From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 21:33:14 +0200
Subject: Adding upstream version 115.7.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 netwerk/test/unit/test_bug526789.js | 289 ++++++++++++++++++++++++++++++++++++
 1 file changed, 289 insertions(+)
 create mode 100644 netwerk/test/unit/test_bug526789.js

(limited to 'netwerk/test/unit/test_bug526789.js')

diff --git a/netwerk/test/unit/test_bug526789.js b/netwerk/test/unit/test_bug526789.js
new file mode 100644
index 0000000000..ec80249a3c
--- /dev/null
+++ b/netwerk/test/unit/test_bug526789.js
@@ -0,0 +1,289 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async () => {
+  var cm = Services.cookies;
+  var expiry = (Date.now() + 1000) * 1000;
+
+  cm.removeAll();
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // test that variants of 'baz.com' get normalized appropriately, but that
+  // malformed hosts are rejected
+  cm.add(
+    "baz.com",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1);
+  Assert.equal(cm.countCookiesFromHost(".baz.com"), 1);
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+  Assert.equal(cm.countCookiesFromHost(".baz.com."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("baz.com..");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("baz..com");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("..baz.com");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  cm.remove("BAZ.com.", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+  cm.remove("baz.com", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+
+  // Test that 'baz.com' and 'baz.com.' are treated differently
+  cm.add(
+    "baz.com.",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0);
+  Assert.equal(cm.countCookiesFromHost(".baz.com"), 0);
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+  Assert.equal(cm.countCookiesFromHost(".baz.com."), 1);
+  cm.remove("baz.com", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+  cm.remove("baz.com.", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+
+  // test that domain cookies are illegal for IP addresses, aliases such as
+  // 'localhost', and eTLD's such as 'co.uk'
+  cm.add(
+    "192.168.0.1",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1);
+  Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".192.168.0.1");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".192.168.0.1.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.add(
+    "localhost",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("localhost"), 1);
+  Assert.equal(cm.countCookiesFromHost("localhost."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".localhost");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".localhost.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.add(
+    "co.uk",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("co.uk"), 1);
+  Assert.equal(cm.countCookiesFromHost("co.uk."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".co.uk");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".co.uk.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.removeAll();
+
+  CookieXPCShellUtils.createServer({
+    hosts: ["baz.com", "192.168.0.1", "localhost", "co.uk", "foo.com"],
+  });
+
+  var uri = NetUtil.newURI("http://baz.com/");
+  Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+  Assert.equal(uri.asciiHost, "baz.com");
+
+  await CookieXPCShellUtils.setCookieToDocument(uri.spec, "foo=bar");
+  const docCookies = await CookieXPCShellUtils.getCookieStringFromDocument(
+    uri.spec
+  );
+  Assert.equal(docCookies, "foo=bar");
+
+  Assert.equal(cm.countCookiesFromHost(""), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("..");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  var cookies = cm.getCookiesFromHost("", {});
+  Assert.ok(!cookies.length);
+  do_check_throws(function () {
+    cm.getCookiesFromHost(".", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.getCookiesFromHost("..", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cookies = cm.getCookiesFromHost("baz.com", {});
+  Assert.equal(cookies.length, 1);
+  Assert.equal(cookies[0].name, "foo");
+  cookies = cm.getCookiesFromHost("", {});
+  Assert.ok(!cookies.length);
+  do_check_throws(function () {
+    cm.getCookiesFromHost(".", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.getCookiesFromHost("..", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.removeAll();
+
+  // test that an empty host to add() or remove() works,
+  // but a host of '.' doesn't
+  cm.add(
+    "",
+    "/",
+    "foo2",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(getCookieCount(), 1);
+  do_check_throws(function () {
+    cm.add(
+      ".",
+      "/",
+      "foo3",
+      "bar",
+      false,
+      false,
+      true,
+      expiry,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  Assert.equal(getCookieCount(), 1);
+
+  cm.remove("", "foo2", "/", {});
+  Assert.equal(getCookieCount(), 0);
+  do_check_throws(function () {
+    cm.remove(".", "foo3", "/", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  // test that the 'domain' attribute accepts a leading dot for IP addresses,
+  // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
+  // resulting cookie is for the exact host only.
+  await testDomainCookie("http://192.168.0.1/", "192.168.0.1");
+  await testDomainCookie("http://localhost/", "localhost");
+  await testDomainCookie("http://co.uk/", "co.uk");
+
+  // Test that trailing dots are treated differently for purposes of the
+  // 'domain' attribute when using setCookieStringFromDocument.
+  await testTrailingDotCookie("http://localhost/", "localhost");
+  await testTrailingDotCookie("http://foo.com/", "foo.com");
+
+  cm.removeAll();
+});
+
+function getCookieCount() {
+  var cm = Services.cookies;
+  return cm.cookies.length;
+}
+
+async function testDomainCookie(uriString, domain) {
+  var cm = Services.cookies;
+
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=" + domain
+  );
+
+  var cookies = cm.getCookiesFromHost(domain, {});
+  Assert.ok(cookies.length);
+  Assert.equal(cookies[0].host, domain);
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=." + domain
+  );
+
+  cookies = cm.getCookiesFromHost(domain, {});
+  Assert.ok(cookies.length);
+  Assert.equal(cookies[0].host, domain);
+  cm.removeAll();
+}
+
+async function testTrailingDotCookie(uriString, domain) {
+  var cm = Services.cookies;
+
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=" + domain + "/"
+  );
+
+  Assert.equal(cm.countCookiesFromHost(domain), 0);
+  Assert.equal(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+  Services.prefs.clearUserPref("dom.security.https_first");
+}
-- 
cgit v1.2.3