Bug 1452496: gtest for discarding same-site cookies in cross site context. r=dveditz a=jcristau
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Thu, 12 Apr 2018 12:53:13 +0200
changeset 463282 9f6f88626ac485719aa63e9a6b399c4a4991b5b2
parent 463281 d367a7b18722c40ed2237d6660f8a832f68ebac7
child 463283 1210b05b97b0155850741ec4f4e8f4f19269827a
push id1683
push usersfraser@mozilla.com
push dateThu, 26 Apr 2018 16:43:40 +0000
treeherdermozilla-release@5af6cb21869d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz, jcristau
bugs1452496
milestone60.0
Bug 1452496: gtest for discarding same-site cookies in cross site context. r=dveditz a=jcristau
netwerk/test/TestCookie.cpp
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -7,16 +7,19 @@
 #include "gtest/gtest.h"
 #include "nsIServiceManager.h"
 #include "nsICookieService.h"
 #include "nsICookieManager.h"
 #include "nsICookie2.h"
 #include <stdio.h>
 #include "plstr.h"
 #include "nsNetUtil.h"
+#include "nsIChannel.h"
+#include "nsIPrincipal.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsISimpleEnumerator.h"
 #include "nsServiceManagerUtils.h"
 #include "nsNetCID.h"
 #include "nsIPrefBranch.h"
 #include "nsIPrefService.h"
 #include "mozilla/Unused.h"
 #include "nsIURI.h"
 
@@ -70,16 +73,46 @@ SetACookie(nsICookieService *aCookieServ
     NS_NewURI(getter_AddRefs(uri1), aSpec1);
     if (aSpec2)
         NS_NewURI(getter_AddRefs(uri2), aSpec2);
 
     nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, nullptr);
     EXPECT_TRUE(NS_SUCCEEDED(rv));
 }
 
+// Custom Cookie Generator specifically for the needs of same-site cookies!
+// Hands off unless you know exactly what you are doing!
+void
+SetASameSiteCookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, const char* aCookieString, const char *aServerTime)
+{
+    nsCOMPtr<nsIURI> uri1, uri2;
+    NS_NewURI(getter_AddRefs(uri1), aSpec1);
+    if (aSpec2)
+        NS_NewURI(getter_AddRefs(uri2), aSpec2);
+
+    // We create a dummy channel using the aSpec1 to simulate same-siteness
+    nsresult rv0;
+    nsCOMPtr<nsIScriptSecurityManager> ssm =
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0);
+    ASSERT_TRUE(NS_SUCCEEDED(rv0));
+    nsCOMPtr<nsIPrincipal> spec1Principal;
+    nsCString tmpString(aSpec1);
+    ssm->CreateCodebasePrincipalFromOrigin(tmpString, getter_AddRefs(spec1Principal));
+
+    nsCOMPtr<nsIChannel> dummyChannel;
+    NS_NewChannel(getter_AddRefs(dummyChannel),
+                  uri1,
+                  spec1Principal,
+                  nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                  nsIContentPolicy::TYPE_OTHER);
+
+    nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, dummyChannel);
+    EXPECT_TRUE(NS_SUCCEEDED(rv));
+}
+
 void
 SetACookieNoHttp(nsICookieService *aCookieService, const char *aSpec, const char* aCookieString)
 {
     nsCOMPtr<nsIURI> uri;
     NS_NewURI(getter_AddRefs(uri), aSpec);
 
     nsresult rv = aCookieService->SetCookieString(uri, nullptr, (char *)aCookieString, nullptr);
     EXPECT_TRUE(NS_SUCCEEDED(rv));
@@ -768,27 +801,27 @@ TEST(TestCookie,TestCookieMain)
 
 
     // *** SameSite attribute - parsing and cookie storage tests
     // Clear the cookies
     EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll()));
 
     // Set cookies with various incantations of the samesite attribute:
     // No same site attribute present
-    SetACookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
     // samesite attribute present but with no value
-    SetACookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
     // samesite attribute present but with an empty value
-    SetACookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
     // samesite attribute present but with an invalid value
-    SetACookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
     // samesite=strict
-    SetACookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
     // samesite=lax
-    SetACookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
+    SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
 
     EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator))));
     i = 0;
 
     // check the cookies for the required samesite value
     while (NS_SUCCEEDED(enumerator->HasMoreElements(&more)) && more) {
       nsCOMPtr<nsISupports> cookie;
       if (NS_FAILED(enumerator->GetNext(getter_AddRefs(cookie)))) break;