forked from mirrors/gecko-dev
21d0203054
Stop excluding caps/ from eslint runs and apply mozilla/recommended rules. This generally affects xpcshell and mochitest files under caps/tests. Includes many mechanical changes to comply with mozilla recommended formatting rules.
304 lines
14 KiB
JavaScript
304 lines
14 KiB
JavaScript
var Cc = Components.classes;
|
|
var Ci = Components.interfaces;
|
|
var Cu = Components.utils;
|
|
|
|
Cu.import("resource://gre/modules/Services.jsm");
|
|
var ssm = Services.scriptSecurityManager;
|
|
function makeURI(uri) { return Services.io.newURI(uri); }
|
|
|
|
function checkThrows(f) {
|
|
var threw = false;
|
|
try { f(); } catch (e) { threw = true }
|
|
do_check_true(threw);
|
|
}
|
|
|
|
function checkCrossOrigin(a, b) {
|
|
do_check_false(a.equals(b));
|
|
do_check_false(a.equalsConsideringDomain(b));
|
|
do_check_false(a.subsumes(b));
|
|
do_check_false(a.subsumesConsideringDomain(b));
|
|
do_check_false(b.subsumes(a));
|
|
do_check_false(b.subsumesConsideringDomain(a));
|
|
}
|
|
|
|
function checkOriginAttributes(prin, attrs, suffix) {
|
|
attrs = attrs || {};
|
|
do_check_eq(prin.originAttributes.appId, attrs.appId || 0);
|
|
do_check_eq(prin.originAttributes.inIsolatedMozBrowser, attrs.inIsolatedMozBrowser || false);
|
|
do_check_eq(prin.originSuffix, suffix || "");
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
|
|
do_check_true(ChromeUtils.originAttributesMatchPattern(prin.originAttributes, attrs));
|
|
if (!prin.isNullPrincipal && !prin.origin.startsWith("[")) {
|
|
do_check_true(ssm.createCodebasePrincipalFromOrigin(prin.origin).equals(prin));
|
|
} else {
|
|
checkThrows(() => ssm.createCodebasePrincipalFromOrigin(prin.origin));
|
|
}
|
|
}
|
|
|
|
function checkSandboxOriginAttributes(arr, attrs, options) {
|
|
options = options || {};
|
|
var sandbox = Cu.Sandbox(arr, options);
|
|
checkOriginAttributes(Cu.getObjectPrincipal(sandbox), attrs,
|
|
ChromeUtils.originAttributesToSuffix(attrs));
|
|
}
|
|
|
|
// utility function useful for debugging
|
|
function printAttrs(name, attrs) {
|
|
do_print(name + " {\n" +
|
|
"\tappId: " + attrs.appId + ",\n" +
|
|
"\tuserContextId: " + attrs.userContextId + ",\n" +
|
|
"\tinIsolatedMozBrowser: " + attrs.inIsolatedMozBrowser + ",\n" +
|
|
"\tprivateBrowsingId: '" + attrs.privateBrowsingId + "',\n" +
|
|
"\tfirstPartyDomain: '" + attrs.firstPartyDomain + "'\n}");
|
|
}
|
|
|
|
|
|
function checkValues(attrs, values) {
|
|
values = values || {};
|
|
// printAttrs("attrs", attrs);
|
|
// printAttrs("values", values);
|
|
do_check_eq(attrs.appId, values.appId || 0);
|
|
do_check_eq(attrs.userContextId, values.userContextId || 0);
|
|
do_check_eq(attrs.inIsolatedMozBrowser, values.inIsolatedMozBrowser || false);
|
|
do_check_eq(attrs.privateBrowsingId, values.privateBrowsingId || "");
|
|
do_check_eq(attrs.firstPartyDomain, values.firstPartyDomain || "");
|
|
}
|
|
|
|
function run_test() {
|
|
// Attributeless origins.
|
|
do_check_eq(ssm.getSystemPrincipal().origin, "[System Principal]");
|
|
checkOriginAttributes(ssm.getSystemPrincipal());
|
|
var exampleOrg = ssm.createCodebasePrincipal(makeURI("http://example.org"), {});
|
|
do_check_eq(exampleOrg.origin, "http://example.org");
|
|
checkOriginAttributes(exampleOrg);
|
|
var exampleCom = ssm.createCodebasePrincipal(makeURI("https://www.example.com:123"), {});
|
|
do_check_eq(exampleCom.origin, "https://www.example.com:123");
|
|
checkOriginAttributes(exampleCom);
|
|
var nullPrin = Cu.getObjectPrincipal(new Cu.Sandbox(null));
|
|
do_check_true(/^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(nullPrin.origin));
|
|
checkOriginAttributes(nullPrin);
|
|
var ipv6Prin = ssm.createCodebasePrincipal(makeURI("https://[2001:db8::ff00:42:8329]:123"), {});
|
|
do_check_eq(ipv6Prin.origin, "https://[2001:db8::ff00:42:8329]:123");
|
|
checkOriginAttributes(ipv6Prin);
|
|
var ipv6NPPrin = ssm.createCodebasePrincipal(makeURI("https://[2001:db8::ff00:42:8329]"), {});
|
|
do_check_eq(ipv6NPPrin.origin, "https://[2001:db8::ff00:42:8329]");
|
|
checkOriginAttributes(ipv6NPPrin);
|
|
var ep = Cu.getObjectPrincipal(Cu.Sandbox([exampleCom, nullPrin, exampleOrg]));
|
|
checkOriginAttributes(ep);
|
|
checkCrossOrigin(exampleCom, exampleOrg);
|
|
checkCrossOrigin(exampleOrg, nullPrin);
|
|
|
|
// nsEP origins should be in lexical order.
|
|
do_check_eq(ep.origin, `[Expanded Principal [${exampleOrg.origin}, ${exampleCom.origin}, ${nullPrin.origin}]]`);
|
|
|
|
// Make sure createCodebasePrincipal does what the rest of gecko does.
|
|
do_check_true(exampleOrg.equals(Cu.getObjectPrincipal(new Cu.Sandbox("http://example.org"))));
|
|
|
|
//
|
|
// Test origin attributes.
|
|
//
|
|
|
|
// Just app.
|
|
var exampleOrg_app = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 42});
|
|
var nullPrin_app = ssm.createNullPrincipal({appId: 42});
|
|
checkOriginAttributes(exampleOrg_app, {appId: 42}, "^appId=42");
|
|
checkOriginAttributes(nullPrin_app, {appId: 42}, "^appId=42");
|
|
do_check_eq(exampleOrg_app.origin, "http://example.org^appId=42");
|
|
|
|
// Just browser.
|
|
var exampleOrg_browser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true});
|
|
var nullPrin_browser = ssm.createNullPrincipal({inIsolatedMozBrowser: true});
|
|
checkOriginAttributes(exampleOrg_browser, {inIsolatedMozBrowser: true}, "^inBrowser=1");
|
|
checkOriginAttributes(nullPrin_browser, {inIsolatedMozBrowser: true}, "^inBrowser=1");
|
|
do_check_eq(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
|
|
|
|
// App and browser.
|
|
var exampleOrg_appBrowser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true, appId: 42});
|
|
var nullPrin_appBrowser = ssm.createNullPrincipal({inIsolatedMozBrowser: true, appId: 42});
|
|
checkOriginAttributes(exampleOrg_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
|
|
checkOriginAttributes(nullPrin_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
|
|
do_check_eq(exampleOrg_appBrowser.origin, "http://example.org^appId=42&inBrowser=1");
|
|
|
|
// App and browser, different domain.
|
|
var exampleCom_appBrowser = ssm.createCodebasePrincipal(makeURI("https://www.example.com:123"), {appId: 42, inIsolatedMozBrowser: true});
|
|
checkOriginAttributes(exampleCom_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
|
|
do_check_eq(exampleCom_appBrowser.origin, "https://www.example.com:123^appId=42&inBrowser=1");
|
|
|
|
// First party Uri
|
|
var exampleOrg_firstPartyDomain = ssm.createCodebasePrincipal(makeURI("http://example.org"), {firstPartyDomain: "example.org"});
|
|
checkOriginAttributes(exampleOrg_firstPartyDomain, { firstPartyDomain: "example.org" }, "^firstPartyDomain=example.org");
|
|
do_check_eq(exampleOrg_firstPartyDomain.origin, "http://example.org^firstPartyDomain=example.org");
|
|
|
|
// Make sure we don't crash when serializing principals with UNKNOWN_APP_ID.
|
|
try {
|
|
let binaryStream = Cc["@mozilla.org/binaryoutputstream;1"].
|
|
createInstance(Ci.nsIObjectOutputStream);
|
|
let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
|
|
pipe.init(false, false, 0, 0xffffffff, null);
|
|
binaryStream.setOutputStream(pipe.outputStream);
|
|
binaryStream.writeCompoundObject(simplePrin, Ci.nsISupports, true); // eslint-disable-line no-undef
|
|
binaryStream.close();
|
|
} catch (e) {
|
|
do_check_true(true);
|
|
}
|
|
|
|
|
|
// Just userContext.
|
|
var exampleOrg_userContext = ssm.createCodebasePrincipal(makeURI("http://example.org"), {userContextId: 42});
|
|
checkOriginAttributes(exampleOrg_userContext, { userContextId: 42 }, "^userContextId=42");
|
|
do_check_eq(exampleOrg_userContext.origin, "http://example.org^userContextId=42");
|
|
|
|
// UserContext and App.
|
|
var exampleOrg_userContextApp = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 24, userContextId: 42});
|
|
var nullPrin_userContextApp = ssm.createNullPrincipal({appId: 24, userContextId: 42});
|
|
checkOriginAttributes(exampleOrg_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
|
|
checkOriginAttributes(nullPrin_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
|
|
do_check_eq(exampleOrg_userContextApp.origin, "http://example.org^appId=24&userContextId=42");
|
|
|
|
checkSandboxOriginAttributes(null, {});
|
|
checkSandboxOriginAttributes("http://example.org", {});
|
|
checkSandboxOriginAttributes("http://example.org", {}, {originAttributes: {}});
|
|
checkSandboxOriginAttributes("http://example.org", {appId: 42}, {originAttributes: {appId: 42}});
|
|
checkSandboxOriginAttributes(["http://example.org"], {});
|
|
checkSandboxOriginAttributes(["http://example.org"], {}, {originAttributes: {}});
|
|
checkSandboxOriginAttributes(["http://example.org"], {appId: 42}, {originAttributes: {appId: 42}});
|
|
|
|
// Check that all of the above are cross-origin.
|
|
checkCrossOrigin(exampleOrg_app, exampleOrg);
|
|
checkCrossOrigin(exampleOrg_app, nullPrin_app);
|
|
checkCrossOrigin(exampleOrg_browser, exampleOrg_app);
|
|
checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
|
|
checkCrossOrigin(exampleOrg_appBrowser, exampleOrg_app);
|
|
checkCrossOrigin(exampleOrg_appBrowser, nullPrin_appBrowser);
|
|
checkCrossOrigin(exampleOrg_appBrowser, exampleCom_appBrowser);
|
|
checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
|
|
checkCrossOrigin(exampleOrg_userContext, exampleOrg);
|
|
checkCrossOrigin(exampleOrg_userContext, exampleOrg_userContextApp);
|
|
|
|
// Check Principal kinds.
|
|
function checkKind(prin, kind) {
|
|
do_check_eq(prin.isNullPrincipal, kind == "nullPrincipal");
|
|
do_check_eq(prin.isCodebasePrincipal, kind == "codebasePrincipal");
|
|
do_check_eq(prin.isExpandedPrincipal, kind == "expandedPrincipal");
|
|
do_check_eq(prin.isSystemPrincipal, kind == "systemPrincipal");
|
|
}
|
|
checkKind(ssm.createNullPrincipal({}), "nullPrincipal");
|
|
checkKind(ssm.createCodebasePrincipal(makeURI("http://www.example.com"), {}), "codebasePrincipal");
|
|
checkKind(Cu.getObjectPrincipal(Cu.Sandbox([ssm.createCodebasePrincipal(makeURI("http://www.example.com"), {})])), "expandedPrincipal");
|
|
checkKind(ssm.getSystemPrincipal(), "systemPrincipal");
|
|
|
|
//
|
|
// Test Origin Attribute Manipulation
|
|
//
|
|
|
|
// check that we can create an empty origin attributes dict with default
|
|
// members and values.
