diff --git a/tests/end2end/features/qutescheme.feature b/tests/end2end/features/qutescheme.feature index fd41515a5..35c110dc5 100644 --- a/tests/end2end/features/qutescheme.feature +++ b/tests/end2end/features/qutescheme.feature @@ -142,29 +142,25 @@ Feature: Special qute:// pages And I press the key "" Then "Invalid value 'foo' *" should be logged - @qtwebkit_skip - Scenario: qute://settings CSRF via img (webengine) + Scenario: qute://settings CSRF via img When I open data/misc/qutescheme_csrf.html And I run :click-element id via-img - Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged + Then the img request should be blocked - @qtwebkit_skip - Scenario: qute://settings CSRF via link (webengine) + Scenario: qute://settings CSRF via link When I open data/misc/qutescheme_csrf.html And I run :click-element id via-link - Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged + Then the link request should be blocked - @qtwebkit_skip - Scenario: qute://settings CSRF via redirect (webengine) + Scenario: qute://settings CSRF via redirect When I open data/misc/qutescheme_csrf.html And I run :click-element id via-redirect - Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged + Then the redirect request should be blocked - @qtwebkit_skip - Scenario: qute://settings CSRF via form (webengine) + Scenario: qute://settings CSRF via form When I open data/misc/qutescheme_csrf.html And I run :click-element id via-form - Then "Blocking malicious request from qute://settings/set?* to qute://settings/set?*" should be logged + Then the form request should be blocked @qtwebkit_skip Scenario: qute://settings CSRF token (webengine) @@ -173,32 +169,6 @@ Feature: Special qute:// pages Then "RequestDeniedError while handling qute://* URL" should be logged And the error "Invalid CSRF token for qute://settings!" should be shown - @qtwebengine_skip - Scenario: qute://settings CSRF via img (webkit) - When I open data/misc/qutescheme_csrf.html - And I run :click-element id via-img - Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged - - @qtwebengine_skip - Scenario: qute://settings CSRF via link (webkit) - When I open data/misc/qutescheme_csrf.html - And I run :click-element id via-link - Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged - And "Error while loading qute://settings/set?*: Invalid qute://settings request" should be logged - - @qtwebengine_skip - Scenario: qute://settings CSRF via redirect (webkit) - When I open data/misc/qutescheme_csrf.html - And I run :click-element id via-redirect - Then "Blocking malicious request from http://localhost:*/data/misc/qutescheme_csrf.html to qute://settings/set?*" should be logged - And "Error while loading qute://settings/set?*: Invalid qute://settings request" should be logged - - @qtwebengine_skip - Scenario: qute://settings CSRF via form (webkit) - When I open data/misc/qutescheme_csrf.html - And I run :click-element id via-form - Then "Error while loading qute://settings/set?*: Unsupported request type" should be logged - # pdfjs support Scenario: pdfjs is used for pdf files diff --git a/tests/end2end/features/test_qutescheme_bdd.py b/tests/end2end/features/test_qutescheme_bdd.py index 2245143f7..a4335640e 100644 --- a/tests/end2end/features/test_qutescheme_bdd.py +++ b/tests/end2end/features/test_qutescheme_bdd.py @@ -17,5 +17,42 @@ # You should have received a copy of the GNU General Public License # along with qutebrowser. If not, see . +import re + import pytest_bdd as bdd bdd.scenarios('qutescheme.feature') + + +@bdd.then(bdd.parsers.parse("the {kind} request should be blocked")) +def request_blocked(request, quteproc, kind): + blocking_set_msg = ( + "Blocking malicious request from qute://settings/set?* to " + "qute://settings/set?*") + blocking_csrf_msg = ( + "Blocking malicious request from " + "http://localhost:*/data/misc/qutescheme_csrf.html to " + "qute://settings/set?*") + webkit_error_invalid = ( + "Error while loading qute://settings/set?*: Invalid qute://settings " + "request") + webkit_error_unsupported = ( + "Error while loading qute://settings/set?*: Unsupported request type") + + if request.config.webengine: + expected_messages = { + 'img': [blocking_csrf_msg], + 'link': [blocking_set_msg], + 'redirect': [blocking_set_msg], + 'form': [blocking_set_msg], + } + else: # QtWebKit + expected_messages = { + 'img': [blocking_csrf_msg], + 'link': [blocking_csrf_msg, webkit_error_invalid], + 'redirect': [blocking_csrf_msg, webkit_error_invalid], + 'form': [webkit_error_unsupported], + } + + for pattern in expected_messages[kind]: + msg = quteproc.wait_for(message=pattern) + msg.expected = True