Index: test/WebRequest.cpp |
=================================================================== |
--- a/test/WebRequest.cpp |
+++ b/test/WebRequest.cpp |
@@ -32,30 +32,53 @@ namespace |
result.status = NS_OK; |
result.responseStatus = 123; |
result.responseHeaders.push_back(std::pair<std::string, std::string>("Foo", "Bar")); |
result.responseText = url + "\n" + requestHeaders[0].first + "\n" + requestHeaders[0].second; |
return result; |
} |
}; |
+ class XHRTestWebRequest : public AdblockPlus::WebRequest |
Felix Dahlke
2017/03/06 16:51:07
IMHO it'd make more sense to add lastRequestHeader
hub
2017/03/06 17:26:05
I can do that too. I was trying to avoid side effe
|
+ { |
+ public: |
+ AdblockPlus::ServerResponse GET(const std::string& url, const AdblockPlus::HeaderList& requestHeaders) const |
+ { |
+ lastRequestHeaders.clear(); |
+ for (auto header : requestHeaders) |
+ { |
+ lastRequestHeaders.insert(header.first); |
+ } |
+ |
+ AdblockPlus::ServerResponse result; |
+ result.status = NS_OK; |
+ result.responseStatus = 123; |
+ result.responseHeaders.push_back(std::pair<std::string, std::string>("Foo", "Bar")); |
+ return result; |
+ } |
+ |
+ // mutable. Very Ugly. But we are testing. |
+ mutable std::set<std::string> lastRequestHeaders; |
+ }; |
+ |
template<class T> |
class WebRequestTest : public BaseJsTest |
{ |
protected: |
void SetUp() |
{ |
BaseJsTest::SetUp(); |
jsEngine->SetWebRequest(AdblockPlus::WebRequestPtr(new T)); |
jsEngine->SetFileSystem(AdblockPlus::FileSystemPtr(new LazyFileSystem)); |
} |
}; |
typedef WebRequestTest<MockWebRequest> MockWebRequestTest; |
typedef WebRequestTest<AdblockPlus::DefaultWebRequest> DefaultWebRequestTest; |
+ typedef WebRequestTest<XHRTestWebRequest> XMLHttpRequestTest; |
} |
TEST_F(MockWebRequestTest, BadCall) |
{ |
ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET()")); |
ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('', {}, function(){})")); |
ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET({toString: false}, {}, function(){})")); |
ASSERT_ANY_THROW(jsEngine->Evaluate("_webRequest.GET('http://example.com/', null, function(){})")); |
@@ -112,16 +135,19 @@ TEST_F(DefaultWebRequestTest, XMLHttpReq |
do |
{ |
AdblockPlus::Sleep(200); |
} while (jsEngine->Evaluate("result")->IsUndefined()); |
ASSERT_EQ(AdblockPlus::WebRequest::NS_OK, jsEngine->Evaluate("request.channel.status")->AsInt()); |
ASSERT_EQ(200, jsEngine->Evaluate("request.status")->AsInt()); |
ASSERT_EQ("[Adblock Plus ", jsEngine->Evaluate("result.substr(0, 14)")->AsString()); |
ASSERT_EQ("text/plain", jsEngine->Evaluate("request.getResponseHeader('Content-Type').substr(0, 10)")->AsString()); |
+#if defined(HAVE_CURL) |
+ ASSERT_EQ("gzip", jsEngine->Evaluate("request.getResponseHeader('Content-Encoding').substr(0, 4)")->AsString()); |
+#endif |
ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Location')")->IsNull()); |
} |
#else |
TEST_F(DefaultWebRequestTest, DummyWebRequest) |
{ |
jsEngine->Evaluate("_webRequest.GET('https://easylist-downloads.adblockplus.org/easylist.txt', {}, function(result) {foo = result;} )"); |
do |
{ |
@@ -152,8 +178,136 @@ TEST_F(DefaultWebRequestTest, XMLHttpReq |
} while (jsEngine->Evaluate("result")->IsUndefined()); |
ASSERT_EQ(AdblockPlus::WebRequest::NS_ERROR_FAILURE, jsEngine->Evaluate("request.channel.status")->AsInt()); |
ASSERT_EQ(0, jsEngine->Evaluate("request.status")->AsInt()); |
ASSERT_EQ("error", jsEngine->Evaluate("result")->AsString()); |
ASSERT_TRUE(jsEngine->Evaluate("request.getResponseHeader('Content-Type')")->IsNull()); |
} |
#endif |
+ |
+namespace |
+{ |
+ class CatchLogSystem : public AdblockPlus::LogSystem |
+ { |
+ public: |
+ AdblockPlus::LogSystem::LogLevel lastLogLevel; |
+ std::string lastMessage; |
+ |
+ CatchLogSystem() |
+ : AdblockPlus::LogSystem(), |
+ lastLogLevel(AdblockPlus::LogSystem::LOG_LEVEL_TRACE) |
+ { |
+ } |
+ |
+ void operator()(AdblockPlus::LogSystem::LogLevel logLevel, |
+ const std::string& message, const std::string&) |
+ { |
+ lastLogLevel = logLevel; |
+ lastMessage = message; |
+ } |
+ |
+ void clear() |
+ { |
+ lastLogLevel = AdblockPlus::LogSystem::LOG_LEVEL_TRACE; |
+ lastMessage.clear(); |
+ } |
+ }; |
+ |
+ typedef std::shared_ptr<CatchLogSystem> CatchLogSystemPtr; |
+ |
+ void |
+ ResetTestXHR(const AdblockPlus::JsEnginePtr & jsEngine, const CatchLogSystemPtr & logger) |
Felix Dahlke
2017/03/06 16:51:07
Nit: `AdblockPlus::JsEnginePtr &` -> `AdblockPlus:
hub
2017/03/06 17:26:05
Acknowledged.
