Revision ea9df6c7
Added by koszko over 1 year ago
| common/policy.js | ||
|---|---|---|
| 66 | 66 |
} catch (e) {
|
| 67 | 67 |
console.error(e); |
| 68 | 68 |
policy.allow = false; |
| 69 |
policy.error = true;
|
|
| 69 |
policy.error = {haketilo_error_type: "deciding_policy"};
|
|
| 70 | 70 |
} |
| 71 | 71 |
|
| 72 | 72 |
if (payloads !== undefined) {
|
| html/popup.js | ||
|---|---|---|
| 79 | 79 |
|
| 80 | 80 |
by_id("scripts_blocked").innerText = page_info.allow ? "no" : "yes";
|
| 81 | 81 |
|
| 82 |
by_id("injected_payload").innerText = page_info.payload ?
|
|
| 83 |
page_info.payload.identifier : "None"; |
|
| 82 |
let payload_text = "None"; |
|
| 83 |
|
|
| 84 |
if (page_info.payload) {
|
|
| 85 |
if ("error" in page_info) {
|
|
| 86 |
if (page_info.error.haketilo_error_type === "missing") |
|
| 87 |
payload_text = `None (error: resource with id '${page_info.error.id}' missing from the database)`;
|
|
| 88 |
else if (page_info.error.haketilo_error_type === "circular") |
|
| 89 |
payload_text = `None (error: circular dependency of resource with id '${page_info.error.id}' on itself)`;
|
|
| 90 |
else if (page_info.error.haketilo_error_type === "db") |
|
| 91 |
payload_text = `None (error: failure reading Haketilo internal database)`; |
|
| 92 |
else if (page_info.error.haketilo_error_type === "other") |
|
| 93 |
payload_text = `None (error: unknown failure occured)`; |
|
| 94 |
} else {
|
|
| 95 |
payload_text = page_info.payload.identifier; |
|
| 96 |
} |
|
| 97 |
} |
|
| 98 |
|
|
| 99 |
by_id("injected_payload").innerText = payload_text;
|
|
| 84 | 100 |
|
| 85 | 101 |
const scripts_fate = page_info.allow ? "allowed" : "blocked"; |
| 86 | 102 |
|
| 103 |
let mapping_text; |
|
| 104 |
|
|
| 87 | 105 |
if (page_info.mapping === "~allow") |
| 88 |
var mapping = `None (scripts ${scripts_fate} by a rule)`;
|
|
| 106 |
mapping_text = `None (scripts ${scripts_fate} by a rule)`;
|
|
| 107 |
else if ("error" in page_info
|
|
| 108 |
&& page_info.error.haketilo_error_type ==="deciding_policy") |
|
| 109 |
mapping_text = `None (error occured when determining policy)`; |
|
| 89 | 110 |
else if (page_info.mapping) |
| 90 |
var mapping = page_info.mapping; |
|
| 91 |
else if (page_info.error) |
|
| 92 |
var mapping = `None (error occured when determining policy)`; |
|
| 93 |
by_id("mapping_used").innerText = mapping;
|
|
| 111 |
mapping_text = page_info.mapping; |
|
| 112 |
else |
|
| 113 |
mapping_text = `None (scripts ${scripts_fate} by default policy)`;
|
|
| 114 |
|
|
| 115 |
by_id("mapping_used").innerText = mapping_text;
|
|
| 94 | 116 |
} |
| 95 | 117 |
} |
| 96 | 118 |
|
| test/unit/test_policy_deciding.py | ||
|---|---|---|
| 55 | 55 |
returnval(decide_policy(pqt.make(), "http://unkno.wn/", true, "abcd")); |
| 56 | 56 |
''') |
| 57 | 57 |
assert policy['allow'] == True |
| 58 |
for prop in ('mapping', 'payload', 'nonce', 'csp'):
|
|
| 58 |
for prop in ('mapping', 'payload', 'nonce', 'csp', 'error'):
|
|
| 59 | 59 |
assert prop not in policy |
| 60 | 60 |
|
| 61 | 61 |
policy = execute_in_page( |
| ... | ... | |
| 66 | 66 |
}''') |
| 67 | 67 |
assert policy['allow'] == True |
| 68 | 68 |
assert policy['mapping'] == '~allow' |
| 69 |
for prop in ('payload', 'nonce', 'csp'):
|
|
| 69 |
for prop in ('payload', 'nonce', 'csp', 'error'):
|
|
| 70 | 70 |
assert prop not in policy |
| 71 | 71 |
|
| 72 | 72 |
policy = execute_in_page( |
| ... | ... | |
| 75 | 75 |
''' |
| 76 | 76 |
) |
| 77 | 77 |
assert policy['allow'] == False |
| 78 |
for prop in ('mapping', 'payload', 'nonce'):
|
|
| 78 |
for prop in ('mapping', 'payload', 'nonce', 'error'):
|
|
| 79 | 79 |
assert prop not in policy |
| 80 | 80 |
assert parse_csp(policy['csp']) == {
|
| 81 | 81 |
'prefetch-src': "'none'", |
| ... | ... | |
| 92 | 92 |
}''') |
| 93 | 93 |
assert policy['allow'] == False |
| 94 | 94 |
assert policy['mapping'] == '~allow' |
| 95 |
for prop in ('payload', 'nonce'):
|
|
| 95 |
for prop in ('payload', 'nonce', 'error'):
|
|
| 96 | 96 |
assert prop not in policy |
| 97 | 97 |
assert parse_csp(policy['csp']) == {
|
| 98 | 98 |
'prefetch-src': "'none'", |
| ... | ... | |
| 110 | 110 |
assert policy['allow'] == False |
| 111 | 111 |
assert policy['mapping'] == 'm1' |
| 112 | 112 |
assert policy['payload'] == {'identifier': 'res1'}
|
| 113 |
|
|
| 113 |
assert 'error' not in policy |
|
| 114 | 114 |
assert policy['nonce'] == \ |
| 115 | 115 |
sha256('m1:res1:http://kno.wn/:abcd'.encode()).digest().hex()
|
| 116 | 116 |
assert parse_csp(policy['csp']) == {
|
| ... | ... | |
| 119 | 119 |
'script-src': f"'nonce-{policy['nonce']}'",
|
| 120 | 120 |
'script-src-elem': f"'nonce-{policy['nonce']}'"
|
| 121 | 121 |
} |
| 122 |
|
|
| 123 |
policy = execute_in_page( |
|
| 124 |
'returnval(decide_policy(pqt.make(), "<bad_url>", true, "abcd"));' |
|
| 125 |
) |
|
| 126 |
assert policy['allow'] == False |
|
| 127 |
assert policy['error'] == {'haketilo_error_type': 'deciding_policy'}
|
|
| 128 |
for prop in ('mapping', 'payload', 'nonce'):
|
|
| 129 |
assert prop not in policy |
|
| 130 |
assert parse_csp(policy['csp']) == {
|
|
| 131 |
'prefetch-src': "'none'", |
|
| 132 |
'script-src-attr': "'none'", |
|
| 133 |
'script-src': "'none'", |
|
| 134 |
'script-src-elem': "'none'" |
|
| 135 |
} |
|
| test/unit/test_popup.py | ||
|---|---|---|
| 39 | 39 |
'allow': False |
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 |
mapping_page_info = {
|
|
| 43 |
**unprivileged_page_info, |
|
| 44 |
'mapping': 'm1', |
|
| 45 |
'payload': {'identifier': 'res1'}
|
|
| 46 |
} |
|
| 47 |
|
|
| 42 | 48 |
mocked_page_infos = {
|
| 43 | 49 |
'privileged': {
|
| 44 | 50 |
'url': 'moz-extension://<some-id>/file.html', |
| ... | ... | |
| 58 | 64 |
'allow': True, |
| 59 | 65 |
'mapping': '~allow' |
| 60 | 66 |
}, |
| 61 |
'mapping': {
|
|
| 62 |
**unprivileged_page_info,
|
|
| 63 |
'mapping': 'm1',
|
|
| 64 |
'payload': {'identifier': 'res1'}
|
|
| 67 |
'mapping': mapping_page_info,
|
|
| 68 |
'error_deciding_policy': {
|
|
| 69 |
**mapping_page_info,
|
|
| 70 |
'error': {'haketilo_error_type': 'deciding_policy'}
|
|
| 65 | 71 |
}, |
| 66 |
'error': {
|
|
| 67 |
**unprivileged_page_info, |
|
| 68 |
'error': True |
|
| 72 |
'error_missing': {
|
|
| 73 |
**mapping_page_info, |
|
| 74 |
'error': {'haketilo_error_type': 'missing', 'id': 'some-missing-res'}
|
|
| 75 |
}, |
|
| 76 |
'error_circular': {
|
|
| 77 |
**mapping_page_info, |
|
| 78 |
'error': {'haketilo_error_type': 'circular', 'id': 'some-circular-res'}
|
|
| 79 |
}, |
|
| 80 |
'error_db': {
|
|
| 81 |
**mapping_page_info, |
|
| 82 |
'error': {'haketilo_error_type': 'db'}
|
|
| 83 |
}, |
|
| 84 |
'error_other': {
|
|
| 85 |
**mapping_page_info, |
|
| 86 |
'error': {'haketilo_error_type': 'other'}
|
|
| 69 | 87 |
} |
| 70 | 88 |
} |
| 71 | 89 |
|
| ... | ... | |
| 147 | 165 |
assert by_id['page_url'].text == mocked_page_infos[page_info_key]['url'] |
| 148 | 166 |
assert not by_id['repo_query_container'].is_displayed() |
| 149 | 167 |
|
| 150 |
if 'blocked' in page_info_key or page_info_key in ('mapping', 'error'):
|
|
| 151 |
assert by_id['scripts_blocked'].text.lower() == 'yes' |
|
| 152 |
elif 'allowed' in page_info_key: |
|
| 168 |
if 'allow' in page_info_key: |
|
| 153 | 169 |
assert by_id['scripts_blocked'].text.lower() == 'no' |
| 170 |
elif page_info_key != 'privileged': |
|
| 171 |
assert by_id['scripts_blocked'].text.lower() == 'yes' |
|
| 154 | 172 |
|
| 173 |
payload_text = by_id['injected_payload'].text |
|
| 155 | 174 |
if page_info_key == 'mapping': |
| 156 |
assert by_id['injected_payload'].text == 'res1' |
|
| 175 |
assert payload_text == 'res1' |
|
| 176 |
elif page_info_key == 'error_missing': |
|
| 177 |
assert payload_text == \ |
|
| 178 |
"None (error: resource with id 'some-missing-res' missing from the database)" |
|
| 179 |
elif page_info_key == 'error_circular': |
|
| 180 |
assert payload_text == \ |
|
| 181 |
"None (error: circular dependency of resource with id 'some-circular-res' on itself)" |
|
| 182 |
elif page_info_key == 'error_db': |
|
| 183 |
assert payload_text == \ |
|
| 184 |
'None (error: failure reading Haketilo internal database)' |
|
| 185 |
elif page_info_key == 'error_other': |
|
| 186 |
assert payload_text == \ |
|
| 187 |
'None (error: unknown failure occured)' |
|
| 157 | 188 |
elif page_info_key != 'privileged': |
| 158 |
assert by_id['injected_payload'].text == 'None'
|
|
| 189 |
assert payload_text == 'None'
|
|
| 159 | 190 |
|
| 160 | 191 |
mapping_text = by_id['mapping_used'].text |
| 161 |
if page_info_key == 'mapping': |
|
| 192 |
|
|
| 193 |
if page_info_key == 'error_deciding_policy': |
|
| 194 |
assert mapping_text == 'None (error occured when determining policy)' |
|
| 195 |
elif page_info_key == 'mapping' or page_info_key.startswith('error'):
|
|
| 162 | 196 |
assert mapping_text == 'm1' |
| 163 | 197 |
|
| 164 | 198 |
if 'allowed' in page_info_key: |
| 165 |
'None (scripts allowed by' in mapping_text |
|
| 199 |
assert 'None (scripts allowed by' in mapping_text
|
|
| 166 | 200 |
elif 'blocked' in page_info_key: |
| 167 |
'None (scripts blocked by' in mapping_text |
|
| 201 |
assert 'None (scripts blocked by' in mapping_text
|
|
| 168 | 202 |
|
| 169 | 203 |
if 'rule' in page_info_key: |
| 170 |
'by a rule)' in mapping_text |
|
| 204 |
assert 'by a rule)' in mapping_text
|
|
| 171 | 205 |
elif 'default' in page_info_key: |
| 172 |
'by default_policy)' in mapping_text |
|
| 173 |
|
|
| 174 |
if page_info_key == 'error': |
|
| 175 |
assert mapping_text == 'None (error occured when determining policy)' |
|
| 206 |
assert 'by default policy)' in mapping_text |
|
| 176 | 207 |
|
| 177 | 208 |
@pytest.mark.ext_data(popup_ext_data) |
| 178 | 209 |
@pytest.mark.usefixtures('webextension')
|
Also available in: Unified diff
update error reporting in popup