[ tor-browser ].git.dasho

test_bug526789.js (8498B)
      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 // We don't normally allow localhost channels to be proxied, but this
      7 // is easier than updating all the certs and/or domains.
      8 Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
      9 registerCleanupFunction(() => {
     10  Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
     11 });
     12 
     13 add_task(async () => {
     14  var cm = Services.cookies;
     15  var expiry = (Date.now() + 1000) * 1000;
     16 
     17  cm.removeAll();
     18 
     19  // Allow all cookies.
     20  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
     21  Services.prefs.setBoolPref("dom.security.https_first", false);
     22 
     23  // test that variants of 'baz.com' get normalized appropriately, but that
     24  // malformed hosts are rejected
     25  let cv = cm.add(
     26    "baz.com",
     27    "/",
     28    "foo",
     29    "bar",
     30    false,
     31    false,
     32    true,
     33    expiry,
     34    {},
     35    Ci.nsICookie.SAMESITE_UNSET,
     36    Ci.nsICookie.SCHEME_HTTPS
     37  );
     38  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
     39  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
     40  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1);
     41  Assert.equal(cm.countCookiesFromHost(".baz.com"), 1);
     42  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
     43  Assert.equal(cm.countCookiesFromHost(".baz.com."), 0);
     44  do_check_throws(function () {
     45    cm.countCookiesFromHost("baz.com..");
     46  }, Cr.NS_ERROR_ILLEGAL_VALUE);
     47  do_check_throws(function () {
     48    cm.countCookiesFromHost("baz..com");
     49  }, Cr.NS_ERROR_ILLEGAL_VALUE);
     50  do_check_throws(function () {
     51    cm.countCookiesFromHost("..baz.com");
     52  }, Cr.NS_ERROR_ILLEGAL_VALUE);
     53  cm.remove("BAZ.com.", "foo", "/", {});
     54  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
     55  cm.remove("baz.com", "foo", "/", {});
     56  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
     57 
     58  // Test that 'baz.com' and 'baz.com.' are treated differently
     59  cv = cm.add(
     60    "baz.com.",
     61    "/",
     62    "foo",
     63    "bar",
     64    false,
     65    false,
     66    true,
     67    expiry,
     68    {},
     69    Ci.nsICookie.SAMESITE_UNSET,
     70    Ci.nsICookie.SCHEME_HTTPS
     71  );
     72  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
     73  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
     74  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0);
     75  Assert.equal(cm.countCookiesFromHost(".baz.com"), 0);
     76  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
     77  Assert.equal(cm.countCookiesFromHost(".baz.com."), 1);
     78  cm.remove("baz.com", "foo", "/", {});
     79  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
     80  cm.remove("baz.com.", "foo", "/", {});
     81  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
     82 
     83  // test that domain cookies are illegal for IP addresses, aliases such as
     84  // 'localhost', and eTLD's such as 'co.uk'
     85  cv = cm.add(
     86    "192.168.0.1",
     87    "/",
     88    "foo",
     89    "bar",
     90    false,
     91    false,
     92    true,
     93    expiry,
     94    {},
     95    Ci.nsICookie.SAMESITE_UNSET,
     96    Ci.nsICookie.SCHEME_HTTPS
     97  );
     98  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
     99  Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1);
    100  Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0);
    101  do_check_throws(function () {
    102    cm.countCookiesFromHost(".192.168.0.1");
    103  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    104  do_check_throws(function () {
    105    cm.countCookiesFromHost(".192.168.0.1.");
    106  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    107 
    108  cv = cm.add(
    109    "localhost",
    110    "/",
    111    "foo",
    112    "bar",
    113    false,
    114    false,
    115    true,
    116    expiry,
    117    {},
    118    Ci.nsICookie.SAMESITE_UNSET,
    119    Ci.nsICookie.SCHEME_HTTPS
    120  );
    121  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
    122  Assert.equal(cm.countCookiesFromHost("localhost"), 1);
    123  Assert.equal(cm.countCookiesFromHost("localhost."), 0);
    124  do_check_throws(function () {
    125    cm.countCookiesFromHost(".localhost");
    126  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    127  do_check_throws(function () {
    128    cm.countCookiesFromHost(".localhost.");
    129  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    130 
    131  cv = cm.add(
    132    "co.uk",
    133    "/",
    134    "foo",
    135    "bar",
    136    false,
    137    false,
    138    true,
    139    expiry,
    140    {},
    141    Ci.nsICookie.SAMESITE_UNSET,
    142    Ci.nsICookie.SCHEME_HTTPS
    143  );
    144  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
    145  Assert.equal(cm.countCookiesFromHost("co.uk"), 1);
    146  Assert.equal(cm.countCookiesFromHost("co.uk."), 0);
    147  do_check_throws(function () {
    148    cm.countCookiesFromHost(".co.uk");
    149  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    150  do_check_throws(function () {
    151    cm.countCookiesFromHost(".co.uk.");
    152  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    153 
    154  cm.removeAll();
    155 
    156  CookieXPCShellUtils.createServer({
    157    hosts: ["baz.com", "192.168.0.1", "localhost", "co.uk", "foo.com"],
    158  });
    159 
    160  var uri = NetUtil.newURI("http://baz.com/");
    161  Services.scriptSecurityManager.createContentPrincipal(uri, {});
    162 
    163  Assert.equal(uri.asciiHost, "baz.com");
    164 
    165  await CookieXPCShellUtils.setCookieToDocument(uri.spec, "foo=bar");
    166  const docCookies = await CookieXPCShellUtils.getCookieStringFromDocument(
    167    uri.spec
    168  );
    169  Assert.equal(docCookies, "foo=bar");
    170 
    171  Assert.equal(cm.countCookiesFromHost(""), 0);
    172  do_check_throws(function () {
    173    cm.countCookiesFromHost(".");
    174  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    175  do_check_throws(function () {
    176    cm.countCookiesFromHost("..");
    177  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    178 
    179  var cookies = cm.getCookiesFromHost("", {});
    180  Assert.ok(!cookies.length);
    181  do_check_throws(function () {
    182    cm.getCookiesFromHost(".", {});
    183  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    184  do_check_throws(function () {
    185    cm.getCookiesFromHost("..", {});
    186  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    187 
    188  cookies = cm.getCookiesFromHost("baz.com", {});
    189  Assert.equal(cookies.length, 1);
    190  Assert.equal(cookies[0].name, "foo");
    191  cookies = cm.getCookiesFromHost("", {});
    192  Assert.ok(!cookies.length);
    193  do_check_throws(function () {
    194    cm.getCookiesFromHost(".", {});
    195  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    196  do_check_throws(function () {
    197    cm.getCookiesFromHost("..", {});
    198  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    199 
    200  cm.removeAll();
    201 
    202  // test that an empty host to add() or remove() works,
    203  // but a host of '.' doesn't
    204  cv = cm.add(
    205    "",
    206    "/",
    207    "foo2",
    208    "bar",
    209    false,
    210    false,
    211    true,
    212    expiry,
    213    {},
    214    Ci.nsICookie.SAMESITE_UNSET,
    215    Ci.nsICookie.SCHEME_HTTPS
    216  );
    217  Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
    218  Assert.equal(getCookieCount(), 1);
    219  do_check_throws(function () {
    220    const cv = cm.add(
    221      ".",
    222      "/",
    223      "foo3",
    224      "bar",
    225      false,
    226      false,
    227      true,
    228      expiry,
    229      {},
    230      Ci.nsICookie.SAMESITE_UNSET,
    231      Ci.nsICookie.SCHEME_HTTPS
    232    );
    233    Assert.equal(cv.result, Ci.nsICookieValidation.eOK);
    234  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    235  Assert.equal(getCookieCount(), 1);
    236 
    237  cm.remove("", "foo2", "/", {});
    238  Assert.equal(getCookieCount(), 0);
    239  do_check_throws(function () {
    240    cm.remove(".", "foo3", "/", {});
    241  }, Cr.NS_ERROR_ILLEGAL_VALUE);
    242 
    243  // test that the 'domain' attribute accepts a leading dot for IP addresses,
    244  // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
    245  // resulting cookie is for the exact host only.
    246  await testDomainCookie("http://192.168.0.1/", "192.168.0.1");
    247  await testDomainCookie("http://localhost/", "localhost");
    248  await testDomainCookie("http://co.uk/", "co.uk");
    249 
    250  // Test that trailing dots are treated differently for purposes of the
    251  // 'domain' attribute.
    252  await testTrailingDotCookie("http://localhost/", "localhost");
    253  await testTrailingDotCookie("http://foo.com/", "foo.com");
    254 
    255  cm.removeAll();
    256  Services.prefs.clearUserPref("dom.security.https_first");
    257 });
    258 
    259 function getCookieCount() {
    260  var cm = Services.cookies;
    261  return cm.cookies.length;
    262 }
    263 
    264 async function testDomainCookie(uriString, domain) {
    265  var cm = Services.cookies;
    266 
    267  cm.removeAll();
    268 
    269  await CookieXPCShellUtils.setCookieToDocument(
    270    uriString,
    271    "foo=bar; domain=" + domain
    272  );
    273 
    274  var cookies = cm.getCookiesFromHost(domain, {});
    275  Assert.ok(cookies.length);
    276  Assert.equal(cookies[0].host, domain);
    277  cm.removeAll();
    278 
    279  await CookieXPCShellUtils.setCookieToDocument(
    280    uriString,
    281    "foo=bar; domain=." + domain
    282  );
    283 
    284  cookies = cm.getCookiesFromHost(domain, {});
    285  Assert.ok(cookies.length);
    286  Assert.equal(cookies[0].host, domain);
    287  cm.removeAll();
    288 }
    289 
    290 async function testTrailingDotCookie(uriString, domain) {
    291  var cm = Services.cookies;
    292 
    293  cm.removeAll();
    294 
    295  await CookieXPCShellUtils.setCookieToDocument(
    296    uriString,
    297    "foo=bar; domain=" + domain + "/"
    298  );
    299 
    300  Assert.equal(cm.countCookiesFromHost(domain), 0);
    301  Assert.equal(cm.countCookiesFromHost(domain + "."), 0);
    302  cm.removeAll();
    303 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE