toolkit/components/url-classifier/tests/mochitest/test_gethash.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1272239 - Test gethash.</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="classifierHelper.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>

<body>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<iframe id="testFrame1" onload=""></iframe>
<iframe id="testFrame2" onload=""></iframe>

<script class="testbody" type="text/javascript">

const MALWARE_LIST = "test-malware-simple";
const MALWARE_HOST = "malware.example.com/";

const UNWANTED_LIST = "test-unwanted-simple";
const UNWANTED_HOST = "unwanted.example.com/";

const GETHASH_URL = "http://mochi.test:8888/tests/toolkit/components/url-classifier/tests/mochitest/gethash.sjs";
const NOTEXIST_URL = "http://mochi.test:8888/tests/toolkit/components/url-classifier/tests/mochitest/nonexistserver.sjs";

var shouldLoad = false;

// In this testcase we store prefixes to localdb and send the fullhash to gethash server.
// When access the test page gecko should trigger gethash request to server and
// get the completion response.
function loadTestFrame(id) {
  return new Promise(function(resolve, reject) {

    var iframe = document.getElementById(id);
    iframe.setAttribute("src", "gethashFrame.html");

    iframe.onload = function() {
      resolve();
    };
  });
}

// add 4-bytes prefixes to local database, so when we access the url,
// it will trigger gethash request.
function addPrefixToDB(list, url) {
  var testData = [{ db: list, url: url, len: 4 }];

  return classifierHelper.addUrlToDB(testData)
    .catch(function(err) {
      ok(false, "Couldn't update classifier. Error code: " + err);
      // Abort test.
      SimpleTest.finish();
    });
}

// calculate the fullhash and send it to gethash server
function addCompletionToServer(list, url) {
  return new Promise(function(resolve, reject) {
    var listParam = "list=" + list;
    var fullhashParam = "fullhash=" + hash(url);

    var xhr = new XMLHttpRequest;
    xhr.open("PUT", GETHASH_URL + "?" +
             listParam + "&" +
             fullhashParam, true);
    xhr.setRequestHeader("Content-Type", "text/plain");
    xhr.onreadystatechange = function() {
      if (this.readyState == this.DONE) {
        resolve();
      }
    };
    xhr.send();
  });
}

function hash(str) {
  function bytesFromString(str) {
    var converter =
      SpecialPowers.Cc["@mozilla.org/intl/scriptableunicodeconverter"]
                       .createInstance(SpecialPowers.Ci.nsIScriptableUnicodeConverter);
    converter.charset = "UTF-8";
    return converter.convertToByteArray(str);
  }

  var hasher = SpecialPowers.Cc["@mozilla.org/security/hash;1"]
                               .createInstance(SpecialPowers.Ci.nsICryptoHash);

  var data = bytesFromString(str);
  hasher.init(hasher.SHA256);
  hasher.update(data, data.length);

  return hasher.finish(true);
}

function setup404() {
  shouldLoad = true;

  classifierHelper.allowCompletion([MALWARE_LIST, UNWANTED_LIST], NOTEXIST_URL);

  return Promise.all([
    addPrefixToDB(MALWARE_LIST, MALWARE_HOST),
    addPrefixToDB(UNWANTED_LIST, UNWANTED_HOST)
  ]);
}

function setup() {
  classifierHelper.allowCompletion([MALWARE_LIST, UNWANTED_LIST], GETHASH_URL);

  return Promise.all([
    addPrefixToDB(MALWARE_LIST, MALWARE_HOST),
    addPrefixToDB(UNWANTED_LIST, UNWANTED_HOST),
    addCompletionToServer(MALWARE_LIST, MALWARE_HOST),
    addCompletionToServer(UNWANTED_LIST, UNWANTED_HOST),
  ]);
}

// manually reset DB to make sure next test won't be affected by cache.
function reset() {
  return classifierHelper.resetDB;
}

function runTest() {
  Promise.resolve()
    // This test resources get blocked when gethash returns successfully
    .then(classifierHelper.waitForInit)
    .then(setup)
    .then(() => loadTestFrame("testFrame1"))
    .then(reset)
    // This test resources are not blocked when gethash returns an error
    .then(setup404)
    .then(() => loadTestFrame("testFrame2"))
    .then(function() {
      SimpleTest.finish();
    }).catch(function(e) {
      ok(false, "Some test failed with error " + e);
      SimpleTest.finish();
    });
}

SimpleTest.waitForExplicitFinish();

// 'network.predictor.enabled' is disabled because if other testcase load
// evil.js, evil.css ...etc resources, it may cause we load them from cache
// directly and bypass classifier check
SpecialPowers.pushPrefEnv({"set": [
  ["browser.safebrowsing.malware.enabled", true],
  ["network.predictor.enabled", false],
  ["urlclassifier.gethash.timeout_ms", 30000],
]}, runTest);

</script>
</pre>
</body>
</html>