2012-05-21 04:12:37 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
#include "TestHarness.h"
|
|
|
|
#include <stdio.h>
|
|
|
|
#include "nsNetUtil.h"
|
2013-08-02 15:48:37 -07:00
|
|
|
#include "nsISiteSecurityService.h"
|
2010-06-03 14:03:17 -07:00
|
|
|
|
2010-08-27 04:08:24 -07:00
|
|
|
#define EXPECT_SUCCESS(rv, ...) \
|
2010-06-03 14:03:17 -07:00
|
|
|
PR_BEGIN_MACRO \
|
|
|
|
if (NS_FAILED(rv)) { \
|
2010-08-27 04:08:24 -07:00
|
|
|
fail(__VA_ARGS__); \
|
2011-10-17 07:59:28 -07:00
|
|
|
return false; \
|
2010-06-03 14:03:17 -07:00
|
|
|
} \
|
|
|
|
PR_END_MACRO
|
|
|
|
|
|
|
|
|
2010-08-27 04:08:24 -07:00
|
|
|
#define EXPECT_FAILURE(rv, ...) \
|
2010-06-03 14:03:17 -07:00
|
|
|
PR_BEGIN_MACRO \
|
|
|
|
if (NS_SUCCEEDED(rv)) { \
|
2010-08-27 04:08:24 -07:00
|
|
|
fail(__VA_ARGS__); \
|
2011-10-17 07:59:28 -07:00
|
|
|
return false; \
|
2010-06-03 14:03:17 -07:00
|
|
|
} \
|
|
|
|
PR_END_MACRO
|
|
|
|
|
2010-08-27 04:08:24 -07:00
|
|
|
#define REQUIRE_EQUAL(a, b, ...) \
|
2010-06-03 14:03:17 -07:00
|
|
|
PR_BEGIN_MACRO \
|
|
|
|
if (a != b) { \
|
2010-08-27 04:08:24 -07:00
|
|
|
fail(__VA_ARGS__); \
|
2011-10-17 07:59:28 -07:00
|
|
|
return false; \
|
2010-06-03 14:03:17 -07:00
|
|
|
} \
|
|
|
|
PR_END_MACRO
|
|
|
|
|
2011-09-28 23:19:26 -07:00
|
|
|
bool
|
|
|
|
TestSuccess(const char* hdr, bool extraTokens,
|
2012-10-15 14:43:57 -07:00
|
|
|
uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
|
2013-09-17 15:47:01 -07:00
|
|
|
nsISiteSecurityService* sss)
|
2010-06-03 14:03:17 -07:00
|
|
|
{
|
|
|
|
nsCOMPtr<nsIURI> dummyUri;
|
|
|
|
nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
|
|
|
|
EXPECT_SUCCESS(rv, "Failed to create URI");
|
|
|
|
|
2012-10-15 14:43:57 -07:00
|
|
|
uint64_t maxAge = 0;
|
|
|
|
bool includeSubdomains = false;
|
2014-09-03 10:24:12 -07:00
|
|
|
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
|
|
|
|
hdr, 0, &maxAge, &includeSubdomains);
|
2010-06-03 14:03:17 -07:00
|
|
|
EXPECT_SUCCESS(rv, "Failed to process valid header: %s", hdr);
|
|
|
|
|
2012-10-15 14:43:57 -07:00
|
|
|
REQUIRE_EQUAL(maxAge, expectedMaxAge, "Did not correctly parse maxAge");
|
|
|
|
REQUIRE_EQUAL(includeSubdomains, expectedIncludeSubdomains, "Did not correctly parse presence/absence of includeSubdomains");
|
|
|
|
|
2010-06-03 14:03:17 -07:00
|
|
|
if (extraTokens) {
|
|
|
|
REQUIRE_EQUAL(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA,
|
|
|
|
"Extra tokens were expected when parsing, but were not encountered.");
|
|
|
|
} else {
|
|
|
|
REQUIRE_EQUAL(rv, NS_OK, "Unexpected tokens found during parsing.");
|
|
|
|
}
|
|
|
|
|
|
|
|
passed(hdr);
|
2011-10-17 07:59:28 -07:00
|
|
|
return true;
|
2010-06-03 14:03:17 -07:00
|
|
|
}
|
|
|
|
|
2011-09-28 23:19:26 -07:00
|
|
|
bool TestFailure(const char* hdr,
|
2013-09-17 15:47:01 -07:00
|
|
|
nsISiteSecurityService* sss)
|
2010-06-03 14:03:17 -07:00
|
|
|
{
|
|
|
|
nsCOMPtr<nsIURI> dummyUri;
|
|
|
|
nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
|
|
|
|
EXPECT_SUCCESS(rv, "Failed to create URI");
|
|
|
|
|
2014-09-03 10:24:12 -07:00
|
|
|
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
|
|
|
|
hdr, 0, nullptr, nullptr);
|
2010-06-03 14:03:17 -07:00
|
|
|
EXPECT_FAILURE(rv, "Parsed invalid header: %s", hdr);
|
|
|
|
passed(hdr);
|
2011-10-17 07:59:28 -07:00
|
|
|
return true;
|
2010-06-03 14:03:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
2012-08-22 08:56:38 -07:00
|
|
|
main(int32_t argc, char *argv[])
|
2010-06-03 14:03:17 -07:00
|
|
|
{
|
|
|
|
nsresult rv;
|
|
|
|
ScopedXPCOM xpcom("STS Parser Tests");
|
|
|
|
if (xpcom.failed())
|
|
|
|
return -1;
|
2012-01-20 05:47:51 -08:00
|
|
|
// Initialize a profile folder to ensure a clean shutdown.
