Bug 1512949 - Remove eval from tests and flip assertion flag r=ckerschb
authorvinoth <cegvinoth@gmail.com>
Thu, 24 Jan 2019 09:06:07 +0000
changeset 515263 7a3cc3042d048fb467e303fe362e94e9a8160632
parent 515253 b402ba25c19b2e41e0ce3f98b5a9f2c673134846
child 515264 f536acca992917752b2728e0d8ca499cb5da6b09
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1512949
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1512949 - Remove eval from tests and flip assertion flag r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D14054
devtools/server/tests/unit/test_objectgrips-17.js
devtools/server/tests/unit/test_objectgrips-21.js
devtools/server/tests/unit/test_safe-getter.js
devtools/server/tests/unit/test_stepping-05.js
devtools/server/tests/unit/test_wasm_source-01.js
devtools/shared/heapsnapshot/tests/unit/head_heapsnapshot.js
dom/indexedDB/test/unit/test_complex_keyPaths.js
js/xpconnect/tests/chrome/test_cows.xul
modules/libpref/init/all.js
netwerk/test/unit/test_duplicate_headers.js
netwerk/test/unit/test_headers.js
toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html
toolkit/components/satchel/test/test_form_autocomplete.html
--- a/devtools/server/tests/unit/test_objectgrips-17.js
+++ b/devtools/server/tests/unit/test_objectgrips-17.js
@@ -1,14 +1,20 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 /* eslint-disable no-shadow, max-nested-callbacks */
 
 "use strict";
 
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
 async function testPrincipal(options, globalPrincipal, debuggeeHasXrays) {
   const { debuggee } = options;
   let global, subsumes, isOpaque, globalIsInvisible;
   // Create a global object with the specified security principal.
   // If none is specified, use the debuggee.
   if (globalPrincipal === undefined) {
     global = debuggee;
     subsumes = true;
--- a/devtools/server/tests/unit/test_objectgrips-21.js
+++ b/devtools/server/tests/unit/test_objectgrips-21.js
@@ -1,14 +1,20 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 /* eslint-disable no-shadow, max-nested-callbacks */
 
 "use strict";
 
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
 // Run test_unsafe_grips twice, one against a system principal debuggee
 // and another time with a null principal debuggee
 
 // The following tests work like this:
 // - The specified code is evaluated in a system principal.
 //   `Cu`, `systemPrincipal` and `Services` are provided as global variables.
 // - The resulting object is debugged in a system or null principal debuggee,
 //   depending on in which list the test is placed.
--- a/devtools/server/tests/unit/test_safe-getter.js
+++ b/devtools/server/tests/unit/test_safe-getter.js
@@ -1,10 +1,14 @@
 /* eslint-disable strict */
 function run_test() {
+  Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+  });
   ChromeUtils.import("resource://gre/modules/jsdebugger.jsm");
   addDebuggerToGlobal(this);
   const g = testGlobal("test");
   const dbg = new Debugger();
   const gw = dbg.addDebuggee(g);
 
   g.eval(`
     // This is not a CCW.
--- a/devtools/server/tests/unit/test_stepping-05.js
+++ b/devtools/server/tests/unit/test_stepping-05.js
@@ -1,14 +1,20 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 /* eslint-disable no-shadow, max-nested-callbacks */
 
 "use strict";
 
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
 /**
  * Make sure that stepping in the last statement of the last frame doesn't
  * cause an unexpected pause, when another JS frame is pushed on the stack
  * (bug 785689).
  */
 
 add_task(threadClientTest(async ({ threadClient, debuggee, client }) => {
   dumpn("Evaluating test code and waiting for first debugger statement");
--- a/devtools/server/tests/unit/test_wasm_source-01.js
+++ b/devtools/server/tests/unit/test_wasm_source-01.js
@@ -8,16 +8,22 @@
 /**
  * Verify if client can receive binary wasm if 'wasmBinarySource' is set.
  */
 
 var gDebuggee;
 var gClient;
 var gThreadClient;
 
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
 function run_test() {
   if (typeof WebAssembly == "undefined") {
     // wasm is not enabled for this platform
     return;
   }
 
   initTestDebuggerServer();
   gDebuggee = addTestGlobal("test-wasm-source");
--- a/devtools/shared/heapsnapshot/tests/unit/head_heapsnapshot.js
+++ b/devtools/shared/heapsnapshot/tests/unit/head_heapsnapshot.js
@@ -26,18 +26,20 @@ const CensusUtils = require("devtools/sh
 const DominatorTreeNode = require("devtools/shared/heapsnapshot/DominatorTreeNode");
 const { deduplicatePaths } = require("devtools/shared/heapsnapshot/shortest-paths");
 const { LabelAndShallowSizeVisitor } = DominatorTreeNode;
 
 // Always log packets when running tests. runxpcshelltests.py will throw
 // the output away anyway, unless you give it the --verbose flag.
 if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_DEFAULT) {
   Services.prefs.setBoolPref("devtools.debugger.log", true);
+  Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
   registerCleanupFunction(() => {
     Services.prefs.clearUserPref("devtools.debugger.log");
+    Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
   });
 }
 
 const SYSTEM_PRINCIPAL = Cc["@mozilla.org/systemprincipal;1"]
   .createInstance(Ci.nsIPrincipal);
 
 function dumpn(msg) {
   dump("HEAPSNAPSHOT-TEST: " + msg + "\n");
--- a/dom/indexedDB/test/unit/test_complex_keyPaths.js
+++ b/dom/indexedDB/test/unit/test_complex_keyPaths.js
@@ -135,18 +135,25 @@ function* testSteps()
     request.onsuccess = grabEventAndContinueHandler;
     yield undefined;
     ok(true, "Successfully updated cursor" + test);
 
     // Check that cursor.update throws as expected when key is changed
     let newValue = cursor.value;
     let destProp = Array.isArray(info.keyPath) ? info.keyPath[0] : info.keyPath;
     if (destProp) {
-      // eslint-disable-next-line no-eval
-      eval("newValue." + destProp + " = 'newKeyValue'");
+      let splitDestProp = destProp.split(".");
+      if (splitDestProp.length == 1)
+      {
+        newValue[splitDestProp[0]] = "newKeyValue";
+      } else if (splitDestProp.length == 2) {
+        newValue[splitDestProp[0]][splitDestProp[1]] = "newKeyValue";
+      } else {
+        newValue[splitDestProp[0]][splitDestProp[1]][splitDestProp[2]] = "newKeyValue";
+      }
     }
     else {
       newValue = "newKeyValue";
     }
     let didThrow;
     try {
       cursor.update(newValue);
     }
--- a/js/xpconnect/tests/chrome/test_cows.xul
+++ b/js/xpconnect/tests/chrome/test_cows.xul
@@ -17,16 +17,19 @@ https://bugzilla.mozilla.org/show_bug.cg
   </body>
 
   <!-- test code goes here -->
   <script type="application/javascript"><![CDATA[
 var sandbox = new Cu.Sandbox("about:blank");
 
 var test_utils = window.windowUtils;
 
+SpecialPowers.pushPrefEnv({"set": [["security.allow_eval_with_system_principal",
+                                    true]]});
+
 function getCOW(x) {
   if (typeof x != 'object' && typeof x != 'function')
     return x;
   x = Cu.waiveXrays(x);
   var rval = {};
   if (typeof x == "function")
     rval = eval(uneval(x));
   for (var i in x) {
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2679,18 +2679,18 @@ pref("security.dialog_enable_delay", 100
 pref("security.notification_enable_delay", 500);
 
 #if defined(DEBUG) && !defined(ANDROID)
 pref("csp.about_uris_without_csp", "blank,printpreview,srcdoc,about,addons,cache-entry,config,crashes,debugging,devtools,downloads,home,memory,networking,newtab,performance,plugins,policies,profiles,restartrequired,searchreset,serviceworkers,sessionrestore,support,sync-log,telemetry,url-classifier,webrtc,welcomeback");
 // the following prefs are for testing purposes only.
 pref("csp.overrule_about_uris_without_csp_whitelist", false);
 pref("csp.skip_about_page_has_csp_assert", false);
 // assertion flag will be set to false after fixing Bug 1473549
-pref("security.allow_eval_with_system_principal", true);
-pref("security.uris_using_eval_with_system_principal", "autocomplete.xml,redux.js,react-redux.js,content-task.js,content-task.js,tree.xml,dialog.xml,preferencesbindings.js,wizard.xml,lodash.js,jszip.js,ajv-4.1.1.js,updates.js,setup,jsol.js");
+pref("security.allow_eval_with_system_principal", false);
+pref("security.uris_using_eval_with_system_principal", "autocomplete.xml,redux.js,react-redux.js,content-task.js,content-task.js,tree.xml,dialog.xml,preferencesbindings.js,wizard.xml,lodash.js,jszip.js,ajv-4.1.1.js,updates.js,setup,jsol.js,parent_utils.js");
 #endif
 
