Reland "Reland "Reland "Service worker web platform tests."""

This change does not change the tests themselves but how we register service workers. Previously a page reload was needed in order to make get the service worker activated. This worked fine and passed all the chrome wpts, but not on firefox see here: https://github.com/web-platform-tests/wpt/runs/24793731783. This new change uses a different technique that is used by some tests in the wpt/service-workers/ directory. Specifically, changes to the registration include: - unregister all service workers before the tests start. - service workers, once activated, will use 'clients.claim()' so that clients loaded in the same scope do not need to be reloaded before their fetches will go through this service worker. (https://developer.mozilla.org/en-US/docs/Web/API/Clients/claim) - wait for the service worker to be activated AND wait for the service worker to be controlling the page (which seems to be a common problem: w3c/ServiceWorker#799 ) This reverts commit eba96feb09f5ed94a093d012956bae1dc72cb486. Reason for revert: Changed the way we register SW, see above. Original change's description: > Revert "Reland "Reland "Service worker web platform tests.""" > > This reverts commit 9bd67ed90e90d6a2c2134d26bb8bcc4cd9436b19. > > Reason for revert: Failing in some cases. > > Original change's description: > > Reland "Reland "Service worker web platform tests."" > > > > This reverts commit 93a580699ecf6d102a5853455b5faeceea4cd31e. > > > > Reason for revert: Removed the test case that times out, > > (the one that waits for the update url). > > > > Original change's description: > > > Revert "Reland "Service worker web platform tests."" > > > > > > This reverts commit 436f1b9f6153002fd41599d5d4ec8343cf930a43. > > > > > > Reason for revert: There are still timeouts in some tests > > > > > > Original change's description: > > > > Reland "Service worker web platform tests." > > > > > > > > This reverts commit 36a1c457dac0ecaa54c0553b28f67c0c61752494. > > > > > > > > Reason for revert: The test that looks for 'update-url.py' takes too long and therefore will require this test file to be part of slowTests > > > > > > > > Original change's description: > > > > > Revert "Service worker web platform tests." > > > > > > > > > > This reverts commit 63858f1b1ed058d07e73cebb0a98214aa2cfc715. > > > > > > > > > > Reason for revert: New test added; fails immediately on some bots. > > > > > > > > > > See > > > > > https://ci.chromium.org/ui/p/chromium/builders/ci/mac11-arm64-rel-tests/38089/overview > > > > > for the first failures. (And consistently in subsequent builds) > > > > > > > > > > Original change's description: > > > > > > Service worker web platform tests. > > > > > > > > > > > > This tests that when an auction is ran, service workers do not intercept requests with URLs that are meant to be private. > > > > > > > > > > > > > > > > > > Bug: 293383734 > > > > > > Change-Id: I06858f7cae4794a35c045fb8dad30d6316a26ead > > > > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5459094 > > > > > > Commit-Queue: Youssef Bourouphael <ybourouphael@google.com> > > > > > > Reviewed-by: mmenke <mmenke@chromium.org> > > > > > > Reviewed-by: Orr Bernstein <orrb@google.com> > > > > > > Cr-Commit-Position: refs/heads/main@{#1294960} > > > > > > > > > > Bug: 293383734 > > > > > Change-Id: I3431f0e45e65767ff1529002d8a2d14657d0cb5a > > > > > No-Presubmit: true > > > > > No-Tree-Checks: true > > > > > No-Try: true > > > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5506634 > > > > > Auto-Submit: Ian Clelland <iclelland@chromium.org> > > > > > Owners-Override: Ian Clelland <iclelland@chromium.org> > > > > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > > > Cr-Commit-Position: refs/heads/main@{#1295015} > > > > > > > > Bug: 293383734 > > > > Change-Id: I762dd50282f99617796df64d73a27d149cac0a86 > > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5512083 > > > > Commit-Queue: Youssef Bourouphael <ybourouphael@google.com> > > > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > > Reviewed-by: Orr Bernstein <orrb@google.com> > > > > Reviewed-by: mmenke <mmenke@chromium.org> > > > > Cr-Commit-Position: refs/heads/main@{#1296948} > > > > > > Bug: 293383734 > > > Change-Id: I9b06c0453656aaa448d0030960a48fc264bcf867 > > > No-Presubmit: true > > > No-Tree-Checks: true > > > No-Try: true > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5515623 > > > Auto-Submit: Youssef Bourouphael <ybourouphael@google.com> > > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > Commit-Queue: mmenke <mmenke@chromium.org> > > > Reviewed-by: mmenke <mmenke@chromium.org> > > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > Cr-Commit-Position: refs/heads/main@{#1297048} > > > > Bug: 293383734 > > Change-Id: I7ae169c2750432bb1cb9c1c340585dc27d8cd419 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5521778 > > Commit-Queue: Youssef Bourouphael <ybourouphael@google.com> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > Reviewed-by: mmenke <mmenke@chromium.org> > > Reviewed-by: Orr Bernstein <orrb@google.com> > > Cr-Commit-Position: refs/heads/main@{#1298807} > > Bug: 293383734 > Change-Id: I182736b58e83dbe7fc2c5fc7e20a3e3f909772a2 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5526425 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Commit-Queue: Youssef Bourouphael <ybourouphael@google.com> > Cr-Commit-Position: refs/heads/main@{#1298902} Bug: 293383734 Change-Id: Ia501a6d9d06e72038b14b656c95f465cef373ad4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5886697 Commit-Queue: Youssef Bourouphael <ybourouphael@google.com> Reviewed-by: mmenke <mmenke@chromium.org> Reviewed-by: Orr Bernstein <orrb@google.com> Cr-Commit-Position: refs/heads/main@{#1362382}
web-platform-tests · Oct 1, 2024 · 840c572 · 840c572
1 parent 3b5b938
commit 840c572
Show file tree

Hide file tree

Showing 4 changed files with 186 additions and 0 deletions.
diff --git a/fledge/tentative/TODO b/fledge/tentative/TODO
@@ -100,3 +100,6 @@ If possible:
 * Test input with invalid https origin in web platform tests for both trusted bidding
   and scoring signals coordinators.
 * Test selectable buyer and seller reporting ids with k-anonymity enforcement.
+* Test that service workers cannot see update urls.
+    * This was attempted in [here](https://chromium-review.googlesource.com/c/chromium/src/+/5512083),
+      but needed to be reverted because it kept timing out, [see here](https://g-issues.chromium.org/issues/339048485)
diff --git a/fledge/tentative/resources/service-worker-helper.js b/fledge/tentative/resources/service-worker-helper.js
@@ -0,0 +1,21 @@
+"use strict;"
+
+// Service workers, once activated, will use 'clients.claim()'
+// so that clients loaded in the same scope do not need to be reloaded
+// before their fetches will go through this service worker.
+// (https://developer.mozilla.org/en-US/docs/Web/API/Clients/claim)
+self.addEventListener("activate", (event) => {
+  event.waitUntil(clients.claim());
+});
+
+// The service worker intercepts fetch calls and posts a message with the url to the
+// 'requests-test' broadcast channel, which the test should be listening for.
+self.addEventListener('fetch', (event) => {
+  const requestChannel = new BroadcastChannel('requests-test');
+  var url = event.request.url;
+
+  requestChannel.postMessage({
+    url: url,
+    message: "Service worker saw this URL: " + url
+  });
+});
diff --git a/fledge/tentative/resources/service-worker-helper.js.headers b/fledge/tentative/resources/service-worker-helper.js.headers
@@ -0,0 +1 @@
+Service-Worker-Allowed: /fledge/tentative/
diff --git a/fledge/tentative/service-worker-request-visibility.https.window.js b/fledge/tentative/service-worker-request-visibility.https.window.js
@@ -0,0 +1,161 @@
+// META: script=/resources/testdriver.js
+// META: script=/common/utils.js
+// META: script=resources/fledge-util.sub.js
+// META: script=/common/subset-tests.js
+// META: timeout=long
+// META: variant=?1-last
+
+"use strict;"
+
+const SERVICE_WORKER_SCRIPT = "resources/service-worker-helper.js";
+
+// List of URL fragments that uniquely identify private requests.
+// These are used to detect if a service worker has inadvertently
+// accessed any of these private requests, which should not be visible to it.
+const PRIVATE_REQUEST_FILE_NAMES = [
+  'trusted-bidding-signals.py',
+  'update-url.py', // This requires another test, since it takes a while,
+  // see TODO file for more info.
+  'wasm-helper.py',
+  'bidding-logic.py',
+  'decision-logic.py',
+  'trusted-scoring-signals.py',
+  'trusted-bidding-signals.py',
+  'bidder_report',
+  'seller_report'
+];
+
+// List of URL fragments that uniquely identify public requests.
+// These are used to verify that a service worker can correctly
+// access and intercept these public requests as expected.
+const PUBLIC_REQUEST_FILE_NAMES = [
+  'direct-from-seller-signals.py',
+];
+
+const COMPLETE_TEST_URL = 'complete-test'
+
+const CURRENT_SCOPE = "/fledge/tentative/"
+
+async function registerAndActivateServiceWorker(test) {
+  // Unregister existing service worker (if any)
+  const existingRegistration = await navigator.serviceWorker.getRegistration(CURRENT_SCOPE);
+  if (existingRegistration) {
+    await existingRegistration.unregister();
+  }
+
+  // Register new service worker
+  var newRegistration = await navigator.serviceWorker.register(`./${SERVICE_WORKER_SCRIPT}`, { scope: CURRENT_SCOPE });
+
+  test.add_cleanup(async () => {
+    await newRegistration.unregister();
+  });
+
+  await navigator.serviceWorker.ready;
+
+  // Wait for the page to be controlled by the service worker.
