gecko-dev/dom/ipc/tests/browser_domainPolicy.js

var policy; // To make sure we never leave up an activated domain policy after a failed test, let's make this global.
function activateDomainPolicy() {
  const ssm = Services.scriptSecurityManager;
  policy = ssm.activateDomainPolicy();
}

function deactivateDomainPolicy() {
  if (policy) {
    policy.deactivate();
    policy = null;
  }
}

function* test_domainPolicy() {

  XPCOMUtils.defineLazyModuleGetter(this, "Promise", "resource://gre/modules/Promise.jsm");
  let deferred = Promise.defer();
  let currentTask = deferred.promise;
  SpecialPowers.pushPrefEnv(
    {set: [["dom.ipc.browser_frames.oop_by_default", false],
          ["browser.pagethumbnails.capturing_disabled", false],
          ["dom.mozBrowserFramesEnabled", false]]},
    () => { return deferred.resolve()});
  yield currentTask;

  // Create tab
  let tab;

  // Init test
  function initProcess() {
    tab = gBrowser.addTab();
    gBrowser.selectedTab = tab;

    let initPromise = ContentTask.spawn(tab.linkedBrowser, null, function() {
      Cu.import("resource://gre/modules/PromiseUtils.jsm");
      function loadBase() {
        let deferred = PromiseUtils.defer();
        let listener = (event) => {
          removeEventListener("DOMDocElementInserted", listener, true);
          let listener2 = (event) => {
            content.removeEventListener('load', listener2);
            deferred.resolve();
          }
          content.addEventListener('load', listener2);
        };
        addEventListener("DOMDocElementInserted", listener, true);
        return deferred.promise;
      }

      return loadBase();
    });
    tab.linkedBrowser.loadURI("http://mochi.test:8888/browser/dom/ipc/tests/file_domainPolicy_base.html");
    return initPromise;
  }

  // We use ContentTask for the tests, but we also want to pass some data and some helper functions too.
  // To do that, we serialize an input object via JSON |ipcArgs| and some shared helper functions |initUtils|
  // and eval them in the content process.
  var ipcArgs = {};
  function initUtils(obj) {
    obj.checkScriptEnabled = function(win, expectEnabled) {
      win.wrappedJSObject.gFiredOnclick = false;
      win.document.body.dispatchEvent(new win.Event('click'));
      return { passed: win.wrappedJSObject.gFiredOnclick == expectEnabled,
               msg: `Checking script-enabled for ${win.name} (${win.location})`};
    }

    obj.navigateFrame = function(ifr, src) {
      let deferred = PromiseUtils.defer();
      function onload() {
        ifr.removeEventListener('load', onload);
        deferred.resolve();
      }
      ifr.addEventListener('load', onload, false);
      ifr.setAttribute('src', src);
      return deferred.promise;
    }
  };

  function runTest(test) {
    return ContentTask.spawn(tab.linkedBrowser,
      'ipcArgs = ' + JSON.stringify(ipcArgs) + '; (' + initUtils.toSource() + ')(utils)', test);
  }

  function checkAndCleanup(result) {
    result = [].concat(result);
    for (var i in result)
      ok(result[i].passed, result[i].msg);
    gBrowser.removeTab(tab);
    deactivateDomainPolicy();
    ipcArgs = {};
  }

  function testDomain(domain) {
    ipcArgs.domain = domain;
    return (aUtils) => {
      Cu.import("resource://gre/modules/PromiseUtils.jsm");
      var ipcArgs;
      var utils = {};
      eval(aUtils);

      let path = '/browser/dom/ipc/tests/file_disableScript.html';
      let deferred = PromiseUtils.defer();
      var rootFrame = content.document.getElementById('root');
      utils.navigateFrame(rootFrame, ipcArgs.domain + path).then(() => {
        deferred.resolve(utils.checkScriptEnabled(rootFrame.contentWindow, false));
      });
      return deferred.promise;
    }
  }

  info("Testing simple blacklist policy");

  info("Creating child process first, activating domainPolicy after");
  currentTask = initProcess();
  yield currentTask;
  activateDomainPolicy();
  var bl = policy.blacklist;
  bl.add(Services.io.newURI('http://example.com', null, null));
  currentTask = runTest(testDomain("http://example.com"));
  checkAndCleanup(yield currentTask);

