Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: test/WebRequest.cpp

Issue 29377825: Issue 4951 - Restrict request headers in XMLHttpRequest.Also test Accept-Encoding with th… (Closed) Base URL: https://hg.adblockplus.org/libadblockplus/
Patch Set: Initial changes Created March 2, 2017, 9:39 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« lib/compat.js ('K') | « lib/compat.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file is part of Adblock Plus <https://adblockplus.org/>, 2 * This file is part of Adblock Plus <https://adblockplus.org/>,
3 * Copyright (C) 2006-2016 Eyeo GmbH 3 * Copyright (C) 2006-2016 Eyeo GmbH
4 * 4 *
5 * Adblock Plus is free software: you can redistribute it and/or modify 5 * Adblock Plus is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3 as 6 * it under the terms of the GNU General Public License version 3 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 * 8 *
9 * Adblock Plus is distributed in the hope that it will be useful, 9 * Adblock Plus is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
44 void SetUp() 44 void SetUp()
45 { 45 {
46 BaseJsTest::SetUp(); 46 BaseJsTest::SetUp();
47 jsEngine->SetWebRequest(AdblockPlus::WebRequestPtr(new T)); 47 jsEngine->SetWebRequest(AdblockPlus::WebRequestPtr(new T));
48 jsEngine->SetFileSystem(AdblockPlus::FileSystemPtr(new LazyFileSystem)); 48 jsEngine->SetFileSystem(AdblockPlus::FileSystemPtr(new LazyFileSystem));
49 } 49 }
50 }; 50 };
51 51
52 typedef WebRequestTest<MockWebRequest> MockWebRequestTest; 52 typedef WebRequestTest<MockWebRequest> MockWebRequestTest;
53 typedef WebRequestTest<AdblockPlus::DefaultWebRequest> DefaultWebRequestTest; 53 typedef WebRequestTest<AdblockPlus::DefaultWebRequest> DefaultWebRequestTest;
54 // This test doesn't need a real WebRequest.
55 typedef WebRequestTest<MockWebRequest> XMLHttpRequestTest;
54 } 56 }
55 57
56 TEST_F(MockWebRequestTest, BadCall) 58 TEST_F(MockWebRequestTest, BadCall)
57 { 59 {
58 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET()")); 60 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET()"));
59 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('', {}, function(){})")); 61 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('', {}, function(){})"));
60 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET({toString: false}, {}, fu nction(){})")); 62 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET({toString: false}, {}, fu nction(){})"));
61 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', nu ll, function(){})")); 63 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', nu ll, function(){})"));
62 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', {} , null)")); 64 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', {} , null)"));
63 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', {} , function(){}, 0)")); 65 ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', {} , function(){}, 0)"));
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 request.addEventListener('error', function() {result = 'error';}, false);\ 112 request.addEventListener('error', function() {result = 'error';}, false);\
111 request.send(null);"); 113 request.send(null);");
112 do 114 do
113 { 115 {
114 AdblockPlus::Sleep(200); 116 AdblockPlus::Sleep(200);
115 } while (jsEngine->Evaluate("result")->IsUndefined()); 117 } while (jsEngine->Evaluate("result")->IsUndefined());
116 ASSERT_EQ(AdblockPlus::WebRequest::NS_OK, jsEngine->Evaluate("request.channel. status")->AsInt()); 118 ASSERT_EQ(AdblockPlus::WebRequest::NS_OK, jsEngine->Evaluate("request.channel. status")->AsInt());
117 ASSERT_EQ(200, jsEngine->Evaluate("request.status")->AsInt()); 119 ASSERT_EQ(200, jsEngine->Evaluate("request.status")->AsInt());
118 ASSERT_EQ("[Adblock Plus ", jsEngine->Evaluate("result.substr(0, 14)")->AsStri ng()); 120 ASSERT_EQ("[Adblock Plus ", jsEngine->Evaluate("result.substr(0, 14)")->AsStri ng());
119 ASSERT_EQ("text/plain", jsEngine->Evaluate("request.getResponseHeader('Content -Type').substr(0, 10)")->AsString()); 121 ASSERT_EQ("text/plain", jsEngine->Evaluate("request.getResponseHeader('Content -Type').substr(0, 10)")->AsString());
122 #if defined(HAVE_CURL)
123 ASSERT_EQ("gzip", jsEngine->Evaluate("request.getResponseHeader('Content-Encod ing').substr(0, 4)")->AsString());
124 #endif
120 ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Location')")->IsNul l()); 125 ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Location')")->IsNul l());
