Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-05 05:30:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

Shift checking for IP address host for HSTS entry to constructor

Browse source 
servo/servo#6105
This commit is contained in:
Sam Gibson 2015-06-22 16:11:21 -07:00
parent cb9b0c2a7a
commit 8d39fb6dcf
2 changed files with 41 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

12
components/net/resource_task.rs
View file

@ -198,12 +198,16 @@ pub struct HSTSEntry {
} }
impl HSTSEntry { impl HSTSEntry {
pub fn new(host: String, include_subdomains: bool, max_age: Option<u64>) -> HSTSEntry { pub fn new(host: String, include_subdomains: bool, max_age: Option<u64>) -> Option<HSTSEntry> {
HSTSEntry { if IPV4_REGEX.is_match(&host) || IPV6_REGEX.is_match(&host) {
None
} else {
Some(HSTSEntry {
host: host, host: host,
include_subdomains: include_subdomains, include_subdomains: include_subdomains,
max_age: max_age, max_age: max_age,
timestamp: Some(time::get_time().sec as u64) timestamp: Some(time::get_time().sec as u64)
})
} }
} }
@ -257,10 +261,6 @@ impl HSTSList {
} }
pub fn push(&mut self, entry: HSTSEntry) { pub fn push(&mut self, entry: HSTSEntry) {
if IPV4_REGEX.is_match(&entry.host) || IPV6_REGEX.is_match(&entry.host) {
return
}
let have_domain = self.has_domain(entry.host.clone()); let have_domain = self.has_domain(entry.host.clone());
let have_subdomain = self.has_subdomain(entry.host.clone()); let have_subdomain = self.has_subdomain(entry.host.clone());

