CDVWhitelistTests.m | searchcode

/node_modules/cordova-ios/tests/CordovaLibTests/CDVWhitelistTests.m

https://gitlab.com/blocknotary/IonicInterviews
Objective C | 332 lines | 231 code | 70 blank | 31 comment | 0 complexity | 2cfc11f743f8d9ab86ccd19bce087825 MD5 | raw file

/*
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 */

#import <XCTest/XCTest.h>

#import <Cordova/CDVWhitelist.h>
#import "CDVIntentAndNavigationFilter.h"

@interface CDVWhitelistTests : XCTestCase
@end

@implementation CDVWhitelistTests

- (void)setUp
{
    [super setUp];

    // setup code here
}

- (void)tearDown
{
    // Tear-down code here.

    [super tearDown];
}

- (void)testAllowedSchemes
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"*.apache.org",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist schemeIsAllowed:@"http"]);
    XCTAssertTrue([whitelist schemeIsAllowed:@"https"]);
    XCTAssertTrue([whitelist schemeIsAllowed:@"ftp"]);
    XCTAssertTrue([whitelist schemeIsAllowed:@"ftps"]);
    XCTAssertFalse([whitelist schemeIsAllowed:@"gopher"]);
}

- (void)testSubdomainWildcard
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"*.apache.org",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://build.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://sub1.sub0.build.apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org.ca"]]);
}

- (void)testCatchallWildcardOnly
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"*",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://build.apache.prg"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"ftp://MyDangerousSite.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"ftps://apache.org.SuspiciousSite.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"gopher://apache.org"]]);
}

- (void)testURISchemesNotFollowedByDoubleSlashes
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
                             @"tel:*",
                             @"sms:*",
                             nil];
    
    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];
    
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"tel:1234567890"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"sms:1234567890"]]);
}

- (void)testCatchallWildcardByProto
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"http://*",
        @"https://*",
        @"ftp://*",
        @"ftps://*",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://build.apache.prg"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"ftp://MyDangerousSite.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"ftps://apache.org.SuspiciousSite.com"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"gopher://apache.org"]]);
}

- (void)testExactMatch
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"www.apache.org",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://www.apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://build.apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
}

- (void)testNoMatchInQueryParam
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"www.apache.org",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=http://www.apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=www.apache.org"]]);
}

- (void)testIpExactMatch
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"192.168.1.1",
        @"192.168.2.1",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.1.1"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.2.1"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.3.1"]]);
}

- (void)testIpWildcardMatch
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"192.168.1.*",
        @"192.168.2.*",
        nil];
    
    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    
    // Ever since Cordova 3.1, whitelist wildcards are simplified, only "*" and "*.apache.org" (subdomain example) are allowed. Therefore the next four tests should fail
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.1.1"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.1.2"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.2.1"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.2.2"]]);
    
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://192.168.3.1"]]);
}

- (void)testHostnameExtraction
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"http://apache.org/",
        @"http://apache.org/foo/bar?x=y",
        @"ftp://apache.org/foo/bar?x=y",
        @"ftps://apache.org/foo/bar?x=y",
        @"http://apache.*/foo/bar?x=y",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org/"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://google.com/"]]);
}

- (void)testWhitelistRejectionString
{
    NSArray* allowedHosts = [NSArray arrayWithObject:@"http://www.yahoo.com/"];  // Doesn't matter in this test.
    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    NSURL* testUrl = [NSURL URLWithString:@"http://www/google.com"];
    NSString* errorString = [whitelist errorStringForURL:testUrl];
    NSString* expectedErrorString = [NSString stringWithFormat:kCDVDefaultWhitelistRejectionString, [testUrl absoluteString]];

    XCTAssertTrue([expectedErrorString isEqualToString:errorString], @"Default error string has an unexpected value.");

    whitelist.whitelistRejectionFormatString = @"Hey, '%@' is, like, bogus man!";
    errorString = [whitelist errorStringForURL:testUrl];
    expectedErrorString = [NSString stringWithFormat:whitelist.whitelistRejectionFormatString, [testUrl absoluteString]];
    XCTAssertTrue([expectedErrorString isEqualToString:errorString], @"Customized whitelist rejection string has unexpected value.");
}

- (void)testSpecificProtocol
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"http://www.apache.org",
        @"cordova://www.google.com",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://www.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"cordova://www.google.com"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"cordova://www.apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://www.google.com"]]);
}

- (void)testWildcardPlusOtherUrls
{
    // test for https://issues.apache.org/jira/browse/CB-3394

    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"*",
        @"cordova.apache.org",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://*.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://www.google.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"ftp://cordova.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://cordova.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://cordova.apache.org"]]);
}

- (void)testWildcardScheme
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"*://*.test.com",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"gopher://testtt.com"]]);
    
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"gopher://test.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://test.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://my.test.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://test.com"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://my.test.com"]]);

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://test.com/my/path"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://my.test.com/my/path"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://test.com/my/path"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"https://my.test.com/my/path"]]);

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"gopher://test.com#foo"]]);
    XCTAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"#foo"]]);
}

- (void)testCredentials
{
    NSArray* allowedHosts = [NSArray arrayWithObjects:
        @"http://*.apache.org",
        @"http://www.google.com",
        nil];

    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];

    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://user:pass@www.apache.org"]]);
    XCTAssertTrue([whitelist URLIsAllowed:[NSURL URLWithString:@"http://user:pass@www.google.com"]]);
}

- (void)testAllowIntentsAndNavigations
{
    NSArray* allowIntents = @[ @"https://*" ];
    NSArray* allowNavigations = @[ @"https://*.apache.org" ];
    
    CDVWhitelist* intentsWhitelist = [[CDVWhitelist alloc] initWithArray:allowIntents];
    CDVWhitelist* navigationsWhitelist = [[CDVWhitelist alloc] initWithArray:allowNavigations];
    
    // Test allow-navigation superceding allow-intent
    XCTAssertEqual([CDVIntentAndNavigationFilter filterUrl:[NSURL URLWithString:@"https://apache.org/foo.html"] intentsWhitelist:intentsWhitelist navigationsWhitelist:navigationsWhitelist], CDVIntentAndNavigationFilterValueNavigationAllowed);
    // Test wildcard https as allow-intent
    XCTAssertEqual([CDVIntentAndNavigationFilter filterUrl:[NSURL URLWithString:@"https://google.com"] intentsWhitelist:intentsWhitelist navigationsWhitelist:navigationsWhitelist], CDVIntentAndNavigationFilterValueIntentAllowed);
    // Test http (not allowed in either)
    XCTAssertEqual([CDVIntentAndNavigationFilter filterUrl:[NSURL URLWithString:@"http://google.com"] intentsWhitelist:intentsWhitelist navigationsWhitelist:navigationsWhitelist], CDVIntentAndNavigationFilterValueNoneAllowed);
    
    
    NSURL* telUrl = [NSURL URLWithString:@"tel:5555555"];
    NSMutableURLRequest* telRequest = [NSMutableURLRequest requestWithURL:telUrl];
    telRequest.mainDocumentURL = telUrl;
    
    // mainDocumentURL and URL are the same in the NSURLRequest
    // Only UIWebViewNavigationTypeLinkClicked and UIWebViewNavigationTypeOther should return YES
    XCTAssertTrue([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeLinkClicked]);
    XCTAssertTrue([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeOther]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeReload]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeBackForward]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeFormSubmitted]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeFormResubmitted]);
    
    telRequest.mainDocumentURL = nil;
    // mainDocumentURL and URL are not the same in the NSURLRequest
    // Only UIWebViewNavigationTypeLinkClicked should return YES
    XCTAssertTrue([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeLinkClicked]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeOther]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeReload]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeBackForward]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeFormSubmitted]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOpenURLRequest:telRequest navigationType:UIWebViewNavigationTypeFormResubmitted]);
    
    NSURLRequest* request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"http://apache.org"]];
    // Only CDVIntentAndNavigationFilterValueNavigationAllowed should return YES
    // navigationType doesn't matter
    XCTAssertTrue([CDVIntentAndNavigationFilter shouldOverrideLoadWithRequest:request navigationType:UIWebViewNavigationTypeOther filterValue:CDVIntentAndNavigationFilterValueNavigationAllowed]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOverrideLoadWithRequest:request navigationType:UIWebViewNavigationTypeOther filterValue:CDVIntentAndNavigationFilterValueIntentAllowed]);
    XCTAssertFalse([CDVIntentAndNavigationFilter shouldOverrideLoadWithRequest:request navigationType:UIWebViewNavigationTypeOther filterValue:CDVIntentAndNavigationFilterValueNoneAllowed]);
}


@end