/cleardata/nsIClearDataService.idl | 358 ++++ .../cleardata/tests/browser/browser.toml | 29 + .../cleardata/tests/browser/browser_auth_tokens.js | 108 + .../cleardata/tests/browser/browser_css_cache.js | 129 ++ .../cleardata/tests/browser/browser_image_cache.js | 219 +++ .../tests/browser/browser_preflight_cache.js | 166 ++ .../cleardata/tests/browser/browser_quota.js | 318 +++ .../tests/browser/browser_serviceworkers.js | 287 +++ .../tests/browser/browser_sessionStorage.js | 235 +++ .../tests/browser/file_cors_preflight.sjs | 38 + .../cleardata/tests/browser/file_css_cache.css | 3 + .../cleardata/tests/browser/file_css_cache.html | 6 + .../cleardata/tests/browser/file_image_cache.html | 7 + .../cleardata/tests/browser/file_image_cache.jpg | Bin 0 -> 361 bytes .../components/cleardata/tests/browser/worker.js | 1 + .../cleardata/tests/marionette/manifest.toml | 5 + .../test_moved_origin_directory_cleanup.py | 142 ++ .../marionette/test_service_worker_at_shutdown.py | 62 + toolkit/components/cleardata/tests/unit/head.js | 27 + .../components/cleardata/tests/unit/test_basic.js | 19 + .../tests/unit/test_bounce_tracking_protection.js | 625 ++++++ .../components/cleardata/tests/unit/test_certs.js | 233 +++ .../tests/unit/test_cookie_banner_handling.js | 328 ++++ .../cleardata/tests/unit/test_cookies.js | 393 ++++ .../cleardata/tests/unit/test_downloads.js | 310 +++ .../unit/test_fingerprinting_protection_state.js | 161 ++ .../tests/unit/test_identity_credential_storage.js | 121 ++ .../cleardata/tests/unit/test_network_cache.js | 316 +++ .../cleardata/tests/unit/test_passwords.js | 89 + .../cleardata/tests/unit/test_permissions.js | 471 +++++ .../components/cleardata/tests/unit/test_quota.js | 537 +++++ .../cleardata/tests/unit/test_security_settings.js | 279 +++ .../tests/unit/test_storage_permission.js | 398 ++++ .../components/cleardata/tests/unit/xpcshell.toml | 40 + 40 files changed, 9266 insertions(+) create mode 100644 toolkit/components/cleardata/ClearDataService.sys.mjs create mode 100644 toolkit/components/cleardata/PrincipalsCollector.sys.mjs create mode 100644 toolkit/components/cleardata/ServiceWorkerCleanUp.sys.mjs create mode 100644 toolkit/components/cleardata/SiteDataTestUtils.sys.mjs create mode 100644 toolkit/components/cleardata/components.conf create mode 100644 toolkit/components/cleardata/moz.build create mode 100644 toolkit/components/cleardata/nsIClearDataService.idl create mode 100644 toolkit/components/cleardata/tests/browser/browser.toml create mode 100644 toolkit/components/cleardata/tests/browser/browser_auth_tokens.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_css_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_image_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_preflight_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_quota.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_serviceworkers.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_sessionStorage.js create mode 100644 toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs create mode 100644 toolkit/components/cleardata/tests/browser/file_css_cache.css create mode 100644 toolkit/components/cleardata/tests/browser/file_css_cache.html create mode 100644 toolkit/components/cleardata/tests/browser/file_image_cache.html create mode 100644 toolkit/components/cleardata/tests/browser/file_image_cache.jpg create mode 100644 toolkit/components/cleardata/tests/browser/worker.js create mode 100644 toolkit/components/cleardata/tests/marionette/manifest.toml create mode 100644 toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py create mode 100644 toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py create mode 100644 toolkit/components/cleardata/tests/unit/head.js create mode 100644 toolkit/components/cleardata/tests/unit/test_basic.js create mode 100644 toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js create mode 100644 toolkit/components/cleardata/tests/unit/test_certs.js create mode 100644 toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js create mode 100644 toolkit/components/cleardata/tests/unit/test_cookies.js create mode 100644 toolkit/components/cleardata/tests/unit/test_downloads.js create mode 100644 toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js create mode 100644 toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js create mode 100644 toolkit/components/cleardata/tests/unit/test_network_cache.js create mode 100644 toolkit/components/cleardata/tests/unit/test_passwords.js create mode 100644 toolkit/components/cleardata/tests/unit/test_permissions.js create mode 100644 toolkit/components/cleardata/tests/unit/test_quota.js create mode 100644 toolkit/components/cleardata/tests/unit/test_security_settings.js create mode 100644 toolkit/components/cleardata/tests/unit/test_storage_permission.js create mode 100644 toolkit/components/cleardata/tests/unit/xpcshell.toml (limited to 'toolkit/components/cleardata') diff --git a/toolkit/components/cleardata/ClearDataService.sys.mjs b/toolkit/components/cleardata/ClearDataService.sys.mjs new file mode 100644 index 0000000000..ba34558f7e --- /dev/null +++ b/toolkit/components/cleardata/ClearDataService.sys.mjs @@ -0,0 +1,2076 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + Downloads: "resource://gre/modules/Downloads.sys.mjs", + PlacesUtils: "resource://gre/modules/PlacesUtils.sys.mjs", + ServiceWorkerCleanUp: "resource://gre/modules/ServiceWorkerCleanUp.sys.mjs", +}); + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "sas", + "@mozilla.org/storage/activity-service;1", + "nsIStorageActivityService" +); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "TrackingDBService", + "@mozilla.org/tracking-db-service;1", + "nsITrackingDBService" +); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "IdentityCredentialStorageService", + "@mozilla.org/browser/identity-credential-storage-service;1", + "nsIIdentityCredentialStorageService" +); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "bounceTrackingProtection", + "@mozilla.org/bounce-tracking-protection;1", + "nsIBounceTrackingProtection" +); + +XPCOMUtils.defineLazyPreferenceGetter( + lazy, + "isBounceTrackingProtectionEnabled", + "privacy.bounceTrackingProtection.enabled", + false +); + +/** + * Test if host, OriginAttributes or principal belong to a baseDomain. Also + * considers partitioned storage by inspecting OriginAttributes partitionKey. + * @param options + * @param {string} [options.host] - Optional host to compare to base domain. + * @param {object} [options.originAttributes] - Optional origin attributes to + * inspect for aBaseDomain. If omitted, partitionKey will not be matched. + * @param {nsIPrincipal} [options.principal] - Optional principal to compare to + * base domain. + * @param {string} aBaseDomain - Domain to check for. Must be a valid, non-empty + * baseDomain string. + * @returns {boolean} Whether the host, originAttributes or principal matches + * the base domain. + */ +function hasBaseDomain( + { host = null, originAttributes = null, principal = null }, + aBaseDomain +) { + if (!aBaseDomain) { + throw new Error("Missing baseDomain."); + } + if (!host && !originAttributes && !principal) { + throw new Error( + "Missing host, originAttributes or principal to match with baseDomain." + ); + } + if (principal && (host || originAttributes)) { + throw new Error( + "Can only pass either principal or host and originAttributes." + ); + } + + if (host && Services.eTLD.hasRootDomain(host, aBaseDomain)) { + return true; + } + + if (principal?.baseDomain == aBaseDomain) { + return true; + } + + originAttributes = originAttributes || principal?.originAttributes; + if (!originAttributes) { + return false; + } + + return ChromeUtils.originAttributesMatchPattern(originAttributes, { + partitionKeyPattern: { baseDomain: aBaseDomain }, + }); +} + +/** + * Compute the base domain from a given host. This is a wrapper around + * Services.eTLD.getBaseDomainFromHost which also supports IP addresses and + * hosts such as "localhost" which are considered valid base domains for + * principals and data storage. + * @param {string} aDomainOrHost - Domain or host to be converted. May already + * be a valid base domain. + * @returns {string} Base domain of the given host. Returns aDomainOrHost if + * already a base domain. + */ +function getBaseDomainWithFallback(aDomainOrHost) { + let result = aDomainOrHost; + try { + result = Services.eTLD.getBaseDomainFromHost(aDomainOrHost); + } catch (e) { + if ( + e.result == Cr.NS_ERROR_HOST_IS_IP_ADDRESS || + e.result == Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS + ) { + // For these 2 expected errors, just take the host as the result. + // - NS_ERROR_HOST_IS_IP_ADDRESS: the host is in ipv4/ipv6. + // - NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS: not enough domain parts to extract. + result = aDomainOrHost; + } else { + throw e; + } + } + return result; +} + +// Here is a list of methods cleaners may implement. These methods must return a +// Promise object. +// * deleteAll() - this method _must_ exist. When called, it deletes all the +// data owned by the cleaner. +// * deleteByPrincipal() - this method _must_ exist. +// * deleteByBaseDomain() - this method _must_ exist. +// * deleteByHost() - this method is implemented only if the cleaner knows +// how to delete data by host + originAttributes pattern. If +// not implemented, deleteAll() will be used as fallback. +// * deleteByRange() - this method is implemented only if the cleaner knows how +// to delete data by time range. It receives 2 time range +// parameters: aFrom/aTo. If not implemented, deleteAll() is +// used as fallback. +// * deleteByLocalFiles() - this method removes data held for local files and +// other hostless origins. If not implemented, +// **no fallback is used**, as for a number of +// cleaners, no such data will ever exist and +// therefore clearing it does not make sense. +// * deleteByOriginAttributes() - this method is implemented only if the cleaner +// knows how to delete data by originAttributes +// pattern. +// * cleanupAfterDeletionAtShutdown() - this method is implemented only if the +// cleaner needs a separate step after +// deletion. No-op if not implemented. +// Currently called via +// Sanitizer.maybeSanitizeSessionPrincipals(). + +const CookieCleaner = { + deleteByLocalFiles(aOriginAttributes) { + return new Promise(aResolve => { + Services.cookies.removeCookiesFromExactHost( + "", + JSON.stringify(aOriginAttributes) + ); + aResolve(); + }); + }, + + deleteByHost(aHost, aOriginAttributes) { + return new Promise(aResolve => { + Services.cookies.removeCookiesFromExactHost( + aHost, + JSON.stringify(aOriginAttributes) + ); + aResolve(); + }); + }, + + deleteByPrincipal(aPrincipal) { + // Fall back to clearing by host and OA pattern. This will over-clear, since + // any properties that are not explicitly set in aPrincipal.originAttributes + // will be wildcard matched. + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + async deleteByBaseDomain(aDomain) { + Services.cookies.cookies + .filter(({ rawHost, originAttributes }) => + hasBaseDomain({ host: rawHost, originAttributes }, aDomain) + ) + .forEach(cookie => { + Services.cookies.removeCookiesFromExactHost( + cookie.rawHost, + JSON.stringify(cookie.originAttributes) + ); + }); + }, + + deleteByRange(aFrom, aTo) { + return Services.cookies.removeAllSince(aFrom); + }, + + deleteByOriginAttributes(aOriginAttributesString) { + return new Promise(aResolve => { + try { + Services.cookies.removeCookiesWithOriginAttributes( + aOriginAttributesString + ); + } catch (ex) {} + aResolve(); + }); + }, + + deleteAll() { + return new Promise(aResolve => { + Services.cookies.removeAll(); + aResolve(); + }); + }, +}; + +// A cleaner for clearing cookie banner handling exceptions. +const CookieBannerExceptionCleaner = { + async deleteAll() { + try { + Services.cookieBanners.removeAllDomainPrefs(false); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByPrincipal(aPrincipal) { + try { + Services.cookieBanners.removeDomainPref(aPrincipal.URI, false); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByBaseDomain(aDomain) { + try { + Services.cookieBanners.removeDomainPref( + Services.io.newURI("https://" + aDomain), + false + ); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByHost(aHost, aOriginAttributes) { + try { + let isPrivate = + !!aOriginAttributes.privateBrowsingId && + aOriginAttributes.privateBrowsingId !== + Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID; + + Services.cookieBanners.removeDomainPref( + Services.io.newURI("https://" + aHost), + isPrivate + ); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, +}; + +// A cleaner for cleaning cookie banner handling executed records. +const CookieBannerExecutedRecordCleaner = { + async deleteAll() { + try { + Services.cookieBanners.removeAllExecutedRecords(false); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByPrincipal(aPrincipal) { + try { + Services.cookieBanners.removeExecutedRecordForSite( + aPrincipal.baseDomain, + false + ); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByBaseDomain(aDomain) { + try { + Services.cookieBanners.removeExecutedRecordForSite(aDomain, false); + } catch (e) { + // Don't throw an error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, + + async deleteByHost(aHost, aOriginAttributes) { + try { + let isPrivate = + !!aOriginAttributes.privateBrowsingId && + aOriginAttributes.privateBrowsingId !== + Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID; + + Services.cookieBanners.removeExecutedRecordForSite(aHost, isPrivate); + } catch (e) { + // Don't throw error if the cookie banner handling is disabled. + if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + }, +}; + +// A cleaner for cleaning fingerprinting protection states. +const FingerprintingProtectionStateCleaner = { + async deleteAll() { + Services.rfp.cleanAllRandomKeys(); + }, + + async deleteByPrincipal(aPrincipal) { + Services.rfp.cleanRandomKeyByPrincipal(aPrincipal); + }, + + async deleteByBaseDomain(aDomain) { + Services.rfp.cleanRandomKeyByDomain(aDomain); + }, + + async deleteByHost(aHost, aOriginAttributesPattern) { + Services.rfp.cleanRandomKeyByHost( + aHost, + JSON.stringify(aOriginAttributesPattern) + ); + }, + + async deleteByOriginAttributes(aOriginAttributesString) { + Services.rfp.cleanRandomKeyByOriginAttributesPattern( + aOriginAttributesString + ); + }, +}; + +const CertCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService( + Ci.nsICertOverrideService + ); + + overrideService.clearValidityOverride(aHost, -1, aOriginAttributes); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + async deleteByBaseDomain(aBaseDomain) { + let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService( + Ci.nsICertOverrideService + ); + overrideService + .getOverrides() + .filter(({ asciiHost }) => + hasBaseDomain({ host: asciiHost }, aBaseDomain) + ) + .forEach(({ asciiHost, port }) => + overrideService.clearValidityOverride(asciiHost, port, {}) + ); + }, + + async deleteAll() { + let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService( + Ci.nsICertOverrideService + ); + + overrideService.clearAllOverrides(); + }, +}; + +const NetworkCacheCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + // Delete data from both HTTP and HTTPS sites. + let httpURI = Services.io.newURI("http://" + aHost); + let httpsURI = Services.io.newURI("https://" + aHost); + let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpURI, + aOriginAttributes + ); + let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpsURI, + aOriginAttributes + ); + + Services.cache2.clearOrigin(httpPrincipal); + Services.cache2.clearOrigin(httpsPrincipal); + }, + + async deleteByBaseDomain(aBaseDomain) { + Services.cache2.clearBaseDomain(aBaseDomain); + }, + + deleteByPrincipal(aPrincipal) { + return new Promise(aResolve => { + Services.cache2.clearOrigin(aPrincipal); + aResolve(); + }); + }, + + deleteByOriginAttributes(aOriginAttributesString) { + return new Promise(aResolve => { + Services.cache2.clearOriginAttributes(aOriginAttributesString); + aResolve(); + }); + }, + + deleteAll() { + return new Promise(aResolve => { + Services.cache2.clear(); + aResolve(); + }); + }, +}; + +const CSSCacheCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + // Delete data from both HTTP and HTTPS sites. + let httpURI = Services.io.newURI("http://" + aHost); + let httpsURI = Services.io.newURI("https://" + aHost); + let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpURI, + aOriginAttributes + ); + let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpsURI, + aOriginAttributes + ); + + ChromeUtils.clearStyleSheetCacheByPrincipal(httpPrincipal); + ChromeUtils.clearStyleSheetCacheByPrincipal(httpsPrincipal); + }, + + async deleteByPrincipal(aPrincipal) { + ChromeUtils.clearStyleSheetCacheByPrincipal(aPrincipal); + }, + + async deleteByBaseDomain(aBaseDomain) { + ChromeUtils.clearStyleSheetCacheByBaseDomain(aBaseDomain); + }, + + async deleteAll() { + ChromeUtils.clearStyleSheetCache(); + }, +}; + +const ImageCacheCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + + // Delete data from both HTTP and HTTPS sites. + let httpURI = Services.io.newURI("http://" + aHost); + let httpsURI = Services.io.newURI("https://" + aHost); + let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpURI, + aOriginAttributes + ); + let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpsURI, + aOriginAttributes + ); + + imageCache.removeEntriesFromPrincipalInAllProcesses(httpPrincipal); + imageCache.removeEntriesFromPrincipalInAllProcesses(httpsPrincipal); + }, + + async deleteByPrincipal(aPrincipal) { + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + imageCache.removeEntriesFromPrincipalInAllProcesses(aPrincipal); + }, + + async deleteByBaseDomain(aBaseDomain) { + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + imageCache.removeEntriesFromBaseDomainInAllProcesses(aBaseDomain); + }, + + deleteAll() { + return new Promise(aResolve => { + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + imageCache.clearCache(false); // true=chrome, false=content + aResolve(); + }); + }, +}; + +const DownloadsCleaner = { + async _deleteInternal({ hostOrBaseDomain, principal, originAttributes }) { + originAttributes = originAttributes || principal?.originAttributes || {}; + + let list = await lazy.Downloads.getList(lazy.Downloads.ALL); + list.removeFinished(({ source }) => { + if ( + "userContextId" in originAttributes && + "userContextId" in source && + originAttributes.userContextId != source.userContextId + ) { + return false; + } + if ( + "privateBrowsingId" in originAttributes && + !!originAttributes.privateBrowsingId != source.isPrivate + ) { + return false; + } + + let entryURI = Services.io.newURI(source.url); + if (hostOrBaseDomain) { + return Services.eTLD.hasRootDomain(entryURI.host, hostOrBaseDomain); + } + if (principal) { + return principal.equalsURI(entryURI); + } + return false; + }); + }, + + async deleteByHost(aHost, aOriginAttributes) { + // Clearing by host also clears associated subdomains. + return this._deleteInternal({ + hostOrBaseDomain: aHost, + originAttributes: aOriginAttributes, + }); + }, + + deleteByPrincipal(aPrincipal) { + return this._deleteInternal({ principal: aPrincipal }); + }, + + async deleteByBaseDomain(aBaseDomain) { + return this._deleteInternal({ hostOrBaseDomain: aBaseDomain }); + }, + + deleteByRange(aFrom, aTo) { + // Convert microseconds back to milliseconds for date comparisons. + let rangeBeginMs = aFrom / 1000; + let rangeEndMs = aTo / 1000; + + return lazy.Downloads.getList(lazy.Downloads.ALL).then(aList => { + aList.removeFinished( + aDownload => + aDownload.startTime >= rangeBeginMs && + aDownload.startTime <= rangeEndMs + ); + }); + }, + + deleteAll() { + return lazy.Downloads.getList(lazy.Downloads.ALL).then(aList => { + aList.removeFinished(null); + }); + }, +}; + +const PasswordsCleaner = { + deleteByHost(aHost, aOriginAttributes) { + // Clearing by host also clears associated subdomains. + return this._deleteInternal(aLogin => + Services.eTLD.hasRootDomain(aLogin.hostname, aHost) + ); + }, + + deleteByPrincipal(aPrincipal) { + // Login origins don't contain any origin attributes. + return this._deleteInternal( + aLogin => aLogin.origin == aPrincipal.originNoSuffix + ); + }, + + deleteByBaseDomain(aBaseDomain) { + return this._deleteInternal(aLogin => + Services.eTLD.hasRootDomain(aLogin.hostname, aBaseDomain) + ); + }, + + deleteAll() { + return this._deleteInternal(() => true); + }, + + async _deleteInternal(aCb) { + try { + let logins = await Services.logins.getAllLogins(); + for (let login of logins) { + if (aCb(login)) { + Services.logins.removeLogin(login); + } + } + } catch (ex) { + // XXXehsan: is there a better way to do this rather than this + // hacky comparison? + if ( + !ex.message.includes("User canceled Master Password entry") && + ex.result != Cr.NS_ERROR_NOT_IMPLEMENTED + ) { + throw new Error("Exception occured in clearing passwords: " + ex); + } + } + }, +}; + +const MediaDevicesCleaner = { + async deleteByRange(aFrom, aTo) { + let mediaMgr = Cc["@mozilla.org/mediaManagerService;1"].getService( + Ci.nsIMediaManagerService + ); + mediaMgr.sanitizeDeviceIds(aFrom); + }, + + // TODO: We should call the MediaManager to clear by principal, rather than + // over-clearing for user requests or bailing out for programmatic calls. + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + // TODO: Same as above, but for base domain. + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + async deleteAll() { + let mediaMgr = Cc["@mozilla.org/mediaManagerService;1"].getService( + Ci.nsIMediaManagerService + ); + mediaMgr.sanitizeDeviceIds(null); + }, +}; + +const QuotaCleaner = { + /** + * Clear quota storage for matching principals. + * @param {function} filterFn - Filter function which is passed a principal. + * Return true to clear storage for given principal or false to skip it. + * @returns {Promise} - Resolves once all matching items have been cleared. + * Rejects on error. + */ + async _qmsClearStoragesForPrincipalsMatching(filterFn) { + // Clearing quota storage by first getting all entry origins and then + // iterating over them is not ideal, since we can not ensure an entirely + // consistent clearing state. Between fetching the origins and clearing + // them, additional entries could be added. This means we could end up with + // stray entries after the clearing operation. To fix this we would need to + // move the clearing code to the QuotaManager itself which could either + // prevent new writes while clearing or clean up any additional entries + // which get written during the clearing operation. + // Performance is also not ideal, since we iterate over storage multiple + // times for this two step process. + // See Bug 1719195. + let origins = await new Promise((resolve, reject) => { + Services.qms.listOrigins().callback = request => { + if (request.resultCode != Cr.NS_OK) { + reject({ message: "Deleting quota storages failed" }); + return; + } + resolve(request.result); + }; + }); + + let clearPromises = origins + // Parse origins into