Closed Bug 1264577 Opened 8 years ago Closed 8 years ago

Tests for first-party isolation of cache (Tor 13749)

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox52 --- fixed

People

(Reporter: jhao, Assigned: timhuang)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10])

Attachments

(1 file, 1 obsolete file)

Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749).
58 bytes, text/x-review-board-request
arthur
: review+
mayhemer
: review+
Details
Attached patch Tor Browser WIP patch. (obsolete) — Splinter Review 
Tor Browser tests for first-party isolation of cache.
https://torpat.ch/13749
Whiteboard: [tor][OA] → [tor][OA][domsecurity-backlog]
Depends on: containers_testing
Blocks: containers_testing
No longer depends on: containers_testing
Whiteboard: [tor][OA][domsecurity-backlog] → [tor][OA-testing][domsecurity-backlog]
Whiteboard: [tor][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog]
Priority: -- → P1
Assignee: nobody → tihuang
Status: NEW → ASSIGNED
Just for reference, there is a unit test for http cache isolation (by origin attributes). http://searchfox.org/mozilla-central/source/netwerk/test/unit/test_cache_jar.js
Depends on: 1289319
Priority: P1 → P3
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog] → [tor-testing][OA-testing][domsecurity-backlog1]
Priority: P3 → P1
Whiteboard: [tor-testing][OA-testing][domsecurity-backlog1] → [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
Priority: P1 → P2
Tim,

I'm looking for something to pick up, so I think I'll take this one if you don't mind.

--dave
Assignee: tihuang → huseby
Assignee: huseby → nobody
Status: ASSIGNED → NEW
Assignee: nobody → tihuang
Priority: P2 → P1
Status: NEW → ASSIGNED
Something we justed added in Tor Browser is an extra patch and test to ensure that SharedWorker scripts are requested and cached with the correct first-party:

patch:
https://gitweb.torproject.org/tor-browser.git/patch/?id=22e6c33
test:
https://gitweb.torproject.org/tor-browser.git/patch/?id=cb2bd1d
See Also: → 1311271
Comment on attachment 8803753 [details]
Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749).

https://reviewboard.mozilla.org/r/87890/#review87182

See minor nits, but otherwise looks good to me. Thanks, Tim!

::: browser/components/originattributes/test/browser/browser_cache.js:2
(Diff revision 1)
> +/*
> + * Bug 1264577 - A test case for testing caches.

I would add more description here, something about how it is testing container/first-party isolation of caches and correct origin attributes assigned to network requests.

::: browser/components/originattributes/test/browser/browser_cache.js:117
(Diff revision 1)
> +let stopObservingChannels;
> +
> +// The init function, which clears image and network caches, and generates
> +// the random value for isolating video and audio elements across different
> +// test runs.
> +function* doInit(aMode) {

This function definition has a lot of empty lines. Maybe remove them?

::: browser/components/originattributes/test/browser/browser_cache.js:138
(Diff revision 1)
> +// In the test function, we dynamically generate the video and audio element,
> +// and assign a random suffix to their URL to isolate them across different
> +// test runs.
> +function* doTest(aBrowser) {
> +
> +  let argObj = {

Is this necessary? It seems like you should be able to pass the randomSuffix and urlPrefix in to the following spawned task as closures without an argObj.

::: browser/components/originattributes/test/browser/browser_cache.js:205
(Diff revision 1)
> +
> +  for (let suffix of suffixes) {
> +    let foundEntryCount = countMatchingCacheEntries(data, "example.net", suffix);
> +    let result = (suffix.startsWith("video") || suffix.startsWith("audio")) ?
> +                 // Video and audio elements aren't always cached, so
> +                 // tolerate fewer cached copies.

Is this still true? If not, maybe remove this special case?
Attachment #8803753 - Flags: review?(arthuredelstein) → review+
(In reply to Arthur Edelstein [:arthuredelstein] from comment #5)
> > +  let argObj = {
> 
> Is this necessary? It seems like you should be able to pass the randomSuffix
> and urlPrefix in to the following spawned task as closures without an argObj.

I see now that a closure doesn't work here, so this comment was wrong.
Comment on attachment 8803753 [details]
Bug 1264577 - Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749).

https://reviewboard.mozilla.org/r/87890/#review87754

very nice!
Attachment #8803753 - Flags: review?(honzab.moz) → review+
Depends on: 1304219
Attachment #8741299 - Attachment is obsolete: true
Try looks good.
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4128e57e39bd
Add a test case of caches for first-party isolation(adapted from Tor Browser patch 13749). r=mayhemer, r=arthuredelstein
Keywords: checkin-needed
Depends on: 1315579
https://hg.mozilla.org/mozilla-central/rev/4128e57e39bd
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: