Bug 1470156 - Part 1: Adding a test case for reassuring mozilla::OriginAttributes::CreateSuffix won't be crashed with invalid characters in firstParty domain. r=baku,mixedpuppy
authorTim Huang <tihuang@mozilla.com>
Tue, 03 Jul 2018 13:48:18 +0000
changeset 424963 e78128970a607dbca045c1e76e71fa7e4fdf1505
parent 424962 3eed69f0be08c19fa9c62e4d55749501935ee6e4
child 424964 4913ce5ab6cb6f63bf0f17d370f13b94dc6ba372
push id104946
push userrgurzau@mozilla.com
push dateWed, 04 Jul 2018 10:03:16 +0000
treeherdermozilla-inbound@796893f4d2f5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, mixedpuppy
bugs1470156
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1470156 - Part 1: Adding a test case for reassuring mozilla::OriginAttributes::CreateSuffix won't be crashed with invalid characters in firstParty domain. r=baku,mixedpuppy Differential Revision: https://phabricator.services.mozilla.com/D1845
toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
--- a/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html
@@ -5,16 +5,18 @@
 <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
 <script src="head.js"></script>
 <script>
 "use strict";
 
 async function background() {
   const url = "http://ext-cookie-first-party.mochi.test/";
   const firstPartyDomain = "ext-cookie-first-party.mochi.test";
+  // A first party domain with invalid characters for the file system, which just happens to be a IPv6 address.
+  const firstPartyDomainInvalidChars = "[2606:4700:4700::1111]";
   const expectedError = "First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set.";
 
   const assertExpectedCookies = (expected, cookies, message) => {
     let matches = (cookie, expected) => {
       if (!cookie || !expected) {
         return cookie === expected; // true if both are null.
       }
       for (let key of Object.keys(expected)) {
@@ -211,16 +213,48 @@ async function background() {
     ], [cookie], "remove: FPI on, w/ firstPartyDomain, FP cookie (set when FPI off)");
 
     // Test if FP cookies set when FPI on can be accessed when FPI off.
     await browser.cookies.set({url, name: "foo4", value: "bar4", firstPartyDomain});
 
     browser.test.sendMessage("test_fpi_enabled");
   };
 
+  // Test FPI with a first party domain with invalid characters for
+  // the file system.
+  const test_fpi_with_invalid_characters = async () => {
+    let cookie;
+
+    // Test setting a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.set({url, name: "foo5", value: "bar5",
+                                        firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "set: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    // Test getting a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.get({url, name: "foo5",
+                                        firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "get: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    // Test removing a cookie with a first party domain with invalid characters
+    // for the file system.
+    cookie = await browser.cookies.remove({url, name: "foo5",
+                                           firstPartyDomain: firstPartyDomainInvalidChars});
+    assertExpectedCookies([
+      {url, name: "foo5", firstPartyDomain: firstPartyDomainInvalidChars},
+    ], [cookie], "remove: FPI on, w/ firstPartyDomain with invalid characters, FP cookie");
+
+    browser.test.sendMessage("test_fpi_with_invalid_characters");
+  };
+
   // Test when FPI is disabled again, accessing FP cookies set when FPI is enabled.
   const test_fpd_cookies_on_fpi_disabled = async () => {
     let cookie, cookies;
     cookie = await browser.cookies.get({url, name: "foo4", firstPartyDomain});
     assertExpectedCookies([
       {name: "foo4", value: "bar4", firstPartyDomain},
     ], [cookie], "get: FPI off, w/ firstPartyDomain, FP cookie (set when FPI on)");
     cookie = await browser.cookies.remove({url, name: "foo4", firstPartyDomain});
@@ -236,16 +270,17 @@ async function background() {
 
     browser.test.sendMessage("test_fpd_cookies_on_fpi_disabled");
   };
 
   browser.test.onMessage.addListener((message) => {
     switch (message) {
       case "test_fpi_disabled": return test_fpi_disabled();
       case "test_fpi_enabled": return test_fpi_enabled();
+      case "test_fpi_with_invalid_characters": return test_fpi_with_invalid_characters();
       case "test_fpd_cookies_on_fpi_disabled": return test_fpd_cookies_on_fpi_disabled();
       default: return browser.test.notifyFail("unknown-message");
     }
   });
 }
 
 function enableFirstPartyIsolation() {
   return SpecialPowers.pushPrefEnv({
@@ -267,14 +302,16 @@ add_task(async () => {
     },
   });
   await extension.startup();
   extension.sendMessage("test_fpi_disabled");
   await extension.awaitMessage("test_fpi_disabled");
   await enableFirstPartyIsolation();
   extension.sendMessage("test_fpi_enabled");
   await extension.awaitMessage("test_fpi_enabled");
+  extension.sendMessage("test_fpi_with_invalid_characters");
+  await extension.awaitMessage("test_fpi_with_invalid_characters");
   await disableFirstPartyIsolation();
   extension.sendMessage("test_fpd_cookies_on_fpi_disabled");
   await extension.awaitMessage("test_fpd_cookies_on_fpi_disabled");
   await extension.unload();
 });
 </script>