|
|
var emptyAttrs = ChromeUtils.fillNonDefaultOriginAttributes({});
|
|
checkValues(emptyAttrs);
|
|
|
|
var uri = "http://example.org";
|
|
var tests = [
|
|
[ "", {} ],
|
|
[ "^appId=5", {appId: 5} ],
|
|
[ "^userContextId=3", {userContextId: 3} ],
|
|
[ "^inBrowser=1", {inIsolatedMozBrowser: true} ],
|
|
[ "^firstPartyDomain=example.org", {firstPartyDomain: "example.org"} ],
|
|
[ "^appId=3&inBrowser=1&userContextId=6",
|
|
{appId: 3, userContextId: 6, inIsolatedMozBrowser: true} ] ];
|
|
|
|
// check that we can create an origin attributes from an origin properly
|
|
tests.forEach(t => {
|
|
let attrs = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
|
|
checkValues(attrs, t[1]);
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
|
|
});
|
|
|
|
// check that we can create an origin attributes from a dict properly
|
|
tests.forEach(t => {
|
|
let attrs = ChromeUtils.fillNonDefaultOriginAttributes(t[1]);
|
|
checkValues(attrs, t[1]);
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
|
|
});
|
|
|
|
// each row in the set_tests array has these values:
|
|
// [0] - the suffix used to create an origin attribute from
|
|
// [1] - the expected result of creating an origin attribute from [0]
|
|
// [2] - the pattern to set on the origin attributes
|
|
// [3] - the expected result of setting [2] values on [1]
|
|
// [4] - the expected result of creating a suffix from [3]
|
|
var set_tests = [
|
|
[ "", {}, {appId: 5}, {appId: 5}, "^appId=5" ],
|
|
[ "^appId=5", {appId: 5}, {appId: 3}, {appId: 3}, "^appId=3" ],
|
|
[ "^appId=5", {appId: 5}, {userContextId: 3}, {appId: 5, userContextId: 3}, "^appId=5&userContextId=3" ],
|
|
[ "^appId=5", {appId: 5}, {appId: 3, userContextId: 7}, {appId: 3, userContextId: 7}, "^appId=3&userContextId=7" ] ];
|
|
|
|
// check that we can set origin attributes values properly
|
|
set_tests.forEach(t => {
|
|
let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
|
|
checkValues(orig, t[1]);
|
|
let mod = orig;
|
|
for (var key in t[2]) {
|
|
mod[key] = t[2][key];
|
|
}
|
|
checkValues(mod, t[3]);
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(mod), t[4]);
|
|
});
|
|
|
|
// each row in the dflt_tests array has these values:
|
|
// [0] - the suffix used to create an origin attribute from
|
|
// [1] - the expected result of creating an origin attributes from [0]
|
|
// [2] - the expected result after setting userContextId to the default
|
|
// [3] - the expected result of creating a suffix from [2]
|
|
var dflt_tests = [
|
|
[ "", {}, {}, "" ],
|
|
[ "^userContextId=3", {userContextId: 3}, {}, "" ],
|
|
[ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
|
|
[ "^appId=5&userContextId=3", {appId: 5, userContextId: 3}, {appId: 5}, "^appId=5" ] ];
|
|
|
|
// check that we can set the userContextId to default properly
|
|
dflt_tests.forEach(t => {
|
|
let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
|
|
checkValues(orig, t[1]);
|
|
let mod = orig;
|
|
mod["userContextId"] = 0;
|
|
checkValues(mod, t[2]);
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(mod), t[3]);
|
|
});
|
|
|
|
// each row in the dflt2_tests array has these values:
|
|
// [0] - the suffix used to create an origin attribute from
|
|
// [1] - the expected result of creating an origin attributes from [0]
|
|
// [2] - the expected result after setting firstPartyUri to the default
|
|
// [3] - the expected result of creating a suffix from [2]
|
|
var dflt2_tests = [
|
|
[ "", {}, {}, "" ],
|
|
[ "^firstPartyDomain=foo.com", {firstPartyDomain: "foo.com"}, {}, "" ],
|
|
[ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
|
|
[ "^appId=5&firstPartyDomain=foo.com", {appId: 5, firstPartyDomain: "foo.com"}, {appId: 5}, "^appId=5" ] ];
|
|
|
|
// check that we can set the userContextId to default properly
|
|
dflt2_tests.forEach(t => {
|
|
let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
|
|
checkValues(orig, t[1]);
|
|
let mod = orig;
|
|
mod["firstPartyDomain"] = "";
|
|
checkValues(mod, t[2]);
|
|
do_check_eq(ChromeUtils.originAttributesToSuffix(mod), t[3]);
|
|
});
|
|
|
|
var fileURI = makeURI("file:///foo/bar").QueryInterface(Ci.nsIFileURL);
|
|
var fileTests = [
|
|
[true, fileURI.spec],
|
|
[false, "file://UNIVERSAL_FILE_URI_ORIGIN"],
|
|
];
|
|
fileTests.forEach(t => {
|
|
Services.prefs.setBoolPref("security.fileuri.strict_origin_policy", t[0]);
|
|
var filePrin = ssm.createCodebasePrincipal(fileURI, {});
|
|
do_check_eq(filePrin.origin, t[1]);
|
|
});
|
|
Services.prefs.clearUserPref("security.fileuri.strict_origin_policy");
|
|
|
|
var aboutBlankURI = makeURI("about:blank");
|
|
var aboutBlankPrin = ssm.createCodebasePrincipal(aboutBlankURI, {});
|
|
do_check_true(/^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(aboutBlankPrin.origin));
|
|
}
|