Skip to content

Commit

Permalink
Merge branch 'main' into sam/fix-fingerprinting-tests
Browse files Browse the repository at this point in the history
* main:
  Enable NetP in production builds (#2232)
  Report macOS NetP connection attempts & tunnel failures (#2234)
  Always use black and white colors for the QR code (#2248)
  Update BSK with autofill 10.0.1 (#2245)
  Ensure that LinkPresentation framework is called on main thread (#2241)
  expose window.print handler to page world (#2243)
  Updates BSK (#2239)
  Add Geoswitching pixels (#2235)
  Fix spacing between buttons (#2237)
  Update all references to develop branch with main (#2231)
  Update TRK (#2200)
  Breakage report improvements (#2197)
  Update BSK reference to include the disable rekeying flag (#2219)
  Final NetP ship review feedback (#2221)
  Improve handling lists in Sync (#2192)
  remove address bar position pixels (#2220)
  Address Bar Spoofing Tests + Remediation (#2181)
  Update Sync e2e tests to fit the new UI (#2215)
  NetP waitlist final touches (#2209)
  • Loading branch information
samsymons committed Dec 11, 2023
2 parents a451e62 + b2d8f64 commit ceb69d7
Show file tree
Hide file tree
Showing 199 changed files with 3,480 additions and 5,315 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/adhoc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,4 @@ jobs:
run: |
curl -s "https://app.asana.com/api/1.0/tasks/${{ steps.get-task-id.outputs.task_id }}/attachments" \
-H "Authorization: Bearer ${{ secrets.ASANA_ACCESS_TOKEN }}" \
--form "file=@${{ env.ipa_path }};type=application/zip"
--form "file=@${{ env.ipa_path }};type=application/zip"
6 changes: 3 additions & 3 deletions .github/workflows/alpha.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ jobs:

steps:

- name: Assert develop branch
- name: Assert main branch
run: |
case "${{ github.ref }}" in
*develop) ;;
*) echo "👎 Not develop branch"; exit 1 ;;
*main) ;;
*) echo "👎 Not main branch"; exit 1 ;;
esac
- name: Register SSH keys for access to certificates
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: PR Checks

on:
push:
branches: [ develop, "release/**" ]
branches: [ main, "release/**" ]
pull_request:

jobs:
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
| xargs -L 1 ./scripts/report-failed-unit-test.sh -s ${{ vars.APPLE_CI_FAILING_TESTS_FAILED_TESTS_SECTION_ID }}
- name: Fetch latest commit author
if: always() && github.ref_name == 'develop'
if: always() && github.ref_name == 'main'
id: fetch_commit_author
env:
GH_TOKEN: ${{ github.token }}
Expand Down Expand Up @@ -189,7 +189,7 @@ jobs:
name: Create Asana Task
needs: [swiftlint, unit-tests, shellcheck, release-build]

if: failure() && github.ref_name == 'develop' && github.run_attempt == 1
if: failure() && github.ref_name == 'main' && github.run_attempt == 1

runs-on: ubuntu-latest

Expand All @@ -206,7 +206,7 @@ jobs:
name: Close Asana Task
needs: [swiftlint, unit-tests, shellcheck, release-build]

if: success() && github.ref_name == 'develop' && github.run_attempt > 1
if: success() && github.ref_name == 'main' && github.run_attempt > 1

runs-on: ubuntu-latest

Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,4 @@ fastlane/test_output
# DuckDuckGo

Configuration/ExternalDeveloper.xcconfig
scripts/assets
39 changes: 39 additions & 0 deletions .maestro/security_tests/0_all.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# all.yaml

appId: com.duckduckgo.mobile.ios
---

# Set up
- clearState
- launchApp
- runFlow:
when:
visible:
text: "Let’s Do It!"
index: 0
file: ../shared/onboarding.yaml

# Load Site
- assertVisible:
id: "searchEntry"
- tapOn:
id: "searchEntry"
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/"
- pressKey: Enter

# Manage onboarding
- runFlow:
when:
visible:
text: "Got It"
index: 0
file: ../shared/onboarding_browsing.yaml

# Run AddressBarSpoofing tests
- runFlow: ./1_-_AddressBarSpoof,_basicauth.yaml
- runFlow: ./2_-_AddressBarSpoof,_aboutblank.yaml
- runFlow: ./3_-_AddressBarSpoof,_appschemes.yaml
- runFlow: ./4_-_AddressBarSpoof,_b64_html.yaml
- runFlow: ./5_-_AddressBarSpoof,_downloadpath.yaml
- runFlow: ./6_-_AddressBarSpoof,_formaction.yaml
- runFlow: ./7_-_AddressBarSpoof,_pagerewrite.yaml
35 changes: 35 additions & 0 deletions .maestro/security_tests/1_-_AddressBarSpoof,_basicauth.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
# Test 1 - using \u2028 character
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-basicauth-2028.html"
- pressKey: Enter
- tapOn: "run"
- assertVisible: "Example Domain"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
- tapOn:
id: "searchEntry"
# Test 2 - using \u2029 character
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-basicauth-2029.html"
- pressKey: Enter
- tapOn: "run"
- assertVisible: "Example Domain"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
- tapOn:
id: "searchEntry"
# Test 3 - using repeated " " space character
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-basicauth-whitespace.html"
- pressKey: Enter
- tapOn: "run"
- assertVisible: "Example Domain"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
17 changes: 17 additions & 0 deletions .maestro/security_tests/2_-_AddressBarSpoof,_aboutblank.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-about-blank-rewrite.html"
- pressKey: Enter
- tapOn: "Start"
# This test is expected to load "about:blank" not spoof the address bar with duckduckgo.com with the spoofed content.
- extendedWaitUntil:
visible: "Not DDG." # Spoofed content is visible
timeout: 10000
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "about:blank"}
30 changes: 30 additions & 0 deletions .maestro/security_tests/3_-_AddressBarSpoof,_appschemes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
# Test 1
- tapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-application-scheme.html"
- pressKey: Enter
- tapOn: "Start"
# This will try to open another app
- assertVisible: "Cancel"
- tapOn: "Cancel"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "https://duckduckgo.com/"} # Should navigate directly here.
- assertNotVisible: "Not DDG." # HTML content shouldn't be spoofed.
- tapOn:
id: "searchEntry"
# Test 2
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-unsupported-scheme.html"
- pressKey: Enter
- tapOn: "Start"
# This will try to open another app
- assertVisible: "Cancel"
- tapOn: "Cancel"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-unsupported-scheme.html"}
15 changes: 15 additions & 0 deletions .maestro/security_tests/4_-_AddressBarSpoof,_b64_html.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
# Test 1
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-open-b64-html.html"
- pressKey: Enter
- tapOn: "Start"
# This test is expected to do nothing: loading base64 encoded HTML content in a new tab is blocked.
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-open-b64-html.html"}
39 changes: 39 additions & 0 deletions .maestro/security_tests/5_-_AddressBarSpoof,_downloadpath.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
# Test 1
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
- pressKey: Enter
- tapOn: "Start"
# Download Acceptance Flow:
- extendedWaitUntil:
visible: "Save to Downloads"
timeout: 10000
- tapOn: "Save to Downloads"
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "about:blank"} # Downloads should occur in empty origin.
# Restart
- tapOn:
id: "searchEntry"
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
- pressKey: Enter
# Download Cancel Flow:
- tapOn: "Start"
- extendedWaitUntil:
visible: "Cancel"
timeout: 10000
- tapOn: "Cancel"
# Should be on about:blank
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "about:blank"}
# Return to last test page
- tapOn:
id: "searchEntry"
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
- pressKey: Enter
16 changes: 16 additions & 0 deletions .maestro/security_tests/6_-_AddressBarSpoof,_formaction.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
# Test 1
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-form-action.html"
- pressKey: Enter
- tapOn: "run"
# Should navigate to duckduckgo.com without any spoofed HTML document content.
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "https://duckduckgo.com/"}
- assertNotVisible: "Not DDG."
16 changes: 16 additions & 0 deletions .maestro/security_tests/7_-_AddressBarSpoof,_pagerewrite.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
appId: com.duckduckgo.mobile.ios
tags:
- securityTest
---
# Test 1
- doubleTapOn:
id: "searchEntry"
- pressKey: Backspace
- inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-page-rewrite.html"
- pressKey: Enter
- tapOn: "Start"
# Now check the address bar hasn't been updated too early resulting in spoofed content
- copyTextFrom:
id: "searchEntry"
- assertTrue: ${maestro.copiedText == "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-page-rewrite.html"}
- assertNotVisible: "DDG."
16 changes: 10 additions & 6 deletions .maestro/shared/sync_create.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
appId: com.duckduckgo.mobile.ios
---

- assertVisible: Sync & Back Up
- tapOn: Sync & Back Up
- assertVisible: Sync & Back Up
- tapOn: Start Sync & Back Up
- assertVisible: All Set!
- assertVisible: Sync & Backup
- tapOn: Sync & Backup
- assertVisible: Sync & Backup
- tapOn: Sync and Back Up This Device
- assertVisible: You can sync with your other devices later.
- tapOn: Turn on Sync & Backup
- assertVisible: Save Recovery Code
- tapOn: Copy Code
- tapOn: Next
- assertVisible: Save Recovery Code?
- assertVisible: Your Data is Synced!
- tapOn: Done
5 changes: 3 additions & 2 deletions .maestro/shared/sync_delete.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
appId: com.duckduckgo.mobile.ios
---

- assertVisible: Sync & Back Up
- assertVisible: Sync & Backup
- scroll
- tapOn:
point: 50%,91% # TODO: Revisit after new setup flow has been implemented.
- assertVisible: Delete Server Data?
- tapOn: Delete Server Data
- tapOn: Delete Server Data
- assertVisible: Begin Syncing
3 changes: 1 addition & 2 deletions .maestro/sync_tests/01_create_account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ tags:


# Clean up
- tapOn: Not Now
- assertVisible: Sync & Back Up
- assertVisible: Sync & Backup
- runFlow:
file: ../shared/sync_delete.yaml
21 changes: 11 additions & 10 deletions .maestro/sync_tests/02_login_account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,23 +20,24 @@ tags:
- runFlow:
file: ../shared/sync_create.yaml

# Copy Sync Code and Log Out
- tapOn: Copy Code
- tapOn: Not Now
- assertVisible: Sync & Back Up
- tapOn: Turn Off Sync & Back Up
# Log Out
- assertVisible: Sync & Backup
- tapOn: Turn Off Sync & Backup...
- assertVisible: Turn Off Sync?
- tapOn: Remove

# Login
- assertVisible: Sync & Back Up
- tapOn: Enter Text Code
- assertVisible: Sync & Backup
- tapOn: Sync with Another Device
- assertVisible: Scan QR Code
- tapOn: Manually Enter Code
- tapOn: Paste
- assertVisible: Device Synced!
- assertVisible: Save Recovery Code
- tapOn: Next
- tapOn: Not Now
- assertVisible: Your Data is Synced!
- tapOn: Done

# Clean up
- assertVisible: Sync & Back Up
- assertVisible: Sync & Backup
- runFlow:
file: ../shared/sync_delete.yaml
18 changes: 10 additions & 8 deletions .maestro/sync_tests/03_recover_account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,16 @@ tags:
- tapOn: Settings
- runFlow:
file: ../shared/set_internal_user.yaml
- assertVisible: Sync & Back Up
- tapOn: Sync & Back Up
- assertVisible: Sync & Back up
- tapOn: Recover Your Data
- tapOn: Enter Text Code
- assertVisible: Sync & Backup
- tapOn: Sync & Backup
- assertVisible: Begin Syncing
- tapOn: Recover Synced Data
- assertVisible: Recover Synced Data
- assertVisible: Get Started
- tapOn: Get Started
- tapOn: Enter Text Code Manually
- tapOn: Paste
- assertVisible: Device Synced!
- assertVisible: Save Recovery Code
- tapOn: Next
- tapOn: Not Now
- tapOn: Settings
- assertVisible: Your Data is Synced!
- tapOn: Done
Loading

0 comments on commit ceb69d7

Please sign in to comment.