Bug 1470156 - Part 1: Adding a test case for reassuring mozilla::OriginAttributes::CreateSuffix won't be crashed with invalid characters in firstParty domain. r=baku,mixedpuppy
☠☠ backed out by 8cd5cb7aebe2 ☠ ☠
authorTim Huang <tihuang@mozilla.com>
Tue, 03 Jul 2018 13:48:18 +0000
changeset 424959 604fb83b6b61c66ad29f46d81fb9fa58bd9b55fc
parent 424958 aaf899a792690f535f1f130e7dd08264b1f8f1ac
child 424960 17e4514dc6e6a3d7f5035ec5d9a591d9fc2a097f
push id104946
push userrgurzau@mozilla.com
push dateWed, 04 Jul 2018 10:03:16 +0000
treeherdermozilla-inbound@796893f4d2f5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, mixedpuppy
bugs1470156
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1470156 - Part 1: Adding a test case for reassuring mozilla::OriginAttributes::CreateSuffix won't be crashed with invalid characters in firstParty domain. r=baku,mixedpuppy Differential Revision: https://phabricator.services.mozilla.com/D1845
toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
--- a/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
@@ -5,16 +5,18 @@
 <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
 <script src="head.js"></script>
 <script>
 "use strict";
 
 async function background() {
   const url = "http://ext-cookie-first-party.mochi.test/";
   const firstPartyDomain = "ext-cookie-first-party.mochi.test";
+  // A first party domain with invalid characters for the file system, which just happens to be a IPv6 address.
+  const firstPartyDomainInvalidChars = "[2606:4700:4700::1111]";
   const expectedError = "First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set.";
 
   const assertExpectedCookies = (expected, cookies, message) => {
     let matches = (cookie, expected) => {
       if (!cookie || !expected) {
         return cookie === expected; // true if both are null.
       }
       for (let key of Object.keys(expected)) {
@@ -211,16 +213,48 @@ async function background() {
     ], [cookie], "remove: FPI on, w/ firstPartyDomain, FP cookie (set when FPI off)");
 
     // Test if FP cookies set when FPI on can be accessed when FPI off.
     await browser.cookies.set({url, name: "foo4", value: "bar4", firstPartyDomain});
 
     browser.test.sendMessage("test_fpi_enabled");
   };
 
+  // Test FPI with a first party domain with invalid characters for
+  // the file system.
+  const test_fpi_with_invalid_characters = async () => {
+    let cookie;
+
+    // Test setting a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.set({url, name: "foo5", value: "bar5",
+                                        firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "set: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    // Test getting a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.get({url, name: "foo5",
+                                        firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "get: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    // Test removing a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.remove({url, name: "foo5",
+                                           firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {url, name: "foo5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "remove: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    browser.test.sendMessage("test_fpi_with_invalid_characters");
+  };
+
   // Test when FPI is disabled again, accessing FP cookies set when FPI is enabled.
   const test_fpd_cookies_on_fpi_disabled = async () => {
     let cookie, cookies;
     cookie = await browser.cookies.get({url, name: "foo4", firstPartyDomain});
     assertExpectedCookies([
       {name: "foo4", value: "bar4", firstPartyDomain},
     ], [cookie], "get: FPI off, w/ firstPartyDomain, FP cookie (set when FPI on)");
     cookie = await browser.cookies.remove({url, name: "foo4", firstPartyDomain});
@@ -236,16 +270,17 @@ async function background() {
 
     browser.test.sendMessage("test_fpd_cookies_on_fpi_disabled");
   };
 
   browser.test.onMessage.addListener((message) => {
     switch (message) {
       case "test_fpi_disabled": return test_fpi_disabled();
       case "test_fpi_enabled": return test_fpi_enabled();
+      case "test_fpi_with_invalid_characters": return test_fpi_with_invalid_characters();
       case "test_fpd_cookies_on_fpi_disabled": return test_fpd_cookies_on_fpi_disabled();
       default: return browser.test.notifyFail("unknown-message");
     }
   });
 }
 
 function enableFirstPartyIsolation() {
   return SpecialPowers.pushPrefEnv({
@@ -267,14 +302,16 @@ add_task(async () => {
     },
   });
   await extension.startup();
   extension.sendMessage("test_fpi_disabled");
   await extension.awaitMessage("test_fpi_disabled");
   await enableFirstPartyIsolation();
   extension.sendMessage("test_fpi_enabled");
   await extension.awaitMessage("test_fpi_enabled");
+  extension.sendMessage("test_fpi_with_invalid_characters");
+  await extension.awaitMessage("test_fpi_with_invalid_characters");
   await disableFirstPartyIsolation();
   extension.sendMessage("test_fpd_cookies_on_fpi_disabled");
   await extension.awaitMessage("test_fpd_cookies_on_fpi_disabled");
   await extension.unload();
 });
 </script>