Bug 1335943 - Use the right origin attribute in Safe Browsing completions. r=francois

MozReview-Commit-ID: 8HQHzuwE5Cf --HG-- extra : rebase_source : d6c57eb6b4d16898ca0f067052d8e9064c24c3a5
2017-06-21 17:27:22 +08:00 · 2017-06-21 17:27:22 +08:00 · 9814af0253
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@ -650,8 +650,8 @@ bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport = false);
 #define NECKO_UNKNOWN_APP_ID UINT32_MAX

 // Unique first-party domain for separating the safebrowsing cookie.
-// Note if this value is changed, code in test_cookiejars_safebrowsing.js
-// should also be changed.
+// Note if this value is changed, code in test_cookiejars_safebrowsing.js and
+// nsUrlClassifierHashCompleter.js should also be changed.
 #define NECKO_SAFEBROWSING_FIRST_PARTY_DOMAIN \
  "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"

--- a/netwerk/test/unit/test_cookiejars_safebrowsing.js
+++ b/netwerk/test/unit/test_cookiejars_safebrowsing.js
@ -38,6 +38,7 @@ XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
 var setCookiePath = "/setcookie";
 var checkCookiePath = "/checkcookie";
 var safebrowsingUpdatePath = "/safebrowsingUpdate";
+var safebrowsingGethashPath = "/safebrowsingGethash";
 var httpserver;

 function inChildProcess() {
@ -69,6 +70,16 @@ function safebrowsingUpdateHandler(metadata, response) {
  response.bodyOutputStream.write("Ok", "Ok".length);
 }

+function safebrowsingGethashHandler(metadata, response) {
+  var cookieName = "sb-gethash-cookie";
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
+  response.setHeader("Content-Type", "text/plain");
+
+  let msg = "test-phish-simplea:1:32\n" + "a".repeat(32);
+  response.bodyOutputStream.write(msg, msg.length);
+}
+
 function setupChannel(path, originAttributes) {
  var channel = NetUtil.newChannel({uri: URL + path, loadUsingSystemPrincipal: true});
  channel.loadInfo.originAttributes = originAttributes;
@ -89,6 +100,7 @@ function run_test() {
  httpserver.registerPathHandler(setCookiePath, cookieSetHandler);
  httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler);
  httpserver.registerPathHandler(safebrowsingUpdatePath, safebrowsingUpdateHandler);
+  httpserver.registerPathHandler(safebrowsingGethashPath, safebrowsingGethashHandler);

  httpserver.start(-1);
  run_next_test();
@ -117,6 +129,23 @@ add_test(function test_safebrowsing_update() {
    true, URL + safebrowsingUpdatePath, onSuccess, onUpdateError, onDownloadError);
 });

+add_test(function test_safebrowsing_gethash() {
+  var hashCompleter = Cc["@mozilla.org/url-classifier/hashcompleter;1"]
+                      .getService(Ci.nsIUrlClassifierHashCompleter);
+
+  hashCompleter.complete("aaaa",
+                         URL + safebrowsingGethashPath,
+                         "test-phish-simple", {
+    completionV2(hash, table, chunkId) {
+    },
+
+    completionFinished(status) {
+      do_check_eq(status, Cr.NS_OK);
+      run_next_test();
+    },
+  });
+});
+
 add_test(function test_non_safebrowsing_cookie() {

  var cookieName = 'regCookie_id0';
@ -166,8 +195,10 @@ add_test(function test_safebrowsing_cookie() {
  function completeCheckSafeBrowsingCookie(request, data, context) {
    // Confirm that all >> THREE << cookies are sent back over the channel:
    //   a) the safebrowsing cookie set when updating
-    //   b) the regular cookie with custom loadcontext defined in this test.
+    //   b) the safebrowsing cookie set when sending gethash
+    //   c) the regular cookie with custom loadcontext defined in this test.
    var expectedCookies = "sb-update-cookie=1; ";
+    expectedCookies += "sb-gethash-cookie=1; ";
    expectedCookies += cookieName + "=1";
    request.QueryInterface(Ci.nsIHttpChannel);
    var cookiesSeen = request.getResponseHeader("saw-cookies");
--- a/toolkit/components/url-classifier/nsUrlClassifierHashCompleter.js
+++ b/toolkit/components/url-classifier/nsUrlClassifierHashCompleter.js
@ -432,6 +432,11 @@ HashCompleterRequest.prototype = {
      loadUsingSystemPrincipal: true
    });
    channel.loadFlags = loadFlags;
+    channel.loadInfo.originAttributes = {
+      // The firstPartyDomain value should sync with NECKO_SAFEBROWSING_FIRST_PARTY_DOMAIN
+      // defined in nsNetUtil.h.
+      firstPartyDomain: "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"
+    };

    // Disable keepalive.
    let httpChannel = channel.QueryInterface(Ci.nsIHttpChannel);