simplify logic, adding test cases for all combinations of URLs that are regarded as secure context

This commit is contained in:
El RIDO 2019-06-23 10:38:08 +02:00
parent 61fde53de0
commit 40493dfb3a
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
4 changed files with 63 additions and 50 deletions

View File

@ -4545,21 +4545,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
// filter out actually secure connections over HTTP // filter out actually secure connections over HTTP
if ( for (const tld of ['.onion', '.i2p']) {
url.hostname.endsWith('.onion') || if (url.hostname.endsWith(tld)) {
url.hostname.endsWith('.i2p')
) {
return false; return false;
} }
}
// whitelist localhost for development // whitelist localhost for development
if ( for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
url.hostname === 'localhost' || if (url.hostname === hostname) {
url.hostname === '127.0.0.1' ||
url.hostname === '[::1]'
) {
return false; return false;
} }
}
// totally INSECURE http protocol! // totally INSECURE http protocol!
return true; return true;

View File

@ -28,14 +28,21 @@ describe('InitialCheck', function () {
return result1 && result2; return result1 && result2;
} }
), ),
{tests: 1}); {tests: 10});
}); });
it('shows error, if no webcrypto is detected', function () { jsc.property(
[true, false].map( 'shows error, if no webcrypto is detected',
function (secureProtocol) { 'bool',
const clean = jsdom('', { jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' jsc.nearray(common.jscA2zString()),
jsc.elements(['.onion', '.i2p', '']),
function (secureProtocol, localhost, domain, tld) {
const isDomain = localhost === '',
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
(isDomain ? domain.join('') + tld : localhost) + '/'
}); });
$('body').html( $('body').html(
'<html><body><div id="errormessage" class="hidden"></div>'+ '<html><body><div id="errormessage" class="hidden"></div>'+
@ -44,30 +51,39 @@ describe('InitialCheck', function () {
const crypto = window.crypto; const crypto = window.crypto;
window.crypto = null; window.crypto = null;
$.PrivateBin.Alert.init(); $.PrivateBin.Alert.init();
assert(!$.PrivateBin.InitialCheck.init()); const result1 = !$.PrivateBin.InitialCheck.init(),
assert(secureProtocol === $('#errormessage').hasClass('hidden')); result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
assert(!$('#oldnotice').hasClass('hidden')); result3 = !$('#oldnotice').hasClass('hidden');
window.crypto = crypto; window.crypto = crypto;
clean(); clean();
return result1 && result2 && result3;
} }
); );
});
it('shows error, if HTTP only site is detected', function () { jsc.property(
[true, false].map( 'shows error, if HTTP only site is detected',
function (secureProtocol) { 'bool',
const clean = jsdom('', { jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/' jsc.nearray(common.jscA2zString()),
jsc.elements(['.onion', '.i2p', '']),
function (secureProtocol, localhost, domain, tld) {
const isDomain = localhost === '',
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
(isDomain ? domain.join('') + tld : localhost) + '/'
}); });
$('body').html( $('body').html(
'<html><body><div id="httpnotice" class="hidden"></div></body></html>' '<html><body><div id="httpnotice" class="hidden"></div>'+
'</body></html>'
); );
assert($.PrivateBin.InitialCheck.init()); $.PrivateBin.Alert.init();
assert(secureProtocol === $('#httpnotice').hasClass('hidden')); const result1 = $.PrivateBin.InitialCheck.init(),
result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
clean(); clean();
return result1 && result2;
} }
); );
}); });
});
}); });

View File

@ -72,7 +72,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -50,7 +50,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->