Quelle  test_MIME_params.js   Sprache: JAVA

/**
 * Tests for parsing header fields using the syntax used in
 * Content-Disposition and Content-Type
 *
 * See also https://bugzilla.mozilla.org/show_bug.cgi?id=609667
 */

"use strict";

var BS = "\\";
var DQUOTE = '"';

// Test array:
//  - element 0: "Content-Disposition" header to test
//  under MIME (email):
//  - element 1: correct value returned for disposition-type (empty param name)
//  - element 2: correct value for filename returned
//  under HTTP:
// (currently supports continuations; expected results without continuations
// are commented out for now)
//  - element 3: correct value returned for disposition-type (empty param name)
//  - element 4: correct value for filename returned
//
// 3 and 4 may be left out if they are identical

var tests = [
  // No filename parameter: return nothing
  ["attachment;", "attachment", Cr.NS_ERROR_INVALID_ARG],

  // basic
  ["attachment; filename=basic", "attachment", "basic"],

  // extended
  ["attachment; filename*=UTF-8''extended", "attachment", "extended"],

  // prefer extended to basic (bug 588781)
  [
    "attachment; filename=basic; filename*=UTF-8''extended",
    "attachment",
    "extended",
  ],

  // prefer extended to basic (bug 588781)
  [
    "attachment; filename*=UTF-8''extended; filename=basic",
    "attachment",
    "extended",
  ],

  // use first basic value (invalid; error recovery)
  ["attachment; filename=first; filename=wrong", "attachment", "first"],

  // old school bad HTTP servers: missing 'attachment' or 'inline'
  // (invalid; error recovery)
  ["filename=old", "filename=old", "old"],

  ["attachment; filename*=UTF-8''extended", "attachment", "extended"],

  // continuations not part of RFC 5987 (bug 610054)
  [
    "attachment; filename*0=foo; filename*1=bar",
    "attachment",
    "foobar",
    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
  ],

  // Return first continuation (invalid; error recovery)
  [
    "attachment; filename*0=first; filename*0=wrong; filename=basic",
    "attachment",
    "first",
    /* "attachment", "basic" */
  ],

  // Only use correctly ordered continuations  (invalid; error recovery)
  [
    "attachment; filename*0=first; filename*1=second; filename*0=wrong",
    "attachment",
    "firstsecond",
    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
  ],

  // prefer continuation to basic (unless RFC 5987)
  [
    "attachment; filename=basic; filename*0=foo; filename*1=bar",
    "attachment",
    "foobar",
    /* "attachment", "basic" */
  ],

  // Prefer extended to basic and/or (broken or not) continuation
  // (invalid; error recovery)
  [
    "attachment; filename=basic; filename*0=first; filename*0=wrong; filename*=UTF-8''extended",
    "attachment",
    "extended",
  ],

  // RFC 2231 not clear on correct outcome: we prefer non-continued extended
  // (invalid; error recovery)
  [
    "attachment; filename=basic; filename*=UTF-8''extended; filename*0=foo; filename*1=bar",
    "attachment",
    "extended",
  ],

  // Gaps should result in returning only value until gap hit
  // (invalid; error recovery)
  [
    "attachment; filename*0=foo; filename*2=bar",
    "attachment",
    "foo",
    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
  ],

  // Don't allow leading 0's (*01) (invalid; error recovery)
  [
    "attachment; filename*0=foo; filename*01=bar",
    "attachment",
    "foo",
    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
  ],

  // continuations should prevail over non-extended (unless RFC 5987)
  [
    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
      " filename*1=line;\r\n" +
      " filename*2*=%20extended",
    "attachment",
    "multiline extended",
    /* "attachment", "basic" */
  ],

  // Gaps should result in returning only value until gap hit
  // (invalid; error recovery)
  [
    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
      " filename*1=line;\r\n" +
      " filename*3*=%20extended",
    "attachment",
    "multiline",
    /* "attachment", "basic" */
  ],

  // First series, only please, and don't slurp up higher elements (*2 in this
  // case) from later series into earlier one (invalid; error recovery)
  [
    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
      " filename*1=line;\r\n" +
      " filename*0*=UTF-8''wrong;\r\n" +
      " filename*1=bad;\r\n" +
      " filename*2=evil",
    "attachment",
    "multiline",
    /* "attachment", "basic" */
  ],

  // RFC 2231 not clear on correct outcome: we prefer non-continued extended
  // (invalid; error recovery)
  [
    "attachment; filename=basic; filename*0=UTF-8''multi\r\n;" +
      " filename*=UTF-8''extended;\r\n" +
      " filename*1=line;\r\n" +
      " filename*2*=%20extended",
    "attachment",
    "extended",
  ],