62
tests/unit/net/resource_task.rs
View file

@ -20,36 +20,36 @@ fn test_exit() {
} }
#[test] #[test]
fn test_push_entry_to_hsts_list_should_not_add_ipv6_addresses() { fn test_hsts_entry_cant_be_created_with_ipv6_address_as_host() {
let mut list = HSTSList { let entry = HSTSEntry::new(
entries: Vec::new()
};
list.push(HSTSEntry::new(
"2001:0db8:0000:0000:0000:ff00:0042:8329".to_string(), false, None "2001:0db8:0000:0000:0000:ff00:0042:8329".to_string(), false, None
)); );
assert!(list.entries.len() == 0) match entry {
Some(_) => panic!("able to create HSTSEntry with IPv6 host"),
None => ()
}
} }
#[test] #[test]
fn test_push_entry_to_hsts_list_should_not_add_ipv4_addresses() { fn test_hsts_entry_cant_be_created_with_ipv4_address_as_host() {
let mut list = HSTSList { let entry = HSTSEntry::new(
entries: Vec::new() "4.4.4.4".to_string(), false, None
}; );
list.push(HSTSEntry::new("8.8.8.8".to_string(), false, None)); match entry {
Some(_) => panic!("able to create HSTSEntry with IPv6 host"),
assert!(list.entries.len() == 0) None => ()
}
} }
#[test] #[test]
fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_already_matched() { fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_already_matched() {
let mut list = HSTSList { let mut list = HSTSList {
entries: vec!(HSTSEntry::new("mozilla.org".to_string(), true, None)) entries: vec!(HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap())
}; };
list.push(HSTSEntry::new("servo.mozilla.org".to_string(), false, None)); list.push(HSTSEntry::new("servo.mozilla.org".to_string(), false, None).unwrap());
assert!(list.entries.len() == 1) assert!(list.entries.len() == 1)
} }
@ -57,12 +57,12 @@ fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_a
#[test] #[test]
fn test_push_entry_to_hsts_list_should_update_existing_domain_entrys_include_subdomains() { fn test_push_entry_to_hsts_list_should_update_existing_domain_entrys_include_subdomains() {
let mut list = HSTSList { let mut list = HSTSList {
entries: vec!(HSTSEntry::new("mozilla.org".to_string(), true, None)) entries: vec!(HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap())
}; };
assert!(list.always_secure("servo.mozilla.org")); assert!(list.always_secure("servo.mozilla.org"));
list.push(HSTSEntry::new("mozilla.org".to_string(), false, None)); list.push(HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap());
assert!(!list.always_secure("servo.mozilla.org")) assert!(!list.always_secure("servo.mozilla.org"))
} }
@ -70,10 +70,10 @@ fn test_push_entry_to_hsts_list_should_update_existing_domain_entrys_include_sub
#[test] #[test]
fn test_push_entry_to_hsts_list_should_not_create_duplicate_entry() { fn test_push_entry_to_hsts_list_should_not_create_duplicate_entry() {
let mut list = HSTSList { let mut list = HSTSList {
entries: vec!(HSTSEntry::new("mozilla.org".to_string(), false, None)) entries: vec!(HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap())
}; };
list.push(HSTSEntry::new("mozilla.org".to_string(), false, None)); list.push(HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap());
assert!(list.entries.len() == 1) assert!(list.entries.len() == 1)
} }
@ -86,7 +86,7 @@ fn test_push_entry_to_hsts_list_should_add_an_entry() {
assert!(!list.always_secure("mozilla.org")); assert!(!list.always_secure("mozilla.org"));
list.push(HSTSEntry::new("mozilla.org".to_string(), true, None)); list.push(HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap());
assert!(list.always_secure("mozilla.org")); assert!(list.always_secure("mozilla.org"));
} }
@ -136,7 +136,7 @@ fn test_hsts_list_with_no_entries_does_not_always_secure() {
#[test] #[test]
fn test_hsts_list_with_exact_domain_entry_is_always_secure() { fn test_hsts_list_with_exact_domain_entry_is_always_secure() {
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap()]
}; };
assert!(hsts_list.always_secure("mozilla.org") == true); assert!(hsts_list.always_secure("mozilla.org") == true);
@ -145,7 +145,7 @@ fn test_hsts_list_with_exact_domain_entry_is_always_secure() {
#[test] #[test]
fn test_hsts_list_with_subdomain_when_include_subdomains_is_true_is_always_secure() { fn test_hsts_list_with_subdomain_when_include_subdomains_is_true_is_always_secure() {
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap()]
}; };
assert!(hsts_list.always_secure("servo.mozilla.org") == true); assert!(hsts_list.always_secure("servo.mozilla.org") == true);
@ -154,7 +154,7 @@ fn test_hsts_list_with_subdomain_when_include_subdomains_is_true_is_always_secur
#[test] #[test]
fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_always_secure() { fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_always_secure() {
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap()]
}; };
assert!(hsts_list.always_secure("servo.mozilla.org") == false); assert!(hsts_list.always_secure("servo.mozilla.org") == false);
@ -163,7 +163,7 @@ fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_always_
#[test] #[test]
fn test_hsts_list_with_subdomain_when_host_is_not_a_subdomain_is_not_always_secure() { fn test_hsts_list_with_subdomain_when_host_is_not_a_subdomain_is_not_always_secure() {
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap()]
}; };
assert!(hsts_list.always_secure("servo-mozilla.org") == false); assert!(hsts_list.always_secure("servo-mozilla.org") == false);
@ -172,7 +172,7 @@ fn test_hsts_list_with_subdomain_when_host_is_not_a_subdomain_is_not_always_secu
#[test] #[test]
fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() { fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() {
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap()]
}; };
assert!(hsts_list.always_secure("mozilla.org") == true); assert!(hsts_list.always_secure("mozilla.org") == true);
@ -182,7 +182,7 @@ fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() {
fn test_make_hsts_secure_does_not_change_explicit_port() { fn test_make_hsts_secure_does_not_change_explicit_port() {
let load_data = LoadData::new(Url::parse("http://mozilla.org:8080/").unwrap(), None); let load_data = LoadData::new(Url::parse("http://mozilla.org:8080/").unwrap(), None);
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap()]
}; };
let secure_load_data = hsts_list.make_hsts_secure(load_data); let secure_load_data = hsts_list.make_hsts_secure(load_data);
@ -193,7 +193,7 @@ fn test_make_hsts_secure_does_not_change_explicit_port() {
fn test_make_hsts_secure_doesnt_affect_non_http_schemas() { fn test_make_hsts_secure_doesnt_affect_non_http_schemas() {
let load_data = LoadData::new(Url::parse("file://mozilla.org").unwrap(), None); let load_data = LoadData::new(Url::parse("file://mozilla.org").unwrap(), None);
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap()]
}; };
let secure_load_data = hsts_list.make_hsts_secure(load_data); let secure_load_data = hsts_list.make_hsts_secure(load_data);
@ -204,7 +204,7 @@ fn test_make_hsts_secure_doesnt_affect_non_http_schemas() {
fn test_make_hsts_secure_sets_secure_schema_on_subdomains_when_include_subdomains_is_true() { fn test_make_hsts_secure_sets_secure_schema_on_subdomains_when_include_subdomains_is_true() {
let load_data = LoadData::new(Url::parse("http://servo.mozilla.org").unwrap(), None); let load_data = LoadData::new(Url::parse("http://servo.mozilla.org").unwrap(), None);
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), true, None).unwrap()]
}; };
let secure_load_data = hsts_list.make_hsts_secure(load_data); let secure_load_data = hsts_list.make_hsts_secure(load_data);
@ -215,7 +215,7 @@ fn test_make_hsts_secure_sets_secure_schema_on_subdomains_when_include_subdomain
fn test_make_hsts_secure_forces_an_http_host_in_list_to_https() { fn test_make_hsts_secure_forces_an_http_host_in_list_to_https() {
let load_data = LoadData::new(Url::parse("http://mozilla.org").unwrap(), None); let load_data = LoadData::new(Url::parse("http://mozilla.org").unwrap(), None);
let hsts_list = HSTSList { let hsts_list = HSTSList {
entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None)] entries: vec![HSTSEntry::new("mozilla.org".to_string(), false, None).unwrap()]
}; };
let secure_load_data = hsts_list.make_hsts_secure(load_data); let secure_load_data = hsts_list.make_hsts_secure(load_data);