  info("Activating domainPolicy first, creating child process after");
  activateDomainPolicy();
  var bl = policy.blacklist;
  bl.add(Services.io.newURI('http://example.com', null, null));
  currentTask = initProcess();
  yield currentTask;
  currentTask = runTest(testDomain("http://example.com"));
  checkAndCleanup(yield currentTask);

  function testList(expectEnabled, list) {
    ipcArgs.expectEnabled = expectEnabled;
    ipcArgs.list = list;
    return (aUtils) => {
      Cu.import("resource://gre/modules/PromiseUtils.jsm");
      var ipcArgs;
      var utils = {};
      eval(aUtils);

      var results = [];
      var testListInternal = function(expectEnabled, list, idx) {
        idx = idx || 0;
        let deferred = PromiseUtils.defer();
        let path = '/browser/dom/ipc/tests/file_disableScript.html';
        let target = list[idx] + path;
        var rootFrame = content.document.getElementById('root');
        utils.navigateFrame(rootFrame, target).then(function() {
          results.push(utils.checkScriptEnabled(rootFrame.contentWindow, expectEnabled));
          if (idx == list.length - 1)
            deferred.resolve(results);
          else
            testListInternal(expectEnabled, list, idx + 1).then(function(retArg) { deferred.resolve(retArg); });
        });
        return deferred.promise;
      }
      return testListInternal(ipcArgs.expectEnabled, ipcArgs.list);
    }
  }

  let testPolicy = {
     exceptions: ['http://test1.example.com', 'http://example.com'],
     superExceptions: ['http://test2.example.org', 'https://test1.example.com'],
     exempt: ['http://test1.example.com', 'http://example.com',
              'http://test2.example.org', 'http://sub1.test2.example.org',
              'https://sub1.test1.example.com'],
     notExempt: ['http://test2.example.com', 'http://sub1.test1.example.com',
                 'http://www.example.com', 'https://test2.example.com',
                 'https://example.com', 'http://test1.example.org'],
  };

  function activate(isBlack, exceptions, superExceptions) {
    activateDomainPolicy();
    let set = isBlack ? policy.blacklist : policy.whitelist;
    let superSet = isBlack ? policy.superBlacklist : policy.superWhitelist;
    for (var e of exceptions)
      set.add(makeURI(e));
    for (var e of superExceptions)
      superSet.add(makeURI(e));
  };

  info("Testing Blacklist-style Domain Policy");
  info("Activating domainPolicy first, creating child process after");
  activate(true, testPolicy.exceptions, testPolicy.superExceptions);
  currentTask = initProcess();
  yield currentTask;
  let results = [];
  currentTask = runTest(testList(true, testPolicy.notExempt));
  results = results.concat(yield currentTask);
  currentTask = runTest(testList(false, testPolicy.exempt));
  results = results.concat(yield currentTask);
  checkAndCleanup(results);

  info("Creating child process first, activating domainPolicy after");
  currentTask = initProcess();
  yield currentTask;
  activate(true, testPolicy.exceptions, testPolicy.superExceptions);
  results = [];
  currentTask = runTest(testList(true, testPolicy.notExempt));
  results = results.concat(yield currentTask);
  currentTask = runTest(testList(false, testPolicy.exempt));
  results = results.concat(yield currentTask);
  checkAndCleanup(results);

  info("Testing Whitelist-style Domain Policy");
  deferred = Promise.defer();
  currentTask = deferred.promise;
  SpecialPowers.pushPrefEnv({set:[["javascript.enabled", false]]}, () => { return deferred.resolve()});
  yield currentTask;

  info("Activating domainPolicy first, creating child process after");
  activate(false, testPolicy.exceptions, testPolicy.superExceptions);
  currentTask = initProcess();
  yield currentTask;
  results = [];
  currentTask = runTest(testList(false, testPolicy.notExempt));
  results = results.concat(yield currentTask);
  currentTask = runTest(testList(true, testPolicy.exempt));
  results = results.concat(yield currentTask);
  checkAndCleanup(results);

  info("Creating child process first, activating domainPolicy after");
  currentTask = initProcess();
  yield currentTask;
  activate(false, testPolicy.exceptions, testPolicy.superExceptions);
  results = [];
  currentTask = runTest(testList(false, testPolicy.notExempt));
  results = results.concat(yield currentTask);
  currentTask = runTest(testList(true, testPolicy.exempt));
  results = results.concat(yield currentTask);
  checkAndCleanup(results);
  finish();
}


add_task(test_domainPolicy);

registerCleanupFunction(()=>{
  deactivateDomainPolicy();
})