add more tests for CORS bypassing feature

author: Wojtek Kosior <koszko@koszko.org> 2022-03-28 01:59:14 +0200
committer: Wojtek Kosior <koszko@koszko.org> 2022-03-28 17:46:56 +0200
commit: 6cce03018786fe1f82014f82525770cca43808d8 (patch)
tree: db5bf9a43c12ef185e51387f63cc369c3594641f
parent: fba67f09ddedda6182d35b2fa1478115dc766905 (diff)
download: browser-extension-6cce03018786fe1f82014f82525770cca43808d8.tar.gz
browser-extension-6cce03018786fe1f82014f82525770cca43808d8.zip
2 files changed, 74 insertions, 12 deletions
diff --git a/content/haketilo_apis.js b/content/haketilo_apis.js
index 772e843..ccfec37 100644
--- a/content/haketilo_apis.js
+++ b/content/haketilo_apis.js
@@ -48,9 +48,9 @@
 async function on_CORS_bypass(event) {
     const name = "haketilo_CORS_bypass";
 
-    console.warn("delme event", event.detail);
-
-    if (typeof event.detail.id   !== "string" ||
+    if (typeof event.detail      !== "object" ||
+	event.detail             === null     ||
+	typeof event.detail.id   !== "string" ||
 	typeof event.detail.data !== "string") {
 	console.error(`Haketilo: Invalid detail for ${name}:`,
 		      event.detail);
diff --git a/test/haketilo_test/unit/test_haketilo_apis.py b/test/haketilo_test/unit/test_haketilo_apis.py
index 7dca4db..af7906d 100644
--- a/test/haketilo_test/unit/test_haketilo_apis.py
+++ b/test/haketilo_test/unit/test_haketilo_apis.py
@@ -30,6 +30,8 @@ def content_script():
 def background_script():
     return load_script('background/CORS_bypass_server.js') + ';\nstart();'
 
+resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json'
+
 @pytest.mark.ext_data({
     'content_script': content_script,
     'background_script': background_script
@@ -41,27 +43,87 @@ def test_haketilo_apis_CORS_bypass(driver):
     Haketilo API.
     """
     driver.get('https://gotmyowndoma.in/')
-    driver.execute_script(
+
+    # First, verify that it is impossible to normally fetch the resource.
+    with pytest.raises(Exception, match='NetworkError'):
+        driver.execute_script('return fetch(arguments[0]);', resource_url)
+
+    # First, verify that it is possible to fetch the resource using API.
+    response = driver.execute_script(
         '''
         const fetch_arg = {
-            url: "https://anotherdoma.in/resource/blocked/by/CORS.json",
-            init: {}
+            url: arguments[0],
+            init: {},
+            verify_that_nonstandard_properties_are_ignored: ":)"
         };
 
         const detail = {
             data: JSON.stringify(fetch_arg),
-            id:   "abcdef"
+            id:   "abcdef",
+            nonstandard_properties_verify_that_ignored_are: ":o"
         };
 
+        let cb, done = new Promise(_cb => cb = _cb);
         window.addEventListener("haketilo_CORS_bypass-abcdef",
-                                e => window.__response = e.detail);
+                                e => cb(JSON.parse(e.detail)));
         window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
-        ''')
 
-    get_response = lambda d: d.execute_script("return window.__response;")
-    response = WebDriverWait(driver, 10).until(get_response)
-    response = json.loads(response)
+        return done;
+        ''',
+        resource_url)
 
     assert response['body'] == some_data.encode().hex()
     assert response['status'] == 200
     assert type(response['headers']) is list
+
+@pytest.mark.ext_data({
+    'content_script': content_script,
+    'background_script': background_script
+})
+@pytest.mark.usefixtures('webextension')
+@pytest.mark.parametrize('error', [
+    'bad url',
+    'no_url',
+    'non_string_url',
+    'non_object_init',
+    'non_object_detail',
+    'non_string_id',
+    'non_string_data'
+])
+def test_haketilo_apis_CORS_bypass_errors(driver, error):
+    """
+    Verify errors are returned properly by CORS_bypass API.
+    """
+    data = {
+        'bad_url':         {'url': 'muahahahaha', 'init': {}},
+        'no_url':          {'init': {}},
+        'non_string_url':  {'url': {}, 'init': {}},
+        'non_object_init': {'url': {}, 'init': ":d"},
+    }.get(error, {'url': resource_url, 'init': {}})
+
+    detail = {
+        'non_object_detail': '!!!',
+        'non_string_id':     {'data': json.dumps(data), 'id': None},
+        'non_string_data':   {'data': data, 'id': 'abcdef'}
+    }.get(error, {'data': json.dumps(data), 'id': 'abcdef'})
+
+    driver.get('https://gotmyowndoma.in/')
+
+    result = driver.execute_script(
+        '''
+        let cb, done = new Promise(_cb => cb = _cb);
+        window.addEventListener("haketilo_CORS_bypass-abcdef",
+                                e => cb(JSON.parse(e.detail)));
+        window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass",
+                                             {detail: arguments[0]}));
+        setTimeout(() => cb("timeout"), 5000);
+
+        return done;
+        ''',
+        detail)
+
+    if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}:
+        assert result['error']['name'] == 'TypeError'
+
+    if error in {'non_object_detail', 'non_string_id', 'non_string_data'}:
+        assert result == 'timeout'
author	Wojtek Kosior <koszko@koszko.org>	2022-03-28 01:59:14 +0200
committer	Wojtek Kosior <koszko@koszko.org>	2022-03-28 17:46:56 +0200
commit	6cce03018786fe1f82014f82525770cca43808d8 (patch)
tree	db5bf9a43c12ef185e51387f63cc369c3594641f
parent	fba67f09ddedda6182d35b2fa1478115dc766905 (diff)
download	browser-extension-6cce03018786fe1f82014f82525770cca43808d8.tar.gz browser-extension-6cce03018786fe1f82014f82525770cca43808d8.zip