From 40493dfb3aa9c97fddaa630e09373a72b206508e Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 23 Jun 2019 10:38:08 +0200 Subject: [PATCH] simplify logic, adding test cases for all combinations of URLs that are regarded as secure context --- js/privatebin.js | 19 ++++----- js/test/InitialCheck.js | 90 ++++++++++++++++++++++++----------------- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 4 files changed, 63 insertions(+), 50 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index 8c9b609..51ffbee 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) { } // filter out actually secure connections over HTTP - if ( - url.hostname.endsWith('.onion') || - url.hostname.endsWith('.i2p') - ) { - return false; + for (const tld of ['.onion', '.i2p']) { + if (url.hostname.endsWith(tld)) { + return false; + } } // whitelist localhost for development - if ( - url.hostname === 'localhost' || - url.hostname === '127.0.0.1' || - url.hostname === '[::1]' - ) { - return false; + for (const hostname of ['localhost', '127.0.0.1', '[::1]']) { + if (url.hostname === hostname) { + return false; + } } // totally INSECURE http protocol! diff --git a/js/test/InitialCheck.js b/js/test/InitialCheck.js index ce46f65..7931a9e 100644 --- a/js/test/InitialCheck.js +++ b/js/test/InitialCheck.js @@ -28,46 +28,62 @@ describe('InitialCheck', function () { return result1 && result2; } ), - {tests: 1}); + {tests: 10}); }); - it('shows error, if no webcrypto is detected', function () { - [true, false].map( - function (secureProtocol) { - const clean = jsdom('', { - 'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' - }); - $('body').html( - ''+ - '' - ); - const crypto = window.crypto; - window.crypto = null; - $.PrivateBin.Alert.init(); - assert(!$.PrivateBin.InitialCheck.init()); - assert(secureProtocol === $('#errormessage').hasClass('hidden')); - assert(!$('#oldnotice').hasClass('hidden')); - window.crypto = crypto; - clean(); - } - ); - }); + jsc.property( + 'shows error, if no webcrypto is detected', + 'bool', + jsc.elements(['localhost', '127.0.0.1', '[::1]', '']), + jsc.nearray(common.jscA2zString()), + jsc.elements(['.onion', '.i2p', '']), + function (secureProtocol, localhost, domain, tld) { + const isDomain = localhost === '', + isSecureContext = secureProtocol || !isDomain || tld.length > 0, + clean = jsdom('', { + 'url': (secureProtocol ? 'https' : 'http' ) + '://' + + (isDomain ? domain.join('') + tld : localhost) + '/' + }); + $('body').html( + ''+ + '' + ); + const crypto = window.crypto; + window.crypto = null; + $.PrivateBin.Alert.init(); + const result1 = !$.PrivateBin.InitialCheck.init(), + result2 = isSecureContext === $('#errormessage').hasClass('hidden'), + result3 = !$('#oldnotice').hasClass('hidden'); + window.crypto = crypto; + clean(); + return result1 && result2 && result3; + } + ); - it('shows error, if HTTP only site is detected', function () { - [true, false].map( - function (secureProtocol) { - const clean = jsdom('', { - 'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' - }); - $('body').html( - '' - ); - assert($.PrivateBin.InitialCheck.init()); - assert(secureProtocol === $('#httpnotice').hasClass('hidden')); - clean(); - } - ); - }); + jsc.property( + 'shows error, if HTTP only site is detected', + 'bool', + jsc.elements(['localhost', '127.0.0.1', '[::1]', '']), + jsc.nearray(common.jscA2zString()), + jsc.elements(['.onion', '.i2p', '']), + function (secureProtocol, localhost, domain, tld) { + const isDomain = localhost === '', + isSecureContext = secureProtocol || !isDomain || tld.length > 0, + clean = jsdom('', { + 'url': (secureProtocol ? 'https' : 'http' ) + '://' + + (isDomain ? domain.join('') + tld : localhost) + '/' + }); + $('body').html( + ''+ + '' + ); + $.PrivateBin.Alert.init(); + const result1 = $.PrivateBin.InitialCheck.init(), + result2 = isSecureContext === $('#httpnotice').hasClass('hidden'); + clean(); + return result1 && result2; + } + ); }); }); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 3e090f5..c428ceb 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index 8c9f1b0..e535f6f 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ if ($MARKDOWN): endif; ?> - +