Bug 1647825 - Part 3: Add a test for the blocking reporting. r=ckerschb,nhnt11
authorTim Huang <tihuang@mozilla.com>
Wed, 22 Jul 2020 15:12:39 +0000
changeset 541625 994d0516292963ace9b748cfb30605bb55446572
parent 541624 402c5e37eb045012ceb240aa8d49f6f8963107b6
child 541626 c43b0e4eb0dbd6f09a5d24b1000ce3439e573b8b
push id37628
push userabutkovits@mozilla.com
push dateWed, 22 Jul 2020 21:55:45 +0000
treeherdermozilla-central@1600e73bdd90 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, nhnt11
bugs1647825
milestone80.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1647825 - Part 3: Add a test for the blocking reporting. r=ckerschb,nhnt11 Differential Revision: https://phabricator.services.mozilla.com/D82333
dom/security/test/general/browser.ini
dom/security/test/general/browser_test_report_blocking.js
dom/security/test/general/file_framing_error_pages_csp.html
dom/security/test/general/file_framing_error_pages_xfo.html
--- a/dom/security/test/general/browser.ini
+++ b/dom/security/test/general/browser.ini
@@ -27,8 +27,13 @@ support-files =
   file_framing_error_pages_csp.html
   file_framing_error_pages_xfo.html
   file_framing_error_pages.sjs
 [browser_test_xfo_embed_object.js]
 support-files =
   file_framing_xfo_embed.html
   file_framing_xfo_object.html
   file_framing_xfo_embed_object.sjs
+[browser_test_report_blocking.js]
+support-files =
+  file_framing_error_pages_xfo.html
+  file_framing_error_pages_csp.html
+  file_framing_error_pages.sjs
new file mode 100644
--- /dev/null
+++ b/dom/security/test/general/browser_test_report_blocking.js
@@ -0,0 +1,225 @@
+"use strict";
+
+const { TelemetryArchiveTesting } = ChromeUtils.import(
+  "resource://testing-common/TelemetryArchiveTesting.jsm"
+);
+
+const kTestPath = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "http://example.com"
+);
+
+const kTestXFrameOptionsURI = kTestPath + "file_framing_error_pages_xfo.html";
+const kTestCspURI = kTestPath + "file_framing_error_pages_csp.html";
+const kTestXFrameOptionsURIFrame =
+  kTestPath + "file_framing_error_pages.sjs?xfo";
+const kTestCspURIFrame = kTestPath + "file_framing_error_pages.sjs?csp";
+
+const kTestExpectedPingXFO = [
+  [["payload", "error_type"], "xfo"],
+  [["payload", "xfo_header"], "deny"],
+  [["payload", "csp_header"], ""],
+  [["payload", "frame_hostname"], "example.com"],
+  [["payload", "top_hostname"], "example.com"],
+  [
+    ["payload", "frame_uri"],
+    "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs",
+  ],
+  [
+    ["payload", "top_uri"],
+    "http//example.com/browser/dom/security/test/general/file_framing_error_pages_xfo.html",
+  ],
+];
+
+const kTestExpectedPingCSP = [
+  [["payload", "error_type"], "csp"],
+  [["payload", "xfo_header"], ""],
+  [["payload", "csp_header"], "'none'"],
+  [["payload", "frame_hostname"], "example.com"],
+  [["payload", "top_hostname"], "example.com"],
+  [
+    ["payload", "frame_uri"],
+    "http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs",
+  ],
+  [
+    ["payload", "top_uri"],
+    "http//example.com/browser/dom/security/test/general/file_framing_error_pages_csp.html",
+  ],
+];
+
+const TEST_CASES = [
+  {
+    type: "xfo",
+    test_uri: kTestXFrameOptionsURI,
+    frame_uri: kTestXFrameOptionsURIFrame,
+    expected_msg:
+      "This page has an X-Frame-Options policy that prevents it from being loaded in this context",
+    expected_ping: kTestExpectedPingXFO,
+  },
+  {
+    type: "csp",
+    test_uri: kTestCspURI,
+    frame_uri: kTestCspURIFrame,
+    expected_msg:
+      "This page has a content security policy that prevents it from being loaded in this way",
+    expected_ping: kTestExpectedPingCSP,
+  },
+];
+
+add_task(async function setup() {
+  Services.telemetry.setEventRecordingEnabled("security.ui.xfocsperror", true);
+
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["security.xfocsp.errorReporting.enabled", true],
+      ["security.xfocsp.errorReporting.automatic", false],
+    ],
+  });
+});
+
+add_task(async function testReportingCases() {
+  for (const test of TEST_CASES) {
+    await testReporting(test);
+  }
+});
+
+async function testReporting(test) {
+  // Clear telemetry event before testing.
