# SPDX-License-Identifier: CC0-1.0 """ Haketilo unit tests - exposing some special functionalities to injected scripts """ # This file is part of Haketilo # # Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the CC0 1.0 Universal License as published by # the Creative Commons Corporation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # CC0 1.0 Universal License for more details. import pytest import json from selenium.webdriver.support.ui import WebDriverWait from ..script_loader import load_script from ..world_wide_library import some_data def content_script(): return load_script('content/haketilo_apis.js') + ';\nstart();' def background_script(): return load_script('background/CORS_bypass_server.js') + ';\nstart();' resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json' @pytest.mark.ext_data({ 'content_script': content_script, 'background_script': background_script }) @pytest.mark.usefixtures('webextension') def test_haketilo_apis_CORS_bypass(driver): """ Verify injected scripts will be able to bypass CORS with the help of Haketilo API. """ driver.get('https://gotmyowndoma.in/') # First, verify that it is impossible to normally fetch the resource. with pytest.raises(Exception, match='NetworkError'): driver.execute_script('return fetch(arguments[0]);', resource_url) # First, verify that it is possible to fetch the resource using API. response = driver.execute_script( ''' const fetch_arg = { url: arguments[0], init: {}, verify_that_nonstandard_properties_are_ignored: ":)" }; const detail = { data: JSON.stringify(fetch_arg), id: "abcdef", nonstandard_properties_verify_that_ignored_are: ":o" }; let cb, done = new Promise(_cb => cb = _cb); window.addEventListener("haketilo_CORS_bypass-abcdef", e => cb(JSON.parse(e.detail))); window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail})); return done; ''', resource_url) assert response['body'] == some_data.encode().hex() assert response['status'] == 200 assert type(response['headers']) is list @pytest.mark.ext_data({ 'content_script': content_script, 'background_script': background_script }) @pytest.mark.usefixtures('webextension') @pytest.mark.parametrize('error', [ 'bad url', 'no_url', 'non_string_url', 'non_object_init', 'non_object_detail', 'non_string_id', 'non_string_data' ]) def test_haketilo_apis_CORS_bypass_errors(driver, error): """ Verify errors are returned properly by CORS_bypass API. """ data = { 'bad_url': {'url': 'muahahahaha', 'init': {}}, 'no_url': {'init': {}}, 'non_string_url': {'url': {}, 'init': {}}, 'non_object_init': {'url': {}, 'init': ":d"}, }.get(error, {'url': resource_url, 'init': {}}) detail = { 'non_object_detail': '!!!', 'non_string_id': {'data': json.dumps(data), 'id': None}, 'non_string_data': {'data': data, 'id': 'abcdef'} }.get(error, {'data': json.dumps(data), 'id': 'abcdef'}) driver.get('https://gotmyowndoma.in/') result = driver.execute_script( ''' let cb, done = new Promise(_cb => cb = _cb); window.addEventListener("haketilo_CORS_bypass-abcdef", e => cb(JSON.parse(e.detail))); window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail: arguments[0]})); setTimeout(() => cb("timeout"), 5000); return done; ''', detail) if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}: assert result['error']['name'] == 'TypeError' if error in {'non_object_detail', 'non_string_id', 'non_string_data'}: assert result == 'timeout'