Expire HSTS entries that have exceeded their max-age

servo/servo#6105
2025-08-09 15:35:34 +01:00 · 2015-06-23 11:57:28 -07:00 · 2015-06-23 11:57:28 -07:00 · 15c90a58b2
commit 15c90a58b2
parent 8d39fb6dcf
5 changed files with 68 additions and 4 deletions
--- a/tests/unit/net/Cargo.toml
+++ b/tests/unit/net/Cargo.toml
@ -21,3 +21,4 @@ path = "../../../components/util"
 cookie = "0.1"
 hyper = "0.6"
 url = "0.2"
+time = "0.1"
--- a/tests/unit/net/lib.rs
+++ b/tests/unit/net/lib.rs
@ -8,6 +8,7 @@ extern crate net;
 extern crate net_traits;
 extern crate url;
 extern crate util;
+extern crate time;

 #[cfg(test)] mod cookie;
 #[cfg(test)] mod data_loader;
--- a/tests/unit/net/resource_task.rs
+++ b/tests/unit/net/resource_task.rs
@ -11,6 +11,7 @@ use std::borrow::ToOwned;
 use std::collections::HashMap;
 use std::sync::mpsc::channel;
 use url::Url;
+use time;


 #[test]
@ -19,6 +20,42 @@ fn test_exit() {
    resource_task.send(ControlMsg::Exit).unwrap();
 }

+#[test]
+fn test_hsts_entry_is_not_expired_when_it_has_no_timestamp() {
+    let entry = HSTSEntry {
+        host: "mozilla.org".to_string(),
+        include_subdomains: false,
+        max_age: Some(20),
+        timestamp: None
+    };
+
+    assert!(!entry.is_expired());
+}
+
+#[test]
+fn test_hsts_entry_is_not_expired_when_it_has_no_max_age() {
+    let entry = HSTSEntry {
+        host: "mozilla.org".to_string(),
+        include_subdomains: false,
+        max_age: None,
+        timestamp: Some(time::get_time().sec as u64)
+    };
+
+    assert!(!entry.is_expired());
+}
+
+#[test]
+fn test_hsts_entry_is_expired_when_it_has_reached_its_max_age() {
+    let entry = HSTSEntry {
+        host: "mozilla.org".to_string(),
+        include_subdomains: false,
+        max_age: Some(10),
+        timestamp: Some(time::get_time().sec as u64 - 20u64)
+    };
+
+    assert!(entry.is_expired());
+}
+
 #[test]
 fn test_hsts_entry_cant_be_created_with_ipv6_address_as_host() {
    let entry = HSTSEntry::new(
@ -178,6 +215,20 @@ fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() {
    assert!(hsts_list.always_secure("mozilla.org") == true);
 }

+#[test]
+fn test_hsts_list_with_expired_entry_is_not_always_secure() {
+    let hsts_list = HSTSList {
+        entries: vec![HSTSEntry {
+            host: "mozilla.org".to_string(),
+            include_subdomains: false,
+            max_age: Some(20),
+            timestamp: Some(time::get_time().sec as u64 - 100u64)
+        }]
+    };
+
+    assert!(!hsts_list.always_secure("mozilla.org"));
+}
+
 #[test]
 fn test_make_hsts_secure_does_not_change_explicit_port() {
    let load_data = LoadData::new(Url::parse("http://mozilla.org:8080/").unwrap(), None);