d33tah/rentgen
1
0
Fork 0
forked from icd/rentgen
Code Pull Requests Activity

Compare commits

base: d33tah:03e0b063d9d67eb0cbc18e0583bdce09e4882f84
Branches Tags
d33tah:develop
d33tah:refactor/build_time_abstraction
d33tah:fix-checkbox
d33tah:unknown-purpose
d33tah:#64
d33tah:toolbar-design
d33tah:master
icd:refactor/build_time_abstraction
icd:develop
icd:fix-checkbox
icd:unknown-purpose
icd:#64
icd:toolbar-design
icd:master
d33tah:0.1.10
d33tah:0.1.9
d33tah:0.1.8
d33tah:0.1.7
d33tah:0.1.6
d33tah:0.1.5
d33tah:0.1.4
d33tah:0.1.3
icd:0.1.10
icd:0.1.3
icd:0.1.4
icd:0.1.5
icd:0.1.6
icd:0.1.7
icd:0.1.8
icd:0.1.9
..
compare: d33tah:34cec2199206991094324e0f474d9b8fe3870641
Branches Tags
d33tah:develop
d33tah:refactor/build_time_abstraction
d33tah:fix-checkbox
d33tah:unknown-purpose
d33tah:#64
d33tah:toolbar-design
d33tah:master
icd:refactor/build_time_abstraction
icd:develop
icd:fix-checkbox
icd:unknown-purpose
icd:#64
icd:toolbar-design
icd:master
d33tah:0.1.10
d33tah:0.1.9
d33tah:0.1.8
d33tah:0.1.7
d33tah:0.1.6
d33tah:0.1.5
d33tah:0.1.4
d33tah:0.1.3
icd:0.1.10
icd:0.1.3
icd:0.1.4
icd:0.1.5
icd:0.1.6
icd:0.1.7
icd:0.1.8
icd:0.1.9

2 Commits
03e0b063d9 ... 34cec21992

Author SHA1 Message Date
Jacek Wielemborek
34cec21992 feat(verify): enhanced Marionette verification with bidirectional communication 
Implemented undeniable proof that extension is actively executing:
- Added content script that communicates with background script
- Background script performs verifiable computation (value*2)+3
- Marionette test dispatches event, verifies round-trip communication
- Results stored in DOM attributes (no console.log dependency)
- Mathematical proof ensures extension code is actually running

Test verifies:
1. Content script injection and event listening
2. Message passing from content to background script
3. Background script computation and response
4. Full bidirectional communication chain

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-26 09:21:18 +01:00
Jacek Wielemborek
57c6015d4c Revert "fix(verify): uproszczenie weryfikacji - extension installed = executed" 
This reverts commit 03e0b063d9d67eb0cbc18e0583bdce09e4882f84.
 2025-10-25 21:29:43 +02:00
6 changed files with 329 additions and 40 deletions
Show Stats Expand all files Collapse all files

18
Dockerfile
View File

@ -40,13 +40,29 @@ CMD ["ls", "-lh", "/app/web-ext-artifacts/"]
# Runtime stage - for running extension in Firefox
FROM builder AS runtime
# Install Firefox and Xvfb for headless execution
# Install Firefox and Xvfb for headless execution (cached layer)
RUN apt-get update && apt-get install -y \
firefox-esr \
xvfb \
procps \
&& rm -rf /var/lib/apt/lists/*
# Install Python and pip in a separate layer for better caching
RUN apt-get update && apt-get install -y \
python3-pip \
wget \
&& rm -rf /var/lib/apt/lists/*
# Install geckodriver for WebDriver protocol
RUN wget -q https://github.com/mozilla/geckodriver/releases/download/v0.34.0/geckodriver-v0.34.0-linux64.tar.gz \
&& tar -xzf geckodriver-v0.34.0-linux64.tar.gz \
&& mv geckodriver /usr/local/bin/ \
&& rm geckodriver-v0.34.0-linux64.tar.gz \
&& chmod +x /usr/local/bin/geckodriver
# Install Python dependencies for testing
RUN pip3 install --break-system-packages marionette_driver
# Set display for Xvfb
ENV DISPLAY=:99

27
background.ts
View File

@ -1,3 +1,30 @@
import { init } from "./memory";
// Use global browser object directly (available in extension context)
declare const browser: any;
init();
// Test verification handler for Marionette tests
// This proves the background script is executing and can communicate with content scripts
browser.runtime.onMessage.addListener((message: any, sender: any, sendResponse: any) => {
if (message.type === 'RENTGEN_TEST_VERIFICATION') {
// Perform a computation to prove the background script is running
// This is not just an echo - we're doing actual processing
const inputValue = message.inputValue || 0;
const computed = (inputValue * 2) + 3; // Simple but verifiable computation
// Send back a response with computed value and metadata
const response = {
success: true,
computed: computed,
formula: `(${inputValue} * 2) + 3 = ${computed}`,
backgroundTimestamp: Date.now(),
receivedFrom: message.url || 'unknown',
originalInput: inputValue
};
sendResponse(response);
return true; // Keep channel open for async response
}
});

1
esbuild.config.js
View File

@ -48,6 +48,7 @@ esbuild
'components/sidebar/sidebar.tsx',
'components/report-window/report-window.tsx',
'background.ts',
'test-content-script.js',
'diag.tsx',
'styles/global.scss',
'styles/fonts.scss',

7
manifest.json
View File

@ -26,6 +26,13 @@
"32": "assets/icon-addon.svg",
"64": "assets/icon-addon.svg"
},
"content_scripts": [
{
"matches": ["<all_urls>"],
"js": ["lib/test-content-script.js"],
"run_at": "document_end"
}
],
"permissions": [
"proxy",
"storage",

260
scripts/test_verify.py
View File

@ -16,6 +16,7 @@ import time
import subprocess
import os
import signal
import json
from pathlib import Path
@ -59,8 +60,13 @@ def start_webext() -> tuple[int, Path]:
log_path = Path("/tmp/web-ext.log")
log_file = open(log_path, "w")
# Enable Marionette on port 2828
# Use --arg to pass arguments to Firefox
webext = subprocess.Popen(
["npx", "web-ext", "run", "--verbose"],
["npx", "web-ext", "run", "--verbose",
"--arg=-marionette",
"--arg=--marionette-port",
"--arg=2828"],
stdout=log_file,
stderr=subprocess.STDOUT
)
@ -68,25 +74,61 @@ def start_webext() -> tuple[int, Path]:
return webext.pid, log_path
def wait_for_extension_install(log_path: Path, timeout_seconds: int = 30) -> bool:
def wait_for_extension_install(log_path: Path, timeout_seconds: int = 60) -> bool:
"""Wait for extension installation confirmation in logs."""
print_header("Waiting for extension to install...")
for _ in range(timeout_seconds):
for i in range(timeout_seconds):
if not log_path.exists():
time.sleep(1)
continue
content = log_path.read_text()
if "Installed /app as a temporary add-on" in content:
# Check for Firefox crashes or errors
if "firefox crashed" in content.lower() or "panic" in content.lower():
print_error("Firefox crashed or panicked!")
print("Last 20 lines of log:")
print("\n".join(content.split("\n")[-20:]))
return False
# Check if Marionette is mentioned
if i == 10 and "marionette" in content.lower():
print_success("Marionette mentioned in logs")
# Look for any of these success indicators
success_indicators = [
"Installed /app as a temporary add-on",
"as a temporary add-on",
"Extension added",
"Installed temporary add-on",
"installed from",
"Installing manifest at"
]
if any(indicator in content for indicator in success_indicators):
print("=" * 40)
print_success("Extension installed!")
print_success("Firefox is running in headless mode")
print_success("Extension: rentgen@internet-czas-dzialac.pl")
# Check for Marionette port in logs
if "2828" in content:
print_success("Marionette port 2828 found in logs")
return True
# Print progress every 10 seconds
if i > 0 and i % 10 == 0:
print(f"Still waiting... ({i}s)")
time.sleep(1)
# If we timeout, print the last part of the log
print_error("Timeout! Last 30 lines of log:")
if log_path.exists():
content = log_path.read_text()
print("\n".join(content.split("\n")[-30:]))
return False
@ -118,34 +160,35 @@ def check_javascript_errors(log_path: Path) -> list[str]:
return errors
def check_webRequest_listener_in_logs(log_path: Path) -> tuple[bool, str]:
"""Check if extension registered webRequest listeners (proves Memory constructor ran).
def check_content_script_marker_in_logs(log_path: Path) -> tuple[bool, str]:
"""Check if background received message from content script in web-ext logs.
This proves: background script tabs.create() content script injection runtime.sendMessage() background received
Returns (success, message)."""
try:
content = log_path.read_text()
# Look for ANY webRequest activity - if Memory() ran, it registered listeners
# and should start intercepting requests
# Look for background test marker (content script sends message to background, which logs it)
import re
pattern = r'\[RENTGEN_BACKGROUND_TEST\] Received verification from content script: (.+)'
match = re.search(pattern, content)
# Check if extension made any network requests (proves it's active)
# Or check for specific patterns that indicate webRequest interception
patterns = [
r'onBeforeRequest',
r'onBeforeSendHeaders',
r'webRequest',
]
if match:
try:
import json
data = json.loads(match.group(1))
title = data.get('title', '')
timestamp = data.get('timestamp', 0)
url = data.get('url', '')
for pattern in patterns:
if re.search(pattern, content, re.IGNORECASE):
return True, f"Found evidence of webRequest activity: {pattern}"
# Verify page title contains "Example" (proves page loaded correctly)
if 'Example' in title or 'example' in title.lower():
return True, f"Content script verified! Title: '{title}', URL: {url}, timestamp: {timestamp}"
else:
return False, f"Page title unexpected: '{title}' (expected 'Example')"
except json.JSONDecodeError:
return False, f"Found marker but couldn't parse JSON: {match.group(1)}"
# Alternative: just check that extension loaded without errors
# If it loaded and there are no JavaScript errors, background.ts executed
if "Installed /app as a temporary add-on" in content:
return True, "Extension loaded successfully (background.ts executed)"
return False, "No evidence of extension execution found in logs"
return False, "No background test marker found in logs (content script may not have executed)"
except Exception as e:
return False, f"Log check failed: {e}"
@ -161,6 +204,139 @@ def extract_debugger_port(log_path: Path) -> str | None:
return None
def test_with_marionette() -> tuple[bool, str]:
"""Test using Firefox Marionette (WebDriver) protocol."""
try:
from marionette_driver.marionette import Marionette
from marionette_driver import errors
import time
print_header("Testing with Marionette WebDriver...")
# Try to connect to Marionette on default port
client = Marionette(host='localhost', port=2828)
try:
client.start_session()
print_success("Connected to Marionette")
# Stage 1: Test simple JavaScript execution
print_header("Stage 1: Testing JavaScript execution (2 + 3)...")
result = client.execute_script("return 2 + 3;")
if result == 5:
print_success(f"JavaScript execution works! 2 + 3 = {result}")
else:
return False, f"Unexpected result from 2+3: {result}"
# Stage 2: Navigate to example.com
print_header("Stage 2: Navigating to example.com...")
client.navigate("https://example.com")
time.sleep(3) # Wait for page to load
title = client.title
print_success(f"Page loaded, title: {title}")
if "Example" not in title:
return False, f"Unexpected page title: {title}"
# Stage 3: Test bidirectional communication with extension
print_header("Stage 3: Testing bidirectional extension communication...")
# Generate a test value for verification
test_value = 17 # Arbitrary test value
expected_result = (test_value * 2) + 3 # Should be 37
# Dispatch event to content script and wait for background script response
verification_result = client.execute_script("""
const testValue = arguments[0];
const expectedResult = arguments[1];
// First check if content script is injected
const injected = document.body.getAttribute('data-rentgen-injected');
if (injected !== 'true') {
return { success: false, error: 'Content script not injected' };
}
// Dispatch test request to content script
document.dispatchEvent(new CustomEvent('rentgen_test_request', {
detail: {
value: testValue,
timestamp: Date.now()
}
}));
// Wait for the full round-trip communication
return new Promise((resolve) => {
let attempts = 0;
const checkInterval = setInterval(() => {
attempts++;
// Check if content script processed the message
const verified = document.body.getAttribute('data-rentgen-verified');
const computed = document.body.getAttribute('data-rentgen-computed');
const formula = document.body.getAttribute('data-rentgen-formula');
const bgTimestamp = document.body.getAttribute('data-rentgen-background-timestamp');
const error = document.body.getAttribute('data-rentgen-error');
if (verified === 'true' && computed) {
clearInterval(checkInterval);
resolve({
success: true,
verified: true,
computed: parseInt(computed),
formula: formula,
backgroundTimestamp: bgTimestamp,
expectedResult: expectedResult,
testValue: testValue
});
} else if (verified === 'false' || attempts > 20) {
clearInterval(checkInterval);
resolve({
success: false,
error: error || 'Timeout waiting for background response',
attempts: attempts,
verified: verified
});
}
}, 100); // Check every 100ms, up to 2 seconds
});
""", script_args=[test_value, expected_result], script_timeout=3000)
# Analyze the results
if verification_result.get('success'):
computed = verification_result.get('computed')
expected = verification_result.get('expectedResult')
formula = verification_result.get('formula', '')
print_success("Content script successfully communicated with background!")
print_success(f"Background computed: {formula}")
if computed == expected:
print_success(f"Computation verified! {test_value}{computed} (expected {expected})")
return True, f"Full extension stack verified! Background computed ({test_value}*2)+3={computed}"
else:
print_error(f"Computation mismatch: got {computed}, expected {expected}")
return False, f"Background returned wrong value: {computed} != {expected}"
else:
error = verification_result.get('error', 'Unknown error')
print_error(f"Extension communication failed: {error}")
return False, f"Content script/background communication failed: {error}"
finally:
try:
client.close()
except:
pass
except ImportError:
return False, "marionette_driver not installed"
except ConnectionRefusedError:
return False, "Cannot connect to Marionette on port 2828 (Firefox may not have Marionette enabled)"
except Exception as e:
return False, f"Marionette test failed: {e}"
def cleanup(xvfb_pid: int, webext_pid: int) -> None:
"""Cleanup processes."""
try:
@ -185,7 +361,7 @@ def main() -> int:
# Guard: Check if extension installed
if not wait_for_extension_install(log_path):
print_error("Extension failed to install within 30s")
print_error("Extension failed to install within 60s")
cleanup(xvfb_pid, webext_pid)
return 1
@ -212,31 +388,37 @@ def main() -> int:
print_success("NO JavaScript errors in background.js")
# Functional test: Verify extension code execution
# Functional test: Verify extension code execution via Marionette
print_header("Functional test: Verifying extension code execution...")
# Give extension time to initialize
time.sleep(2)
time.sleep(5)
# Check logs for evidence of execution
execution_verified, message = check_webRequest_listener_in_logs(log_path)
# Test with Marionette WebDriver
marionette_success, marionette_msg = test_with_marionette()
# Guard: Check if we found proof of execution
if not execution_verified:
print_error("Could not verify extension code execution")
print_error(f"Reason: {message}")
print_error("Extension installed but NO PROOF of code execution")
# Guard: Check if Marionette tests passed
if not marionette_success:
print_error("Marionette test failed")
print_error(f"Reason: {marionette_msg}")
print_error("Extension installed but could not verify execution via Marionette")
cleanup(xvfb_pid, webext_pid)
return 1
print_success("Extension code VERIFIED executing!")
print()
print(f"Proof: {message}")
print(f"Test results: {marionette_msg}")
print()
print("Verification logic:")
print(" - Extension installed without errors ✓")
print(" - No JavaScript syntax/runtime errors ✓")
print(" - If both true → background.ts executed successfully")
print("This proves UNDENIABLY:")
print(" - Firefox Marionette WebDriver works")
print(" - JavaScript execution works (2+3=5)")
print(" - Page navigation works (example.com loaded)")
print(" - Content script is injected and listening for events")
print(" - Content script sends messages to background script")
print(" - Background script receives messages and computes results")
print(" - Background script sends responses back to content script")
print(" - Full bidirectional communication verified with computed proof")
print(" - The extension is not just installed but ACTIVELY EXECUTING")
# Show process info
print()

56
test-content-script.js Normal file
View File

@ -0,0 +1,56 @@
// Test content script - only for automated testing
// This script proves bidirectional communication between content script and background
// Set initial DOM marker to prove content script is injected
if (document.body) {
document.body.setAttribute('data-rentgen-injected', 'true');
}
// Listen for test request from Marionette test script
document.addEventListener('rentgen_test_request', async (event) => {
try {
// Mark that we received the event
document.body.setAttribute('data-rentgen-event-received', 'true');
// Extract test data from event
const testData = event.detail || {};
const inputValue = testData.value || 42;
const timestamp = testData.timestamp || Date.now();
// Send message to background script and wait for response
// This proves background script is running and responsive
const response = await browser.runtime.sendMessage({
type: 'RENTGEN_TEST_VERIFICATION',
inputValue: inputValue,
timestamp: timestamp,
url: window.location.href,
title: document.title
});
// Store the response from background in DOM
// This provides undeniable proof of bidirectional communication
if (response && response.success) {
document.body.setAttribute('data-rentgen-verified', 'true');
document.body.setAttribute('data-rentgen-computed', String(response.computed));
document.body.setAttribute('data-rentgen-formula', response.formula);
document.body.setAttribute('data-rentgen-background-timestamp', String(response.backgroundTimestamp));
// Also dispatch a custom event with the results
document.dispatchEvent(new CustomEvent('rentgen_test_complete', {
detail: {
success: true,
computed: response.computed,
formula: response.formula,
backgroundTimestamp: response.backgroundTimestamp
}
}));
} else {
document.body.setAttribute('data-rentgen-verified', 'false');
document.body.setAttribute('data-rentgen-error', 'No response from background');
}
} catch (error) {
// Store error in DOM for debugging
document.body.setAttribute('data-rentgen-verified', 'false');
document.body.setAttribute('data-rentgen-error', String(error));
}
});