Closed Bug 1566149 Opened 4 months ago Closed 4 months ago

Write test to ensure CSP 'navigate-to' does not parse

Categories

(Core :: DOM: Security, task, P2)

task

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox70 --- fixed

People

(Reporter: ckerschb, Assigned: beriksson)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Within Bug 1529068 we will implement navigate-to, but it will be prefed off in the beginning. Let's write and land a test right now to ensure that our CSP parser does not parse 'naviate-to' and spits out an error on the console.

Even once Bug 1529068 lands, that test should continue to work and only when we flip the pref we have to update that test.

The test could look somehow similar to:
https://searchfox.org/mozilla-central/source/devtools/client/webconsole/test/mochitest/browser_webconsole_csp_violation.js#16

Assignee: nobody → beriksson
Status: NEW → ASSIGNED
Type: defect → task
Priority: -- → P2
Whiteboard: [domsecurity-active]

The test sets a navigate-to policy which results in a parse error.

Keywords: checkin-needed

Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ffc9fe173b43
Added test to ensure CSP 'navigate-to' does not parse r=ckerschb

Keywords: checkin-needed

Backed out changeset ffc9fe173b43 (bug 1566149) for ESlint failure

Backout: https://hg.mozilla.org/integration/autoland/rev/04038a5081539b3ace1cbd73151989d8e861f3a4

Failure push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=ffc9fe173b436384f8d8738faa4ea268249f10b6&selectedJob=256872721

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=256872721&repo=autoland&lineNumber=283

[task 2019-07-17T06:59:03.809Z] x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/psutil/_psutil_common.o build/temp.linux-x86_64-2.7/psutil/_psutil_posix.o -o build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so
[task 2019-07-17T06:59:03.809Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_linux.so -> psutil
[task 2019-07-17T06:59:03.810Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-07-17T06:59:03.810Z]
[task 2019-07-17T06:59:03.810Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:11:17 | Insert ?? (prettier/prettier)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:12:23 | Insert ?? (prettier/prettier)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:13:3 | Delete ????????????????????? (prettier/prettier)
[task 2019-07-17T07:14:42.966Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:15:26 | Insert ?? (prettier/prettier)
[taskcluster 2019-07-17 07:14:43.576Z] === Task Finished ===

Flags: needinfo?(beriksson)

Ah, I guess I forgot to tell you about that. Whenever you touch a JS file, please run:
./mach eslint devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js

which will spit out warnings/errors which you should fix before checking in code. Next time we know :-)

Flags: needinfo?(beriksson)
Keywords: checkin-needed

Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/0eb86d400271
Added test to ensure CSP 'navigate-to' does not parse r=ckerschb

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.