diff options
Diffstat (limited to 'test/haketilo_test/unit/test_haketilo_apis.py')
-rw-r--r-- | test/haketilo_test/unit/test_haketilo_apis.py | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/test/haketilo_test/unit/test_haketilo_apis.py b/test/haketilo_test/unit/test_haketilo_apis.py new file mode 100644 index 0000000..af7906d --- /dev/null +++ b/test/haketilo_test/unit/test_haketilo_apis.py @@ -0,0 +1,129 @@ +# SPDX-License-Identifier: CC0-1.0 + +""" +Haketilo unit tests - exposing some special functionalities to injected scripts +""" + +# This file is part of Haketilo +# +# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the CC0 1.0 Universal License as published by +# the Creative Commons Corporation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# CC0 1.0 Universal License for more details. + +import pytest +import json +from selenium.webdriver.support.ui import WebDriverWait + +from ..script_loader import load_script +from ..world_wide_library import some_data + +def content_script(): + return load_script('content/haketilo_apis.js') + ';\nstart();' + +def background_script(): + return load_script('background/CORS_bypass_server.js') + ';\nstart();' + +resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json' + +@pytest.mark.ext_data({ + 'content_script': content_script, + 'background_script': background_script +}) +@pytest.mark.usefixtures('webextension') +def test_haketilo_apis_CORS_bypass(driver): + """ + Verify injected scripts will be able to bypass CORS with the help of + Haketilo API. + """ + driver.get('https://gotmyowndoma.in/') + + # First, verify that it is impossible to normally fetch the resource. + with pytest.raises(Exception, match='NetworkError'): + driver.execute_script('return fetch(arguments[0]);', resource_url) + + # First, verify that it is possible to fetch the resource using API. + response = driver.execute_script( + ''' + const fetch_arg = { + url: arguments[0], + init: {}, + verify_that_nonstandard_properties_are_ignored: ":)" + }; + + const detail = { + data: JSON.stringify(fetch_arg), + id: "abcdef", + nonstandard_properties_verify_that_ignored_are: ":o" + }; + + let cb, done = new Promise(_cb => cb = _cb); + window.addEventListener("haketilo_CORS_bypass-abcdef", + e => cb(JSON.parse(e.detail))); + window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail})); + + return done; + ''', + resource_url) + + assert response['body'] == some_data.encode().hex() + assert response['status'] == 200 + assert type(response['headers']) is list + +@pytest.mark.ext_data({ + 'content_script': content_script, + 'background_script': background_script +}) +@pytest.mark.usefixtures('webextension') +@pytest.mark.parametrize('error', [ + 'bad url', + 'no_url', + 'non_string_url', + 'non_object_init', + 'non_object_detail', + 'non_string_id', + 'non_string_data' +]) +def test_haketilo_apis_CORS_bypass_errors(driver, error): + """ + Verify errors are returned properly by CORS_bypass API. + """ + data = { + 'bad_url': {'url': 'muahahahaha', 'init': {}}, + 'no_url': {'init': {}}, + 'non_string_url': {'url': {}, 'init': {}}, + 'non_object_init': {'url': {}, 'init': ":d"}, + }.get(error, {'url': resource_url, 'init': {}}) + + detail = { + 'non_object_detail': '!!!', + 'non_string_id': {'data': json.dumps(data), 'id': None}, + 'non_string_data': {'data': data, 'id': 'abcdef'} + }.get(error, {'data': json.dumps(data), 'id': 'abcdef'}) + + driver.get('https://gotmyowndoma.in/') + + result = driver.execute_script( + ''' + let cb, done = new Promise(_cb => cb = _cb); + window.addEventListener("haketilo_CORS_bypass-abcdef", + e => cb(JSON.parse(e.detail))); + window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", + {detail: arguments[0]})); + setTimeout(() => cb("timeout"), 5000); + + return done; + ''', + detail) + + if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}: + assert result['error']['name'] == 'TypeError' + + if error in {'non_object_detail', 'non_string_id', 'non_string_data'}: + assert result == 'timeout' |