Closed Bug 1825947 Opened 1 year ago Closed 1 year ago

[DNR] testMatchOutcome should account for restricted domains by not returning matches

Tracking

(firefox113 fixed)

Status:

RESOLVED FIXED

Milestone:

113 Branch

Tracking Flags:

Tracking

Status

firefox113

---

fixed

People

(Reporter: robwu, Assigned: robwu)

References

(Blocks 1 open bug)

Details

(Whiteboard: [addons-jira])

Attachments

(2 files)

Bug 1825947 - Expand coverage of test_ext_dnr_system_restrictions.js 1 year ago Rob Wu [:robwu] 48 bytes, text/x-phabricator-request		Details \| Review
Bug 1825947 - Exclude restricted domains from testMatchOutcome 1 year ago Rob Wu [:robwu] 48 bytes, text/x-phabricator-request		Details \| Review

Rob Wu [:robwu]

Assignee

Description

•

1 year ago

The (debug helper) testMatchOutcome method does not account for restricted domains. Since this method is supposed to be used by extension authors for debugging purposes, it should account for restricted domains to be consistent with what had been implemented for actual DNR evaluations for the network, and to expand the unit tests at https://searchfox.org/mozilla-central/rev/e941c8a6d49b4f62f361446de7a80214fb899186/toolkit/components/extensions/test/xpcshell/test_ext_dnr_system_restrictions.js to verify that the results are similar.

The relevant check is at channel.canModify in ExtensionDNR.sys.mjs, whose implementation (ChannelWrapper::CanModify) rejects system loads and requests to restricted URLs. Since system requests cannot be simulated by testMatchOutcome, it suffices to only implement the restricted URL check for the request URL + "initiator" URL.

Jira Integration Bot

Updated

•

1 year ago

See Also: → https://mozilla-hub.atlassian.net/browse/WEBEXT-1173

Rob Wu [:robwu]

Assignee

Updated

•

1 year ago

Severity: -- → N/A

Priority: -- → P3

Rob Wu [:robwu]

Assignee

Comment 1

•

1 year ago

Attached file Bug 1825947 - Expand coverage of test_ext_dnr_system_restrictions.js — Details

Test-only change to expand coverage:

Rules without "resourceTypes" do not block main frames by default.
This was desirable because otherwise we could not be simulating
fetch() requests from specified origins.
However, it also meant that we lacked test coverage that verified
that we wouldn't be blocking the main frame.
Now we have that: dnr_ignores_css_import_at_restrictedDomains.
While I am at it, I also added extra test coverage for the case
where the triggering principal is NOT a restricted domain. While
the implementation works as desired, there was no explicit test
case for this scenario.

Rob Wu [:robwu]

Assignee

Comment 2

•

1 year ago

Attached file Bug 1825947 - Exclude restricted domains from testMatchOutcome — Details

Pulsebot

Comment 3

•

1 year ago

Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/86fbbf43e126
Expand coverage of test_ext_dnr_system_restrictions.js r=rpl
https://hg.mozilla.org/integration/autoland/rev/0110fc953165
Exclude restricted domains from testMatchOutcome r=rpl

Norisz Fay [:noriszfay]

Comment 4

•

1 year ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/86fbbf43e126
https://hg.mozilla.org/mozilla-central/rev/0110fc953165

Status: ASSIGNED → RESOLVED

Closed: 1 year ago

status-firefox113: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 113 Branch

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[DNR] testMatchOutcome should account for restricted domains by not returning matches

Categories

(WebExtensions :: Request Handling, enhancement, P3)

Tracking

(firefox113 fixed)

People

(Reporter: robwu, Assigned: robwu)

References

(Blocks 1 open bug)

Details

(Whiteboard: [addons-jira])

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Updated

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Attachment

General

Description

File Name

Content Type