Backed out changeset b71c8c052463 (bug 1943846) for causing mass failures. CLOSED...

[gecko.git] / netwerk / test / unit / test_cookiejars_safebrowsing.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Description of the test:
 *   We show that we can separate the safebrowsing cookie by creating a custom
 *   OriginAttributes using a unique safebrowsing first-party domain. Setting this
 *   custom OriginAttributes on the loadInfo of the channel allows us to query the
 *   first-party domain and therefore separate the safebrowsing cookie in its own
 *   cookie-jar. For testing safebrowsing update we do >> NOT << emulate a response
 *   in the body, rather we only set the cookies in the header of the response
 *   and confirm that cookies are separated in their own cookie-jar.
 *
 * 1) We init safebrowsing and simulate an update (cookies are set for localhost)
 *
 * 2) We open a channel that should send regular cookies, but not the
 *    safebrowsing cookie.
 *
 * 3) We open a channel with a custom callback, simulating a safebrowsing cookie
 *    that should send this simulated safebrowsing cookie as well as the
 *    real safebrowsing cookies. (Confirming that the safebrowsing cookies
 *    actually get stored in the correct jar).
 */

"use strict";

const { HttpServer } = ChromeUtils.importESModule(
  "resource://testing-common/httpd.sys.mjs"
);

ChromeUtils.defineLazyGetter(this, "URL", function () {
  return "http://localhost:" + httpserver.identity.primaryPort;
});

var setCookiePath = "/setcookie";
var checkCookiePath = "/checkcookie";
var safebrowsingUpdatePath = "/safebrowsingUpdate";
var safebrowsingGethashPath = "/safebrowsingGethash";
var httpserver;

function inChildProcess() {
  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
}

function cookieSetHandler(metadata, response) {
  var cookieName = metadata.getHeader("set-cookie");
  response.setStatusLine(metadata.httpVersion, 200, "Ok");
  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
  response.setHeader("Content-Type", "text/plain");
  response.bodyOutputStream.write("Ok", "Ok".length);
}

function cookieCheckHandler(metadata, response) {
  var cookies = metadata.getHeader("Cookie");
  response.setStatusLine(metadata.httpVersion, 200, "Ok");
  response.setHeader("saw-cookies", cookies, false);
  response.setHeader("Content-Type", "text/plain");
  response.bodyOutputStream.write("Ok", "Ok".length);
}

function safebrowsingUpdateHandler(metadata, response) {
  var cookieName = "sb-update-cookie";
  response.setStatusLine(metadata.httpVersion, 200, "Ok");
  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
  response.setHeader("Content-Type", "text/plain");
  response.bodyOutputStream.write("Ok", "Ok".length);
}

function safebrowsingGethashHandler(metadata, response) {
  var cookieName = "sb-gethash-cookie";
  response.setStatusLine(metadata.httpVersion, 200, "Ok");
  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
  response.setHeader("Content-Type", "text/plain");

  let msg = "test-phish-simplea:1:32\n" + "a".repeat(32);
  response.bodyOutputStream.write(msg, msg.length);
}

function setupChannel(path, originAttributes) {
  var channel = NetUtil.newChannel({
    uri: URL + path,
    loadUsingSystemPrincipal: true,
  });
  channel.loadInfo.originAttributes = originAttributes;
  channel.QueryInterface(Ci.nsIHttpChannel);
  return channel;
}

function run_test() {
  // Set up a profile
  do_get_profile();

