API tools faq
paste
Guest User

Untitled

a guest
Dec 14th, 2018
36
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.01 KB | None | 0 0
raw download clone embed print report
  1. diff --git a/.eslintignore b/.eslintignore
  2. --- a/.eslintignore
  3. +++ b/.eslintignore
  4. @@ -216,7 +216,6 @@ dom/security/test/csp/**
  5. dom/security/test/general/**
  6. dom/security/test/mixedcontentblocker/**
  7. dom/security/test/sri/**
  8. -dom/security/test/unit/**
  9. dom/serviceworkers/**
  10. dom/smil/**
  11. dom/svg/**
  12. diff --git a/dom/security/test/unit/test_csp_reports.js b/dom/security/test/unit/test_csp_reports.js
  13. --- a/dom/security/test/unit/test_csp_reports.js
  14. +++ b/dom/security/test/unit/test_csp_reports.js
  15. @@ -2,7 +2,7 @@
  16. * License, v. 2.0. If a copy of the MPL was not distributed with this
  17. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  18.  
  19. -ChromeUtils.import('resource://gre/modules/NetUtil.jsm');
  20. +ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
  21. ChromeUtils.import("resource://gre/modules/Services.jsm");
  22. ChromeUtils.import("resource://testing-common/httpd.js");
  23.  
  24. @@ -33,7 +33,7 @@ function makeReportHandler(testpath, mes
  25. ? request.getHeader("Content-Type") : undefined;
  26. if (contentType !== "application/csp-report") {
  27. do_throw("violation report should have the 'application/csp-report' " +
  28. - "content-type, when in fact it is " + contentType.toString())
  29. + "content-type, when in fact it is " + contentType.toString());
  30. }
  31.  
  32. // obtain violation report
  33. @@ -47,7 +47,7 @@ function makeReportHandler(testpath, mes
  34. // dump("EXPECTED: \n" + JSON.stringify(expectedJSON) + "\n\n");
  35.  
  36. for (var i in expectedJSON)
  37. - Assert.equal(expectedJSON[i], reportObj['csp-report'][i]);
  38. + Assert.equal(expectedJSON[i], reportObj["csp-report"][i]);
  39.  
  40. testsToFinish--;
  41. httpServer.registerPathHandler(testpath, null);
  42. @@ -80,9 +80,8 @@ function makeTest(id, expectedJSON, useR
  43.  
  44. dump("Created test " + id + " : " + policy + "\n\n");
  45.  
  46. - let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"]
  47. - .getService(Ci.nsIScriptSecurityManager);
  48. - principal = ssm.createCodebasePrincipal(selfuri, {});
  49. +
  50. + principal = Services.scriptSecurityManager.createCodebasePrincipal(selfuri, {});
  51. csp.setRequestContext(null, principal);
  52.  
  53. // Load up the policy
  54. @@ -93,7 +92,7 @@ function makeTest(id, expectedJSON, useR
  55. var handler = makeReportHandler("/test" + id, "Test " + id, expectedJSON);
  56. httpServer.registerPathHandler("/test" + id, handler);
  57.  
  58. - //trigger the violation
  59. + // trigger the violation
  60. callback(csp);
  61. }
  62.  
  63. @@ -122,11 +121,11 @@ function run_test() {
  64. // test that eval violations cause a report.
  65. makeTest(1, {"blocked-uri": "eval",
  66. // JSON script-sample is UTF8 encoded
  67. - "script-sample" : "\xc2\xa3\xc2\xa5\xc2\xb5\xe5\x8c\x97\xf0\xa0\x9d\xb9",
  68. + "script-sample": "\xc2\xa3\xc2\xa5\xc2\xb5\xe5\x8c\x97\xf0\xa0\x9d\xb9",
  69. "line-number": 1,
  70. "column-number": 2}, false,
  71. function(csp) {
  72. - let evalOK = true, oReportViolation = {'value': false};
  73. + let evalOK = true, oReportViolation = {"value": false};
  74. evalOK = csp.getAllowsEval(oReportViolation);
  75.  
  76. // this is not a report only policy, so it better block eval
  77. @@ -178,7 +177,7 @@ function run_test() {
  78. // test that eval violations cause a report in report-only policy
  79. makeTest(4, {"blocked-uri": "inline"}, true,
  80. function(csp) {
  81. - let evalOK = true, oReportViolation = {'value': false};
  82. + let evalOK = true, oReportViolation = {"value": false};
  83. evalOK = csp.getAllowsEval(oReportViolation);
  84.  
  85. // this is a report only policy, so it better allow eval
  86. @@ -225,7 +224,6 @@ function run_test() {
  87. var selfSpec = REPORT_SERVER_URI + ":" + REPORT_SERVER_PORT + "/foo/self/foo.js";
  88. makeTest(7, {"blocked-uri": selfSpec}, false,
  89. function(csp) {
  90. - var uri = NetUtil
  91. // shouldLoad creates and sends out the report here.
