mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Preload an HSTS domain list from chromium
This resolves the first part of servo/servo#6105. The remaining part is to update the list based on the STS headers from the server.
This commit is contained in:
Sam Gibson
parent
406be7accf
commit
aa19a9a741
5 changed files with 287 additions and 20 deletions
|
|
@ -2,7 +2,9 @@
|
|||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use net::resource_task::{new_resource_task, parse_hostsfile, replace_hosts};
|
||||
use net::resource_task::{
|
||||
new_resource_task, parse_hostsfile, replace_hosts, HSTSList, HSTSEntry
|
||||
};
|
||||
use net_traits::{ControlMsg, LoadData, LoadConsumer};
|
||||
use net_traits::ProgressMsg;
|
||||
use std::borrow::ToOwned;
|
||||
|
|
@ -17,6 +19,126 @@ fn test_exit() {
|
|||
resource_task.send(ControlMsg::Exit).unwrap();
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_hsts_preload_should_return_none_when_json_invalid() {
|
||||
let mock_preload_content = "derp";
|
||||
match HSTSList::new_from_preload(mock_preload_content) {
|
||||
Some(_) => assert!(false, "preload list should not have parsed"),
|
||||
None => assert!(true)
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_hsts_preload_should_return_none_when_json_contains_no_entries_key() {
|
||||
let mock_preload_content = "{\"nothing\": \"to see here\"}";
|
||||
match HSTSList::new_from_preload(mock_preload_content) {
|
||||
Some(_) => assert!(false, "preload list should not have parsed"),
|
||||
None => assert!(true)
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_hsts_preload_should_decode_host_and_includes_subdomains() {
|
||||
let mock_preload_content = "{\
|
||||
\"entries\": [\
|
||||
{\"host\": \"mozilla.org\",\
|
||||
\"include_subdomains\": false}\
|
||||
]\
|
||||
}";
|
||||
let hsts_list = HSTSList::new_from_preload(mock_preload_content);
|
||||
let entries = hsts_list.unwrap().entries;
|
||||
|
||||
assert!(entries.get(0).unwrap().host == "mozilla.org");
|
||||
assert!(entries.get(0).unwrap().include_subdomains == false);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_no_entries_does_not_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: Vec::new()
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("mozilla.org") == false);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_exact_domain_entry_is_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: false}]
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("mozilla.org") == true);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_subdomain_when_include_subdomains_is_true_is_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: true}]
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("servo.mozilla.org") == true);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: false}]
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("servo.mozilla.org") == false);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_subdomain_when_host_is_not_a_subdomain_is_not_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: true}]
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("servo-mozilla.org") == false);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_always_secure() {
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: true}]
|
||||
};
|
||||
|
||||
assert!(hsts_list.always_secure("mozilla.org") == true);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_make_hsts_secure_doesnt_affect_non_http_schemas() {
|
||||
let load_data = LoadData::new(Url::parse("file://mozilla.org").unwrap(), None);
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: false}]
|
||||
};
|
||||
let secure_load_data = hsts_list.make_hsts_secure(load_data);
|
||||
|
||||
assert!(&secure_load_data.url.scheme == "file");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_make_hsts_secure_sets_secure_schema_on_subdomains_when_include_subdomains_is_true() {
|
||||
let load_data = LoadData::new(Url::parse("http://servo.mozilla.org").unwrap(), None);
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: true}]
|
||||
};
|
||||
let secure_load_data = hsts_list.make_hsts_secure(load_data);
|
||||
|
||||
assert!(&secure_load_data.url.scheme == "https");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_make_hsts_secure_forces_an_http_host_in_list_to_https() {
|
||||
let load_data = LoadData::new(Url::parse("http://mozilla.org").unwrap(), None);
|
||||
let hsts_list = HSTSList {
|
||||
entries: vec![HSTSEntry { host: "mozilla.org".to_string(), include_subdomains: false}]
|
||||
};
|
||||
let secure_load_data = hsts_list.make_hsts_secure(load_data);
|
||||
|
||||
assert!(&secure_load_data.url.scheme == "https");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_bad_scheme() {
|
||||
let resource_task = new_resource_task(None, None);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue