/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * Description of the test: * We show that we can separate the safebrowsing cookie by creating a custom * OriginAttributes using a unique safebrowsing first-party domain. Setting this * custom OriginAttributes on the loadInfo of the channel allows us to query the * first-party domain and therefore separate the safebrowsing cookie in its own * cookie-jar. For testing safebrowsing update we do >> NOT << emulate a response * in the body, rather we only set the cookies in the header of the response * and confirm that cookies are separated in their own cookie-jar. * * 1) We init safebrowsing and simulate an update (cookies are set for localhost) * * 2) We open a channel that should send regular cookies, but not the * safebrowsing cookie. * * 3) We open a channel with a custom callback, simulating a safebrowsing cookie * that should send this simulated safebrowsing cookie as well as the * real safebrowsing cookies. (Confirming that the safebrowsing cookies * actually get stored in the correct jar). */ "use strict"; const { HttpServer } = ChromeUtils.importESModule( "resource://testing-common/httpd.sys.mjs" ); ChromeUtils.defineLazyGetter(this, "URL", function () { return "http://localhost:" + httpserver.identity.primaryPort; }); var setCookiePath = "/setcookie"; var checkCookiePath = "/checkcookie"; var safebrowsingUpdatePath = "/safebrowsingUpdate"; var safebrowsingGethashPath = "/safebrowsingGethash"; var httpserver; function inChildProcess() { return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; } function cookieSetHandler(metadata, response) { var cookieName = metadata.getHeader("set-cookie"); response.setStatusLine(metadata.httpVersion, 200, "Ok"); response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); response.setHeader("Content-Type", "text/plain"); response.bodyOutputStream.write("Ok", "Ok".length); } function cookieCheckHandler(metadata, response) { var cookies = metadata.getHeader("Cookie"); response.setStatusLine(metadata.httpVersion, 200, "Ok"); response.setHeader("saw-cookies", cookies, false); response.setHeader("Content-Type", "text/plain"); response.bodyOutputStream.write("Ok", "Ok".length); } function safebrowsingUpdateHandler(metadata, response) { var cookieName = "sb-update-cookie"; response.setStatusLine(metadata.httpVersion, 200, "Ok"); response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); response.setHeader("Content-Type", "text/plain"); response.bodyOutputStream.write("Ok", "Ok".length); } function safebrowsingGethashHandler(metadata, response) { var cookieName = "sb-gethash-cookie"; response.setStatusLine(metadata.httpVersion, 200, "Ok"); response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); response.setHeader("Content-Type", "text/plain"); let msg = "test-phish-simplea:1:32\n" + "a".repeat(32); response.bodyOutputStream.write(msg, msg.length); } function setupChannel(path, originAttributes) { var channel = NetUtil.newChannel({ uri: URL + path, loadUsingSystemPrincipal: true, }); channel.loadInfo.originAttributes = originAttributes; channel.QueryInterface(Ci.nsIHttpChannel); return channel; } function run_test() { // Set up a profile do_get_profile(); // Allow all cookies if the pref service is available in this process. if (!inChildProcess()) { Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); Services.prefs.setBoolPref( "network.cookieJarSettings.unblocked_for_testing", true ); } httpserver = new HttpServer(); httpserver.registerPathHandler(setCookiePath, cookieSetHandler); httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler); httpserver.registerPathHandler( safebrowsingUpdatePath, safebrowsingUpdateHandler ); httpserver.registerPathHandler( safebrowsingGethashPath, safebrowsingGethashHandler ); httpserver.start(-1); run_next_test(); } // this test does not emulate a response in the body, // rather we only set the cookies in the header of response. add_test(function test_safebrowsing_update() { var streamUpdater = Cc[ "@mozilla.org/url-classifier/streamupdater;1" ].getService(Ci.nsIUrlClassifierStreamUpdater); function onSuccess() { run_next_test(); } function onUpdateError() { do_throw("ERROR: received onUpdateError!"); } function onDownloadError() { do_throw("ERROR: received onDownloadError!"); } streamUpdater.downloadUpdates( "test-phish-simple,test-malware-simple", "", true, URL + safebrowsingUpdatePath, onSuccess, onUpdateError, onDownloadError ); }); add_test(function test_safebrowsing_gethash() { var hashCompleter = Cc[ "@mozilla.org/url-classifier/hashcompleter;1" ].getService(Ci.nsIUrlClassifierHashCompleter); hashCompleter.complete( "aaaa", URL + safebrowsingGethashPath, "test-phish-simple", { completionV2() {}, completionFinished(status) { Assert.equal(status, Cr.NS_OK); run_next_test(); }, } ); }); add_test(function test_non_safebrowsing_cookie() { var cookieName = "regCookie_id0"; var originAttributes = new OriginAttributes(0, false, 0); function setNonSafeBrowsingCookie() { var channel = setupChannel(setCookiePath, originAttributes); channel.setRequestHeader("set-cookie", cookieName, false); channel.asyncOpen(new ChannelListener(checkNonSafeBrowsingCookie, null)); } function checkNonSafeBrowsingCookie() { var channel = setupChannel(checkCookiePath, originAttributes); channel.asyncOpen( new ChannelListener(completeCheckNonSafeBrowsingCookie, null) ); } function completeCheckNonSafeBrowsingCookie(request) { // Confirm that only the >> ONE << cookie is sent over the channel. var expectedCookie = cookieName + "=1"; request.QueryInterface(Ci.nsIHttpChannel); var cookiesSeen = request.getResponseHeader("saw-cookies"); Assert.equal(cookiesSeen, expectedCookie); run_next_test(); } setNonSafeBrowsingCookie(); }); add_test(function test_safebrowsing_cookie() { var cookieName = "sbCookie_id4294967294"; var originAttributes = new OriginAttributes(0, false, 0); originAttributes.firstPartyDomain = "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"; function setSafeBrowsingCookie() { var channel = setupChannel(setCookiePath, originAttributes); channel.setRequestHeader("set-cookie", cookieName, false); channel.asyncOpen(new ChannelListener(checkSafeBrowsingCookie, null)); } function checkSafeBrowsingCookie() { var channel = setupChannel(checkCookiePath, originAttributes); channel.asyncOpen( new ChannelListener(completeCheckSafeBrowsingCookie, null) ); } function completeCheckSafeBrowsingCookie(request) { // Confirm that all >> THREE << cookies are sent back over the channel: // a) the safebrowsing cookie set when updating // b) the safebrowsing cookie set when sending gethash // c) the regular cookie with custom loadcontext defined in this test. var expectedCookies = "sb-update-cookie=1; "; expectedCookies += "sb-gethash-cookie=1; "; expectedCookies += cookieName + "=1"; request.QueryInterface(Ci.nsIHttpChannel); var cookiesSeen = request.getResponseHeader("saw-cookies"); Assert.equal(cookiesSeen, expectedCookies); httpserver.stop(do_test_finished); } setSafeBrowsingCookie(); });