Commit 150d0791 authored by Glenn Adams's avatar Glenn Adams

Populate level3 csp tests; update w3c tools.

parent d7969364
......@@ -2,7 +2,7 @@
function run(t) {
var defProperties = t.properties.def;
var ident = 'test';
var url = './resources/set-cookie.py?ident=' + ident;
var url = './support/set-cookie.py?ident=' + ident;
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func(function() {
......
"use strict";
function run(t) {
var defProperties = t.properties.def;
var url = CROSSDOMAIN + './resources/check-cors.py';
var url = CROSSDOMAIN + './support/check-cors.py';
test(function() {
var xhr = new XMLHttpRequest();
xhr.open('GET', url + '?allow=1', false);
......
......@@ -5,5 +5,16 @@
"local": "csp.html",
"dontExtract": true,
"dontExtractReason": "requires manual property extraction",
"helpers3": []
"helpers3": [
"ProtocolCSP"
],
"crossDomainSupport": true,
"tests": [
{
"name": "ProtocolCSP",
"helper": "ProtocolCSP",
"code": "run(t)",
"async": true
}
]
}
"use strict";
function run(t) {
var properties = t.properties;
var defProperties = properties.def;
var e = document.createElement('img');
e.src = './resources/test.png';
e.onload = t.step_func_done(function() {
test(function() {
assert_unreached('image loaded with img-src \'none\'');
}, defProperties.expandedName + '-check-allowed');
});
e.onerror = t.step_func_done(function() {
async_test(function() {
var t = this;
var s = document.createElement('script');
s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
s.onload = t.step_func(function() {
t.properties = properties;
checkReport(t);
});
s.onerror = t.step_func_done(function() {
assert_unreached('unable to load check-report.sub.js');
});
document.body.appendChild(s);
}, defProperties.expandedName + '-check-denial-report');
});
document.body.appendChild(e);
}
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Cache-Control: no-store, no-cache
Pragma: no-cache
Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}
"use strict";
(function() {
function checkReport(t) {
var defProperties = t.properties.def;
var locationComponents = location.pathname.split('/');
var testPath = locationComponents.slice(0, locationComponents.length - 1).join('/');
var testName = locationComponents[locationComponents.length - 1].split('.')[0].toLowerCase();
var cookies = document.cookie.split(';');
var id;
for (var i = 0; i < cookies.length; ++i) {
var cookie = cookies[i];
var cookieComponents = cookie.split('=');
var n = cookieComponents[0].trim();
if (n == testName) {
id = cookieComponents[1].trim();
document.cookie = n + '=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=' + testPath;
break;
}
}
if (!!id) {
var url = './support/report-csp.py?op=take&timeout=1&id=' + id;
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func_done(function() {
var present = {{GET[present]}};
var result = JSON.parse(xhr.response);
var error = result['error'];
var report = result['csp-report'];
test(function() {
assert_false(!(present ^ report), present ? 'no report sent' : 'report sent in error');
}, defProperties.expandedName + (present ? '-report-present' : '-report-absent'));
if (!!present && !!report) {
test(function() {
var field = "{{GET[field]}}"; // must use double quotes, lest substitution contain single quotes
var value = "{{GET[value]}}"; // must use double quotes, lest substitution contain single quotes
assert_equals(report[field], value);
}, defProperties.expandedName + '-report-field-matches');
}
});
xhr.onerror = t.step_func_done(function() {
assert_unreached('unable to load report-csp.py');
});
xhr.send();
}
}
expose('checkReport', checkReport);
})();
import time
import json
def main(request, response):
op = request.GET.first("op");
id = request.GET.first("id")
timeout = float(request.GET.first("timeout", "0"))
response.headers.set("Content-Type", "application/json")
if op == "put":
request.server.stash.put(key=id, value=request.body.rstrip())
body = json.dumps({'id': id})
elif op == "take":
value = request.server.stash.take(key=id)
if value is None:
time.sleep(timeout)
value = request.server.stash.take(key=id)
if value is None:
value = json.dumps({'error': 'no report', 'id': id})
body = value
else:
body = json.dumps({'error': 'unknown operation', 'id': id})
return response.headers, body
This diff is collapsed.
"use strict";
function run(t) {
var defProperties = t.properties.def;
var url = CROSSDOMAIN + './resources/check-origin.py';
var url = CROSSDOMAIN + './support/check-origin.py';
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func_done(function() {
......
......@@ -2,7 +2,7 @@
function run(t) {
var defProperties = t.properties.def;
var ident = 'test';
var url = './resources/set-cookie.py?ident=' + ident;
var url = './support/set-cookie.py?ident=' + ident;
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func(function() {
......
"use strict";
function run(t) {
var defProperties = t.properties.def;
var url = CROSSDOMAIN + './resources/check-cors.py';
var url = CROSSDOMAIN + './support/check-cors.py';
test(function() {
var xhr = new XMLHttpRequest();
xhr.open('GET', url + '?allow=1', false);
......