|
+ { |
+ jsEngine->Evaluate("\ |
+ var result;\ |
+ var request = new XMLHttpRequest();\ |
+ request.open('GET', 'https://easylist-downloads.adblockplus.org/easylist.txt');\ |
+ request.overrideMimeType('text/plain');\ |
+ request.addEventListener('load', function() {result = request.responseText;}, false);\ |
+ request.addEventListener('error', function() {result = 'error';}, false);\ |
+ "); |
+ logger->clear(); |
+ } |
+} |
+ |
+TEST_F(XMLHttpRequestTest, RequestHeaderValidation) |
+{ |
+ #define WAIT_FOR_XHR_RESULT do\ |
+ {\ |
+ AdblockPlus::Sleep(60);\ |
+ } while (jsEngine->Evaluate("result")->IsUndefined()) |
Felix Dahlke
2017/03/06 16:51:08
This is a bit of a footgun, wouldn't it work to ju
hub
2017/03/06 17:26:05
The only difference I see is that we'll check afte
Felix Dahlke
2017/03/07 07:44:22
Oh sorry, it seems I didn't get what I meant here
hub
2017/03/07 15:52:32
The other test have a similar loop. That's where I
Felix Dahlke
2017/03/07 17:03:42
Oh indeed, for some reason I missed that. Like I s
|
+ |
+ auto catchLogSystem = CatchLogSystemPtr(new CatchLogSystem); |
+ jsEngine->SetLogSystem(catchLogSystem); |
+ |
+ AdblockPlus::FilterEngine filterEngine(jsEngine); |
+ auto webRequest = |
+ std::static_pointer_cast<XHRTestWebRequest>(jsEngine->GetWebRequest()); |
+ |
+ ASSERT_TRUE(webRequest); |
+ |
+ const std::string msg = "Attempt to set a forbidden header was denied: "; |
+ |
+ // The test will check that console.warn has been called when the |
+ // header is rejected. While this is an implementation detail, we |
+ // have no other way to check this |
+ |
+ // test 'Accept-Encoding' is rejected |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('Accept-Encoding', 'gzip');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_WARN, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ(msg + "Accept-Encoding", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_TRUE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("Accept-Encoding")); |
+ |
+ // test 'DNT' is rejected |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('DNT', '1');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_WARN, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ(msg + "DNT", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_TRUE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("DNT")); |
+ |
+ // test random 'X' header is accepted |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('X', 'y');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_TRACE, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ("", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_FALSE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("X")); |
+ |
+ // test /^Proxy-/ is rejected. |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('Proxy-foo', 'bar');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_WARN, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ(msg + "Proxy-foo", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_TRUE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("Proxy-foo")); |
+ |
+ // test /^Sec-/ is rejected. |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('Sec-foo', 'bar');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_WARN, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ(msg + "Sec-foo", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_TRUE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("Sec-foo")); |
+ |
+ // test 'Security' is accepted. |
+ ResetTestXHR(jsEngine, catchLogSystem); |
+ jsEngine->Evaluate("\ |
+ request.setRequestHeader('Security', 'theater');\nrequest.send();"); |
+ EXPECT_EQ(AdblockPlus::LogSystem::LOG_LEVEL_TRACE, catchLogSystem->lastLogLevel); |
+ EXPECT_EQ("", catchLogSystem->lastMessage); |
+ WAIT_FOR_XHR_RESULT; |
+ EXPECT_FALSE(webRequest->lastRequestHeaders.cend() == |
+ webRequest->lastRequestHeaders.find("Security")); |
+} |