aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2022-03-24 20:42:10 +0100
committerWojtek Kosior <koszko@koszko.org>2022-03-26 22:17:59 +0100
commitfba67f09ddedda6182d35b2fa1478115dc766905 (patch)
treeee5296db17bcdc89d130bbeca02d514be76f60b5 /test
parent60c0b4fe97192617a753a9f39b89ecb166405de9 (diff)
downloadbrowser-extension-fba67f09ddedda6182d35b2fa1478115dc766905.tar.gz
browser-extension-fba67f09ddedda6182d35b2fa1478115dc766905.zip
allow injected scripts to bypass CORS using provided API
Diffstat (limited to 'test')
-rw-r--r--test/haketilo_test/unit/test_haketilo_apis.py67
1 files changed, 67 insertions, 0 deletions
diff --git a/test/haketilo_test/unit/test_haketilo_apis.py b/test/haketilo_test/unit/test_haketilo_apis.py
new file mode 100644
index 0000000..7dca4db
--- /dev/null
+++ b/test/haketilo_test/unit/test_haketilo_apis.py
@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: CC0-1.0
+
+"""
+Haketilo unit tests - exposing some special functionalities to injected scripts
+"""
+
+# This file is part of Haketilo
+#
+# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the CC0 1.0 Universal License as published by
+# the Creative Commons Corporation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# CC0 1.0 Universal License for more details.
+
+import pytest
+import json
+from selenium.webdriver.support.ui import WebDriverWait
+
+from ..script_loader import load_script
+from ..world_wide_library import some_data
+
+def content_script():
+ return load_script('content/haketilo_apis.js') + ';\nstart();'
+
+def background_script():
+ return load_script('background/CORS_bypass_server.js') + ';\nstart();'
+
+@pytest.mark.ext_data({
+ 'content_script': content_script,
+ 'background_script': background_script
+})
+@pytest.mark.usefixtures('webextension')
+def test_haketilo_apis_CORS_bypass(driver):
+ """
+ Verify injected scripts will be able to bypass CORS with the help of
+ Haketilo API.
+ """
+ driver.get('https://gotmyowndoma.in/')
+ driver.execute_script(
+ '''
+ const fetch_arg = {
+ url: "https://anotherdoma.in/resource/blocked/by/CORS.json",
+ init: {}
+ };
+
+ const detail = {
+ data: JSON.stringify(fetch_arg),
+ id: "abcdef"
+ };
+
+ window.addEventListener("haketilo_CORS_bypass-abcdef",
+ e => window.__response = e.detail);
+ window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
+ ''')
+
+ get_response = lambda d: d.execute_script("return window.__response;")
+ response = WebDriverWait(driver, 10).until(get_response)
+ response = json.loads(response)
+
+ assert response['body'] == some_data.encode().hex()
+ assert response['status'] == 200
+ assert type(response['headers']) is list