1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "gtest/gtest.h"
#include <string.h>
#include <stdlib.h>
#include "nsContentSecurityManager.h"
#include "nsContentUtils.h"
#include "nsIPrincipal.h"
#include "nsScriptSecurityManager.h"
#include "mozilla/NullPrincipal.h"
#include "mozilla/Preferences.h"
using namespace mozilla;
static const uint32_t kURIMaxLength = 64;
struct TestExpectations {
char uri[kURIMaxLength];
bool expectedResult;
};
class MOZ_RAII AutoRestoreBoolPref final {
public:
AutoRestoreBoolPref(const char* aPref, bool aValue) : mPref(aPref) {
Preferences::GetBool(mPref, &mOldValue);
Preferences::SetBool(mPref, aValue);
}
~AutoRestoreBoolPref() { Preferences::SetBool(mPref, mOldValue); }
private:
const char* mPref = nullptr;
bool mOldValue = false;
};
// ============================= TestDirectives ========================
TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
{
// boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
AutoRestoreBoolPref savedPref("network.proxy.allow_hijacking_localhost",
false);
static const TestExpectations uris[] = {
{"http://example.com/", false},
{"https://example.com/", true},
{"ws://example.com/", false},
{"wss://example.com/", true},
{"file:///xyzzy", true},
{"about:config", false},
{"http://localhost", true},
{"http://localhost.localhost", true},
{"http://a.b.c.d.e.localhost", true},
{"http://xyzzy.localhost", true},
{"http://127.0.0.1", true},
{"http://127.0.0.2", true},
{"http://127.1.0.1", true},
{"http://128.0.0.1", false},
{"http://[::1]", true},
{"http://[::ffff:127.0.0.1]", false},
{"http://[::ffff:127.0.0.2]", false},
{"http://[::ffff:7f00:1]", false},
{"http://[::ffff:7f00:2]", false},
{"resource://xyzzy", true},
{"moz-extension://xyzzy", true},
{"data:data:text/plain;charset=utf-8;base64,eHl6enk=", false},
{"blob://unique-id", false},
{"mailto:foo@bar.com", false},
{"moz-icon://example.com", false},
{"javascript:42", false},
};
uint32_t numExpectations = sizeof(uris) / sizeof(TestExpectations);
nsCOMPtr<nsIContentSecurityManager> csManager =
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
ASSERT_TRUE(!!csManager);
nsresult rv;
for (uint32_t i = 0; i < numExpectations; i++) {
nsCOMPtr<nsIPrincipal> prin;
nsAutoCString uri(uris[i].uri);
rv = nsScriptSecurityManager::GetScriptSecurityManager()
->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
ASSERT_EQ(rv, NS_OK);
bool isPotentiallyTrustworthy = prin->GetIsOriginPotentiallyTrustworthy();
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult)
<< uris[i].uri << uris[i].expectedResult;
}
}
TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal)
{
RefPtr<nsScriptSecurityManager> ssManager =
nsScriptSecurityManager::GetScriptSecurityManager();
ASSERT_TRUE(!!ssManager);
nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
bool isPotentiallyTrustworthy = sysPrin->GetIsOriginPotentiallyTrustworthy();
ASSERT_TRUE(isPotentiallyTrustworthy);
}
TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal)
{
RefPtr<nsScriptSecurityManager> ssManager =
nsScriptSecurityManager::GetScriptSecurityManager();
ASSERT_TRUE(!!ssManager);
RefPtr<NullPrincipal> nullPrin =
NullPrincipal::CreateWithoutOriginAttributes();
bool isPotentiallyTrustworthy;
nsresult rv =
nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
ASSERT_EQ(rv, NS_OK);
ASSERT_TRUE(!isPotentiallyTrustworthy);
}
|