Bug 1173523 - Part 2: Tests for new methods nsIPrincipal::MatchesURI and nsIPrincipal::Matches, r=ehsan

2015-06-10 11:53:25 -04:00 · 2015-06-10 11:53:25 -04:00 · 567aeb78e9
--- a/extensions/cookie/test/unit/test_permmanager_matches.js
+++ b/extensions/cookie/test/unit/test_permmanager_matches.js
@ -0,0 +1,133 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function matches_always(perm, principals) {
+  principals.forEach((principal) => {
+    do_check_true(perm.matches(principal, true), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+    do_check_true(perm.matches(principal, false), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+  });
+}
+
+function matches_weak(perm, principals) {
+  principals.forEach((principal) => {
+    do_check_false(perm.matches(principal, true), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+    do_check_true(perm.matches(principal, false), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+  });
+}
+
+function matches_never(perm, principals) {
+  principals.forEach((principal) => {
+    do_check_false(perm.matches(principal, true), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+    do_check_false(perm.matches(principal, false), "perm: " + perm.principal.origin + ", princ: " + principal.origin);
+  });
+}
+
+function run_test() {
+  // initialize the permission manager service
+  let pm = Cc["@mozilla.org/permissionmanager;1"].
+        getService(Ci.nsIPermissionManager);
+
+  let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
+        .getService(Ci.nsIScriptSecurityManager);
+
+  // Add some permissions
+  let uri0 = NetUtil.newURI("http://google.com/search?q=foo#hashtag", null, null);
+  let uri1 = NetUtil.newURI("http://hangouts.google.com/subdir", null, null);
+  let uri2 = NetUtil.newURI("http://google.org/", null, null);
+
+  // NOTE: These entries have different ports/schemes, but will be considered
+  // the same right now (as permissions are based on host only). With bug 1165263
+  // this will be fixed.
+  let uri3 = NetUtil.newURI("https://google.com/some/random/subdirectory", null, null);
+  let uri4 = NetUtil.newURI("https://hangouts.google.com/#!/hangout", null, null);
+  let uri5 = NetUtil.newURI("http://google.com:8096/", null, null);
+
+  let uri0_n_n = secMan.getNoAppCodebasePrincipal(uri0);
+  let uri1_n_n = secMan.getNoAppCodebasePrincipal(uri1);
+  let uri2_n_n = secMan.getNoAppCodebasePrincipal(uri2);
+  let uri3_n_n = secMan.getNoAppCodebasePrincipal(uri3);
+  let uri4_n_n = secMan.getNoAppCodebasePrincipal(uri4);
+  let uri5_n_n = secMan.getNoAppCodebasePrincipal(uri5);
+
+  let uri0_1000_n = secMan.getAppCodebasePrincipal(uri0, 1000, false);
+  let uri1_1000_n = secMan.getAppCodebasePrincipal(uri1, 1000, false);
+  let uri2_1000_n = secMan.getAppCodebasePrincipal(uri2, 1000, false);
+  let uri3_1000_n = secMan.getAppCodebasePrincipal(uri3, 1000, false);
+  let uri4_1000_n = secMan.getAppCodebasePrincipal(uri4, 1000, false);
+  let uri5_1000_n = secMan.getAppCodebasePrincipal(uri5, 1000, false);
+
+  let uri0_1000_y = secMan.getAppCodebasePrincipal(uri0, 1000, true);
+  let uri1_1000_y = secMan.getAppCodebasePrincipal(uri1, 1000, true);
+  let uri2_1000_y = secMan.getAppCodebasePrincipal(uri2, 1000, true);
+  let uri3_1000_y = secMan.getAppCodebasePrincipal(uri3, 1000, true);
+  let uri4_1000_y = secMan.getAppCodebasePrincipal(uri4, 1000, true);
+  let uri5_1000_y = secMan.getAppCodebasePrincipal(uri5, 1000, true);
+
+  let uri0_2000_n = secMan.getAppCodebasePrincipal(uri0, 2000, false);
+  let uri1_2000_n = secMan.getAppCodebasePrincipal(uri1, 2000, false);
+  let uri2_2000_n = secMan.getAppCodebasePrincipal(uri2, 2000, false);
+  let uri3_2000_n = secMan.getAppCodebasePrincipal(uri3, 2000, false);
+  let uri4_2000_n = secMan.getAppCodebasePrincipal(uri4, 2000, false);
+  let uri5_2000_n = secMan.getAppCodebasePrincipal(uri5, 2000, false);
+
+  let uri0_2000_y = secMan.getAppCodebasePrincipal(uri0, 2000, true);
+  let uri1_2000_y = secMan.getAppCodebasePrincipal(uri1, 2000, true);
+  let uri2_2000_y = secMan.getAppCodebasePrincipal(uri2, 2000, true);
+  let uri3_2000_y = secMan.getAppCodebasePrincipal(uri3, 2000, true);
