1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
import unittest
import pbtest
class ClobberingTest(pbtest.PBSeleniumTest):
def test_localstorage_clobbering(self):
LOCALSTORAGE_TESTS = [
# (test result element ID, expected stored, expected empty)
('get-item', "qwerty", "null"),
('get-property', "asdf", "undefined"),
('get-item-proto', "qwerty", "null"),
('get-item-srcdoc', "qwerty", "null"),
('get-property-srcdoc', "asdf", "undefined"),
('get-item-frames', "qwerty", "null"),
('get-property-frames', "asdf", "undefined"),
]
# page loads a frame that writes to and reads from localStorage
# TODO remove delays from fixture once race condition (https://crbug.com/478183) is fixed
FIXTURE_URL = "https://privacybadger-tests.eff.org/html/clobbering.html"
FRAME_DOMAIN = "efforg.github.io"
# first allow localStorage to be set
self.load_url(FIXTURE_URL)
self.wait_for_and_switch_to_frame('iframe')
for selector, expected, _ in LOCALSTORAGE_TESTS:
# wait for each test to run
self.wait_for_script(
"return document.getElementById('%s')"
".textContent != '...';" % selector,
timeout=2,
message=(
"Timed out waiting for localStorage (%s) to finish ... "
"This probably means the fixture "
"errored out somewhere." % selector
)
)
self.assertEqual(
self.txt_by_css("#" + selector), expected,
"localStorage (%s) was not read successfully"
"for some reason" % selector
)
# mark the frame domain for cookieblocking
self.cookieblock_domain(FRAME_DOMAIN)
# now rerun and check results for various localStorage access tests
self.load_url(FIXTURE_URL)
self.wait_for_and_switch_to_frame('iframe')
for selector, _, expected in LOCALSTORAGE_TESTS:
# wait for each test to run
self.wait_for_script(
"return document.getElementById('%s')"
".textContent != '...';" % selector,
timeout=2,
message=(
"Timed out waiting for localStorage (%s) to finish ... "
"This probably means the fixture "
"errored out somewhere." % selector
)
)
self.assertEqual(
self.txt_by_css("#" + selector), expected,
"localStorage (%s) was read despite cookieblocking" % selector
)
def test_referrer_header(self):
FIXTURE_URL = (
"https://efforg.github.io/privacybadger-test-fixtures/html/"
"referrer.html"
)
THIRD_PARTY_DOMAIN = "httpbin.org"
def verify_referrer_header(expected, failure_message):
self.load_url(FIXTURE_URL)
self.wait_for_script(
"return document.getElementById('referrer').textContent != '';")
referrer = self.txt_by_css("#referrer")
self.assertEqual(referrer[0:8], "Referer=", "Unexpected page output")
self.assertEqual(referrer[8:], expected, failure_message)
# verify base case
verify_referrer_header(
FIXTURE_URL,
"Unexpected default referrer header"
)
# cookieblock the domain fetched by the fixture
self.cookieblock_domain(THIRD_PARTY_DOMAIN)
# recheck what the referrer header looks like now after cookieblocking
verify_referrer_header(
"https://efforg.github.io/",
"Referrer header does not appear to be origin-only"
)
if __name__ == "__main__":
unittest.main()
|