121 } 126 }
122 #else 127 #else
123 TEST_F(DefaultWebRequestTest, DummyWebRequest) 128 TEST_F(DefaultWebRequestTest, DummyWebRequest)
124 { 129 {
125 jsEngine->Evaluate("_webRequest.GET('https://easylist-downloads.adblockplus.or g/easylist.txt', {}, function(result) {foo = result;} )"); 130 jsEngine->Evaluate("_webRequest.GET('https://easylist-downloads.adblockplus.or g/easylist.txt', {}, function(result) {foo = result;} )");
126 do 131 do
127 { 132 {
128 AdblockPlus::Sleep(200); 133 AdblockPlus::Sleep(200);
129 } while (jsEngine->Evaluate("this.foo")->IsUndefined()); 134 } while (jsEngine->Evaluate("this.foo")->IsUndefined());
(...skipping 20 matching lines...) Expand all
150 { 155 {
151 AdblockPlus::Sleep(200); 156 AdblockPlus::Sleep(200);
152 } while (jsEngine->Evaluate("result")->IsUndefined()); 157 } while (jsEngine->Evaluate("result")->IsUndefined());
153 ASSERT_EQ(AdblockPlus::WebRequest::NS_ERROR_FAILURE, jsEngine->Evaluate("reque st.channel.status")->AsInt()); 158 ASSERT_EQ(AdblockPlus::WebRequest::NS_ERROR_FAILURE, jsEngine->Evaluate("reque st.channel.status")->AsInt());
154 ASSERT_EQ(0, jsEngine->Evaluate("request.status")->AsInt()); 159 ASSERT_EQ(0, jsEngine->Evaluate("request.status")->AsInt());
155 ASSERT_EQ("error", jsEngine->Evaluate("result")->AsString()); 160 ASSERT_EQ("error", jsEngine->Evaluate("result")->AsString());
156 ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Content-Type')")->I sNull()); 161 ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Content-Type')")->I sNull());
157 } 162 }
158 163
159 #endif 164 #endif
165
166 TEST_F(XMLHttpRequestTest, RequestHeaderValidation)
167 {
168 AdblockPlus::FilterEngine filterEngine(jsEngine);
169
170 const std::string msg = "Attempt to set a forbidden header was denied: ";
171 // The test will override console.warning so that the
sergei 2017/03/02 22:25:31 I think we should rather check in WebRequest::GET
hub 2017/03/02 23:30:13 I didn't realize there was LogSystem to check for
sergei 2017/03/03 08:38:59 What about check in WebRequest::GET?
172 // header rejection cause result to be set.
173 // While this is an implementation detail, since the DOM API
sergei 2017/03/02 22:25:31 Could you please remove "DOM" because it's not a D
hub 2017/03/02 23:30:13 Acknowledged.
174 // doesn't seem to return anything, we have no other way to check
175 // the failure.
176 jsEngine->Evaluate("\
177 var result;\
178 console.warning = function(msg) { result = msg; };\
179 var request = new XMLHttpRequest();\
180 request.open('GET', 'https://easylist-downloads.adblockplus.org/easylist.txt ');");
181
182 // test 'Accept-Encoding' is rejected
sergei 2017/03/02 22:25:31 What about having several tests, at least checking
183 jsEngine->Evaluate("\
184 result = undefined;\
185 request.setRequestHeader('Accept-Encoding', 'gzip');");
186 auto value = jsEngine->Evaluate("result");
187 ASSERT_FALSE(value->IsUndefined());
188 ASSERT_EQ(msg + "Accept-Encoding", value->AsString());
189
190 // test random 'X' header is accepted
191 jsEngine->Evaluate("\
192 result = undefined;\
193 request.setRequestHeader('X', 'y');");
194 value = value = jsEngine->Evaluate("result");
sergei 2017/03/02 22:25:31 value = value =
hub 2017/03/02 23:30:13 Acknowledged. Cut&paste error. I missed it.
195 ASSERT_TRUE(value->IsUndefined());
sergei 2017/03/02 22:25:31 I think we should use EXPECT_* when the test can c
hub 2017/03/02 23:30:12 Acknowledged.
196
197 // test /^Proxy-/ is rejected.
198 jsEngine->Evaluate("\
199 result = undefined;\
200 request.setRequestHeader('Proxy-foo', 'bar');");
201 value = value = jsEngine->Evaluate("result");
202 ASSERT_FALSE(value->IsUndefined());
203 ASSERT_EQ(msg + "Proxy-foo", value->AsString());
204
205 // test /^Sec-/ is rejected.
206 jsEngine->Evaluate("\
207 result = undefined;\
208 request.setRequestHeader('Sec-foo', 'bar');");
209 value = value = jsEngine->Evaluate("result");
210 ASSERT_FALSE(value->IsUndefined());
211 ASSERT_EQ(msg + "Sec-foo", value->AsString());
212
213 // test 'Security' is rejected.
214 jsEngine->Evaluate("\
215 result = undefined;\
216 request.setRequestHeader('Security', 'theater');");
217 value = value = jsEngine->Evaluate("result");
218 ASSERT_TRUE(value->IsUndefined());
219 }
OLDNEW
« lib/compat.js ('K') | « lib/compat.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld