AW: add test coverage for setAcceptCookie

No change to production logic, only tests. The #setAcceptCookie() API should not expose already-set cookies via the "Cookie" header or via document.cookie. Current test coverage only checks WebView does not honor the Set-Cookie header or assignments to document.cookie. So, this adds a test to handle this case. This test does not work (yet) for the network service path, so this adds the test to the filter. This also removes an accidentally duplicated line in another test (which I observed while writing this one). R=tobiasjs@chromium.org Bug: 936317 Test: run_webview_instrumentation_test_apk \ Test: -f=CookieManagerTest.testAcceptCookie_falseDoNotSendCookies Cq-Include-Trybots: master.tryserver.chromium.android:android_mojo Change-Id: Ic0ed4b73d6f7fd2275438b63fc2c01a4d76d9c8e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1507282Reviewed-by: Tobias Sargeant <tobiasjs@chromium.org> Commit-Queue: Nate Fischer <ntfschr@chromium.org> Cr-Commit-Position: refs/heads/master@{#638741}

AW: add test coverage for setAcceptCookie
No change to production logic, only tests. The #setAcceptCookie() API should not expose already-set cookies via the "Cookie" header or via document.cookie. Current test coverage only checks WebView does not honor the Set-Cookie header or assignments to document.cookie. So, this adds a test to handle this case. This test does not work (yet) for the network service path, so this adds the test to the filter. This also removes an accidentally duplicated line in another test (which I observed while writing this one). R=tobiasjs@chromium.org Bug: 936317 Test: run_webview_instrumentation_test_apk \ Test: -f=CookieManagerTest.testAcceptCookie_falseDoNotSendCookies Cq-Include-Trybots: master.tryserver.chromium.android:android_mojo Change-Id: Ic0ed4b73d6f7fd2275438b63fc2c01a4d76d9c8e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1507282Reviewed-by: Tobias Sargeant <tobiasjs@chromium.org> Commit-Queue: Nate Fischer <ntfschr@chromium.org> Cr-Commit-Position: refs/heads/master@{#638741}
58b11d10 · Nate Fischer · Commit Bot · 4d9285a9 · 58b11d10 · 58b11d10
Commit 58b11d10 authored Mar 07, 2019 by Nate Fischer Committed by Commit Bot Mar 07, 2019
2 changed files
--- a/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java
@@ -26,6 +26,7 @@ import org.chromium.base.Callback;
 import org.chromium.base.test.util.Feature;
 import org.chromium.content_public.browser.WebContents;
 import org.chromium.content_public.browser.test.util.JavaScriptUtils;
+import org.chromium.net.test.EmbeddedTestServer;
 import org.chromium.net.test.util.TestWebServer;

 import java.util.ArrayList;
@@ -102,8 +103,6 @@ public class CookieManagerTest {
            String responseStr =
                    "<html><head><title>TEST!</title></head><body>HELLO!</body></html>";
            String url = webServer.setResponse(path, responseStr, null);
-
-            url = webServer.setResponse(path, responseStr, null);
            mActivityTestRule.loadUrlSync(
                    mAwContents, mContentsClient.getOnPageFinishedHelper(), url);
            final String jsCookieName = "js-test" + cookieSuffix;
@@ -162,6 +161,42 @@ public class CookieManagerTest {
        testAcceptCookieHelper(true, "-enabled");
    }

+    @Test
+    @MediumTest
+    @Feature({"AndroidWebView", "Privacy"})
+    public void testAcceptCookie_falseDoNotSendCookies() throws Throwable {
+        mCookieManager.setAcceptCookie(false);
+        AwActivityTestRule.enableJavaScriptOnUiThread(mAwContents);
+
+        EmbeddedTestServer embeddedTestServer = EmbeddedTestServer.createAndStartServer(
+                InstrumentationRegistry.getInstrumentation().getContext());
+        try {
+            final String url = embeddedTestServer.getURL("/echoheader?Cookie");
+            String cookieName = "java-test";
+            mCookieManager.setCookie(url, cookieName + "=should-not-work");
+
+            String cookie = mCookieManager.getCookie(url);
+            Assert.assertNotNull(
+                    "Setting cookies should still affect the CookieManager itself", cookie);
+
+            mActivityTestRule.loadUrlSync(
+                    mAwContents, mContentsClient.getOnPageFinishedHelper(), url);
+            String jsValue = getCookieWithJavaScript(cookieName);
+            String message =
+                    "WebView should not expose cookies to JavaScript (with setAcceptCookie "
+                    + "disabled)";
+            Assert.assertEquals(message, "\"\"", jsValue);
+
+            final String cookieHeader = mActivityTestRule.getJavaScriptResultBodyTextContent(
+                    mAwContents, mContentsClient);
+            message = "WebView should not expose cookies via the Cookie header (with "
+                    + "setAcceptCookie disabled)";
+            Assert.assertEquals(message, "None", cookieHeader);
+        } finally {
+            embeddedTestServer.stopAndDestroyServer();
+        }
+    }
+
    @Test
    @MediumTest
    @Feature({"AndroidWebView"})
@@ -198,6 +233,12 @@ public class CookieManagerTest {
                        + "; expires=' + expirationDate.toUTCString();");
    }

+    private String getCookieWithJavaScript(final String name) throws Throwable {
+        return JSUtils.executeJavaScriptAndWaitForResult(
+                InstrumentationRegistry.getInstrumentation(), mAwContents,
+                mContentsClient.getOnEvaluateJavaScriptResultHelper(), "document.cookie");
+    }
+
    @Test
    @MediumTest
    @Feature({"AndroidWebView", "Privacy"})
@@ -877,13 +918,15 @@ public class CookieManagerTest {

    private void validateCookies(String responseCookie, String... expectedCookieNames) {
        String[] cookies = responseCookie.split(";");
-        Set<String> foundCookieNames = new HashSet<String>();
+        // Convert to sets, since Set#equals() hooks in nicely with assertEquals()
+        Set<String> foundCookieNamesSet = new HashSet<String>();
        for (String cookie : cookies) {
-            foundCookieNames.add(cookie.substring(0, cookie.indexOf("=")).trim());
+            foundCookieNamesSet.add(cookie.substring(0, cookie.indexOf("=")).trim());
        }
-        List<String> expectedCookieNamesList = Arrays.asList(expectedCookieNames);
-        Assert.assertEquals(expectedCookieNamesList.size(), foundCookieNames.size());
-        Assert.assertTrue(foundCookieNames.containsAll(expectedCookieNamesList));
+        Set<String> expectedCookieNamesSet =
+                new HashSet<String>(Arrays.asList(expectedCookieNames));
+        Assert.assertEquals("Found cookies list differs from expected list", expectedCookieNamesSet,
+                foundCookieNamesSet);
    }

    private String makeExpiringCookie(String cookie, int secondsTillExpiry) {

--- a/testing/buildbot/filters/mojo.fyi.network_webview_instrumentation_test_apk.filter
+++ b/testing/buildbot/filters/mojo.fyi.network_webview_instrumentation_test_apk.filter
@@ -19,8 +19,11 @@
 # https://crbug.com/893575
 -org.chromium.android_webview.test.CookieManagerStartupTest.testStartup

-# https://crbug.com/893576
+# https://crbug.com/936317
+-org.chromium.android_webview.test.CookieManagerTest.testAcceptCookie_falseDoNotSendCookies
 -org.chromium.android_webview.test.CookieManagerTest.testAcceptCookie_falseWontSetCookies
+
+# https://crbug.com/893576
 -org.chromium.android_webview.test.CookieManagerTest.testAcceptFileSchemeCookies
 -org.chromium.android_webview.test.CookieManagerTest.testThirdPartyCookie