mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-20 00:35:44 +00:00
bug 883582 - use only domains likely to stay on the HSTS preload list in the test r=bsmith
This commit is contained in:
parent
668f4f5058
commit
5da3a81494
@ -1,3 +1,8 @@
|
||||
// This test attempts to use only domains that are likely to remain on the
|
||||
// preload list for a long time. Currently this includes bugzilla.mozilla.org
|
||||
// and login.persona.org because they are Mozilla properties and we are
|
||||
// invested in HSTS. Additionally, www.torproject.org was deemed likely to
|
||||
// continue to use HSTS.
|
||||
|
||||
var gSTSService = Cc["@mozilla.org/stsservice;1"]
|
||||
.getService(Ci.nsIStrictTransportSecurityService);
|
||||
@ -12,20 +17,28 @@ Observer.prototype = {
|
||||
|
||||
var gObserver = new Observer();
|
||||
|
||||
// This is a list of every host we call processStsHeader with
|
||||
// (we have to remove any state added to the sts service so as to not muck
|
||||
// with other tests).
|
||||
var hosts = ["http://keyerror.com", "http://subdomain.intercom.io",
|
||||
"http://subdomain.pixi.me", "http://bugzilla.mozilla.org",
|
||||
"http://logentries.com"];
|
||||
// nsIStrictTransportSecurityService.removeStsState removes a given domain's
|
||||
// HSTS status. This means that a domain on the preload list will be
|
||||
// considered not HSTS if this is called. So, to reset everything to its
|
||||
// original state, we have to reach into the permission manager and clear
|
||||
// any HSTS-related state manually.
|
||||
function clearStsState() {
|
||||
var permissionManager = Cc["@mozilla.org/permissionmanager;1"]
|
||||
.getService(Ci.nsIPermissionManager);
|
||||
// This is a list of every host we call processStsHeader with
|
||||
// (so we can remove any state added to the sts service)
|
||||
var hosts = ["bugzilla.mozilla.org", "login.persona.org",
|
||||
"subdomain.www.torproject.org",
|
||||
"subdomain.bugzilla.mozilla.org" ];
|
||||
for (var host of hosts) {
|
||||
permissionManager.remove(host, "sts/use");
|
||||
permissionManager.remove(host, "sts/subd");
|
||||
}
|
||||
}
|
||||
|
||||
function cleanup() {
|
||||
Services.obs.removeObserver(gObserver, "last-pb-context-exited");
|
||||
|
||||
for (var host of hosts) {
|
||||
var uri = Services.io.newURI(host, null, null);
|
||||
gSTSService.removeStsState(uri, 0);
|
||||
}
|
||||
clearStsState();
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
@ -46,82 +59,70 @@ function test_part1() {
|
||||
// check that an ancestor domain is not identified as an sts host
|
||||
do_check_false(gSTSService.isStsHost("com", 0));
|
||||
|
||||
// Note: the following were taken from the STS preload list
|
||||
// as of Sept. 2012. If the list changes, this test will need to be modified.
|
||||
// check that the pref to toggle using the preload list works
|
||||
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
|
||||
do_check_false(gSTSService.isStsHost("factor.cc", 0));
|
||||
do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
|
||||
do_check_true(gSTSService.isStsHost("factor.cc", 0));
|
||||
|
||||
// check that an entry at the beginning of the list is an sts host
|
||||
do_check_true(gSTSService.isStsHost("arivo.com.br", 0));
|
||||
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that a subdomain is an sts host (includeSubdomains is set)
|
||||
do_check_true(gSTSService.isStsHost("subdomain.arivo.com.br", 0));
|
||||
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that another subdomain is an sts host (includeSubdomains is set)
|
||||
do_check_true(gSTSService.isStsHost("a.b.c.subdomain.arivo.com.br", 0));
|
||||
|
||||
// check that an entry in the middle of the list is an sts host
|
||||
do_check_true(gSTSService.isStsHost("neg9.org", 0));
|
||||
do_check_true(gSTSService.isStsHost("a.b.c.def.bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that a subdomain is not an sts host (includeSubdomains is not set)
|
||||
do_check_false(gSTSService.isStsHost("subdomain.neg9.org", 0));
|
||||
|
||||
// check that an entry at the end of the list is an sts host
|
||||
do_check_true(gSTSService.isStsHost("www.noisebridge.net", 0));
|
||||
|
||||
// check that a subdomain is not an sts host (includeSubdomains is not set)
|
||||
do_check_false(gSTSService.isStsHost("a.subdomain.www.noisebridge.net", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
|
||||
|
||||
// check that a host with a dot on the end won't break anything
|
||||
do_check_false(gSTSService.isStsHost("notsts.nonexistent.mozilla.com.", 0));
|
||||
|
||||
// check that processing a header with max-age: 0 will remove a preloaded
|
||||
// site from the list
|
||||
var uri = Services.io.newURI("http://keyerror.com", null, null);
|
||||
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
|
||||
gSTSService.processStsHeader(uri, "max-age=0", 0);
|
||||
do_check_false(gSTSService.isStsHost("keyerror.com", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0));
|
||||
do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
|
||||
// check that processing another header (with max-age non-zero) will
|
||||
// re-enable a site's sts status
|
||||
gSTSService.processStsHeader(uri, "max-age=1000", 0);
|
||||
do_check_true(gSTSService.isStsHost("keyerror.com", 0));
|
||||
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
// but this time include subdomains was not set, so test for that
|
||||
do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
|
||||
clearStsState();
|
||||
|
||||
// check that processing a header with max-age: 0 from a subdomain of a site
|
||||
// will not remove that (ancestor) site from the list
|
||||
var uri = Services.io.newURI("http://subdomain.intercom.io", null, null);
|
||||
var uri = Services.io.newURI("http://subdomain.www.torproject.org", null, null);
|
||||
gSTSService.processStsHeader(uri, "max-age=0", 0);
|
||||
do_check_true(gSTSService.isStsHost("intercom.io", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.intercom.io", 0));
|
||||
do_check_true(gSTSService.isStsHost("www.torproject.org", 0));
|
||||
do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
|
||||
|
||||
var uri = Services.io.newURI("http://subdomain.pixi.me", null, null);
|
||||
var uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org", null, null);
|
||||
gSTSService.processStsHeader(uri, "max-age=0", 0);
|
||||
// we received a header with "max-age=0", so we have "no information"
|
||||
// regarding the sts state of subdomain.pixi.me specifically, but
|
||||
// it is actually still an STS host, because of the preloaded pixi.me
|
||||
// including subdomains.