 // Default Content Security Policy to apply to signed contents.
 pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'");
 
 // Mixed content blocking
 pref("security.mixed_content.block_active_content", false);
 pref("security.mixed_content.block_display_content", false);
--- a/netwerk/test/unit/test_duplicate_headers.js
+++ b/netwerk/test/unit/test_duplicate_headers.js
@@ -24,21 +24,21 @@ function run_test()
 
   do_test_pending();
   run_test_number(1);
 }
 
 function run_test_number(num)
 {
   testPath = testPathBase + num;
-  httpserver.registerPathHandler(testPath, eval("handler" + num));
+  httpserver.registerPathHandler(testPath, this["handler" + num]);
 
   var channel = setupChannel(testPath);
   flags = test_flags[num];   // OK if flags undefined for test
-  channel.asyncOpen2(new ChannelListener(eval("completeTest" + num),
+  channel.asyncOpen2(new ChannelListener(this["completeTest" + num],
                                          channel, flags));
 }
 
 function setupChannel(url)
 {
   var chan = NetUtil.newChannel({
     uri: URL + url,
     loadUsingSystemPrincipal: true
--- a/netwerk/test/unit/test_headers.js
+++ b/netwerk/test/unit/test_headers.js
@@ -45,32 +45,32 @@ function run_test()
 function runNextTest()
 {
   if (nextTest == lastTest) {
     endTests();
     return;
   }
   nextTest++;
   // Make sure test functions exist
-  if (eval("handler" + nextTest) == undefined)
+  if (this["handler" + nextTest] == undefined)
     do_throw("handler" + nextTest + " undefined!");
-  if (eval("completeTest" + nextTest) == undefined)
+  if (this["completeTest" + nextTest] == undefined)
     do_throw("completeTest" + nextTest + " undefined!");
   
   run_test_number(nextTest);
 }
 
 function run_test_number(num)
 {
   testPath = testPathBase + num;
-  httpserver.registerPathHandler(testPath, eval("handler" + num));
+  httpserver.registerPathHandler(testPath, this["handler" + num]);
 
   var channel = setupChannel(testPath);
   flags = test_flags[num];   // OK if flags undefined for test
-  channel.asyncOpen2(new ChannelListener(eval("completeTest" + num),
+  channel.asyncOpen2(new ChannelListener(this["completeTest" + num],
                                          channel, flags));
 }
 
 function setupChannel(url)
 {
   var chan = NetUtil.newChannel({
     uri: URL + url,
     loadUsingSystemPrincipal: true
--- a/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html
+++ b/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html
@@ -18,83 +18,82 @@ var chromeScript = runChecksAfterCommonI
 var setupScript = runInParent(function setup() {
   ChromeUtils.import("resource://gre/modules/Services.jsm");
 
   // Create some logins just for this form, since we'll be deleting them.
   var nsLoginInfo = Components.Constructor("@mozilla.org/login-manager/loginInfo;1",
                                            Ci.nsILoginInfo, "init");
   assert.ok(nsLoginInfo != null, "nsLoginInfo constructor");
 
+  let logins = {};
   // login0 has no username, so should be filtered out from the autocomplete list.
-  var login0 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
-                               "", "user0pass", "", "pword");
+  logins.login0 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                  "", "user0pass", "", "pword");
 
-  var login1 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
-                               "tempuser1", "temppass1", "uname", "pword");
+  logins.login1 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                  "tempuser1", "temppass1", "uname", "pword");
 
-  var login2 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
-                               "testuser2", "testpass2", "uname", "pword");
+  logins.login2 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                  "testuser2", "testpass2", "uname", "pword");
 
-  var login3 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
-                               "testuser3", "testpass3", "uname", "pword");
+  logins.login3 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                  "testuser3", "testpass3", "uname", "pword");
 
-  var login4 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
-                               "zzzuser4", "zzzpass4", "uname", "pword");
+  logins.login4 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                  "zzzuser4", "zzzpass4", "uname", "pword");
 
   // login 5 only used in the single-user forms
-  var login5 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete2", null,
-                               "singleuser5", "singlepass5", "uname", "pword");
+  logins.login5 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete2", null,
+                                  "singleuser5", "singlepass5", "uname", "pword");
 
-  var login6A = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete3", null,
-                                "form7user1", "form7pass1", "uname", "pword");
-  var login6B = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete3", null,
-                                "form7user2", "form7pass2", "uname", "pword");
+  logins.login6A = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete3", null,
+                                   "form7user1", "form7pass1", "uname", "pword");
+  logins.login6B = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete3", null,
+                                   "form7user2", "form7pass2", "uname", "pword");
 
