summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/support
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/support')
-rw-r--r--testing/web-platform/tests/content-security-policy/support/alert-pass.js1
-rw-r--r--testing/web-platform/tests/content-security-policy/support/alertAssert.sub.js43
-rw-r--r--testing/web-platform/tests/content-security-policy/support/checkReport.sub.js84
-rw-r--r--testing/web-platform/tests/content-security-policy/support/fail.asis5
-rw-r--r--testing/web-platform/tests/content-security-policy/support/fail.js1
-rw-r--r--testing/web-platform/tests/content-security-policy/support/fail.pngbin0 -> 759 bytes
-rw-r--r--testing/web-platform/tests/content-security-policy/support/inject-image.js5
-rw-r--r--testing/web-platform/tests/content-security-policy/support/logTest.sub.js41
-rw-r--r--testing/web-platform/tests/content-security-policy/support/media/flash.swfbin0 -> 638 bytes
-rw-r--r--testing/web-platform/tests/content-security-policy/support/pass.pngbin0 -> 1689 bytes
-rw-r--r--testing/web-platform/tests/content-security-policy/support/report.py34
-rw-r--r--testing/web-platform/tests/content-security-policy/support/siblingPath.js5
12 files changed, 219 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/support/alert-pass.js b/testing/web-platform/tests/content-security-policy/support/alert-pass.js
new file mode 100644
index 000000000..d3f811ec1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/alert-pass.js
@@ -0,0 +1 @@
+alert_assert("PASS"); \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/support/alertAssert.sub.js b/testing/web-platform/tests/content-security-policy/support/alertAssert.sub.js
new file mode 100644
index 000000000..ee9e54ea7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/alertAssert.sub.js
@@ -0,0 +1,43 @@
+// note, this template substitution is XSS, but no way to avoid it in this framework
+var expected_alerts = {{GET[alerts]}};
+var timeout= "{{GET[timeout]}}";
+if (timeout == "") {
+ timeout = 2;
+}
+
+if(expected_alerts.length == 0) {
+ function alert_assert(msg) {
+ test(function () { assert_unreached(msg) });
+ }
+} else {
+ var t_alert = async_test('Expecting alerts: {{GET[alerts]}}');
+ step_timeout(function() {
+ if(t_alert.phase != t_alert.phases.COMPLETE) {
+ t_alert.step(function() { assert_unreached('Alert timeout, expected alerts ' + expected_alerts + ' not fired.') });
+ t_alert.done();
+ }
+ }, timeout * 1000);
+ var alert_assert = function (msg) {
+ t_alert.step(function () {
+ if(msg && msg instanceof Error) {
+ msg = msg.message;
+ }
+ if (msg && msg.match(/^FAIL/i)) {
+ assert_unreached(msg);
+ t_alert.done();
+ }
+ for (var i = 0; i < expected_alerts.length; i++) {
+ if (expected_alerts[i] == msg) {
+ assert_true(expected_alerts[i] == msg);
+ expected_alerts.splice(i, 1);
+ if (expected_alerts.length == 0) {
+ t_alert.done();
+ }
+ return;
+ }
+ }
+ assert_unreached('unexpected alert: ' + msg);
+ t_log.done();
+ });
+ }.bind(this);
+}
diff --git a/testing/web-platform/tests/content-security-policy/support/checkReport.sub.js b/testing/web-platform/tests/content-security-policy/support/checkReport.sub.js
new file mode 100644
index 000000000..803dc06d5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/checkReport.sub.js
@@ -0,0 +1,84 @@
+(function () {
+
+ // Get values from the substitution engine.
+ // We can't just pull these from the document context
+ // because this script is intended to be transcluded into
+ // another document, and we want the GET values used to request it,
+ // not the values for the including document
+
+ // XXX these are unencoded, so there's an unavoidable
+ // injection vulnerability in constructing this file...
+ // need to upgrade the template engine.
+ var reportField = "{{GET[reportField]}}";
+ var reportValue = "{{GET[reportValue]}}";
+ var reportExists = "{{GET[reportExists]}}";
+ var noCookies = "{{GET[noCookies]}}";
+
+ var location = window.location;
+ var thisTestName = location.pathname.split('/')[location.pathname.split('/').length - 1].split('.')[0];
+
+ var reportID = "";
+
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookieName = cookies[i].split('=')[0].trim();
+ var cookieValue = cookies[i].split('=')[1].trim();
+
+ if (cookieName == thisTestName) {
+ reportID = cookieValue;
+ var cookieToDelete = cookieName + "=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=" + document.location.pathname.substring(0, document.location.pathname.lastIndexOf('/') + 1);
+ document.cookie = cookieToDelete;
+ break;
+ }
+ }
+
+ var timeout = document.querySelector("meta[name=timeout][content=long]") ? 50 : 5;
+ var reportLocation = location.protocol + "//" + location.host + "/content-security-policy/support/report.py?op=take&timeout=" + timeout + "&reportID=" + reportID;
+
+ var reportTest = async_test("Violation report status OK.");
+ reportTest.step(function () {
+
+ var report = new XMLHttpRequest();
+ report.onload = reportTest.step_func(function () {
+
+ var data = JSON.parse(report.responseText);
+
+ if (data.error) {
+ assert_equals("false", reportExists, data.error);
+ } else {
+ if(reportExists != "" && reportExists == "false" && data["csp-report"]) {
+ assert_unreached("CSP report sent, but not expecting one: " + JSON.stringify(data["csp-report"]));
+ }
+ // Firefox expands 'self' or origins in a policy to the actual origin value
+ // so "www.example.com" becomes "http://www.example.com:80".
+ // Accomodate this by just testing that the correct directive name
+ // is reported, not the details...
+
+ if(data["csp-report"] != undefined && data["csp-report"][reportField] != undefined) {
+ assert_true(data["csp-report"][reportField].indexOf(reportValue.split(" ")[0]) != -1,
+ reportField + " value of \"" + data["csp-report"][reportField] + "\" did not match " +
+ reportValue.split(" ")[0] + ".");
+ }
+ }
+
+ reportTest.done();
+ });
+
+ report.open("GET", reportLocation, true);
+ report.send();
+ });
+
+ if (noCookies) {
+ var cookieTest = async_test("No cookies sent with report.");
+ var cookieReport = new XMLHttpRequest();
+ cookieReport.onload = cookieTest.step_func(function () {
+ var data = JSON.parse(cookieReport.responseText);
+ assert_equals(data.reportCookies, "None");
+ cookieTest.done();
+ });
+ var cReportLocation = location.protocol + "//" + location.host + "/content-security-policy/support/report.py?op=cookies&timeout=" + timeout + "&reportID=" + reportID;
+ cookieReport.open("GET", cReportLocation, true);
+ cookieReport.send();
+ };
+
+})();
diff --git a/testing/web-platform/tests/content-security-policy/support/fail.asis b/testing/web-platform/tests/content-security-policy/support/fail.asis
new file mode 100644
index 000000000..96196615b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/fail.asis
@@ -0,0 +1,5 @@
+HTTP/1.1 200 OK
+Content-Type: text/plain
+Access-Control-Allow-Origin: *
+
+FAIL \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/support/fail.js b/testing/web-platform/tests/content-security-policy/support/fail.js
new file mode 100644
index 000000000..9632567a6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/fail.js
@@ -0,0 +1 @@
+test(function() { assert_unreached("FAIL")}); \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/support/fail.png b/testing/web-platform/tests/content-security-policy/support/fail.png
new file mode 100644
index 000000000..b59338033
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/fail.png
Binary files differ
diff --git a/testing/web-platform/tests/content-security-policy/support/inject-image.js b/testing/web-platform/tests/content-security-policy/support/inject-image.js
new file mode 100644
index 000000000..cc5b60079
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/inject-image.js
@@ -0,0 +1,5 @@
+// This script block will trigger a violation report.
