Skip to content
This repository has been archived by the owner on Feb 1, 2019. It is now read-only.

Commit

Permalink
Merge pull request #262 from kmaglione/things-and-stuff
Browse files Browse the repository at this point in the history 
A series of minor validator test changes
  • Loading branch information
@magopian
magopian committed Jan 27, 2015
2 parents bee9900 + 3c7ce14 commit f2314d8
Show file tree
Hide file tree
Showing 11 changed files with 348 additions and 106 deletions.
11 changes: 11 additions & 0 deletions tests/test_jetpack.py
View file
Expand Up @@ -400,6 +400,17 @@ def test_absolute_uris_in_js():
assert err.compat_summary["errors"]


def test_observer_service_flagged():
assert _js_test("""
var {Ci} = require("chrome");
thing.QueryInterface(Ci.nsIObserverService);
""", jetpack=True).failed()

assert not _js_test("""
thing.QueryInterface(Ci.nsIObserverService);
""").failed()


def test_absolute_uris_in_markup():
"""
Test that a warning is thrown for absolute URIs within markup files.
Expand Down
7 changes: 7 additions & 0 deletions tests/test_js_functions.py
View file
Expand Up @@ -132,3 +132,10 @@ def test_number_global_conversions():
eq_(_get_var(err, "f"), _get_var(err, "nan"))
eq_(_get_var(err, "g"), _get_var(err, "nan"))


def test_unsafe_template_methods():
"""Test that the use of unsafe template methods is flagged."""

assert _do_test_raw("""bar = Handlebars.SafeString(foo)""").failed()
assert _do_test_raw("""bar = $sce.trustAsHTML(foo)""").failed()
assert _do_test_raw("""bar = $sce.trustAs("html", foo)""").failed()
13 changes: 6 additions & 7 deletions tests/test_js_instanceactions.py
View file
Expand Up @@ -65,20 +65,19 @@ def test_sql_methods():
"""Tests that warnings on SQL methods are emitted properly"""

err = _do_test_raw("""
x.createStatement("foo");
x.executeSimpleSQL("foo " + y);
""")
eq_(err.warnings[0]["id"][-1], "synchronous_sql")
eq_(err.warnings[0]["id"][-1], "executeSimpleSQL_dynamic")

err = _do_test_raw("""
x.executeSimpleSQL("foo");
x.createStatement("foo " + y);
""")
eq_(err.warnings[0]["id"][-1], "synchronous_sql")
eq_(err.warnings[0]["id"][-1], "executeSimpleSQL_dynamic")

err = _do_test_raw("""
x.executeSimpleSQL("foo " + y);
x.createAsyncStatement("foo " + y);
""")
eq_(err.warnings[0]["id"][-1], "synchronous_sql")
eq_(err.warnings[1]["id"][-1], "executeSimpleSQL_dynamic")
eq_(err.warnings[0]["id"][-1], "executeSimpleSQL_dynamic")

def test_setAttribute():
"""Tests that setAttribute calls are blocked successfully"""
Expand Down
12 changes: 12 additions & 0 deletions tests/test_js_wrappedjsobject.py
View file
Expand Up @@ -13,6 +13,7 @@ def test_pass(self):
self.run_script("""
var x = foo.wrappedJSObject;
var y = XPCNativeWrapper.unwrap(foo);
var z = Cu.waiveXrays(foo);
""")
self.assert_silent()

Expand Down Expand Up @@ -60,6 +61,17 @@ def test_cant_assign_unwrap(self):
""")
self.assert_wrappedjs_failure()

def test_cant_assign_waive(self):
"""
Test that properties can't be assigned to JS objects that were
unwrapped via XPCNativeWrapper.unwrap().
"""
self.run_script("""
var x = Cu.waiveXrays(foo);
x.foo = "asdf";
""")
self.assert_wrappedjs_failure()

def test_recursive_assign_unwrap(self):
"""
Test that properties can't be assigned to the members of objects that
Expand Down
50 changes: 45 additions & 5 deletions tests/test_js_xpcom.py
View file
Expand Up @@ -247,6 +247,21 @@ def test_xpcom_nsibrowsersearchservice():
""").failed()


def test_synchronous_sql():
"""Test that uses of synchronous SQL are flagged."""

assert _do_test_raw("database.executeSimpleSQL('foo');").failed()

assert not _do_test_raw("database.createStatement();").failed()

for meth in "execute", "executeStep":
assert _do_test_raw("database.createStatement().%s();" % meth).failed()

assert not _do_test_raw("""
database.createStatement().executeAsync()
""").failed()


def test_nsisound_play():
"""Test that nsISound.play is flagged."""

Expand Down Expand Up @@ -281,20 +296,45 @@ def test_xpcom_nsiwebbrowserpersist():
with a null load context.
"""

assert _do_test_raw("""
def test(js, want_pass):
err = _do_test_raw(js)
if err.warnings:
result = err.warnings[0]["id"][-1] != "webbrowserpersist_saveuri"
eq_(result, want_pass)
else:
assert want_pass

test("""
var foo = Cc["foo"].getService(Components.interfaces.nsIWebBrowserPersist);
foo.saveURI(null, null, null, null, null, null, null);
""").failed()
""", False)

assert _do_test_raw("""
test("""
var foo = Cc["foo"].getService(Components.interfaces.nsIWebBrowserPersist);
var thing = null;
foo.saveURI(null, null, null, null, null, null, thing);
""").failed()
""", False)

assert not _do_test_raw("""
test("""
var foo = Cc["foo"].getService(Components.interfaces.nsIWebBrowserPersist);
foo.saveURI(null, null, null, null, null, null, thing);
""", True)



def test_xpcom_nsiwebbrowserpersist_deprecation():
"""Tests that nsIWebBrowserPersist emits deprecation warnings."""

assert _do_test_raw("""
thing.QueryInterface(Ci.nsIWebBrowserPersist).saveChannel()
""").failed()

assert _do_test_raw("""
thing.QueryInterface(Ci.nsIWebBrowserPersist).saveURI(1, 2, 3, 4, 5, 6, 7);
""").failed()

assert _do_test_raw("""
thing.QueryInterface(Ci.nsIWebBrowserPersist).savePrivacyAwareURI()
""").failed()


Expand Down
23 changes: 23 additions & 0 deletions tests/test_regex.py
View file
Expand Up @@ -101,6 +101,20 @@ def test_processNextEvent_banned():
""").failed()


def test_extension_manager_api():
assert _do_test_raw("""
Cc["@mozilla.org/extensions/manager;1"].getService();
""").failed()

assert _do_test_raw("""
if (topic == "em-action-requested") true;
""").failed()

assert _do_test_raw("""
thing.QueryInterface(Ci.nsIExtensionManager);
""").failed()


def test_bug_652575():
"""Ensure that capability.policy gets flagged."""
assert _do_test_raw("var x = 'capability.policy.';").failed()
Expand Down Expand Up @@ -155,6 +169,15 @@ def test_preference_extension_regex():
assert _do_test_raw('"foo.extensions.update.bar"').failed()


def test_template_escape():
"""Tests that the use of unsafe template escape sequences is flagged."""

assert _do_test_raw("<%= foo %>").failed()
assert _do_test_raw("{{{ foo }}}").failed()

assert _do_test_raw("ng-bind-html-unsafe='foo'").failed()


def test_tb11_strings():
"""Flag changed or removed strings in add-on code"""

Expand Down
21 changes: 12 additions & 9 deletions validator/testcases/javascript/actions.py
View file
Expand Up @@ -476,22 +476,25 @@ def _call_create_pref(a, t, e):
value = str(t(a[0]).get_literal_value())

from predefinedentities import BANNED_PREF_BRANCHES, BANNED_PREF_REGEXPS
for banned in BANNED_PREF_BRANCHES:
for banned, reason in BANNED_PREF_BRANCHES:
if value.startswith(banned):
return ("Extensions should not alter preferences in the '%s' "
"preference branch" % banned)
return reason or ("Extensions should not alter preferences in "
"the '%s' preference branch" % banned)

for banned in BANNED_PREF_REGEXPS:
if re.match(banned, value):
return ("Extensions should not alter preferences matching /%s/"
% banned)

if not value.startswith("extensions.") or value.rindex(".") < len("extensions."):
return ("Extensions should not alter preferences outside of the "
"'extensions.' preference branch. Please make sure that "
"all of your extension's preferences are prefixed with "
"'extensions.add-on-name.', where 'add-on-name' is a "
"distinct string unique to and indicative of your add-on.")
for branch in "extensions.", "services.sync.prefs.sync.extensions.":
if value.startswith(branch) and value.rindex(".") > len(branch):
return

return ("Extensions should not alter preferences outside of the "
"'extensions.' preference branch. Please make sure that "
"all of your extension's preferences are prefixed with "
"'extensions.add-on-name.', where 'add-on-name' is a "
"distinct string unique to and indicative of your add-on.")


def _readonly_top(t, r, rn):
Expand Down
24 changes: 23 additions & 1 deletion validator/testcases/javascript/call_definitions.py
View file
Expand Up @@ -166,6 +166,26 @@ def spellcheck_updatecurrentdictionary(wrapper, arguments, traverser):
tier=5)


def webbrowserpersist(wrapper, arguments, traverser):
"""
Most nsIWebBrowserPersist should no longer be used, in favor of the new
Downloads.jsm interfaces.
"""
traverser.err.warning(
err_id=("testcases_javascript_call_definititions",
"webbrowserpersist"),
warning="nsIWebBrowserPersist should no longer be used",
description=("Most nsIWebBrowserPersist methods have been "
"superseded by simpler methods in Downloads.jsm, namely "
"`Downloads.fetch` and `Downloads.createDownload`. See "
"http://mzl.la/downloads-jsm for more information."),
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context,
tier=4)


def webbrowserpersist_saveuri(wrapper, arguments, traverser):
"""
nsIWebBrowserPersist.saveURI requires a valid privacy context as
Expand All @@ -176,7 +196,7 @@ def webbrowserpersist_saveuri(wrapper, arguments, traverser):
if load_context.get_literal_value() is None:
traverser.err.warning(
err_id=("testcases_javascript_call_definititions",
"webbrowserpersist_saveuri"),
"webbrowserpersist_saveuri"),
warning=("saveURI should not be called with a null load "
"context"),
description=("While nsIWebBrowserPersist.saveURI accepts null "
Expand All @@ -189,6 +209,8 @@ def webbrowserpersist_saveuri(wrapper, arguments, traverser):
context=traverser.context,
tier=4)

webbrowserpersist(wrapper, arguments, traverser)


def xpcom_constructor(method, extend=False, mutate=False, pretraversed=False):
"""Returns a function which wraps an XPCOM class instantiation function."""
Expand Down

0 comments on commit f2314d8

Please sign in to comment.