2021-01-01 01:38:31 +01:00
|
|
|
// ██████╗ █████╗ ███████╗███████╗██╗███╗ ██╗ ██████╗
|
|
|
|
// ██╔══██╗██╔══██╗██╔════╝██╔════╝██║████╗ ██║██╔════╝
|
|
|
|
// ██████╔╝███████║███████╗███████╗██║██╔██╗ ██║██║ ███╗
|
|
|
|
// ██╔═══╝ ██╔══██║╚════██║╚════██║██║██║╚██╗██║██║ ██║
|
|
|
|
// ██║ ██║ ██║███████║███████║██║██║ ╚████║╚██████╔╝
|
|
|
|
// ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝ ╚═════╝
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod passing {
|
|
|
|
use assert_cmd::prelude::*;
|
|
|
|
use std::env;
|
|
|
|
use std::process::Command;
|
|
|
|
|
2021-10-17 09:16:37 +02:00
|
|
|
use monolith::url::EMPTY_IMAGE_DATA_URL;
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn isolate_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-I")
|
|
|
|
.arg("data:text/html,Hello%2C%20World!")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain isolated HTML
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
"<html><head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"default-src 'unsafe-inline' data:;\"></meta>\
|
|
|
|
</head><body>Hello, World!</body></html>\n"
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn remove_css_from_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-c")
|
|
|
|
.arg("data:text/html,<style>body{background-color:pink}</style>Hello")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no CSS
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
"<html><head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"style-src 'none';\"></meta>\
|
|
|
|
<style></style>\
|
|
|
|
</head><body>Hello</body></html>\n"
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn remove_fonts_from_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-F")
|
|
|
|
.arg("data:text/html,<style>@font-face { font-family: myFont; src: url(font.woff); }</style>Hi")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no web fonts
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
"<html><head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"font-src 'none';\"></meta>\
|
|
|
|
<style></style>\
|
|
|
|
</head><body>Hi</body></html>\n"
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn remove_frames_from_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-f")
|
|
|
|
.arg("data:text/html,<iframe src=\"https://duckduckgo.com\"></iframe>Hi")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no iframes
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
"<html><head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"frame-src 'none'; child-src 'none';\"></meta>\
|
|
|
|
</head><body><iframe src=\"\"></iframe>Hi</body></html>\n"
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn remove_images_from_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-i")
|
|
|
|
.arg("data:text/html,<img src=\"https://google.com\"/>Hi")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no images
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
format!(
|
|
|
|
"<html>\
|
|
|
|
<head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"img-src data:;\"></meta>\
|
|
|
|
</head>\
|
|
|
|
<body>\
|
|
|
|
<img src=\"{empty_image}\">\
|
|
|
|
Hi\
|
|
|
|
</body>\
|
|
|
|
</html>\n",
|
2021-10-17 09:16:37 +02:00
|
|
|
empty_image = EMPTY_IMAGE_DATA_URL,
|
2021-01-01 01:38:31 +01:00
|
|
|
)
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn remove_js_from_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("-j")
|
|
|
|
.arg("data:text/html,<script>alert(2)</script>Hi")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no JS
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-01-01 01:38:31 +01:00
|
|
|
"<html>\
|
|
|
|
<head>\
|
|
|
|
<meta http-equiv=\"Content-Security-Policy\" content=\"script-src 'none';\"></meta>\
|
|
|
|
<script></script></head>\
|
|
|
|
<body>Hi</body>\
|
|
|
|
</html>\n"
|
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
2021-06-02 15:41:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// ███████╗ █████╗ ██╗██╗ ██╗███╗ ██╗ ██████╗
|
|
|
|
// ██╔════╝██╔══██╗██║██║ ██║████╗ ██║██╔════╝
|
|
|
|
// █████╗ ███████║██║██║ ██║██╔██╗ ██║██║ ███╗
|
|
|
|
// ██╔══╝ ██╔══██║██║██║ ██║██║╚██╗██║██║ ██║
|
|
|
|
// ██║ ██║ ██║██║███████╗██║██║ ╚████║╚██████╔╝
|
|
|
|
// ╚═╝ ╚═╝ ╚═╝╚═╝╚══════╝╚═╝╚═╝ ╚═══╝ ╚═════╝
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod failing {
|
|
|
|
use assert_cmd::prelude::*;
|
|
|
|
use std::env;
|
|
|
|
use std::process::Command;
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn bad_input_data_url() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
|
|
|
let out = cmd.arg("data:,Hello%2C%20World!").output().unwrap();
|
|
|
|
|
|
|
|
// STDERR should contain error description
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stderr),
|
|
|
|
"Unsupported document media type\n"
|
2021-06-02 15:41:41 +02:00
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDOUT should contain HTML
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stdout), "");
|
|
|
|
|
|
|
|
// Exit code should be 1
|
2021-06-02 15:41:41 +02:00
|
|
|
out.assert().code(1);
|
|
|
|
}
|
2021-01-01 01:38:31 +01:00
|
|
|
|
|
|
|
#[test]
|
2021-03-16 07:10:50 +01:00
|
|
|
fn security_disallow_local_assets_within_data_url_targets() {
|
|
|
|
let mut cmd = Command::cargo_bin(env!("CARGO_PKG_NAME")).unwrap();
|
2021-01-01 01:38:31 +01:00
|
|
|
let out = cmd
|
|
|
|
.arg("-M")
|
|
|
|
.arg("data:text/html,%3Cscript%20src=\"src/tests/data/basic/local-script.js\"%3E%3C/script%3E")
|
|
|
|
.output()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// STDERR should be empty
|
|
|
|
assert_eq!(String::from_utf8_lossy(&out.stderr), "");
|
|
|
|
|
2021-01-01 01:38:31 +01:00
|
|
|
// STDOUT should contain HTML with no JS in it
|
|
|
|
assert_eq!(
|
2021-06-08 14:30:15 +02:00
|
|
|
String::from_utf8_lossy(&out.stdout),
|
2021-03-11 23:44:02 +01:00
|
|
|
"<html><head><script src=\"data:application/javascript;base64,\"></script></head><body></body></html>\n"
|
2021-01-01 01:38:31 +01:00
|
|
|
);
|
|
|
|
|
2021-06-08 14:30:15 +02:00
|
|
|
// Exit code should be 0
|
2021-01-01 01:38:31 +01:00
|
|
|
out.assert().code(0);
|
|
|
|
}
|
|
|
|
}
|