Unverified Commit b7bf572b authored by Piero V's avatar Piero V
Browse files

Fixed tests for Tor Browser 11/Firefox 91.

Canged fp_navigator and fp_useragent to test with the correct version.

The screen dimensions test was failing because letterboxing is disabled
on about:pages (I checked with Richard, and this is the indended
behavior).
Therefore, the test is now run on a TPO page, and it passes.

Updated the settings test, to check for new settings (see
tor-browser!215), and not to check anymore for deprecated and removed
settings (see tor-browser#40177).

As a result of these settings changes, some DOM objects are now
exposed:
* pointer events
* gamepads
* applicationCache
* visualViewport
However, Tor Browser already contains mitigatins against their use for
fingerprinting (e.g., gamepads do not work, Mozilla added some
protections to pointer events for Bugzilla#1363508, letterboxing should
prevent fingerprinting on visualViewport, cache storage is 0 bytes,
etc...).
Some other DOM objects are just new (e.g., clientInformation).

Finally, HTTPS everywhere test failed because now Firefox redirects to
HTTPS if available, even when HTTPS-Only Mode is not enabled.
To detect if HTTPS everywhere is actually the responsible of the
redirect, we need to run it with dom.security.https_first_pbm set to
false.
parent 10d2f1f8
......@@ -17,6 +17,7 @@ class Test(testsuite.TorBrowserTest):
"AbortSignal",
"AbstractRange",
"addEventListener",
"applicationCache",
"alert",
"Animation",
"AnimationEffect",
......@@ -61,6 +62,7 @@ class Test(testsuite.TorBrowserTest):
"CharacterData",
"clearInterval",
"clearTimeout",
"clientInformation",
"Clipboard",
"ClipboardEvent",
"close",
......@@ -368,6 +370,7 @@ class Test(testsuite.TorBrowserTest):
"NotifyPaintEvent",
"Number",
"Object",
"OfflineResourceList",
"onabort",
"onabsolutedeviceorientation",
"onafterprint",
......@@ -376,6 +379,7 @@ class Test(testsuite.TorBrowserTest):
"onanimationiteration",
"onanimationstart",
"onauxclick",
"onbeforeinput",
"onbeforeprint",
"onbeforeunload",
"onblur",
......@@ -387,10 +391,8 @@ class Test(testsuite.TorBrowserTest):
"oncontextmenu",
"oncuechange",
"ondblclick",
"ondevicelight",
"ondevicemotion",
"ondeviceorientation",
"ondeviceproximity",
"ondrag",
"ondragend",
"ondragenter",
......@@ -405,6 +407,9 @@ class Test(testsuite.TorBrowserTest):
"onerror",
"onfocus",
"onformdata",
"ongamepadconnected",
"ongamepaddisconnected",
"ongotpointercapture",
"onhashchange",
"oninput",
"oninvalid",
......@@ -417,6 +422,7 @@ class Test(testsuite.TorBrowserTest):
"onloadedmetadata",
"onloadend",
"onloadstart",
"onlostpointercapture",
"onmessage",
"onmessageerror",
"onmousedown",
......@@ -435,6 +441,14 @@ class Test(testsuite.TorBrowserTest):
"onpause",
"onplay",
"onplaying",
"onpointercancel",
"onpointerdown",
"onpointerenter",
"onpointerleave",
"onpointermove",
"onpointerout",
"onpointerover",
"onpointerup",
"onpopstate",
"onprogress",
"onratechange",
......@@ -459,7 +473,6 @@ class Test(testsuite.TorBrowserTest):
"ontransitionstart",
"onunhandledrejection",
"onunload",
"onuserproximity",
"onvolumechange",
"onwaiting",
"onwebkitanimationend",
......@@ -498,6 +511,7 @@ class Test(testsuite.TorBrowserTest):
"personalbar",
"Plugin",
"PluginArray",
"PointerEvent",
"PopStateEvent",
"PopupBlockedEvent",
"postMessage",
......@@ -713,6 +727,7 @@ class Test(testsuite.TorBrowserTest):
"ValidityState",
"valueOf",
"VideoPlaybackQuality",
"visualViewport",
"VisualViewport",
"VTTCue",
"VTTRegion",
......
......@@ -56,7 +56,8 @@ class Test(MarionetteTestCase):
app_version = "5.0 (Macintosh)"
platform = "MacIntel"
oscpu = "Intel Mac OS X 10.13"
nav_props["userAgent"] = "Mozilla/5.0 (" + ua_os + "; rv:78.0) Gecko/20100101 Firefox/78.0"
ua_ver = '91.0'
nav_props["userAgent"] = "Mozilla/5.0 (" + ua_os + "; rv:" + ua_ver + ") Gecko/20100101 Firefox/" + ua_ver
nav_props["appVersion"] = app_version
nav_props["platform"] = platform
nav_props["oscpu"] = oscpu
......
......@@ -3,6 +3,8 @@ from marionette_harness import MarionetteTestCase
class Test(MarionetteTestCase):
def test_screen_dims(self):
with self.marionette.using_context('content'):
self.marionette.navigate('https://check.torproject.org/')
# https://gitweb.torproject.org/torbrowser.git/blob/HEAD:/src/current-patches/firefox/0021-Do-not-expose-physical-screen-info.-via-window-and-w.patch
js = self.marionette.execute_script
# check that availWidth and availHeight are equal to window innerWidth and innerHeight
......
......@@ -15,5 +15,6 @@ class Test(MarionetteTestCase):
ua_os = 'Windows NT 6.1; Win64; x64'
if osname == 'MacOSX':
ua_os = 'Macintosh; Intel Mac OS X 10.13'
self.assertEqual("Mozilla/5.0 (" + ua_os + "; rv:78.0) Gecko/20100101 Firefox/78.0",
ua_ver = '91.0'
self.assertEqual("Mozilla/5.0 (" + ua_os + "; rv:" + ua_ver + ") Gecko/20100101 Firefox/" + ua_ver,
js("return navigator.userAgent"))
......@@ -10,8 +10,8 @@ class Test(MarionetteTestCase):
ts = testsuite.TestSuite()
self.ts = ts
self.HTTP_URL = "http://httpbin.org/"
self.HTTPS_URL = "https://httpbin.org/"
self.HTTP_URL = "http://https-everywhere.badssl.com/redirect-test/status.svg"
self.HTTPS_URL = "https://https-everywhere.badssl.com/redirect-test/status.svg"
self.is_disabled = self.ts.t['test']['name'] == 'https-everywhere-disabled'
......@@ -51,6 +51,9 @@ class Test(MarionetteTestCase):
lambda _: m.execute_script("return OnionAliasStore._onionMap.size;") > 0)
with self.marionette.using_context('content'):
# Even without HTTPS Everywhere, Firefox checks if HTTPS is
# available, with this set to true
self.marionette.set_pref('dom.security.https_first_pbm', False)
self.marionette.navigate(self.HTTP_URL)
if not self.is_disabled:
......
......@@ -32,11 +32,13 @@ class Test(MarionetteTestCase):
# Disk activity: Disable Browsing History Storage
"browser.privatebrowsing.autostart": True,
"browser.cache.disk.enable": False,
"browser.cache.offline.enable": False,
"permissions.memory_only": True,
"network.cookie.lifetimePolicy": 2,
"security.nocertdb": True,
# Enabled LSNG
"dom.storage.next_gen": True,
# Disk activity: TBB Directory Isolation
"browser.download.useDownloadDir": False,
"browser.shell.checkDefaultBrowser": False,
......@@ -60,6 +62,9 @@ class Test(MarionetteTestCase):
"datareporting.policy.dataSubmissionEnabled": False,
"security.mixed_content.block_active_content": True, # Activated with bug #21323
# Bug 40083: Make sure Region.jsm fetching is disabled
"browser.region.update.enabled": False,
# Make sure Unified Telemetry is really disabled, see: #18738.
"toolkit.telemetry.unified": False,
"toolkit.telemetry.enabled": True if ts.t["tbbinfos"]["version"].startswith("tbb-nightly") else False,
......@@ -75,10 +80,8 @@ class Test(MarionetteTestCase):
"privacy.trackingprotection.pbmode.enabled": False,
# Disable the Pocket extension (Bug #18886 and #31602)
"extensions.pocket.enabled": False,
"network.http.referer.hideOnionSource": True,
# Fingerprinting
"webgl.disable-extensions": True,
"webgl.disable-fail-if-major-performance-caveat": True,
"webgl.enable-webgl2": False,
"gfx.downloadable_fonts.fallback_delay": -1,
......@@ -91,22 +94,38 @@ class Test(MarionetteTestCase):
"privacy.resistFingerprinting.block_mozAddonManager": True, # Bug 26114
"dom.webaudio.enabled": False, # Bug 13017: Disable Web Audio API
"dom.w3c_touch_events.enabled": 0, # Bug 10286: Always disable Touch API
"dom.w3c_pointer_events.enabled": False,
"dom.vr.enabled": False, # Bug 21607: Disable WebVR for now
# Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
"security.webauth.webauthn": False, # Bug 26614: Disable Web Authentication API for now
# Disable SAB, no matter if the sites are cross-origin isolated.
"dom.postMessage.sharedArrayBuffer.withCOOP_COEP": False,
"network.http.referer.hideOnionSource": True,
# Bug 40463: Disable Windows SSO
"network.http.windows-sso.enabled": False,
# Bug 40383: Disable new PerformanceEventTiming
"dom.enable_event_timing": False,
# Disable API for measuring text width and height.
"dom.textMetrics.actualBoundingBox.enabled": False,
"dom.textMetrics.baselines.enabled": False,
"dom.textMetrics.emHeight.enabled": False,
"dom.textMetrics.fontBoundingBox.enabled": False,
"pdfjs.enableScripting": False,
# Third party stuff
"network.cookie.cookieBehavior": 1,
"privacy.firstparty.isolate": True,
"network.http.spdy.allow-push": False, # Disabled for now. See https://bugs.torproject.org/27127
"network.predictor.enabled": False, # Temporarily disabled. See https://bugs.torproject.org/16633
# Bug 40177: Make sure tracker cookie purging is disabled
"privacy.purge_trackers.enabled": False,
# Proxy and proxy security
"network.proxy.socks": "127.0.0.1",
"network.proxy.socks_remote_dns": True,
"network.proxy.no_proxies_on": "", # For fingerprinting and local service vulns (#10419)
"network.proxy.type": 1,
# Bug 40548: Disable proxy-bypass
"network.proxy.failover_direct": False,
"network.security.ports.banned": "9050,9051,9150,9151",
"network.dns.disablePrefetch": True,
"network.protocol-handler.external-default": False,
......@@ -118,7 +137,6 @@ class Test(MarionetteTestCase):
"network.protocol-handler.warn-external.news": True,
"network.protocol-handler.warn-external.nntp": True,
"network.protocol-handler.warn-external.snews": True,
"plugin.state.flash": 0,
"media.peerconnection.enabled": False, # Disable WebRTC interfaces
# Disables media devices but only if `media.peerconnection.enabled` is set to
# `false` as well. (see bug 16328 for this defense-in-depth measure)
......@@ -173,14 +191,14 @@ class Test(MarionetteTestCase):
# extensions.enabledScopes is set to 5 by marionette_driver
#"extensions.enabledScopes": 1,
"extensions.pendingOperations": False,
"xpinstall.whitelist.add": "",
"xpinstall.whitelist.add.36": "",
# We don't know what extensions Mozilla is advertising to our users and we
# don't want to have some random Google Analytics script running either on the
# about:addons page, see bug 22073 and 22900.
"extensions.getAddons.showPane": False,
# Bug 26114: Allow NoScript to access addons.mozilla.org etc.
"extensions.webextensions.restrictedDomains": "",
# Don't give Mozilla-recommended third-party extensions special privileges.
"extensions.postDownloadThirdPartyPrompt": False,
"dom.enable_resource_timing": False,
......@@ -190,16 +208,12 @@ class Test(MarionetteTestCase):
# Enforce certificate pinning, see: https://bugs.torproject.org/16206
"security.cert_pinning.enforcement_level": 2,
# Don't load OS client certs.
"security.osclientcerts.autoload": False,
# Don't allow MitM via Microsoft Family Safety, see bug 21686
"security.family_safety.mode": 0,
# Disable the language pack signing check for now, see: bug 26465
# Avoid report TLS errors to Mozilla. We might want to repurpose this feature
# one day to help detecting bad relays (which is bug 19119). For now we just
# hide the checkbox, see bug 22072.
"security.ssl.errorReporting.enabled": False,
# Workaround for https://bugs.torproject.org/13579. Progress on
# `about:downloads` is only shown if the following preference is set to `true`
# in case the download panel got removed from the toolbar.
......@@ -211,7 +225,7 @@ class Test(MarionetteTestCase):
# checking torbrowser.version match the version from the filename
"torbrowser.version": ts.t["tbbinfos"]["version"],
"startup.homepage_override_url": "https://blog.torproject.org/category/tags/tor-browser",
"startup.homepage_override_url": "https://blog.torproject.org/category/applications",
# Disable network information API everywhere
# but, alas, the behavior is inconsistent across platforms, see:
......@@ -220,6 +234,10 @@ class Test(MarionetteTestCase):
"dom.netinfo.enabled": False,
}
MOZ_BUNDLED_FONTS = True
if MOZ_BUNDLED_FONTS:
self.SETTINGS["gfx.bundled-fonts.activate"] = 1
# Settings for the Tor Browser 8.0
self.SETTINGS_80 = {
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment