1 files changed, 120 insertions, 0 deletions
diff --git a/tests/selenium/super_cookie_test.py b/tests/selenium/super_cookie_test.py
new file mode 100644
index 0000000..de6c5dd
--- /dev/null
+++ b/tests/selenium/super_cookie_test.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+
+import unittest
+
+import pbtest
+
+from functools import partial
+
+
+class SupercookieTest(pbtest.PBSeleniumTest):
+    """Make sure we detect potential supercookies. """
+
+    def get_snitch_map_for(self, origin):
+        self.open_window() # don't replace the test page to allow for retrying
+        self.load_url(self.options_url)
+
+        CHECK_SNITCH_MAP_JS = (
+            "return chrome.extension.getBackgroundPage()"
+            ".badger.storage.getStore('snitch_map')"
+            ".getItemClones()[arguments[0]];"
+        )
+
+        return self.js(CHECK_SNITCH_MAP_JS, origin)
+
+    def setUp(self):
+        # enable local learning
+        self.load_url(self.options_url)
+        self.wait_for_script("return window.OPTIONS_INITIALIZED")
+        self.find_el_by_css('#local-learning-checkbox').click()
+
+    # test for https://github.com/EFForg/privacybadger/pull/1403
+    # TODO remove retrying entire test after we revert 879a74f807999a2135e4d48bb5efbd8a1beff4f8
+    @pbtest.repeat_if_failed(5)
+    def test_async_tracking_attribution_bug(self):
+        FIRST_PARTY_BASE = "eff.org"
+        THIRD_PARTY_BASE = "efforg.github.io"
+
+        self.load_url((
+            "https://privacybadger-tests.{}/html/"
+            "async_localstorage_attribution_bug.html"
+        ).format(FIRST_PARTY_BASE))
+
+        # the above HTML page reloads itself furiously to trigger our bug
+        # we need to wait for it to finish reloading
+        self.wait_for_script("return window.DONE_RELOADING === true")
+
+        # the HTML page contains:
+
+        # an iframe from THIRD_PARTY_BASE that writes to localStorage
+        self.assertEqual(
+            pbtest.retry_until(partial(self.get_snitch_map_for, THIRD_PARTY_BASE)),
+            [FIRST_PARTY_BASE],
+            msg="Frame sets localStorage but was not flagged as a tracker.")
+
+        # and an image from raw.githubusercontent.com that doesn't do any tracking
+        self.assertFalse(self.get_snitch_map_for("raw.githubusercontent.com"),
+            msg="Image is not a tracker but was flagged as one.")
+
+
+    def test_should_detect_ls_of_third_party_frame(self):
+        FIRST_PARTY_BASE = "eff.org"
+        THIRD_PARTY_BASE = "efforg.github.io"
+
+        self.assertFalse(self.get_snitch_map_for(THIRD_PARTY_BASE))
+
+        self.load_url((
+            "https://privacybadger-tests.{}/html/"
+            "localstorage.html"
+        ).format(FIRST_PARTY_BASE))
+
+        # TODO We get some intermittent failures for this test.
+        # It seems we sometimes miss the setting of localStorage items
+        # because the script runs after we already checked what's in localStorage.
+        # We can work around this race condition by reloading the page.
+        self.driver.refresh()
+
+        self.assertEqual(
+            pbtest.retry_until(partial(self.get_snitch_map_for, THIRD_PARTY_BASE), times=3),
+            [FIRST_PARTY_BASE]
+        )
+
+    def test_should_not_detect_low_entropy_ls_of_third_party_frame(self):
+        FIRST_PARTY_BASE = "eff.org"
+        THIRD_PARTY_BASE = "efforg.github.io"
+        self.assertFalse(self.get_snitch_map_for(THIRD_PARTY_BASE))
+        self.load_url((
+            "https://privacybadger-tests.{}/html/"
+            "localstorage_low_entropy.html"
+        ).format(FIRST_PARTY_BASE))
+        self.driver.refresh()
+        self.assertFalse(self.get_snitch_map_for(THIRD_PARTY_BASE))
+
+    def test_should_not_detect_first_party_ls(self):
+        BASE_DOMAIN = "efforg.github.io"
+        self.load_url((
+            "https://{}/privacybadger-test-fixtures/html/"
+            "localstorage/set_ls.html"
+        ).format(BASE_DOMAIN))
+        self.driver.refresh()
+        self.assertFalse(self.get_snitch_map_for(BASE_DOMAIN))
+
+    def test_should_not_detect_ls_of_third_party_script(self):
+        FIRST_PARTY_BASE = "eff.org"
+        THIRD_PARTY_BASE = "efforg.github.io"
+
+        # a third-party script included by the top page (not a 3rd party frame)
+        self.load_url((
+            "https://privacybadger-tests.{}/html/"
+            "localstorage_from_third_party_script.html"
+        ).format(FIRST_PARTY_BASE))
+
+        self.driver.refresh()
+
+        self.assertFalse(self.get_snitch_map_for(FIRST_PARTY_BASE))
+        self.assertFalse(self.get_snitch_map_for(THIRD_PARTY_BASE))
+
+
+if __name__ == "__main__":
+    unittest.main()