tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_hwconcurrency_iframes_blobcrossorigin.js (6523B)

      1 /**
      2 * This test only tests values in a blob document that is created by the iframe on one domain, then passed
      3 * to a cross-origin domain to embed.
      4 * It is a bit different from all the other tests in this series, because instead of the framer doing nothing
      5 * except frame the framee; the framer creates the blob document, and the framee embeds the blob document.
      6 *
      7 * Covers the following cases:
      8 *  - RFP is disabled entirely
      9 *  - RFP is enabled entirely
     10 *  - FPP is enabled entirely
     11 
     12 *
     13 *  - (A) RFP is exempted on the framer and framee and (if needed) on another cross-origin domain
     14 *  - (B) RFP is exempted on the framer and framee but is not on another (if needed) cross-origin domain
     15 *  - (C) RFP is exempted on the framer and (if needed) on another cross-origin domain, but not the framee
     16 *  - (D) RFP is exempted on the framer but not the framee nor another (if needed) cross-origin domain
     17 *  - (E) RFP is not exempted on the framer nor the framee but (if needed) is exempted on another cross-origin domain
     18 *  - (F) RFP is not exempted on the framer nor the framee nor another (if needed) cross-origin domain
     19 *  - (G) RFP is not exempted on the framer but is on the framee and (if needed) on another cross-origin domain
     20 *  - (H) RFP is not exempted on the framer nor another (if needed) cross-origin domain but is on the framee
     21 *
     22 */
     23 
     24 "use strict";
     25 
     26 const SPOOFED_HW_CONCURRENCY =
     27  SpecialPowers.Services.appinfo.OS == "Darwin" ? 8 : 4;
     28 
     29 const DEFAULT_HARDWARE_CONCURRENCY = navigator.hardwareConcurrency;
     30 
     31 // =============================================================================================
     32 // =============================================================================================
     33 
     34 async function testHWConcurrency(result, expectedResults, extraData) {
     35  let testDesc = extraData.testDesc;
     36 
     37  is(
     38    result.hardwareConcurrency,
     39    expectedResults.hardwareConcurrency,
     40    `Checking ${testDesc} navigator.hardwareConcurrency.`
     41  );
     42 }
     43 
     44 add_setup(async function () {
     45  await SpecialPowers.pushPrefEnv({
     46    set: [
     47      ["privacy.fingerprintingProtection.overrides", "+NavigatorHWConcurrency"],
     48    ],
     49  });
     50  registerCleanupFunction(async function () {
     51    Services.prefs.clearUserPref(
     52      "privacy.trackingprotection.allow_list.hasUserInteractedWithETPSettings"
     53    );
     54  });
     55 });
     56 
     57 // The following are convenience objects that allow you to quickly see what is
     58 //   and is not modified from a logical set of values.
     59 // Be sure to always use `let expectedResults = structuredClone(allNotSpoofed)` to do a
     60 //   deep copy and avoiding corrupting the original 'const' object
     61 const allNotSpoofed = {
     62  hardwareConcurrency: DEFAULT_HARDWARE_CONCURRENCY,
     63 };
     64 const allSpoofed = {
     65  hardwareConcurrency: SPOOFED_HW_CONCURRENCY,
     66 };
     67 
     68 const uri = `https://${FRAMER_DOMAIN}/browser/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_blobcrossorigin_iframer.html`;
     69 
     70 requestLongerTimeout(2);
     71 
     72 let expectedResults = {};
     73 
     74 expectedResults = structuredClone(allNotSpoofed);
     75 add_task(defaultsTest.bind(null, uri, testHWConcurrency, expectedResults));
     76 
     77 expectedResults = structuredClone(allSpoofed);
     78 add_task(simpleRFPTest.bind(null, uri, testHWConcurrency, expectedResults));
     79 
     80 // Test a private window with RFP enabled in PBMode
     81 expectedResults = structuredClone(allSpoofed);
     82 add_task(simplePBMRFPTest.bind(null, uri, testHWConcurrency, expectedResults));
     83 
     84 expectedResults = structuredClone(allSpoofed);
     85 add_task(simpleFPPTest.bind(null, uri, testHWConcurrency, expectedResults));
     86 
     87 // Test a Private Window with FPP Enabled in PBM
     88 expectedResults = structuredClone(allSpoofed);
     89 add_task(simplePBMFPPTest.bind(null, uri, testHWConcurrency, expectedResults));
     90 
     91 // (A) RFP is exempted on the framer and framee and (if needed) on another cross-origin domain
     92 // In theory this should be Not Spoofed, however, in this test there is a blob: document that
     93 // has a content principal and a reference to the iframe's parent (when Fission is disabled anyway.)
     94 // The blob's principal does not match the parent's principal, so it is up to the blob to determine
     95 // if it should resist fingerprinting on its own.
     96 // It decides _not_ to resist fingerprinting, but only because nsContentUtils::IsURIInList has
     97 // a check `if (!scheme.EqualsLiteral("http") && !scheme.EqualsLiteral("https")) { return false; }`
     98 // We could in theory, modify that check to check the blob's creation uri, and that would work.
     99 // But I am nervous about changing that code.
    100 // expectedResults = structuredClone(allNotSpoofed);
    101 expectedResults = structuredClone(allSpoofed);
    102 add_task(testA.bind(null, uri, testHWConcurrency, expectedResults));
    103 
    104 // (B) RFP is exempted on the framer and framee but is not on another (if needed) cross-origin domain
    105 // Same as A above.
    106 //expectedResults = structuredClone(allNotSpoofed);
    107 expectedResults = structuredClone(allSpoofed);
    108 add_task(testB.bind(null, uri, testHWConcurrency, expectedResults));
    109 
    110 // (C) RFP is exempted on the framer and (if needed) on another cross-origin domain, but not the framee
    111 expectedResults = structuredClone(allSpoofed);
    112 add_task(testC.bind(null, uri, testHWConcurrency, expectedResults));
    113 
    114 // (D) RFP is exempted on the framer but not the framee nor another (if needed) cross-origin domain
    115 expectedResults = structuredClone(allSpoofed);
    116 add_task(testD.bind(null, uri, testHWConcurrency, expectedResults));
    117 
    118 // (E) RFP is not exempted on the framer nor the framee but (if needed) is exempted on another cross-origin domain
    119 expectedResults = structuredClone(allSpoofed);
    120 add_task(testE.bind(null, uri, testHWConcurrency, expectedResults));
    121 
    122 // (F) RFP is not exempted on the framer nor the framee nor another (if needed) cross-origin domain
    123 expectedResults = structuredClone(allSpoofed);
    124 add_task(testF.bind(null, uri, testHWConcurrency, expectedResults));
    125 
    126 // (G) RFP is not exempted on the framer but is on the framee and (if needed) on another cross-origin domain
    127 expectedResults = structuredClone(allSpoofed);
    128 add_task(testG.bind(null, uri, testHWConcurrency, expectedResults));
    129 
    130 // (H) RFP is not exempted on the framer nor another (if needed) cross-origin domain but is on the framee
    131 expectedResults = structuredClone(allSpoofed);
    132 add_task(testH.bind(null, uri, testHWConcurrency, expectedResults));
    133 
    134 // Test RFP Enabled in PBM and FPP enabled in Normal Browsing Mode
    135 expectedResults = structuredClone(allNotSpoofed);
    136 add_task(
    137  RFPPBMFPP_NormalMode_NoProtectionsTest.bind(
    138    null,
    139    uri,
    140    testHWConcurrency,
    141    expectedResults
    142  )
    143 );