use crate::ProfileKind;
fn shared_stealth_flags(native_isolation: bool) -> Vec<String> {
let disable_features = if native_isolation {
"--disable-features=DisableLoadExtensionCommandLineSwitch".to_string()
} else {
"--disable-features=IsolateOrigins,DisableLoadExtensionCommandLineSwitch,site-per-process"
.to_string()
};
vec![
"--no-first-run".into(),
"--no-service-autorun".into(),
"--no-default-browser-check".into(),
"--homepage=about:blank".into(),
"--no-pings".into(),
"--password-store=basic".into(),
"--disable-infobars".into(),
"--disable-breakpad".into(),
"--disable-component-update".into(),
"--disable-backgrounding-occluded-windows".into(),
"--disable-renderer-backgrounding".into(),
"--disable-background-networking".into(),
"--disable-dev-shm-usage".into(),
disable_features,
"--disable-session-crashed-bubble".into(),
"--disable-search-engine-choice-screen".into(),
"--remote-allow-origins=*".into(),
"--disable-blink-features=AutomationControlled".into(),
"--webrtc-ip-handling-policy=disable_non_proxied_udp".into(),
"--force-webrtc-ip-handling-policy".into(),
]
}
#[must_use]
pub fn flags_for_profile(kind: ProfileKind, native_isolation: bool) -> Vec<String> {
match kind {
ProfileKind::Off => Vec::new(),
ProfileKind::Native => shared_stealth_flags(native_isolation),
ProfileKind::Spoofed => {
let mut v = shared_stealth_flags(native_isolation);
v.push("--use-gl=angle".into());
v.push("--use-angle=swiftshader".into());
v.push("--enable-unsafe-swiftshader".into());
v
}
}
}
#[cfg(test)]
#[allow(clippy::panic, clippy::unwrap_used)]
mod tests {
use super::*;
#[test]
fn off_profile_emits_no_flags() {
assert!(flags_for_profile(ProfileKind::Off, false).is_empty());
}
#[test]
fn native_profile_includes_webrtc_disable() {
let flags = flags_for_profile(ProfileKind::Native, false);
assert!(
flags
.iter()
.any(|f| f.contains("webrtc-ip-handling-policy"))
);
}
#[test]
fn spoofed_profile_includes_isolate_origins_disable() {
let flags = flags_for_profile(ProfileKind::Spoofed, false);
assert!(flags.iter().any(|f| f.contains("IsolateOrigins")));
}
#[test]
fn shared_flags_snapshot_native() {
let flags = flags_for_profile(ProfileKind::Native, false);
insta::assert_yaml_snapshot!("native_profile_flags", flags);
}
#[test]
fn shared_flags_snapshot_spoofed() {
let flags = flags_for_profile(ProfileKind::Spoofed, false);
insta::assert_yaml_snapshot!("spoofed_profile_flags", flags);
}
#[test]
fn shared_flags_snapshot_off() {
let flags = flags_for_profile(ProfileKind::Off, false);
insta::assert_yaml_snapshot!("off_profile_flags", flags);
}
#[test]
fn native_isolation_flags_omit_isolate_origins_and_site_per_process() {
let flags = flags_for_profile(ProfileKind::Native, true);
assert!(
!flags
.iter()
.any(|f| f.contains("IsolateOrigins") || f.contains("site-per-process")),
"native_isolation=true must not disable Chrome's real site isolation, got: {flags:?}"
);
}
#[test]
fn native_isolation_flags_keep_unrelated_disable_load_extension_feature() {
let flags = flags_for_profile(ProfileKind::Native, true);
assert!(
flags
.iter()
.any(|f| f.contains("DisableLoadExtensionCommandLineSwitch")),
"got: {flags:?}"
);
}
#[test]
fn native_isolation_spoofed_still_carries_swiftshader_context_flags() {
let flags = flags_for_profile(ProfileKind::Spoofed, true);
assert!(flags.iter().any(|f| f == "--enable-unsafe-swiftshader"));
}
#[test]
fn native_isolation_false_keeps_isolation_disabled_default_unchanged() {
assert!(
flags_for_profile(ProfileKind::Native, false)
.iter()
.any(|f| f.contains("IsolateOrigins"))
);
}
#[test]
fn shared_flags_snapshot_native_isolation_native() {
let flags = flags_for_profile(ProfileKind::Native, true);
insta::assert_yaml_snapshot!("native_isolation_native_profile_flags", flags);
}
#[test]
fn shared_flags_snapshot_native_isolation_spoofed() {
let flags = flags_for_profile(ProfileKind::Spoofed, true);
insta::assert_yaml_snapshot!("native_isolation_spoofed_profile_flags", flags);
}
}