Bug 1805101: Add a RFP test that runs in an about:blank document r=tschuster

Differential Revision: https://phabricator.services.mozilla.com/D175505
2023-05-11 13:44:10 +00:00
parent 8a5309d00e
commit d620ceb2ed
5 changed files with 257 additions and 0 deletions
--- a/browser/components/resistfingerprinting/test/browser/browser.ini
+++ b/browser/components/resistfingerprinting/test/browser/browser.ini
@@ -17,11 +17,14 @@ support-files =
  file_navigator_iframer.html
  file_navigator_iframee.html
  file_navigator_iframe_worker.sjs
+  file_hwconcurrency_aboutblank_iframer.html
+  file_hwconcurrency_aboutblank_iframee.html
  file_reduceTimePrecision_iframer.html
  file_reduceTimePrecision_iframee.html
  file_reduceTimePrecision_iframe_worker.sjs
  file_animationapi_iframer.html
  file_animationapi_iframee.html
+  shared_test_funcs.js

 [browser_animationapi_iframes.js]
 [browser_block_mozAddonManager.js]
@@ -36,6 +39,7 @@ skip-if =
  (os == "mac") #Bug 1570812
  os == 'linux' && bits == 64 && !debug # Bug 1570812
  os == "win" && os_version == "6.1" # Skip on Azure - frequent failure
+[browser_hwconcurrency_iframes_aboutblank.js]
 [browser_math.js]
 [browser_navigator.js]
 https_first_disabled = true
--- a/browser/components/resistfingerprinting/test/browser/browser_hwconcurrency_iframes_aboutblank.js
+++ b/browser/components/resistfingerprinting/test/browser/browser_hwconcurrency_iframes_aboutblank.js
@@ -0,0 +1,184 @@
+/**
+ * This test only tests values in an about:blank document that is created by the iframe, it does not test them on the framer
+ *
+ * Covers the following cases:
+ *  - RFP is disabled entirely
+ *  - RFP is enabled entirely
+ *
+ *  - (A) RFP is exempted on the framer and framee and (if needed) on another cross-origin domain
+ *  - (B) RFP is exempted on the framer and framee but is not on another (if needed) cross-origin domain
+ *  - (C) RFP is exempted on the framer and (if needed) on another cross-origin domain, but not the framee
+ *  - (D) RFP is exempted on the framer but not the framee nor another (if needed) cross-origin domain
+ *  - (E) RFP is not exempted on the framer nor the framee but (if needed) is exempted on another cross-origin domain
+ *  - (F) RFP is not exempted on the framer nor the framee nor another (if needed) cross-origin domain
+ *  - (G) RFP is not exempted on the framer but is on the framee and (if needed) on another cross-origin domain
+ *  - (H) RFP is not exempted on the framer nor another (if needed) cross-origin domain but is on the framee
+ *
+ */
+
+"use strict";
+
+const SPOOFED_HW_CONCURRENCY = 2;
+
+const DEFAULT_HARDWARE_CONCURRENCY = navigator.hardwareConcurrency;
+
+// =============================================================================================
+// =============================================================================================
+
+async function testHWConcurrency(result, expectedResults, extraData) {
+  let testDesc = extraData.testDesc;
+
+  is(
+    result.hardwareConcurrency,
+    expectedResults.hardwareConcurrency,
+    `Checking ${testDesc} navigator.hardwareConcurrency.`
+  );
+}
+
+// The following are convenience objects that allow you to quickly see what is
+//   and is not modified from a logical set of values.
+// Be sure to always use `let expectedResults = JSON.parse(JSON.stringify(allNotSpoofed))` to do a
+//   deep copy and avoiding corrupting the original 'const' object
+const allNotSpoofed = {
+  hardwareConcurrency: DEFAULT_HARDWARE_CONCURRENCY,
+};
+const allSpoofed = {
+  hardwareConcurrency: SPOOFED_HW_CONCURRENCY,
+};
+
+const FRAMER_DOMAIN = "example.com";
+const IFRAME_DOMAIN = "example.org";
+const CROSS_ORIGIN_DOMAIN = "example.net";
+const uri = `https://${FRAMER_DOMAIN}/browser/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframer.html`;
+
+requestLongerTimeout(2);
+
+let expectedResults = {};
+
+expectedResults = JSON.parse(JSON.stringify(allNotSpoofed));
+add_task(
+  partial(
+    defaultsTest,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    simpleRFPTest,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (A) RFP is exempted on the framer and framee and each contacts an exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allNotSpoofed));
+add_task(
+  partial(
+    testA,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (B) RFP is exempted on the framer and framee and each contacts a non-exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allNotSpoofed));
+add_task(
+  partial(
+    testB,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (C) RFP is exempted on the framer but not the framee and each contacts an exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testC,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (D) RFP is exempted on the framer but not the framee and each contacts a non-exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testD,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (E) RFP is not exempted on the framer nor the framee and each contacts an exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testE,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (F) RFP is not exempted on the framer nor the framee and each contacts a non-exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testF,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (G) RFP is not exempted on the framer but is on the framee and each contacts an exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testG,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
+
+// (H) RFP is not exempted on the framer but is on the framee and each contacts a non-exempted cross-origin resource
+expectedResults = JSON.parse(JSON.stringify(allSpoofed));
+add_task(
+  partial(
+    testH,
+    uri,
+    IFRAME_DOMAIN,
+    CROSS_ORIGIN_DOMAIN,
+    testHWConcurrency,
+    expectedResults
+  )
+);
--- a/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframee.html
+++ b/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframee.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<meta charset="utf8">
+<script>
+window.onload = async () => {
+  parent.postMessage("ready", "*");
+}
+
+window.addEventListener("message", async function listener(event) {
+  if (event.data[0] == "gimme") {
+  	var iframe = document.createElement("iframe");
+    iframe.src = "about:blank?foo";
+    document.body.append(iframe);
+
+    function test() {
+      let result = {
+        hardwareConcurrency : navigator.hardwareConcurrency
+      };
+
+      window.parent.document.querySelector("#result").textContent = JSON.stringify(result);
+    }
+
+    iframe.contentWindow.eval(`(${test})()`);
+
+    parent.postMessage(JSON.parse(document.querySelector("#result").textContent), "*")
+  }
+});
+</script>
+<output id="result"></output>
--- a/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframer.html
+++ b/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframer.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<title></title>
+<script src="shared_test_funcs.js"></script>
+<script>
+async function runTheTest(iframe_domain, cross_origin_domain) {
+  const iframes = document.querySelectorAll("iframe");
+  iframes[0].src = `https://${iframe_domain}/browser/browser/components/resistfingerprinting/test/browser/file_hwconcurrency_aboutblank_iframee.html`;
+  await waitForMessage("ready", `https://${iframe_domain}`);
+
+  const promiseForRFPTest = new Promise(resolve => {
+    window.addEventListener("message", event => {
+      if(event.origin != `https://${iframe_domain}`) {
+        throw new Error(`origin should be ${iframe_domain}`);
+      }
+      resolve(event.data);
+    }, { once: true });
+  });
+  iframes[0].contentWindow.postMessage(["gimme", cross_origin_domain], "*");
+  var result = await promiseForRFPTest;
+
+  return result;
+}
+</script>
+</head>
+<body>
+<iframe width=100></iframe>
+</body>
+</html>
--- a/browser/components/resistfingerprinting/test/browser/shared_test_funcs.js
+++ b/browser/components/resistfingerprinting/test/browser/shared_test_funcs.js
@@ -0,0 +1,10 @@
+function waitForMessage(aMsg, aOrigin) {
+  return new Promise(resolve => {
+    window.addEventListener("message", function listener(event) {
+      if (event.data == aMsg && (aOrigin == "*" || event.origin == aOrigin)) {
+        window.removeEventListener("message", listener);
+        resolve();
+      }
+    });
+  });
+}