summaryrefslogtreecommitdiffstats
path: root/comm/mail/test/browser/message-header/browser_phishingBar.js
diff options
context:
space:
mode:
Diffstat (limited to 'comm/mail/test/browser/message-header/browser_phishingBar.js')
-rw-r--r--comm/mail/test/browser/message-header/browser_phishingBar.js307
1 files changed, 307 insertions, 0 deletions
diff --git a/comm/mail/test/browser/message-header/browser_phishingBar.js b/comm/mail/test/browser/message-header/browser_phishingBar.js
new file mode 100644
index 0000000000..f4b429725e
--- /dev/null
+++ b/comm/mail/test/browser/message-header/browser_phishingBar.js
@@ -0,0 +1,307 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * Test that phishing notifications behave properly.
+ */
+
+"use strict";
+
+var { gMockExtProtSvcReg } = ChromeUtils.import(
+ "resource://testing-common/mozmill/ContentTabHelpers.jsm"
+);
+var {
+ add_message_to_folder,
+ be_in_folder,
+ create_folder,
+ create_message,
+ get_about_message,
+ inboxFolder,
+ mc,
+ open_message_from_file,
+ select_click_row,
+ wait_for_message_display_completion,
+} = ChromeUtils.import(
+ "resource://testing-common/mozmill/FolderDisplayHelpers.jsm"
+);
+var {
+ assert_notification_displayed,
+ get_notification_button,
+ wait_for_notification_to_show,
+ wait_for_notification_to_stop,
+} = ChromeUtils.import(
+ "resource://testing-common/mozmill/NotificationBoxHelpers.jsm"
+);
+var {
+ async_plan_for_new_window,
+ close_window,
+ plan_for_modal_dialog,
+ plan_for_new_window,
+ wait_for_new_window,
+ click_menus_in_sequence,
+} = ChromeUtils.import("resource://testing-common/mozmill/WindowHelpers.jsm");
+var folder;
+
+var kBoxId = "mail-notification-top";
+var kNotificationValue = "maybeScam";
+
+add_setup(async function () {
+ gMockExtProtSvcReg.register();
+
+ folder = await create_folder("PhishingBarA");
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: '<form action="http://localhost/download-me"><input></form>.',
+ contentType: "text/html",
+ },
+ })
+ );
+ await add_message_to_folder([folder], create_message());
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: "check out http://130.128.4.1. and http://130.128.4.2/.",
+ contentType: "text/plain",
+ },
+ })
+ );
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: '<a href="http://subdomain.google.com/">http://www.google.com</a>.',
+ contentType: "text/html",
+ },
+ })
+ );
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: '<a href="http://subdomain.google.com/">http://google.com</a>.',
+ contentType: "text/html",
+ },
+ })
+ );
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: '<a href="http://evilhost">http://localhost</a>.',
+ contentType: "text/html",
+ },
+ })
+ );
+ await add_message_to_folder(
+ [folder],
+ create_message({
+ body: {
+ body: '<form action="http://localhost/download-me"><input></form>.',
+ contentType: "text/html",
+ },
+ })
+ );
+});
+
+registerCleanupFunction(() => {
+ gMockExtProtSvcReg.unregister();
+});
+
+/**
+ * Make sure the notification shows, and goes away once the Ignore menuitem
+ * is clicked.
+ */
+async function assert_ignore_works(aController) {
+ let aboutMessage = get_about_message(aController.window);
+ wait_for_notification_to_show(aboutMessage, kBoxId, kNotificationValue);
+ let prefButton = get_notification_button(
+ aboutMessage,
+ kBoxId,
+ kNotificationValue,
+ { popup: "phishingOptions" }
+ );
+ EventUtils.synthesizeMouseAtCenter(prefButton, {}, prefButton.ownerGlobal);
+ await click_menus_in_sequence(
+ aboutMessage.document.getElementById("phishingOptions"),
+ [{ id: "phishingOptionIgnore" }]
+ );
+ wait_for_notification_to_stop(aboutMessage, kBoxId, kNotificationValue);
+}
+
+/**
+ * Helper function to click the first link in a message if one is available.
+ */
+function click_link_if_available() {
+ let msgBody =
+ get_about_message().getMessagePaneBrowser().contentDocument.body;
+ if (msgBody.getElementsByTagName("a").length > 0) {
+ msgBody.getElementsByTagName("a")[0].click();
+ }
+}
+
+/**
+ * Test that when viewing a message, choosing ignore hides the the phishing
+ * notification.
+ */
+add_task(async function test_ignore_phishing_warning_from_message() {
+ let aboutMessage = get_about_message();
+
+ await be_in_folder(folder);
+ select_click_row(0);
+ await assert_ignore_works(mc);
+
+ select_click_row(1);
+ // msg 1 is normal -> no phishing warning
+ assert_notification_displayed(
+ aboutMessage,
+ kBoxId,
+ kNotificationValue,
+ false
+ );
+ select_click_row(0);
+ // msg 0 is a potential phishing attempt, but we ignored it so that should
+ // be remembered
+ assert_notification_displayed(
+ aboutMessage,
+ kBoxId,
+ kNotificationValue,
+ false
+ );
+});
+
+/**
+ * Test that when viewing en eml file, choosing ignore hides the phishing
+ * notification.
+ */
+add_task(async function test_ignore_phishing_warning_from_eml() {
+ let file = new FileUtils.File(getTestFilePath("data/evil.eml"));
+
+ let msgc = await open_message_from_file(file);
+ await assert_ignore_works(msgc);
+ close_window(msgc);
+}).skip();
+
+/**
+ * Test that when viewing an attached eml file, the phishing notification works.
+ */
+add_task(async function test_ignore_phishing_warning_from_eml_attachment() {
+ let file = new FileUtils.File(getTestFilePath("data/evil-attached.eml"));
+
+ let msgc = await open_message_from_file(file);
+ let aboutMessage = get_about_message(msgc.window);
+
+ // Make sure the root message shows the phishing bar.
+ wait_for_notification_to_show(aboutMessage, kBoxId, kNotificationValue);
+
+ // Open the attached message.
+ let newWindowPromise = async_plan_for_new_window("mail:messageWindow");
+ aboutMessage.document
+ .getElementById("attachmentList")
+ .getItemAtIndex(0)
+ .attachment.open();
+ let msgc2 = await newWindowPromise;
+ wait_for_message_display_completion(msgc2, true);
+
+ // Now make sure the attached message shows the phishing bar.
+ wait_for_notification_to_show(
+ get_about_message(msgc2.window),
+ kBoxId,
+ kNotificationValue
+ );
+
+ close_window(msgc2);
+ close_window(msgc);
+}).skip();
+
+/**
+ * Test that when viewing a message with an auto-linked ip address, we don't
+ * get a warning when clicking the link.
+ * We'll have http://130.128.4.1 vs. http://130.128.4.1/
+ */
+add_task(async function test_no_phishing_warning_for_ip_sameish_text() {
+ await be_in_folder(folder);
+ select_click_row(2); // Mail with Public IP address.
+ click_link_if_available();
+ assert_notification_displayed(
+ get_about_message(),
+ kBoxId,
+ kNotificationValue,
+ false
+ ); // not shown
+});
+
+/**
+ * Test that when viewing a message with a link whose base domain matches but
+ * has a different subdomain (e.g. http://subdomain.google.com/ vs
+ * http://google.com/), we don't get a warning if the link is pressed.
+ */
+add_task(async function test_no_phishing_warning_for_subdomain() {
+ let aboutMessage = get_about_message();
+ await be_in_folder(folder);
+ select_click_row(3);
+ click_link_if_available();
+ assert_notification_displayed(
+ aboutMessage,
+ kBoxId,
+ kNotificationValue,
+ false
+ ); // not shown
+
+ select_click_row(4);
+ click_link_if_available();
+ assert_notification_displayed(
+ aboutMessage,
+ kBoxId,
+ kNotificationValue,
+ false
+ ); // not shown
+});
+
+/**
+ * Test that when clicking a link where the text and/or href
+ * has no TLD, we still warn as appropriate.
+ */
+add_task(async function test_phishing_warning_for_local_domain() {
+ await be_in_folder(folder);
+ select_click_row(5);
+
+ let dialogAppeared = false;
+
+ plan_for_modal_dialog("commonDialogWindow", function (ctrler) {
+ dialogAppeared = true;
+ });
+
+ click_link_if_available();
+
+ Assert.ok(dialogAppeared);
+});
+
+/**
+ * Test that we warn about emails which contain <form>s with action attributes.
+ */
+add_task(async function test_phishing_warning_for_action_form() {
+ await be_in_folder(folder);
+ select_click_row(6);
+ assert_notification_displayed(
+ get_about_message(),
+ kBoxId,
+ kNotificationValue,
+ true
+ ); // shown
+
+ Assert.report(
+ false,
+ undefined,
+ undefined,
+ "Test ran to completion successfully"
+ );
+});
+
+registerCleanupFunction(async function teardown() {
+ await be_in_folder(inboxFolder);
+ folder.deleteSelf(null);
+});
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-14 12:17:17 +0000