File: dynamic-integrity.html

package info (click to toggle)
thunderbird 1%3A140.4.0esr-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,609,432 kB
  • sloc: cpp: 7,672,442; javascript: 5,901,613; ansic: 3,898,954; python: 1,413,343; xml: 653,997; asm: 462,286; java: 180,927; sh: 113,489; makefile: 20,460; perl: 14,288; objc: 13,059; yacc: 4,583; pascal: 3,352; lex: 1,720; ruby: 1,222; exp: 762; sql: 715; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (124 lines) | stat: -rw-r--r-- 4,801 bytes parent folder | download | duplicates (14) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
<!DOCTYPE html>
<html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script type="importmap">
{
  "imports": {
    "./resources/log.js?pipe=sub&name=ResolvesToBadHash": "./resources/log.js?pipe=sub&name=BadHash",
    "./resources/log.js?pipe=sub&name=ResolvesToNoHash": "./resources/log.js?pipe=sub&name=NoHash",
    "./resources/log.js?pipe=sub&name=GoodHash": "./resources/log.js?pipe=sub&name=GoodHash",
    "bare": "./resources/log.js?pipe=sub&name=BareURL",
    "bare2": "./resources/log.js?pipe=sub&name=F"
  },
  "integrity": {
    "./resources/log.js?pipe=sub&name=BadHash": "sha384-foobar",
    "./resources/log.js?pipe=sub&name=ResolvesToNoHash": "sha384-foobar",
    "./resources/log.js?pipe=sub&name=GoodHash": "sha384-SwfgBqInhSlLziU454cYhGgwPpae+d3VHZcY+vjZIO/gxRGt2u3Jsfyvure/Ww0u",
    "./resources/log.js?pipe=sub&name=InvalidExtra": "sha384-WsKk8nzJFPhk/4pWR4LYoPhEu3xaAc6PdIm4vmqoZVWqEgMYmZgOg9XJKxgD1+8v foobar-rOJN8igD0+jW6lwNN3+InhXTgQztVHlq/HJ0riswXp8kMoiIDx5JpmCwuVem6Ll9q2LFNSu1xq23bsBMMQk1rg==",
    "./resources/log.js?pipe=sub&name=Suffix": "sha384-lbOWldbmji7sCHI/L8iVJ+elmFIMp41p+aYOLxqQfZMqtoFeHFVe/ASRA0IyZ1/9?foobar",
    "./resources/log.js?pipe=sub&name=Multiple": "sha384-foobar sha512-rOJN8igD0+jW6lwNN3+InhXTgQztVHlq/HJ0riswXp8kMoiIDx5JpmCwuVem6Ll9q2LFNSu1xq23bsBMMQk1rg==",
    "./resources/log.js?pipe=sub&name=BadHashWithNoImport": "sha384-foobar",
    "./resources/log.js?pipe=sub&name=BareURL": "sha384-foobar",
    "./resources/log.js?pipe=sub&name=EventHandlerPass": "sha384-d4yrBK8a55vlyYz2QEnlaU64PPpdKBkblD2KmfozI61mC1ij6RrZJaGCTsVxPuJ2",
    "./resources/log.js?pipe=sub&name=EventHandlerFail": "sha384-foobar",
    "bare2": "sha384-foobar",
    "resources/log.js?pipe=sub&name=Bare": "sha384-foobar"
  }
}
</script>
<script>
let log;
const test_not_loaded = (url, description) => {
  promise_test(async t => {
    log = [];
    await promise_rejects_js(t, TypeError, import(url));
    assert_array_equals(log, []);
  }, description);
};

const test_loaded = (url, log_expectation, description) => {
  promise_test(async t => {
    log = [];
    await import(url);
    assert_array_equals(log, log_expectation);
  }, description);
};

test_not_loaded(
  "./resources/log.js?pipe=sub&name=ResolvesToBadHash",
  "script was not loaded, as its resolved URL failed its integrity check"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=ResolvesToNoHash",
  ["log:NoHash"],
  "script was loaded, as its resolved URL had no integrity check, despite its specifier having one"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=GoodHash",
  ["log:GoodHash"],
  "script was loaded, as its integrity check passed"
);
test_not_loaded(
  "./resources/log.js?pipe=sub&name=BadHashWithNoImport",
  "Script with no import definition was not loaded, as it failed its integrity check"
);
test_not_loaded(
  "bare",
  "Bare specifier script was not loaded, as it failed its integrity check"
);
test_loaded(
  "bare2",
  ["log:F"],
  "Bare specifier used for integrity loaded, as its definition should have used the URL"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=InvalidExtra",
  ["log:InvalidExtra"],
  "script was loaded, as its integrity check passed, despite having an extra invalid hash"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=Suffix",
  ["log:Suffix"],
  "script was loaded, as its integrity check passed, despite having an invalid suffix"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=Multiple",
  ["log:Multiple"],
  "script was loaded, as its integrity check passed given multiple hashes. This also makes sure that the larger hash is picked"
);
test_loaded(
  "./resources/log.js?pipe=sub&name=Bare",
  ["log:Bare"],
  "script was loaded, as its integrity check was ignored, as it was defined using a URL that looks like a bare specifier"
);

promise_test(async () => {
  log = [];
  const img = new Image();
  const promise = new Promise((resolve, reject) => {
    img.onload = () => {
      import('./resources/log.js?pipe=sub&name=EventHandlerPass').then(resolve).catch(reject);
    };
    img.src = "/images/green.png?1";
  });

  await promise;
  assert_equals(log.length, 1);
  assert_equals(log[0], "log:EventHandlerPass");
}, "Script imported inside an event handler was loaded as its valid integrity check passed");

promise_test(async t => {
  log = [];
  const img = new Image();
  const promise = new Promise((resolve, reject) => {
    img.onload = () => {
      import('./resources/log.js?pipe=sub&name=EventHandlerFail').then(resolve).catch(reject);
    };
    img.src = "/images/green.png?2";
  });

  await promise_rejects_js(t, TypeError, promise);
}, "Script imported inside an event handler was not loaded as its integrity check failed");
</script>