1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
|
#!/usr/bin/env python3
from __future__ import print_function
import json, sys
def assert_non_empty_string(obj, field):
assert field in obj, 'Missing field "%s"' % field
assert isinstance(obj[field], basestring), \
'Field "%s" must be a string' % field
assert len(obj[field]) > 0, 'Field "%s" must not be empty' % field
def assert_non_empty_list(obj, field):
assert isinstance(obj[field], list), \
'%s must be a list' % field
assert len(obj[field]) > 0, \
'%s list must not be empty' % field
def assert_non_empty_dict(obj, field):
assert isinstance(obj[field], dict), \
'%s must be a dict' % field
assert len(obj[field]) > 0, \
'%s dict must not be empty' % field
def assert_contains(obj, field):
assert field in obj, 'Must contain field "%s"' % field
def assert_value_from(obj, field, items):
assert obj[field] in items, \
'Field "%s" must be from: %s' % (field, str(items))
def assert_atom_or_list_items_from(obj, field, items):
if isinstance(obj[field], basestring) or isinstance(
obj[field], int) or obj[field] is None:
assert_value_from(obj, field, items)
return
assert isinstance(obj[field], list), '%s must be a list' % field
for allowed_value in obj[field]:
assert allowed_value != '*', "Wildcard is not supported for lists!"
assert allowed_value in items, \
'Field "%s" must be from: %s' % (field, str(items))
def assert_contains_only_fields(obj, expected_fields):
for expected_field in expected_fields:
assert_contains(obj, expected_field)
for actual_field in obj:
assert actual_field in expected_fields, \
'Unexpected field "%s".' % actual_field
def leaf_values(schema):
if isinstance(schema, list):
return schema
ret = []
for _, sub_schema in schema.iteritems():
ret += leaf_values(sub_schema)
return ret
def assert_value_unique_in(value, used_values):
assert value not in used_values, 'Duplicate value "%s"!' % str(value)
used_values[value] = True
def assert_valid_artifact(exp_pattern, artifact_key, schema):
if isinstance(schema, list):
assert_atom_or_list_items_from(exp_pattern, artifact_key,
["*"] + schema)
return
for sub_artifact_key, sub_schema in schema.iteritems():
assert_valid_artifact(exp_pattern[artifact_key], sub_artifact_key,
sub_schema)
def validate(spec_json, details):
""" Validates the json specification for generating tests. """
details['object'] = spec_json
assert_contains_only_fields(spec_json, [
"selection_pattern", "test_file_path_pattern",
"test_description_template", "test_page_title_template",
"specification", "delivery_key", "subresource_schema",
"source_context_schema", "source_context_list_schema",
"test_expansion_schema", "excluded_tests"
])
assert_non_empty_list(spec_json, "specification")
assert_non_empty_dict(spec_json, "test_expansion_schema")
assert_non_empty_list(spec_json, "excluded_tests")
specification = spec_json['specification']
test_expansion_schema = spec_json['test_expansion_schema']
excluded_tests = spec_json['excluded_tests']
valid_test_expansion_fields = test_expansion_schema.keys()
# Should be consistent with `sourceContextMap` in
# `/common/security-features/resources/common.sub.js`.
valid_source_context_names = [
"top", "iframe", "iframe-blank", "srcdoc", "worker-classic",
"worker-module", "worker-classic-data", "worker-module-data",
"sharedworker-classic", "sharedworker-module",
"sharedworker-classic-data", "sharedworker-module-data"
]
valid_subresource_names = [
"a-tag", "area-tag", "audio-tag", "form-tag", "iframe-tag", "img-tag",
"link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag",
"script-tag", "script-tag-dynamic-import", "video-tag"
] + ["beacon", "fetch", "xhr", "websocket"] + [
"worker-classic", "worker-module", "worker-import",
"worker-import-data", "sharedworker-classic", "sharedworker-module",
"sharedworker-import", "sharedworker-import-data",
"serviceworker-classic", "serviceworker-module",
"serviceworker-import", "serviceworker-import-data"
] + [
"worklet-animation", "worklet-audio", "worklet-layout",
"worklet-paint", "worklet-animation-import", "worklet-audio-import",
"worklet-layout-import", "worklet-paint-import",
"worklet-animation-import-data", "worklet-audio-import-data",
"worklet-layout-import-data", "worklet-paint-import-data"
]
# Validate each single spec.
for spec in specification:
details['object'] = spec
# Validate required fields for a single spec.
assert_contains_only_fields(spec, [
'title', 'description', 'specification_url', 'test_expansion'
])
assert_non_empty_string(spec, 'title')
assert_non_empty_string(spec, 'description')
assert_non_empty_string(spec, 'specification_url')
assert_non_empty_list(spec, 'test_expansion')
for spec_exp in spec['test_expansion']:
details['object'] = spec_exp
assert_contains_only_fields(spec_exp, valid_test_expansion_fields)
for artifact in test_expansion_schema:
details['test_expansion_field'] = artifact
assert_valid_artifact(spec_exp, artifact,
test_expansion_schema[artifact])
del details['test_expansion_field']
# Validate source_context_schema.
details['object'] = spec_json['source_context_schema']
assert_contains_only_fields(
spec_json['source_context_schema'],
['supported_delivery_type', 'supported_subresource'])
assert_contains_only_fields(
spec_json['source_context_schema']['supported_delivery_type'],
valid_source_context_names)
for source_context in spec_json['source_context_schema'][
'supported_delivery_type']:
assert_valid_artifact(
spec_json['source_context_schema']['supported_delivery_type'],
source_context, test_expansion_schema['delivery_type'])
assert_contains_only_fields(
spec_json['source_context_schema']['supported_subresource'],
valid_source_context_names)
for source_context in spec_json['source_context_schema'][
'supported_subresource']:
assert_valid_artifact(
spec_json['source_context_schema']['supported_subresource'],
source_context, leaf_values(test_expansion_schema['subresource']))
# Validate subresource_schema.
details['object'] = spec_json['subresource_schema']
assert_contains_only_fields(spec_json['subresource_schema'],
['supported_delivery_type'])
assert_contains_only_fields(
spec_json['subresource_schema']['supported_delivery_type'],
leaf_values(test_expansion_schema['subresource']))
for subresource in spec_json['subresource_schema'][
'supported_delivery_type']:
assert_valid_artifact(
spec_json['subresource_schema']['supported_delivery_type'],
subresource, test_expansion_schema['delivery_type'])
# Validate the test_expansion schema members.
details['object'] = test_expansion_schema
assert_contains_only_fields(test_expansion_schema, [
'expansion', 'source_scheme', 'source_context_list', 'delivery_type',
'delivery_value', 'redirection', 'subresource', 'origin', 'expectation'
])
assert_atom_or_list_items_from(test_expansion_schema, 'expansion',
['default', 'override'])
assert_atom_or_list_items_from(test_expansion_schema, 'source_scheme',
['http', 'https'])
assert_atom_or_list_items_from(
test_expansion_schema, 'source_context_list',
spec_json['source_context_list_schema'].keys())
# Should be consistent with `preprocess_redirection` in
# `/common/security-features/subresource/subresource.py`.
assert_atom_or_list_items_from(test_expansion_schema, 'redirection', [
'no-redirect', 'keep-origin', 'swap-origin', 'keep-scheme',
'swap-scheme', 'downgrade'
])
for subresource in leaf_values(test_expansion_schema['subresource']):
assert subresource in valid_subresource_names, "Invalid subresource %s" % subresource
# Should be consistent with getSubresourceOrigin() in
# `/common/security-features/resources/common.sub.js`.
assert_atom_or_list_items_from(test_expansion_schema, 'origin', [
'same-http', 'same-https', 'same-ws', 'same-wss', 'cross-http',
'cross-https', 'cross-ws', 'cross-wss', 'same-http-downgrade',
'cross-http-downgrade', 'same-ws-downgrade', 'cross-ws-downgrade'
])
# Validate excluded tests.
details['object'] = excluded_tests
for excluded_test_expansion in excluded_tests:
assert_contains_only_fields(excluded_test_expansion,
valid_test_expansion_fields)
details['object'] = excluded_test_expansion
for artifact in test_expansion_schema:
details['test_expansion_field'] = artifact
assert_valid_artifact(excluded_test_expansion, artifact,
test_expansion_schema[artifact])
del details['test_expansion_field']
del details['object']
def assert_valid_spec_json(spec_json):
error_details = {}
try:
validate(spec_json, error_details)
except AssertionError as err:
print('ERROR:', err.message)
print(json.dumps(error_details, indent=4))
sys.exit(1)
def main():
spec_json = load_spec_json()
assert_valid_spec_json(spec_json)
print("Spec JSON is valid.")
if __name__ == '__main__':
main()
|