Re-enable windows-permission-protections (#627)

* Remove harmfulApis from the Windows build

* Re-enable windows permission protections

Author: muodov

integration-test/playwright/harmful-apis.spec.js

@@ -3,7 +3,7 @@ import { readFileSync } from 'fs'
 import { mockWindowsMessaging, wrapWindowsScripts } from '@duckduckgo/messaging/lib/test-utils.mjs'
 import { perPlatform } from './type-helpers.mjs'
 
-test('Harmful APIs protections', async ({ page }, testInfo) => {
+test.skip('Harmful APIs protections', async ({ page }, testInfo) => {
     const protection = HarmfulApisSpec.create(page, testInfo)
     await protection.enabled()
     const results = await protection.runTests();

integration-test/playwright/windows-permissions.spec.js

@@ -31,11 +31,42 @@ export class WindowsPermissionsSpec {
     }
 
     async enabled () {
+        await this.installPolyfills()
         const config = JSON.parse(readFileSync(this.config, 'utf8'))
         await this.setup({ config })
         await this.page.goto(this.htmlPage)
     }
 
+    /**
+     * In CI, the global objects such as USB might not be installed on the
+     * version of chromium running there.
+     */
+    async installPolyfills () {
+        await this.page.addInitScript(() => {
+            // @ts-expect-error - testing
+            if (typeof Bluetooth === 'undefined') {
+                globalThis.Bluetooth = {}
+                globalThis.Bluetooth.prototype = { requestDevice: async () => { /* noop */ } }
+            }
+            // @ts-expect-error - testing
+            if (typeof USB === 'undefined') {
+                globalThis.USB = {}
+                globalThis.USB.prototype = { requestDevice: async () => { /* noop */ } }
+            }
+
+            // @ts-expect-error - testing
+            if (typeof Serial === 'undefined') {
+                globalThis.Serial = {}
+                globalThis.Serial.prototype = { requestPort: async () => { /* noop */ } }
+            }
+            // @ts-expect-error - testing
+            if (typeof HID === 'undefined') {
+                globalThis.HID = {}
+                globalThis.HID.prototype = { requestDevice: async () => { /* noop */ } }
+            }
+        })
+    }
+
     /**
      * @param {object} params
      * @param {Record<string, any>} params.config

integration-test/test-pages/harmful-apis/config/apis.json

@@ -1,6 +1,9 @@
 {
   "unprotectedTemporary": [],
   "features": {
+    "windowsPermissionUsage": {
+      "state": "disabled"
+    },
     "harmfulApis": {
       "state": "enabled",
       "settings": {

integration-test/test-pages/permissions/index.html

@@ -14,9 +14,19 @@
 <script>
     test('Disabled Windows Permissions', async () => {
         const registerProtocolHandler = await captureError(() => Navigator.prototype.registerProtocolHandler())
+        const requestDevice = await captureError(() => Bluetooth.prototype.requestDevice())
+        const usbDevice = await captureError(() => USB.prototype.requestDevice())
+        const serialPort = await captureError(() => Serial.prototype.requestPort())
+        const hidDevice = await captureError(() => HID.prototype.requestDevice())
+        const midi = await captureError(() => Navigator.prototype.requestMIDIAccess())
 
         return [
+            { name: 'Bluetooth.prototype.requestDevice()', result: requestDevice.toString(), expected: 'Error: Permission denied' },
+            { name: 'USB.prototype.requestDevice', result: usbDevice.toString(), expected: 'Error: Permission denied' },
+            { name: 'Serial.prototype.requestPort', result: serialPort.toString(), expected: 'Error: Permission denied' },
+            { name: 'HID.prototype.requestDevice', result: hidDevice.toString(), expected: 'Error: Permission denied' },
             { name: 'Protocol handler: Navigator.prototype.registerProtocolHandler', result: registerProtocolHandler.toString(), expected: 'Error: Permission denied' },
+            { name: 'MIDI: Navigator.prototype.requestMIDIAccess', result: midi.toString(), expected: 'Error: Permission denied' },
         ];
     })
 

src/features.js

@@ -40,8 +40,7 @@ export const platformSupport = {
     windows: [
         ...baseFeatures,
         'windowsPermissionUsage',
-        'duckPlayer',
-        'harmfulApis'
+        'duckPlayer'
     ],
     firefox: [
         ...baseFeatures,

src/features/windows-permission-usage.js

@@ -1,4 +1,4 @@
-/* global Geolocation */
+/* global Bluetooth, Geolocation, HID, Serial, USB */
 import { DDGProxy, DDGReflect } from '../utils'
 import { defineProperty } from '../wrapper-utils'
 import ContentFeature from '../content-feature'
@@ -381,7 +381,16 @@ export default class WindowsPermissionUsage extends ContentFeature {
 
         // these permissions cannot be disabled using WebView2 or DevTools protocol
         const permissionsToDisable = [
-            { name: 'Protocol handler', prototype: () => Navigator.prototype, method: 'registerProtocolHandler', isPromise: false }
+            // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+            { name: 'Bluetooth', prototype: () => Bluetooth.prototype, method: 'requestDevice', isPromise: true },
+            // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+            { name: 'USB', prototype: () => USB.prototype, method: 'requestDevice', isPromise: true },
+            // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+            { name: 'Serial', prototype: () => Serial.prototype, method: 'requestPort', isPromise: true },
+            // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+            { name: 'HID', prototype: () => HID.prototype, method: 'requestDevice', isPromise: true },
+            { name: 'Protocol handler', prototype: () => Navigator.prototype, method: 'registerProtocolHandler', isPromise: false },
+            { name: 'MIDI', prototype: () => Navigator.prototype, method: 'requestMIDIAccess', isPromise: true }
         ]
         for (const { name, prototype, method, isPromise } of permissionsToDisable) {
             try {
@@ -399,5 +408,18 @@ export default class WindowsPermissionUsage extends ContentFeature {
                 console.info(`Could not disable access to ${name} because of error`, error)
             }
         }
+
+        // these permissions can be disabled using DevTools protocol but it's not reliable and can throw exception sometimes
+        const permissionsToDelete = [
+            { name: 'Idle detection', permission: 'IdleDetector' },
+            { name: 'NFC', permission: 'NDEFReader' },
+            { name: 'Orientation', permission: 'ondeviceorientation' },
+            { name: 'Motion', permission: 'ondevicemotion' }
+        ]
+        for (const { permission } of permissionsToDelete) {
+            if (permission in window) {
+                Reflect.deleteProperty(window, permission)
+            }
+        }
     }
 }