+  let uri4_2000_y = secMan.getAppCodebasePrincipal(uri4, 2000, true);
+  let uri5_2000_y = secMan.getAppCodebasePrincipal(uri5, 2000, true);
+
+  pm.addFromPrincipal(uri0_n_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_n_n = pm.getPermissionObject(uri0_n_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_1000_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_1000_n = pm.getPermissionObject(uri0_1000_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_1000_y, "test/matches", pm.ALLOW_ACTION);
+  let perm_1000_y = pm.getPermissionObject(uri0_1000_y, "test/matches", true);
+  pm.addFromPrincipal(uri0_2000_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_2000_n = pm.getPermissionObject(uri0_2000_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_2000_y, "test/matches", pm.ALLOW_ACTION);
+  let perm_2000_y = pm.getPermissionObject(uri0_2000_y, "test/matches", true);
+
+  matches_always(perm_n_n, [uri0_n_n, uri3_n_n, uri5_n_n]);
+  matches_weak(perm_n_n, [uri1_n_n, uri4_n_n]);
+  matches_never(perm_n_n, [uri2_n_n,
+                           uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                           uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                           uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                           uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y]);
+
+  matches_always(perm_1000_n, [uri0_1000_n, uri3_1000_n, uri5_1000_n]);
+  matches_weak(perm_1000_n, [uri1_1000_n, uri4_1000_n]);
+  matches_never(perm_1000_n, [uri2_1000_n,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y]);
+
+  matches_always(perm_1000_y, [uri0_1000_y, uri3_1000_y, uri5_1000_y]);
+  matches_weak(perm_1000_y, [uri1_1000_y, uri4_1000_y]);
+  matches_never(perm_1000_y, [uri2_1000_y,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y]);
+
+  matches_always(perm_2000_n, [uri0_2000_n, uri3_2000_n, uri5_2000_n]);
+  matches_weak(perm_2000_n, [uri1_2000_n, uri4_2000_n]);
+  matches_never(perm_2000_n, [uri2_2000_n,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y]);
+
+  matches_always(perm_2000_y, [uri0_2000_y, uri3_2000_y, uri5_2000_y]);
+  matches_weak(perm_2000_y, [uri1_2000_y, uri4_2000_y]);
+  matches_never(perm_2000_y, [uri2_2000_y,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y]);
+
+  // Clean up!
+  pm.removeAll();
+}
--- a/extensions/cookie/test/unit/test_permmanager_matchesuri.js
+++ b/extensions/cookie/test/unit/test_permmanager_matchesuri.js
@ -0,0 +1,150 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function matches_always(perm, uris) {
+  uris.forEach((uri) => {
+    do_check_true(perm.matchesURI(uri, true), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+    do_check_true(perm.matchesURI(uri, false), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+  });
+}
+
+function matches_weak(perm, uris) {
+  uris.forEach((uri) => {
+    do_check_false(perm.matchesURI(uri, true), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+    do_check_true(perm.matchesURI(uri, false), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+  });
+}
+
+function matches_never(perm, uris) {
+  uris.forEach((uri) => {
+    do_check_false(perm.matchesURI(uri, true), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+    do_check_false(perm.matchesURI(uri, false), "perm: " + perm.principal.origin + ", URI: " + uri.spec);
+  });
+}
+
+function mk_permission(uri, isAppPermission = false) {
+  let pm = Cc["@mozilla.org/permissionmanager;1"].
+        getService(Ci.nsIPermissionManager);
+
+  let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
+        .getService(Ci.nsIScriptSecurityManager);
+
+  // Get the permission from the principal!
+  let principal = isAppPermission ?
+        secMan.getAppCodebasePrincipal(uri, 1000, false) :
+        secMan.getNoAppCodebasePrincipal(uri);
+
+  pm.addFromPrincipal(principal, "test/matchesuri", pm.ALLOW_ACTION);
+  let permission = pm.getPermissionObject(principal, "test/matchesuri", true);
+
+  return permission;
+}
+
+function run_test() {
+  // initialize the permission manager service
+  let pm = Cc["@mozilla.org/permissionmanager;1"].
