servo/components/net/tests/subresource_integrity.rs

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

use net::subresource_integrity::{
    SriEntry, get_prioritized_hash_function, get_strongest_metadata, is_response_integrity_valid,
    parsed_metadata,
};
use net_traits::response::{Response, ResponseBody};
use net_traits::{ResourceFetchTiming, ResourceTimingType};
use servo_url::ServoUrl;

#[test]
fn test_get_prioritized_hash_function() {
    let mut algorithm = get_prioritized_hash_function("sha256", "sha256");
    assert_eq!(algorithm, None);

    algorithm = get_prioritized_hash_function("sha256", "sha384");
    assert_eq!(algorithm.unwrap(), "sha384");

    algorithm = get_prioritized_hash_function("sha384", "sha512");
    assert_eq!(algorithm.unwrap(), "sha512");
}

#[test]
fn test_parsed_metadata_without_options() {
    let integrity_metadata = "sha384-Hash1";
    let ref parsed_metadata: SriEntry = parsed_metadata(integrity_metadata)[0];

    assert_eq!(parsed_metadata.alg, "sha384");
    assert_eq!(parsed_metadata.val, "Hash1");
    assert!(parsed_metadata.opt.is_none());
}

#[test]
fn test_parsed_metadata_with_options() {
    let integrity_metadata = "sha384-Hash1?opt=23";
    let ref parsed_metadata: SriEntry = parsed_metadata(integrity_metadata)[0];

    assert_eq!(parsed_metadata.alg, "sha384");
    assert_eq!(parsed_metadata.val, "Hash1");
    assert!(parsed_metadata.opt.is_some());
}

#[test]
fn test_parsed_metadata_with_malformed_integrity() {
    let integrity_metadata = "Not a valid integrity";
    let ref parsed_metadata_list: Vec<SriEntry> = parsed_metadata(integrity_metadata);

    assert!(parsed_metadata_list.is_empty());
}

#[test]
fn test_get_strongest_metadata_two_same_algorithm() {
    let integrity_metadata = "sha512-Hash1 sha512-Hash2?opt=23";
    let parsed_metadata_list: Vec<SriEntry> = parsed_metadata(integrity_metadata);

    let strong_metadata: Vec<SriEntry> = get_strongest_metadata(parsed_metadata_list);
    assert_eq!(strong_metadata.len(), 2);
    assert_eq!(strong_metadata[0].alg, strong_metadata[1].alg);
}

#[test]
fn test_get_strongest_metadata_different_algorithm() {
    let integrity_metadata = "sha256-Hash0 sha384-Hash1 sha512-Hash2?opt=23";
    let parsed_metadata_list: Vec<SriEntry> = parsed_metadata(integrity_metadata);

    let strong_metadata: Vec<SriEntry> = get_strongest_metadata(parsed_metadata_list);
    assert_eq!(strong_metadata.len(), 1);
    assert_eq!(strong_metadata[0].alg, "sha512");
}

#[test]
fn test_response_integrity_valid() {
    let url: ServoUrl = ServoUrl::parse("http://servo.org").unwrap();
    let response: Response = Response::new(
        url,
        ResourceFetchTiming::new(ResourceTimingType::Navigation),
    );

    let integrity_metadata =
        "sha384-H8BRh8j48O9oYatfu5AZzq6A9RINhZO5H16dQZngK7T62em8MUt1FLm52t+eX6xO";
    let response_body = "alert('Hello, world.');".to_owned().into_bytes();

    *response.body.lock().unwrap() = ResponseBody::Done(response_body);
    assert!(is_response_integrity_valid(integrity_metadata, &response));
}

#[test]
fn test_response_integrity_invalid() {
    let url: ServoUrl = ServoUrl::parse("http://servo.org").unwrap();
    let response: Response = Response::new(
        url,
        ResourceFetchTiming::new(ResourceTimingType::Navigation),
    );

    let integrity_metadata =
        "sha256-H8BRh8j48O9oYatfu5AZzq6A9RINhZO5H16dQZngK7T62em8MUt1FLm52t+eX6xO";
    let response_body = "alert('Hello, world.');".to_owned().into_bytes();

    *response.body.lock().unwrap() = ResponseBody::Done(response_body);
    assert!(!is_response_integrity_valid(integrity_metadata, &response));
}