1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/tbb-tests/browser_tor_TB4.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,188 @@
1.4 +// # Test for TB4: Tor Browser's Firefox preference overrides
1.5 +// Simple regression tests to check the value of each pref and
1.6 +// decides if it is set as expected.
1.7 +
1.8 +// TODO: Write unit tests to check that each pref setting here
1.9 +// causes the browser to have the desired behavior (a big task).
1.10 +
1.11 +function test() {
1.12 +
1.13 +let expectedPrefs = [
1.14 + // Disable browser auto updaters and associated homepage notifications
1.15 + ["app.update.auto", false],
1.16 + ["app.update.enabled", false],
1.17 + ["browser.search.update", false],
1.18 + ["browser.rights.3.shown", true],
1.19 + ["browser.startup.homepage_override.mstone", "ignore"],
1.20 + ["startup.homepage_welcome_url", ""],
1.21 + ["startup.homepage_override_url", ""],
1.22 +
1.23 + // Disk activity: Disable Browsing History Storage
1.24 + ["browser.privatebrowsing.autostart", true],
1.25 + ["browser.cache.disk.enable", false],
1.26 + ["browser.cache.offline.enable", false],
1.27 + ["dom.indexedDB.enabled", false],
1.28 + ["permissions.memory_only", true],
1.29 + ["network.cookie.lifetimePolicy", 2],
1.30 + ["browser.download.manager.retention", 1],
1.31 + ["security.nocertdb", true],
1.32 +
1.33 + // Disk activity: TBB Directory Isolation
1.34 + ["browser.download.useDownloadDir", false],
1.35 + ["browser.shell.checkDefaultBrowser", false],
1.36 + ["browser.download.manager.addToRecentDocs", false],
1.37 +
1.38 + // Misc privacy: Disk
1.39 + ["signon.rememberSignons", false],
1.40 + ["browser.formfill.enable", false],
1.41 + ["signon.autofillForms", false],
1.42 + ["browser.sessionstore.privacy_level", 2],
1.43 + ["media.cache_size", 0],
1.44 +
1.45 + // Misc privacy: Remote
1.46 + ["browser.send_pings", false],
1.47 + ["geo.enabled", false],
1.48 + ["geo.wifi.uri", ""],
1.49 + ["browser.search.suggest.enabled", false],
1.50 + ["browser.safebrowsing.enabled", false],
1.51 + ["browser.safebrowsing.malware.enabled", false],
1.52 + ["browser.download.manager.scanWhenDone", false], // prevents AV remote reporting of downloads
1.53 + ["extensions.ui.lastCategory", "addons://list/extension"],
1.54 + ["datareporting.healthreport.service.enabled", false], // Yes, all three of these must be set
1.55 + ["datareporting.healthreport.uploadEnabled", false],
1.56 + ["datareporting.policy.dataSubmissionEnabled", false],
1.57 + ["security.mixed_content.block_active_content", false], // Disable until https://bugzilla.mozilla.org/show_bug.cgi?id=878890 is patched
1.58 + ["browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"], // Don't promote sync
1.59 + ["services.sync.engine.prefs", false], // Never sync prefs, addons, or tabs with other browsers
1.60 + ["services.sync.engine.addons", false],
1.61 + ["services.sync.engine.tabs", false],
1.62 + ["extensions.getAddons.cache.enabled", false], // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
1.63 +
1.64 + // Fingerprinting
1.65 + ["webgl.min_capability_mode", true],
1.66 + ["webgl.disable-extensions", true],
1.67 + ["dom.battery.enabled", false], // fingerprinting due to differing OS implementations
1.68 + ["dom.network.enabled",false], // fingerprinting due to differing OS implementations
1.69 + ["browser.display.max_font_attempts",10],
1.70 + ["browser.display.max_font_count",10],
1.71 + ["gfx.downloadable_fonts.fallback_delay", -1],
1.72 + ["general.appname.override", "Netscape"],
1.73 + ["general.appversion.override", "5.0 (Windows)"],
1.74 + ["general.oscpu.override", "Windows NT 6.1"],
1.75 + ["general.platform.override", "Win32"],
1.76 + ["general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0"],
1.77 + ["general.productSub.override", "20100101"],
1.78 + ["general.buildID.override", "20100101"],
1.79 + ["browser.startup.homepage_override.buildID", "20100101"],
1.80 + ["general.useragent.vendor", ""],
1.81 + ["general.useragent.vendorSub", ""],
1.82 + ["dom.enable_performance", false],
1.83 + ["plugin.expose_full_path", false],
1.84 + ["browser.zoom.siteSpecific", false],
1.85 + ["intl.charset.default", "windows-1252"],
1.86 + //["intl.accept_languages", "en-us, en"], // Set by Torbutton
1.87 + //["intl.accept_charsets", "iso-8859-1,*,utf-8"], // Set by Torbutton
1.88 + //["intl.charsetmenu.browser.cache", "UTF-8"], // Set by Torbutton
1.89 +
1.90 + // Third party stuff
1.91 + ["network.cookie.cookieBehavior", 1],
1.92 + ["security.enable_tls_session_tickets", false],
1.93 + ["network.http.spdy.enabled", false], // Stores state and may have keepalive issues (both fixable)
1.94 + ["network.http.spdy.enabled.v2", false], // Seems redundant, but just in case
1.95 + ["network.http.spdy.enabled.v3", false], // Seems redundant, but just in case
1.96 +
1.97 + // Proxy and proxy security
1.98 + ["network.proxy.socks", "127.0.0.1"],
1.99 + ["network.proxy.socks_port", 9150],
1.100 + ["network.proxy.socks_remote_dns", true],
1.101 + ["network.proxy.no_proxies_on", ""], // For fingerprinting and local service vulns (#10419)
1.102 + ["network.proxy.type", 1],
1.103 + ["network.security.ports.banned", "9050,9051,9150,9151"],
1.104 + ["network.dns.disablePrefetch", true],
1.105 + ["network.protocol-handler.external-default", false],
1.106 + ["network.protocol-handler.external.mailto", false],
1.107 + ["network.protocol-handler.external.news", false],
1.108 + ["network.protocol-handler.external.nntp", false],
1.109 + ["network.protocol-handler.external.snews", false],
1.110 + ["network.protocol-handler.warn-external.mailto", true],
1.111 + ["network.protocol-handler.warn-external.news", true],
1.112 + ["network.protocol-handler.warn-external.nntp", true],
1.113 + ["network.protocol-handler.warn-external.snews", true],
1.114 + ["plugins.click_to_play", true],
1.115 +
1.116 + // Network and performance
1.117 + ["network.http.pipelining", true],
1.118 + ["network.http.pipelining.aggressive", true],
1.119 + ["network.http.pipelining.maxrequests", 12],
1.120 + ["network.http.pipelining.ssl", true],
1.121 + ["network.http.proxy.pipelining", true],
1.122 + ["security.ssl.enable_false_start", true],
1.123 + ["network.http.keep-alive.timeout", 20],
1.124 + ["network.http.connection-retry-timeout", 0],
1.125 + ["network.http.max-persistent-connections-per-proxy", 256],
1.126 + ["network.http.pipelining.reschedule-timeout", 15000],
1.127 + ["network.http.pipelining.read-timeout", 60000],
1.128 + // Hacked pref: Now means "Attempt to pipeline at least this many requests together"
1.129 + ["network.http.pipelining.max-optimistic-requests", 3],
1.130 + ["security.disable_session_identifiers", true],
1.131 +
1.132 + // Extension support
1.133 + ["extensions.autoDisableScopes", 0],
1.134 + ["extensions.bootstrappedAddons", "{}"],
1.135 + ["extensions.checkCompatibility.4.*", false],
1.136 + ["extensions.databaseSchema", 3],
1.137 + ["extensions.enabledAddons", "https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5"],
1.138 + ["extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8"],
1.139 + ["extensions.enabledScopes", 1],
1.140 + ["extensions.pendingOperations", false],
1.141 + ["xpinstall.whitelist.add", ""],
1.142 + ["xpinstall.whitelist.add.36", ""],
1.143 +
1.144 + // Omnibox settings
1.145 + ["keyword.URL", "https://startpage.com/do/search?q="],
1.146 +
1.147 + // Hacks/workarounds: Direct2D seems to crash w/ lots of video cards w/ MinGW?
1.148 + // Nvida cards also experience crashes without the second pref set to disabled
1.149 + ["gfx.direct2d.disabled", true],
1.150 + ["layers.acceleration.disabled", true],
1.151 +
1.152 + // Security enhancements
1.153 + // https://trac.torproject.org/projects/tor/ticket/9387#comment:17
1.154 + ["javascript.options.ion.content", false],
1.155 + ["javascript.options.baselinejit.content", false],
1.156 + ["javascript.options.asmjs", false],
1.157 + ["javascript.options.typeinference", false],
1.158 +
1.159 + // Audio_data is deprecated in future releases, but still present
1.160 + // in FF24. This is a dangerous combination (spotted by iSec)
1.161 + ["media.audio_data.enabled", false],
1.162 +
1.163 + // Enable TLS 1.1 and 1.2:
1.164 + // https://trac.torproject.org/projects/tor/ticket/11253
1.165 + ["security.tls.version.max", 3],
1.166 +
1.167 + // Version placeholder
1.168 + ["torbrowser.version", "UNKNOWN"],
1.169 +
1.170 + ];
1.171 +
1.172 +
1.173 +
1.174 +
1.175 +let getPref = function (prefName) {
1.176 + let type = gPrefService.getPrefType(prefName);
1.177 + if (type === gPrefService.PREF_INT) return gPrefService.getIntPref(prefName);
1.178 + if (type === gPrefService.PREF_BOOL) return gPrefService.getBoolPref(prefName);
1.179 + if (type === gPrefService.PREF_STRING) return gPrefService.getCharPref(prefName);
1.180 + // Something went wrong.
1.181 + throw new Error("Can't access pref.");
1.182 +};
1.183 +
1.184 +let testPref = function([key, expectedValue]) {
1.185 + let foundValue = getPref(key);
1.186 + is(foundValue, expectedValue, "Pref '" + key + "' should be '" + expectedValue +"'.");
1.187 +};
1.188 +
1.189 +expectedPrefs.map(testPref);
1.190 +
1.191 +} // end function test()
