george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

simplify logic, adding test cases for all combinations of URLs that are regarded as secure context

Browse Source
This commit is contained in:
El RIDO
2019-06-23 10:38:08 +02:00
parent 61fde53de0
commit 40493dfb3a
4 changed files with 63 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
js/privatebin.js
View File

@@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
}
// filter out actually secure connections over HTTP
if (
url.hostname.endsWith('.onion') ||
url.hostname.endsWith('.i2p')
) {
return false;
for (const tld of ['.onion', '.i2p']) {
if (url.hostname.endsWith(tld)) {
return false;
}
}
// whitelist localhost for development
if (
url.hostname === 'localhost' ||
url.hostname === '127.0.0.1' ||
url.hostname === '[::1]'
) {
return false;
for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
if (url.hostname === hostname) {
return false;
}
}
// totally INSECURE http protocol!

90
js/test/InitialCheck.js
View File

@@ -28,46 +28,62 @@ describe('InitialCheck', function () {
return result1 && result2;
}
),
{tests: 1});
{tests: 10});
});
it('shows error, if no webcrypto is detected', function () {
[true, false].map(
function (secureProtocol) {
const clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
});
$('body').html(
'<html><body><div id="errormessage" class="hidden"></div>'+
'<div id="oldnotice" class="hidden"></div></body></html>'
);
const crypto = window.crypto;
window.crypto = null;
$.PrivateBin.Alert.init();
assert(!$.PrivateBin.InitialCheck.init());
assert(secureProtocol === $('#errormessage').hasClass('hidden'));
assert(!$('#oldnotice').hasClass('hidden'));
window.crypto = crypto;
clean();
}
);
});
jsc.property(
'shows error, if no webcrypto is detected',
'bool',
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
jsc.nearray(common.jscA2zString()),
jsc.elements(['.onion', '.i2p', '']),
function (secureProtocol, localhost, domain, tld) {
const isDomain = localhost === '',
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
(isDomain ? domain.join('') + tld : localhost) + '/'
});
$('body').html(
'<html><body><div id="errormessage" class="hidden"></div>'+
'<div id="oldnotice" class="hidden"></div></body></html>'
);
const crypto = window.crypto;
window.crypto = null;
$.PrivateBin.Alert.init();
const result1 = !$.PrivateBin.InitialCheck.init(),
result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
result3 = !$('#oldnotice').hasClass('hidden');
window.crypto = crypto;
clean();
return result1 && result2 && result3;
}
);
it('shows error, if HTTP only site is detected', function () {
[true, false].map(
function (secureProtocol) {
const clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
});
$('body').html(
'<html><body><div id="httpnotice" class="hidden"></div></body></html>'
);
assert($.PrivateBin.InitialCheck.init());
assert(secureProtocol === $('#httpnotice').hasClass('hidden'));
clean();
}
);
});
jsc.property(
'shows error, if HTTP only site is detected',
'bool',
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
jsc.nearray(common.jscA2zString()),
jsc.elements(['.onion', '.i2p', '']),
function (secureProtocol, localhost, domain, tld) {
const isDomain = localhost === '',
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
clean = jsdom('', {
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
(isDomain ? domain.join('') + tld : localhost) + '/'
});
$('body').html(
'<html><body><div id="httpnotice" class="hidden"></div>'+
'</body></html>'
);
$.PrivateBin.Alert.init();
const result1 = $.PrivateBin.InitialCheck.init(),
result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
clean();
return result1 && result2;
}
);
});
});