commit 82446eff1db658db8dae23443deac036b164b769 Author: Tim Huang <tihuang@mozilla.com> Date: Tue Jul 3 13:48:18 2018 +0000 Bug 1470156 - Part 1: Adding a test case for reassuring mozilla::OriginAttributes::CreateSuffix won't be crashed with invalid characters in firstParty domain. r=baku,mixedpuppy Differential Revision: https://phabricator.services.mozilla.com/D1845 --HG-- extra : moz-landing-system : lando --- .../mochitest/test_ext_cookies_first_party.html | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html b/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html index 64785c45e440..b214148824bd 100644 --- a/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html +++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies_first_party.html @@ -10,6 +10,8 @@ async function background() { const url = "http://ext-cookie-first-party.mochi.test/"; const firstPartyDomain = "ext-cookie-first-party.mochi.test"; + // A first party domain with invalid characters for the file system, which just happens to be a IPv6 address. + const firstPartyDomainInvalidChars = "[2606:4700:4700::1111]"; const expectedError = "First-Party Isolation is enabled, but the required 'firstPartyDomain' attribute was not set."; const assertExpectedCookies = (expected, cookies, message) => { @@ -154,6 +156,38 @@ async function background() { browser.test.sendMessage("test_fpi_enabled"); }; + // Test FPI with a first party domain with invalid characters for + // the file system. + const test_fpi_with_invalid_characters = async () => { + let cookie; + + // Test setting a cookie with a first party domain with invalid characters + // for the file system. + cookie = await browser.cookies.set({url, name: "foo5", value: "bar5", + firstPartyDomain: firstPartyDomainInvalidChars}); + assertExpectedCookies([ + {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars}, + ], [cookie], "set: FPI on, w/ firstPartyDomain with invalid characters, FP cookie"); + + // Test getting a cookie with a first party domain with invalid characters + // for the file system. + cookie = await browser.cookies.get({url, name: "foo5", + firstPartyDomain: firstPartyDomainInvalidChars}); + assertExpectedCookies([ + {name: "foo5", value: "bar5", firstPartyDomain: firstPartyDomainInvalidChars}, + ], [cookie], "get: FPI on, w/ firstPartyDomain with invalid characters, FP cookie"); + + // Test removing a cookie with a first party domain with invalid characters + // for the file system. + cookie = await browser.cookies.remove({url, name: "foo5", + firstPartyDomain: firstPartyDomainInvalidChars}); + assertExpectedCookies([ + {url, name: "foo5", firstPartyDomain: firstPartyDomainInvalidChars}, + ], [cookie], "remove: FPI on, w/ firstPartyDomain with invalid characters, FP cookie"); + + browser.test.sendMessage("test_fpi_with_invalid_characters"); + }; + // Test when FPI is disabled again, accessing FP cookies set when FPI is enabled. const test_fpd_cookies_on_fpi_disabled = async () => { let cookie, cookies; @@ -179,6 +213,7 @@ async function background() { switch (message) { case "test_fpi_disabled": return test_fpi_disabled(); case "test_fpi_enabled": return test_fpi_enabled(); + case "test_fpi_with_invalid_characters": return test_fpi_with_invalid_characters(); case "test_fpd_cookies_on_fpi_disabled": return test_fpd_cookies_on_fpi_disabled(); default: return browser.test.notifyFail("unknown-message"); } @@ -210,6 +245,8 @@ add_task(async () => { await enableFirstPartyIsolation(); extension.sendMessage("test_fpi_enabled"); await extension.awaitMessage("test_fpi_enabled"); + extension.sendMessage("test_fpi_with_invalid_characters"); + await extension.awaitMessage("test_fpi_with_invalid_characters"); await disableFirstPartyIsolation(); extension.sendMessage("test_fpd_cookies_on_fpi_disabled"); await extension.awaitMessage("test_fpd_cookies_on_fpi_disabled");