HackBrowserData/browser/firefox/masterkey_test.go

package firefox

import (
	"fmt"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestReadKey4DB(t *testing.T) {
	// Create a minimal key4.db with metaData and nssPrivate tables
	path := createTestDB(t, "key4.db",
		[]string{
			`CREATE TABLE metaData (id TEXT PRIMARY KEY, item1 BLOB, item2 BLOB)`,
			`CREATE TABLE nssPrivate (a11 BLOB, a102 BLOB)`,
		},
		`INSERT INTO metaData (id, item1, item2) VALUES ('password', x'aabbccdd', x'11223344')`,
		`INSERT INTO nssPrivate (a11, a102) VALUES (x'deadbeef', x'cafebabe')`,
		`INSERT INTO nssPrivate (a11, a102) VALUES (x'feedface', x'12345678')`,
	)

	k4, err := readKey4DB(path)
	require.NoError(t, err)

	assert.Equal(t, []byte{0xaa, 0xbb, 0xcc, 0xdd}, k4.globalSalt)
	assert.Equal(t, []byte{0x11, 0x22, 0x33, 0x44}, k4.passwordCheck)
	require.Len(t, k4.privateKeys, 2)
	// Don't assume row order — check that both entries exist
	encryptedBlobs := map[string]bool{}
	for _, pk := range k4.privateKeys {
		encryptedBlobs[fmt.Sprintf("%x", pk.encrypted)] = true
	}
	assert.True(t, encryptedBlobs["deadbeef"])
	assert.True(t, encryptedBlobs["feedface"])
}

func TestReadKey4DB_EmptyNssPrivate(t *testing.T) {
	path := createTestDB(t, "key4.db",
		[]string{
			`CREATE TABLE metaData (id TEXT PRIMARY KEY, item1 BLOB, item2 BLOB)`,
			`CREATE TABLE nssPrivate (a11 BLOB, a102 BLOB)`,
		},
		`INSERT INTO metaData (id, item1, item2) VALUES ('password', x'aa', x'bb')`,
	)

	_, err := readKey4DB(path)
	require.Error(t, err)
	assert.Contains(t, err.Error(), "empty")
}

func TestSampleEncryptedLogins(t *testing.T) {
	raw := []byte(`{"logins":[
		{"encryptedUsername":"dGVzdA==","encryptedPassword":"cGFzcw=="},
		{"encryptedUsername":"!!!invalid","encryptedPassword":"cGFzcw=="},
		{"encryptedUsername":"dGVzdA==","encryptedPassword":"cGFzcw=="}
	]}`)

	samples := sampleEncryptedLogins(raw)
	require.Len(t, samples, 2) // second entry skipped (invalid base64)
	assert.Equal(t, []byte("test"), samples[0].username)
	assert.Equal(t, []byte("pass"), samples[0].password)
}