+var i = document.createElement('img');
+i.src = '/content-security-policy/support/fail.png';
+document.body.appendChild(i);
+log("TEST COMPLETE"); \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/support/logTest.sub.js b/testing/web-platform/tests/content-security-policy/support/logTest.sub.js
new file mode 100644
index 000000000..f712252ce
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/logTest.sub.js
@@ -0,0 +1,41 @@
+// note, this template substitution is XSS, but no way to avoid it in this framework
+var expected_logs = {{GET[logs]}};
+var timeout = "{{GET[timeout]}}";
+if (timeout == "") {
+ timeout = 2;
+}
+
+if (expected_logs.length == 0) {
+ function log_assert(msg) {
+ test(function () { assert_unreached(msg) });
+ }
+} else {
+ var t_log = async_test('Expecting logs: {{GET[logs]}}');
+ step_timeout(function() {
+ if(t_log.phase != t_log.phases.COMPLETE){
+ t_log.step(function () { assert_unreached('Logging timeout, expected logs ' + expected_logs + ' not sent.') });
+ t_log.done();
+ }
+ }, timeout * 1000);
+ function log(msg) {
+ //cons/**/ole.log(msg);
+ t_log.step(function () {
+ if (msg.match(/^FAIL/i)) {
+ assert_unreached(msg);
+ t_log.done();
+ }
+ for (var i = 0; i < expected_logs.length; i++) {
+ if (expected_logs[i] == msg) {
+ assert_true(expected_logs[i] == msg);
+ expected_logs.splice(i, 1);
+ if (expected_logs.length == 0) {
+ t_log.done();
+ }
+ return;
+ }
+ }
+ assert_unreached('unexpected log: ' + msg);
+ t_log.done();
+ });
+ }
+}
diff --git a/testing/web-platform/tests/content-security-policy/support/media/flash.swf b/testing/web-platform/tests/content-security-policy/support/media/flash.swf
new file mode 100644
index 000000000..80bf47e20
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/media/flash.swf
Binary files differ
diff --git a/testing/web-platform/tests/content-security-policy/support/pass.png b/testing/web-platform/tests/content-security-policy/support/pass.png
new file mode 100644
index 000000000..2fa1e0ac0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/pass.png
Binary files differ
diff --git a/testing/web-platform/tests/content-security-policy/support/report.py b/testing/web-platform/tests/content-security-policy/support/report.py
new file mode 100644
index 000000000..193315fa0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/report.py
@@ -0,0 +1,34 @@
+import time
+import json
+import re
+
+def main(request, response):
+ op = request.GET.first("op");
+ key = request.GET.first("reportID")
+
+ if op == "take":
+ timeout = float(request.GET.first("timeout"))
+ t0 = time.time()
+ while time.time() - t0 < timeout:
+ time.sleep(0.5)
+ value = request.server.stash.take(key=key)
+ if value is not None:
+ return [("Content-Type", "application/json")], value
+
+ return [("Content-Type", "application/json")], json.dumps({'error': 'No such report.' , 'guid' : key})
+
+ if op == "cookies":
+ cval = request.server.stash.take(key=re.sub('^...', 'ccc', key))
+ if cval is None:
+ cval = "\"None\""
+
+ return [("Content-Type", "application/json")], "{ \"reportCookies\" : " + cval + "}"
+
+ if hasattr(request, 'Cookies'):
+ request.server.stash.put(key=re.sub('^...', 'ccc', key), value=request.Cookies)
+
+ report = request.body
+ report.rstrip()
+ request.server.stash.take(key=key)
+ request.server.stash.put(key=key, value=report)
+ return [("Content-Type", "text/plain")], "Recorded report " + report
diff --git a/testing/web-platform/tests/content-security-policy/support/siblingPath.js b/testing/web-platform/tests/content-security-policy/support/siblingPath.js
new file mode 100644
index 000000000..f4012f04d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/siblingPath.js
@@ -0,0 +1,5 @@
+ buildSiblingPath = function(hostPrefix, relativePath, newPort) {
+ var port = newPort ? newPort : document.location.port;
+ var path = document.location.pathname.substring(0, document.location.pathname.lastIndexOf('/') + 1);
+ return (document.location.protocol + '//' + hostPrefix + "." + document.location.hostname + ':' + port + path + relativePath);
+}; \ No newline at end of file