diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /security/manager/ssl/tests/gtest/STSParserTest.cpp | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/tests/gtest/STSParserTest.cpp')
-rw-r--r-- | security/manager/ssl/tests/gtest/STSParserTest.cpp | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/gtest/STSParserTest.cpp b/security/manager/ssl/tests/gtest/STSParserTest.cpp new file mode 100644 index 000000000..bedf57fea --- /dev/null +++ b/security/manager/ssl/tests/gtest/STSParserTest.cpp @@ -0,0 +1,144 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <stdio.h> + +#include "gtest/gtest.h" +#include "nsNetUtil.h" +#include "nsISiteSecurityService.h" +#include "nsIURI.h" + +void +TestSuccess(const char* hdr, bool extraTokens, + uint64_t expectedMaxAge, bool expectedIncludeSubdomains, + nsISiteSecurityService* sss) +{ + nsCOMPtr<nsIURI> dummyUri; + nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html"); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI"; + + uint64_t maxAge = 0; + bool includeSubdomains = false; + rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, + hdr, 0, &maxAge, &includeSubdomains, nullptr); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr; + + ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge"; + EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) << + "Did not correctly parse presence/absence of includeSubdomains"; + + if (extraTokens) { + EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) << + "Extra tokens were expected when parsing, but were not encountered."; + } else { + EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing."; + } + + printf("%s\n", hdr); +} + +void TestFailure(const char* hdr, + nsISiteSecurityService* sss) +{ + nsCOMPtr<nsIURI> dummyUri; + nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html"); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI"; + + rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, + hdr, 0, nullptr, nullptr, nullptr); + ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr; + + printf("%s\n", hdr); +} + +TEST(psm_STSParser, Test) +{ + nsresult rv; + + // grab handle to the service + nsCOMPtr<nsISiteSecurityService> sss; + sss = do_GetService("@mozilla.org/ssservice;1", &rv); + ASSERT_TRUE(NS_SUCCEEDED(rv)); + + // *** parsing tests + printf("*** Attempting to parse valid STS headers ...\n"); + + // SHOULD SUCCEED: + TestSuccess("max-age=100", false, 100, false, sss); + TestSuccess("max-age =100", false, 100, false, sss); + TestSuccess(" max-age=100", false, 100, false, sss); + TestSuccess("max-age = 100 ", false, 100, false, sss); + TestSuccess("max-age = \"100\" ", false, 100, false, sss); + TestSuccess("max-age=\"100\"", false, 100, false, sss); + TestSuccess(" max-age =\"100\" ", false, 100, false, sss); + TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss); + TestSuccess("max-age = 100 ", false, 100, false, sss); + + TestSuccess("maX-aGe=100", false, 100, false, sss); + TestSuccess("MAX-age =100", false, 100, false, sss); + TestSuccess("max-AGE=100", false, 100, false, sss); + TestSuccess("Max-Age = 100 ", false, 100, false, sss); + TestSuccess("MAX-AGE = 100 ", false, 100, false, sss); + + TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss); + TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss); + TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss); + TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss); + TestSuccess("max-age = 100 ; includeSubdomains", + false, 100, true, sss); + + TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss); + TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, sss); + TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss); + TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss); + TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss); + // Turns out, the actual directive is entirely optional (hence the + // trailing semicolon) + TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss); + + // these are weird tests, but are testing that some extended syntax is + // still allowed (but it is ignored) + TestSuccess("max-age=100 ; includesubdomainsSomeStuff", + true, 100, false, sss); + TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103" + "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", + true, 34520103, true, sss); + TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", + true, 100, false, sss); + + // SHOULD FAIL: + printf("* Attempting to parse invalid STS headers (should not parse)...\n"); + // invalid max-ages + TestFailure("max-age", sss); + TestFailure("max-age ", sss); + TestFailure("max-age=p", sss); + TestFailure("max-age=*1p2", sss); + TestFailure("max-age=.20032", sss); + TestFailure("max-age=!20032", sss); + TestFailure("max-age==20032", sss); + + // invalid headers + TestFailure("foobar", sss); + TestFailure("maxage=100", sss); + TestFailure("maxa-ge=100", sss); + TestFailure("max-ag=100", sss); + TestFailure("includesubdomains", sss); + TestFailure(";", sss); + TestFailure("max-age=\"100", sss); + // The max-age directive here doesn't conform to the spec, so it MUST + // be ignored. Consequently, the REQUIRED max-age directive is not + // present in this header, and so it is invalid. + TestFailure("max-age=100, max-age=200; includeSubdomains", sss); + TestFailure("max-age=100 includesubdomains", sss); + TestFailure("max-age=100 bar foo", sss); + TestFailure("max-age=100randomstuffhere", sss); + // All directives MUST appear only once in an STS header field. + TestFailure("max-age=100; max-age=200", sss); + TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss); + TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss); + // The includeSubdomains directive is valueless. + TestFailure("max-age=100; includeSubdomains=unexpected", sss); + // LWS must have at least one space or horizontal tab + TestFailure("\r\nmax-age=200", sss); +} |