|
|
|
|
nsCOMPtr<nsIFile> profile = xpcom.GetProfileDirectory();
|
|
|
|
if (!profile) {
|
|
|
|
fail("Couldn't get the profile directory.");
|
|
|
|
return -1;
|
|
|
|
}
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
// grab handle to the service
|
2013-08-02 15:48:37 -07:00
|
|
|
nsCOMPtr<nsISiteSecurityService> sss;
|
|
|
|
sss = do_GetService("@mozilla.org/ssservice;1", &rv);
|
2012-08-07 10:17:27 -07:00
|
|
|
NS_ENSURE_SUCCESS(rv, -1);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
int rv0, rv1;
|
|
|
|
|
2011-09-28 23:19:26 -07:00
|
|
|
nsTArray<bool> rvs(24);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
// *** parsing tests
|
|
|
|
printf("*** Attempting to parse valid STS headers ...\n");
|
|
|
|
|
|
|
|
// SHOULD SUCCEED:
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestSuccess("max-age=100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age =100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess(" max-age=100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age = \"100\" ", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age=\"100\"", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess(" max-age =\"100\" ", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, sss));
|
|
|
|
|
|
|
|
rvs.AppendElement(TestSuccess("maX-aGe=100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("MAX-age =100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-AGE=100", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("Max-Age = 100 ", false, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("MAX-AGE = 100 ", false, 100, false, sss));
|
|
|
|
|
|
|
|
rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss));
|
|
|
|
|
|
|
|
rvs.AppendElement(TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss));
|
2013-07-25 16:13:50 -07:00
|
|
|
// Turns out, the actual directive is entirely optional (hence the
|
|
|
|
// trailing semicolon)
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss));
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
// these are weird tests, but are testing that some extended syntax is
|
|
|
|
// still allowed (but it is ignored)
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestSuccess("max-age=100 ; includesubdomainsSomeStuff", true, 100, false, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103 \t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", true, 34520103, true, sss));
|
|
|
|
rvs.AppendElement(TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", true, 100, false, sss));
|
2010-06-03 14:03:17 -07:00
|
|
|
|
2011-10-17 07:59:28 -07:00
|
|
|
rv0 = rvs.Contains(false) ? 1 : 0;
|
2010-06-03 14:03:17 -07:00
|
|
|
if (rv0 == 0)
|
|
|
|
passed("Successfully Parsed STS headers with mixed case and LWS");
|
|
|
|
|
|
|
|
rvs.Clear();
|
|
|
|
|
|
|
|
// SHOULD FAIL:
|
|
|
|
printf("*** Attempting to parse invalid STS headers (should not parse)...\n");
|
|
|
|
// invalid max-ages
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("max-age", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age ", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=p", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=*1p2", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=.20032", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=!20032", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age==20032", sss));
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
// invalid headers
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("foobar", sss));
|
|
|
|
rvs.AppendElement(TestFailure("maxage=100", sss));
|
|
|
|
rvs.AppendElement(TestFailure("maxa-ge=100", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-ag=100", sss));
|
|
|
|
rvs.AppendElement(TestFailure("includesubdomains", sss));
|
|
|
|
rvs.AppendElement(TestFailure(";", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=\"100", sss));
|
2013-07-25 16:13:50 -07:00
|
|
|
// The max-age directive here doesn't conform to the spec, so it MUST
|
|
|
|
// be ignored. Consequently, the REQUIRED max-age directive is not
|
|
|
|
// present in this header, and so it is invalid.
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("max-age=100, max-age=200; includeSubdomains", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=100 includesubdomains", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=100 bar foo", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=100randomstuffhere", sss));
|
2013-07-25 16:13:50 -07:00
|
|
|
// All directives MUST appear only once in an STS header field.
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("max-age=100; max-age=200", sss));
|
|
|
|
rvs.AppendElement(TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss));
|
|
|
|
rvs.AppendElement(TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss));
|
2013-07-25 16:13:50 -07:00
|
|
|
// The includeSubdomains directive is valueless.
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("max-age=100; includeSubdomains=unexpected", sss));
|
2013-07-25 16:13:50 -07:00
|
|
|
// LWS must have at least one space or horizontal tab
|
2013-09-17 15:47:01 -07:00
|
|
|
rvs.AppendElement(TestFailure("\r\nmax-age=200", sss));
|
2010-06-03 14:03:17 -07:00
|
|
|
|
2011-10-17 07:59:28 -07:00
|
|
|
rv1 = rvs.Contains(false) ? 1 : 0;
|
2010-06-03 14:03:17 -07:00
|
|
|
if (rv1 == 0)
|
|
|
|
passed("Avoided parsing invalid STS headers");
|
|
|
|
|
|
|
|
return (rv0 + rv1);
|
|
|
|
}
|