test_proxyDNS_leak.js (3539B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 // Test when socks proxy is registered, we don't try to resolve HTTPS record. 6 // Steps: 7 // 1. Use addHTTPSRecordOverride to add an override for service.com. 8 // 2. Add a proxy filter to use socks proxy. 9 // 3. Create a request to load service.com. 10 // 4. See if the HTTPS record is in DNS cache entries. 11 12 "use strict"; 13 14 const gDashboard = Cc["@mozilla.org/network/dashboard;1"].getService( 15 Ci.nsIDashboard 16 ); 17 const pps = Cc["@mozilla.org/network/protocol-proxy-service;1"].getService(); 18 19 const { NodeProxyFilter } = ChromeUtils.importESModule( 20 "resource://testing-common/NodeServer.sys.mjs" 21 ); 22 23 add_task(async function setup() { 24 Services.prefs.setBoolPref("network.dns.native_https_query", true); 25 Services.prefs.setBoolPref("network.dns.native_https_query_win10", true); 26 const override = Cc["@mozilla.org/network/native-dns-override;1"].getService( 27 Ci.nsINativeDNSResolverOverride 28 ); 29 30 let rawBuffer = [ 31 0, 0, 128, 0, 0, 0, 0, 1, 0, 0, 0, 0, 7, 115, 101, 114, 118, 105, 99, 101, 32 3, 99, 111, 109, 0, 0, 65, 0, 1, 0, 0, 0, 55, 0, 13, 0, 1, 0, 0, 1, 0, 6, 2, 33 104, 50, 2, 104, 51, 34 ]; 35 override.addHTTPSRecordOverride("service.com", rawBuffer, rawBuffer.length); 36 override.addIPOverride("service.com", "127.0.0.1"); 37 registerCleanupFunction(() => { 38 Services.prefs.clearUserPref("network.dns.native_https_query"); 39 Services.prefs.clearUserPref("network.dns.native_https_query_win10"); 40 Services.prefs.clearUserPref("network.dns.localDomains"); 41 override.clearOverrides(); 42 }); 43 }); 44 45 function makeChan(uri) { 46 let chan = NetUtil.newChannel({ 47 uri, 48 loadUsingSystemPrincipal: true, 49 contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT, 50 }).QueryInterface(Ci.nsIHttpChannel); 51 chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI; 52 return chan; 53 } 54 55 function channelOpenPromise(chan, flags) { 56 return new Promise(resolve => { 57 function finish(req, buffer) { 58 resolve([req, buffer]); 59 } 60 chan.asyncOpen(new ChannelListener(finish, null, flags)); 61 }); 62 } 63 64 async function isRecordFound(hostname) { 65 return new Promise(resolve => { 66 gDashboard.requestDNSInfo(function (data) { 67 let found = false; 68 for (let i = 0; i < data.entries.length; i++) { 69 if ( 70 data.entries[i].hostname == hostname && 71 data.entries[i].type == Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC 72 ) { 73 found = true; 74 break; 75 } 76 } 77 resolve(found); 78 }); 79 }); 80 } 81 82 async function do_test_with_proxy_filter(filter) { 83 pps.registerFilter(filter, 10); 84 85 let chan = makeChan(`https://service.com/`); 86 await channelOpenPromise(chan, CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL); 87 88 let found = await isRecordFound("service.com"); 89 pps.unregisterFilter(filter); 90 91 return found; 92 } 93 94 add_task(async function test_proxyDNS_do_leak() { 95 let filter = new NodeProxyFilter("socks", "localhost", 443, 0); 96 97 let res = await do_test_with_proxy_filter(filter); 98 99 Assert.ok(res, "Should find a DNS entry"); 100 }); 101 102 add_task(async function test_proxyDNS_dont_leak() { 103 Services.dns.clearCache(false); 104 105 let filter = new NodeProxyFilter( 106 "socks", 107 "localhost", 108 443, 109 Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST 110 ); 111 112 let res = await do_test_with_proxy_filter(filter); 113 114 Assert.ok(!res, "Should not find a DNS entry"); 115 });