  // Allow all cookies if the pref service is available in this process.
  if (!inChildProcess()) {
    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
    Services.prefs.setBoolPref(
      "network.cookieJarSettings.unblocked_for_testing",
      true
    );
  }

  httpserver = new HttpServer();
  httpserver.registerPathHandler(setCookiePath, cookieSetHandler);
  httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler);
  httpserver.registerPathHandler(
    safebrowsingUpdatePath,
    safebrowsingUpdateHandler
  );
  httpserver.registerPathHandler(
    safebrowsingGethashPath,
    safebrowsingGethashHandler
  );

  httpserver.start(-1);
  run_next_test();
}

// this test does not emulate a response in the body,
// rather we only set the cookies in the header of response.
add_test(function test_safebrowsing_update() {
  var streamUpdater = Cc[
    "@mozilla.org/url-classifier/streamupdater;1"
  ].getService(Ci.nsIUrlClassifierStreamUpdater);

  function onSuccess() {
    run_next_test();
  }
  function onUpdateError() {
    do_throw("ERROR: received onUpdateError!");
  }
  function onDownloadError() {
    do_throw("ERROR: received onDownloadError!");
  }

  streamUpdater.downloadUpdates(
    "test-phish-simple,test-malware-simple",
    "",
    true,
    URL + safebrowsingUpdatePath,
    onSuccess,
    onUpdateError,
    onDownloadError
  );
});

add_test(function test_safebrowsing_gethash() {
  var hashCompleter = Cc[
    "@mozilla.org/url-classifier/hashcompleter;1"
  ].getService(Ci.nsIUrlClassifierHashCompleter);

  hashCompleter.complete(
    "aaaa",
    URL + safebrowsingGethashPath,
    "test-phish-simple",
    {
      completionV2() {},

      completionFinished(status) {
        Assert.equal(status, Cr.NS_OK);
        run_next_test();
      },
    }
  );
});

add_test(function test_non_safebrowsing_cookie() {
  var cookieName = "regCookie_id0";
  var originAttributes = new OriginAttributes(0, false, 0);

  function setNonSafeBrowsingCookie() {
    var channel = setupChannel(setCookiePath, originAttributes);
    channel.setRequestHeader("set-cookie", cookieName, false);
    channel.asyncOpen(new ChannelListener(checkNonSafeBrowsingCookie, null));
  }

  function checkNonSafeBrowsingCookie() {
    var channel = setupChannel(checkCookiePath, originAttributes);
    channel.asyncOpen(
      new ChannelListener(completeCheckNonSafeBrowsingCookie, null)
    );
  }

  function completeCheckNonSafeBrowsingCookie(request) {
    // Confirm that only the >> ONE << cookie is sent over the channel.
    var expectedCookie = cookieName + "=1";
    request.QueryInterface(Ci.nsIHttpChannel);
    var cookiesSeen = request.getResponseHeader("saw-cookies");
    Assert.equal(cookiesSeen, expectedCookie);
    run_next_test();
  }

  setNonSafeBrowsingCookie();
});

add_test(function test_safebrowsing_cookie() {
  var cookieName = "sbCookie_id4294967294";
  var originAttributes = new OriginAttributes(0, false, 0);
  originAttributes.firstPartyDomain =
    "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla";

  function setSafeBrowsingCookie() {
    var channel = setupChannel(setCookiePath, originAttributes);
    channel.setRequestHeader("set-cookie", cookieName, false);
    channel.asyncOpen(new ChannelListener(checkSafeBrowsingCookie, null));
  }

  function checkSafeBrowsingCookie() {
    var channel = setupChannel(checkCookiePath, originAttributes);
    channel.asyncOpen(
      new ChannelListener(completeCheckSafeBrowsingCookie, null)
    );
  }

  function completeCheckSafeBrowsingCookie(request) {
    // Confirm that all >> THREE << cookies are sent back over the channel:
    //   a) the safebrowsing cookie set when updating
    //   b) the safebrowsing cookie set when sending gethash
    //   c) the regular cookie with custom loadcontext defined in this test.
    var expectedCookies = "sb-update-cookie=1; ";
    expectedCookies += "sb-gethash-cookie=1; ";
    expectedCookies += cookieName + "=1";
    request.QueryInterface(Ci.nsIHttpChannel);
    var cookiesSeen = request.getResponseHeader("saw-cookies");

    Assert.equal(cookiesSeen, expectedCookies);
    httpserver.stop(do_test_finished);
  }

  setSafeBrowsingCookie();
});