Bug 12620: TorBrowser regression tests

Regression tests for Bug #2950: Make Permissions Manager memory-only

Regression tests for TB4: Tor Browser's Firefox preference overrides.

Note: many more functional tests could be made here

Regression tests for #2874: Block Components.interfaces from content

Bug 18923: Add a script to run all Tor Browser specific tests

Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.

run-tbb-tests

+#!/bin/bash
+
+# This script runs all the Mochitest tests that have been added or
+# modified since the last ffxbld commit.
+#
+# It does not currently run XPCShell tests. We should change this if we
+# start using this type or other types of tests.
+#
+# The logs of the tests are stored in the tbb-tests.log file.
+# Ignored tests are listed in the tbb-tests-ignore.txt file.
+#
+# https://trac.torproject.org/projects/tor/ticket/18923
+
+IFS=$'\n'
+
+if [ -n "$USE_TESTS_LIST" ] && [ -f tbb-tests-list.txt ]
+then
+    echo "Using tests list from file tbb-tests-list.txt"
+    tests=($(cat tbb-tests-list.txt))
+else
+    ffxbld_commit=$(git log -500 --format='%an %H' | grep '^ffxbld ' \
+                                        | head -1 | cut -d ' ' -f 2)
+
+    tests=($(git diff --name-status "$ffxbld_commit" HEAD | \
+        grep -e '^[AM].*/test_[^/]\+\.\(html\|xul\)$' \
+             -e '^[AM].*/browser_[^/]\+\.js$' \
+             | sed 's/^[AM]\s\+//'))
+fi
+
+echo 'The following tests will be run:'
+for i in "${!tests[@]}"
+do
+    if [ -z "$USE_TESTS_LIST" ] \
+        && grep -q "^${tests[$i]}$" tbb-tests-ignore.txt
+    then
+        unset "tests[$i]"
+        continue
+    fi
+    echo "- ${tests[$i]}"
+done
+
+if [ -n "$WRITE_TESTS_LIST" ]
+then
+    rm -f tbb-tests-list.txt
+    for i in "${!tests[@]}"
+    do
+        echo "${tests[$i]}" >> tbb-tests-list.txt
+    done
+    exit 0
+fi
+
+rm -f tbb-tests.log
+echo $'\n''Starting tests'
+./mach mochitest --log-tbpl tbb-tests.log --setpref security.nocertdb=false \
+                 "${tests[@]}"
+
+echo "*************************"
+echo "*************************"
+echo "Summary of failed tests:"
+grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log

tbb-tests/browser.ini

+[DEFAULT]
+
+[browser_tor_bug2950.js]
+[browser_tor_omnibox.js]
+[browser_tor_TB4.js]

tbb-tests/browser_tor_TB4.js

+// # Test for TB4: Tor Browser's Firefox preference overrides
+// Simple regression tests to check the value of each pref and
+// decides if it is set as expected.
+
+// TODO: Write unit tests to check that each pref setting here
+// causes the browser to have the desired behavior (a big task). 
+
+function test() {
+
+let expectedPrefs = [
+   // Disable browser auto updaters and associated homepage notifications
+   ["app.update.auto", false],
+   ["app.update.enabled", false],
+   ["browser.search.update", false],
+   ["browser.rights.3.shown", true],
+   ["browser.startup.homepage_override.mstone", "ignore"],
+   ["startup.homepage_welcome_url", ""],
+   ["startup.homepage_override_url", ""],
+
+   // Disable the "Refresh" prompt that is displayed for stale profiles.
+   ["browser.disableResetPrompt", true],
+
+   // Disk activity: Disable Browsing History Storage
+   ["browser.privatebrowsing.autostart", true],
+   ["browser.cache.disk.enable", false],
+   ["browser.cache.offline.enable", false],
+   ["dom.indexedDB.enabled", false],
+   ["permissions.memory_only", true],
+   ["network.cookie.lifetimePolicy", 2],
+   ["security.nocertdb", true],
+
+   // Disk activity: TBB Directory Isolation
+   ["browser.download.useDownloadDir", false],
+   ["browser.shell.checkDefaultBrowser", false],
+   ["browser.download.manager.addToRecentDocs", false],
+
+   // Misc privacy: Disk
+   ["signon.rememberSignons", false],
+   ["browser.formfill.enable", false],
+   ["signon.autofillForms", false],
+   ["browser.sessionstore.privacy_level", 2],
+   ["media.cache_size", 0],
+
+   // Misc privacy: Remote
+   ["browser.send_pings", false],
+   ["geo.enabled", false],
+   ["geo.wifi.uri", ""],
+   ["browser.search.suggest.enabled", false],
+   ["browser.safebrowsing.malware.enabled", false],
+   ["extensions.ui.lastCategory", "addons://list/extension"],
+   ["datareporting.healthreport.uploadEnabled", false],
+   ["datareporting.policy.dataSubmissionEnabled", false],
+   ["security.mixed_content.block_active_content", false], // Disable until https://bugzilla.mozilla.org/show_bug.cgi?id=878890 is patched
+   ["browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"], // Don't promote sync
+   ["services.sync.engine.prefs", false], // Never sync prefs, addons, or tabs with other browsers
+   ["services.sync.engine.addons", false],
+   ["services.sync.engine.tabs", false],
+   ["extensions.getAddons.cache.enabled", false], // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+
+   // Fingerprinting
+   ["webgl.min_capability_mode", true],
+   ["webgl.disable-extensions", true],
+   ["dom.battery.enabled", false], // fingerprinting due to differing OS implementations
+   ["browser.display.max_font_attempts",10],
+   ["browser.display.max_font_count",10],
+   ["gfx.downloadable_fonts.fallback_delay", -1],
+   ["browser.startup.homepage_override.buildID", "20100101"],
+
+   // Third party stuff
+   ["network.cookie.cookieBehavior", 1],
+   ["security.enable_tls_session_tickets", false],
+   ["network.http.spdy.enabled", false], // Stores state and may have keepalive issues (both fixable)
+   ["network.http.spdy.enabled.v2", false], // Seems redundant, but just in case
+   ["network.http.spdy.enabled.v3", false], // Seems redundant, but just in case
+
+   // Proxy and proxy security
+   ["network.proxy.socks", "127.0.0.1"],
+   ["network.proxy.socks_port", 9150],
+   ["network.proxy.socks_remote_dns", true],
+   ["network.proxy.no_proxies_on", ""], // For fingerprinting and local service vulns (#10419)
+   ["network.proxy.type", 1],
+   ["network.security.ports.banned", "9050,9051,9150,9151"],
+   ["network.dns.disablePrefetch", true],
+   ["network.protocol-handler.external-default", false],
+   ["network.protocol-handler.external.mailto", false],
+   ["network.protocol-handler.external.news", false],
+   ["network.protocol-handler.external.nntp", false],
+   ["network.protocol-handler.external.snews", false],
+   ["network.protocol-handler.warn-external.mailto", true],
+   ["network.protocol-handler.warn-external.news", true],
+   ["network.protocol-handler.warn-external.nntp", true],
+   ["network.protocol-handler.warn-external.snews", true],
+
+   // Network and performance
+   ["network.http.pipelining", true],
+   ["network.http.pipelining.aggressive", true],
+   ["network.http.pipelining.maxrequests", 12],
+   ["network.http.pipelining.ssl", true],
+   ["network.http.proxy.pipelining", true],
+   ["security.ssl.enable_false_start", true],
+   ["network.http.keep-alive.timeout", 20],
+   ["network.http.connection-retry-timeout", 0],
+   ["network.http.max-persistent-connections-per-proxy", 256],
+   ["network.http.pipelining.reschedule-timeout", 15000],
+   ["network.http.pipelining.read-timeout", 60000],
+   // Hacked pref: Now means "Attempt to pipeline at least this many requests together"
+   ["network.http.pipelining.max-optimistic-requests", 3],
+   ["security.disable_session_identifiers", true],
+
+   // Extension support
+   ["extensions.autoDisableScopes", 0],
+   ["extensions.bootstrappedAddons", "{}"],
+   ["extensions.checkCompatibility.4.*", false],
+   ["extensions.databaseSchema", 3],
+   ["extensions.enabledAddons", "https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5"],
+   ["extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8"],
+   ["extensions.enabledScopes", 1],
+   ["extensions.pendingOperations", false],
+   ["xpinstall.whitelist.add", ""],
+   ["xpinstall.whitelist.add.36", ""],
+
+   // Omnibox settings
+   ["keyword.URL", "https://startpage.com/do/search?q="],
+
+   // Hacks/workarounds: Direct2D seems to crash w/ lots of video cards w/ MinGW?
+   // Nvida cards also experience crashes without the second pref set to disabled
+   ["gfx.direct2d.disabled", true],
+   ["layers.acceleration.disabled", true],
+
+   // Security enhancements
+   // https://trac.torproject.org/projects/tor/ticket/9387#comment:17
+   ["javascript.options.ion.content", false],
+   ["javascript.options.baselinejit.content", false],
+   ["javascript.options.asmjs", false],
+   ["javascript.options.typeinference", false],
+
+   // Enable TLS 1.1 and 1.2:
+   // https://trac.torproject.org/projects/tor/ticket/11253
+   ["security.tls.version.max", 3],
+
+   // Version placeholder
+   ["torbrowser.version", "UNKNOWN"],
+
+  ];
+
+let getPref = function (prefName) {
+  let type = gPrefService.getPrefType(prefName);
+  if (type === gPrefService.PREF_INT) return gPrefService.getIntPref(prefName);
+  if (type === gPrefService.PREF_BOOL) return gPrefService.getBoolPref(prefName);
+  if (type === gPrefService.PREF_STRING) return gPrefService.getCharPref(prefName);
+  // Something went wrong.
+  throw new Error("Can't access pref " + prefName);
+};
+
+let testPref = function([key, expectedValue]) {
+  let foundValue = getPref(key);
+  is(foundValue, expectedValue, "Pref '" + key + "' should be '" + expectedValue +"'.");
+};  
+
+expectedPrefs.map(testPref);
+
+} // end function test()

tbb-tests/browser_tor_bug2950.js

+// # Regression tests for tor Bug #2950, Make Permissions Manager memory-only
+// Ensures that permissions.sqlite file in profile directory is not written to,
+// even when we write a value to Firefox's permissions database.
+
+// The requisite test() function.
+function test() {
+
+// Needed because of asynchronous part later in the test.
+waitForExplicitFinish();
+
+// Shortcut
+let Ci = Components.interfaces;
+
+// ## utility functions
+
+// __uri(spec)__.
+// Creates an nsIURI instance from a spec
+// (string address such as "http://torproject.org").
+let uri = spec => Services.io.newURI(spec, null, null);
+
+// __setPermission(spec, key, value)__.
+// Sets the site permission of type key to value, for the site located at address spec.
+let setPermission = (spec, key, value) => SitePermissions.set(uri(spec), key, value);
+
+// __getPermission(spec, key)__.
+// Reads the site permission value for permission type key, for the site
+// located at address spec.
+let getPermission = (spec, key) => SitePermissions.get(uri(spec), key);
+
+// __profileDirPath__.
+// The Firefox Profile directory. Expected location of various persistent files.
+let profileDirPath = Services.dirsvc.get("ProfD", Components.interfaces.nsIFile).path;
+
+// __fileInProfile(fileName)__.
+// Returns an nsIFile instance corresponding to a file in the Profile directory.
+let fileInProfile = fileName => FileUtils.File(profileDirPath + "/" + fileName);
+
+// ## Now let's run the test.
+
+let SITE = "http://torproject.org",
+    KEY = "popup";
+
+let permissionsFile = fileInProfile("permissions.sqlite"),
+                      lastModifiedTime = null,
+                      newModifiedTime = null;
+if (permissionsFile.exists()) {
+  lastModifiedTime = permissionsFile.lastModifiedTime;
+}
+// Read the original value of the permission.
+let originalValue = getPermission(SITE, KEY);
+
+// We need to delay by at least 1000 ms, because that's the granularity
+// of file time stamps, it seems.
+window.setTimeout(
+  function () {
+    // Set the permission to a new value.
+    setPermission(SITE, KEY, (originalValue === 0) ? 1 : 0);
+    // Now read back the permission value again.
+    let newReadValue = getPermission(SITE, KEY);
+    // Compare to confirm that the permission
+    // value was successfully changed.
+    isnot(newReadValue, originalValue, "Set a value in permissions db (perhaps in memory).");;
+    // If file existed or now exists, get the current time stamp.
+    if (permissionsFile.exists()) {
+      newModifiedTime = permissionsFile.lastModifiedTime;
+    }
+    // If file was created or modified since we began this test,
+    // then permissions db is not memory only. Complain!
+    is(lastModifiedTime, newModifiedTime, "Don't write to permissions.sqlite file on disk.");
+    // We are done with the test.
+    finish();
+  }, 1100);
+
+} // test()

tbb-tests/mochitest.ini

+[DEFAULT]
+
+[test_tor_bug2874.html]

tbb-tests/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
+BROWSER_CHROME_MANIFESTS += [ 'browser.ini' ]
+

tbb-tests/test_tor_bug2874.html

+<!DOCTYPE HTML>
+<html>
+<!--
+Tor bug
+https://trac.torproject.org/projects/tor/ticket/2874
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Tor Bug 2874</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+  <script type="application/javascript">
+  is(typeof Components, 'undefined', "The global window object should not expose a Components property to untrusted content.");
+  </script>
+</head>
+<body>
+<a target="_blank" href="https://trac.torproject.org/projects/tor/ticket/2874">Tor Bug 2874</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+</pre>
+</body>
+</html>

toolkit/toolkit.mozbuild

@@ -96,7 +96,8 @@ if CONFIG['MOZ_WEBRTC'] and CONFIG['COMPILE_ENVIRONMENT']:
     ]
 
 if CONFIG['ENABLE_TESTS']:
-    DIRS += ['/testing/specialpowers']
+    DIRS += ['/testing/specialpowers',
+             '/tbb-tests']
 
 DIRS += [
     '/testing/gtest',