Evict HSTS entries when a max-age of 0 is seen

This commit is contained in:
Sam Gibson 2015-06-23 16:00:30 -07:00
parent 690ac636eb
commit ff1777e446
2 changed files with 12 additions and 1 deletions

View file

@ -214,7 +214,7 @@ impl HSTSEntry {
pub fn is_expired(&self) -> bool {
match (self.max_age, self.timestamp) {
(Some(max_age), Some(timestamp)) => {
(time::get_time().sec as u64) - timestamp > max_age
(time::get_time().sec as u64) - timestamp >= max_age
},
_ => false

View file

@ -80,6 +80,17 @@ fn test_hsts_entry_cant_be_created_with_ipv4_address_as_host() {
}
}
#[test]
fn test_push_entry_with_0_max_age_evicts_entry_from_list() {
let mut list = HSTSList {
entries: vec!(HSTSEntry::new("mozilla.org".to_string(), false, Some(500000u64)).unwrap())
};
list.push(HSTSEntry::new("mozilla.org".to_string(), false, Some(0)).unwrap());
assert!(list.is_host_secure("mozilla.org") == false)
}
#[test]
fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_already_matched() {
let mut list = HSTSList {