principals. + .map(Services.scriptSecurityManager.createContentPrincipalFromOrigin) + // Filter out principals that don't match the filterFn. + .filter(filterFn) + // Clear quota storage by principal and collect the promises. + .map( + principal => + new Promise((resolve, reject) => { + let clearRequest = + Services.qms.clearStoragesForPrincipal(principal); + clearRequest.callback = () => { + if (clearRequest.resultCode != Cr.NS_OK) { + reject({ message: "Deleting quota storages failed" }); + return; + } + resolve(); + }; + }) + ); + return Promise.all(clearPromises); + }, + + deleteByPrincipal(aPrincipal) { + // localStorage: The legacy LocalStorage implementation that will + // eventually be removed depends on this observer notification to clear by + // principal. + Services.obs.notifyObservers( + null, + "extension:purge-localStorage", + aPrincipal.host + ); + + // Clear sessionStorage + Services.sessionStorage.clearStoragesForOrigin(aPrincipal); + + // ServiceWorkers: they must be removed before cleaning QuotaManager. + return lazy.ServiceWorkerCleanUp.removeFromPrincipal(aPrincipal) + .then( + _ => /* exceptionThrown = */ false, + _ => /* exceptionThrown = */ true + ) + .then(exceptionThrown => { + // QuotaManager: In the event of a failure, we call reject to propagate + // the error upwards. + return new Promise((aResolve, aReject) => { + let req = Services.qms.clearStoragesForPrincipal(aPrincipal); + req.callback = () => { + if (exceptionThrown || req.resultCode != Cr.NS_OK) { + aReject({ message: "Delete by principal failed" }); + } else { + aResolve(); + } + }; + }); + }); + }, + + async deleteByBaseDomain(aBaseDomain) { + // localStorage: The legacy LocalStorage implementation that will + // eventually be removed depends on this observer notification to clear by + // host. Some other subsystems like Reporting headers depend on this too. + Services.obs.notifyObservers( + null, + "extension:purge-localStorage", + aBaseDomain + ); + + // Clear sessionStorage + Services.obs.notifyObservers( + null, + "browser:purge-sessionStorage", + aBaseDomain + ); + + // Clear third-party storage partitioned under aBaseDomain. + // This notification is forwarded via the StorageObserver and consumed only + // by the SessionStorageManager and (legacy) LocalStorageManager. + // There is a similar (legacy) notification "clear-origin-attributes-data" + // which additionally clears data across various other storages unrelated to + // the QuotaCleaner. + Services.obs.notifyObservers( + null, + "dom-storage:clear-origin-attributes-data", + JSON.stringify({ partitionKeyPattern: { baseDomain: aBaseDomain } }) + ); + + // ServiceWorkers must be removed before cleaning QuotaManager. We store + // potential errors so we can re-throw later, once all operations have + // completed. + let swCleanupError; + try { + await lazy.ServiceWorkerCleanUp.removeFromBaseDomain(aBaseDomain); + } catch (error) { + swCleanupError = error; + } + + await this._qmsClearStoragesForPrincipalsMatching(principal => + hasBaseDomain({ principal }, aBaseDomain) + ); + + // Re-throw any service worker cleanup errors. + if (swCleanupError) { + throw swCleanupError; + } + }, + + async deleteByHost(aHost, aOriginAttributes) { + // XXX: The aOriginAttributes is expected to always be empty({}). Maybe have + // a debug assertion here to ensure that? + + // localStorage: The legacy LocalStorage implementation that will + // eventually be removed depends on this observer notification to clear by + // host. Some other subsystems like Reporting headers depend on this too. + Services.obs.notifyObservers(null, "extension:purge-localStorage", aHost); + + // Clear sessionStorage + Services.obs.notifyObservers(null, "browser:purge-sessionStorage", aHost); + + // ServiceWorkers must be removed before cleaning QuotaManager. We store any + // errors so we can re-throw later once all operations have completed. + let swCleanupError; + try { + await lazy.ServiceWorkerCleanUp.removeFromHost(aHost); + } catch (error) { + swCleanupError = error; + } + + await this._qmsClearStoragesForPrincipalsMatching(principal => { + try { + // deleteByHost has the semantics that "foo.example.com" should be + // wiped if we are provided an aHost of "example.com". + return Services.eTLD.hasRootDomain(principal.host, aHost); + } catch (e) { + // There is no host for the given principal. + return false; + } + }); + + // Re-throw any service worker cleanup errors. + if (swCleanupError) { + throw swCleanupError; + } + }, + + deleteByRange(aFrom, aTo) { + let principals = lazy.sas + .getActiveOrigins(aFrom, aTo) + .QueryInterface(Ci.nsIArray); + + let promises = []; + for (let i = 0; i < principals.length; ++i) { + let principal = principals.queryElementAt(i, Ci.nsIPrincipal); + + if ( + !principal.schemeIs("http") && + !principal.schemeIs("https") && + !principal.schemeIs("file") + ) { + continue; + } + + promises.push(this.deleteByPrincipal(principal)); + } + + return Promise.all(promises); + }, + + deleteByOriginAttributes(aOriginAttributesString) { + // The legacy LocalStorage implementation that will eventually be removed. + // And it should've been cleared while notifying observers with + // clear-origin-attributes-data. + + return lazy.ServiceWorkerCleanUp.removeFromOriginAttributes( + aOriginAttributesString + ) + .then( + _ => /* exceptionThrown = */ false, + _ => /* exceptionThrown = */ true + ) + .then(exceptionThrown => { + // QuotaManager: In the event of a failure, we call reject to propagate + // the error upwards. + return new Promise((aResolve, aReject) => { + let req = Services.qms.clearStoragesForOriginAttributesPattern( + aOriginAttributesString + ); + req.callback = () => { + if (req.resultCode == Cr.NS_OK) { + aResolve(); + } else { + aReject({ message: "Delete by origin attributes failed" }); + } + }; + }); + }); + }, + + async deleteAll() { + // localStorage + Services.obs.notifyObservers(null, "extension:purge-localStorage"); + + // sessionStorage + Services.obs.notifyObservers(null, "browser:purge-sessionStorage"); + + // ServiceWorkers must be removed before cleaning QuotaManager. We store any + // errors so we can re-throw later once all operations have completed. + let swCleanupError; + try { + await lazy.ServiceWorkerCleanUp.removeAll(); + } catch (error) { + swCleanupError = error; + } + + await this._qmsClearStoragesForPrincipalsMatching( + principal => + principal.schemeIs("http") || + principal.schemeIs("https") || + principal.schemeIs("file") + ); + + // Re-throw any service worker cleanup errors. + if (swCleanupError) { + throw swCleanupError; + } + }, + + async cleanupAfterDeletionAtShutdown() { + const toBeRemovedDir = PathUtils.join( + PathUtils.profileDir, + Services.prefs.getStringPref("dom.quotaManager.storageName"), + "to-be-removed" + ); + + if ( + !AppConstants.MOZ_BACKGROUNDTASKS || + !Services.prefs.getBoolPref("dom.quotaManager.backgroundTask.enabled") + ) { + await IOUtils.remove(toBeRemovedDir, { recursive: true }); + return; + } + + const runner = Cc["@mozilla.org/backgroundtasksrunner;1"].getService( + Ci.nsIBackgroundTasksRunner + ); + + runner.removeDirectoryInDetachedProcess( + toBeRemovedDir, + "", + "0", + "*", // wildcard + "Quota" + ); + }, +}; + +const PredictorNetworkCleaner = { + async deleteAll() { + // Predictive network data - like cache, no way to clear this per + // domain, so just trash it all + let np = Cc["@mozilla.org/network/predictor;1"].getService( + Ci.nsINetworkPredictor + ); + np.reset(); + }, + + // TODO: We should call the NetworkPredictor to clear by principal, rather + // than over-clearing for user requests or bailing out for programmatic calls. + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + // TODO: Same as above, but for base domain. + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, +}; + +const PushNotificationsCleaner = { + /** + * Clear entries for aDomain including subdomains of aDomain. + * @param {string} aDomain - Domain to clear data for. + * @returns {Promise} a promise which resolves once data has been cleared. + */ + _deleteByRootDomain(aDomain) { + if (!Services.prefs.getBoolPref("dom.push.enabled", false)) { + return Promise.resolve(); + } + + return new Promise((aResolve, aReject) => { + let push = Cc["@mozilla.org/push/Service;1"].getService( + Ci.nsIPushService + ); + // ClearForDomain also clears subdomains. + push.clearForDomain(aDomain, aStatus => { + if (!Components.isSuccessCode(aStatus)) { + aReject(); + } else { + aResolve(); + } + }); + }); + }, + + deleteByHost(aHost, aOriginAttributes) { + // Will also clear entries for subdomains of aHost. Data is cleared across + // all origin attributes. + return this._deleteByRootDomain(aHost); + }, + + deleteByPrincipal(aPrincipal) { + // Will also clear entries for subdomains of the principal host. Data is + // cleared across all origin attributes. + return this._deleteByRootDomain(aPrincipal.host); + }, + + deleteByBaseDomain(aBaseDomain) { + return this._deleteByRootDomain(aBaseDomain); + }, + + deleteAll() { + if (!Services.prefs.getBoolPref("dom.push.enabled", false)) { + return Promise.resolve(); + } + + return new Promise((aResolve, aReject) => { + let push = Cc["@mozilla.org/push/Service;1"].getService( + Ci.nsIPushService + ); + push.clearForDomain("*", aStatus => { + if (!Components.isSuccessCode(aStatus)) { + aReject(); + } else { + aResolve(); + } + }); + }); + }, +}; + +const StorageAccessCleaner = { + // This is a special function to implement deleteUserInteractionForClearingHistory. + async deleteExceptPrincipals(aPrincipalsWithStorage, aFrom) { + // We compare by base domain in order to simulate the behavior + // from purging, Consider a scenario where the user is logged + // into sub.example.com but the cookies are on example.com. In this + // case, we will remove the user interaction for sub.example.com + // because its principal does not match the one with storage. + let baseDomainsWithStorage = new Set(); + for (let principal of aPrincipalsWithStorage) { + baseDomainsWithStorage.add(principal.baseDomain); + } + for (let perm of Services.perms.getAllByTypeSince( + "storageAccessAPI", + // The permission manager uses milliseconds instead of microseconds + aFrom / 1000 + )) { + if (!baseDomainsWithStorage.has(perm.principal.baseDomain)) { + Services.perms.removePermission(perm); + } + } + }, + + async deleteByPrincipal(aPrincipal) { + return Services.perms.removeFromPrincipal(aPrincipal, "storageAccessAPI"); + }, + + _deleteInternal(filter) { + Services.perms.all + .filter(({ type }) => type == "storageAccessAPI") + .filter(filter) + .forEach(perm => { + try { + Services.perms.removePermission(perm); + } catch (ex) { + console.error(ex); + } + }); + }, + + async deleteByHost(aHost, aOriginAttributes) { + // Clearing by host also clears associated subdomains. + this._deleteInternal(({ principal }) => { + let toBeRemoved = false; + try { + toBeRemoved = Services.eTLD.hasRootDomain(principal.host, aHost); + } catch (ex) {} + return toBeRemoved; + }); + }, + + async deleteByBaseDomain(aBaseDomain) { + this._deleteInternal( + ({ principal }) => principal.baseDomain == aBaseDomain + ); + }, + + async deleteByRange(aFrom, aTo) { + Services.perms.removeByTypeSince("storageAccessAPI", aFrom / 1000); + }, + + async deleteAll() { + Services.perms.removeByType("storageAccessAPI"); + }, +}; + +const HistoryCleaner = { + deleteByHost(aHost, aOriginAttributes) { + if (!AppConstants.MOZ_PLACES) { + return Promise.resolve(); + } + return lazy.PlacesUtils.history.removeByFilter({ host: "." + aHost }); + }, + + deleteByPrincipal(aPrincipal) { + if (!AppConstants.MOZ_PLACES) { + return Promise.resolve(); + } + return lazy.PlacesUtils.history.removeByFilter({ host: aPrincipal.host }); + }, + + deleteByBaseDomain(aBaseDomain) { + return this.deleteByHost(aBaseDomain, {}); + }, + + deleteByRange(aFrom, aTo) { + if (!AppConstants.MOZ_PLACES) { + return Promise.resolve(); + } + return lazy.PlacesUtils.history.removeVisitsByFilter({ + beginDate: new Date(aFrom / 1000), + endDate: new Date(aTo / 1000), + }); + }, + + deleteAll() { + if (!AppConstants.MOZ_PLACES) { + return Promise.resolve(); + } + return lazy.PlacesUtils.history.clear(); + }, +}; + +const SessionHistoryCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + // Session storage and history also clear subdomains of aHost. + Services.obs.notifyObservers(null, "browser:purge-sessionStorage", aHost); + Services.obs.notifyObservers( + null, + "browser:purge-session-history-for-domain", + aHost + ); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + deleteByBaseDomain(aBaseDomain) { + return this.deleteByHost(aBaseDomain, {}); + }, + + async deleteByRange(aFrom, aTo) { + Services.obs.notifyObservers( + null, + "browser:purge-session-history", + String(aFrom) + ); + }, + + async deleteAll() { + Services.obs.notifyObservers(null, "browser:purge-session-history"); + }, +}; + +const AuthTokensCleaner = { + // TODO: Bug 1726742 + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + // TODO: Bug 1726742 + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + async deleteAll() { + let sdr = Cc["@mozilla.org/security/sdr;1"].getService( + Ci.nsISecretDecoderRing + ); + sdr.logoutAndTeardown(); + }, +}; + +const AuthCacheCleaner = { + // TODO: Bug 1726743 + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + // TODO: Bug 1726743 + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + deleteAll() { + return new Promise(aResolve => { + Services.obs.notifyObservers(null, "net:clear-active-logins"); + aResolve(); + }); + }, +}; + +const PermissionsCleaner = { + /** + * Delete permissions by either base domain or host. + * Clearing by host also clears associated subdomains. + * For example, clearing "example.com" will also clear permissions for + * "test.example.com" and "another.test.example.com". + * @param options + * @param {string} options.baseDomain - Base domain to delete permissions for. + * @param {string} options.host - Host to delete permissions for. + */ + async _deleteInternal({ baseDomain, host }) { + for (let perm of Services.perms.all) { + let toBeRemoved; + + if (baseDomain) { + toBeRemoved = perm.principal.baseDomain == baseDomain; + } else { + try { + toBeRemoved = Services.eTLD.hasRootDomain(perm.principal.host, host); + } catch (ex) { + continue; + } + } + + if ( + !toBeRemoved && + (perm.type.startsWith("3rdPartyStorage^") || + perm.type.startsWith("3rdPartyFrameStorage^")) + ) { + let parts = perm.type.split("^"); + let uri; + try { + uri = Services.io.newURI(parts[1]); + } catch (ex) { + continue; + } + + toBeRemoved = Services.eTLD.hasRootDomain(uri.host, baseDomain || host); + } + + if (!toBeRemoved) { + continue; + } + + try { + Services.perms.removePermission(perm); + } catch (ex) { + // Ignore entry + } + } + }, + + deleteByHost(aHost, aOriginAttributes) { + return this._deleteInternal({ host: aHost }); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + deleteByBaseDomain(aBaseDomain) { + return this._deleteInternal({ baseDomain: aBaseDomain }); + }, + + async deleteByRange(aFrom, aTo) { + Services.perms.removeAllSince(aFrom / 1000); + }, + + async deleteByOriginAttributes(aOriginAttributesString) { + Services.perms.removePermissionsWithAttributes(aOriginAttributesString); + }, + + async deleteAll() { + Services.perms.removeAll(); + }, +}; + +const PreferencesCleaner = { + deleteByHost(aHost, aOriginAttributes) { + // Also clears subdomains of aHost. + return new Promise((aResolve, aReject) => { + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + cps2.removeBySubdomain(aHost, null, { + handleCompletion: aReason => { + if (aReason === cps2.COMPLETE_ERROR) { + aReject(); + } else { + aResolve(); + } + }, + handleError() {}, + }); + }); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + deleteByBaseDomain(aBaseDomain) { + return this.deleteByHost(aBaseDomain, {}); + }, + + async deleteByRange(aFrom, aTo) { + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + cps2.removeAllDomainsSince(aFrom / 1000, null); + }, + + async deleteAll() { + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + cps2.removeAllDomains(null); + }, +}; + +const ClientAuthRememberCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + let cars = Cc[ + "@mozilla.org/security/clientAuthRememberService;1" + ].getService(Ci.nsIClientAuthRememberService); + + cars.deleteDecisionsByHost(aHost, aOriginAttributes); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + async deleteByBaseDomain(aDomain) { + let cars = Cc[ + "@mozilla.org/security/clientAuthRememberService;1" + ].getService(Ci.nsIClientAuthRememberService); + + cars + .getDecisions() + .filter(({ asciiHost, entryKey }) => { + // Get the origin attributes which are in the third component of the + // entryKey. ',' is used as the delimiter. + let originSuffixEncoded = entryKey.split(",")[2]; + let originAttributes; + + if (originSuffixEncoded) { + try { + // Decoding the suffix or parsing the origin attributes can fail. In + // this case we won't match the partitionKey, but we can still match + // the asciiHost. + let originSuffix = decodeURIComponent(originSuffixEncoded); + originAttributes = + ChromeUtils.CreateOriginAttributesFromOriginSuffix(originSuffix); + } catch (e) { + console.error(e); + } + } + + return hasBaseDomain( + { + host: asciiHost, + originAttributes, + }, + aDomain + ); + }) + .forEach(({ entryKey }) => cars.forgetRememberedDecision(entryKey)); + }, + + async deleteAll() { + let cars = Cc[ + "@mozilla.org/security/clientAuthRememberService;1" + ].getService(Ci.nsIClientAuthRememberService); + cars.clearRememberedDecisions(); + }, +}; + +const HSTSCleaner = { + async deleteByHost(aHost, aOriginAttributes) { + let sss = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService + ); + let uri = Services.io.newURI("https://" + aHost); + sss.resetState( + uri, + aOriginAttributes, + Ci.nsISiteSecurityService.RootDomain + ); + }, + + /** + * Adds brackets to a site if it's an IPv6 address. + * @param {string} aSite - (schemeless) site which may be an IPv6. + * @returns {string} bracketed IPv6 or site if site is not an IPv6. + */ + _maybeFixIpv6Site(aSite) { + // Not an IPv6 or already has brackets. + if (!aSite.includes(":") || aSite[0] == "[") { + return aSite; + } + return `[${aSite}]`; + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + async deleteByBaseDomain(aDomain) { + let sss = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService + ); + + // Add brackets to IPv6 sites to ensure URI creation succeeds. + let uri = Services.io.newURI("https://" + this._maybeFixIpv6Site(aDomain)); + sss.resetState(uri, {}, Ci.nsISiteSecurityService.BaseDomain); + }, + + async deleteAll() { + // Clear site security settings - no support for ranges in this + // interface either, so we clearAll(). + let sss = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService + ); + sss.clearAll(); + }, +}; + +const EMECleaner = { + async deleteByHost(aHost, aOriginAttributes) { + let mps = Cc["@mozilla.org/gecko-media-plugin-service;1"].getService( + Ci.mozIGeckoMediaPluginChromeService + ); + mps.forgetThisSite(aHost, JSON.stringify(aOriginAttributes)); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + async deleteByBaseDomain(aBaseDomain) { + let mps = Cc["@mozilla.org/gecko-media-plugin-service;1"].getService( + Ci.mozIGeckoMediaPluginChromeService + ); + mps.forgetThisBaseDomain(aBaseDomain); + }, + + deleteAll() { + // Not implemented. + return Promise.resolve(); + }, +}; + +const ReportsCleaner = { + deleteByHost(aHost, aOriginAttributes) { + // Also clears subdomains of aHost. + return new Promise(aResolve => { + Services.obs.notifyObservers(null, "reporting:purge-host", aHost); + aResolve(); + }); + }, + + deleteByPrincipal(aPrincipal) { + return this.deleteByHost(aPrincipal.host, aPrincipal.originAttributes); + }, + + deleteByBaseDomain(aBaseDomain) { + return this.deleteByHost(aBaseDomain, {}); + }, + + deleteAll() { + return new Promise(aResolve => { + Services.obs.notifyObservers(null, "reporting:purge-all"); + aResolve(); + }); + }, +}; + +const ContentBlockingCleaner = { + deleteAll() { + return lazy.TrackingDBService.clearAll(); + }, + + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + deleteByRange(aFrom, aTo) { + return lazy.TrackingDBService.clearSince(aFrom); + }, +}; + +/** + * The about:home startup cache, if it exists, might contain information + * about where the user has been, or what they've downloaded. + */ +const AboutHomeStartupCacheCleaner = { + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + deleteAll() { + // This cleaner only makes sense on Firefox desktop, which is the only + // application that uses the about:home startup cache. + if (!AppConstants.MOZ_BUILD_APP == "browser") { + return Promise.resolve(); + } + + return new Promise((aResolve, aReject) => { + let lci = Services.loadContextInfo.default; + let storage = Services.cache2.diskCacheStorage(lci); + let uri = Services.io.newURI("about:home"); + try { + storage.asyncDoomURI(uri, "", { + onCacheEntryDoomed(aResult) { + if ( + Components.isSuccessCode(aResult) || + aResult == Cr.NS_ERROR_NOT_AVAILABLE + ) { + aResolve(); + } else { + aReject({ + message: "asyncDoomURI for about:home failed", + }); + } + }, + }); + } catch (e) { + aReject({ + message: "Failed to doom about:home startup cache entry", + }); + } + }); + }, +}; + +const PreflightCacheCleaner = { + // TODO: Bug 1727141: We should call the cache to clear by principal, rather + // than over-clearing for user requests or bailing out for programmatic calls. + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + // TODO: Bug 1727141 (see deleteByPrincipal). + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + await this.deleteAll(); + }, + + async deleteAll() { + Cc[`@mozilla.org/network/protocol;1?name=http`] + .getService(Ci.nsIHttpProtocolHandler) + .clearCORSPreflightCache(); + }, +}; + +const IdentityCredentialStorageCleaner = { + async deleteAll() { + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + lazy.IdentityCredentialStorageService.clear(); + } + }, + + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + lazy.IdentityCredentialStorageService.deleteFromPrincipal(aPrincipal); + } + }, + + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!aIsUserRequest) { + return; + } + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + lazy.IdentityCredentialStorageService.deleteFromBaseDomain(aBaseDomain); + } + }, + + async deleteByRange(aFrom, aTo) { + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + lazy.IdentityCredentialStorageService.deleteFromTimeRange(aFrom, aTo); + } + }, + + async deleteByHost(aHost, aOriginAttributes) { + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + // Delete data from both HTTP and HTTPS sites. + let httpURI = Services.io.newURI("http://" + aHost); + let httpsURI = Services.io.newURI("https://" + aHost); + let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + httpURI, + aOriginAttributes + ); + let httpsPrincipal = + Services.scriptSecurityManager.createContentPrincipal( + httpsURI, + aOriginAttributes + ); + lazy.IdentityCredentialStorageService.deleteFromPrincipal(httpPrincipal); + lazy.IdentityCredentialStorageService.deleteFromPrincipal(httpsPrincipal); + } + }, + + async deleteByOriginAttributes(aOriginAttributesString) { + if ( + Services.prefs.getBoolPref( + "dom.security.credentialmanagement.identity.enabled", + false + ) + ) { + lazy.IdentityCredentialStorageService.deleteFromOriginAttributesPattern( + aOriginAttributesString + ); + } + }, +}; + +const BounceTrackingProtectionStateCleaner = { + async deleteAll() { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + await lazy.bounceTrackingProtection.clearAll(); + }, + + async deleteByPrincipal(aPrincipal, aIsUserRequest) { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + let { baseDomain, originAttributes } = aPrincipal; + await lazy.bounceTrackingProtection.clearBySiteHostAndOA( + baseDomain, + originAttributes + ); + }, + + async deleteByBaseDomain(aBaseDomain, aIsUserRequest) { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + await lazy.bounceTrackingProtection.clearBySiteHost(aBaseDomain); + }, + + async deleteByRange(aFrom, aTo) { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + await lazy.bounceTrackingProtection.clearByTimeRange(aFrom, aTo); + }, + + async deleteByHost(aHost, aOriginAttributes) { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + let baseDomain = getBaseDomainWithFallback(aHost); + await lazy.bounceTrackingProtection.clearBySiteHost(baseDomain); + }, + + async deleteByOriginAttributes(aOriginAttributesPatternString) { + if (!lazy.isBounceTrackingProtectionEnabled) { + return; + } + await lazy.bounceTrackingProtection.clearByOriginAttributesPattern( + aOriginAttributesPatternString + ); + }, +}; + +// Here the map of Flags-Cleaners. +const FLAGS_MAP = [ + { + flag: Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS, + cleaners: [CertCleaner], + }, + + { flag: Ci.nsIClearDataService.CLEAR_COOKIES, cleaners: [CookieCleaner] }, + + { + flag: Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + cleaners: [NetworkCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + cleaners: [ImageCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_CSS_CACHE, + cleaners: [CSSCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE, + cleaners: [ClientAuthRememberCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_DOWNLOADS, + cleaners: [DownloadsCleaner, AboutHomeStartupCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_PASSWORDS, + cleaners: [PasswordsCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_MEDIA_DEVICES, + cleaners: [MediaDevicesCleaner], + }, + + { flag: Ci.nsIClearDataService.CLEAR_DOM_QUOTA, cleaners: [QuotaCleaner] }, + + { + flag: Ci.nsIClearDataService.CLEAR_PREDICTOR_NETWORK_DATA, + cleaners: [PredictorNetworkCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS, + cleaners: [PushNotificationsCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_HISTORY, + cleaners: [HistoryCleaner, AboutHomeStartupCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_SESSION_HISTORY, + cleaners: [SessionHistoryCleaner, AboutHomeStartupCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_AUTH_TOKENS, + cleaners: [AuthTokensCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_AUTH_CACHE, + cleaners: [AuthCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_PERMISSIONS, + cleaners: [PermissionsCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_CONTENT_PREFERENCES, + cleaners: [PreferencesCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_HSTS, + cleaners: [HSTSCleaner], + }, + + { flag: Ci.nsIClearDataService.CLEAR_EME, cleaners: [EMECleaner] }, + + { flag: Ci.nsIClearDataService.CLEAR_REPORTS, cleaners: [ReportsCleaner] }, + + { + flag: Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + cleaners: [StorageAccessCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_CONTENT_BLOCKING_RECORDS, + cleaners: [ContentBlockingCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_PREFLIGHT_CACHE, + cleaners: [PreflightCacheCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_CREDENTIAL_MANAGER_STATE, + cleaners: [IdentityCredentialStorageCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + cleaners: [CookieBannerExceptionCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + cleaners: [CookieBannerExecutedRecordCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + cleaners: [FingerprintingProtectionStateCleaner], + }, + + { + flag: Ci.nsIClearDataService.CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + cleaners: [BounceTrackingProtectionStateCleaner], + }, +]; + +export function ClearDataService() { + this._initialize(); +} + +ClearDataService.prototype = Object.freeze({ + classID: Components.ID("{0c06583d-7dd8-4293-b1a5-912205f779aa}"), + QueryInterface: ChromeUtils.generateQI(["nsIClearDataService"]), + + _initialize() { + // Let's start all the service we need to cleanup data. + + // This is mainly needed for GeckoView that doesn't start QMS on startup + // time. + if (!Services.qms) { + console.error("Failed initializiation of QuotaManagerService."); + } + }, + + deleteDataFromLocalFiles(aIsUserRequest, aFlags, aCallback) { + if (!aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => { + // Some of the 'Cleaners' do not support clearing data for + // local files. Ignore those. + if (aCleaner.deleteByLocalFiles) { + // A generic originAttributes dictionary. + return aCleaner.deleteByLocalFiles({}); + } + return Promise.resolve(); + }); + }, + + deleteDataFromHost(aHost, aIsUserRequest, aFlags, aCallback) { + if (!aHost || !aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => { + // Some of the 'Cleaners' do not support to delete by principal. Let's + // use deleteAll() as fallback. + if (aCleaner.deleteByHost) { + // A generic originAttributes dictionary. + return aCleaner.deleteByHost(aHost, {}); + } + // The user wants to delete data. Let's remove as much as we can. + if (aIsUserRequest) { + return aCleaner.deleteAll(); + } + // We don't want to delete more than what is strictly required. + return Promise.resolve(); + }); + }, + + deleteDataFromBaseDomain(aDomainOrHost, aIsUserRequest, aFlags, aCallback) { + if (!aDomainOrHost || !aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + // We may throw here if aDomainOrHost can't be converted to a base domain. + let baseDomain; + + try { + baseDomain = getBaseDomainWithFallback(aDomainOrHost); + } catch (e) { + return Cr.NS_ERROR_FAILURE; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => + aCleaner.deleteByBaseDomain(baseDomain, aIsUserRequest) + ); + }, + + deleteDataFromPrincipal(aPrincipal, aIsUserRequest, aFlags, aCallback) { + if (!aPrincipal || !aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => + aCleaner.deleteByPrincipal(aPrincipal, aIsUserRequest) + ); + }, + + deleteDataInTimeRange(aFrom, aTo, aIsUserRequest, aFlags, aCallback) { + if (aFrom > aTo || !aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => { + // Some of the 'Cleaners' do not support to delete by range. Let's use + // deleteAll() as fallback. + if (aCleaner.deleteByRange) { + return aCleaner.deleteByRange(aFrom, aTo); + } + // The user wants to delete data. Let's remove as much as we can. + if (aIsUserRequest) { + return aCleaner.deleteAll(); + } + // We don't want to delete more than what is strictly required. + return Promise.resolve(); + }); + }, + + deleteData(aFlags, aCallback) { + if (!aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + return this._deleteInternal(aFlags, aCallback, aCleaner => { + return aCleaner.deleteAll(); + }); + }, + + deleteDataFromOriginAttributesPattern(aPattern, aCallback) { + if (!aPattern) { + return Cr.NS_ERROR_INVALID_ARG; + } + + let patternString = JSON.stringify(aPattern); + // XXXtt remove clear-origin-attributes-data entirely + Services.obs.notifyObservers( + null, + "clear-origin-attributes-data", + patternString + ); + + if (!aCallback) { + aCallback = { + onDataDeleted: () => {}, + }; + } + return this._deleteInternal( + Ci.nsIClearDataService.CLEAR_ALL, + aCallback, + aCleaner => { + if (aCleaner.deleteByOriginAttributes) { + return aCleaner.deleteByOriginAttributes(patternString); + } + + // We don't want to delete more than what is strictly required. + return Promise.resolve(); + } + ); + }, + + deleteUserInteractionForClearingHistory( + aPrincipalsWithStorage, + aFrom, + aCallback + ) { + if (!aCallback) { + return Cr.NS_ERROR_INVALID_ARG; + } + + StorageAccessCleaner.deleteExceptPrincipals(aPrincipalsWithStorage, aFrom) + .then(() => { + aCallback.onDataDeleted(0); + }) + .catch(() => { + // This is part of clearing storageAccessAPI permissions, thus return + // an appropriate error flag. + aCallback.onDataDeleted(Ci.nsIClearDataService.CLEAR_PERMISSIONS); + }); + return Cr.NS_OK; + }, + + cleanupAfterDeletionAtShutdown(aFlags, aCallback) { + return this._deleteInternal(aFlags, aCallback, async aCleaner => { + if (aCleaner.cleanupAfterDeletionAtShutdown) { + await aCleaner.cleanupAfterDeletionAtShutdown(); + } + }); + }, + + // This internal method uses aFlags against FLAGS_MAP in order to retrieve a + // list of 'Cleaners'. For each of them, the aHelper callback retrieves a + // promise object. All these promise objects are resolved before calling + // onDataDeleted. + _deleteInternal(aFlags, aCallback, aHelper) { + let resultFlags = 0; + let promises = FLAGS_MAP.filter(c => aFlags & c.flag).map(c => { + return Promise.all( + c.cleaners.map(cleaner => { + return aHelper(cleaner).catch(e => { + console.error(e); + resultFlags |= c.flag; + }); + }) + ); + // Let's collect the failure in resultFlags. + }); + Promise.all(promises).then(() => { + aCallback.onDataDeleted(resultFlags); + }); + return Cr.NS_OK; + }, +}); diff --git a/toolkit/components/cleardata/PrincipalsCollector.sys.mjs b/toolkit/components/cleardata/PrincipalsCollector.sys.mjs new file mode 100644 index 0000000000..2b5917c6ce --- /dev/null +++ b/toolkit/components/cleardata/PrincipalsCollector.sys.mjs @@ -0,0 +1,178 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + +const lazy = {}; + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "serviceWorkerManager", + "@mozilla.org/serviceworkers/manager;1", + "nsIServiceWorkerManager" +); + +let logConsole; +function log(msg) { + if (!logConsole) { + logConsole = console.createInstance({ + prefix: "** PrincipalsCollector.jsm", + maxLogLevelPref: "browser.sanitizer.loglevel", + }); + } + + logConsole.log(msg); +} + +/** + * A helper module to collect all principals that have any of the following: + * * cookies + * * quota storage (indexedDB, localStorage) + * * service workers + * + * Note that in case of cookies, because these are not strictly associated with a + * full origin (including scheme), the https:// scheme will be used as a convention, + * so when the cookie hostname is .example.com the principal will have the origin + * https://example.com. Origin Attributes from cookies are copied to the principal. + * + * This class is not a singleton and needs to be instantiated using the constructor + * before usage. The class instance will cache the last list of principals. + * + * There is currently no `refresh` method, though you are free to add one. + */ +export class PrincipalsCollector { + // Indicating that we are in the process of collecting principals, + // that might take some time + #pendingCollection = null; + /** + * Creates a new PrincipalsCollector. + */ + constructor() { + this.principals = null; + } + + /** + * Checks whether the passed in principal has a scheme that is considered by the + * PrincipalsCollector. This is used to avoid including principals for non-web + * entities such as moz-extension. + * + * @param {nsIPrincipal} the principal to check + * @returns {boolean} + */ + static isSupportedPrincipal(principal) { + return ["http", "https", "file"].some(scheme => principal.schemeIs(scheme)); + } + + /** + * Fetches and collects all principals with cookies and/or site data (see module + * description). Originally for usage in Sanitizer.jsm to compute principals to be + * cleared on shutdown based on user settings. + * + * This operation might take a while to complete on big profiles. + * DO NOT call or await this in a way that makes it block user interaction, or you + * risk several painful seconds or possibly even minutes of lag. + * + * This function will cache its result and return the same list on second call, + * even if the actual number of principals with cookies and site data changed. + * + * @param {Object} [optional] progress A Sanitizer.jsm progress object that will be + * updated to reflect the current step of fetching principals. + * @returns {Array} the list of principals + */ + async getAllPrincipals(progress = {}) { + // Here is the list of principals with site data. + if (this.principals) { + return this.principals; + } + // Gathering all principals might take a while, + // to ensure this process is only done once, we queue + // the incomming calls here in case we are not yet done gathering principals + if (!this.#pendingCollection) { + this.#pendingCollection = this._getAllPrincipalsInternal(progress); + this.principals = await this.#pendingCollection; + this.#pendingCollection = null; + return this.principals; + } + await this.#pendingCollection; + return this.principals; + } + + async _getAllPrincipalsInternal(progress = {}) { + progress.step = "principals-quota-manager"; + let principals = await new Promise(resolve => { + Services.qms.listOrigins().callback = request => { + progress.step = "principals-quota-manager-listOrigins"; + if (request.resultCode != Cr.NS_OK) { + // We are probably shutting down. We don't want to propagate the + // error, rejecting the promise. + resolve([]); + return; + } + + let principalsMap = new Map(); + for (const origin of request.result) { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + origin + ); + if (PrincipalsCollector.isSupportedPrincipal(principal)) { + principalsMap.set(principal.origin, principal); + } + } + + progress.step = "principals-quota-manager-completed"; + resolve(principalsMap); + }; + }).catch(ex => { + console.error("QuotaManagerService promise failed: ", ex); + return []; + }); + + progress.step = "principals-service-workers"; + let serviceWorkers = lazy.serviceWorkerManager.getAllRegistrations(); + for (let i = 0; i < serviceWorkers.length; i++) { + let sw = serviceWorkers.queryElementAt( + i, + Ci.nsIServiceWorkerRegistrationInfo + ); + // We don't need to check the scheme. SW are just exposed to http/https URLs. + principals.set(sw.principal.origin, sw.principal); + } + + // Let's take the list of unique hosts+OA from cookies. + progress.step = "principals-cookies"; + let cookies = Services.cookies.cookies; + let hosts = new Set(); + for (let cookie of cookies) { + hosts.add( + cookie.rawHost + + ChromeUtils.originAttributesToSuffix(cookie.originAttributes) + ); + } + + progress.step = "principals-host-cookie"; + hosts.forEach(host => { + // Cookies and permissions are handled by origin/host. Doesn't matter if we + // use http: or https: schema here. + let principal; + try { + principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://" + host + ); + } catch (e) { + log( + `ERROR: Could not create content principal for host '${host}' ${e.message}` + ); + } + if (principal) { + principals.set(principal.origin, principal); + } + }); + + principals = Array.from(principals.values()); + progress.step = "total-principals:" + principals.length; + return principals; + } +} diff --git a/toolkit/components/cleardata/ServiceWorkerCleanUp.sys.mjs b/toolkit/components/cleardata/ServiceWorkerCleanUp.sys.mjs new file mode 100644 index 0000000000..1c49b2be08 --- /dev/null +++ b/toolkit/components/cleardata/ServiceWorkerCleanUp.sys.mjs @@ -0,0 +1,87 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + +const lazy = {}; + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "serviceWorkerManager", + "@mozilla.org/serviceworkers/manager;1", + "nsIServiceWorkerManager" +); + +if (Services.appinfo.processType === Services.appinfo.PROCESS_TYPE_CONTENT) { + throw new Error( + "ServiceWorkerCleanUp.jsm can only be used in the parent process" + ); +} + +function unregisterServiceWorker(aSW) { + return new Promise(resolve => { + let unregisterCallback = { + unregisterSucceeded: resolve, + unregisterFailed: resolve, // We don't care about failures. + QueryInterface: ChromeUtils.generateQI([ + "nsIServiceWorkerUnregisterCallback", + ]), + }; + lazy.serviceWorkerManager.propagateUnregister( + aSW.principal, + unregisterCallback, + aSW.scope + ); + }); +} + +function unregisterServiceWorkersMatching(filterFn) { + let promises = []; + let serviceWorkers = lazy.serviceWorkerManager.getAllRegistrations(); + for (let i = 0; i < serviceWorkers.length; i++) { + let sw = serviceWorkers.queryElementAt( + i, + Ci.nsIServiceWorkerRegistrationInfo + ); + if (filterFn(sw)) { + promises.push(unregisterServiceWorker(sw)); + } + } + return Promise.all(promises); +} + +export const ServiceWorkerCleanUp = { + removeFromHost(aHost) { + return unregisterServiceWorkersMatching(sw => + Services.eTLD.hasRootDomain(sw.principal.host, aHost) + ); + }, + + removeFromBaseDomain(aBaseDomain) { + // Service workers are disabled in partitioned contexts. This means we don't + // have to check for a partitionKey, but only look at the top level base + // domain. If this ever changes we need to update this method to account for + // partitions. See Bug 1495241. + return unregisterServiceWorkersMatching( + sw => sw.principal.baseDomain == aBaseDomain + ); + }, + + removeFromPrincipal(aPrincipal) { + return unregisterServiceWorkersMatching(sw => + sw.principal.equals(aPrincipal) + ); + }, + + removeFromOriginAttributes(aOriginAttributesString) { + lazy.serviceWorkerManager.removeRegistrationsByOriginAttributes( + aOriginAttributesString + ); + return Promise.resolve(); + }, + + removeAll() { + return unregisterServiceWorkersMatching(() => true); + }, +}; diff --git a/toolkit/components/cleardata/SiteDataTestUtils.sys.mjs b/toolkit/components/cleardata/SiteDataTestUtils.sys.mjs new file mode 100644 index 0000000000..a777a19b7d --- /dev/null +++ b/toolkit/components/cleardata/SiteDataTestUtils.sys.mjs @@ -0,0 +1,411 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; +import { BrowserTestUtils } from "resource://testing-common/BrowserTestUtils.sys.mjs"; + +const lazy = {}; + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "swm", + "@mozilla.org/serviceworkers/manager;1", + "nsIServiceWorkerManager" +); + +/** + * This module assists with tasks around testing functionality that shows + * or clears site data. + * + * Please note that you will have to clean up changes made manually, for + * example using SiteDataTestUtils.clear(). + */ +export var SiteDataTestUtils = { + /** + * Makes an origin have persistent data storage. + * + * @param {String} origin - the origin of the site to give persistent storage + * + * @returns a Promise that resolves when storage was persisted + */ + persist(origin, value = Services.perms.ALLOW_ACTION) { + return new Promise(resolve => { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + Services.perms.addFromPrincipal(principal, "persistent-storage", value); + Services.qms.persist(principal).callback = () => resolve(); + }); + }, + + /** + * Adds a new blob entry to a dummy indexedDB database for the specified origin. + * + * @param {String} origin - the origin of the site to add test data for + * @param {Number} size [optional] - the size of the entry in bytes + * + * @returns a Promise that resolves when the data was added successfully. + */ + addToIndexedDB(origin, size = 1024) { + return new Promise(resolve => { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1); + request.onupgradeneeded = function (e) { + let db = e.target.result; + db.createObjectStore("TestStore"); + }; + request.onsuccess = function (e) { + let db = e.target.result; + let tx = db.transaction("TestStore", "readwrite"); + let store = tx.objectStore("TestStore"); + tx.oncomplete = resolve; + let buffer = new ArrayBuffer(size); + let blob = new Blob([buffer]); + store.add(blob, Cu.now()); + }; + }); + }, + + /** + * Adds a new cookie for the specified origin or host + path + oa, with the + * specified contents. The cookie will be valid for one day. + * @param {object} options + * @param {String} [options.origin] - Origin of the site to add test data for. + * If set, overrides host, path and originAttributes args. + * @param {String} [options.host] - Host of the site to add test data for. + * @param {String} [options.path] - Path to set cookie for. + * @param {Object} [options.originAttributes] - Object of origin attributes to + * set cookie for. + * @param {String} [options.name] - Cookie name + * @param {String} [options.value] - Cookie value + */ + addToCookies({ + origin, + host, + path = "path", + originAttributes = {}, + name = "foo", + value = "bar", + }) { + if (origin) { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + host = principal.host; + path = principal.URI.pathQueryRef; + originAttributes = Object.keys(originAttributes).length + ? originAttributes + : principal.originAttributes; + } + + Services.cookies.add( + host, + path, + name, + value, + false, + false, + false, + Math.floor(Date.now() / 1000) + 24 * 60 * 60, + originAttributes, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_UNSET + ); + }, + + /** + * Adds a new localStorage entry for the specified origin, with the specified contents. + * + * @param {String} origin - the origin of the site to add test data for + * @param {String} [key] - the localStorage key + * @param {String} [value] - the localStorage value + */ + addToLocalStorage(origin, key = "foo", value = "bar") { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + let storage = Services.domStorageManager.createStorage( + null, + principal, + principal, + "" + ); + storage.setItem(key, value); + }, + + /** + * Checks whether the given origin is storing data in localStorage + * + * @param {String} origin - the origin of the site to check + * @param {{key: String, value: String}[]} [testEntries] - An array of entries + * to test for. + * + * @returns {Boolean} whether the origin has localStorage data + */ + hasLocalStorage(origin, testEntries) { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + let storage = Services.domStorageManager.createStorage( + null, + principal, + principal, + "" + ); + if (!storage.length) { + return false; + } + if (!testEntries) { + return true; + } + return ( + storage.length >= testEntries.length && + testEntries.every(({ key, value }) => storage.getItem(key) == value) + ); + }, + + /** + * Adds a new serviceworker with the specified path. Note that this + * method will open a new tab at the domain of the SW path to that effect. + * + * @param {String} path - the path to the service worker to add. + * + * @returns a Promise that resolves when the service worker was registered + */ + addServiceWorker(path) { + let uri = Services.io.newURI(path); + // Register a dummy ServiceWorker. + return BrowserTestUtils.withNewTab(uri.prePath, async function (browser) { + return browser.ownerGlobal.SpecialPowers.spawn( + browser, + [{ path }], + async ({ path: p }) => { + // eslint-disable-next-line no-undef + let r = await content.navigator.serviceWorker.register(p); + return new Promise(resolve => { + let worker = r.installing || r.waiting || r.active; + if (worker.state == "activated") { + resolve(); + } else { + worker.addEventListener("statechange", () => { + if (worker.state == "activated") { + resolve(); + } + }); + } + }); + } + ); + }); + }, + + hasCookies(origin, testEntries = null, testPBMCookies = false) { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + + let originAttributes = principal.originAttributes; + + if (testPBMCookies) { + // Override the origin attributes to set PBM. + // This needs to be updated when adding support for multiple PBM contexts. + originAttributes = { + ...principal.originAttributes, + privateBrowsingId: 1, + }; + } + // Need to do an additional filter step since getCookiesFromHost returns all + // cookies for the base domain (including subdomains). This method takes an + // origin so we need to do an exact host match. + let cookies = Services.cookies + .getCookiesFromHost(principal.baseDomain, originAttributes) + .filter( + cookie => + cookie.host == principal.host || cookie.host == `.${principal.host}` + ); + + // If we don't have to filter specific testEntries we can return now. + if (!testEntries) { + return !!cookies.length; + } + + // Check if the returned cookies match testEntries. + if (cookies.length < testEntries.length) { + return false; + } + + // This code isn't very efficient. It should only be used for testing + // a small amount of cookies. + return testEntries.every(({ key, value }) => + cookies.some(cookie => cookie.name == key && cookie.value == value) + ); + }, + + hasIndexedDB(origin) { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + return new Promise(resolve => { + let data = true; + let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1); + request.onupgradeneeded = function (e) { + data = false; + }; + request.onsuccess = function (e) { + resolve(data); + }; + }); + }, + + _getCacheStorage(where, lci) { + switch (where) { + case "disk": + return Services.cache2.diskCacheStorage(lci); + case "memory": + return Services.cache2.memoryCacheStorage(lci); + case "pin": + return Services.cache2.pinningCacheStorage(lci); + } + return null; + }, + + hasCacheEntry(path, where, lci = Services.loadContextInfo.default) { + let storage = this._getCacheStorage(where, lci); + return storage.exists(Services.io.newURI(path), ""); + }, + + addCacheEntry(path, where, lci = Services.loadContextInfo.default) { + return new Promise(resolve => { + function CacheListener() {} + CacheListener.prototype = { + QueryInterface: ChromeUtils.generateQI(["nsICacheEntryOpenCallback"]), + + onCacheEntryCheck(entry) { + return Ci.nsICacheEntryOpenCallback.ENTRY_WANTED; + }, + + onCacheEntryAvailable(entry, isnew, status) { + resolve(); + }, + }; + + let storage = this._getCacheStorage(where, lci); + storage.asyncOpenURI( + Services.io.newURI(path), + "", + Ci.nsICacheStorage.OPEN_NORMALLY, + new CacheListener() + ); + }); + }, + + /** + * Checks whether the specified origin has registered ServiceWorkers. + * + * @param {String} origin - the origin of the site to check + * + * @returns {Boolean} whether or not the site has ServiceWorkers. + */ + hasServiceWorkers(origin) { + let serviceWorkers = lazy.swm.getAllRegistrations(); + for (let i = 0; i < serviceWorkers.length; i++) { + let sw = serviceWorkers.queryElementAt( + i, + Ci.nsIServiceWorkerRegistrationInfo + ); + if (sw.principal.origin == origin) { + return true; + } + } + return false; + }, + + /** + * Waits for a ServiceWorker to be registered. + * + * @param {String} the url of the ServiceWorker to wait for + * + * @returns a Promise that resolves when a ServiceWorker at the + * specified location has been registered. + */ + promiseServiceWorkerRegistered(url) { + if (!(url instanceof Ci.nsIURI)) { + url = Services.io.newURI(url); + } + + return new Promise(resolve => { + let listener = { + onRegister: registration => { + if (registration.principal.host != url.host) { + return; + } + lazy.swm.removeListener(listener); + resolve(registration); + }, + }; + lazy.swm.addListener(listener); + }); + }, + + /** + * Waits for a ServiceWorker to be unregistered. + * + * @param {String} the url of the ServiceWorker to wait for + * + * @returns a Promise that resolves when a ServiceWorker at the + * specified location has been unregistered. + */ + promiseServiceWorkerUnregistered(url) { + if (!(url instanceof Ci.nsIURI)) { + url = Services.io.newURI(url); + } + + return new Promise(resolve => { + let listener = { + onUnregister: registration => { + if (registration.principal.host != url.host) { + return; + } + lazy.swm.removeListener(listener); + resolve(registration); + }, + }; + lazy.swm.addListener(listener); + }); + }, + + /** + * Gets the current quota usage for the specified origin. + * + * @returns a Promise that resolves to an integer with the total + * amount of disk usage by a given origin. + */ + getQuotaUsage(origin) { + return new Promise(resolve => { + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin); + Services.qms.getUsageForPrincipal(principal, request => + resolve(request.result.usage) + ); + }); + }, + + /** + * Cleans up all site data. + */ + clear() { + return new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIES | + Ci.nsIClearDataService.CLEAR_ALL_CACHES | + Ci.nsIClearDataService.CLEAR_MEDIA_DEVICES | + Ci.nsIClearDataService.CLEAR_DOM_STORAGES | + Ci.nsIClearDataService.CLEAR_PREDICTOR_NETWORK_DATA | + Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE | + Ci.nsIClearDataService.CLEAR_EME | + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS | + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION | + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD | + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE | + Ci.nsIClearDataService.CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + resolve + ); + }); + }, +}; diff --git a/toolkit/components/cleardata/components.conf b/toolkit/components/cleardata/components.conf new file mode 100644 index 0000000000..63aa889c10 --- /dev/null +++ b/toolkit/components/cleardata/components.conf @@ -0,0 +1,16 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Classes = [ + { + 'js_name': 'clearData', + 'cid': '{0c06583d-7dd8-4293-b1a5-912205f779aa}', + 'contract_ids': ['@mozilla.org/clear-data-service;1'], + 'interfaces': ['nsIClearDataService'], + 'esModule': 'resource://gre/modules/ClearDataService.sys.mjs', + 'constructor': 'ClearDataService', + }, +] diff --git a/toolkit/components/cleardata/moz.build b/toolkit/components/cleardata/moz.build new file mode 100644 index 0000000000..d3f06d8221 --- /dev/null +++ b/toolkit/components/cleardata/moz.build @@ -0,0 +1,38 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +TESTING_JS_MODULES += [ + "SiteDataTestUtils.sys.mjs", +] + +XPIDL_SOURCES += [ + "nsIClearDataService.idl", +] + +XPIDL_MODULE = "toolkit_cleardata" + +EXTRA_JS_MODULES += [ + "ClearDataService.sys.mjs", + "PrincipalsCollector.sys.mjs", + "ServiceWorkerCleanUp.sys.mjs", +] + +XPCOM_MANIFESTS += [ + "components.conf", +] + +XPCSHELL_TESTS_MANIFESTS += ["tests/unit/xpcshell.toml"] + +BROWSER_CHROME_MANIFESTS += ["tests/browser/browser.toml"] + +MARIONETTE_MANIFESTS += ["tests/marionette/manifest.toml"] + +include("/ipc/chromium/chromium-config.mozbuild") + +with Files("**"): + BUG_COMPONENT = ("Toolkit", "Data Sanitization") + +FINAL_LIBRARY = "xul" diff --git a/toolkit/components/cleardata/nsIClearDataService.idl b/toolkit/components/cleardata/nsIClearDataService.idl new file mode 100644 index 0000000000..0dff281dbe --- /dev/null +++ b/toolkit/components/cleardata/nsIClearDataService.idl @@ -0,0 +1,358 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIPrincipal; +interface nsIClearDataCallback; + +/** + * nsIClearDataService + * + * Provides methods for cleaning data from a nsIPrincipal and/or from a time + * range. + */ +[scriptable, uuid(6ef3ef16-a502-4576-9fb4-919f1c40bf61)] +interface nsIClearDataService : nsISupports +{ + /** + * Delete data owned by local files or other hostless schemes. + * @param aIsUserRequest true if this request comes from a user interaction. + * This information is important because if true, it's probably better + * to remove more than less, for privacy reason. If false (e.g. + * Clear-Site-Data header), we don't want to delete more than what is + * strictly required. + * @param aFlags List of flags. See below the accepted values. + Note that not all flags will make sense (e.g. we can't clear + certificates for local files). Nonsensical flags will be + ignored. + * @param aCallback this callback will be executed when the operation is + * completed. + */ + void deleteDataFromLocalFiles(in bool aIsUserRequest, + in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete data owned by a host. For instance: mozilla.org. Data from any + * possible originAttributes will be deleted. + * @param aHost the host to be used. + * @param aIsUserRequest true if this request comes from a user interaction. + * This information is important because if true, it's probably better + * to remove more than less, for privacy reason. If false (e.g. + * Clear-Site-Data header), we don't want to delete more than what is + * strictly required. + * @param aFlags List of flags. See below the accepted values. + * @param aCallback this callback will be executed when the operation is + * completed. + * @deprecated Use deleteDataFromBaseDomain instead. + */ + void deleteDataFromHost(in AUTF8String aHost, + in bool aIsUserRequest, + in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete data owned by or partitioned under a baseDomain (eTLD+1). For + * instance: mozilla.org. Deletes data across all origin attributes. For + * partitioned storage we clear both, data of the baseDomain in 1st-party and + * 3rd-party context. + * When handling user requests for clearing data using this method is + * preferred over deleteDataFromPrincipal, since origins may share information + * with their site (e.g. cookies) that are not deleted by principal. + * @param aDomainOrHost the domain or host to be used. Will be converted to + * baseDomain if needed. + * @param aIsUserRequest true if this request comes from a user interaction. + * This information is important because if true, it's probably better + * to remove more than less, for privacy reason. If false (e.g. + * Clear-Site-Data header), we don't want to delete more than what is + * strictly required. + * @param aFlags List of flags. See below the accepted values. + * @param aCallback this callback will be executed when the operation is + * completed. + * @throws Throws if base domain can't be computed from aDomainOrHost. Callers + * may fall back to clearing by principal or host. + */ + void deleteDataFromBaseDomain(in AUTF8String aDomainOrHost, + in bool aIsUserRequest, + in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete data owned by a principal. + * @param aPrincipal the nsIPrincipal to be used. + * @param aIsUserRequest true if this request comes from a user interaction. + * This information is important because if true, it's probably better + * to remove more than less, for privacy reason. If false (e.g. + * Clear-Site-Data header), we don't want to delete more than what is + * strictly required. + * @param aFlags List of flags. See below the accepted values. + * @param aCallback ths callback will be executed when the operation is + * completed. + */ + void deleteDataFromPrincipal(in nsIPrincipal aPrincipal, + in bool aIsUserRequest, + in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete all data in a time range. Limit excluded. + * @param aFrom microseconds from the epoch + * @param aTo microseconds from the epoch + * @param aIsUserRequest true if this request comes from a user interaction. + * This information is important because if true, it's probably better + * to remove more than less, for privacy reason. If false (e.g. + * Clear-Site-Data header), we don't want to delete more than what is + * strictly required. + * @param aFlags List of flags. See below the accepted values. + * @param aCallback ths callback will be executed when the operation is + * completed. + */ + void deleteDataInTimeRange(in PRTime aFrom, in PRTime aTo, + in bool aIsUserRequest, + in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete all data from any host, in any time range. + * @param aFlags List of flags. See below the accepted values. + * @param aCallback ths callback will be executed when the operation is + * completed. + */ + void deleteData(in uint32_t aFlags, + in nsIClearDataCallback aCallback); + + /** + * Delete all data from an OriginAttributesPatternDictionary. + * @param aOriginAttributesPattern the originAttributes dictionary. + * @param aCallback the optional callback will be executed when the operation + * is completed. + */ + void deleteDataFromOriginAttributesPattern(in jsval aOriginAttributesPattern, + [optional] in nsIClearDataCallback aCallback); + + /** + * This is a helper function to clear storageAccessAPI permissions + * in a way that will not result in users getting logged out by + * cookie purging. To that end we only clear permissions for principals + * whose base domain does not have any storage associated with it. + * + * The principals to be considered will need to be passed by the API consumer. + * It is recommended to use PrincipalsCollector.jsm for that. + * + * @param aPrincipalsWithStorage principals to be excluded from clearing + * @param aFrom microseconds from the epoch + * @param aCallback the optional callback will be executed when the operation + * is completed. + */ + void deleteUserInteractionForClearingHistory(in Array aPrincipalsWithStorage, + [optional] in PRTime aFrom, + [optional] in nsIClearDataCallback aCallback); + + /** + * Some cleaners, namely QuotaCleaner, can opt in and treat things as deleted + * without actually removing files at shutdown. This function will trigger + * actual removal of them. + */ + void cleanupAfterDeletionAtShutdown(in uint32_t aFlags, in nsIClearDataCallback aCallback); + + /************************************************************************** + * Listed below are the various flags which may be or'd together. + */ + + /** + * Delete cookies. + */ + const uint32_t CLEAR_COOKIES = 1 << 0; + + /** + * Network Cache. + */ + const uint32_t CLEAR_NETWORK_CACHE = 1 << 1; + + /** + * Image cache. + */ + const uint32_t CLEAR_IMAGE_CACHE = 1 << 2; + + /** + * Completed downloads. + */ + const uint32_t CLEAR_DOWNLOADS = 1 << 4; + + /** + * Stored passwords. + */ + const uint32_t CLEAR_PASSWORDS = 1 << 5; + + /** + * Media devices. + */ + const uint32_t CLEAR_MEDIA_DEVICES = 1 << 6; + + /** + * LocalStorage, IndexedDB, ServiceWorkers, DOM Cache and so on. + */ + const uint32_t CLEAR_DOM_QUOTA = 1 << 7; + + /** + * Predictor network data + */ + const uint32_t CLEAR_PREDICTOR_NETWORK_DATA = 1 << 8; + + /** + * DOM Push notifications + */ + const uint32_t CLEAR_DOM_PUSH_NOTIFICATIONS = 1 << 9; + + /** + * Places history + */ + const uint32_t CLEAR_HISTORY = 1 << 10; + + /** + * Session history + */ + const uint32_t CLEAR_SESSION_HISTORY = 1 << 11; + + /** + * Auth tokens + */ + const uint32_t CLEAR_AUTH_TOKENS = 1 << 12; + + /** + * Login cache + */ + const uint32_t CLEAR_AUTH_CACHE = 1 << 13; + + /** + * Site permissions + */ + const uint32_t CLEAR_PERMISSIONS = 1 << 14; + + /** + * Site preferences + */ + const uint32_t CLEAR_CONTENT_PREFERENCES = 1 << 15; + + /** + * Clear HSTS data + */ + const uint32_t CLEAR_HSTS = 1 << 16; + + /** + * Media plugin data + */ + const uint32_t CLEAR_EME = 1 << 17; + + /** + * Reporting API reports. + */ + const uint32_t CLEAR_REPORTS = 1 << 18; + + /** + * StorageAccessAPI flag, which indicates user interaction. + */ + const uint32_t CLEAR_STORAGE_ACCESS = 1 << 19; + + /** + * Clear Cert Exceptions. + */ + const uint32_t CLEAR_CERT_EXCEPTIONS = 1 << 20; + + /** + * Clear entries in the content blocking database. + */ + const uint32_t CLEAR_CONTENT_BLOCKING_RECORDS = 1 << 21; + + /** + * Clear the in-memory CSS cache. + */ + const uint32_t CLEAR_CSS_CACHE = 1 << 22; + + /** + * Clear the CORS preflight cache. + */ + const uint32_t CLEAR_PREFLIGHT_CACHE = 1 << 23; + + /** + * Forget descision about clients authentification certificate + */ + const uint32_t CLEAR_CLIENT_AUTH_REMEMBER_SERVICE = 1 << 24; + + /** + * Clear state associated with FedCM + */ + const uint32_t CLEAR_CREDENTIAL_MANAGER_STATE = 1 << 24; + + /** + * Clear the per-site exception for cookie banner handling. + */ + const uint32_t CLEAR_COOKIE_BANNER_EXCEPTION = 1 << 25; + + /** + * Clear the site executed record for cookie banner handling. + */ + const uint32_t CLEAR_COOKIE_BANNER_EXECUTED_RECORD = 1 << 26; + + /** + * Clear state associated with the fingerprinting protection. + */ + const uint32_t CLEAR_FINGERPRINTING_PROTECTION_STATE = 1 << 27; + + /** + * Clear the bounce tracking protection state. + */ + const uint32_t CLEAR_BOUNCE_TRACKING_PROTECTION_STATE = 1 << 28; + + /** + * Use this value to delete all the data. + */ + const uint32_t CLEAR_ALL = 0xFFFFFFFF; + + /************************************************************************** + * The following flags are helpers: they combine some of the previous flags + * in a more convenient way. + */ + + /** + * Delete all the possible caches. + */ + const uint32_t CLEAR_ALL_CACHES = CLEAR_NETWORK_CACHE | CLEAR_IMAGE_CACHE | + CLEAR_CSS_CACHE | CLEAR_PREFLIGHT_CACHE | CLEAR_HSTS; + + /** + * Delete all DOM storages + */ + const uint32_t CLEAR_DOM_STORAGES = CLEAR_DOM_QUOTA | CLEAR_DOM_PUSH_NOTIFICATIONS | CLEAR_REPORTS; + + /** + * Helper flag for forget about site + */ + const uint32_t CLEAR_FORGET_ABOUT_SITE = + CLEAR_HISTORY | CLEAR_SESSION_HISTORY | CLEAR_ALL_CACHES | + CLEAR_COOKIES | CLEAR_EME | CLEAR_DOWNLOADS | + CLEAR_PERMISSIONS | CLEAR_DOM_STORAGES | CLEAR_CONTENT_PREFERENCES | + CLEAR_PREDICTOR_NETWORK_DATA | CLEAR_DOM_PUSH_NOTIFICATIONS | + CLEAR_CLIENT_AUTH_REMEMBER_SERVICE | CLEAR_REPORTS | CLEAR_CERT_EXCEPTIONS | + CLEAR_CREDENTIAL_MANAGER_STATE | CLEAR_COOKIE_BANNER_EXCEPTION | + CLEAR_COOKIE_BANNER_EXECUTED_RECORD | CLEAR_FINGERPRINTING_PROTECTION_STATE | + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE; +}; + +/** + * This is a companion interface for + * nsIClearDataService::deleteDataFromPrincipal(). + */ +[function, scriptable, uuid(e225517b-24c5-498a-b9fb-9993e341a398)] +interface nsIClearDataCallback : nsISupports +{ + /** + * Called to indicate that the data cleaning is completed. + * @param aFailedFlags this value contains the flags that failed during the + * cleanup. If nothing failed, aFailedFlags will be 0. + */ + void onDataDeleted(in uint32_t aFailedFlags); +}; diff --git a/toolkit/components/cleardata/tests/browser/browser.toml b/toolkit/components/cleardata/tests/browser/browser.toml new file mode 100644 index 0000000000..16ecffce02 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser.toml @@ -0,0 +1,29 @@ +[DEFAULT] + +["browser_auth_tokens.js"] + +["browser_css_cache.js"] +https_first_disabled = true +support-files = [ + "file_css_cache.css", + "file_css_cache.html" +] + +["browser_image_cache.js"] +https_first_disabled = true +support-files = [ + "file_image_cache.html", + "file_image_cache.jpg" +] + +["browser_preflight_cache.js"] +https_first_disabled = true +support-files = ["file_cors_preflight.sjs"] + +["browser_quota.js"] +support-files = ["worker.js"] + +["browser_serviceworkers.js"] + +["browser_sessionStorage.js"] +https_first_disabled = true diff --git a/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js b/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js new file mode 100644 index 0000000000..e62c8b4ac4 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js @@ -0,0 +1,108 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +/** + * Tests for AuthTokensCleaner. + */ + +const TEST_SECRET = "secret"; +const TEST_PRINCIPAL = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ); +const TEST_CLEAR_DATA_FLAGS = Services.clearData.CLEAR_AUTH_TOKENS; + +const pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService( + Ci.nsIPK11TokenDB +); + +const { LoginTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/LoginTestUtils.sys.mjs" +); + +function testLoggedIn(isLoggedIn) { + Assert.equal( + pk11db.getInternalKeyToken().isLoggedIn(), + isLoggedIn, + `Should ${isLoggedIn ? "" : "not "}be logged in` + ); + pk11db.getInternalKeyToken().isLoggedIn(); +} + +function clearData({ deleteBy = "all", hasUserInput = false } = {}) { + return new Promise(resolve => { + if (deleteBy == "principal") { + Services.clearData.deleteDataFromPrincipal( + TEST_PRINCIPAL, + hasUserInput, + TEST_CLEAR_DATA_FLAGS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else if (deleteBy == "baseDomain") { + Services.clearData.deleteDataFromBaseDomain( + TEST_PRINCIPAL.baseDomain, + hasUserInput, + TEST_CLEAR_DATA_FLAGS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else { + Services.clearData.deleteData(TEST_CLEAR_DATA_FLAGS, value => { + Assert.equal(value, 0); + resolve(); + }); + } + }); +} + +function runTest({ deleteBy, hasUserInput }) { + testLoggedIn(false); + + info("Setup primary password and login"); + LoginTestUtils.primaryPassword.enable(true); + testLoggedIn(true); + + info( + `Clear AuthTokensCleaner data for ${deleteBy}, hasUserInput: ${hasUserInput}` + ); + clearData({ deleteBy, hasUserInput }); + + // The auth tokens cleaner cannot delete by principal or baseDomain + // (yet). If this method is called, it will check whether the used requested + // the clearing. If the user requested clearing, it will over-clear (clear + // all data). If the request didn't come from the user, for example from the + // PurgeTrackerService, it will not clear anything to avoid clearing storage + // unrelated to the baseDomain or principal. + let isCleared = deleteBy == "all" || hasUserInput; + testLoggedIn(!isCleared); + + // Cleanup + let sdr = Cc["@mozilla.org/security/sdr;1"].getService( + Ci.nsISecretDecoderRing + ); + sdr.logoutAndTeardown(); + LoginTestUtils.primaryPassword.disable(); +} + +add_task(async function test_deleteAll() { + runTest({ deleteBy: "all" }); +}); + +add_task(async function test_deleteByPrincipal() { + for (let hasUserInput of [false, true]) { + runTest({ deleteBy: "principal", hasUserInput }); + } +}); + +add_task(async function test_deleteByBaseDomain() { + for (let hasUserInput of [false, true]) { + runTest({ deleteBy: "baseDomain", hasUserInput }); + } +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_css_cache.js b/toolkit/components/cleardata/tests/browser/browser_css_cache.js new file mode 100644 index 0000000000..47088e5011 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_css_cache.js @@ -0,0 +1,129 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Stylesheets are cached per process, so we need to keep tabs open for the +// duration of a test. +let tabs = {}; + +function getTestURLForOrigin(origin) { + return ( + TEST_ROOT_DIR.replace("chrome://mochitests/content", origin) + + "file_css_cache.html" + ); +} + +async function testCached(origin, isCached) { + let url = getTestURLForOrigin(origin); + + let numParsed; + + let tab = tabs[origin]; + let loadedPromise; + if (!tab) { + info("Creating new tab for " + url); + tab = BrowserTestUtils.addTab(gBrowser, url); + loadedPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser); + tabs[origin] = tab; + } else { + loadedPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser); + tab.linkedBrowser.reload(); + } + await loadedPromise; + + numParsed = await SpecialPowers.spawn(tab.linkedBrowser, [], () => { + return SpecialPowers.getDOMWindowUtils(content).parsedStyleSheets; + }); + + // Stylesheets is cached if numParsed is 0. + is(!numParsed, isCached, `${origin} is${isCached ? " " : " not "}cached`); +} + +async function addTestTabs() { + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + await testCached(ORIGIN_B, false); + await testCached(ORIGIN_B_SUB, false); + await testCached(ORIGIN_B_HTTP, false); + // Test that the cache has been populated. + await testCached(ORIGIN_A, true); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); +} + +async function cleanupTestTabs() { + Object.values(tabs).forEach(BrowserTestUtils.removeTab); + tabs = {}; +} + +add_task(async function test_deleteByPrincipal() { + await addTestTabs(); + + // Clear data for content principal of A + info("Clearing cache for principal " + ORIGIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN_A), + false, + Ci.nsIClearDataService.CLEAR_CSS_CACHE, + resolve + ); + }); + + // Only the cache entry for ORIGIN_A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // Cleanup + cleanupTestTabs(); + ChromeUtils.clearStyleSheetCache(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + // Clear data for base domain of A. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_CSS_CACHE, + resolve + ); + }); + + // All entries for A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + // Entries for B should still exist. + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // Cleanup + cleanupTestTabs(); + ChromeUtils.clearStyleSheetCache(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_image_cache.js b/toolkit/components/cleardata/tests/browser/browser_image_cache.js new file mode 100644 index 0000000000..d7116d2502 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_image_cache.js @@ -0,0 +1,219 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Images are cached per process, so we need to keep tabs open for the +// duration of a test. +let originToTabs = {}; + +function getTestURLForOrigin(origin) { + return TEST_ROOT_DIR.replace("chrome://mochitests/content", origin); +} + +async function testCached(origin, isCached, testPartitioned = false) { + let tabs = originToTabs[origin]; + + for (let tab of tabs) { + // For the partition test we inspect the cache state of the iframe. + let browsingContext = testPartitioned + ? tab.linkedBrowser.browsingContext.children[0] + : tab.linkedBrowser.browsingContext; + let actualCached = await SpecialPowers.spawn(browsingContext, [], () => { + let imgUrl = content.document.querySelector("img").src; + let imageCache = SpecialPowers.Cc[ + "@mozilla.org/image/tools;1" + ].getService(Ci.imgITools); + let uri = SpecialPowers.Services.io.newURI(imgUrl); + let properties = imageCache + .getImgCacheForDocument(content.document) + .findEntryProperties(uri, content.document); + return !!properties; + }); + + let msg = `${origin}${isCached ? " " : " not "}cached`; + if (testPartitioned) { + msg = "Partitioned under " + msg; + } + + is(actualCached, isCached, msg); + } +} + +/** + * Creates tabs and loads images in first party and third party context. + * @returns {Promise} - Promise which resolves once all tabs are initialized, + * {@link originToTabs} is populated and (sub-)resources have loaded. + */ +function addTestTabs() { + // Adding two tabs for ORIGIN_A so we can test clearing for a principal + // cross-process (non-fission). + let promises = [ + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A_SUB, ORIGIN_B_SUB], + [ORIGIN_A_HTTP, ORIGIN_B_HTTP], + [ORIGIN_B, ORIGIN_A], + [ORIGIN_B_SUB, ORIGIN_A_SUB], + [ORIGIN_B_HTTP, ORIGIN_A_HTTP], + ].map(async ([firstParty, thirdParty]) => { + let urlFirstParty = + getTestURLForOrigin(firstParty) + "file_image_cache.html"; + let urlThirdParty = + getTestURLForOrigin(thirdParty) + "file_image_cache.html"; + + info("Creating new tab for " + urlFirstParty); + let tab = BrowserTestUtils.addTab(gBrowser, urlFirstParty); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + info("Creating iframe for " + urlThirdParty); + await SpecialPowers.spawn(tab.linkedBrowser, [urlThirdParty], async url => { + let iframe = content.document.createElement("iframe"); + iframe.src = url; + + let loadPromise = ContentTaskUtils.waitForEvent(iframe, "load", false); + content.document.body.appendChild(iframe); + await loadPromise; + }); + + let tabs = originToTabs[firstParty]; + if (!tabs) { + tabs = []; + originToTabs[firstParty] = tabs; + } + tabs.push(tab); + }); + + return Promise.all(promises); +} + +function cleanup() { + Object.values(originToTabs).flat().forEach(BrowserTestUtils.removeTab); + originToTabs = {}; + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + imageCache.clearCache(false); + imageCache.clearCache(true); +} + +add_setup(function () { + cleanup(); +}); + +add_task(async function test_deleteByPrincipal() { + await addTestTabs(); + + // Clear data for content principal of A + info("Clearing cache for principal " + ORIGIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN_A), + false, + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // Only the cache entry for ORIGIN_A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // No partitioned cache should have been cleared. + await testCached(ORIGIN_A, true, true); + await testCached(ORIGIN_A_SUB, true, true); + await testCached(ORIGIN_A_HTTP, true, true); + // TODO: ImageCacheCleaner deleteByPrincipal does not look at the cache key's + // isolationKey and thus over-clears. In this case it clears cache for A + // partitioned under B, even though the test principal does not set a + // partitionKey. + // See Bug 1713088. + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, true, true); + await testCached(ORIGIN_B_HTTP, true, true); + + cleanup(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + // Clear data for base domain of A. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // All entries for A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + // Entries for B should still exist. + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // All partitioned entries for B under A should have been cleared. + await testCached(ORIGIN_A, false, true); + await testCached(ORIGIN_A_SUB, false, true); + await testCached(ORIGIN_A_HTTP, false, true); + + // All partitioned entries of A under B should have been cleared. + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, false, true); + await testCached(ORIGIN_B_HTTP, false, true); + + cleanup(); +}); + +add_task(async function test_deleteAll() { + await addTestTabs(); + + // Clear the whole image cache across processes. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // All entries should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + await testCached(ORIGIN_B, false); + await testCached(ORIGIN_B_SUB, false); + await testCached(ORIGIN_B_HTTP, false); + + // All partitioned entries should have been cleared. + await testCached(ORIGIN_A, false, true); + await testCached(ORIGIN_A_SUB, false, true); + await testCached(ORIGIN_A_HTTP, false, true); + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, false, true); + await testCached(ORIGIN_B_HTTP, false, true); + + cleanup(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js b/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js new file mode 100644 index 0000000000..d3eabb9e38 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js @@ -0,0 +1,166 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); + +const uuidGenerator = Services.uuid; + +const ORIGIN_A = "http://example.net"; +const ORIGIN_B = "http://example.org"; + +const PREFLIGHT_URL_PATH = + "/browser/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs"; + +const PREFLIGHT_URL_A = ORIGIN_A + PREFLIGHT_URL_PATH; +const PREFLIGHT_URL_B = ORIGIN_B + PREFLIGHT_URL_PATH; + +function testPreflightCached(browser, url, token, isCached) { + return SpecialPowers.spawn( + browser, + [url, token, isCached], + async (url, token, isCached) => { + let response = await content.fetch( + new content.Request(`${url}?token=${token}`, { + mode: "cors", + method: "GET", + headers: [["x-test-header", "check"]], + }) + ); + + let expected = isCached ? "0" : "1"; + is( + await response.text(), + expected, + `Preflight cache for ${url} ${isCached ? "HIT" : "MISS"}.` + ); + } + ); +} + +async function testDeleteAll( + clearDataFlag, + { deleteBy = "all", hasUserInput = false } = {} +) { + await BrowserTestUtils.withNewTab("http://example.com", async browser => { + let token = uuidGenerator.generateUUID().toString(); + + // Populate the preflight cache. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, false); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, false); + // Cache should be populated. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, true); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, true); + + await new Promise(resolve => { + if (deleteBy == "principal") { + Services.clearData.deleteDataFromPrincipal( + browser.contentPrincipal, + hasUserInput, + clearDataFlag, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else if (deleteBy == "baseDomain") { + Services.clearData.deleteDataFromBaseDomain( + browser.contentPrincipal.baseDomain, + hasUserInput, + clearDataFlag, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else { + Services.clearData.deleteData(clearDataFlag, value => { + Assert.equal(value, 0); + resolve(); + }); + } + }); + + // The preflight cache cleaner cannot delete by principal or baseDomain + // (Bug 1727141). If this method is called, it will check whether the used + // requested the clearing. If the user requested clearing, it will + // over-clear (clear all data). If the request didn't come from the user, + // for example from the PurgeTrackerService, it will not clear anything to + // avoid clearing storage unrelated to the baseDomain or principal. + let clearedAll = deleteBy == "all" || hasUserInput; + + // Cache should be cleared. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, !clearedAll); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, !clearedAll); + }); + + SiteDataTestUtils.clear(); +} + +add_task(async function test_deleteAll() { + // The cleaner should be called when we target all cleaners, all cache + // cleaners, or just the preflight cache. + let { CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE } = + Ci.nsIClearDataService; + + for (let flag of [CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE]) { + await testDeleteAll(flag); + } +}); + +add_task(async function test_deleteByPrincipal() { + // The cleaner should be called when we target all cleaners, all cache + // cleaners, or just the preflight cache. + let { CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE } = + Ci.nsIClearDataService; + + for (let flag of [CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE]) { + for (let hasUserInput of [true, false]) { + await testDeleteAll(flag, { deleteBy: "principal", hasUserInput }); + } + } +}); + +add_task(async function test_deletePrivateBrowsingCache() { + async function deletePrivateBrowsingCache(token) { + const browser = await BrowserTestUtils.openNewBrowserWindow({ + private: true, + }); + + const tab = (browser.gBrowser.selectedTab = BrowserTestUtils.addTab( + browser.gBrowser, + "http://example.com" + )); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + // Populate the preflight cache and make sure it isn't populated right now + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_A, token, false); + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_B, token, false); + // Cache should be populated. + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_A, token, true); + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_B, token, true); + + await browser.close(); + } + + // Disable https_first mode to not upgrade the connection of the main page + // and get "Blocked loading mixed active content" for the CORS request + // making this test case fail. Another solution would be to change all URLs + // to https. + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_first_pbm", false]], + }); + + let token = uuidGenerator.generateUUID().toString(); + + // Make sure the CORS preflight cache is cleared between two private + // browsing sessions. Calling this function twice to see if the cache isn't + // populated anymore after the first call. + await deletePrivateBrowsingCache(token); + await deletePrivateBrowsingCache(token); + + await SpecialPowers.clearUserPref("dom.security.https_first_pbm"); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_quota.js b/toolkit/components/cleardata/tests/browser/browser_quota.js new file mode 100644 index 0000000000..94ff223773 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_quota.js @@ -0,0 +1,318 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// This function adds the quota storage by simpleDB (one of quota clients +// managed by the QuotaManager). In this function, a directory +// ${profile}/storage/default/${origin}/sdb/ and a file inside are expected to +// be added. +async function addQuotaStorage(principal) { + let connection = Cc["@mozilla.org/dom/sdb-connection;1"].createInstance( + Ci.nsISDBConnection + ); + + connection.init(principal); + + await new Promise((aResolve, aReject) => { + let request = connection.open("db"); + request.callback = request => { + if (request.resultCode == Cr.NS_OK) { + aResolve(); + } else { + aReject(request.resultCode); + } + }; + }); + + await new Promise((aResolve, aReject) => { + let request = connection.write(new ArrayBuffer(1)); + request.callback = request => { + if (request.resultCode == Cr.NS_OK) { + aResolve(); + } else { + aReject(request.resultCode); + } + }; + }); +} + +function getPrincipal(url, attr = {}) { + let uri = Services.io.newURI(url); + let ssm = Services.scriptSecurityManager; + + return ssm.createContentPrincipal(uri, attr); +} + +function getProfileDir() { + let directoryService = Services.dirsvc; + + return directoryService.get("ProfD", Ci.nsIFile); +} + +function getRelativeFile(relativePath) { + let profileDir = getProfileDir(); + + let file = profileDir.clone(); + relativePath.split("/").forEach(function (component) { + file.append(component); + }); + + return file; +} + +function getPath(origin) { + // Sanitizing + let regex = /[:\/]/g; + return "storage/default/" + origin.replace(regex, "+"); +} + +// This function checks if the origin has the quota storage by checking whether +// the origin directory of that origin exists or not. +function hasQuotaStorage(origin, attr) { + let path = getPath(origin); + if (attr) { + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(origin), + attr + ); + path += principal.originSuffix; + } + + let file = getRelativeFile(path); + return file.exists(); +} + +async function runTest(sites, deleteDataFunc) { + info(`Adding quota storage`); + for (let site of sites) { + const principal = getPrincipal(site.origin, site.originAttributes); + await addQuotaStorage(principal); + } + + info(`Verifying ${deleteDataFunc.name}`); + let site; + while ((site = sites.shift())) { + await new Promise(aResolve => { + deleteDataFunc(...site.args, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); + + ok( + !hasQuotaStorage(site.origin, site.originAttributes), + `${site.origin} has no quota storage` + ); + sites.forEach(remainSite => + ok( + hasQuotaStorage(remainSite.origin, remainSite.originAttributes), + `${remainSite.origin} has quota storage` + ) + ); + } +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.quotaManager.testing", true], + ["dom.simpleDB.enabled", true], + ], + }); +}); + +const ORG_DOMAIN = "example.org"; +const ORG_DOMAIN_SUB = `test.${ORG_DOMAIN}`; +const ORG_ORIGIN = `https://${ORG_DOMAIN}`; +const ORG_ORIGIN_SUB = `https://${ORG_DOMAIN_SUB}`; +const COM_DOMAIN = "example.com"; +const COM_ORIGIN = `https://${COM_DOMAIN}`; +const LH_DOMAIN = "localhost"; +const FOO_DOMAIN = "foo.com"; + +add_task(async function test_deleteFromHost() { + const sites = [ + { + args: [ORG_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: ORG_ORIGIN, + }, + { + args: [COM_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: COM_ORIGIN, + }, + { + args: [LH_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: `http://${LH_DOMAIN}:8000`, + }, + { + args: [FOO_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: `http://${FOO_DOMAIN}`, + originAttributes: { userContextId: 1 }, + }, + ]; + + await runTest(sites, Services.clearData.deleteDataFromHost); +}); + +add_task(async function test_deleteFromPrincipal() { + const sites = [ + { + args: [ + getPrincipal(ORG_ORIGIN), + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + ], + origin: ORG_ORIGIN, + }, + { + args: [ + getPrincipal(COM_ORIGIN), + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + ], + origin: COM_ORIGIN, + }, + ]; + + await runTest(sites, Services.clearData.deleteDataFromPrincipal); +}); + +add_task(async function test_deleteFromOriginAttributes() { + const ORG_OA = { userContextId: 1 }; + const COM_OA = { userContextId: 2 }; + const sites = [ + { + args: [ORG_OA], + origin: ORG_ORIGIN, + originAttributes: ORG_OA, + }, + { + args: [COM_OA], + origin: COM_ORIGIN, + originAttributes: COM_OA, + }, + ]; + + await runTest( + sites, + Services.clearData.deleteDataFromOriginAttributesPattern + ); +}); + +add_task(async function test_deleteAll() { + info(`Adding quota storage`); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(COM_ORIGIN)); + + info(`Verifying deleteData`); + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok(!hasQuotaStorage(COM_ORIGIN), `${COM_ORIGIN} has no quota storage`); +}); + +add_task(async function test_deleteSubdomain() { + const ANOTHER_ORIGIN = `https://wwww.${ORG_DOMAIN}`; + info(`Adding quota storage`); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(ANOTHER_ORIGIN)); + + info(`Verifying deleteDataFromHost for subdomain`); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + ORG_DOMAIN, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok(!hasQuotaStorage(COM_ORIGIN), `${ANOTHER_ORIGIN} has no quota storage`); +}); + +function getOAWithPartitionKey(topLevelBaseDomain, originAttributes = {}) { + if (!topLevelBaseDomain) { + return originAttributes; + } + return { + ...originAttributes, + partitionKey: `(https,${topLevelBaseDomain})`, + }; +} + +add_task(async function test_deleteBaseDomain() { + info("Adding quota storage"); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(ORG_ORIGIN_SUB)); + await addQuotaStorage(getPrincipal(COM_ORIGIN)); + + info("Adding partitioned quota storage"); + // Partitioned + await addQuotaStorage( + getPrincipal(COM_ORIGIN, getOAWithPartitionKey(ORG_DOMAIN)) + ); + await addQuotaStorage( + getPrincipal(COM_ORIGIN, getOAWithPartitionKey(FOO_DOMAIN)) + ); + await addQuotaStorage( + getPrincipal(ORG_ORIGIN, getOAWithPartitionKey(COM_DOMAIN)) + ); + + info(`Verifying deleteDataFromBaseDomain`); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + ORG_DOMAIN, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok( + !hasQuotaStorage(ORG_ORIGIN_SUB), + `${ORG_ORIGIN_SUB} has no quota storage` + ); + ok(hasQuotaStorage(COM_ORIGIN), `${COM_ORIGIN} has quota storage`); + + // Partitioned + ok( + !hasQuotaStorage(COM_ORIGIN, getOAWithPartitionKey(ORG_DOMAIN)), + `${COM_ORIGIN} under ${ORG_DOMAIN} has no quota storage` + ); + ok( + hasQuotaStorage(COM_ORIGIN, getOAWithPartitionKey(FOO_DOMAIN)), + `${COM_ORIGIN} under ${FOO_DOMAIN} has quota storage` + ); + ok( + !hasQuotaStorage(ORG_ORIGIN, getOAWithPartitionKey(COM_DOMAIN)), + `${ORG_ORIGIN} under ${COM_DOMAIN} has no quota storage` + ); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js b/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js new file mode 100644 index 0000000000..ad501aed70 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js @@ -0,0 +1,287 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); + +async function addServiceWorker(origin) { + let swURL = + getRootDirectory(gTestPath).replace("chrome://mochitests/content", origin) + + "worker.js"; + + let registered = SiteDataTestUtils.promiseServiceWorkerRegistered(swURL); + await SiteDataTestUtils.addServiceWorker(swURL); + await registered; + + ok(true, `${origin} has a service worker`); +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.serviceWorkers.enabled", true], + ["dom.serviceWorkers.exemptFromPerDomainMax", true], + ["dom.serviceWorkers.testing.enabled", true], + ], + }); +}); + +add_task(async function test_deleteFromHost() { + await addServiceWorker("https://example.com"); + await addServiceWorker("https://example.org"); + await addServiceWorker("https://test1.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has a service worker" + ); + + // Clearing the subdomain should not clear the base domain. + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "test1.example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); +}); + +add_task(async function test_deleteFromBaseDomain() { + await addServiceWorker("https://example.com"); + await addServiceWorker("https://test1.example.com"); + await addServiceWorker("https://test2.example.com"); + await addServiceWorker("https://example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.com" + ); + let unregisteredSub1 = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + let unregisteredSub2 = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await Promise.all([unregistered, unregisteredSub1, unregisteredSub2]); + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); +}); + +add_task(async function test_deleteFromPrincipal() { + await addServiceWorker("https://test1.example.com"); + await addServiceWorker("https://test1.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://test1.example.com/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.org" + ); + principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://test1.example.org/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); +}); + +add_task(async function test_deleteAll() { + await addServiceWorker("https://test2.example.com"); + await addServiceWorker("https://test2.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test2.example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.org"), + "test2.example.org has no service worker" + ); + + await SiteDataTestUtils.clear(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js b/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js new file mode 100644 index 0000000000..013ae0fa92 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js @@ -0,0 +1,235 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Session storage is only valid for the lifetime of a tab, so we need to keep +// tabs open for the duration of a test. +let originToTabs = {}; + +function getTestURLForOrigin(origin) { + return TEST_ROOT_DIR.replace("chrome://mochitests/content", origin); +} + +function getTestEntryName(origin, partitioned) { + return `${origin}${partitioned ? "_partitioned" : ""}`; +} + +async function testHasEntry(originFirstParty, isSet, originThirdParty) { + let tabs = originToTabs[originFirstParty]; + + for (let tab of tabs) { + // For the partition test we inspect the sessionStorage of the iframe. + let browsingContext = originThirdParty + ? tab.linkedBrowser.browsingContext.children[0] + : tab.linkedBrowser.browsingContext; + let actualSet = await SpecialPowers.spawn( + browsingContext, + [ + getTestEntryName( + originThirdParty || originFirstParty, + !!originThirdParty + ), + ], + key => { + return !!content.sessionStorage.getItem(key); + } + ); + + let msg = `${originFirstParty}${isSet ? " " : " not "}set`; + if (originThirdParty) { + msg = "Partitioned under " + msg; + } + + is(actualSet, isSet, msg); + } +} + +/** + * Creates tabs and sets sessionStorage entries in first party and third party + * context. + * @returns {Promise} - Promise which resolves once all tabs are initialized, + * {@link originToTabs} is populated and (sub-)resources have loaded. + */ +function addTestTabs() { + let promises = [ + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A_SUB, ORIGIN_B_SUB], + [ORIGIN_A_HTTP, ORIGIN_B_HTTP], + [ORIGIN_B, ORIGIN_A], + [ORIGIN_B_SUB, ORIGIN_A_SUB], + [ORIGIN_B_HTTP, ORIGIN_A_HTTP], + ].map(async ([firstParty, thirdParty]) => { + info("Creating new tab for " + firstParty); + let tab = BrowserTestUtils.addTab(gBrowser, firstParty); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + info("Creating iframe for " + thirdParty); + await SpecialPowers.spawn( + tab.linkedBrowser, + [getTestEntryName(firstParty, false), thirdParty], + async (storageKey, url) => { + // Set unpartitioned sessionStorage for firstParty. + content.sessionStorage.setItem(storageKey, "foo"); + + let iframe = content.document.createElement("iframe"); + iframe.src = url; + + let loadPromise = ContentTaskUtils.waitForEvent(iframe, "load", false); + content.document.body.appendChild(iframe); + await loadPromise; + } + ); + + await SpecialPowers.spawn( + tab.linkedBrowser.browsingContext.children[0], + [getTestEntryName(thirdParty, true)], + async storageKey => { + // Set sessionStorage in partitioned third-party iframe. + content.sessionStorage.setItem(storageKey, "foo"); + } + ); + + let tabs = originToTabs[firstParty]; + if (!tabs) { + tabs = []; + originToTabs[firstParty] = tabs; + } + tabs.push(tab); + }); + + return Promise.all(promises); +} + +function cleanup() { + Object.values(originToTabs).flat().forEach(BrowserTestUtils.removeTab); + originToTabs = {}; + Services.obs.notifyObservers(null, "browser:purge-sessionStorage"); +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [["network.cookie.cookieBehavior", 5]], + }); + cleanup(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + info("Clearing sessionStorage for base domain A " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("All entries for A should have been cleared."); + await testHasEntry(ORIGIN_A, false); + await testHasEntry(ORIGIN_A_SUB, false); + await testHasEntry(ORIGIN_A_HTTP, false); + + info("Entries for B should still exist."); + await testHasEntry(ORIGIN_B, true); + await testHasEntry(ORIGIN_B_SUB, true); + await testHasEntry(ORIGIN_B_HTTP, true); + + info("All partitioned entries for B under A should have been cleared."); + await testHasEntry(ORIGIN_A, false, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, false, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, false, ORIGIN_B_HTTP); + + info("All partitioned entries of A under B should have been cleared."); + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + await testHasEntry(ORIGIN_B_SUB, false, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, false, ORIGIN_A_HTTP); + + cleanup(); +}); + +add_task(async function test_deleteAll() { + await addTestTabs(); + + info("Clearing sessionStorage for base domain A " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("All entries should have been cleared."); + await testHasEntry(ORIGIN_A, false); + await testHasEntry(ORIGIN_A_SUB, false); + await testHasEntry(ORIGIN_A_HTTP, false); + await testHasEntry(ORIGIN_B, false); + await testHasEntry(ORIGIN_B_SUB, false); + await testHasEntry(ORIGIN_B_HTTP, false); + + info("All partitioned entries should have been cleared."); + await testHasEntry(ORIGIN_A, false, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, false, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, false, ORIGIN_B_HTTP); + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + await testHasEntry(ORIGIN_B_SUB, false, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, false, ORIGIN_A_HTTP); + + cleanup(); +}); + +add_task(async function test_deleteFromPrincipal() { + await addTestTabs(); + + info("Clearing sessionStorage for partitioned principal A " + BASE_DOMAIN_A); + + let principalA = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(ORIGIN_A), + { partitionKey: `(https,${BASE_DOMAIN_B})` } + ); + + info("principal: " + principalA.origin); + info("principal partitionKey " + principalA.originAttributes.partitionKey); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principalA, + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("Unpartitioned entries should still exist."); + await testHasEntry(ORIGIN_A, true); + await testHasEntry(ORIGIN_A_SUB, true); + await testHasEntry(ORIGIN_A_HTTP, true); + await testHasEntry(ORIGIN_B, true); + await testHasEntry(ORIGIN_B_SUB, true); + await testHasEntry(ORIGIN_B_HTTP, true); + + info("Only entries of principal should have been cleared."); + await testHasEntry(ORIGIN_A, true, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, true, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, true, ORIGIN_B_HTTP); + + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + + await testHasEntry(ORIGIN_B_SUB, true, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, true, ORIGIN_A_HTTP); + + cleanup(); +}); diff --git a/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs b/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs new file mode 100644 index 0000000000..22ce6aad20 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs @@ -0,0 +1,38 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +function handleRequest(request, response) { + let query = new URLSearchParams(request.queryString); + let token = query.get("token"); + + response.setHeader("Content-Type", "text/plain", false); + response.setHeader("Access-Control-Allow-Origin", "*", false); + response.setHeader("Access-Control-Allow-Headers", "x-test-header", false); + + if (request.method == "OPTIONS") { + response.setHeader( + "Access-Control-Allow-Methods", + request.getHeader("Access-Control-Request-Method"), + false + ); + response.setHeader("Access-Control-Max-Age", "20", false); + + setState(token, token); + } else { + let test_op = request.getHeader("x-test-header"); + + if (test_op == "check") { + let value = getState(token); + + if (value) { + response.write("1"); + setState(token, ""); + } else { + response.write("0"); + } + } + } +} diff --git a/toolkit/components/cleardata/tests/browser/file_css_cache.css b/toolkit/components/cleardata/tests/browser/file_css_cache.css new file mode 100644 index 0000000000..2ceb1b7e0b --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_css_cache.css @@ -0,0 +1,3 @@ +:root { + background-color: lime; +} diff --git a/toolkit/components/cleardata/tests/browser/file_css_cache.html b/toolkit/components/cleardata/tests/browser/file_css_cache.html new file mode 100644 index 0000000000..b382bc1887 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_css_cache.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/toolkit/components/cleardata/tests/browser/file_image_cache.html b/toolkit/components/cleardata/tests/browser/file_image_cache.html new file mode 100644 index 0000000000..37439a8fa7 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_image_cache.html @@ -0,0 +1,7 @@ + + + + + + + diff --git a/toolkit/components/cleardata/tests/browser/file_image_cache.jpg b/toolkit/components/cleardata/tests/browser/file_image_cache.jpg new file mode 100644 index 0000000000..48c454d27c Binary files /dev/null and b/toolkit/components/cleardata/tests/browser/file_image_cache.jpg differ diff --git a/toolkit/components/cleardata/tests/browser/worker.js b/toolkit/components/cleardata/tests/browser/worker.js new file mode 100644 index 0000000000..aa8a83a4ce --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/worker.js @@ -0,0 +1 @@ +// Empty script for testing service workers diff --git a/toolkit/components/cleardata/tests/marionette/manifest.toml b/toolkit/components/cleardata/tests/marionette/manifest.toml new file mode 100644 index 0000000000..b9344786c8 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/manifest.toml @@ -0,0 +1,5 @@ +[DEFAULT] + +["test_moved_origin_directory_cleanup.py"] + +["test_service_worker_at_shutdown.py"] diff --git a/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py b/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py new file mode 100644 index 0000000000..876f86cd32 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py @@ -0,0 +1,142 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +from pathlib import Path + +from marionette_driver import Wait +from marionette_harness import MarionetteTestCase + + +class MovedOriginDirectoryCleanupTestCase(MarionetteTestCase): + def setUp(self): + super().setUp() + self.marionette.enforce_gecko_prefs( + { + "privacy.sanitize.sanitizeOnShutdown": True, + "privacy.clearOnShutdown.offlineApps": True, + "dom.quotaManager.backgroundTask.enabled": False, + } + ) + self.moved_origin_directory = ( + Path(self.marionette.profile_path) / "storage" / "to-be-removed" / "foo" + ) + self.moved_origin_directory.mkdir(parents=True, exist_ok=True) + self.to_be_removed_directory = ( + Path(self.marionette.profile_path) / "storage" / "to-be-removed" + ) + + # Add a cookie to get a principal to be cleaned up + with self.marionette.using_context("chrome"): + self.marionette.execute_script( + """ + Services.cookies.add( + "example.local", + "path", + "name", + "value", + false, + false, + false, + Math.floor(Date.now() / 1000) + 24 * 60 * 60, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_UNSET + ); + """ + ) + + def removeAllCookies(self): + with self.marionette.using_context("chrome"): + self.marionette.execute_script( + """ + Services.cookies.removeAll(); + """ + ) + + def test_ensure_cleanup_by_quit(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + # Cleanup happens via Sanitizer.sanitizeOnShutdown + self.marionette.quit() + + self.assertFalse( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must disappear", + ) + + def test_ensure_cleanup_at_crashed_restart(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + # Pending sanitization is added via Sanitizer.onStartup + # "offlineApps" corresponds to CLEAR_DOM_STORAGES + Wait(self.marionette).until( + lambda _: ( + "offlineApps" in self.marionette.get_pref("privacy.sanitize.pending"), + ), + message="privacy.sanitize.pending must include offlineApps", + ) + + # Cleanup happens via Sanitizer.onStartup after restart + self.marionette.restart(in_app=False) + + # Wait longer for 30 sec for the restart to finish, given bug 1814281. + Wait(self.marionette, timeout=30).until( + lambda _: not self.moved_origin_directory.exists(), + message="to-be-removed subdirectory must disappear", + ) + + def test_ensure_cleanup_by_quit_with_background_task(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.marionette.set_pref("dom.quotaManager.backgroundTask.enabled", True) + + # Cleanup happens via Sanitizer.sanitizeOnShutdown + self.marionette.quit() + + Wait(self.marionette).until( + lambda _: not self.moved_origin_directory.exists(), + message="to-be-removed subdirectory must disappear", + ) + self.assertTrue( + self.to_be_removed_directory.exists(), + "to-be-removed parent directory should still be alive", + ) + + def test_ensure_no_cleanup_when_disabled(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.marionette.set_pref("privacy.sanitize.sanitizeOnShutdown", False) + self.marionette.quit() + + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must not disappear", + ) + + def test_ensure_no_cleanup_when_no_cookie(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.removeAllCookies() + + self.marionette.quit() + + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must not disappear", + ) diff --git a/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py b/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py new file mode 100644 index 0000000000..9738c0ea17 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py @@ -0,0 +1,62 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +from marionette_driver import Wait +from marionette_harness import MarionetteTestCase + + +class ServiceWorkerAtShutdownTestCase(MarionetteTestCase): + def setUp(self): + super(ServiceWorkerAtShutdownTestCase, self).setUp() + self.install_service_worker() + self.set_pref_to_delete_site_data_on_shutdown() + + def tearDown(self): + self.marionette.restart(in_app=False, clean=True) + super(ServiceWorkerAtShutdownTestCase, self).tearDown() + + def install_service_worker(self): + install_url = self.marionette.absolute_url( + "serviceworker/install_serviceworker.html" + ) + self.marionette.navigate(install_url) + # Make sure 'install_url' is not loaded on startup, it would reinstall the service worker + dummy_url = self.marionette.absolute_url("dummy.html") + self.marionette.navigate(dummy_url) + Wait(self.marionette).until(lambda _: self.is_service_worker_registered) + + def set_pref_to_delete_site_data_on_shutdown(self): + self.marionette.set_pref("privacy.sanitize.sanitizeOnShutdown", True) + self.marionette.set_pref("privacy.clearOnShutdown.offlineApps", True) + + def test_unregistering_service_worker_when_clearing_data(self): + self.marionette.restart(clean=False, in_app=True) + self.assertFalse(self.is_service_worker_registered) + + @property + def is_service_worker_registered(self): + with self.marionette.using_context("chrome"): + return self.marionette.execute_script( + """ + let serviceWorkerManager = Cc["@mozilla.org/serviceworkers/manager;1"].getService( + Ci.nsIServiceWorkerManager + ); + + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(arguments[0]); + + let serviceWorkers = serviceWorkerManager.getAllRegistrations(); + for (let i = 0; i < serviceWorkers.length; i++) { + let sw = serviceWorkers.queryElementAt( + i, + Ci.nsIServiceWorkerRegistrationInfo + ); + if (sw.principal.origin == principal.origin) { + return true; + } + } + return false; + """, + script_args=(self.marionette.absolute_url(""),), + ) diff --git a/toolkit/components/cleardata/tests/unit/head.js b/toolkit/components/cleardata/tests/unit/head.js new file mode 100644 index 0000000000..5e73b8a789 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/head.js @@ -0,0 +1,27 @@ +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); +const { PermissionTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/PermissionTestUtils.sys.mjs" +); + +function run_test() { + do_get_profile(); + run_next_test(); +} + +function getOAWithPartitionKey( + { scheme = "https", topLevelBaseDomain, port = null } = {}, + originAttributes = {} +) { + if (!topLevelBaseDomain || !scheme) { + return originAttributes; + } + + return { + ...originAttributes, + partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`, + }; +} diff --git a/toolkit/components/cleardata/tests/unit/test_basic.js b/toolkit/components/cleardata/tests/unit/test_basic.js new file mode 100644 index 0000000000..3634483ee4 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_basic.js @@ -0,0 +1,19 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Basic test for nsIClearDataService module. + */ + +"use strict"; + +add_task(async function test_basic() { + Assert.ok(!!Services.clearData); + + await new Promise(aResolve => { + Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js b/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js new file mode 100644 index 0000000000..ac0eb40fd9 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js @@ -0,0 +1,625 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { XPCOMUtils } = ChromeUtils.importESModule( + "resource://gre/modules/XPCOMUtils.sys.mjs" +); + +XPCOMUtils.defineLazyServiceGetter( + this, + "bounceTrackingProtection", + "@mozilla.org/bounce-tracking-protection;1", + "nsIBounceTrackingProtection" +); + +const { CLEAR_BOUNCE_TRACKING_PROTECTION_STATE } = Ci.nsIClearDataService; + +const OA_DEFAULT = {}; +const OA_PRIVATE_BROWSING = { privateBrowsingId: 1 }; +const OA_CONTAINER = { userContextId: 1 }; + +function addTestData() { + info("Adding test data."); + // Add test data for OriginAttributes {} => normal browsing with no container. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "common-bounce-tracker.com", + 100 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "bounce-tracker-normal-browsing.com", + 200 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "bounce-tracker-normal-browsing2.com", + 300 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "common-user-activation.com", + 400 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "user-activation-normal-browsing.com", + 500 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "user-activation-normal-browsing2.com", + 600 + ); + + // Add test data for private browsing. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "common-bounce-tracker.com", + 700 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "bounce-tracker-private-browsing.com", + 800 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "bounce-tracker-private-browsing2.com", + 900 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "common-user-activation.com", + 1000 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "user-activation-private-browsing.com", + 1100 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "user-activation-private-browsing2.com", + 1200 + ); + + // Add test data for a container. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "common-bounce-tracker.com", + 1300 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "bounce-tracker-container.com", + 1400 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "bounce-tracker-container2.com", + 1500 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "common-user-activation.com", + 1600 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "user-activation-container.com", + 1700 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "user-activation-container2.com", + 1800 + ); +} + +async function runDeleteBySiteHostTest(clearDataServiceFn) { + addTestData(); + + let baseDomain = "common-bounce-tracker.com"; + info("Deleting by base domain " + baseDomain); + await new Promise(function (resolve) { + clearDataServiceFn( + baseDomain, + true, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + ["bounce-tracker-container.com", "bounce-tracker-container2.com"], + "Should have deleted only 'common-bounce-tracker.com' for container." + ); + + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should not have deleted any user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +} + +do_get_profile(); + +add_task(async function test_deleteAll() { + addTestData(); + + info("Deleting all data."); + await new Promise(function (resolve) { + Services.clearData.deleteData( + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .length, + 0, + "All bounce tracker candidates for default OA should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).length, + 0, + "All user activations for default OA should be deleted." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts( + OA_PRIVATE_BROWSING + ).length, + 0, + "All bounce tracker candidates for private browsing should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .length, + 0, + "All user activations for private browsing should be deleted." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .length, + 0, + "All bounce tracker candidates for container 1 should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).length, + 0, + "All user activations for container 1 should be deleted." + ); +}); + +add_task(async function test_deleteByPrincipal() { + addTestData(); + + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://common-bounce-tracker.com"), + {} + ); + console.debug("principal", principal.origin); + + info("Deleting by principal " + principal.origin); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromPrincipal( + principal, + false, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted 'common-bounce-tracker.com' for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [ + "bounce-tracker-container.com", + "bounce-tracker-container2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted 'common-bounce-tracker.com' for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should not have deleted any user activations for container." + ); + + let principal2 = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://common-user-activation.com"), + OA_CONTAINER + ); + + info("Deleting by principal " + principal2.origin); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromPrincipal( + principal2, + false, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should not have deleted any bounce tracker candidates for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted 'common-user-activation.com' for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted 'common-user-activation.com' for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [ + "bounce-tracker-container.com", + "bounce-tracker-container2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + ["user-activation-container.com", "user-activation-container2.com"], + "Should have deleted 'common-user-activation.com' for private browsing.." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); + +add_task(async function test_deleteByBaseDomain() { + await runDeleteBySiteHostTest(Services.clearData.deleteDataFromBaseDomain); +}); + +add_task(async function test_deleteByRange() { + addTestData(); + + let startTime = 200; + let endTime = 1300; + + info(`Deleting by range ${startTime} - ${endTime}`); + await new Promise(function (resolve) { + Services.clearData.deleteDataInTimeRange( + startTime, + endTime, + true, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + ["common-bounce-tracker.com"], + "Should have only kept 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [], + "Should not have kept any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [], + "Should not have kept any bounces for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [], + "Should not have kept any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + ["bounce-tracker-container.com", "bounce-tracker-container2.com"], + "Should have only kept some bouncer trackers for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should have kept all user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); + +add_task(async function test_deleteByHost() { + await runDeleteBySiteHostTest(Services.clearData.deleteDataFromHost); +}); + +add_task(async function test_deleteByOriginAttributes() { + addTestData(); + + info("Deleting by origin attributes. " + JSON.stringify(OA_CONTAINER)); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromOriginAttributesPattern( + OA_CONTAINER, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [], + "Should have deleted all bounce tracker candidates for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [], + "Should have deleted all user activations for container." + ); + + info("Deleting by origin attributes {} (all)."); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromOriginAttributesPattern( + OA_DEFAULT, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .length, + 0, + "Should have deleted all bounce tracker candidates for default OA." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).length, + 0, + "Should have deleted all user activations for default OA." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts( + OA_PRIVATE_BROWSING + ).length, + 0, + "Should have deleted all bounce tracker candidates for private browsing." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .length, + 0, + "Should have deleted all user activations for private browsing." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .length, + 0, + "Should have deleted all bounce tracker candidates for container." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).length, + 0, + "Should have deleted all user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_certs.js b/toolkit/components/cleardata/tests/unit/test_certs.js new file mode 100644 index 0000000000..3ff538d5a8 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_certs.js @@ -0,0 +1,233 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const overrideService = Cc["@mozilla.org/security/certoverride;1"].getService( + Ci.nsICertOverrideService +); +const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB +); + +const CERT_TEST = + "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t"; + +add_task(async function () { + Assert.ok(Services.clearData); + + const TEST_URI = Services.io.newURI("http://test.com/"); + const ANOTHER_TEST_URI = Services.io.newURI("https://example.com/"); + const YET_ANOTHER_TEST_URI = Services.io.newURI("https://example.test/"); + let cert = certDB.constructX509FromBase64(CERT_TEST); + let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS; + + ok(cert, "Cert was created"); + + Assert.ok( + !overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should not have override for ${TEST_URI.asciiHost}:${TEST_URI.port} yet` + ); + + overrideService.rememberValidityOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + flags, + false + ); + + Assert.ok( + overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should have override for ${TEST_URI.asciiHost}:${TEST_URI.port} now` + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + TEST_URI.asciiHostPort, + true /* user request */, + flags, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should not have override for ${TEST_URI.asciiHost}:${TEST_URI.port} now` + ); + + for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) { + overrideService.rememberValidityOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + flags, + false + ); + Assert.ok( + overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + {} + ), + `Should have added override for ${uri.asciiHost}:${uri.port} with private browsing ID` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 2 }, + cert, + {} + ), + `Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID 2` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should not have added override for ${uri.asciiHost}:${uri.port}` + ); + overrideService.rememberValidityOverride( + uri.asciiHost, + uri.port, + {}, + cert, + flags, + false + ); + Assert.ok( + overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should have added override for ${uri.asciiHost}:${uri.port}` + ); + } + + await new Promise(aResolve => { + Services.clearData.deleteData(flags, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); + + for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) { + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should have removed override for ${uri.asciiHost}:${uri.port}` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + {} + ), + `Should have removed override for ${uri.asciiHost}:${uri.port} with private browsing attribute` + ); + } +}); + +add_task(async function test_deleteByBaseDomain() { + let toClear = [ + Services.io.newURI("https://example.com"), + Services.io.newURI("http://example.com:8080"), + Services.io.newURI("http://test1.example.com"), + Services.io.newURI("http://foo.bar.example.com"), + ]; + + let toKeep = [ + Services.io.newURI("https://example.org"), + Services.io.newURI("http://test1.example.org"), + Services.io.newURI("http://foo.bar.example.org"), + Services.io.newURI("http://example.test"), + ]; + + let all = toClear.concat(toKeep); + + let cert = certDB.constructX509FromBase64(CERT_TEST); + ok(cert, "Cert was created"); + + all.forEach(({ asciiHost, port }) => { + Assert.ok( + !overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should not have override for ${asciiHost}:${port} yet` + ); + + overrideService.rememberValidityOverride(asciiHost, port, {}, cert, false); + + Assert.ok( + overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have override for ${asciiHost}:${port} now` + ); + }); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + toClear.forEach(({ asciiHost, port }) => + Assert.ok( + !overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have cleared override for ${asciiHost}:${port}` + ) + ); + + toKeep.forEach(({ asciiHost, port }) => + Assert.ok( + overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have kept override for ${asciiHost}:${port}` + ) + ); + + // Cleanup + overrideService.clearAllOverrides(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js b/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js new file mode 100644 index 0000000000..036f97e7ca --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js @@ -0,0 +1,328 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +do_get_profile(); + +add_setup(_ => { + // Init cookieBannerService and pretend we opened a profile. + let cbs = Cc["@mozilla.org/cookie-banner-service;1"].getService( + Ci.nsIObserver + ); + cbs.observe(null, "profile-after-change", null); +}); + +add_task(async function test_delete_exception() { + info("Enabling cookie banner service with MODE_REJECT"); + Services.prefs.setIntPref( + "cookiebanners.service.mode", + Ci.nsICookieBannerService.MODE_REJECT + ); + + // Test nsIClearDataService.deleteDataFromHost + info("Adding an exception for example.com"); + let uri = Services.io.newURI("https://example.com"); + + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromPrincipal"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteData + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + Services.prefs.clearUserPref("cookiebanners.service.mode"); +}); + +add_task(async function test_delete_executed_record() { + info("Enabling cookie banner service with MODE_REJECT"); + Services.prefs.setIntPref( + "cookiebanners.service.mode", + Ci.nsICookieBannerService.MODE_REJECT + ); + Services.prefs.setIntPref( + "cookiebanners.bannerClicking.maxTriesPerSiteAndSession", + 1 + ); + + // Test nsIClearDataService.deleteDataFromHost + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromPrincipal"); + let uri = Services.io.newURI("https://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteData + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + Services.prefs.clearUserPref("cookiebanners.service.mode"); + Services.prefs.clearUserPref( + "cookiebanners.bannerClicking.maxTriesPerSiteAndSession" + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_cookies.js b/toolkit/components/cleardata/tests/unit/test_cookies.js new file mode 100644 index 0000000000..4bcb6d725a --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_cookies.js @@ -0,0 +1,393 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for cookies. + */ + +"use strict"; + +add_task(async function test_all_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_range_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // The cookie is out of time range here. + let from = Date.now() + 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 2000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // Now we delete all. + from = Date.now() - 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 2000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_principal_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + let uri = Services.io.newURI("http://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // Now we delete all. + uri = Services.io.newURI("http://example.net"); + principal = Services.scriptSecurityManager.createContentPrincipal(uri, {}); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_localfile_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "", // local file + "path", + "name", + "value", + false /* secure */, + false /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP + ); + + Assert.notEqual(Services.cookies.countCookiesFromHost(""), 0); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromLocalFiles( + true, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + Assert.equal(Services.cookies.countCookiesFromHost(""), 0); +}); + +// The following tests ensure we properly clear (partitioned/unpartitioned) +// cookies when using deleteDataFromBaseDomain and deleteDataFromHost. + +function getTestCookieName(host, topLevelBaseDomain) { + if (!topLevelBaseDomain) { + return host; + } + return `${host}_${topLevelBaseDomain}`; +} + +function setTestCookie({ + host, + topLevelBaseDomain = null, + originAttributes = {}, +}) { + SiteDataTestUtils.addToCookies({ + host, + name: getTestCookieName(host, topLevelBaseDomain), + originAttributes: getOAWithPartitionKey( + { topLevelBaseDomain }, + originAttributes + ), + }); +} + +function setTestCookies() { + // First party cookies + setTestCookie({ host: "example.net" }); + setTestCookie({ host: "test.example.net" }); + setTestCookie({ host: "example.org" }); + + // Third-party partitioned cookies. + setTestCookie({ host: "example.com", topLevelBaseDomain: "example.net" }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + setTestCookie({ host: "example.net", topLevelBaseDomain: "example.org" }); + setTestCookie({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Ensure we have the correct cookie test state. + // Not using countCookiesFromHost because it doesn't see partitioned cookies. + testCookieExists({ host: "example.net" }); + testCookieExists({ host: "test.example.net" }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ host: "example.com", topLevelBaseDomain: "example.net" }); + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + testCookieExists({ host: "example.net", topLevelBaseDomain: "example.org" }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); +} + +function testCookieExists({ + host, + topLevelBaseDomain = null, + expected = true, + originAttributes = {}, +}) { + let exists = Services.cookies.cookieExists( + host, + "path", + getTestCookieName(host, topLevelBaseDomain), + getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes) + ); + let message = `Cookie ${expected ? "is set" : "is not set"} for ${host}`; + if (topLevelBaseDomain) { + message += ` partitioned under ${topLevelBaseDomain}`; + } + Assert.equal(exists, expected, message); + return exists; +} + +/** + * Tests deleting (partitioned) cookies by base domain. + */ +add_task(async function test_baseDomain_cookies() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net", expected: false }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + Services.cookies.removeAll(); +}); + +/** + * Tests deleting (non-partitioned) cookies by host. + */ +add_task(async function test_host_cookies() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net" }); + testCookieExists({ host: "example.org" }); + // Third-party partitioned cookies under example.net should not be cleared. + testCookieExists({ host: "example.com", topLevelBaseDomain: "example.net" }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + // Third-party partitioned cookies of example.net should be removed, because + // CookieCleaner matches with host, but any partition key (oa = {}) via + // removeCookiesFromExactHost. + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Cleanup + Services.cookies.removeAll(); +}); + +/** + * Tests that we correctly clear data when given a subdomain. + */ +add_task(async function test_baseDomain_cookies_subdomain() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of test.example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "test.example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net", expected: false }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + Services.cookies.removeAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_downloads.js b/toolkit/components/cleardata/tests/unit/test_downloads.js new file mode 100644 index 0000000000..72de763ce3 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_downloads.js @@ -0,0 +1,310 @@ +/** + * Tests for downloads. + */ + +"use strict"; + +const { Downloads } = ChromeUtils.importESModule( + "resource://gre/modules/Downloads.sys.mjs" +); +const { FileTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/FileTestUtils.sys.mjs" +); + +const TEST_TARGET_FILE_NAME = "test-download.txt"; +let fileURL; +let downloadList; + +function createFileURL() { + if (!fileURL) { + const file = Services.dirsvc.get("TmpD", Ci.nsIFile); + file.append("foo.txt"); + file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o600); + + fileURL = Services.io.newFileURI(file); + } + + return fileURL; +} + +async function createDownloadList() { + if (!downloadList) { + Downloads._promiseListsInitialized = null; + Downloads._lists = {}; + Downloads._summaries = {}; + + downloadList = await Downloads.getList(Downloads.ALL); + } + + return downloadList; +} + +add_task(async function test_all_downloads() { + const url = createFileURL(); + const list = await createDownloadList(); + + // First download. + let download = await Downloads.createDownload({ + source: { url: url.spec, isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + let items = await list.getAll(); + Assert.equal(items.length, 1); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_range_downloads() { + const url = createFileURL(); + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: url.spec, isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + // Start + cancel. I need to have a startTime value. + await download.start(); + await download.cancel(); + + let items = await list.getAll(); + Assert.equal(items.length, 1); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteDataInTimeRange( + download.startTime.getTime() * 1000, + download.startTime.getTime() * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_principal_downloads() { + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: "http://example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://example.com", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let items = await list.getAll(); + Assert.equal(items.length, 2); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + let uri = Services.io.newURI("http://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 1); + + removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_basedomain_downloads() { + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: "http://example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://test.example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "https://foo.bar.example.net", isPrivate: true }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://example.com", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let items = await list.getAll(); + Assert.equal(items.length, 4); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 1); + + removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js b/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js new file mode 100644 index 0000000000..6c50f91551 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js @@ -0,0 +1,161 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +do_get_profile(); + +add_task(async function test_clear_fingerprinting_protection_state() { + info("Enabling fingerprinting randomization"); + Services.prefs.setBoolPref("privacy.resistFingerprinting", true); + + let uri = Services.io.newURI("https://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + let channel = Services.io.newChannelFromURI( + uri, + null, // aLoadingNode + principal, + null, // aTriggeringPrincipal + Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); + + // Test nsIClearDataService.deleteDataFromHost + let key = Services.rfp.testGenerateRandomKey(channel); + let keyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + // Verify that the key remains the same without clearing. + key = Services.rfp.testGenerateRandomKey(channel); + let keyStrAgain = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + Assert.equal( + keyStr, + keyStrAgain, + "The fingerprinting randomization key remain the same without clearing." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + let newKeyStr = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + keyStr = newKeyStr; + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + keyStr = newKeyStr; + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteData + keyStr = newKeyStr; + + // Generate a key for another site. + uri = Services.io.newURI("https://example.org"); + principal = Services.scriptSecurityManager.createContentPrincipal(uri, {}); + let channelAnother = Services.io.newChannelFromURI( + uri, + null, // aLoadingNode + principal, + null, // aTriggeringPrincipal + Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); + key = Services.rfp.testGenerateRandomKey(channelAnother); + let keyStrAnother = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Verify whether deleteData clears another site as well. + key = Services.rfp.testGenerateRandomKey(channelAnother); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStrAnother, + newKeyStr, + "The fingerprinting randomization key is reset properly for another site." + ); + + Services.prefs.clearUserPref("privacy.resistFingerprinting"); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js b/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js new file mode 100644 index 0000000000..13369fc787 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js @@ -0,0 +1,121 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { XPCOMUtils } = ChromeUtils.importESModule( + "resource://gre/modules/XPCOMUtils.sys.mjs" +); + +XPCOMUtils.defineLazyServiceGetter( + this, + "IdentityCredentialStorageService", + "@mozilla.org/browser/identity-credential-storage-service;1", + "nsIIdentityCredentialStorageService" +); + +do_get_profile(); + +add_task(async function test_deleteByRange() { + Services.prefs.setBoolPref( + "dom.security.credentialmanagement.identity.enabled", + true + ); + const expiry = Date.now() + 24 * 60 * 60; + let rpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://rp.com/"), + {} + ); + let idpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://idp.com/"), + {} + ); + const credentialID = "ID"; + + // Test initial value + let registered = {}; + let allowLogout = {}; + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(!registered.value, "Should not be registered initially."); + Assert.ok(!allowLogout.value, "Should not allow logout initially."); + + // Set and read a value + IdentityCredentialStorageService.setState( + rpPrincipal, + idpPrincipal, + credentialID, + true, + true + ); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(registered.value, "Should be registered by set."); + Assert.ok(allowLogout.value, "Should now allow logout by set."); + + let from = Date.now() + 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_CREDENTIAL_MANAGER_STATE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + + Assert.ok( + registered.value, + "Should be existing since the value is not deleted" + ); + + from = Date.now() - 60 * 60; + + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_CREDENTIAL_MANAGER_STATE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(!registered.value, "Should not be existing"); + + Services.prefs.clearUserPref( + "dom.security.credentialmanagement.identity.enabled" + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_network_cache.js b/toolkit/components/cleardata/tests/unit/test_network_cache.js new file mode 100644 index 0000000000..bb54cdc6a8 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_network_cache.js @@ -0,0 +1,316 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Test clearing cache. + */ + +"use strict"; + +function getPartitionedLoadContextInfo( + { scheme, topLevelBaseDomain, port }, + originAttributes = {} +) { + return Services.loadContextInfo.custom( + false, + getOAWithPartitionKey( + { scheme, topLevelBaseDomain, port }, + originAttributes + ) + ); +} + +add_task(async function test_deleteFromHost() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.clear(); +}); + +add_task(async function test_deleteFromPrincipal() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.clear(); +}); + +add_task(async function test_deleteFromBaseDomain() { + for (let cacheType of ["disk", "memory"]) { + await SiteDataTestUtils.addCacheEntry("http://example.com/", cacheType); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", cacheType); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + // Partitioned cache. + await SiteDataTestUtils.addCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + await SiteDataTestUtils.addCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + + // Clear an unrelated base domain. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "foo.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should still have all cache entries. + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache has an entry.` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + + // Clear data for example.com + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache is cleared.` + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache is cleared.` + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache is cleared.