[ tor-browser ].git.dasho

test_sts_preloadlist_perwindowpb.js (9292B)
      1 "use strict";
      2 
      3 var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
      4  Ci.nsISiteSecurityService
      5 );
      6 
      7 function Observer() {}
      8 Observer.prototype = {
      9  observe(subject, topic) {
     10    if (topic == "last-pb-context-exited") {
     11      run_next_test();
     12    }
     13  },
     14 };
     15 
     16 var gObserver = new Observer();
     17 
     18 function cleanup() {
     19  Services.obs.removeObserver(gObserver, "last-pb-context-exited");
     20  gSSService.clearAll();
     21 }
     22 
     23 function run_test() {
     24  do_get_profile();
     25 
     26  registerCleanupFunction(cleanup);
     27  Services.obs.addObserver(gObserver, "last-pb-context-exited");
     28 
     29  add_test(test_part1);
     30  add_test(test_private_browsing1);
     31  add_test(test_private_browsing2);
     32 
     33  run_next_test();
     34 }
     35 
     36 function test_part1() {
     37  // check that a host not in the list is not identified as an sts host
     38  ok(
     39    !gSSService.isSecureURI(
     40      Services.io.newURI("https://nonexistent.example.com")
     41    )
     42  );
     43 
     44  // check that an ancestor domain is not identified as an sts host
     45  ok(!gSSService.isSecureURI(Services.io.newURI("https://com")));
     46 
     47  // check that the pref to toggle using the preload list works
     48  Services.prefs.setBoolPref(
     49    "network.stricttransportsecurity.preloadlist",
     50    false
     51  );
     52  ok(
     53    !gSSService.isSecureURI(
     54      Services.io.newURI("https://includesubdomains.preloaded.test")
     55    )
     56  );
     57  Services.prefs.setBoolPref(
     58    "network.stricttransportsecurity.preloadlist",
     59    true
     60  );
     61  ok(
     62    gSSService.isSecureURI(
     63      Services.io.newURI("https://includesubdomains.preloaded.test")
     64    )
     65  );
     66 
     67  // check that a subdomain is an sts host (includeSubdomains is set)
     68  ok(
     69    gSSService.isSecureURI(
     70      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
     71    )
     72  );
     73 
     74  // check that another subdomain is an sts host (includeSubdomains is set)
     75  ok(
     76    gSSService.isSecureURI(
     77      Services.io.newURI("https://a.b.c.def.includesubdomains.preloaded.test")
     78    )
     79  );
     80 
     81  // check that a subdomain is not an sts host (includeSubdomains is not set)
     82  ok(
     83    !gSSService.isSecureURI(
     84      Services.io.newURI("https://subdomain.noincludesubdomains.preloaded.test")
     85    )
     86  );
     87 
     88  // check that a host with a dot on the end won't break anything
     89  ok(
     90    !gSSService.isSecureURI(
     91      Services.io.newURI("https://notsts.nonexistent.example.com.")
     92    )
     93  );
     94 
     95  // check that processing a header with max-age: 0 will remove a preloaded
     96  // site from the list
     97  let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
     98  let subDomainUri = Services.io.newURI(
     99    "https://subdomain.includesubdomains.preloaded.test"
    100  );
    101  gSSService.processHeader(uri, "max-age=0");
    102  ok(!gSSService.isSecureURI(uri));
    103  ok(!gSSService.isSecureURI(subDomainUri));
    104  // check that processing another header (with max-age non-zero) will
    105  // re-enable a site's sts status
    106  gSSService.processHeader(uri, "max-age=1000");
    107  ok(gSSService.isSecureURI(uri));
    108  // but this time include subdomains was not set, so test for that
    109  ok(!gSSService.isSecureURI(subDomainUri));
    110  gSSService.clearAll();
    111 
    112  // check that processing a header with max-age: 0 from a subdomain of a site
    113  // will not remove that (ancestor) site from the list
    114  uri = Services.io.newURI(
    115    "https://subdomain.noincludesubdomains.preloaded.test"
    116  );
    117  gSSService.processHeader(uri, "max-age=0");
    118  ok(
    119    gSSService.isSecureURI(
    120      Services.io.newURI("https://noincludesubdomains.preloaded.test")
    121    )
    122  );
    123  ok(!gSSService.isSecureURI(uri));
    124 
    125  uri = Services.io.newURI(
    126    "https://subdomain.includesubdomains.preloaded.test"
    127  );
    128  gSSService.processHeader(uri, "max-age=0");
    129  // we received a header with "max-age=0", so we have "no information"
    130  // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
    131  // but it is actually still an STS host, because of the preloaded
    132  // includesubdomains.preloaded.test including subdomains.
    133  // Here's a drawing:
    134  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
    135  //     |-- subdomain.includesubdomains.preloaded.test                          IS sts host
    136  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
    137  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
    138  ok(
    139    gSSService.isSecureURI(
    140      Services.io.newURI("https://includesubdomains.preloaded.test")
    141    )
    142  );
    143  ok(
    144    gSSService.isSecureURI(
    145      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
    146    )
    147  );
    148  ok(
    149    gSSService.isSecureURI(
    150      Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
    151    )
    152  );
    153  ok(
    154    gSSService.isSecureURI(
    155      Services.io.newURI(
    156        "https://another.subdomain.includesubdomains.preloaded.test"
    157      )
    158    )
    159  );
    160 
    161  gSSService.processHeader(uri, "max-age=1000");
    162  // Here's what we have now:
    163  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
    164  //     |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
    165  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
    166  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
    167  // Note that another.subdomain.includesubdomains.preloaded.test IS still an sts host, because
    168  // there exists a superdomain that is sts and asserts includeSubdomains (namely,
    169  // includesubdomains.preloaded.test)
    170  ok(
    171    gSSService.isSecureURI(
    172      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
    173    )
    174  );
    175  ok(
    176    gSSService.isSecureURI(
    177      Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
    178    )
    179  );
    180  ok(
    181    gSSService.isSecureURI(
    182      Services.io.newURI(
    183        "https://another.subdomain.includesubdomains.preloaded.test"
    184      )
    185    )
    186  );
    187 
    188  // Test that an expired non-private browsing entry results in correctly
    189  // identifying a host that is on the preload list as no longer sts.
    190  // (This happens when we're in regular browsing mode, we get a header from
    191  // a site on the preload list, and that header later expires. We need to
    192  // then treat that host as no longer an sts host.)
    193  // (sanity check first - this should be in the preload list)
    194  uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
    195  ok(gSSService.isSecureURI(uri));
    196  gSSService.processHeader(uri, "max-age=1");
    197  do_timeout(1250, function () {
    198    ok(!gSSService.isSecureURI(uri));
    199    run_next_test();
    200  });
    201 }
    202 
    203 const PRIVATE_ORIGIN_ATTRIBUTES = { privateBrowsingId: 1 };
    204 
    205 function test_private_browsing1() {
    206  gSSService.clearAll();
    207  let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
    208  let subDomainUri = Services.io.newURI(
    209    "https://a.b.c.subdomain.includesubdomains.preloaded.test"
    210  );
    211  // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set
    212  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    213  ok(gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
    214 
    215  gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
    216  ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    217  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
    218 
    219  // check adding it back in
    220  gSSService.processHeader(uri, "max-age=1000", PRIVATE_ORIGIN_ATTRIBUTES);
    221  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    222  // but no includeSubdomains this time
    223  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
    224 
    225  // do the hokey-pokey...
    226  gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
    227  ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    228  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
    229 
    230  // Test that an expired private browsing entry results in correctly
    231  // identifying a host that is on the preload list as no longer sts.
    232  // (This happens when we're in private browsing mode, we get a header from
    233  // a site on the preload list, and that header later expires. We need to
    234  // then treat that host as no longer an sts host.)
    235  // (sanity check first - this should be in the preload list)
    236  uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
    237  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    238  gSSService.processHeader(uri, "max-age=1", PRIVATE_ORIGIN_ATTRIBUTES);
    239  do_timeout(1250, function () {
    240    ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
    241    // Simulate leaving private browsing mode
    242    Services.obs.notifyObservers(null, "last-pb-context-exited");
    243  });
    244 }
    245 
    246 function test_private_browsing2() {
    247  // if this test gets this far, it means there's a private browsing service
    248  ok(
    249    gSSService.isSecureURI(
    250      Services.io.newURI("https://includesubdomains.preloaded.test")
    251    )
    252  );
    253  // the includesubdomains.preloaded.test entry has includeSubdomains set
    254  ok(
    255    gSSService.isSecureURI(
    256      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
    257    )
    258  );
    259 
    260  // Now that we're out of private browsing mode, we need to make sure
    261  // we've "forgotten" that we "forgot" this site's sts status.
    262  ok(
    263    gSSService.isSecureURI(
    264      Services.io.newURI("https://includesubdomains2.preloaded.test")
    265    )
    266  );
    267 
    268  run_next_test();
    269 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE