test_url_parsing.js (3707B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const { ObliviousHTTP } = ChromeUtils.importESModule( 7 "resource://gre/modules/ObliviousHTTP.sys.mjs" 8 ); 9 const { sinon } = ChromeUtils.importESModule( 10 "resource://testing-common/Sinon.sys.mjs" 11 ); 12 13 /** 14 * Test that the protocol handler rejects malformed moz-cached-ohttp URIs. 15 */ 16 add_task(async function test_malformed_uri_rejection() { 17 const sandbox = sinon.createSandbox(); 18 19 try { 20 // Stub OHTTP methods to avoid network calls 21 sandbox 22 .stub(ObliviousHTTP, "getOHTTPConfig") 23 .resolves(new Uint8Array([1, 2, 3, 4])); 24 sandbox.stub(ObliviousHTTP, "ohttpRequest").resolves({ 25 ok: false, 26 status: 400, 27 statusText: "Bad Request", 28 }); 29 30 const protocolHandler = new MozCachedOHTTPProtocolHandler(); 31 32 const malformedURIs = [ 33 "moz-cached-ohttp://newtab-image/", 34 "moz-cached-ohttp://newtab-image/?url=", 35 "moz-cached-ohttp://newtab-image/?url=http://example.com", 36 "moz-cached-ohttp://newtab-image/?noturl=https://example.com", 37 "moz-cached-ohttp://newtab-image/?url=ftp://example.com/file.jpg", 38 "moz-cached-ohttp://newtab-image/?url=javascript:alert(1)", 39 "moz-cached-ohttp://newtab-image/?url=data:image/png;base64,abc", 40 ]; 41 42 // Use system principal for test environment 43 const principal = Services.scriptSecurityManager.getSystemPrincipal(); 44 const httpURI = Services.io.newURI("https://example.com/test"); 45 const loadInfo = NetUtil.newChannel({ 46 uri: httpURI, 47 loadingPrincipal: principal, 48 securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT, 49 contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, 50 }).loadInfo; 51 52 for (const uriString of malformedURIs) { 53 const uri = Services.io.newURI(uriString); 54 const channel = protocolHandler.newChannel(uri, loadInfo); 55 56 // Test that the channel properly rejects the malformed URI 57 let errorOccurred = false; 58 await new Promise(resolve => { 59 const listener = createCompletionListener(success => { 60 errorOccurred = !success; 61 resolve(); 62 }); 63 64 channel.asyncOpen(listener); 65 }); 66 67 Assert.ok(errorOccurred, `Should reject malformed URI: ${uriString}`); 68 } 69 } finally { 70 sandbox.restore(); 71 } 72 }); 73 74 /** 75 * Test that the protocol handler accepts valid HTTPS URLs. 76 */ 77 add_task(async function test_valid_url_acceptance() { 78 const sandbox = sinon.createSandbox(); 79 80 try { 81 // Mock successful OHTTP responses 82 sandbox 83 .stub(ObliviousHTTP, "getOHTTPConfig") 84 .resolves(new Uint8Array([1, 2, 3, 4])); 85 86 const validURIs = [ 87 createTestOHTTPResourceURI("https://example.com/image.jpg"), 88 createTestOHTTPResourceURI("https://example.com/image.png"), 89 createTestOHTTPResourceURI( 90 "https://example.com/path/image.webp?param=value" 91 ), 92 ]; 93 94 for (const uriString of validURIs) { 95 const channel = createTestChannel(uriString); 96 97 // Channel should be created successfully 98 Assert.ok(channel, `Should create channel for valid URI: ${uriString}`); 99 Assert.equal(channel.URI.spec, uriString, "Channel URI should match"); 100 101 // Test that the channel can load successfully 102 let success = false; 103 await new Promise(resolve => { 104 const listener = createCompletionListener(channelSuccess => { 105 success = channelSuccess; 106 resolve(); 107 }); 108 109 channel.asyncOpen(listener); 110 }); 111 112 Assert.ok(success, `Should successfully load valid URI: ${uriString}`); 113 } 114 } finally { 115 sandbox.restore(); 116 } 117 });