Write test to ensure CSP 'navigate-to' does not parse
Categories
(Core :: DOM: Security, task, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | fixed |
People
(Reporter: ckerschb, Assigned: beriksson)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
Within Bug 1529068 we will implement navigate-to, but it will be prefed off in the beginning. Let's write and land a test right now to ensure that our CSP parser does not parse 'naviate-to' and spits out an error on the console.
Even once Bug 1529068 lands, that test should continue to work and only when we flip the pref we have to update that test.
The test could look somehow similar to:
https://searchfox.org/mozilla-central/source/devtools/client/webconsole/test/mochitest/browser_webconsole_csp_violation.js#16
|
Reporter | |
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
The test sets a navigate-to policy which results in a parse error.
|
|
Assignee | |
Updated•5 years ago
|
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ffc9fe173b43
Added test to ensure CSP 'navigate-to' does not parse r=ckerschb
|
||
Comment 3•5 years ago
|
||
Backed out changeset ffc9fe173b43 (bug 1566149) for ESlint failure
Backout: https://hg.mozilla.org/integration/autoland/rev/04038a5081539b3ace1cbd73151989d8e861f3a4
Failure push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=ffc9fe173b436384f8d8738faa4ea268249f10b6&selectedJob=256872721
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=256872721&repo=autoland&lineNumber=283
[task 2019-07-17T06:59:03.809Z] x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/psutil/_psutil_common.o build/temp.linux-x86_64-2.7/psutil/_psutil_posix.o -o build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so
[task 2019-07-17T06:59:03.809Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_linux.so -> psutil
[task 2019-07-17T06:59:03.810Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-07-17T06:59:03.810Z]
[task 2019-07-17T06:59:03.810Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:11:17 | Insert ?? (prettier/prettier)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:12:23 | Insert ?? (prettier/prettier)
[task 2019-07-17T07:14:42.965Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:13:3 | Delete ????????????????????? (prettier/prettier)
[task 2019-07-17T07:14:42.966Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js:15:26 | Insert ?? (prettier/prettier)
[taskcluster 2019-07-17 07:14:43.576Z] === Task Finished ===
|
|
Reporter | |
Comment 4•5 years ago
|
||
Ah, I guess I forgot to tell you about that. Whenever you touch a JS file, please run:
./mach eslint devtools/client/webconsole/test/mochitest/browser_webconsole_navigate_to_parse_error.js
which will spit out warnings/errors which you should fix before checking in code. Next time we know :-)
|
|
Assignee | |
Updated•5 years ago
|
Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/0eb86d400271
Added test to ensure CSP 'navigate-to' does not parse r=ckerschb
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Description
•