electron/spec/security-warnings-spec.js
Milan Burda 5a7b56b042 chore: finish replacing assert with expect in tests (#18215)
* spec: replace assert with expect in api-browser-view-spec.js

* spec: replace assert with expect in api-touch-bar-spec.js

* spec: replace assert with expect in api-web-frame-spec.js

* spec: replace assert with expect in api-web-contents-view-spec.js

* spec: replace assert with expect in security-warnings-spec.js

* spec: replace assert with expect in api-menu-item-spec.js

* spec: replace assert with expect in api-web-request-spec.js

* spec: replace assert with expect in api-remote-spec.js

* spec: replace assert with expect in api-session-spec.js

* spec: replace assert with expect in api-system-preferences-spec.js

* spec: replace assert with expect in api-browser-window-spec.js

* spec: replace assert with expect in webview-spec.js

* spec: replace assert with expect in api-net-spec.js

* spec: replace assert with expect in api-protocol-spec.js

* spec: replace assert with expect api-web-contents-spec.js

* spec: replace assert with expect in api-shell-spec.js

* spec: replace assert with expect in modules-spec.js

* spec: replace assert with expect in chromium-spec.js

* spec: replace assert with expect in api-crash-reporter-spec.js

* spec: replace assert with expect in asar-spec.js

* spec: rename assert-helpers to expect-helpers

* address PR feedback
2019-05-20 12:04:18 -05:00

194 lines
5.3 KiB
JavaScript

const chai = require('chai')
const dirtyChai = require('dirty-chai')
const http = require('http')
const fs = require('fs')
const path = require('path')
const url = require('url')
const { remote } = require('electron')
const { BrowserWindow } = remote
const { closeWindow } = require('./window-helpers')
const { expect } = chai
chai.use(dirtyChai)
describe('security warnings', () => {
let server
let w = null
let useCsp = true
before((done) => {
// Create HTTP Server
server = http.createServer((request, response) => {
const uri = url.parse(request.url).pathname
let filename = path.join(__dirname, './fixtures/pages', uri)
fs.stat(filename, (error, stats) => {
if (error) {
response.writeHead(404, { 'Content-Type': 'text/plain' })
response.end()
return
}
if (stats.isDirectory()) {
filename += '/index.html'
}
fs.readFile(filename, 'binary', (err, file) => {
if (err) {
response.writeHead(404, { 'Content-Type': 'text/plain' })
response.end()
return
}
const cspHeaders = { 'Content-Security-Policy': `script-src 'self' 'unsafe-inline'` }
response.writeHead(200, useCsp ? cspHeaders : undefined)
response.write(file, 'binary')
response.end()
})
})
}).listen(8881, () => done())
})
after(() => {
// Close server
server.close()
server = null
})
afterEach(() => {
useCsp = true
return closeWindow(w).then(() => { w = null })
})
it('should warn about Node.js integration with remote content', (done) => {
w = new BrowserWindow({
show: false,
webPreferences: {
nodeIntegration: true
}
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('Node.js Integration with Remote Content')
done()
})
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
const generateSpecs = (description, webPreferences) => {
describe(description, () => {
it('should warn about disabled webSecurity', (done) => {
w = new BrowserWindow({
show: false,
webPreferences: {
webSecurity: false,
...webPreferences
}
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).include('Disabled webSecurity')
done()
})
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
it('should warn about insecure Content-Security-Policy', (done) => {
w = new BrowserWindow({
show: false,
webPreferences
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('Insecure Content-Security-Policy')
done()
})
useCsp = false
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
it('should warn about allowRunningInsecureContent', (done) => {
w = new BrowserWindow({
show: false,
webPreferences: {
allowRunningInsecureContent: true,
...webPreferences
}
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('allowRunningInsecureContent')
done()
})
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
it('should warn about experimentalFeatures', (done) => {
w = new BrowserWindow({
show: false,
webPreferences: {
experimentalFeatures: true,
...webPreferences
}
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('experimentalFeatures')
done()
})
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
it('should warn about enableBlinkFeatures', (done) => {
w = new BrowserWindow({
show: false,
webPreferences: {
enableBlinkFeatures: ['my-cool-feature'],
...webPreferences
}
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('enableBlinkFeatures')
done()
})
w.loadURL(`http://127.0.0.1:8881/base-page-security.html`)
})
it('should warn about allowpopups', (done) => {
w = new BrowserWindow({
show: false,
webPreferences
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('allowpopups')
done()
})
w.loadURL(`http://127.0.0.1:8881/webview-allowpopups.html`)
})
it('should warn about insecure resources', (done) => {
w = new BrowserWindow({
show: false,
webPreferences
})
w.webContents.once('console-message', (e, level, message) => {
expect(message).to.include('Insecure Resources')
done()
})
w.loadURL(`http://127.0.0.1:8881/insecure-resources.html`)
w.webContents.openDevTools()
})
})
}
generateSpecs('without sandbox', {})
generateSpecs('with sandbox', { sandbox: true })
generateSpecs('with remote module disabled', { enableRemoteModule: false })
})