+  Services.telemetry.clearEvents();
+
+  let telemetryChecker = new TelemetryArchiveTesting.Checker();
+  await telemetryChecker.promiseInit();
+
+  let tab = await BrowserTestUtils.openNewForegroundTab(
+    gBrowser,
+    "about:blank"
+  );
+  let browser = tab.linkedBrowser;
+
+  let loaded = BrowserTestUtils.browserLoaded(
+    browser,
+    true,
+    test.frame_uri,
+    true
+  );
+  BrowserTestUtils.loadURI(browser, test.test_uri);
+  await loaded;
+
+  let { type, expected_msg } = test;
+
+  let frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+    const iframe = content.document.getElementById("testframe");
+    return iframe.browsingContext;
+  });
+
+  await SpecialPowers.spawn(frameBC, [{ type, expected_msg }], async obj => {
+    // Wait until the reporting UI is visible.
+    await ContentTaskUtils.waitForCondition(() => {
+      let reportUI = content.document.getElementById("blockingErrorReporting");
+      return ContentTaskUtils.is_visible(reportUI);
+    });
+
+    let errorPage = content.document.body.innerHTML;
+    ok(errorPage.includes(obj.expected_msg), `${obj.type} error page correct`);
+
+    let reportCheckBox = content.document.getElementById(
+      "automaticallyReportBlockingInFuture"
+    );
+    is(
+      reportCheckBox.checked,
+      false,
+      "The checkbox of the reporting ui should be not checked."
+    );
+
+    // Click on the checkbox.
+    await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content);
+  });
+  BrowserTestUtils.removeTab(tab);
+
+  // Open the error page again
+  tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank");
+  browser = tab.linkedBrowser;
+
+  loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true);
+  BrowserTestUtils.loadURI(browser, test.test_uri);
+  await loaded;
+
+  frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+    const iframe = content.document.getElementById("testframe");
+    return iframe.browsingContext;
+  });
+
+  await SpecialPowers.spawn(frameBC, [], async _ => {
+    // Wait until the reporting UI is visible.
+    await ContentTaskUtils.waitForCondition(() => {
+      let reportUI = content.document.getElementById("blockingErrorReporting");
+      return ContentTaskUtils.is_visible(reportUI);
+    });
+
+    let reportCheckBox = content.document.getElementById(
+      "automaticallyReportBlockingInFuture"
+    );
+    is(
+      reportCheckBox.checked,
+      true,
+      "The checkbox of the reporting ui should be checked."
+    );
+
+    // Click on the checkbox again to disable the reporting.
+    await EventUtils.synthesizeMouseAtCenter(reportCheckBox, {}, content);
+
+    is(
+      reportCheckBox.checked,
+      false,
+      "The checkbox of the reporting ui should be unchecked."
+    );
+  });
+  BrowserTestUtils.removeTab(tab);
+
+  // Open the error page again to see if the reporting is disabled.
+  tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:blank");
+  browser = tab.linkedBrowser;
+
+  loaded = BrowserTestUtils.browserLoaded(browser, true, test.frame_uri, true);
+  BrowserTestUtils.loadURI(browser, test.test_uri);
+  await loaded;
+
+  frameBC = await SpecialPowers.spawn(browser, [], async _ => {
+    const iframe = content.document.getElementById("testframe");
+    return iframe.browsingContext;
+  });
+
+  await SpecialPowers.spawn(frameBC, [], async _ => {
+    // Wait until the reporting UI is visible.
+    await ContentTaskUtils.waitForCondition(() => {
+      let reportUI = content.document.getElementById("blockingErrorReporting");
+      return ContentTaskUtils.is_visible(reportUI);
+    });
+
+    let reportCheckBox = content.document.getElementById(
+      "automaticallyReportBlockingInFuture"
+    );
+    is(
+      reportCheckBox.checked,
+      false,
+      "The checkbox of the reporting ui should be unchecked."
+    );
+  });
+  BrowserTestUtils.removeTab(tab);
+
+  // Finally, check if the ping has been archived.
+  await new Promise(resolve => {
+    telemetryChecker
+      .promiseFindPing("xfocsp-error-report", test.expected_ping)
+      .then(
+        found => {
+          ok(found, "Telemetry ping submitted successfully");
+          resolve();
+        },
+        err => {
+          ok(false, "Exception finding telemetry ping: " + err);
+          resolve();
+        }
+      );
+  });
+}
--- a/dom/security/test/general/file_framing_error_pages_csp.html
+++ b/dom/security/test/general/file_framing_error_pages_csp.html
@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
 <body>
 iframe should be blocked <br/>
-<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?csp"></iframe>
+<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?csp" height=800 width=800></iframe>
 </body>
 </html>
--- a/dom/security/test/general/file_framing_error_pages_xfo.html
+++ b/dom/security/test/general/file_framing_error_pages_xfo.html
@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
 <body>
 iframe should be blocked <br/>
-<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?xfo"></iframe>
+<iframe id="testframe" src="http://example.com/browser/dom/security/test/general/file_framing_error_pages.sjs?xfo" height=800 width=800></iframe>
 </body>
 </html>