` + ); + await SiteDataTestUtils.clear(); + } +}); + +add_task(async function test_deleteAll() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache is cleared" + ); + + await SiteDataTestUtils.clear(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_passwords.js b/toolkit/components/cleardata/tests/unit/test_passwords.js new file mode 100644 index 0000000000..7e63bd8fa3 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_passwords.js @@ -0,0 +1,89 @@ +/** + * Tests for passwords. + */ + +"use strict"; + +const URL = "http://example.com"; + +const { LoginTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/LoginTestUtils.sys.mjs" +); + +add_task(async function test_principal_downloads() { + // Store the strings "user" and "pass" using similarly looking glyphs. + let loginInfo = LoginTestUtils.testData.formLogin({ + origin: URL, + formActionOrigin: URL, + username: "admin", + password: "12345678", + usernameField: "field_username", + passwordField: "field_password", + }); + await Services.logins.addLoginAsync(loginInfo); + + Assert.equal(await countLogins(URL), 1); + + let uri = Services.io.newURI(URL); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PASSWORDS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + Assert.equal(await countLogins(URL), 0); + + LoginTestUtils.clearData(); +}); + +add_task(async function test_all() { + // Store the strings "user" and "pass" using similarly looking glyphs. + let loginInfo = LoginTestUtils.testData.formLogin({ + origin: URL, + formActionOrigin: URL, + username: "admin", + password: "12345678", + usernameField: "field_username", + passwordField: "field_password", + }); + await Services.logins.addLoginAsync(loginInfo); + + Assert.equal(await countLogins(URL), 1); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PASSWORDS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + Assert.equal(await countLogins(URL), 0); + + LoginTestUtils.clearData(); +}); + +async function countLogins(origin) { + let count = 0; + const logins = await Services.logins.getAllLogins(); + for (const login of logins) { + if (login.origin == origin) { + ++count; + } + } + + return count; +} diff --git a/toolkit/components/cleardata/tests/unit/test_permissions.js b/toolkit/components/cleardata/tests/unit/test_permissions.js new file mode 100644 index 0000000000..1f46ab5015 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_permissions.js @@ -0,0 +1,471 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for permissions + */ + +"use strict"; + +add_task(async function test_all_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); +}); + +add_task(async function test_principal_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +function addTestPermissions() { + Services.perms.removeAll(); + + PermissionTestUtils.add( + "https://example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "http://example.net", + "cookie", + Services.perms.DENY_ACTION + ); + PermissionTestUtils.add( + "https://bar.example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://foo.bar.example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://example.com", + "3rdPartyStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + + PermissionTestUtils.add( + "https://example.com", + "cookie", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "http://example.com", + "geo", + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject("https://example.net", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ).capability, + Services.perms.DENY_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); +} + +add_task(async function test_basedomain_permissions() { + for (let domain of [ + "example.net", + "test.example.net", + "foo.bar.example.net", + ]) { + addTestPermissions(); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + domain, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should have cleared all entries associated with the base domain. + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ) + ); + + // Unrelated entries should still exist. + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + } + + Services.perms.removeAll(); +}); + +add_task(async function test_host_permissions() { + addTestPermissions(); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "bar.example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should have cleared all entries associated with the host and its + // subdomains. + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ) + ); + + // Unrelated entries should still exist. + Assert.equal( + PermissionTestUtils.getPermissionObject("https://example.net", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ).capability, + Services.perms.DENY_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + + Services.perms.removeAll(); +}); + +add_task(async function test_3rdpartystorage_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + Services.perms.addFromPrincipal( + anotherPrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + + const oneMoreUri = Services.io.newURI("https://example.org"); + const oneMorePrincipal = + Services.scriptSecurityManager.createContentPrincipal(oneMoreUri, {}); + Services.perms.addFromPrincipal( + oneMorePrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + true + ) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + true + ) != null + ); + Assert.ok( + Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + true + ) == null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + true + ) == null + ); + Assert.ok( + Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_quota.js b/toolkit/components/cleardata/tests/unit/test_quota.js new file mode 100644 index 0000000000..95c3025781 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_quota.js @@ -0,0 +1,537 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for the QuotaCleaner. + */ + +"use strict"; + +// The following tests ensure we properly clear (partitioned/unpartitioned) +// localStorage and indexedDB when using deleteDataFromBaseDomain, +// deleteDataFromHost and deleteDataFromPrincipal. + +// Skip localStorage tests when using legacy localStorage. The legacy +// localStorage implementation does not support clearing data by principal. See +// Bug 1688221, Bug 1688665. +const skipLocalStorageTests = Services.prefs.getBoolPref( + "dom.storage.enable_unsupported_legacy_implementation" +); + +/** + * Create an origin with partitionKey. + * @param {String} host - Host portion of origin to create. + * @param {String} [topLevelBaseDomain] - Optional first party base domain to use for partitionKey. + * @param {Object} [originAttributes] - Optional object of origin attributes to + * set. If topLevelBaseDomain is passed, the partitionKey will be overwritten. + * @returns {String} Origin with suffix. + */ +function getOrigin(host, topLevelBaseDomain, originAttributes = {}) { + return getPrincipal(host, topLevelBaseDomain, originAttributes).origin; +} + +function getPrincipal(host, topLevelBaseDomain, originAttributes = {}) { + originAttributes = getOAWithPartitionKey( + { topLevelBaseDomain }, + originAttributes + ); + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(`https://${host}`), + originAttributes + ); + return principal; +} + +function getTestEntryName(host, topLevelBaseDomain) { + if (!topLevelBaseDomain) { + return host; + } + return `${host}_${topLevelBaseDomain}`; +} + +function setTestEntry({ + storageType, + host, + topLevelBaseDomain = null, + originAttributes = {}, +}) { + let origin = getOrigin(host, topLevelBaseDomain, originAttributes); + if (storageType == "localStorage") { + SiteDataTestUtils.addToLocalStorage( + origin, + getTestEntryName(host, topLevelBaseDomain), + "bar" + ); + return; + } + SiteDataTestUtils.addToIndexedDB(origin); +} + +async function testEntryExists({ + storageType, + host, + topLevelBaseDomain = null, + expected = true, + originAttributes = {}, +}) { + let exists; + let origin = getOrigin(host, topLevelBaseDomain, originAttributes); + if (storageType == "localStorage") { + exists = SiteDataTestUtils.hasLocalStorage(origin, [ + { key: getTestEntryName(host, topLevelBaseDomain), value: "bar" }, + ]); + } else { + exists = await SiteDataTestUtils.hasIndexedDB(origin); + } + + let message = `${storageType} entry ${ + expected ? "is set" : "is not set" + } for ${host}`; + if (topLevelBaseDomain) { + message += ` partitioned under ${topLevelBaseDomain}`; + } + Assert.equal(exists, expected, message); + return exists; +} + +const TEST_ORIGINS = [ + // First party + { host: "example.net" }, + { host: "test.example.net" }, + { host: "example.org" }, + + // Third-party partitioned. + { host: "example.com", topLevelBaseDomain: "example.net" }, + { + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }, + { host: "example.net", topLevelBaseDomain: "example.org" }, + { host: "test.example.net", topLevelBaseDomain: "example.org" }, +]; + +async function setTestEntries(storageType) { + for (const origin of TEST_ORIGINS) { + setTestEntry({ storageType, ...origin }); + } + + // Ensure we have the correct storage test state. + for (const origin of TEST_ORIGINS) { + await testEntryExists({ storageType, ...origin }); + } +} + +/** + * Run the base domain test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestBaseDomain(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + await setTestEntries(storageType); + + // Clear entries of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ storageType, host: "example.net", expected: false }); + await testEntryExists({ + storageType, + host: "test.example.net", + expected: false, + }); + await testEntryExists({ storageType, host: "example.org" }); + + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + await testEntryExists({ + storageType, + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +/** + * Run the host test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestHost(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + await setTestEntries(storageType); + + // Clear entries of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ storageType, host: "example.net", expected: false }); + // QuotaCleaner#deleteByHost also clears subdomains. + await testEntryExists({ + storageType, + host: "test.example.net", + expected: false, + }); + await testEntryExists({ storageType, host: "example.org" }); + + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + expected: true, + }); + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: true, + }); + // QuotaCleaner#deleteByHost ignores partitionKey. + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + await testEntryExists({ + storageType, + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +/** + * Run the principal test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestPrincipal(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // First party + setTestEntry({ storageType, host: "example.net" }); + setTestEntry({ + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + setTestEntry({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + setTestEntry({ storageType, host: "test.example.net" }); + setTestEntry({ storageType, host: "example.org" }); + + // Third-party partitioned. + setTestEntry({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Ensure we have the correct storage test state. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries from principal with custom OA. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", null, { userContextId: 2 }), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the exact origin. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries of from partitioned principal. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", "example.com"), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the partition. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries of from principal without suffix. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", null), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the given principal, and not entries + // for principals with the same host, but different OriginAttributes or + // subdomains. + await testEntryExists({ expected: false, storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +// Tests + +add_task(function setup() { + // Allow setting local storage in xpcshell tests. + Services.prefs.setBoolPref("dom.storage.client_validation", false); +}); + +/** + * Tests deleting localStorage entries by host. + */ +add_task(async function test_host_localStorage() { + await runTestHost("localStorage"); +}); + +/** + * Tests deleting indexedDB entries by host. + */ +add_task(async function test_host_indexedDB() { + await runTestHost("indexedDB"); +}); + +/** + * Tests deleting (partitioned) localStorage entries by base domain. + */ +add_task(async function test_baseDomain_localStorage() { + await runTestBaseDomain("localStorage"); +}); + +/** + * Tests deleting (partitioned) indexedDB entries by base domain. + */ +add_task(async function test_baseDomain_indexedDB() { + await runTestBaseDomain("indexedDB"); +}); + +/** + * Tests deleting localStorage entries by principal. + */ +add_task(async function test_principal_localStorage() { + // Bug 1688221, Bug 1688665. + if (skipLocalStorageTests) { + info("Skipping test"); + return; + } + await runTestPrincipal("localStorage"); +}); + +function getRelativeFile(...components) { + const profileDir = Services.dirsvc.get("ProfD", Ci.nsIFile); + + const file = profileDir.clone(); + for (const component of components) { + file.append(component); + } + + return file; +} + +function countSubitems(file) { + const entriesIterator = file.directoryEntries; + let count = 0; + while (entriesIterator.hasMoreElements()) { + ++count; + entriesIterator.nextFile; + } + return count; +} + +add_task(async function test_deleteAllAtShutdown() { + const storageType = "indexedDB"; + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + const toBeRemovedDir = getRelativeFile("storage", "to-be-removed"); + if (toBeRemovedDir.exists()) { + toBeRemovedDir.remove(true); + } + + await setTestEntries(storageType); + + Services.startup.advanceShutdownPhase( + Services.startup.SHUTDOWN_PHASE_APPSHUTDOWNTEARDOWN + ); + + // Clear entries from principal with custom OA. + for (const origin of TEST_ORIGINS) { + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal( + origin.host, + origin.topLevelBaseDomain, + origin.originAttributes + ), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ expected: false, storageType, ...origin }); + } + + Assert.ok( + toBeRemovedDir.exists(), + "to-be-removed directory should exist now" + ); + + Assert.equal( + countSubitems(toBeRemovedDir), + TEST_ORIGINS.length, + `storage/to-be-removed has ${TEST_ORIGINS.length} subdirectories` + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_security_settings.js b/toolkit/components/cleardata/tests/unit/test_security_settings.js new file mode 100644 index 0000000000..b14f567bab --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_security_settings.js @@ -0,0 +1,279 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Test for SecuritySettingsCleaner. + * This tests both, the SiteSecurityService and the ClientAuthRememberService. + */ + +"use strict"; + +let gSSService = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService +); + +let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService( + Ci.nsIClientAuthRememberService +); + +let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB +); + +// These are not actual server and client certs. The ClientAuthRememberService +// does not care which certs we store decisions for, as long as they're valid. +let [clientCert] = certDB.getCerts(); + +function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) { + let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes); + + let uri = Services.io.newURI(`https://${host}`); + + gSSService.processHeader(uri, "max-age=1000;", attrs); + + cars.rememberDecisionScriptable(host, attrs, clientCert); +} + +function addTestSecurityInfo() { + // First party + addSecurityInfo({ host: "example.net" }); + addSecurityInfo({ host: "test.example.net" }); + addSecurityInfo({ host: "example.org" }); + + // Third-party partitioned + addSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + addSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" }); + addSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Ensure we have the correct state initially. + testSecurityInfo({ host: "example.net" }); + testSecurityInfo({ host: "test.example.net" }); + testSecurityInfo({ host: "example.org" }); + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); +} + +function testSecurityInfo({ + host, + topLevelBaseDomain, + expectedHSTS = true, + expectedCARS = true, + originAttributes = {}, +}) { + let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes); + + let messageSuffix = `for ${host}`; + if (topLevelBaseDomain) { + messageSuffix += ` partitioned under ${topLevelBaseDomain}`; + } + + let uri = Services.io.newURI(`https://${host}`); + let isSecure = gSSService.isSecureURI(uri, attrs); + Assert.equal( + isSecure, + expectedHSTS, + `HSTS ${expectedHSTS ? "is set" : "is not set"} ${messageSuffix}` + ); + + let hasRemembered = cars.hasRememberedDecisionScriptable(host, attrs, {}); + // CARS deleteDecisionsByHost does not include subdomains. That means for some + // test cases we expect a different remembered state. + Assert.equal( + hasRemembered, + expectedCARS, + `CAR ${expectedCARS ? "is set" : "is not set"} ${messageSuffix}` + ); +} + +add_task(async function test_baseDomain() { + gSSService.clearAll(); + + // ---- hsts cleaner ---- + addTestSecurityInfo(); + + // Clear hsts data of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_HSTS, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + // HSTSCleaner also removes subdomain settings. + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ + host: "example.com", + topLevelBaseDomain: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + + // ---- client auth remember cleaner ----- + addTestSecurityInfo(); + + // Clear security settings of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + // ClientAuthRememberCleaner also removes subdomain settings. + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ + host: "example.com", + topLevelBaseDomain: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + + // Cleanup + gSSService.clearAll(); +}); + +add_task(async function test_host() { + gSSService.clearAll(); + + // ---- HSTS cleaer ---- + addTestSecurityInfo(); + + // Clear security settings of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_HSTS, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + + // Cleanup + gSSService.clearAll(); + + // --- clientAuthRemember cleaner --- + + addTestSecurityInfo(); + + // Clear security settings of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: true, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: true, + }); + + // Cleanup + gSSService.clearAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_storage_permission.js b/toolkit/components/cleardata/tests/unit/test_storage_permission.js new file mode 100644 index 0000000000..a44e9f2c6a --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_storage_permission.js @@ -0,0 +1,398 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for permissions + */ + +"use strict"; + +// Test that only the storageAccessAPI gets removed. +add_task(async function test_removing_storage_permission() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "There is a storageAccessAPI permission set" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "the storageAccessAPI permission has been removed" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal(principal, "cookie"), + Services.perms.ALLOW_ACTION, + "the cookie permission has not been removed" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Test that the storageAccessAPI gets removed from a particular principal +add_task(async function test_removing_storage_permission_from_principal() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has not been removed from the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Test that the storageAccessAPI gets removed from a base domain. +add_task(async function test_removing_storage_permission_from_base_domainl() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + const uriSub = Services.io.newURI("http://test.example.net"); + const principalSub = Services.scriptSecurityManager.createContentPrincipal( + uriSub, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + principalSub, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principalSub, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the subdomain principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principalSub, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the sub domain principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has not been removed from the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Tests the deleteUserInteractionForClearingHistory function. +add_task(async function test_deleteUserInteractionForClearingHistory() { + // These should be retained. + PermissionTestUtils.add( + "https://example.com", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.com", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.com^userContextId=3", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + // These should be removed. + PermissionTestUtils.add( + "https://example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.org^userContextId=3", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + let principalWithStorage = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://sub.example.com" + ); + + await new Promise(resolve => { + return Services.clearData.deleteUserInteractionForClearingHistory( + [principalWithStorage], + 0, + resolve + ); + }); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.org^userContextId=3", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.com^userContextId=3", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + + // This permission is set earlier than the timestamp and should be retained. + PermissionTestUtils.add( + "https://example.net", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + // Add some time in between taking the snapshot of the timestamp + // to avoid flakyness. + await new Promise(c => do_timeout(100, c)); + let timestamp = Date.now(); + await new Promise(c => do_timeout(100, c)); + + // This permission is set later than the timestamp and should be removed. + PermissionTestUtils.add( + "https://example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + await new Promise(resolve => { + return Services.clearData.deleteUserInteractionForClearingHistory( + [principalWithStorage], + // ClearDataService takes PRTime (microseconds) + timestamp * 1000, + resolve + ); + }); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.net", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/xpcshell.toml b/toolkit/components/cleardata/tests/unit/xpcshell.toml new file mode 100644 index 0000000000..2df07abcea --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/xpcshell.toml @@ -0,0 +1,40 @@ +[DEFAULT] +tags = "condprof" +firefox-appdir = "browser" +head = "head.js" +skip-if = ["os == 'android'"] +support-files = "" +prefs = [ + "privacy.bounceTrackingProtection.enabled=true", + "privacy.bounceTrackingProtection.enableTestMode=true", + "privacy.bounceTrackingProtection.bounceTrackingPurgeTimerPeriodSec=0", +] + +["test_basic.js"] + +["test_bounce_tracking_protection.js"] + +["test_certs.js"] + +["test_cookie_banner_handling.js"] + +["test_cookies.js"] + +["test_downloads.js"] + +["test_fingerprinting_protection_state.js"] + +["test_identity_credential_storage.js"] + +["test_network_cache.js"] +skip-if = ["condprof"] # Bug 1769154 - expected fail w/condprof + +["test_passwords.js"] + +["test_permissions.js"] + +["test_quota.js"] + +["test_security_settings.js"] + +["test_storage_permission.js"] -- cgit v1.2.3