File: supercookie_test.py

package info (click to toggle)
privacybadger 2026.2.20-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,040 kB
  • sloc: javascript: 56,619; python: 2,214; sh: 406; makefile: 57; xml: 6
file content (125 lines) | stat: -rw-r--r-- 4,553 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
#!/usr/bin/env python

import unittest

import pbtest

from functools import partial


class SupercookieTest(pbtest.PBSeleniumTest):
    """Make sure we detect potential supercookies. """

    def get_snitch_map_for(self, domain):
        self.open_window() # don't replace the test page to allow for retrying
        return self.get_badger_storage('snitch_map').get(domain)

    def setUp(self):
        # enable local learning
        self.load_url(self.options_url)
        self.wait_for_script("return window.OPTIONS_INITIALIZED")
        self.find_el_by_css('a[href="#tab-general-settings"]').click()
        self.find_el_by_css('#local-learning-checkbox').click()

    def test_should_detect_ls_of_third_party_frame(self):
        FIRST_PARTY_BASE = "eff.org"
        THIRD_PARTY_BASE = "efforg.github.io"

        assert not self.get_snitch_map_for(THIRD_PARTY_BASE)

        self.load_url((
            f"https://privacybadger-tests.{FIRST_PARTY_BASE}/html/"
            "localstorage.html"
        ))

        # TODO FIXME We get some intermittent failures for this test.
        # It seems we sometimes miss the setting of localStorage items
        # because the script runs after we already checked what's in localStorage.
        # We can work around this race condition by reloading the page.
        self.driver.refresh()

        snitch_map = pbtest.retry_until(
            partial(self.get_snitch_map_for, THIRD_PARTY_BASE),
            times=3)
        assert snitch_map == [FIRST_PARTY_BASE]

    def test_should_not_detect_low_entropy_ls_of_third_party_frame(self):
        FIRST_PARTY_BASE = "eff.org"
        THIRD_PARTY_BASE = "efforg.github.io"
        assert not self.get_snitch_map_for(THIRD_PARTY_BASE)
        self.load_url((
            f"https://privacybadger-tests.{FIRST_PARTY_BASE}/html/"
            "localstorage_low_entropy.html"
        ))
        self.driver.refresh() # TODO workaround
        assert not self.get_snitch_map_for(THIRD_PARTY_BASE)

    def test_should_not_detect_first_party_ls(self):
        BASE_DOMAIN = "efforg.github.io"
        self.load_url((
            f"https://{BASE_DOMAIN}/privacybadger-test-fixtures/html/"
            "localstorage/set_ls.html"
        ))
        self.driver.refresh() # TODO workaround
        assert not self.get_snitch_map_for(BASE_DOMAIN)

    def test_should_not_detect_ls_of_third_party_script(self):
        FIRST_PARTY_BASE = "eff.org"
        THIRD_PARTY_BASE = "efforg.github.io"

        # a third-party script included by the top page (not a 3rd party frame)
        self.load_url((
            f"https://privacybadger-tests.{FIRST_PARTY_BASE}/html/"
            "localstorage_from_third_party_script.html"
        ))

        self.driver.refresh() # TODO workaround

        assert not self.get_snitch_map_for(FIRST_PARTY_BASE)
        assert not self.get_snitch_map_for(THIRD_PARTY_BASE)

    def test_localstorage_learning(self):
        """Verifies that we learn to block a third-party domain if we see
        non-trivial localStorage data from that third-party on three sites."""

        SITE1_URL = "https://ddrybktjfxh4.cloudfront.net/localstorage.html"
        SITE2_URL = "https://d3syxqe9po5ji0.cloudfront.net/localstorage.html"
        SITE3_URL = "https://d3b37ucnz1m2l2.cloudfront.net/localstorage.html"

        THIRD_PARTY = "efforg.github.io"

        # remove pre-trained domains
        self.clear_tracker_data()

        def get_sliders(url, category):
            self.open_popup(url)
            sliders = self.get_tracker_state()
            return sliders[category]

        # load the first site
        self.load_url(SITE1_URL)
        # TODO FIXME remove workaround once we fix race conditions in contentscripts/supercookie.js
        self.driver.refresh()
        sliders = pbtest.retry_until(
            partial(get_sliders, SITE1_URL, 'notYetBlocked'), times=3)
        assert THIRD_PARTY in sliders

        # go to second site
        self.load_url(SITE2_URL)
        # TODO workaround
        self.driver.refresh()
        sliders = pbtest.retry_until(
            partial(get_sliders, SITE2_URL, 'notYetBlocked'), times=3)
        assert THIRD_PARTY in sliders

        # go to third site
        self.load_url(SITE3_URL)
        # TODO workaround
        self.driver.refresh()
        sliders = pbtest.retry_until(
            partial(get_sliders, SITE3_URL, 'blocked'), times=3)
        assert THIRD_PARTY in sliders, "third party should now be reported as blocked"


if __name__ == "__main__":
    unittest.main()