  // sneaky: if unescaped, make sure we leave UTF-8'' in value
  [
    "attachment; filename*0=UTF-8''unescaped;\r\n" +
      " filename*1*=%20so%20includes%20UTF-8''%20in%20value",
    "attachment",
    "UTF-8''unescaped so includes UTF-8'' in value",
    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
  ],

  // sneaky: if unescaped, make sure we leave UTF-8'' in value
  [
    "attachment; filename=basic; filename*0=UTF-8''unescaped;\r\n" +
      " filename*1*=%20so%20includes%20UTF-8''%20in%20value",
    "attachment",
    "UTF-8''unescaped so includes UTF-8'' in value",
    /* "attachment", "basic" */
  ],

  // Prefer basic over invalid continuation
  // (invalid; error recovery)
  [
    "attachment; filename=basic; filename*1=multi;\r\n" +
      " filename*2=line;\r\n" +
      " filename*3*=%20extended",
    "attachment",
    "basic",
  ],

  // support digits over 10
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
      " filename*11=b; filename*12=c;filename*13=d;filename*14=e;filename*15=f\r\n",
    "attachment",
    "0123456789abcdef",
    /* "attachment", "basic" */
  ],

  // support digits over 10 (detect gaps)
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
      " filename*11=b; filename*12=c;filename*14=e\r\n",
    "attachment",
    "0123456789abc",
    /* "attachment", "basic" */
  ],

  // return nothing: invalid
  // (invalid; error recovery)
  [
    "attachment; filename*1=multi;\r\n" +
      " filename*2=line;\r\n" +
      " filename*3*=%20extended",
    "attachment",
    Cr.NS_ERROR_INVALID_ARG,
  ],

  // Bug 272541: Empty disposition type treated as "attachment"

  // sanity check
  [
    "attachment; filename=foo.html",
    "attachment",
    "foo.html",
    "attachment",
    "foo.html",
  ],

  // the actual bug
  [
    "; filename=foo.html",
    Cr.NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY,
    "foo.html",
    Cr.NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY,
    "foo.html",
  ],

  // regression check, but see bug 671204
  [
    "filename=foo.html",
    "filename=foo.html",
    "foo.html",
    "filename=foo.html",
    "foo.html",
  ],

  // Bug 384571: RFC 2231 parameters not decoded when appearing in reversed order

  // check ordering
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
      " filename*11=b; filename*12=c;filename*13=d;filename*15=f;filename*14=e;\r\n",
    "attachment",
    "0123456789abcdef",
    /* "attachment", "basic" */
  ],

  // check non-digits in sequence numbers
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*1a=1\r\n",
    "attachment",
    "0",
    /* "attachment", "basic" */
  ],

  // check duplicate sequence numbers
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*0=bad; filename*1=1;\r\n",
    "attachment",
    "0",
    /* "attachment", "basic" */
  ],

  // check overflow
  [
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
      " filename*11111111111111111111111111111111111111111111111111111111111=1",
    "attachment",
    "0",
    /* "attachment", "basic" */
  ],

  // check underflow
  [
    // eslint-disable-next-line no-useless-concat
    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" + " filename*-1=1",
    "attachment",
    "0",
    /* "attachment", "basic" */
  ],

  // check mixed token/quoted-string
  [
    'attachment; filename=basic; filename*0="0";\r\n' +
      " filename*1=1;\r\n" +
      " filename*2*=%32",
    "attachment",
    "012",
    /* "attachment", "basic" */
  ],

  // check empty sequence number
  [
    "attachment; filename=basic; filename**=UTF-8''0\r\n",
    "attachment",
    "basic",
    "attachment",
    "basic",
  ],

  // Bug 419157: ensure that a MIME parameter with no charset information
  // fallbacks to Latin-1

  [
    "attachment;filename=IT839\x04\xB5(m8)2.pdf;",
    "attachment",
    "IT839\u0004\u00b5(m8)2.pdf",
  ],

  // Bug 588389: unescaping backslashes in quoted string parameters

  // '\"', should be parsed as '"'
  [
    "attachment; filename=" + DQUOTE + (BS + DQUOTE) + DQUOTE,
    "attachment",
    DQUOTE,
  ],

  // 'a\"b', should be parsed as 'a"b'
  [
    "attachment; filename=" + DQUOTE + "a" + (BS + DQUOTE) + "b" + DQUOTE,
    "attachment",
    "a" + DQUOTE + "b",
  ],

  // '\x', should be parsed as 'x'
  ["attachment; filename=" + DQUOTE + (BS + "x") + DQUOTE, "attachment", "x"],

  // test empty param (quoted-string)
  ["attachment; filename=" + DQUOTE + DQUOTE, "attachment", ""],

  // test empty param
  ["attachment; filename=", "attachment", ""],

  // Bug 601933: RFC 2047 does not apply to parameters (at least in HTTP)
  [
    "attachment; filename==?ISO-8859-1?Q?foo-=E4.html?=",
    "attachment",
    "foo-\u00e4.html",
    /* "attachment", "=?ISO-8859-1?Q?foo-=E4.html?=" */
  ],

  [
    'attachment; filename="=?ISO-8859-1?Q?foo-=E4.html?="',
    "attachment",
    "foo-\u00e4.html",
    /* "attachment", "=?ISO-8859-1?Q?foo-=E4.html?=" */
  ],

  // format sent by GMail as of 2012-07-23 (5987 overrides 2047)
  [
    "attachment; filename=\"=?ISO-8859-1?Q?foo-=E4.html?=\"; filename*=UTF-8''5987",
    "attachment",
    "5987",
  ],

  // Bug 651185: double quotes around 2231/5987 encoded param
  // Change reverted to backwards compat issues with various web services,
  // such as OWA (Bug 703015), plus similar problems in Thunderbird. If this
  // is tried again in the future, email probably needs to be special-cased.

  // sanity check
  ["attachment; filename*=utf-8''%41", "attachment", "A"],

  // the actual bug
  [
    "attachment; filename*=" + DQUOTE + "utf-8''%41" + DQUOTE,
    "attachment",
    "A",
  ],
  // previously with the fix for 651185:
  // "attachment", Cr.NS_ERROR_INVALID_ARG],

  // Bug 670333: Content-Disposition parser does not require presence of "="
  // in params

  // sanity check
  ["attachment; filename*=UTF-8''foo-%41.html", "attachment", "foo-A.html"],

  // the actual bug
  [
    "attachment; filename *=UTF-8''foo-%41.html",
    "attachment",
    Cr.NS_ERROR_INVALID_ARG,
  ],

  // the actual bug, without 2231/5987 encoding
  ["attachment; filename X", "attachment", Cr.NS_ERROR_INVALID_ARG],

  // sanity check with WS on both sides
  ["attachment; filename = foo-A.html", "attachment", "foo-A.html"],

  // Bug 685192: in RFC2231/5987 encoding, a missing charset field should be
  // treated as error

  // the actual bug
  ["attachment; filename*=''foo", "attachment", "foo"],
  // previously with the fix for 692574:
  // "attachment", Cr.NS_ERROR_INVALID_ARG],

  // sanity check
  ["attachment; filename*=a''foo", "attachment", "foo"],

  // Bug 692574: RFC2231/5987 decoding should not tolerate missing single
  // quotes

  // one missing
  ["attachment; filename*=UTF-8'foo-%41.html", "attachment", "foo-A.html"],
  // previously with the fix for 692574:
  // "attachment", Cr.NS_ERROR_INVALID_ARG],

  // both missing
  ["attachment; filename*=foo-%41.html", "attachment", "foo-A.html"],
  // previously with the fix for 692574:
  // "attachment", Cr.NS_ERROR_INVALID_ARG],

  // make sure fallback works
  [
    "attachment; filename*=UTF-8'foo-%41.html; filename=bar.html",
    "attachment",
    "foo-A.html",
  ],
  // previously with the fix for 692574:
  // "attachment", "bar.html"],

  // Bug 693806: RFC2231/5987 encoding: charset information should be treated
  // as authoritative

  // UTF-8 labeled ISO-8859-1
  ["attachment; filename*=ISO-8859-1''%c3%a4", "attachment", "\u00c3\u00a4"],

  // UTF-8 labeled ISO-8859-1, but with octets not allowed in ISO-8859-1
  // accepts x82, understands it as Win1252, maps it to Unicode \u20a1
  [
    "attachment; filename*=ISO-8859-1''%e2%82%ac",
    "attachment",
    "\u00e2\u201a\u00ac",
  ],

  // defective UTF-8
  ["attachment; filename*=UTF-8''A%e4B", "attachment", Cr.NS_ERROR_INVALID_ARG],

  // defective UTF-8, with fallback
  [
    "attachment; filename*=UTF-8''A%e4B; filename=fallback",
    "attachment",
    "fallback",
  ],

  // defective UTF-8 (continuations), with fallback
  [
    "attachment; filename*0*=UTF-8''A%e4B; filename=fallback",
    "attachment",
    "fallback",
  ],

  // check that charsets aren't mixed up
  [
    "attachment; filename*0*=ISO-8859-15''euro-sign%3d%a4; filename*=ISO-8859-1''currency-sign%3d%a4",
    "attachment",
    "currency-sign=\u00a4",
  ],

  // same as above, except reversed
  [
    "attachment; filename*=ISO-8859-1''currency-sign%3d%a4; filename*0*=ISO-8859-15''euro-sign%3d%a4",
    "attachment",
    "currency-sign=\u00a4",
  ],

  // Bug 704989: add workaround for broken Outlook Web App (OWA)
  // attachment handling

  ['attachment; filename*="a%20b"', "attachment", "a b"],

  // Bug 717121: crash nsMIMEHeaderParamImpl::DoParameterInternal

  ['attachment; filename="', "attachment", ""],

  // We used to read past string if last param w/o = and ;
  // Note: was only detected on windows PGO builds
  ["attachment; filename=foo; trouble", "attachment", "foo"],

  // Same, followed by space, hits another case
  ["attachment; filename=foo; trouble ", "attachment", "foo"],

  ["attachment", "attachment", Cr.NS_ERROR_INVALID_ARG],

  // Bug 730574: quoted-string in RFC2231-continuations not handled

  [
    'attachment; filename=basic; filename*0="foo"; filename*1="\\b\\a\\r.html"',
    "attachment",
    "foobar.html",
    /* "attachment", "basic" */
  ],

  // unmatched escape char
  [
    'attachment; filename=basic; filename*0="foo"; filename*1="\\b\\a\\',
    "attachment",
    "fooba\\",
    /* "attachment", "basic" */
  ],

  // Bug 732369: Content-Disposition parser does not require presence of ";" between params
  // optimally, this would not even return the disposition type "attachment"

  [
    "attachment; extension=bla filename=foo",
    "attachment",
    Cr.NS_ERROR_INVALID_ARG,
  ],

  // Bug 1440677 - spaces inside filenames ought to be quoted, but too many
  // servers do the wrong thing and most browsers accept this, so we were
  // forced to do the same for compat.
  ["attachment; filename=foo extension=bla", "attachment", "foo extension=bla"],

  ["attachment filename=foo", "attachment", Cr.NS_ERROR_INVALID_ARG],

  // Bug 777687: handling of broken %escapes

  ["attachment; filename*=UTF-8''f%oo; filename=bar", "attachment", "bar"],

  ["attachment; filename*=UTF-8''foo%; filename=bar", "attachment", "bar"],

  // Bug 783502 - xpcshell test netwerk/test/unit/test_MIME_params.js fails on AddressSanitizer
  ['attachment; filename="\\b\\a\\', "attachment", "ba\\"],

  // Bug 1412213 - do continue to parse, behind an empty parameter
  ["attachment; ; filename=foo", "attachment", "foo"],

  // Bug 1412213 - do continue to parse, behind a parameter w/o =
  ["attachment; badparameter; filename=foo", "attachment", "foo"],

  // Bug 1440677 - spaces inside filenames ought to be quoted, but too many
  // servers do the wrong thing and most browsers accept this, so we were
  // forced to do the same for compat.
  ["attachment; filename=foo bar.html", "attachment", "foo bar.html"],
  // Note: we keep the tab character, but later validation will replace with a space,
  // as file systems do not like tab characters.
  ["attachment; filename=foo\tbar.html", "attachment", "foo\tbar.html"],
  // Newlines get stripped completely (in practice, http header parsing may
  // munge these into spaces before they get to us, but we should check we deal
  // with them either way):
  ["attachment; filename=foo\nbar.html", "attachment", "foobar.html"],
  ["attachment; filename=foo\r\nbar.html", "attachment", "foobar.html"],
  ["attachment; filename=foo\rbar.html", "attachment", "foobar.html"],

  // Trailing rubbish shouldn't matter:
  ["attachment; filename=foo bar; garbage", "attachment", "foo bar"],
  ["attachment; filename=foo bar; extension=blah", "attachment", "foo bar"],

  // Check that whitespace processing can't crash.
  ["attachment; filename = ", "attachment", ""],

