sketch out some more sandbox tests and note down some improvements

pull/1/head
ansuz 4 years ago
parent 87c6e3270d
commit 0c7f77f5ed

@ -12,6 +12,12 @@ html, body {
color: @cryptpad_text_col;
font-family: "IBM Plex Mono";
iframe.sandbox-test {
display: block;
width: 100%;
height: 100%;
}
.report {
font-size: 30px;
max-width: 50%;

@ -20,6 +20,7 @@ define([
], function ($, ApiConfig, Assertions, h, Messages, DomReady,
nThen, SFCommonO, Login, Hash, Util, Pinpad,
NetConfig, Pages) {
var Assert = Assertions();
var trimSlashes = function (s) {
if (typeof(s) !== 'string') { return s; }
@ -52,6 +53,13 @@ define([
var trimmedSafe = trimSlashes(ApiConfig.httpSafeOrigin);
var trimmedUnsafe = trimSlashes(ApiConfig.httpUnsafeOrigin);
/*
// XXX display results from this iframe on this page
document.body.appendChild(h('iframe', {
class: 'sandbox-test',
src: trimmedSafe + '/checkup/sandbox/index.html',
}));
*/
assert(function (cb, msg) {
msg.appendChild(h('span', [
@ -117,7 +125,7 @@ define([
var checkAvailability = function (url, cb) {
$.ajax({
url: url,
url: url, // XXX bust cache
data: {},
complete: function (xhr) {
cb(xhr.status === 200);
@ -158,6 +166,7 @@ define([
]));
var to;
var obj;
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
@ -165,8 +174,13 @@ define([
console.error('TIMEOUT loading iframe on the safe domain');
cb(false);
}, 5000);
SFCommonO.initIframe(waitFor);
obj = SFCommonO.initIframe(waitFor);
}).nThen(function () {
SFCommonO.start({
href: obj.href,
});
}).nThen(function () {
console.error("DONE?");
// Iframe is loaded
clearTimeout(to);
cb(true);
@ -344,7 +358,7 @@ define([
//'cross-origin-opener-policy': 'same-origin', // FIXME this is in our nginx config but not server.js
};
$.ajax(url, {
$.ajax(url, { // XXX bust cache
complete: function (xhr) {
cb(!Object.keys(expect).some(function (k) {
var response = xhr.getResponseHeader(k);
@ -390,7 +404,7 @@ define([
RESTART_WARNING(),
]));
$.ajax(sheetURL, {
$.ajax(sheetURL, { // FIXME bust cache
complete: function (xhr) {
var csp = xhr.getResponseHeader('Content-Security-Policy');
if (!/unsafe\-eval/.test(csp)) {
@ -416,7 +430,7 @@ define([
"Your browser console may provide more details as to why this resource could not be loaded. ",
]));
$.ajax('/api/broadcast', {
$.ajax('/api/broadcast', { // XXX bust cache
dataType: 'text',
complete: function (xhr) {
cb(xhr.status === 200);
@ -429,7 +443,7 @@ define([
};
var checkAPIHeaders = function (url, msg, cb) {
$.ajax(url, {
$.ajax(url, { // XXX bust cache
dataType: 'text',
complete: function (xhr) {
var allHeaders = xhr.getAllResponseHeaders();
@ -481,13 +495,13 @@ define([
var INCORRECT_HEADER_TEXT = ' was served with duplicated or incorrect headers. Compare your reverse-proxy configuration against the provided example.';
assert(function (cb, msg) {
var url = '/api/config';
var url = '/api/config'; // XXX bust cache
msg.innerText = url + INCORRECT_HEADER_TEXT;
checkAPIHeaders(url, msg, cb);
});
assert(function (cb, msg) {
var url = '/api/broadcast';
var url = '/api/broadcast'; // XXX bust cache
msg.innerText = url + INCORRECT_HEADER_TEXT;
checkAPIHeaders(url, msg, cb);
});

@ -0,0 +1,11 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="content-type"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
</head>
<body>
<div id="cp-progress"></div>
<iframe-placeholder>

