tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

csp.window.js (3040B)

      1 // META: script=helper.js
      2 
      3 // Here, we're replicating many of the tests from `script.window.js`, but
      4 // doing so in the presence of a CSP that requires the RFC's test key to
      5 // be asserted as integrity metadata.
      6 
      7 // First, enforce CSP:
      8 const el = document.createElement('meta');
      9 el.httpEquiv = "content-security-policy";
     10 el.content = `script-src 'ed25519-${kValidKeys['rfc']}'`;
     11 document.head.appendChild(el);
     12 
     13 // Unsigned scripts should not load, regardless of integrity metadata:
     14 generate_script_test(kUnsignedShouldBlock, "", EXPECT_BLOCKED,
     15                     "No signature, no integrity check: blocked.");
     16 
     17 generate_script_test(kUnsignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,
     18                     "No signature, malformed integrity check: blocked.");
     19 
     20 generate_script_test(kUnsignedShouldBlock, `ed25519-${kValidKeys['rfc']}`, EXPECT_BLOCKED,
     21                     "No signature, integrity check: blocked.");
     22 
     23 // Signed scripts should load iff valid integrity metadata is explicitly asserted:
     24 generate_script_test(kSignedShouldBlock, "", EXPECT_BLOCKED,
     25                     "Valid signature, no integrity check: blocked.");
     26 generate_script_test(kSignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,
     27                     "Valid signature, malformed integrity check: blocked.");
     28 generate_script_test(kSignedShouldExecute, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED,
     29                     "Valid signature, valid integrity check: loads.");
     30 generate_script_test(kSignedShouldExecute, `ed25519-${kValidKeys['rfc']} ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,
     31                     "Valid signature, one matching and one mismatched integrity check: blocked.");
     32 generate_script_test(kSignedShouldBlock, `ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,
     33                     "Valid signature, mismatched integrity check: blocked.");
     34 
     35 // Likewise, scripts signed with multiple signatures will still require valid integrity metadata to be asserted:
     36 generate_script_test(kMultiplySignedShouldBlock, "", EXPECT_BLOCKED,
     37                     "Valid signatures, no integrity check: blocked.");
     38 generate_script_test(kMultiplySignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,
     39                     "Valid signatures, malformed integrity check: blocked.");
     40 generate_script_test(kMultiplySignedShouldExecute, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED,
     41                     "Valid signatures, integrity check matches one: loads.");
     42 generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,
     43                     "Valid signatures, integrity check matches the other: blocked.");
     44 generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kValidKeys['rfc']} ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,
     45                     "Valid signatures, integrity check matches both, but only one in CSP: blocked.");
     46 generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kInvalidKey}`, EXPECT_BLOCKED,
     47                     "Valid signatures, integrity check matches neither: blocked.");