+  // This is needed as navigator.serviceWorker.ready does not
+  // guarantee that the page is being controlled.
+  // See https://github.com/slightlyoff/ServiceWorker/issues/799.
+  await new Promise(resolve => {
+    if (navigator.serviceWorker.controller) {
+      resolve();
+    } else {
+      navigator.serviceWorker.addEventListener('controllerchange', resolve);
+    }
+  });
+
+  // Validate the service worker
+  if (!navigator.serviceWorker.controller.scriptURL.includes(SERVICE_WORKER_SCRIPT)) {
+    throw new Error('Failed to register service worker');
+  }
+}
+
+async function setUpServiceWorkerAndGetBroadcastChannel(test) {
+  await registerAndActivateServiceWorker(test);
+  return new BroadcastChannel("requests-test");
+}
+
+// Waits for a service worker to observe specific URL filenames via a BroadcastChannel.
+// Resolves when all expected URL filenames are seen.
+function awaitServiceWorkerURLPromise(broadcastChannel, expectedURLFileNames,
+  unexpectedURLFileNames) {
+  const seenURLs = new Set();
+  return new Promise((resolve, reject) => {
+    broadcastChannel.addEventListener('message', (event) => {
+      var url = event.data.url;
+      var fileName = url.substring(url.lastIndexOf('/') + 1);
+      if (expectedURLFileNames.includes(fileName)) {
+        seenURLs.add(fileName);
+      }
+      if (unexpectedURLFileNames.includes(fileName)) {
+        reject(`unexpected result: ${fileName}`);
+      }
+      // Resolve when all `expectedURLs` have been seen.
+      if (seenURLs.size === expectedURLFileNames.length) {
+        resolve();
+      }
+    });
+  });
+}
+
+// Tests that public requests are seen by the service worker.
+// Specifically anything that contains:
+// - 'direct-from-seller-signals.py'
+
+// This test works by having the service worker send a message over
+// the broadcastChannel, if it sees a request that contains any of
+// the following strings above, it will send a 'passed' result and
+// also change the variable 'finish_test', to true, so that guarantees
+// that the request was seen before we complete the test.
+subsetTest(promise_test, async test => {
+  const broadcastChannel = await setUpServiceWorkerAndGetBroadcastChannel(test);
+  let finishTest = awaitServiceWorkerURLPromise(
+    broadcastChannel,
+    PUBLIC_REQUEST_FILE_NAMES,
+    PRIVATE_REQUEST_FILE_NAMES);
+
+  await fetchDirectFromSellerSignals({ 'Buyer-Origin': window.location.origin });
+  await finishTest;
+}, "Make sure service workers do see public requests.");
+
+// Tests that private requests are not seen by the service worker.
+// Specifically anything that contains:
+// - 'resources/trusted-bidding-signals.py'
+// - 'resources/trusted-scoring-signals.py'
+// - 'wasm-helper.py'
+// - 'bidding-logic.py'
+// - 'decision-logic.py'
+// - 'seller_report'
+// - 'bidder_report'
+
+// This test works by having the service worker send a message
+// over the broadcastChannel, if it sees a request that contains
+// any of the following strings above, it will send a 'failed'
+// result which will cause assert_false case to fail.
+subsetTest(promise_test, async test => {
+  const uuid = generateUuid(test);
+  const broadcastChannel = await setUpServiceWorkerAndGetBroadcastChannel(test);
+
+  let finishTest = awaitServiceWorkerURLPromise(
+    broadcastChannel,
+    /*expectedURLFileNames=*/[COMPLETE_TEST_URL],
+    PRIVATE_REQUEST_FILE_NAMES)
+
+  let interestGroupOverrides = {
+    biddingWasmHelperURL: `${RESOURCE_PATH}wasm-helper.py`,
+    trustedBiddingSignalsURL: TRUSTED_BIDDING_SIGNALS_URL,
+    trustedScoringSignalsURL: TRUSTED_SCORING_SIGNALS_URL,
+  };
+
+  await joinInterestGroup(test, uuid, interestGroupOverrides);
+  await runBasicFledgeAuctionAndNavigate(test, uuid);
+  // By verifying that these requests are observed we can assume
+  // none of the other requests were seen by the service-worker.
+  await waitForObservedRequests(
+    uuid,
+    [createBidderReportURL(uuid), createSellerReportURL(uuid)]);
+
+  // We use this fetch to complete the test.
+  await fetch(COMPLETE_TEST_URL);
+  await finishTest;
+}, "Make sure service workers do not see private requests");