Bug 908933 - CSP tests: ShouldProcess should block TYPE_OBJECT (r=sstamm)

2024-09-13 09:24:08 -07:00 · 2014-08-08 15:01:52 -07:00 · 2014-08-08 15:01:52 -07:00 · a47a4bef8b
commit a47a4bef8b
parent 2f38347822
3 changed files with 121 additions and 0 deletions
--- a/content/base/test/csp/file_csp_shouldprocess.html
+++ b/content/base/test/csp/file_csp_shouldprocess.html
@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>Helper for Test Bug 908933</title>
+    <meta charset="utf-8">
+  </head>
+  <body>
+	<object type="application/x-java-test" codebase="test1"></object>
+
+	<object classid="java:test2" codebase="./test2"></object>
+
+	<object data="test3" classid="java:test3" codebase="./test3"></object>
+
+	<applet codebase="test4"></applet>
+
+	<embed src="test5.class" codebase="test5" type="application/x-java-test">
+
+	<embed type="application/x-java-test" codebase="test6">
+
+	<embed src="test7.class">
+
+	<embed src="test8.class" codebase="test8">
+
+  </body>
+</html>
--- a/content/base/test/csp/mochitest.ini
+++ b/content/base/test/csp/mochitest.ini
@ -60,6 +60,7 @@ support-files =
  file_csp_bug773891.html
  file_csp_bug773891.sjs
  file_csp_redirects_main.html
+  file_csp_shouldprocess.html
  file_csp_redirects_page.sjs
  file_csp_redirects_resource.sjs
  file_CSP_bug910139.sjs
@ -114,6 +115,7 @@ skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'and
 [test_bug836922_npolicies.html]
 [test_bug886164.html]
 [test_csp_redirects.html]
+[test_csp_shouldprocess.html]
 [test_CSP_bug910139.html]
 [test_CSP_bug909029.html]
 [test_policyuri_regression_from_multipolicy.html]
--- a/content/base/test/csp/test_csp_shouldprocess.html
+++ b/content/base/test/csp/test_csp_shouldprocess.html
@ -0,0 +1,94 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=908933
+-->
+<head>
+  <title>Test Bug 908933</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+  <meta http-equiv="content-type" content="text/html; charset=utf-8">
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * We load variations of 'objects' and make sure all the
+ * resource loads are correctly blocked by CSP.
+ * For all the testing we use a CSP with "object-src 'none'"
+ * so that all the loads are either blocked by
+ * shouldProcess or shouldLoad.
+ */
+
+const POLICY = "default-src 'http://mochi.test:8888'; object-src 'none'";
+const TESTFILE = "tests/content/base/test/csp/file_csp_shouldprocess.html";
+
+SimpleTest.waitForExplicitFinish();
+
+var tests = [
+  // blocked by shouldProcess
+  "http://mochi.test:8888/tests/content/base/test/csp/test1",
+  "http://mochi.test:8888/tests/content/base/test/csp/test2",
+  "http://mochi.test:8888/tests/content/base/test/csp/test3",
+  "http://mochi.test:8888/tests/content/base/test/csp/test4",
+  "http://mochi.test:8888/tests/content/base/test/csp/test5",
+  "http://mochi.test:8888/tests/content/base/test/csp/test6",
+  // blocked by shouldLoad
+  "http://mochi.test:8888/tests/content/base/test/csp/test7.class",
+  "http://mochi.test:8888/tests/content/base/test/csp/test8.class",
+];
+
+function checkResults(aURI) {
+  var index = tests.indexOf(aURI);
+  if (index > -1) {
+    tests.splice(index, 1);
+    ok(true, "ShouldLoad or ShouldProcess blocks TYPE_OBJECT with uri: " + aURI + "!");
+  }
+  else {
+    ok(false, "ShouldLoad or ShouldProcess incorreclty blocks TYPE_OBJECT with uri: " + aURI + "!");
+  }
+  if (tests.length == 0) {
+    window.examiner.remove();
+    SimpleTest.finish();
+  }
+}
+
+// used to watch that shouldProcess blocks TYPE_OBJECT
+function examiner() {
+  SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
+}
+examiner.prototype  = {
+  observe: function(subject, topic, data) {
+    if (topic === "csp-on-violate-policy") {
+      var asciiSpec =
+        SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
+      checkResults(asciiSpec);
+    }
+  },
+  remove: function() {
+    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+  }
+}
+window.examiner = new examiner();
+
+function loadFrame() {
+  var src = "file_csp_testserver.sjs";
+  // append the file that should be served
+  src += "?file=" + escape(TESTFILE);
+  // append the CSP that should be used to serve the file
+  src += "&csp=" + escape(POLICY);
+
+  var iframe = document.createElement("iframe");
+  iframe.src = src;
+  document.body.appendChild(iframe);
+}
+
+SpecialPowers.pushPrefEnv(
+  { "set": [['plugin.java.mime', 'application/x-java-test']] },
+  loadFrame);
+
+</script>
+</pre>
+</body>
+</html>