  92. csp.shouldLoad(Ci.nsIContentPolicy.TYPE_SCRIPT,
  93. null, // nsICSPEventListener
  94. diff --git a/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js b/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
  95. --- a/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
  96. +++ b/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
  97. @@ -1,14 +1,12 @@
  98. ChromeUtils.import("resource://testing-common/httpd.js");
  99. ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
  100. ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
  101. -
  102. -var prefs = Cc["@mozilla.org/preferences-service;1"].
  103. - getService(Ci.nsIPrefBranch);
  104. +ChromeUtils.import("resource://gre/modules/Services.jsm");
  105.  
  106. // Since this test creates a TYPE_DOCUMENT channel via javascript, it will
  107. // end up using the wrong LoadInfo constructor. Setting this pref will disable
  108. // the ContentPolicyType assertion in the constructor.
  109. -prefs.setBoolPref("network.loadinfo.skip_type_assertion", true);
  110. +Services.prefs.setBoolPref("network.loadinfo.skip_type_assertion", true);
  111.  
  112. XPCOMUtils.defineLazyGetter(this, "URL", function() {
  113. return "http://localhost:" + httpserver.identity.primaryPort;
  114. @@ -23,22 +21,22 @@ var tests = [
  115. {
  116. description: "should not set request header for TYPE_OTHER",
  117. expectingHeader: false,
  118. - contentType: Ci.nsIContentPolicy.TYPE_OTHER
  119. + contentType: Ci.nsIContentPolicy.TYPE_OTHER,
  120. },
  121. {
  122. description: "should set request header for TYPE_DOCUMENT",
  123. expectingHeader: true,
  124. - contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT
  125. + contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
  126. },
  127. {
  128. description: "should set request header for TYPE_SUBDOCUMENT",
  129. expectingHeader: true,
  130. - contentType: Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
  131. + contentType: Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
  132. },
  133. {
  134. description: "should not set request header for TYPE_IMG",
  135. expectingHeader: false,
  136. - contentType: Ci.nsIContentPolicy.TYPE_IMG
  137. + contentType: Ci.nsIContentPolicy.TYPE_IMG,
  138. },
  139. ];
  140.  
  141. @@ -46,23 +44,22 @@ function ChannelListener() {
  142. }
  143.  
  144. ChannelListener.prototype = {
  145. - onStartRequest: function(request, context) { },
  146. - onDataAvailable: function(request, context, stream, offset, count) {
  147. + onStartRequest(request, context) { },
  148. + onDataAvailable(request, context, stream, offset, count) {
  149. do_throw("Should not get any data!");
  150. },
  151. - onStopRequest: function(request, context, status) {
  152. + onStopRequest(request, context, status) {
  153. var upgrade_insecure_header = false;
  154. try {
  155. if (request.getRequestHeader("Upgrade-Insecure-Requests")) {
  156. upgrade_insecure_header = true;
  157. }
  158. - }
  159. - catch (e) {
  160. + } catch (e) {
  161. // exception is thrown if header is not available on the request
  162. }
  163. // debug
  164. // dump("executing test: " + curTest.description);
  165. - Assert.equal(upgrade_insecure_header, curTest.expectingHeader)
  166. + Assert.equal(upgrade_insecure_header, curTest.expectingHeader);
  167. run_next_test();
  168. },
  169. };
  170. @@ -71,7 +68,7 @@ function setupChannel(aContentType) {
  171. var chan = NetUtil.newChannel({
  172. uri: URL + testpath,
  173. loadUsingSystemPrincipal: true,
  174. - contentPolicyType: aContentType
  175. + contentPolicyType: aContentType,
  176. });
  177. chan.QueryInterface(Ci.nsIHttpChannel);
  178. chan.requestMethod = "GET";
  179. diff --git a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
  180. --- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
  181. +++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
  182. @@ -8,6 +8,7 @@
  183.  
  184. ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
  185. ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
  186. +ChromeUtils.import("resource://gre/modules/Services.jsm");
  187.  
  188. XPCOMUtils.defineLazyServiceGetter(this, "gScriptSecurityManager",
  189. "@mozilla.org/scriptsecuritymanager;1",
  190. @@ -17,8 +18,7 @@ XPCOMUtils.defineLazyServiceGetter(this,
  191. "@mozilla.org/contentsecuritymanager;1",
  192. "nsIContentSecurityManager");
  193.  
  194. -var prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
  195. -prefs.setCharPref("dom.securecontext.whitelist", "example.net,example.org");
  196. +Services.prefs.setCharPref("dom.securecontext.whitelist", "example.net,example.org");
  197.  
  198. add_task(async function test_isOriginPotentiallyTrustworthy() {
  199. for (let [uriSpec, expectedResult] of [
  200. @@ -43,7 +43,7 @@ add_task(async function test_isOriginPot
  201. }
  202. // And now let's test whether .onion sites are properly treated when
  203. // whitelisted, see bug 1382359.
  204. - prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
  205. + Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
  206. let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
  207. let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
  208. Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!