Bug 1335943 - Use the right origin attribute in Safe Browsing completions. r?francois
MozReview-Commit-ID: 8HQHzuwE5Cf
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@@ -645,18 +645,18 @@ bool NS_GetOriginAttributes(nsIChannel *
bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport = false);
// Constants duplicated from nsIScriptSecurityManager so we avoid having necko
// know about script security manager.
#define NECKO_NO_APP_ID 0
#define NECKO_UNKNOWN_APP_ID UINT32_MAX
// Unique first-party domain for separating the safebrowsing cookie.
-// Note if this value is changed, code in test_cookiejars_safebrowsing.js
-// should also be changed.
+// Note if this value is changed, code in test_cookiejars_safebrowsing.js and
+// nsUrlClassifierHashCompleter.js should also be changed.
#define NECKO_SAFEBROWSING_FIRST_PARTY_DOMAIN \
"safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"
// Unique first-party domain for separating about uri.
#define ABOUT_URI_FIRST_PARTY_DOMAIN \
"about.ef2a7dd5-93bc-417f-a698-142c3116864f.mozilla"
/**
--- a/netwerk/test/unit/test_cookiejars_safebrowsing.js
+++ b/netwerk/test/unit/test_cookiejars_safebrowsing.js
@@ -33,16 +33,17 @@ XPCOMUtils.defineLazyGetter(this, "URL",
});
XPCOMUtils.defineLazyModuleGetter(this, "SafeBrowsing",
"resource://gre/modules/SafeBrowsing.jsm");
var setCookiePath = "/setcookie";
var checkCookiePath = "/checkcookie";
var safebrowsingUpdatePath = "/safebrowsingUpdate";
+var safebrowsingGethashPath = "/safebrowsingGethash";
var httpserver;
function inChildProcess() {
return Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULRuntime)
.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
}
function cookieSetHandler(metadata, response) {
@@ -64,16 +65,26 @@ function cookieCheckHandler(metadata, re
function safebrowsingUpdateHandler(metadata, response) {
var cookieName = "sb-update-cookie";
response.setStatusLine(metadata.httpVersion, 200, "Ok");
response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
response.setHeader("Content-Type", "text/plain");
response.bodyOutputStream.write("Ok", "Ok".length);
}
+function safebrowsingGethashHandler(metadata, response) {
+ var cookieName = "sb-gethash-cookie";
+ response.setStatusLine(metadata.httpVersion, 200, "Ok");
+ response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
+ response.setHeader("Content-Type", "text/plain");
+
+ let msg = "test-phish-simplea:1:32\n" + "a".repeat(32);
+ response.bodyOutputStream.write(msg, msg.length);
+}
+
function setupChannel(path, originAttributes) {
var channel = NetUtil.newChannel({uri: URL + path, loadUsingSystemPrincipal: true});
channel.loadInfo.originAttributes = originAttributes;
channel.QueryInterface(Ci.nsIHttpChannel);
return channel;
}
function run_test() {
@@ -84,16 +95,17 @@ function run_test() {
// Allow all cookies if the pref service is available in this process.
if (!inChildProcess())
Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
httpserver = new HttpServer();
httpserver.registerPathHandler(setCookiePath, cookieSetHandler);
httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler);
httpserver.registerPathHandler(safebrowsingUpdatePath, safebrowsingUpdateHandler);
+ httpserver.registerPathHandler(safebrowsingGethashPath, safebrowsingGethashHandler);
httpserver.start(-1);
run_next_test();
}
// this test does not emulate a response in the body,
// rather we only set the cookies in the header of response.
add_test(function test_safebrowsing_update() {
@@ -112,16 +124,33 @@ add_test(function test_safebrowsing_upda
function onDownloadError() {
do_throw("ERROR: received onDownloadError!");
}
streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple", "",
true, URL + safebrowsingUpdatePath, onSuccess, onUpdateError, onDownloadError);
});
+add_test(function test_safebrowsing_gethash() {
+ var hashCompleter = Cc["@mozilla.org/url-classifier/hashcompleter;1"]
+ .getService(Ci.nsIUrlClassifierHashCompleter);
+
+ hashCompleter.complete("aaaa",
+ URL + safebrowsingGethashPath,
+ "test-phish-simple", {
+ completionV2(hash, table, chunkId) {
+ },
+
+ completionFinished(status) {
+ do_check_eq(status, Cr.NS_OK);
+ run_next_test();
+ },
+ });
+});
+
add_test(function test_non_safebrowsing_cookie() {
var cookieName = 'regCookie_id0';
var originAttributes = new OriginAttributes(0, false, 0);
function setNonSafeBrowsingCookie() {
var channel = setupChannel(setCookiePath, originAttributes);
channel.setRequestHeader("set-cookie", cookieName, false);
@@ -161,18 +190,20 @@ add_test(function test_safebrowsing_cook
function checkSafeBrowsingCookie() {
var channel = setupChannel(checkCookiePath, originAttributes);
channel.asyncOpen2(new ChannelListener(completeCheckSafeBrowsingCookie, null));
}
function completeCheckSafeBrowsingCookie(request, data, context) {
// Confirm that all >> THREE << cookies are sent back over the channel:
// a) the safebrowsing cookie set when updating
- // b) the regular cookie with custom loadcontext defined in this test.
+ // b) the safebrowsing cookie set when sending gethash
+ // c) the regular cookie with custom loadcontext defined in this test.
var expectedCookies = "sb-update-cookie=1; ";
+ expectedCookies += "sb-gethash-cookie=1; ";
expectedCookies += cookieName + "=1";
request.QueryInterface(Ci.nsIHttpChannel);
var cookiesSeen = request.getResponseHeader("saw-cookies");
do_check_eq(cookiesSeen, expectedCookies);
httpserver.stop(do_test_finished);
}
--- a/toolkit/components/url-classifier/nsUrlClassifierHashCompleter.js
+++ b/toolkit/components/url-classifier/nsUrlClassifierHashCompleter.js
@@ -427,16 +427,21 @@ HashCompleterRequest.prototype = {
log("actualGethashUrl: " + actualGethashUrl);
let channel = NetUtil.newChannel({
uri: actualGethashUrl,
loadUsingSystemPrincipal: true
});
channel.loadFlags = loadFlags;
+ channel.loadInfo.originAttributes = {
+ // The firstPartyDomain value should sync with NECKO_SAFEBROWSING_FIRST_PARTY_DOMAIN
+ // defined in nsNetUtil.h.
+ firstPartyDomain: "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla"
+ };
// Disable keepalive.
let httpChannel = channel.QueryInterface(Ci.nsIHttpChannel);
httpChannel.setRequestHeader("Connection", "close", false);
this._channel = channel;
if (this.isV4) {