|
||||
// regarding the sts state of subdomain.bugzilla.mozilla.org specifically,
|
||||
// but it is actually still an STS host, because of the preloaded
|
||||
// bugzilla.mozilla.org including subdomains.
|
||||
// Here's a drawing:
|
||||
// |-- pixi.me (in preload list, includes subdomains) IS sts host
|
||||
// |-- subdomain.pixi.me IS sts host
|
||||
// | `-- another.subdomain.pixi.me IS sts host
|
||||
// `-- sibling.pixi.me IS sts host
|
||||
do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0));
|
||||
do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0));
|
||||
do_check_true(gSTSService.isStsHost("another.subdomain.pixi.me", 0));
|
||||
// |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host
|
||||
// |-- subdomain.bugzilla.mozilla.org IS sts host
|
||||
// | `-- another.subdomain.bugzilla.mozilla.org IS sts host
|
||||
// `-- sibling.bugzilla.mozilla.org IS sts host
|
||||
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
gSTSService.processStsHeader(uri, "max-age=1000", 0);
|
||||
// Here's what we have now:
|
||||
// |-- pixi.me (in preload list, includes subdomains) IS sts host
|
||||
// |-- subdomain.pixi.me (include subdomains is false) IS sts host
|
||||
// | `-- another.subdomain.pixi.me IS NOT sts host
|
||||
// `-- sibling.pixi.me IS sts host
|
||||
do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0));
|
||||
do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0));
|
||||
do_check_false(gSTSService.isStsHost("another.subdomain.pixi.me", 0));
|
||||
// |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host
|
||||
// |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host
|
||||
// | `-- another.subdomain.bugzilla.mozilla.org IS NOT sts host
|
||||
// `-- sibling.bugzilla.mozilla.org IS sts host
|
||||
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
// Simulate leaving private browsing mode
|
||||
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
|
||||
@ -130,6 +131,7 @@ function test_part1() {
|
||||
const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
|
||||
|
||||
function test_private_browsing1() {
|
||||
clearStsState();
|
||||
// sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
|
||||
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
|
||||
do_check_true(gSTSService.isStsHost("a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
@ -159,12 +161,12 @@ function test_private_browsing1() {
|
||||
// a site on the preload list, and that header later expires. We need to
|
||||
// then treat that host as no longer an sts host.)
|
||||
// (sanity check first - this should be in the preload list)
|
||||
do_check_true(gSTSService.isStsHost("logentries.com", IS_PRIVATE));
|
||||
var uri = Services.io.newURI("http://logentries.com", null, null);
|
||||
do_check_true(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
|
||||
var uri = Services.io.newURI("http://login.persona.org", null, null);
|
||||
// according to the rfc, max-age can't be negative, but this is a great
|
||||
// way to test an expired entry
|
||||
gSTSService.processStsHeader(uri, "max-age=-1000", IS_PRIVATE);
|
||||
do_check_false(gSTSService.isStsHost("logentries.com", IS_PRIVATE));
|
||||
do_check_false(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
|
||||
|
||||
// Simulate leaving private browsing mode
|
||||
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
|
||||
@ -178,7 +180,7 @@ function test_private_browsing2() {
|
||||
|
||||
// Now that we're out of private browsing mode, we need to make sure
|
||||
// we've "forgotten" that we "forgot" this site's sts status.
|
||||
do_check_true(gSTSService.isStsHost("logentries.com", 0));
|
||||
do_check_true(gSTSService.isStsHost("login.persona.org", 0));
|
||||
|
||||
run_next_test();
|
||||
}
|
||||
|
@ -1,19 +1,21 @@
|
||||
// This test uses bugzilla.mozilla.org given that it is likely to remain
|
||||
// on the preload list for a long time.
|
||||
|
||||
function run_test() {
|
||||
let STSService = Cc["@mozilla.org/stsservice;1"]
|
||||
.getService(Ci.nsIStrictTransportSecurityService);
|
||||
|
||||
// check that a host on the preload list is identified as an sts host
|
||||
do_check_true(STSService.isStsHost("alpha.irccloud.com", 0));
|
||||
do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
|
||||
// now simulate that it's 19 weeks later than it actually is
|
||||
let offsetSeconds = 19 * 7 * 24 * 60 * 60;
|
||||
Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
|
||||
|
||||
// check that the preloaded host is no longer considered sts
|
||||
do_check_false(STSService.isStsHost("alpha.irccloud.com", 0));
|
||||
do_check_false(STSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
|
||||
// just make sure we can get everything back to normal
|
||||
Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
|
||||
do_check_true(STSService.isStsHost("alpha.irccloud.com", 0));
|
||||
do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user