/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Description of the test:
* We show that we can separate the safebrowsing cookie by creating a custom
* OriginAttributes using a unique safebrowsing first-party domain. Setting this
* custom OriginAttributes on the loadInfo of the channel allows us to query the
* first-party domain and therefore separate the safebrowsing cookie in its own
* cookie-jar. For testing safebrowsing update we do >> NOT << emulate a response
* in the body, rather we only set the cookies in the header of the response
* and confirm that cookies are separated in their own cookie-jar.
*
* 1) We init safebrowsing and simulate an update (cookies are set for localhost)
*
* 2) We open a channel that should send regular cookies, but not the
* safebrowsing cookie.
*
* 3) We open a channel with a custom callback, simulating a safebrowsing cookie
* that should send this simulated safebrowsing cookie as well as the
* real safebrowsing cookies. (Confirming that the safebrowsing cookies
* actually get stored in the correct jar).
*/
"use strict";
const { HttpServer } = ChromeUtils.importESModule(
"resource://testing-common/httpd.sys.mjs"
);
ChromeUtils.defineLazyGetter(
this,
"URL",
function () {
return "http://localhost:" + httpserver.identity.primaryPort;
});
var setCookiePath =
"/setcookie";
var checkCookiePath =
"/checkcookie";
var safebrowsingUpdatePath =
"/safebrowsingUpdate";
var safebrowsingGethashPath =
"/safebrowsingGethash";
var httpserver;
function inChildProcess() {
return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
}
function cookieSetHandler(metadata, response) {
var cookieName = metadata.getHeader(
"set-cookie");
response.setStatusLine(metadata.httpVersion, 200,
"Ok");
response.setHeader(
"set-Cookie", cookieName +
"=1; Path=/",
false);
response.setHeader(
"Content-Type",
"text/plain");
response.bodyOutputStream.write(
"Ok",
"Ok".length);
}
function cookieCheckHandler(metadata, response) {
var cookies = metadata.getHeader(
"Cookie");
response.setStatusLine(metadata.httpVersion, 200,
"Ok");
response.setHeader(
"saw-cookies", cookies,
false);
response.setHeader(
"Content-Type",
"text/plain");
response.bodyOutputStream.write(
"Ok",
"Ok".length);
}
function safebrowsingUpdateHandler(metadata, response) {
var cookieName =
"sb-update-cookie";
response.setStatusLine(metadata.httpVersion, 200,
"Ok");
response.setHeader(
"set-Cookie", cookieName +
"=1; Path=/",
false);
response.setHeader(
"Content-Type",
"text/plain");
response.bodyOutputStream.write(
"Ok",
"Ok".length);
}
function safebrowsingGethashHandler(metadata, response) {
var cookieName =
"sb-gethash-cookie";
response.setStatusLine(metadata.httpVersion, 200,
"Ok");
response.setHeader(
"set-Cookie", cookieName +
"=1; Path=/",
false);
response.setHeader(
"Content-Type",
"text/plain");
let msg =
"test-phish-simplea:1:32\n" +
"a".repeat(32);
response.bodyOutputStream.write(msg, msg.length);
}
function setupChannel(path, originAttributes) {
var channel = NetUtil.newChannel({
uri: URL + path,
loadUsingSystemPrincipal:
true,
});
channel.loadInfo.originAttributes = originAttributes;
channel.QueryInterface(Ci.nsIHttpChannel);
return channel;
}
function run_test() {
// Set up a profile
do_get_profile();
// Allow all cookies if the pref service is available in this process.
if (!inChildProcess()) {
Services.prefs.setIntPref(
"network.cookie.cookieBehavior", 0);
Services.prefs.setBoolPref(
"network.cookieJarSettings.unblocked_for_testing",
true
);
}
httpserver =
new HttpServer();
httpserver.registerPathHandler(setCookiePath, cookieSetHandler);
httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler);
httpserver.registerPathHandler(
safebrowsingUpdatePath,
safebrowsingUpdateHandler
);
httpserver.registerPathHandler(
safebrowsingGethashPath,
safebrowsingGethashHandler
);
httpserver.start(-1);
run_next_test();
}
// this test does not emulate a response in the body,
// rather we only set the cookies in the header of response.
