Revision ea9df6c7
Added by koszko over 1 year ago
common/policy.js | ||
---|---|---|
66 | 66 |
} catch (e) { |
67 | 67 |
console.error(e); |
68 | 68 |
policy.allow = false; |
69 |
policy.error = true;
|
|
69 |
policy.error = {haketilo_error_type: "deciding_policy"};
|
|
70 | 70 |
} |
71 | 71 |
|
72 | 72 |
if (payloads !== undefined) { |
html/popup.js | ||
---|---|---|
79 | 79 |
|
80 | 80 |
by_id("scripts_blocked").innerText = page_info.allow ? "no" : "yes"; |
81 | 81 |
|
82 |
by_id("injected_payload").innerText = page_info.payload ? |
|
83 |
page_info.payload.identifier : "None"; |
|
82 |
let payload_text = "None"; |
|
83 |
|
|
84 |
if (page_info.payload) { |
|
85 |
if ("error" in page_info) { |
|
86 |
if (page_info.error.haketilo_error_type === "missing") |
|
87 |
payload_text = `None (error: resource with id '${page_info.error.id}' missing from the database)`; |
|
88 |
else if (page_info.error.haketilo_error_type === "circular") |
|
89 |
payload_text = `None (error: circular dependency of resource with id '${page_info.error.id}' on itself)`; |
|
90 |
else if (page_info.error.haketilo_error_type === "db") |
|
91 |
payload_text = `None (error: failure reading Haketilo internal database)`; |
|
92 |
else if (page_info.error.haketilo_error_type === "other") |
|
93 |
payload_text = `None (error: unknown failure occured)`; |
|
94 |
} else { |
|
95 |
payload_text = page_info.payload.identifier; |
|
96 |
} |
|
97 |
} |
|
98 |
|
|
99 |
by_id("injected_payload").innerText = payload_text; |
|
84 | 100 |
|
85 | 101 |
const scripts_fate = page_info.allow ? "allowed" : "blocked"; |
86 | 102 |
|
103 |
let mapping_text; |
|
104 |
|
|
87 | 105 |
if (page_info.mapping === "~allow") |
88 |
var mapping = `None (scripts ${scripts_fate} by a rule)`; |
|
106 |
mapping_text = `None (scripts ${scripts_fate} by a rule)`; |
|
107 |
else if ("error" in page_info |
|
108 |
&& page_info.error.haketilo_error_type ==="deciding_policy") |
|
109 |
mapping_text = `None (error occured when determining policy)`; |
|
89 | 110 |
else if (page_info.mapping) |
90 |
var mapping = page_info.mapping; |
|
91 |
else if (page_info.error) |
|
92 |
var mapping = `None (error occured when determining policy)`; |
|
93 |
by_id("mapping_used").innerText = mapping; |
|
111 |
mapping_text = page_info.mapping; |
|
112 |
else |
|
113 |
mapping_text = `None (scripts ${scripts_fate} by default policy)`; |
|
114 |
|
|
115 |
by_id("mapping_used").innerText = mapping_text; |
|
94 | 116 |
} |
95 | 117 |
} |
96 | 118 |
|
test/unit/test_policy_deciding.py | ||
---|---|---|
55 | 55 |
returnval(decide_policy(pqt.make(), "http://unkno.wn/", true, "abcd")); |
56 | 56 |
''') |
57 | 57 |
assert policy['allow'] == True |
58 |
for prop in ('mapping', 'payload', 'nonce', 'csp'): |
|
58 |
for prop in ('mapping', 'payload', 'nonce', 'csp', 'error'):
|
|
59 | 59 |
assert prop not in policy |
60 | 60 |
|
61 | 61 |
policy = execute_in_page( |
... | ... | |
66 | 66 |
}''') |
67 | 67 |
assert policy['allow'] == True |
68 | 68 |
assert policy['mapping'] == '~allow' |
69 |
for prop in ('payload', 'nonce', 'csp'): |
|
69 |
for prop in ('payload', 'nonce', 'csp', 'error'):
|
|
70 | 70 |
assert prop not in policy |
71 | 71 |
|
72 | 72 |
policy = execute_in_page( |
... | ... | |
75 | 75 |
''' |
76 | 76 |
) |
77 | 77 |
assert policy['allow'] == False |
78 |
for prop in ('mapping', 'payload', 'nonce'): |
|
78 |
for prop in ('mapping', 'payload', 'nonce', 'error'):
|
|
79 | 79 |
assert prop not in policy |
80 | 80 |
assert parse_csp(policy['csp']) == { |
81 | 81 |
'prefetch-src': "'none'", |
... | ... | |
92 | 92 |
}''') |
93 | 93 |
assert policy['allow'] == False |
94 | 94 |
assert policy['mapping'] == '~allow' |
95 |
for prop in ('payload', 'nonce'): |
|
95 |
for prop in ('payload', 'nonce', 'error'):
|
|
96 | 96 |
assert prop not in policy |
97 | 97 |
assert parse_csp(policy['csp']) == { |
98 | 98 |
'prefetch-src': "'none'", |
... | ... | |
110 | 110 |
assert policy['allow'] == False |
111 | 111 |
assert policy['mapping'] == 'm1' |
112 | 112 |
assert policy['payload'] == {'identifier': 'res1'} |
113 |
|
|
113 |
assert 'error' not in policy |
|
114 | 114 |
assert policy['nonce'] == \ |
115 | 115 |
sha256('m1:res1:http://kno.wn/:abcd'.encode()).digest().hex() |
116 | 116 |
assert parse_csp(policy['csp']) == { |
... | ... | |
119 | 119 |
'script-src': f"'nonce-{policy['nonce']}'", |
120 | 120 |
'script-src-elem': f"'nonce-{policy['nonce']}'" |
121 | 121 |
} |
122 |
|
|
123 |
policy = execute_in_page( |
|
124 |
'returnval(decide_policy(pqt.make(), "<bad_url>", true, "abcd"));' |
|
125 |
) |
|
126 |
assert policy['allow'] == False |
|
127 |
assert policy['error'] == {'haketilo_error_type': 'deciding_policy'} |
|
128 |
for prop in ('mapping', 'payload', 'nonce'): |
|
129 |
assert prop not in policy |
|
130 |
assert parse_csp(policy['csp']) == { |
|
131 |
'prefetch-src': "'none'", |
|
132 |
'script-src-attr': "'none'", |
|
133 |
'script-src': "'none'", |
|
134 |
'script-src-elem': "'none'" |
|
135 |
} |
test/unit/test_popup.py | ||
---|---|---|
39 | 39 |
'allow': False |
40 | 40 |
} |
41 | 41 |
|
42 |
mapping_page_info = { |
|
43 |
**unprivileged_page_info, |
|
44 |
'mapping': 'm1', |
|
45 |
'payload': {'identifier': 'res1'} |
|
46 |
} |
|
47 |
|
|
42 | 48 |
mocked_page_infos = { |
43 | 49 |
'privileged': { |
44 | 50 |
'url': 'moz-extension://<some-id>/file.html', |
... | ... | |
58 | 64 |
'allow': True, |
59 | 65 |
'mapping': '~allow' |
60 | 66 |
}, |
61 |
'mapping': {
|
|
62 |
**unprivileged_page_info,
|
|
63 |
'mapping': 'm1',
|
|
64 |
'payload': {'identifier': 'res1'}
|
|
67 |
'mapping': mapping_page_info,
|
|
68 |
'error_deciding_policy': {
|
|
69 |
**mapping_page_info,
|
|
70 |
'error': {'haketilo_error_type': 'deciding_policy'}
|
|
65 | 71 |
}, |
66 |
'error': { |
|
67 |
**unprivileged_page_info, |
|
68 |
'error': True |
|
72 |
'error_missing': { |
|
73 |
**mapping_page_info, |
|
74 |
'error': {'haketilo_error_type': 'missing', 'id': 'some-missing-res'} |
|
75 |
}, |
|
76 |
'error_circular': { |
|
77 |
**mapping_page_info, |
|
78 |
'error': {'haketilo_error_type': 'circular', 'id': 'some-circular-res'} |
|
79 |
}, |
|
80 |
'error_db': { |
|
81 |
**mapping_page_info, |
|
82 |
'error': {'haketilo_error_type': 'db'} |
|
83 |
}, |
|
84 |
'error_other': { |
|
85 |
**mapping_page_info, |
|
86 |
'error': {'haketilo_error_type': 'other'} |
|
69 | 87 |
} |
70 | 88 |
} |
71 | 89 |
|
... | ... | |
147 | 165 |
assert by_id['page_url'].text == mocked_page_infos[page_info_key]['url'] |
148 | 166 |
assert not by_id['repo_query_container'].is_displayed() |
149 | 167 |
|
150 |
if 'blocked' in page_info_key or page_info_key in ('mapping', 'error'): |
|
151 |
assert by_id['scripts_blocked'].text.lower() == 'yes' |
|
152 |
elif 'allowed' in page_info_key: |
|
168 |
if 'allow' in page_info_key: |
|
153 | 169 |
assert by_id['scripts_blocked'].text.lower() == 'no' |
170 |
elif page_info_key != 'privileged': |
|
171 |
assert by_id['scripts_blocked'].text.lower() == 'yes' |
|
154 | 172 |
|
173 |
payload_text = by_id['injected_payload'].text |
|
155 | 174 |
if page_info_key == 'mapping': |
156 |
assert by_id['injected_payload'].text == 'res1' |
|
175 |
assert payload_text == 'res1' |
|
176 |
elif page_info_key == 'error_missing': |
|
177 |
assert payload_text == \ |
|
178 |
"None (error: resource with id 'some-missing-res' missing from the database)" |
|
179 |
elif page_info_key == 'error_circular': |
|
180 |
assert payload_text == \ |
|
181 |
"None (error: circular dependency of resource with id 'some-circular-res' on itself)" |
|
182 |
elif page_info_key == 'error_db': |
|
183 |
assert payload_text == \ |
|
184 |
'None (error: failure reading Haketilo internal database)' |
|
185 |
elif page_info_key == 'error_other': |
|
186 |
assert payload_text == \ |
|
187 |
'None (error: unknown failure occured)' |
|
157 | 188 |
elif page_info_key != 'privileged': |
158 |
assert by_id['injected_payload'].text == 'None'
|
|
189 |
assert payload_text == 'None'
|
|
159 | 190 |
|
160 | 191 |
mapping_text = by_id['mapping_used'].text |
161 |
if page_info_key == 'mapping': |
|
192 |
|
|
193 |
if page_info_key == 'error_deciding_policy': |
|
194 |
assert mapping_text == 'None (error occured when determining policy)' |
|
195 |
elif page_info_key == 'mapping' or page_info_key.startswith('error'): |
|
162 | 196 |
assert mapping_text == 'm1' |
163 | 197 |
|
164 | 198 |
if 'allowed' in page_info_key: |
165 |
'None (scripts allowed by' in mapping_text |
|
199 |
assert 'None (scripts allowed by' in mapping_text
|
|
166 | 200 |
elif 'blocked' in page_info_key: |
167 |
'None (scripts blocked by' in mapping_text |
|
201 |
assert 'None (scripts blocked by' in mapping_text
|
|
168 | 202 |
|
169 | 203 |
if 'rule' in page_info_key: |
170 |
'by a rule)' in mapping_text |
|
204 |
assert 'by a rule)' in mapping_text
|
|
171 | 205 |
elif 'default' in page_info_key: |
172 |
'by default_policy)' in mapping_text |
|
173 |
|
|
174 |
if page_info_key == 'error': |
|
175 |
assert mapping_text == 'None (error occured when determining policy)' |
|
206 |
assert 'by default policy)' in mapping_text |
|
176 | 207 |
|
177 | 208 |
@pytest.mark.ext_data(popup_ext_data) |
178 | 209 |
@pytest.mark.usefixtures('webextension') |
Also available in: Unified diff
update error reporting in popup