test_security_validation.js (3846B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 /** 7 * Test that the protocol handler only accepts requests from privileged about content. 8 */ 9 add_task(async function test_privileged_about_content_only() { 10 const protocolHandler = new MozCachedOHTTPProtocolHandler(); 11 const testURI = Services.io.newURI( 12 createTestOHTTPResourceURI("https://example.com/image.jpg") 13 ); 14 15 // Test valid privileged about content using system principal for test 16 const systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal(); 17 const aboutLoadInfo = NetUtil.newChannel({ 18 uri: testURI, 19 loadingPrincipal: systemPrincipal, 20 securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT, 21 contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, 22 }).loadInfo; 23 24 try { 25 const channel = protocolHandler.newChannel(testURI, aboutLoadInfo); 26 Assert.ok(channel, "Should accept requests from system principal in tests"); 27 } catch (e) { 28 Assert.ok(false, `Should not throw for system principal: ${e.message}`); 29 } 30 31 // Test rejection of regular web content 32 const webURI = Services.io.newURI("https://example.com"); 33 const webPrincipal = Services.scriptSecurityManager.createContentPrincipal( 34 webURI, 35 {} 36 ); 37 // Create loadInfo using a different URI scheme to avoid calling our protocol handler 38 const httpURI = Services.io.newURI("https://example.com/web-test"); 39 const webLoadInfo = NetUtil.newChannel({ 40 uri: httpURI, 41 loadingPrincipal: webPrincipal, 42 securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT, 43 contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, 44 }).loadInfo; 45 46 Assert.throws( 47 () => protocolHandler.newChannel(testURI, webLoadInfo), 48 /moz-cached-ohttp protocol only accessible from privileged about content/, 49 "Should reject requests from regular web content" 50 ); 51 52 // Test rejection of non-about content 53 const mozURI = Services.io.newURI("moz-extension://test-extension-id/"); 54 const mozPrincipal = Services.scriptSecurityManager.createContentPrincipal( 55 mozURI, 56 {} 57 ); 58 // Create loadInfo using a different URI scheme to avoid calling our protocol handler 59 const httpURI2 = Services.io.newURI("https://example.com/moz-test"); 60 const mozLoadInfo = NetUtil.newChannel({ 61 uri: httpURI2, 62 loadingPrincipal: mozPrincipal, 63 securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT, 64 contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, 65 }).loadInfo; 66 67 Assert.throws( 68 () => protocolHandler.newChannel(testURI, mozLoadInfo), 69 /moz-cached-ohttp protocol only accessible from privileged about content/, 70 "Should reject requests from extension content" 71 ); 72 }); 73 74 /** 75 * Test that the protocol handler's security context is preserved. 76 */ 77 add_task(async function test_security_context_preservation() { 78 const testURI = createTestOHTTPResourceURI("https://example.com/image.jpg"); 79 const channel = createTestChannel(testURI); 80 81 // Verify that the channel preserves the security context 82 Assert.ok(channel.loadInfo, "Channel should have loadInfo"); 83 Assert.ok( 84 channel.loadInfo.loadingPrincipal, 85 "Channel should have loading principal" 86 ); 87 88 const loadingPrincipal = channel.loadInfo.loadingPrincipal; 89 Assert.ok( 90 loadingPrincipal.isSystemPrincipal, 91 "Loading principal should be system principal in tests" 92 ); 93 94 // Verify security flags are preserved 95 Assert.equal( 96 channel.loadInfo.securityFlags, 97 Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT, 98 "Security flags should be preserved" 99 ); 100 101 // Verify content policy type 102 Assert.equal( 103 channel.loadInfo.externalContentPolicyType, 104 Ci.nsIContentPolicy.TYPE_OTHER, 105 "Content policy type should be preserved" 106 ); 107 });