Revision 6cce0301
Added by koszko over 1 year ago
| test/haketilo_test/unit/test_haketilo_apis.py | ||
|---|---|---|
| 30 | 30 |
def background_script(): |
| 31 | 31 |
return load_script('background/CORS_bypass_server.js') + ';\nstart();'
|
| 32 | 32 |
|
| 33 |
resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json' |
|
| 34 |
|
|
| 33 | 35 |
@pytest.mark.ext_data({
|
| 34 | 36 |
'content_script': content_script, |
| 35 | 37 |
'background_script': background_script |
| ... | ... | |
| 41 | 43 |
Haketilo API. |
| 42 | 44 |
""" |
| 43 | 45 |
driver.get('https://gotmyowndoma.in/')
|
| 44 |
driver.execute_script( |
|
| 46 |
|
|
| 47 |
# First, verify that it is impossible to normally fetch the resource. |
|
| 48 |
with pytest.raises(Exception, match='NetworkError'): |
|
| 49 |
driver.execute_script('return fetch(arguments[0]);', resource_url)
|
|
| 50 |
|
|
| 51 |
# First, verify that it is possible to fetch the resource using API. |
|
| 52 |
response = driver.execute_script( |
|
| 45 | 53 |
''' |
| 46 | 54 |
const fetch_arg = {
|
| 47 |
url: "https://anotherdoma.in/resource/blocked/by/CORS.json", |
|
| 48 |
init: {}
|
|
| 55 |
url: arguments[0], |
|
| 56 |
init: {},
|
|
| 57 |
verify_that_nonstandard_properties_are_ignored: ":)" |
|
| 49 | 58 |
}; |
| 50 | 59 |
|
| 51 | 60 |
const detail = {
|
| 52 | 61 |
data: JSON.stringify(fetch_arg), |
| 53 |
id: "abcdef" |
|
| 62 |
id: "abcdef", |
|
| 63 |
nonstandard_properties_verify_that_ignored_are: ":o" |
|
| 54 | 64 |
}; |
| 55 | 65 |
|
| 66 |
let cb, done = new Promise(_cb => cb = _cb); |
|
| 56 | 67 |
window.addEventListener("haketilo_CORS_bypass-abcdef",
|
| 57 |
e => window.__response = e.detail);
|
|
| 68 |
e => cb(JSON.parse(e.detail)));
|
|
| 58 | 69 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail}));
|
| 59 |
''') |
|
| 60 | 70 |
|
| 61 |
get_response = lambda d: d.execute_script("return window.__response;")
|
|
| 62 |
response = WebDriverWait(driver, 10).until(get_response)
|
|
| 63 |
response = json.loads(response)
|
|
| 71 |
return done;
|
|
| 72 |
''',
|
|
| 73 |
resource_url)
|
|
| 64 | 74 |
|
| 65 | 75 |
assert response['body'] == some_data.encode().hex() |
| 66 | 76 |
assert response['status'] == 200 |
| 67 | 77 |
assert type(response['headers']) is list |
| 78 |
|
|
| 79 |
@pytest.mark.ext_data({
|
|
| 80 |
'content_script': content_script, |
|
| 81 |
'background_script': background_script |
|
| 82 |
}) |
|
| 83 |
@pytest.mark.usefixtures('webextension')
|
|
| 84 |
@pytest.mark.parametrize('error', [
|
|
| 85 |
'bad url', |
|
| 86 |
'no_url', |
|
| 87 |
'non_string_url', |
|
| 88 |
'non_object_init', |
|
| 89 |
'non_object_detail', |
|
| 90 |
'non_string_id', |
|
| 91 |
'non_string_data' |
|
| 92 |
]) |
|
| 93 |
def test_haketilo_apis_CORS_bypass_errors(driver, error): |
|
| 94 |
""" |
|
| 95 |
Verify errors are returned properly by CORS_bypass API. |
|
| 96 |
""" |
|
| 97 |
data = {
|
|
| 98 |
'bad_url': {'url': 'muahahahaha', 'init': {}},
|
|
| 99 |
'no_url': {'init': {}},
|
|
| 100 |
'non_string_url': {'url': {}, 'init': {}},
|
|
| 101 |
'non_object_init': {'url': {}, 'init': ":d"},
|
|
| 102 |
}.get(error, {'url': resource_url, 'init': {}})
|
|
| 103 |
|
|
| 104 |
detail = {
|
|
| 105 |
'non_object_detail': '!!!', |
|
| 106 |
'non_string_id': {'data': json.dumps(data), 'id': None},
|
|
| 107 |
'non_string_data': {'data': data, 'id': 'abcdef'}
|
|
| 108 |
}.get(error, {'data': json.dumps(data), 'id': 'abcdef'})
|
|
| 109 |
|
|
| 110 |
driver.get('https://gotmyowndoma.in/')
|
|
| 111 |
|
|
| 112 |
result = driver.execute_script( |
|
| 113 |
''' |
|
| 114 |
let cb, done = new Promise(_cb => cb = _cb); |
|
| 115 |
window.addEventListener("haketilo_CORS_bypass-abcdef",
|
|
| 116 |
e => cb(JSON.parse(e.detail))); |
|
| 117 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass",
|
|
| 118 |
{detail: arguments[0]}));
|
|
| 119 |
setTimeout(() => cb("timeout"), 5000);
|
|
| 120 |
|
|
| 121 |
return done; |
|
| 122 |
''', |
|
| 123 |
detail) |
|
| 124 |
|
|
| 125 |
if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}:
|
|
| 126 |
assert result['error']['name'] == 'TypeError' |
|
| 127 |
|
|
| 128 |
if error in {'non_object_detail', 'non_string_id', 'non_string_data'}:
|
|
| 129 |
assert result == 'timeout' |
|
Also available in: Unified diff
add more tests for CORS bypassing feature