+        getService(Ci.nsIPermissionManager);
+
+  let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
+        .getService(Ci.nsIScriptSecurityManager);
+
+  let fileprefix = "file:///";
+  if (Services.appinfo.OS == "WINNT") {
+    // Windows rejects files if they don't have a drive. See Bug 1180870
+    fileprefix += "c:/";
+  }
+
+  // Add some permissions
+  let uri0 = NetUtil.newURI("http://google.com:9091/just/a/path", null, null);
+  let uri1 = NetUtil.newURI("http://hangouts.google.com:9091/some/path", null, null);
+  let uri2 = NetUtil.newURI("http://google.com:9091/", null, null);
+  let uri3 = NetUtil.newURI("http://google.org:9091/", null, null);
+  let uri4 = NetUtil.newURI("http://deeper.hangouts.google.com:9091/", null, null);
+  let uri5 = NetUtil.newURI("https://google.com/just/a/path", null, null);
+  let uri6 = NetUtil.newURI("https://hangouts.google.com", null, null);
+  let uri7 = NetUtil.newURI("https://google.com/", null, null);
+
+  let fileuri1 = NetUtil.newURI(fileprefix + "a/file/path", null, null);
+  let fileuri2 = NetUtil.newURI(fileprefix + "a/file/path/deeper", null, null);
+  let fileuri3 = NetUtil.newURI(fileprefix + "a/file/otherpath", null, null);
+
+  {
+    let perm = mk_permission(uri0);
+    matches_always(perm, [uri0, uri2, uri5, uri7]);
+    matches_weak(perm, [uri1, uri4, uri6]);
+    matches_never(perm, [uri3, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri1);
+    matches_always(perm, [uri1, uri6]);
+    matches_weak(perm, [uri4]);
+    matches_never(perm, [uri0, uri2, uri3, uri5, uri7, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri2);
+    matches_always(perm, [uri0, uri2, uri5, uri7]);
+    matches_weak(perm, [uri1, uri4, uri6]);
+    matches_never(perm, [uri3, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri3);
+    matches_always(perm, [uri3]);
+    matches_weak(perm, []);
+    matches_never(perm, [uri1, uri2, uri4, uri5, uri6, uri7, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri4);
+    matches_always(perm, [uri4]);
+    matches_weak(perm, []);
+    matches_never(perm, [uri1, uri2, uri3, uri5, uri6, uri7, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri5);
+    matches_always(perm, [uri0, uri2, uri5, uri7]);
+    matches_weak(perm, [uri1, uri4, uri6]);
+    matches_never(perm, [uri3, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri6);
+    matches_always(perm, [uri1, uri6]);
+    matches_weak(perm, [uri4]);
+    matches_never(perm, [uri0, uri2, uri3, uri5, uri7, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(uri7);
+    matches_always(perm, [uri0, uri2, uri5, uri7]);
+    matches_weak(perm, [uri1, uri4, uri6]);
+    matches_never(perm, [uri3, fileuri1, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(fileuri1);
+    matches_always(perm, [fileuri1]);
+    matches_weak(perm, []);
+    matches_never(perm, [uri0, uri1, uri2, uri3, uri4, uri5, uri6, uri7, fileuri2, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(fileuri2);
+    matches_always(perm, [fileuri2]);
+    matches_weak(perm, []);
+    matches_never(perm, [uri0, uri1, uri2, uri3, uri4, uri5, uri6, uri7, fileuri1, fileuri3]);
+  }
+
+  {
+    let perm = mk_permission(fileuri3);
+    matches_always(perm, [fileuri3]);
+    matches_weak(perm, []);
+    matches_never(perm, [uri0, uri1, uri2, uri3, uri4, uri5, uri6, uri7, fileuri1, fileuri2]);
+  }
+
+  // Clean up!
+  pm.removeAll();
+}
--- a/extensions/cookie/test/unit/xpcshell.ini
+++ b/extensions/cookie/test/unit/xpcshell.ini
@ -35,3 +35,5 @@ skip-if = debug == true
 [test_schema_2_migration.js]
 [test_schema_3_migration.js]
 [test_permmanager_removepermission.js]
+[test_permmanager_matchesuri.js]
+[test_permmanager_matches.js]