simplify logic, adding test cases for all combinations of URLs that are regarded as secure context

This commit is contained in:
El RIDO 2019-06-23 10:38:08 +02:00
parent 61fde53de0
commit 40493dfb3a
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
4 changed files with 63 additions and 50 deletions

View File

@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
// filter out actually secure connections over HTTP // filter out actually secure connections over HTTP
if ( for (const tld of ['.onion', '.i2p']) {
url.hostname.endsWith('.onion') || if (url.hostname.endsWith(tld)) {
url.hostname.endsWith('.i2p') return false;
) { }
return false;
} }
// whitelist localhost for development // whitelist localhost for development
if ( for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
url.hostname === 'localhost' || if (url.hostname === hostname) {
url.hostname === '127.0.0.1' || return false;
url.hostname === '[::1]' }
) {
return false;
} }
// totally INSECURE http protocol! // totally INSECURE http protocol!

View File

@ -28,46 +28,62 @@ describe('InitialCheck', function () {
return result1 && result2; return result1 && result2;
} }
), ),
{tests: 1}); {tests: 10});
}); });
it('shows error, if no webcrypto is detected', function () { jsc.property(
[true, false].map( 'shows error, if no webcrypto is detected',
function (secureProtocol) { 'bool',
const clean = jsdom('', { jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' jsc.nearray(common.jscA2zString()),
}); jsc.elements(['.onion', '.i2p', '']),
$('body').html( function (secureProtocol, localhost, domain, tld) {
'<html><body><div id="errormessage" class="hidden"></div>'+ const isDomain = localhost === '',
'<div id="oldnotice" class="hidden"></div></body></html>' isSecureContext = secureProtocol || !isDomain || tld.length > 0,
); clean = jsdom('', {
const crypto = window.crypto; 'url': (secureProtocol ? 'https' : 'http' ) + '://' +
window.crypto = null; (isDomain ? domain.join('') + tld : localhost) + '/'
$.PrivateBin.Alert.init(); });
assert(!$.PrivateBin.InitialCheck.init()); $('body').html(
assert(secureProtocol === $('#errormessage').hasClass('hidden')); '<html><body><div id="errormessage" class="hidden"></div>'+
assert(!$('#oldnotice').hasClass('hidden')); '<div id="oldnotice" class="hidden"></div></body></html>'
window.crypto = crypto; );
clean(); const crypto = window.crypto;
} window.crypto = null;
); $.PrivateBin.Alert.init();
}); const result1 = !$.PrivateBin.InitialCheck.init(),
result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
result3 = !$('#oldnotice').hasClass('hidden');
window.crypto = crypto;
clean();
return result1 && result2 && result3;
}
);
it('shows error, if HTTP only site is detected', function () { jsc.property(
[true, false].map( 'shows error, if HTTP only site is detected',
function (secureProtocol) { 'bool',
const clean = jsdom('', { jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' jsc.nearray(common.jscA2zString()),
}); jsc.elements(['.onion', '.i2p', '']),
$('body').html( function (secureProtocol, localhost, domain, tld) {
'<html><body><div id="httpnotice" class="hidden"></div></body></html>' const isDomain = localhost === '',
); isSecureContext = secureProtocol || !isDomain || tld.length > 0,
assert($.PrivateBin.InitialCheck.init()); clean = jsdom('', {
assert(secureProtocol === $('#httpnotice').hasClass('hidden')); 'url': (secureProtocol ? 'https' : 'http' ) + '://' +
clean(); (isDomain ? domain.join('') + tld : localhost) + '/'
} });
); $('body').html(
}); '<html><body><div id="httpnotice" class="hidden"></div>'+
'</body></html>'
);
$.PrivateBin.Alert.init();
const result1 = $.PrivateBin.InitialCheck.init(),
result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
clean();
return result1 && result2;
}
);
}); });
}); });

View File

@ -72,7 +72,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -50,7 +50,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->