-  var login7  = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete4", null,
-                                "form8user", "form8pass", "uname", "pword");
+  logins.login7  = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete4", null,
+                                   "form8user", "form8pass", "uname", "pword");
 
-  var login8A = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
-                                "form9userAB", "form9pass", "uname", "pword");
-  var login8B = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
-                                "form9userAAB", "form9pass", "uname", "pword");
-  var login8C = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
-                                "form9userAABzz", "form9pass", "uname", "pword");
+  logins.login8A = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
+                                   "form9userAB", "form9pass", "uname", "pword");
+  logins.login8B = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
+                                   "form9userAAB", "form9pass", "uname", "pword");
+  logins.login8C = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete5", null,
+                                   "form9userAABzz", "form9pass", "uname", "pword");
 
-  var login10 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete7", null,
-                                "testuser10", "testpass10", "uname", "pword");
+  logins.login10 = new nsLoginInfo("http://mochi.test:8888", "http://autocomplete7", null,
+                                   "testuser10", "testpass10", "uname", "pword");
 
 
   // try/catch in case someone runs the tests manually, twice.
   try {
-    Services.logins.addLogin(login0);
-    Services.logins.addLogin(login1);
-    Services.logins.addLogin(login2);
-    Services.logins.addLogin(login3);
-    Services.logins.addLogin(login4);
-    Services.logins.addLogin(login5);
-    Services.logins.addLogin(login6A);
-    Services.logins.addLogin(login6B);
-    Services.logins.addLogin(login7);
-    Services.logins.addLogin(login8A);
-    Services.logins.addLogin(login8B);
+    Services.logins.addLogin(logins.login0);
+    Services.logins.addLogin(logins.login1);
+    Services.logins.addLogin(logins.login2);
+    Services.logins.addLogin(logins.login3);
+    Services.logins.addLogin(logins.login4);
+    Services.logins.addLogin(logins.login5);
+    Services.logins.addLogin(logins.login6A);
+    Services.logins.addLogin(logins.login6B);
+    Services.logins.addLogin(logins.login7);
+    Services.logins.addLogin(logins.login8A);
+    Services.logins.addLogin(logins.login8B);
     // login8C is added later
-    Services.logins.addLogin(login10);
+    Services.logins.addLogin(logins.login10);
   } catch (e) {
     assert.ok(false, "addLogin threw: " + e);
   }
 
   addMessageListener("addLogin", loginVariableName => {
-    // eslint-disable-next-line no-eval
-    let login = eval(loginVariableName);
+    let login = logins[loginVariableName];
     assert.ok(!!login, "Login to add is defined: " + loginVariableName);
     Services.logins.addLogin(login);
   });
   addMessageListener("removeLogin", loginVariableName => {
-    // eslint-disable-next-line no-eval
-    let login = eval(loginVariableName);
+    let login = logins[loginVariableName];
     assert.ok(!!login, "Login to delete is defined: " + loginVariableName);
     Services.logins.removeLogin(login);
   });
 });
 </script>
 <p id="display"></p>
 
 <!-- we presumably can't hide the content for this test. -->
@@ -175,16 +174,18 @@ var setupScript = runInParent(function s
    </div>
 </div>
 
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 /** Test for Login Manager: multiple login autocomplete. **/
 
+SpecialPowers.pushPrefEnv({"set": [["security.allow_eval_with_system_principal", true]]});
+
 var uname = $_(1, "uname");
 var pword = $_(1, "pword");
 
 // Restore the form to the default state.
 function restoreForm() {
   uname.value = "";
   pword.value = "";
   uname.focus();
--- a/toolkit/components/satchel/test/test_form_autocomplete.html
+++ b/toolkit/components/satchel/test/test_form_autocomplete.html
@@ -136,16 +136,18 @@ Form History test: form field autocomple
   </form>
 
 </div>
 
 <pre id="test">
 <script class="testbody" type="text/javascript">
 /** Test for Form History autocomplete **/
 
+SpecialPowers.pushPrefEnv({"set": [["security.allow_eval_with_system_principal", true]]});
+
 var input = $_(1, "field1");
 
 function setupFormHistory(aCallback) {
   updateFormHistory([
     { op: "remove" },
     { op: "add", fieldname: "field1", value: "value1" },
     { op: "add", fieldname: "field1", value: "value2" },
     { op: "add", fieldname: "field1", value: "value3" },