Refactor qute://settings CSRF tests
This commit is contained in:
Florian Bruhin
parent
4c54ebf70f
commit
39cc352253
@ -142,29 +142,25 @@ Feature: Special qute:// pages
|
||||
And I press the key "<Tab>"
|
||||
Then "Invalid value 'foo' *" should be logged
|
||||
|
||||
@qtwebkit_skip
|
||||
Scenario: qute://settings CSRF via img (webengine)
|
||||
Scenario: qute://settings CSRF via img
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-img
|
||||
Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged
|
||||
Then the img request should be blocked
|
||||
|
||||
@qtwebkit_skip
|
||||
Scenario: qute://settings CSRF via link (webengine)
|
||||
Scenario: qute://settings CSRF via link
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-link
|
||||
Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged
|
||||
Then the link request should be blocked
|
||||
|
||||
@qtwebkit_skip
|
||||
Scenario: qute://settings CSRF via redirect (webengine)
|
||||
Scenario: qute://settings CSRF via redirect
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-redirect
|
||||
Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged
|
||||
Then the redirect request should be blocked
|
||||
|
||||
@qtwebkit_skip
|
||||
Scenario: qute://settings CSRF via form (webengine)
|
||||
Scenario: qute://settings CSRF via form
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-form
|
||||
Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged
|
||||
Then the form request should be blocked
|
||||
|
||||
@qtwebkit_skip
|
||||
Scenario: qute://settings CSRF token (webengine)
|
||||
@ -173,32 +169,6 @@ Feature: Special qute:// pages
|
||||
Then "RequestDeniedError while handling qute://* URL" should be logged
|
||||
And the error "Invalid CSRF token for qute://settings!" should be shown
|
||||
|
||||
@qtwebengine_skip
|
||||
Scenario: qute://settings CSRF via img (webkit)
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-img
|
||||
Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged
|
||||
|
||||
@qtwebengine_skip
|
||||
Scenario: qute://settings CSRF via link (webkit)
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-link
|
||||
Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged
|
||||
And "Error while loading qute://settings/set?*: Invalid qute://settings request" should be logged
|
||||
|
||||
@qtwebengine_skip
|
||||
Scenario: qute://settings CSRF via redirect (webkit)
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-redirect
|
||||
Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged
|
||||
And "Error while loading qute://settings/set?*: Invalid qute://settings request" should be logged
|
||||
|
||||
@qtwebengine_skip
|
||||
Scenario: qute://settings CSRF via form (webkit)
|
||||
When I open data/misc/qutescheme_csrf.html
|
||||
And I run :click-element id via-form
|
||||
Then "Error while loading qute://settings/set?*: Unsupported request type" should be logged
|
||||
|
||||
# pdfjs support
|
||||
|
||||
Scenario: pdfjs is used for pdf files
|
||||
|
||||
@ -17,5 +17,42 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with qutebrowser. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import re
|
||||
|
||||
import pytest_bdd as bdd
|
||||
bdd.scenarios('qutescheme.feature')
|
||||
|
||||
|
||||
@bdd.then(bdd.parsers.parse("the {kind} request should be blocked"))
|
||||
def request_blocked(request, quteproc, kind):
|
||||
blocking_set_msg = (
|
||||
"Blocking malicious request from qute://settings/set?* to "
|
||||
"qute://settings/set?*")
|
||||
blocking_csrf_msg = (
|
||||
"Blocking malicious request from "
|
||||
"http://localhost:*/data/misc/qutescheme_csrf.html to "
|
||||
"qute://settings/set?*")
|
||||
webkit_error_invalid = (
|
||||
"Error while loading qute://settings/set?*: Invalid qute://settings "
|
||||
"request")
|
||||
webkit_error_unsupported = (
|
||||
"Error while loading qute://settings/set?*: Unsupported request type")
|
||||
|
||||
if request.config.webengine:
|
||||
expected_messages = {
|
||||
'img': [blocking_csrf_msg],
|
||||
'link': [blocking_set_msg],
|
||||
'redirect': [blocking_set_msg],
|
||||
'form': [blocking_set_msg],
|
||||
}
|
||||
else: # QtWebKit
|
||||
expected_messages = {
|
||||
'img': [blocking_csrf_msg],
|
||||
'link': [blocking_csrf_msg, webkit_error_invalid],
|
||||
'redirect': [blocking_csrf_msg, webkit_error_invalid],
|
||||
'form': [webkit_error_unsupported],
|
||||
}
|
||||
|
||||
for pattern in expected_messages[kind]:
|
||||
msg = quteproc.wait_for(message=pattern)
|
||||
msg.expected = True
|
||||
|
||||
Loading…
Reference in New Issue
Block a user