def test_audio_fingerprinting(self): db = self.visit('/audio_fingerprinting.html') # Check that all calls and methods are recorded rows = db_utils.get_javascript_entries(db) observed_symbols = set() for item in rows: observed_symbols.add(item[1]) assert AUDIO_SYMBOLS == observed_symbols
def test_canvas_fingerprinting(self): db = self.visit('/canvas_fingerprinting.html') # Check that all calls and methods are recorded rows = db_utils.get_javascript_entries(db) observed_rows = set() for row in rows: item = (row['script_url'], row['symbol'], row['operation'], row['value'], row['arguments']) observed_rows.add(item) assert CANVAS_CALLS == observed_rows
def test_instrument_object(self): """ Ensure instrumentObject logs all property gets, sets, and calls """ db = self.visit('/js_instrument/instrument_object.html') rows = db_utils.get_javascript_entries(db, all_columns=True) # Check calls of non-recursive instrumentation self._check_calls(rows, 'window.test.', TOP_URL, TOP_URL) self._check_calls(rows, 'window.frame1Test.', FRAME1_URL, TOP_URL) self._check_calls(rows, 'window.frame2Test.', FRAME2_URL, TOP_URL) # Check calls of recursive instrumentation observed_gets_and_sets = set() observed_calls = set() for row in rows: if not row['symbol'].startswith('window.test2.nestedObj'): continue assert row['document_url'] == TOP_URL assert row['top_level_url'] == TOP_URL if row['operation'] == 'get' or row['operation'] == 'set': observed_gets_and_sets.add( (row['symbol'], row['operation'], row['value'])) else: observed_calls.add( (row['symbol'], row['operation'], row['arguments'])) assert observed_calls == RECURSIVE_METHOD_CALLS assert observed_gets_and_sets == RECURSIVE_GETS_AND_SETS # Check that calls not present after default recursion limit (5) # We should only see the window.test2.l1.l2.l3.l4.l5.prop access # and not window.test2.l1.l2.l3.l4.l5.l6.prop access. prop_access = set() for row in rows: if not row['symbol'].startswith('window.test2.l1'): continue assert row['document_url'] == TOP_URL assert row['top_level_url'] == TOP_URL prop_access.add((row['symbol'], row['operation'], row['value'])) assert prop_access == RECURSIVE_PROP_SET # Check calls of object with sets prevented observed_gets_and_sets = set() observed_calls = set() for row in rows: if not row['symbol'].startswith('window.test3'): continue assert row['document_url'] == TOP_URL assert row['top_level_url'] == TOP_URL if row['operation'] == 'call': observed_calls.add( (row['symbol'], row['operation'], row['arguments'])) else: observed_gets_and_sets.add( (row['symbol'], row['operation'], row['value'])) assert observed_calls == SET_PREVENT_CALLS assert observed_gets_and_sets == SET_PREVENT_GETS_AND_SETS
def test_document_cookie_instrumentation(self): db = self.visit(utilities.BASE_TEST_URL + "/js_cookie.html") rows = db_utils.get_javascript_entries(db, all_columns=True) captured_cookie_calls = set() for row in rows: item = (row['script_url'], row['script_line'], row['script_col'], row['func_name'], row['script_loc_eval'], row['call_stack'], row['symbol'], row['operation'], row['value']) captured_cookie_calls.add(item) assert captured_cookie_calls == DOCUMENT_COOKIE_READ_WRITE
def test_js_call_stack(self): db = self.visit('/js_call_stack.html') # Check that all stack info are recorded rows = db_utils.get_javascript_entries(db, all_columns=True) observed_rows = set() for row in rows: item = (row['script_url'], row['script_line'], row['script_col'], row['func_name'], row['script_loc_eval'], row['call_stack'], row['symbol'], row['operation']) observed_rows.add(item) assert JS_STACK_CALLS == observed_rows
def test_js_time_stamp(self): # Check that timestamp is recorded correctly for the javascript table MAX_TIMEDELTA = 30 # max time diff in seconds db = self.visit('/js_call_stack.html') utc_now = datetime.utcnow() # OpenWPM stores timestamp in UTC time rows = db_utils.get_javascript_entries(db, all_columns=True) assert len(rows) # make sure we have some JS events captured for row in rows: js_time = datetime.strptime(row['time_stamp'], "%Y-%m-%dT%H:%M:%S.%fZ") # compare UTC now and the timestamp recorded at the visit assert (utc_now - js_time).seconds < MAX_TIMEDELTA assert not db_utils.any_command_failed(db)
def test_webrtc_localip(self): db = self.visit('/webrtc_localip.html') # Check that all calls and methods are recorded rows = db_utils.get_javascript_entries(db) observed_rows = set() for row in rows: if (row['symbol'] == "RTCPeerConnection.setLocalDescription" and row['operation'] == 'call'): sdp_offer = row['arguments'] self.check_webrtc_sdp_offer(sdp_offer) else: item = (row['script_url'], row['symbol'], row['operation'], row['value'], row['arguments']) observed_rows.add(item) assert WEBRTC_CALLS == observed_rows