test_cookiejars_safebrowsing.js (7777B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* 6 * Description of the test: 7 * We show that we can separate the safebrowsing cookie by creating a custom 8 * OriginAttributes using a unique safebrowsing first-party domain. Setting this 9 * custom OriginAttributes on the loadInfo of the channel allows us to query the 10 * first-party domain and therefore separate the safebrowsing cookie in its own 11 * cookie-jar. For testing safebrowsing update we do >> NOT << emulate a response 12 * in the body, rather we only set the cookies in the header of the response 13 * and confirm that cookies are separated in their own cookie-jar. 14 * 15 * 1) We init safebrowsing and simulate an update (cookies are set for localhost) 16 * 17 * 2) We open a channel that should send regular cookies, but not the 18 * safebrowsing cookie. 19 * 20 * 3) We open a channel with a custom callback, simulating a safebrowsing cookie 21 * that should send this simulated safebrowsing cookie as well as the 22 * real safebrowsing cookies. (Confirming that the safebrowsing cookies 23 * actually get stored in the correct jar). 24 */ 25 26 "use strict"; 27 28 const { HttpServer } = ChromeUtils.importESModule( 29 "resource://testing-common/httpd.sys.mjs" 30 ); 31 32 ChromeUtils.defineLazyGetter(this, "URL", function () { 33 return "http://localhost:" + httpserver.identity.primaryPort; 34 }); 35 36 var setCookiePath = "/setcookie"; 37 var checkCookiePath = "/checkcookie"; 38 var safebrowsingUpdatePath = "/safebrowsingUpdate"; 39 var safebrowsingGethashPath = "/safebrowsingGethash"; 40 var httpserver; 41 42 function inChildProcess() { 43 return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; 44 } 45 46 function cookieSetHandler(metadata, response) { 47 var cookieName = metadata.getHeader("set-cookie"); 48 response.setStatusLine(metadata.httpVersion, 200, "Ok"); 49 response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); 50 response.setHeader("Content-Type", "text/plain"); 51 response.bodyOutputStream.write("Ok", "Ok".length); 52 } 53 54 function cookieCheckHandler(metadata, response) { 55 var cookies = metadata.getHeader("Cookie"); 56 response.setStatusLine(metadata.httpVersion, 200, "Ok"); 57 response.setHeader("saw-cookies", cookies, false); 58 response.setHeader("Content-Type", "text/plain"); 59 response.bodyOutputStream.write("Ok", "Ok".length); 60 } 61 62 function safebrowsingUpdateHandler(metadata, response) { 63 var cookieName = "sb-update-cookie"; 64 response.setStatusLine(metadata.httpVersion, 200, "Ok"); 65 response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); 66 response.setHeader("Content-Type", "text/plain"); 67 response.bodyOutputStream.write("Ok", "Ok".length); 68 } 69 70 function safebrowsingGethashHandler(metadata, response) { 71 var cookieName = "sb-gethash-cookie"; 72 response.setStatusLine(metadata.httpVersion, 200, "Ok"); 73 response.setHeader("set-Cookie", cookieName + "=1; Path=/", false); 74 response.setHeader("Content-Type", "text/plain"); 75 76 let msg = "test-phish-simplea:1:32\n" + "a".repeat(32); 77 response.bodyOutputStream.write(msg, msg.length); 78 } 79 80 function setupChannel(path, originAttributes) { 81 var channel = NetUtil.newChannel({ 82 uri: URL + path, 83 loadUsingSystemPrincipal: true, 84 }); 85 channel.loadInfo.originAttributes = originAttributes; 86 channel.QueryInterface(Ci.nsIHttpChannel); 87 return channel; 88 } 89 90 function run_test() { 91 // Set up a profile 92 do_get_profile(); 93 94 // Allow all cookies if the pref service is available in this process. 