File: test_ext_webrequest_getSecurityInfo.html

package info (click to toggle)
firefox-esr 128.13.0esr-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,230,012 kB
  • sloc: cpp: 7,103,971; javascript: 6,088,450; ansic: 3,653,980; python: 1,212,330; xml: 594,604; asm: 420,652; java: 182,969; sh: 71,124; makefile: 20,747; perl: 13,449; objc: 12,399; yacc: 4,583; cs: 3,846; pascal: 2,973; lex: 1,720; ruby: 1,194; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (153 lines) | stat: -rw-r--r-- 4,755 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>browser.webRequest.getSecurityInfo()</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
  <link rel="stylesheet" href="/tests/SimpleTest/test.css"/>
</head>
<body>

<script>
"use strict";

add_task(async function test_getSecurityInfo() {
  const extension = ExtensionTestUtils.loadExtension({
    manifest: {
      permissions: [
        "webRequest",
        "webRequestBlocking",
        "*://example.org/*"
      ],
    },
    async background() {
      const url = "https://example.org/tests/toolkit/components/extensions/test/mochitest/file_sample.html";

      let tab;
      browser.webRequest.onHeadersReceived.addListener(async details => {
        const securityInfo = await browser.webRequest.getSecurityInfo(
          details.requestId,
          {}
        );

        // Some properties have dynamic values so let's take them out of the
        // `securityInfo` object before asserting all the other props with deep
        // equality.
        const {
          cipherSuite,
          secretKeyLength,
          keaGroupName,
          signatureSchemeName,
          protocolVersion,
          certificates,
          ...otherProps
        } = securityInfo;

        browser.test.assertTrue(cipherSuite.length, "expected cipher suite");
        browser.test.assertTrue(
          Number.isInteger(secretKeyLength),
          "expected secret key length"
        );
        browser.test.assertTrue(
          keaGroupName.length,
          "expected kea group name"
        );
        browser.test.assertTrue(
          signatureSchemeName.length,
          "expected signature scheme name"
        );
        browser.test.assertTrue(
          protocolVersion.length,
          "expected protocol version"
        );
        browser.test.assertTrue(
          Array.isArray(certificates),
          "expected an array of certificates"
        );

        browser.test.assertDeepEq({
          state: "secure",
          isExtendedValidation: false,
          certificateTransparencyStatus: "not_applicable",
          hsts: false,
          hpkp: false,
          usedEch: false,
          usedDelegatedCredentials: false,
          usedOcsp: false,
          usedPrivateDns: false,
        }, otherProps, "expected security info");

        await browser.tabs.remove(tab.id);
        browser.test.notifyPass("success");
      }, { urls: [url] } , ["blocking"]);

      tab = await browser.tabs.create({ url });
    },
  });
  await extension.startup();

  await extension.awaitFinish("success");

  await extension.unload();
});

add_task(async function test_getSecurityInfo_without_permission() {
  const extension = ExtensionTestUtils.loadExtension({
    manifest: {
      manifest_version: 3,
      granted_host_permissions: true,
      permissions: [ "webRequest", "webRequestBlocking"],
      host_permissions: ["*://example.org/*"],
    },
    async background() {
      let requestCount = 0;
      browser.webRequest.onHeadersReceived.addListener(
        async ({ requestId  }) => {
          ++requestCount;
          try {
            let info = await browser.webRequest.getSecurityInfo(requestId, {});
            browser.test.assertEq("secure", info?.state, "Got SecurityInfo");

            await browser.permissions.remove({ origins: ["*://example.org/*"] });

            browser.test.assertDeepEq(
              undefined,
              await browser.webRequest.getSecurityInfo(requestId, {}),
              "getSecurityInfo() should not return info without permission"
            );
          } catch (e) {
            browser.test.fail(`Unexpected error in onHeadersReceived: ${e}`);
          }
        },
        { urls: ["*://example.org/*/file_image_good.png?permcheck*"] },
        ["blocking"]
      );

      // Main purpose of this is to ensure that the webRequest listener has
      // registered when the request is triggered (work around bug 1300234).
      browser.webRequest.getSecurityInfo("").then(securityInfo => {
        browser.test.assertEq(
          undefined,
          securityInfo,
          "getSecurityInfo() with invalid requestId resolves to undefined"
        );
        const img = new Image();
        img.src = "https://example.org/tests/toolkit/components/extensions/test/mochitest/file_image_good.png?permcheck&_=" + Date.now();
        img.decode().then(() => {
          browser.test.assertEq(1, requestCount, "Seen request");
          browser.test.sendMessage("done");
        });
      });
    },
  });

  await extension.startup();
  await extension.awaitMessage("done");
  await extension.unload();
});

</script>

</body>
</html>