<!-- Copyright (C) 2014, Cable Television Laboratories, Inc. & Skynav, Inc. -->
<!-- DO NOT EDIT! This test was generated by $(CVP2TS)/tools/level2/generate/generate.js. -->
<!doctype html>
<meta charset='utf-8'>
<title>Test ProtocolCSP</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
<script src='/tools/common/level3.js'></script>
<script src='/tools/common/crossdomain.js?pipe=sub'></script>
<script src='./helpers/ProtocolCSP.js'></script>
<script type='text/plain' id='testDef'>
{"name":"ProtocolCSP","helper":"ProtocolCSP","code":"run(t)","async":true}
</script>
<h1>Test ProtocolCSP Support</h1>
<div id='log'></div>
<script>
level3Async('csp', JSON.parse(document.getElementById('testDef').textContent), function(t){return run(t);});
</script>
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Cache-Control: no-store, no-cache
Pragma: no-cache
Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}
"use strict";
function run(t) {
var properties = t.properties;
var defProperties = properties.def;
var e = document.createElement('img');
e.src = './resources/test.png';
e.onload = t.step_func_done(function() {
test(function() {
assert_unreached('image loaded with img-src \'none\'');
}, defProperties.expandedName + '-check-allowed');
});
e.onerror = t.step_func_done(function() {
async_test(function() {
var t = this;
var s = document.createElement('script');
s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
s.onload = t.step_func(function() {
t.properties = properties;
checkReport(t);
});
s.onerror = t.step_func_done(function() {
assert_unreached('unable to load check-report.sub.js');
});
document.body.appendChild(s);
}, defProperties.expandedName + '-check-denial-report');
});
document.body.appendChild(e);
}
"use strict";
(function() {
function checkReport(t) {
var defProperties = t.properties.def;
var locationComponents = location.pathname.split('/');
var testPath = locationComponents.slice(0, locationComponents.length - 1).join('/');
var testName = locationComponents[locationComponents.length - 1].split('.')[0].toLowerCase();
var cookies = document.cookie.split(';');
var id;
for (var i = 0; i < cookies.length; ++i) {
var cookie = cookies[i];
var cookieComponents = cookie.split('=');
var n = cookieComponents[0].trim();
if (n == testName) {
id = cookieComponents[1].trim();
document.cookie = n + '=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=' + testPath;
break;
}
}
if (!!id) {
var url = './support/report-csp.py?op=take&timeout=1&id=' + id;
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func_done(function() {
var present = {{GET[present]}};
var result = JSON.parse(xhr.response);
var error = result['error'];
var report = result['csp-report'];
test(function() {
assert_false(!(present ^ report), present ? 'no report sent' : 'report sent in error');
}, defProperties.expandedName + (present ? '-report-present' : '-report-absent'));
if (!!present && !!report) {
test(function() {
var field = "{{GET[field]}}"; // must use double quotes, lest substitution contain single quotes
var value = "{{GET[value]}}"; // must use double quotes, lest substitution contain single quotes
assert_equals(report[field], value);
}, defProperties.expandedName + '-report-field-matches');
}
});
xhr.onerror = t.step_func_done(function() {
assert_unreached('unable to load report-csp.py');
});
xhr.send();
}
}
expose('checkReport', checkReport);
})();
import time
import json
def main(request, response):
op = request.GET.first("op");
id = request.GET.first("id")
timeout = float(request.GET.first("timeout", "0"))
response.headers.set("Content-Type", "application/json")
if op == "put":
request.server.stash.put(key=id, value=request.body.rstrip())
body = json.dumps({'id': id})
elif op == "take":
value = request.server.stash.take(key=id)
if value is None:
time.sleep(timeout)
value = request.server.stash.take(key=id)
if value is None:
value = json.dumps({'error': 'no report', 'id': id})
body = value
else:
body = json.dumps({'error': 'unknown operation', 'id': id})
return response.headers, body
"use strict";
function run(t) {
var defProperties = t.properties.def;
var url = CROSSDOMAIN + './resources/check-origin.py';
var url = CROSSDOMAIN + './support/check-origin.py';
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = t.step_func_done(function() {
......
......@@ -42,6 +42,12 @@ all: $(outfiles)
@if [ -d $(SPECDIR)/$(*F)/resources ]; then \
$(CP) -R $(SPECDIR)/$(*F)/resources $(TESTDIR)/$(*F) ; \
fi;
@if [ -d $(SPECDIR)/$(*F)/support ]; then \
$(CP) -R $(SPECDIR)/$(*F)/support $(TESTDIR)/$(*F) ; \
fi;
@if [ -d $(SPECDIR)/$(*F)/other ]; then \
$(CP) $(SPECDIR)/$(*F)/other/* $(TESTDIR)/$(*F) ; \
fi;
clean:
@$(CLEANTOOL) --phase generate --testDirectoryRoot $(TESTDIR) $(outfiles)
......
Subproject commit e589625bb6ef5f2fa2f384ee2b6f3db123c0c09e
Subproject commit ca0fde3c8e1b96524122ddc6aee84a27514f63df
......@@ -5,6 +5,6 @@
"https": [ "auto" ]
},
"check_subdomains": true,
"log_level": "info",
"log_level": "debug",
"bind_hostname": true
}
Subproject commit 601cf5e37e02c63befb158b53b300270d5bef88d
Subproject commit 96f5c45a831ffa75d3a0687fca48a93bd7cdcaf0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment