diff options
author | Wojtek Kosior <koszko@koszko.org> | 2022-03-24 20:42:10 +0100 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2022-03-26 22:17:59 +0100 |
commit | fba67f09ddedda6182d35b2fa1478115dc766905 (patch) | |
tree | ee5296db17bcdc89d130bbeca02d514be76f60b5 /test | |
parent | 60c0b4fe97192617a753a9f39b89ecb166405de9 (diff) | |
download | browser-extension-fba67f09ddedda6182d35b2fa1478115dc766905.tar.gz browser-extension-fba67f09ddedda6182d35b2fa1478115dc766905.zip |
allow injected scripts to bypass CORS using provided API
Diffstat (limited to 'test')
-rw-r--r-- | test/haketilo_test/unit/test_haketilo_apis.py | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/test/haketilo_test/unit/test_haketilo_apis.py b/test/haketilo_test/unit/test_haketilo_apis.py new file mode 100644 index 0000000..7dca4db --- /dev/null +++ b/test/haketilo_test/unit/test_haketilo_apis.py @@ -0,0 +1,67 @@ +# SPDX-License-Identifier: CC0-1.0 + +""" +Haketilo unit tests - exposing some special functionalities to injected scripts +""" + +# This file is part of Haketilo +# +# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the CC0 1.0 Universal License as published by +# the Creative Commons Corporation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# CC0 1.0 Universal License for more details. + +import pytest +import json +from selenium.webdriver.support.ui import WebDriverWait + +from ..script_loader import load_script +from ..world_wide_library import some_data + +def content_script(): + return load_script('content/haketilo_apis.js') + ';\nstart();' + +def background_script(): + return load_script('background/CORS_bypass_server.js') + ';\nstart();' + +@pytest.mark.ext_data({ + 'content_script': content_script, + 'background_script': background_script +}) +@pytest.mark.usefixtures('webextension') +def test_haketilo_apis_CORS_bypass(driver): + """ + Verify injected scripts will be able to bypass CORS with the help of + Haketilo API. + """ + driver.get('https://gotmyowndoma.in/') + driver.execute_script( + ''' + const fetch_arg = { + url: "https://anotherdoma.in/resource/blocked/by/CORS.json", + init: {} + }; + + const detail = { + data: JSON.stringify(fetch_arg), + id: "abcdef" + }; + + window.addEventListener("haketilo_CORS_bypass-abcdef", + e => window.__response = e.detail); + window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail})); + ''') + + get_response = lambda d: d.execute_script("return window.__response;") + response = WebDriverWait(driver, 10).until(get_response) + response = json.loads(response) + + assert response['body'] == some_data.encode().hex() + assert response['status'] == 200 + assert type(response['headers']) is list |