adding tests for all cases

This commit is contained in:
El RIDO 2019-06-22 15:44:54 +02:00
parent 59153633b8
commit 603f7fd911
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
19 changed files with 146 additions and 101 deletions

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -168,5 +168,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -160,6 +160,6 @@
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>.", "For more information <a href=\"%s\">see this FAQ entry</a>.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -168,5 +168,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -169,5 +169,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -168,5 +168,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -159,5 +159,7 @@
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.":
"This website is using an insecure HTTP connection! Please use it only for testing.", "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.":
"For more information <a href=\"%s\">see this FAQ entry</a>." "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
} }

View File

@ -830,28 +830,13 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/ */
function getRandomBytes(length) function getRandomBytes(length)
{ {
if (
typeof window !== 'undefined' &&
typeof Uint8Array !== 'undefined' &&
String.fromCodePoint &&
(
typeof window.crypto !== 'undefined' ||
typeof window.msCrypto !== 'undefined'
)
) {
// modern browser environment
let bytes = ''; let bytes = '';
const byteArray = new Uint8Array(length), const byteArray = new Uint8Array(length);
crypto = window.crypto || window.msCrypto; window.crypto.getRandomValues(byteArray);
crypto.getRandomValues(byteArray);
for (let i = 0; i < length; ++i) { for (let i = 0; i < length; ++i) {
bytes += String.fromCharCode(byteArray[i]); bytes += String.fromCharCode(byteArray[i]);
} }
return bytes; return bytes;
} else {
// legacy browser or unsupported environment
throw 'No supported crypto API detected, you may read pastes and comments, but can\'t create pastes or add new comments.';
}
} }
/** /**
@ -4537,36 +4522,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
'bot' 'bot'
]; ];
/**
* blacklist of UserAgent versions known not to work with this application
*
* @private
* @enum {Object}
* @readonly
*/
const oldUA = [
{
'regex': /Chrome\/([0-9]+)/,
'minVersion': 57,
},
{
'regex': /Edge\/([0-9]+)/,
'minVersion': 16,
},
{
'regex': /Firefox\/([0-9]+)/,
'minVersion': 54,
},
{
'regex': /Opera\/.*Version\/([0-9]+)/,
'minVersion': 44,
},
{
'regex': /Version\/([0-9]+).*Safari/,
'minVersion': 11,
}
];
/** /**
* check if the connection is insecure * check if the connection is insecure
* *
@ -4602,7 +4557,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// check whether a bot user agent part can be found in the current // check whether a bot user agent part can be found in the current
// user agent // user agent
for (let i = 0; i < badBotUA.length; ++i) { for (let i = 0; i < badBotUA.length; ++i) {
if (navigator.userAgent.indexOf(badBotUA) >= 0) { if (navigator.userAgent.indexOf(badBotUA[i]) >= 0) {
return true; return true;
} }
} }
@ -4610,7 +4565,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
/** /**
* checks whether this is an unsupported browser * checks whether this is an unsupported browser, via feature detection
* *
* @private * @private
* @name InitialCheck.isOldBrowser * @name InitialCheck.isOldBrowser
@ -4618,15 +4573,36 @@ jQuery.PrivateBin = (function($, RawDeflate) {
* @return {bool} * @return {bool}
*/ */
function isOldBrowser() { function isOldBrowser() {
for (let i = 0; i < oldUA.length; ++i) { // webcrypto support
let result = oldUA[i]['regex'].exec(navigator.userAgent); if (typeof window.crypto !== 'object') {
if (result && result[1] < oldUA[i]['minVersion']) {
return true;
}
}
return false; return false;
} }
if (typeof WebAssembly !== 'object' && typeof WebAssembly.instantiate !== 'function') {
return false;
}
try {
// [\0, 'a', 's', 'm', (uint_32) 1] - smallest valid wasm module
const module = new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00));
if (
!(
module instanceof WebAssembly.Module &&
new WebAssembly.Instance(module) instanceof WebAssembly.Instance
)
) {
return false;
}
} catch (e) {
return false;
}
// not checking for async/await, ES6, Promise or Uint8Array support,
// as most browsers introduced these earlier then webassembly and webcrypto:
// https://github.com/PrivateBin/PrivateBin/pull/431#issuecomment-493129359
return true;
}
/** /**
* init on application start, returns an all-clear signal * init on application start, returns an all-clear signal
* *
@ -4644,13 +4620,16 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
if (isOldBrowser()) { if (isOldBrowser()) {
$('#oldnotice').toggle(true); // some browsers (Chrome based ones) would have webcrypto support if using HTTPS
// execution will likely fail, but the user agent may be if (isInsecureConnection()) {
// deliberately set to an incorrect value, so let it proceed Alert.showError(['Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href="%s">switching to HTTPS</a>.', 'https' + window.location.href.slice(4)]);
}
$('#oldnotice').removeClass('hidden');
return false;
} }
if (isInsecureConnection()) { if (isInsecureConnection()) {
$('#httpnotice').toggle(true); $('#httpnotice').removeClass('hidden');
} }
return true; return true;

View File

@ -10,7 +10,7 @@ describe('CryptTool', function () {
this.timeout(30000); this.timeout(30000);
it('can en- and decrypt any message', function () { it('can en- and decrypt any message', function () {
jsc.check(jsc.forall( jsc.assert(jsc.forall(
'string', 'string',
'string', 'string',
'string', 'string',
@ -193,7 +193,7 @@ describe('CryptTool', function () {
}); });
it('can en- and decrypt a particular message (#260)', function () { it('can en- and decrypt a particular message (#260)', function () {
jsc.check(jsc.forall( jsc.assert(jsc.forall(
'string', 'string',
'string', 'string',
async function (key, password) { async function (key, password) {

View File

@ -8,24 +8,66 @@ describe('InitialCheck', function () {
cleanup(); cleanup();
}); });
jsc.property( it('returns false and shows error, if a bot UA is detected', function () {
'returns false and shows error, if a bot UA is detected', jsc.assert(jsc.forall(
'string', 'string',
jsc.elements(['Bot', 'bot']), jsc.elements(['Bot', 'bot']),
'string', 'string',
function ( function (prefix, botBit, suffix) {
prefix, botBit, suffix const clean = jsdom('', {
) { 'userAgent': prefix + botBit + suffix
const clean = jsdom( });
'<html><body><div id="errormessage" class="hidden"></div></body></html>', $('body').html(
{'userAgent': prefix + botBit + suffix} '<html><body><div id="errormessage" class="hidden"></div>' +
'</body></html>'
); );
var result1 = $.PrivateBin.InitialCheck.init(), $.PrivateBin.Alert.init();
const result1 = !$.PrivateBin.InitialCheck.init(),
result2 = !$('#errormessage').hasClass('hidden'); result2 = !$('#errormessage').hasClass('hidden');
clean(); clean();
return result1 && result2; return result1 && result2;
} }
),
{tests: 1});
});
it('shows error, if no webcrypto is detected', function () {
[true, false].map(
function (secureProtocol) {
const clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
});
$('body').html(
'<html><body><div id="errormessage" class="hidden"></div>'+
'<div id="oldnotice" class="hidden"></div></body></html>'
);
const crypto = window.crypto;
window.crypto = null;
$.PrivateBin.Alert.init();
assert(!$.PrivateBin.InitialCheck.init());
assert(secureProtocol === $('#errormessage').hasClass('hidden'));
assert(!$('#oldnotice').hasClass('hidden'));
window.crypto = crypto;
clean();
}
);
});
it('shows error, if HTTP only site is detected', function () {
[true, false].map(
function (secureProtocol) {
const clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
});
$('body').html(
'<html><body><div id="httpnotice" class="hidden"></div></body></html>'
);
assert($.PrivateBin.InitialCheck.init());
assert(secureProtocol === $('#httpnotice').hasClass('hidden'));
clean();
}
); );
}); });
}); });
});

View File

@ -9,7 +9,7 @@ describe('ServerInteraction', function () {
}); });
this.timeout(30000); this.timeout(30000);
it('can prepare an encrypted paste', function () { it('can prepare an encrypted paste', function () {
jsc.check(jsc.forall( jsc.assert(jsc.forall(
'string', 'string',
'string', 'string',
'string', 'string',

View File

@ -72,7 +72,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PuvR+R5FHPl2S8Gh6UdybTvipakps3ndEDAUAKoRhgmjmljHqAQLnvG13IkdCTIG2Xxn6peumQPvWhrOg1Xx3Q==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PCFDgDmb2Q5KUo65OaSSyFBtXMUBcpvr1ah2jVvgRWMo1UYiuRaShnkmhiq0gKDRlTi5w2Z9Ttb1hmOmljP0+A==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -50,7 +50,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PuvR+R5FHPl2S8Gh6UdybTvipakps3ndEDAUAKoRhgmjmljHqAQLnvG13IkdCTIG2Xxn6peumQPvWhrOg1Xx3Q==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PCFDgDmb2Q5KUo65OaSSyFBtXMUBcpvr1ah2jVvgRWMo1UYiuRaShnkmhiq0gKDRlTi5w2Z9Ttb1hmOmljP0+A==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->