95 if (!inChildProcess()) { 96 Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); 97 Services.prefs.setBoolPref( 98 "network.cookieJarSettings.unblocked_for_testing", 99 true 100 ); 101 } 102 103 httpserver = new HttpServer(); 104 httpserver.registerPathHandler(setCookiePath, cookieSetHandler); 105 httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler); 106 httpserver.registerPathHandler( 107 safebrowsingUpdatePath, 108 safebrowsingUpdateHandler 109 ); 110 httpserver.registerPathHandler( 111 safebrowsingGethashPath, 112 safebrowsingGethashHandler 113 ); 114 115 httpserver.start(-1); 116 run_next_test(); 117 } 118 119 // this test does not emulate a response in the body, 120 // rather we only set the cookies in the header of response. 121 add_test(function test_safebrowsing_update() { 122 var streamUpdater = Cc[ 123 "@mozilla.org/url-classifier/streamupdater;1" 124 ].getService(Ci.nsIUrlClassifierStreamUpdater); 125 126 function onSuccess() { 127 run_next_test(); 128 } 129 function onUpdateError() { 130 do_throw("ERROR: received onUpdateError!"); 131 } 132 function onDownloadError() { 133 do_throw("ERROR: received onDownloadError!"); 134 } 135 136 streamUpdater.downloadUpdates( 137 "test-phish-simple,test-malware-simple", 138 "", 139 "", 140 true, 141 "test", 142 URL + safebrowsingUpdatePath, 143 onSuccess, 144 onUpdateError, 145 onDownloadError 146 ); 147 }); 148 149 add_test(function test_safebrowsing_gethash() { 150 var hashCompleter = Cc[ 151 "@mozilla.org/url-classifier/hashcompleter;1" 152 ].getService(Ci.nsIUrlClassifierHashCompleter); 153 154 hashCompleter.complete( 155 "aaaa", 156 URL + safebrowsingGethashPath, 157 "test-phish-simple", 158 { 159 completionV2() {}, 160 161 completionFinished(status) { 162 Assert.equal(status, Cr.NS_OK); 163 run_next_test(); 164 }, 165 } 166 ); 167 }); 168 169 add_test(function test_non_safebrowsing_cookie() { 170 var cookieName = "regCookie_id0"; 171 var originAttributes = new OriginAttributes(0, false, 0); 172 173 function setNonSafeBrowsingCookie() { 174 var channel = setupChannel(setCookiePath, originAttributes); 175 channel.setRequestHeader("set-cookie", cookieName, false); 176 channel.asyncOpen(new ChannelListener(checkNonSafeBrowsingCookie, null)); 177 } 178 179 function checkNonSafeBrowsingCookie() { 180 var channel = setupChannel(checkCookiePath, originAttributes); 181 channel.asyncOpen( 182 new ChannelListener(completeCheckNonSafeBrowsingCookie, null) 183 ); 184 } 185 186 function completeCheckNonSafeBrowsingCookie(request) { 187 // Confirm that only the >> ONE << cookie is sent over the channel. 188 var expectedCookie = cookieName + "=1"; 189 request.QueryInterface(Ci.nsIHttpChannel); 190 var cookiesSeen = request.getResponseHeader("saw-cookies"); 191 Assert.equal(cookiesSeen, expectedCookie); 192 run_next_test(); 193 } 194 195 setNonSafeBrowsingCookie(); 196 }); 197 198 add_test(function test_safebrowsing_cookie() { 199 var cookieName = "sbCookie_id4294967294"; 200 var originAttributes = new OriginAttributes(0, false, 0); 201 originAttributes.firstPartyDomain = 202 "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"; 203 204 function setSafeBrowsingCookie() { 205 var channel = setupChannel(setCookiePath, originAttributes); 206 channel.setRequestHeader("set-cookie", cookieName, false); 207 channel.asyncOpen(new ChannelListener(checkSafeBrowsingCookie, null)); 208 } 209 210 function checkSafeBrowsingCookie() { 211 var channel = setupChannel(checkCookiePath, originAttributes); 212 channel.asyncOpen( 213 new ChannelListener(completeCheckSafeBrowsingCookie, null) 214 ); 215 } 216 217 function completeCheckSafeBrowsingCookie(request) { 218 // Confirm that all >> THREE << cookies are sent back over the channel: 219 // a) the safebrowsing cookie set when updating 220 // b) the safebrowsing cookie set when sending gethash 221 // c) the regular cookie with custom loadcontext defined in this test. 222 var expectedCookies = "sb-update-cookie=1; "; 223 expectedCookies += "sb-gethash-cookie=1; "; 224 expectedCookies += cookieName + "=1"; 225 request.QueryInterface(Ci.nsIHttpChannel); 226 var cookiesSeen = request.getResponseHeader("saw-cookies"); 227 228 Assert.equal(cookiesSeen, expectedCookies); 229 httpserver.stop(do_test_finished); 230 } 231 232 setSafeBrowsingCookie(); 233 });