Expire HSTS entries that have exceeded their max-age

servo/servo#6105
This commit is contained in:
Sam Gibson 2015-06-23 11:57:28 -07:00
parent 8d39fb6dcf
commit 15c90a58b2
5 changed files with 68 additions and 4 deletions

View file

@ -21,3 +21,4 @@ path = "../../../components/util"
cookie = "0.1"
hyper = "0.6"
url = "0.2"
time = "0.1"

View file

@ -8,6 +8,7 @@ extern crate net;
extern crate net_traits;
extern crate url;
extern crate util;
extern crate time;
#[cfg(test)] mod cookie;
#[cfg(test)] mod data_loader;

View file

@ -11,6 +11,7 @@ use std::borrow::ToOwned;
use std::collections::HashMap;
use std::sync::mpsc::channel;
use url::Url;
use time;
#[test]
@ -19,6 +20,42 @@ fn test_exit() {
resource_task.send(ControlMsg::Exit).unwrap();
}
#[test]
fn test_hsts_entry_is_not_expired_when_it_has_no_timestamp() {
let entry = HSTSEntry {
host: "mozilla.org".to_string(),
include_subdomains: false,
max_age: Some(20),
timestamp: None
};
assert!(!entry.is_expired());
}
#[test]
fn test_hsts_entry_is_not_expired_when_it_has_no_max_age() {
let entry = HSTSEntry {
host: "mozilla.org".to_string(),
include_subdomains: false,
max_age: None,
timestamp: Some(time::get_time().sec as u64)
};
assert!(!entry.is_expired());
}
#[test]
fn test_hsts_entry_is_expired_when_it_has_reached_its_max_age() {
let entry = HSTSEntry {
host: "mozilla.org".to_string(),
include_subdomains: false,
max_age: Some(10),
timestamp: Some(time::get_time().sec as u64 - 20u64)
};
assert!(entry.is_expired());
}
#[test]
fn test_hsts_entry_cant_be_created_with_ipv6_address_as_host() {
let entry = HSTSEntry::new(
@ -178,6 +215,20 @@ fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() {
assert!(hsts_list.always_secure("mozilla.org") == true);
}
#[test]
fn test_hsts_list_with_expired_entry_is_not_always_secure() {
let hsts_list = HSTSList {
entries: vec![HSTSEntry {
host: "mozilla.org".to_string(),
include_subdomains: false,
max_age: Some(20),
timestamp: Some(time::get_time().sec as u64 - 100u64)
}]
};
assert!(!hsts_list.always_secure("mozilla.org"));
}
#[test]
fn test_make_hsts_secure_does_not_change_explicit_port() {
let load_data = LoadData::new(Url::parse("http://mozilla.org:8080/").unwrap(), None);