add_test(
function test_safebrowsing_update() {
var streamUpdater = Cc[
"@mozilla.org/url-classifier/streamupdater;1"
].getService(Ci.nsIUrlClassifierStreamUpdater);
function onSuccess() {
run_next_test();
}
function onUpdateError() {
do_throw(
"ERROR: received onUpdateError!");
}
function onDownloadError() {
do_throw(
"ERROR: received onDownloadError!");
}
streamUpdater.downloadUpdates(
"test-phish-simple,test-malware-simple",
"",
true,
URL + safebrowsingUpdatePath,
onSuccess,
onUpdateError,
onDownloadError
);
});
add_test(
function test_safebrowsing_gethash() {
var hashCompleter = Cc[
"@mozilla.org/url-classifier/hashcompleter;1"
].getService(Ci.nsIUrlClassifierHashCompleter);
hashCompleter.complete(
"aaaa",
URL + safebrowsingGethashPath,
"test-phish-simple",
{
completionV2() {},
completionFinished(status) {
Assert.equal(status, Cr.NS_OK);
run_next_test();
},
}
);
});
add_test(
function test_non_safebrowsing_cookie() {
var cookieName =
"regCookie_id0";
var originAttributes =
new OriginAttributes(0,
false, 0);
function setNonSafeBrowsingCookie() {
var channel = setupChannel(setCookiePath, originAttributes);
channel.setRequestHeader(
"set-cookie", cookieName,
false);
channel.asyncOpen(
new ChannelListener(checkNonSafeBrowsingCookie,
null));
}
function checkNonSafeBrowsingCookie() {
var channel = setupChannel(checkCookiePath, originAttributes);
channel.asyncOpen(
new ChannelListener(completeCheckNonSafeBrowsingCookie,
null)
);
}
function completeCheckNonSafeBrowsingCookie(request) {
// Confirm that only the >> ONE << cookie is sent over the channel.
var expectedCookie = cookieName +
"=1";
request.QueryInterface(Ci.nsIHttpChannel);
var cookiesSeen = request.getResponseHeader(
"saw-cookies");
Assert.equal(cookiesSeen, expectedCookie);
run_next_test();
}
setNonSafeBrowsingCookie();
});
add_test(
function test_safebrowsing_cookie() {
var cookieName =
"sbCookie_id4294967294";
var originAttributes =
new OriginAttributes(0,
false, 0);
originAttributes.firstPartyDomain =
"safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla";
function setSafeBrowsingCookie() {
var channel = setupChannel(setCookiePath, originAttributes);
channel.setRequestHeader(
"set-cookie", cookieName,
false);
channel.asyncOpen(
new ChannelListener(checkSafeBrowsingCookie,
null));
}
function checkSafeBrowsingCookie() {
var channel = setupChannel(checkCookiePath, originAttributes);
channel.asyncOpen(
new ChannelListener(completeCheckSafeBrowsingCookie,
null)
);
}
function completeCheckSafeBrowsingCookie(request) {
// Confirm that all >> THREE << cookies are sent back over the channel:
// a) the safebrowsing cookie set when updating
// b) the safebrowsing cookie set when sending gethash
// c) the regular cookie with custom loadcontext defined in this test.
var expectedCookies =
"sb-update-cookie=1; ";
expectedCookies +=
"sb-gethash-cookie=1; ";
expectedCookies += cookieName +
"=1";
request.QueryInterface(Ci.nsIHttpChannel);
var cookiesSeen = request.getResponseHeader(
"saw-cookies");
Assert.equal(cookiesSeen, expectedCookies);
httpserver.stop(do_test_finished);
}
setSafeBrowsingCookie();
});
