summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/unit/test_CORS_bypass_server.py110
-rw-r--r--test/world_wide_library.py5
2 files changed, 115 insertions, 0 deletions
diff --git a/test/unit/test_CORS_bypass_server.py b/test/unit/test_CORS_bypass_server.py
new file mode 100644
index 0000000..35ea565
--- /dev/null
+++ b/test/unit/test_CORS_bypass_server.py
@@ -0,0 +1,110 @@
+# SPDX-License-Identifier: CC0-1.0
+
+"""
+Haketilo unit tests - routing HTTP requests through background script
+"""
+
+# This file is part of Haketilo
+#
+# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the CC0 1.0 Universal License as published by
+# the Creative Commons Corporation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# CC0 1.0 Universal License for more details.
+
+import pytest
+import json
+from selenium.webdriver.support.ui import WebDriverWait
+
+from ..extension_crafting import ExtraHTML
+from ..script_loader import load_script
+from ..world_wide_library import some_data
+
+urls = {
+ 'resource': 'https://anotherdoma.in/resource/blocked/by/CORS.json',
+ 'nonexistent': 'https://nxdoma.in/resource.json',
+ 'invalid': 'w3csucks://invalid.url/'
+}
+
+content_script = '''\
+const urls = %s;
+
+function fetch_data(url) {
+ return {
+ url,
+ to_get: ["ok", "status"],
+ to_call: ["text", "json"]
+ };
+}
+
+async function fetch_resources() {
+ const results = {};
+ const promises = [];
+ for (const [name, url] of Object.entries(urls)) {
+ const sending = browser.runtime.sendMessage(["CORS_bypasss",
+ fetch_data(url)]);
+ promises.push(sending.then(response => results[name] = response));
+ }
+
+ await Promise.all(promises);
+
+ window.wrappedJSObject.haketilo_fetch_results = results;
+}
+
+fetch_resources();
+'''
+
+content_script = content_script % json.dumps(urls);
+
+@pytest.mark.ext_data({
+ 'content_script': content_script,
+ 'background_script':
+ lambda: load_script('background/CORS_bypass_server.js') + '; start();'
+})
+@pytest.mark.usefixtures('webextension')
+def test_CORS_bypass_server(driver, execute_in_page):
+ """
+ Test if CORS bypassing works and if errors get properly forwarded.
+ """
+ driver.get('https://gotmyowndoma.in/')
+
+ # First, verify that requests without CORS bypass measures fail.
+ results = execute_in_page(
+ '''
+ const result = {};
+ let promises = [];
+ for (const [name, url] of Object.entries(arguments[0])) {
+ const [ok_cb, err_cb] =
+ ["ok", "err"].map(status => () => result[name] = status);
+ promises.push(fetch(url).then(ok_cb, err_cb));
+ }
+ // Make the promises non-failing.
+ promises = promises.map(p => new Promise(cb => p.then(cb, cb)));
+ returnval(Promise.all(promises).then(() => result));
+ ''',
+ {**urls, 'sameorigin': './nonexistent_resource'})
+
+ assert results == dict([*[(k, 'err') for k in urls.keys()],
+ ('sameorigin', 'ok')])
+
+ done = lambda d: d.execute_script('return window.haketilo_fetch_results;')
+ results = WebDriverWait(driver, 10).until(done)
+
+ assert set(results['invalid'].keys()) == {'error'}
+
+ assert set(results['nonexistent'].keys()) == \
+ {'ok', 'status', 'text', 'error-json'}
+ assert results['nonexistent']['ok'] == False
+ assert results['nonexistent']['status'] == 404
+ assert results['nonexistent']['text'] == 'Handler for this URL not found.'
+
+ assert set(results['resource'].keys()) == {'ok', 'status', 'text', 'json'}
+ assert results['resource']['ok'] == True
+ assert results['resource']['status'] == 200
+ assert results['resource']['text'] == some_data
+ assert results['resource']['json'] == json.loads(some_data)
diff --git a/test/world_wide_library.py b/test/world_wide_library.py
index f66a6d5..bed6ec3 100644
--- a/test/world_wide_library.py
+++ b/test/world_wide_library.py
@@ -85,6 +85,8 @@ def dump_scripts(directory='./injected_scripts'):
file.write(script)
served_scripts_lock.release()
+some_data = '{"some": "data"}'
+
catalog = {
'http://gotmyowndoma.in':
(302, {'location': 'http://gotmyowndoma.in/index.html'}, None),
@@ -103,6 +105,9 @@ catalog = {
'https://gotmyowndoma.in/scripts_to_block_1.html':
(200, {}, here / 'data' / 'pages' / 'scripts_to_block_1.html'),
+ 'https://anotherdoma.in/resource/blocked/by/CORS.json':
+ lambda command, get_params, post_params: (200, {}, some_data),
+
'https://serve.scrip.ts/': serve_script,
'https://site.with.scripts.block.ed':