  // Bug 1784348
  [
    "attachment; filename=foo.exe\0.pdf",
    Cr.NS_ERROR_ILLEGAL_VALUE,
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    "attachment; filename=\0\0foo\0",
    Cr.NS_ERROR_ILLEGAL_VALUE,
    Cr.NS_ERROR_INVALID_ARG,
  ],
  ["attachment; filename=foo\0\0\0", "attachment", "foo"],
  ["attachment; filename=\0\0\0", "attachment", ""],
];

var rfc5987paramtests = [
  [
    // basic test
    "UTF-8'language'value",
    "value",
    "language",
    Cr.NS_OK,
  ],
  [
    // percent decoding
    "UTF-8''1%202",
    "1 2",
    "",
    Cr.NS_OK,
  ],
  [
    // UTF-8
    "UTF-8''%c2%a3%20and%20%e2%82%ac%20rates",
    "\u00a3 and \u20ac rates",
    "",
    Cr.NS_OK,
  ],
  [
    // missing charset
    "''abc",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // ISO-8859-1: unsupported
    "ISO-8859-1''%A3%20rates",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // unknown charset
    "foo''abc",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // missing component
    "abc",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // missing component
    "'abc",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // illegal chars
    "UTF-8''a b",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // broken % escapes
    "UTF-8''a%zz",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // broken % escapes
    "UTF-8''a%b",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // broken % escapes
    "UTF-8''a%",
    "",
    "",
    Cr.NS_ERROR_INVALID_ARG,
  ],
  [
    // broken UTF-8
    "UTF-8''%A3%20rates",
    "",
    "",
    0x8050000e /* NS_ERROR_UDEC_ILLEGALINPUT */,
  ],
];

function do_tests(whichRFC) {
  var mhp = Cc["@mozilla.org/network/mime-hdrparam;1"].getService(
    Ci.nsIMIMEHeaderParam
  );

  var unused = { value: null };

  for (var i = 0; i < tests.length; ++i) {
    dump("Testing #" + i + ": " + tests[i] + "\n");

    // check disposition type
    var expectedDt =
      tests[i].length == 3 || whichRFC == 0 ? tests[i][1] : tests[i][3];

    try {
      let result;

      if (whichRFC == 0) {
        result = mhp.getParameter(tests[i][0], "", "UTF-8", true, unused);
      } else {
        result = mhp.getParameterHTTP(tests[i][0], "", "UTF-8", true, unused);
      }

      Assert.equal(result, expectedDt);
    } catch (e) {
      // Tests can also succeed by expecting to fail with given error code
      if (e.result) {
        // Allow following tests to run by catching exception from do_check_eq()
        try {
          Assert.equal(e.result, expectedDt);
        } catch (e1) {}
      }
      continue;
    }

    // check filename parameter
    var expectedFn =
      tests[i].length == 3 || whichRFC == 0 ? tests[i][2] : tests[i][4];

    try {
      let result;

      if (whichRFC == 0) {
        result = mhp.getParameter(
          tests[i][0],
          "filename",
          "UTF-8",
          true,
          unused
        );
      } else {
        result = mhp.getParameterHTTP(
          tests[i][0],
          "filename",
          "UTF-8",
          true,
          unused
        );
      }

      Assert.equal(result, expectedFn);
    } catch (e) {
      // Tests can also succeed by expecting to fail with given error code
      if (e.result) {
        // Allow following tests to run by catching exception from do_check_eq()
        try {
          Assert.equal(e.result, expectedFn);
        } catch (e1) {}
      }
      continue;
    }
  }
}

function test_decode5987Param() {
  var mhp = Cc["@mozilla.org/network/mime-hdrparam;1"].getService(
    Ci.nsIMIMEHeaderParam
  );

  for (var i = 0; i < rfc5987paramtests.length; ++i) {
    dump("Testing #" + i + ": " + rfc5987paramtests[i] + "\n");

    var lang = {};
    try {
      var decoded = mhp.decodeRFC5987Param(rfc5987paramtests[i][0], lang);
      if (rfc5987paramtests[i][3] == Cr.NS_OK) {
        Assert.equal(rfc5987paramtests[i][1], decoded);
        Assert.equal(rfc5987paramtests[i][2], lang.value);
      } else {
        Assert.equal(rfc5987paramtests[i][3], "instead got: " + decoded);
      }
    } catch (e) {
      Assert.equal(rfc5987paramtests[i][3], e.result);
    }
  }
}

function run_test() {
  // Test RFC 2231 (complete header field values)
  do_tests(0);

  // Test RFC 5987 (complete header field values)
  do_tests(1);

  // tests for RFC5987 parameter parsing
  test_decode5987Param();
}