@ -0,0 +1,175 @@
define([
'jquery',
'/api/config',
'/assert/assertions.js',
'/common/hyperscript.js',
'/customize/messages.js',
'/common/dom-ready.js',
'/bower_components/nthen/index.js',
'/common/sframe-common-outer.js',
'/customize/login.js',
'/common/common-hash.js',
'/common/common-util.js',
'/common/pinpad.js',
'/common/outer/network-config.js',
'/customize/pages.js',
'/bower_components/tweetnacl/nacl-fast.min.js',
'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
'less!/checkup/app-checkup.less',
], function ($, ApiConfig, Assertions, h, Messages, DomReady,
nThen, SFCommonO, Login, Hash, Util, Pinpad,
NetConfig, Pages) {
var Assert = Assertions();
var assert = function (f, msg) {
Assert(f, msg || h('span.advisory-text.cp-danger'));
};
var code = function (content) {
return h('code', content);
};
var getHeaders = function (url, cb) {
$.ajax(url + "?test=" + (+new Date()), {
dataType: 'text',
complete: function (xhr) {
var allHeaders = xhr.getAllResponseHeaders();
return void cb(void 0, allHeaders, xhr);
},
});
};
var parseCSP = function (CSP) {
//console.error(CSP);
var CSP_headers = {};
CSP.split(";")
.forEach(function (rule) {
rule = (rule || "").trim();
if (!rule) { return; }
var parts = rule.split(/\s/);
var first = parts[0];
var rest = rule.slice(first.length + 1);
CSP_headers[first] = rest;
//console.error(rule.trim());
console.info("[%s] '%s'", first, rest);
});
return CSP_headers;
};
var hasUnsafeEval = function (CSP_headers) {
return /unsafe\-eval/.test(CSP_headers['script-src']);
};
var hasUnsafeInline = function (CSP_headers) {
return /unsafe\-inline/.test(CSP_headers['script-src']);
};
var hasOnlyOfficeHeaders = function (CSP_headers) {
if (!hasUnsafeEval(CSP_headers)) {
console.error("NO_UNSAFE_EVAL");
console.log(CSP_headers);
return false;
}
if (!hasUnsafeInline(CSP_headers)) {
console.error("NO_UNSAFE_INLINE");
return void false;
}
return true;
};
// XXX run these from /checkup/inner.js and report to /checkup/main.js
assert(function (cb, msg) {
var url = '/sheet/inner.html';
msg.appendChild(h('span', [
code(url),
' has the wrong headers.',
]));
getHeaders(url, function (err, headers, xhr) {
var CSP_headers = parseCSP(xhr.getResponseHeader('content-security-policy'));
cb(hasOnlyOfficeHeaders(CSP_headers));
});
});
assert(function (cb, msg) {
var url = '/common/onlyoffice/v4/web-apps/apps/spreadsheeteditor/main/index.html';
msg.appendChild(h('span', [
code(url),
' has the wrong headers.',
]));
getHeaders(url, function (err, headers, xhr) {
var CSP_headers = parseCSP(xhr.getResponseHeader('content-security-policy'));
cb(hasOnlyOfficeHeaders(CSP_headers));
});
});
var row = function (cells) {
return h('tr', cells.map(function (cell) {
return h('td', cell);
}));
};
var failureReport = function (obj) {
return h('div.error', [
h('h5', obj.message),
h('table', [
row(["Failed test number", obj.test + 1]),
row(["Returned value", obj.output]),
]),
]);
};
var completed = 0;
var $progress = $('#cp-progress');
var versionStatement = function () {
return h('p', [
"This instance is running ",
h('span.cp-app-checkup-version',[
"CryptPad",
' ',
Pages.versionString,
]),
'.',
]);
};
Assert.run(function (state) {
var errors = state.errors;
var failed = errors.length;
Messages.assert_numberOfTestsPassed = "{0} / {1} tests passed.";
var statusClass = failed? 'failure': 'success';
var failedDetails = "Details found below";
var successDetails = "This checkup only tests the most common configuration issues. You may still experience errors or incorrect behaviour.";
var details = h('p', failed? failedDetails: successDetails);
var summary = h('div.summary.' + statusClass, [
versionStatement(),
h('p', Messages._getKey('assert_numberOfTestsPassed', [
state.passed,
state.total
])),
details,
]);
var report = h('div.report', [
summary,
h('div.failures', errors.map(failureReport)),
]);
$progress.remove();
$('body').prepend(report);
}, function (i, total) {
console.log('test '+ i +' completed');
completed++;
Messages.assert_numberOfTestsCompleted = "{0} / {1} tests completed.";
$progress.html('').append(h('div.report.pending.summary', [
versionStatement(),
h('p', [
h('i.fa.fa-spinner.fa-pulse'),
h('span', Messages._getKey('assert_numberOfTestsCompleted', [completed, total]))
])
]));
});
});
Loading…
Cancel
Save