Populate level3 csp tests; update w3c tools.

150d0791 · Glenn Adams · d7969364 · 150d0791 · 150d0791 · 150d0791
Commit 150d0791 authored Oct 20, 2014 by Glenn Adams
--- a/specs/cookies/helpers/ProtocolCookies.js
+++ b/specs/cookies/helpers/ProtocolCookies.js
@@ -2,7 +2,7 @@
 function run(t) {
    var defProperties = t.properties.def;
    var ident = 'test';
-    var url = './resources/set-cookie.py?ident=' + ident;
+    var url = './support/set-cookie.py?ident=' + ident;
    var xhr = new XMLHttpRequest();
    xhr.open('GET', url, true);
    xhr.onload = t.step_func(function() {

--- a/specs/cookies/resources/set-cookie.py
+++ b/specs/cookies/resources/set-cookie.py
--- a/specs/cors/helpers/ProtocolCORS.js
+++ b/specs/cors/helpers/ProtocolCORS.js
 "use strict";
 function run(t) {
    var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-cors.py';
+    var url = CROSSDOMAIN + './support/check-cors.py';
    test(function() {
        var xhr = new XMLHttpRequest();
        xhr.open('GET', url + '?allow=1', false);

--- a/specs/cors/resources/check-cors.py
+++ b/specs/cors/resources/check-cors.py
--- a/specs/csp/csp.config.json
+++ b/specs/csp/csp.config.json
@@ -5,5 +5,16 @@
    "local": "csp.html",
    "dontExtract": true,
    "dontExtractReason": "requires manual property extraction",
-    "helpers3": []
+    "helpers3": [
+        "ProtocolCSP"
+    ],
+    "crossDomainSupport": true,
+    "tests": [
+        {
+            "name": "ProtocolCSP",
+            "helper": "ProtocolCSP",
+            "code": "run(t)",
+            "async": true
+        }
+    ]
 }
--- a/specs/csp/helpers/ProtocolCSP.js
+++ b/specs/csp/helpers/ProtocolCSP.js
+"use strict";
+function run(t) {
+    var properties = t.properties;
+    var defProperties = properties.def;
+    var e = document.createElement('img');
+    e.src = './resources/test.png';
+    e.onload = t.step_func_done(function() {
+        test(function() {
+            assert_unreached('image loaded with img-src \'none\'');
+        }, defProperties.expandedName + '-check-allowed');
+    });
+    e.onerror = t.step_func_done(function() {
+        async_test(function() {
+            var t = this;
+            var s = document.createElement('script');
+            s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
+            s.onload = t.step_func(function() {
+                t.properties = properties;
+                checkReport(t);
+            });
+            s.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load check-report.sub.js');
+            });
+            document.body.appendChild(s);
+        }, defProperties.expandedName + '-check-denial-report');
+    });
+    document.body.appendChild(e);
+}
--- a/specs/csp/other/csp-ProtocolCSP.html.sub.headers
+++ b/specs/csp/other/csp-ProtocolCSP.html.sub.headers
+Expires: Thu, 01 Jan 1970 00:00:00 UTC
+Cache-Control: no-store, no-cache
+Pragma: no-cache
+Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
+Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}
--- a/specs/csp/resources/test.png
+++ b/specs/csp/resources/test.png
--- a/specs/csp/support/check-report.sub.js
+++ b/specs/csp/support/check-report.sub.js
+"use strict";
+(function() {
+    function checkReport(t) {
+        var defProperties = t.properties.def;
+        var locationComponents = location.pathname.split('/');
+        var testPath = locationComponents.slice(0, locationComponents.length - 1).join('/');
+        var testName = locationComponents[locationComponents.length - 1].split('.')[0].toLowerCase();
+        var cookies = document.cookie.split(';');
+        var id;
+        for (var i = 0; i < cookies.length; ++i) {
+            var cookie = cookies[i];
+            var cookieComponents = cookie.split('=');
+            var n = cookieComponents[0].trim();
+            if (n == testName) {
+                id = cookieComponents[1].trim();
+                document.cookie = n + '=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=' + testPath;
+                break;
+            }
+        }
+        if (!!id) {
+            var url = './support/report-csp.py?op=take&timeout=1&id=' + id;
+            var xhr = new XMLHttpRequest();
+            xhr.open('GET', url, true);
+            xhr.onload = t.step_func_done(function() {
+                var present = {{GET[present]}};
+                var result  = JSON.parse(xhr.response);
+                var error   = result['error'];
+                var report  = result['csp-report'];
+                test(function() {
+                    assert_false(!(present ^ report), present ? 'no report sent' : 'report sent in error');
+                }, defProperties.expandedName + (present ? '-report-present' : '-report-absent'));
+                if (!!present && !!report) {
+                    test(function() {
+                        var field  = "{{GET[field]}}"; // must use double quotes, lest substitution contain single quotes
+                        var value  = "{{GET[value]}}"; // must use double quotes, lest substitution contain single quotes
+                        assert_equals(report[field], value);
+                    }, defProperties.expandedName + '-report-field-matches');
+                }
+            });
+            xhr.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load report-csp.py');
+            });
+            xhr.send();
+        }
+    }
+    expose('checkReport', checkReport);
+})();
--- a/specs/csp/support/report-csp.py
+++ b/specs/csp/support/report-csp.py
+import time
+import json
+def main(request, response):
+    op = request.GET.first("op");
+    id = request.GET.first("id")
+    timeout = float(request.GET.first("timeout", "0"))
+    response.headers.set("Content-Type", "application/json")
+    if op == "put":
+        request.server.stash.put(key=id, value=request.body.rstrip())
+        body = json.dumps({'id': id})
+    elif op == "take":
+        value = request.server.stash.take(key=id)
+        if value is None:
+            time.sleep(timeout)
+            value = request.server.stash.take(key=id)
+            if value is None:
+                value = json.dumps({'error': 'no report', 'id': id})
+        body = value
+    else:
+        body = json.dumps({'error': 'unknown operation', 'id': id})
+    return response.headers, body
--- a/specs/index/index.idl.json
+++ b/specs/index/index.idl.json
--- a/specs/origin/helpers/ProtocolOrigin.js
+++ b/specs/origin/helpers/ProtocolOrigin.js
 "use strict";
 function run(t) {
    var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-origin.py';
+    var url = CROSSDOMAIN + './support/check-origin.py';
    var xhr = new XMLHttpRequest();
    xhr.open('GET', url, true);
    xhr.onload = t.step_func_done(function() {

--- a/specs/origin/resources/check-origin.py
+++ b/specs/origin/resources/check-origin.py
--- a/tests/cookies/helpers/ProtocolCookies.js
+++ b/tests/cookies/helpers/ProtocolCookies.js
@@ -2,7 +2,7 @@
 function run(t) {
    var defProperties = t.properties.def;
    var ident = 'test';
-    var url = './resources/set-cookie.py?ident=' + ident;
+    var url = './support/set-cookie.py?ident=' + ident;
    var xhr = new XMLHttpRequest();
    xhr.open('GET', url, true);
    xhr.onload = t.step_func(function() {

--- a/tests/cookies/resources/set-cookie.py
+++ b/tests/cookies/resources/set-cookie.py
--- a/tests/cors/helpers/ProtocolCORS.js
+++ b/tests/cors/helpers/ProtocolCORS.js
 "use strict";
 function run(t) {
    var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-cors.py';
+    var url = CROSSDOMAIN + './support/check-cors.py';
    test(function() {
        var xhr = new XMLHttpRequest();
        xhr.open('GET', url + '?allow=1', false);

--- a/tests/cors/resources/check-cors.py
+++ b/tests/cors/resources/check-cors.py
--- a/tests/csp/csp-ProtocolCSP.html
+++ b/tests/csp/csp-ProtocolCSP.html
+<!-- Copyright (C) 2014, Cable Television Laboratories, Inc. & Skynav, Inc. -->
+<!-- DO NOT EDIT! This test was generated by $(CVP2TS)/tools/level2/generate/generate.js. -->
+<!doctype html>
+<meta charset='utf-8'>
+<title>Test ProtocolCSP</title>
+<script src='/resources/testharness.js'></script>
+<script src='/resources/testharnessreport.js'></script>
+<script src='/tools/common/level3.js'></script>
+<script src='/tools/common/crossdomain.js?pipe=sub'></script>
+<script src='./helpers/ProtocolCSP.js'></script>
+<script type='text/plain' id='testDef'>
+{"name":"ProtocolCSP","helper":"ProtocolCSP","code":"run(t)","async":true}
+</script>
+<h1>Test ProtocolCSP Support</h1>
+<div id='log'></div>
+<script>
+level3Async('csp', JSON.parse(document.getElementById('testDef').textContent), function(t){return run(t);});
+</script>
--- a/tests/csp/csp-ProtocolCSP.html.sub.headers
+++ b/tests/csp/csp-ProtocolCSP.html.sub.headers
+Expires: Thu, 01 Jan 1970 00:00:00 UTC
+Cache-Control: no-store, no-cache
+Pragma: no-cache
+Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
+Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}
--- a/tests/csp/helpers/ProtocolCSP.js
+++ b/tests/csp/helpers/ProtocolCSP.js
+"use strict";
+function run(t) {
+    var properties = t.properties;
+    var defProperties = properties.def;
+    var e = document.createElement('img');
+    e.src = './resources/test.png';
+    e.onload = t.step_func_done(function() {
+        test(function() {
+            assert_unreached('image loaded with img-src \'none\'');
+        }, defProperties.expandedName + '-check-allowed');
+    });
+    e.onerror = t.step_func_done(function() {
+        async_test(function() {
+            var t = this;
+            var s = document.createElement('script');
+            s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
+            s.onload = t.step_func(function() {
+                t.properties = properties;
+                checkReport(t);
+            });
+            s.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load check-report.sub.js');
+            });
+            document.body.appendChild(s);
+        }, defProperties.expandedName + '-check-denial-report');
+    });
+    document.body.appendChild(e);
+}