Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-20 00:35:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 883582 - use only domains likely to stay on the HSTS preload list in the test r=bsmith

Browse Source
This commit is contained in:
David Keeler 2013-06-20 13:12:23 -07:00
parent 668f4f5058
commit 5da3a81494
2 changed files with 67 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
View File

@ -1,3 +1,8 @@
// This test attempts to use only domains that are likely to remain on the
// preload list for a long time. Currently this includes bugzilla.mozilla.org
// and login.persona.org because they are Mozilla properties and we are
// invested in HSTS. Additionally, www.torproject.org was deemed likely to
// continue to use HSTS.
var gSTSService = Cc["@mozilla.org/stsservice;1"]
.getService(Ci.nsIStrictTransportSecurityService);
@ -12,20 +17,28 @@ Observer.prototype = {
var gObserver = new Observer();
// This is a list of every host we call processStsHeader with
// (we have to remove any state added to the sts service so as to not muck
// with other tests).
var hosts = ["http://keyerror.com", "http://subdomain.intercom.io",
"http://subdomain.pixi.me", "http://bugzilla.mozilla.org",
"http://logentries.com"];
// nsIStrictTransportSecurityService.removeStsState removes a given domain's
// HSTS status. This means that a domain on the preload list will be
// considered not HSTS if this is called. So, to reset everything to its
// original state, we have to reach into the permission manager and clear
// any HSTS-related state manually.
function clearStsState() {
var permissionManager = Cc["@mozilla.org/permissionmanager;1"]
.getService(Ci.nsIPermissionManager);
// This is a list of every host we call processStsHeader with
// (so we can remove any state added to the sts service)
var hosts = ["bugzilla.mozilla.org", "login.persona.org",
"subdomain.www.torproject.org",
"subdomain.bugzilla.mozilla.org" ];
for (var host of hosts) {
permissionManager.remove(host, "sts/use");
permissionManager.remove(host, "sts/subd");
}
}
function cleanup() {
Services.obs.removeObserver(gObserver, "last-pb-context-exited");
for (var host of hosts) {
var uri = Services.io.newURI(host, null, null);
gSTSService.removeStsState(uri, 0);
}
clearStsState();
}
function run_test() {
@ -46,82 +59,70 @@ function test_part1() {
// check that an ancestor domain is not identified as an sts host
do_check_false(gSTSService.isStsHost("com", 0));
// Note: the following were taken from the STS preload list
// as of Sept. 2012. If the list changes, this test will need to be modified.
// check that the pref to toggle using the preload list works
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
do_check_false(gSTSService.isStsHost("factor.cc", 0));
do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
do_check_true(gSTSService.isStsHost("factor.cc", 0));
// check that an entry at the beginning of the list is an sts host
do_check_true(gSTSService.isStsHost("arivo.com.br", 0));
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
// check that a subdomain is an sts host (includeSubdomains is set)
do_check_true(gSTSService.isStsHost("subdomain.arivo.com.br", 0));
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
// check that another subdomain is an sts host (includeSubdomains is set)
do_check_true(gSTSService.isStsHost("a.b.c.subdomain.arivo.com.br", 0));
// check that an entry in the middle of the list is an sts host
do_check_true(gSTSService.isStsHost("neg9.org", 0));
do_check_true(gSTSService.isStsHost("a.b.c.def.bugzilla.mozilla.org", 0));
// check that a subdomain is not an sts host (includeSubdomains is not set)
do_check_false(gSTSService.isStsHost("subdomain.neg9.org", 0));
// check that an entry at the end of the list is an sts host
do_check_true(gSTSService.isStsHost("www.noisebridge.net", 0));
// check that a subdomain is not an sts host (includeSubdomains is not set)
do_check_false(gSTSService.isStsHost("a.subdomain.www.noisebridge.net", 0));
do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
// check that a host with a dot on the end won't break anything
do_check_false(gSTSService.isStsHost("notsts.nonexistent.mozilla.com.", 0));
// check that processing a header with max-age: 0 will remove a preloaded
// site from the list
var uri = Services.io.newURI("http://keyerror.com", null, null);
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
gSTSService.processStsHeader(uri, "max-age=0", 0);
do_check_false(gSTSService.isStsHost("keyerror.com", 0));
do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0));
do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
// check that processing another header (with max-age non-zero) will
// re-enable a site's sts status
gSTSService.processStsHeader(uri, "max-age=1000", 0);
do_check_true(gSTSService.isStsHost("keyerror.com", 0));
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
// but this time include subdomains was not set, so test for that
do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0));
do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
clearStsState();
// check that processing a header with max-age: 0 from a subdomain of a site
// will not remove that (ancestor) site from the list
var uri = Services.io.newURI("http://subdomain.intercom.io", null, null);
var uri = Services.io.newURI("http://subdomain.www.torproject.org", null, null);
gSTSService.processStsHeader(uri, "max-age=0", 0);
do_check_true(gSTSService.isStsHost("intercom.io", 0));
do_check_false(gSTSService.isStsHost("subdomain.intercom.io", 0));
do_check_true(gSTSService.isStsHost("www.torproject.org", 0));
do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0));
var uri = Services.io.newURI("http://subdomain.pixi.me", null, null);
var uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org", null, null);
gSTSService.processStsHeader(uri, "max-age=0", 0);
// we received a header with "max-age=0", so we have "no information"
// regarding the sts state of subdomain.pixi.me specifically, but
// it is actually still an STS host, because of the preloaded pixi.me
// including subdomains.
// regarding the sts state of subdomain.bugzilla.mozilla.org specifically,
// but it is actually still an STS host, because of the preloaded
// bugzilla.mozilla.org including subdomains.
// Here's a drawing:
// |-- pixi.me (in preload list, includes subdomains) IS sts host
// |-- subdomain.pixi.me IS sts host
// | `-- another.subdomain.pixi.me IS sts host
// `-- sibling.pixi.me IS sts host
do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0));
do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0));
do_check_true(gSTSService.isStsHost("another.subdomain.pixi.me", 0));
// |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host
// |-- subdomain.bugzilla.mozilla.org IS sts host
// | `-- another.subdomain.bugzilla.mozilla.org IS sts host
// `-- sibling.bugzilla.mozilla.org IS sts host
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0));
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
do_check_true(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
gSTSService.processStsHeader(uri, "max-age=1000", 0);
// Here's what we have now:
// |-- pixi.me (in preload list, includes subdomains) IS sts host
// |-- subdomain.pixi.me (include subdomains is false) IS sts host
// | `-- another.subdomain.pixi.me IS NOT sts host
// `-- sibling.pixi.me IS sts host
do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0));
do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0));
do_check_false(gSTSService.isStsHost("another.subdomain.pixi.me", 0));
// |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host
// |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host
// | `-- another.subdomain.bugzilla.mozilla.org IS NOT sts host
// `-- sibling.bugzilla.mozilla.org IS sts host
do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0));
do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0));
do_check_false(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0));
// Simulate leaving private browsing mode
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
@ -130,6 +131,7 @@ function test_part1() {
const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
function test_private_browsing1() {
clearStsState();
// sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE));
do_check_true(gSTSService.isStsHost("a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
@ -159,12 +161,12 @@ function test_private_browsing1() {
// a site on the preload list, and that header later expires. We need to
// then treat that host as no longer an sts host.)
// (sanity check first - this should be in the preload list)
do_check_true(gSTSService.isStsHost("logentries.com", IS_PRIVATE));
var uri = Services.io.newURI("http://logentries.com", null, null);
do_check_true(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
var uri = Services.io.newURI("http://login.persona.org", null, null);
// according to the rfc, max-age can't be negative, but this is a great
// way to test an expired entry
gSTSService.processStsHeader(uri, "max-age=-1000", IS_PRIVATE);
do_check_false(gSTSService.isStsHost("logentries.com", IS_PRIVATE));
do_check_false(gSTSService.isStsHost("login.persona.org", IS_PRIVATE));
// Simulate leaving private browsing mode
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
@ -178,7 +180,7 @@ function test_private_browsing2() {
// Now that we're out of private browsing mode, we need to make sure
// we've "forgotten" that we "forgot" this site's sts status.
do_check_true(gSTSService.isStsHost("logentries.com", 0));
do_check_true(gSTSService.isStsHost("login.persona.org", 0));
run_next_test();
}

8
security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
View File

@ -1,19 +1,21 @@
// This test uses bugzilla.mozilla.org given that it is likely to remain
// on the preload list for a long time.
function run_test() {
let STSService = Cc["@mozilla.org/stsservice;1"]
.getService(Ci.nsIStrictTransportSecurityService);
// check that a host on the preload list is identified as an sts host
do_check_true(STSService.isStsHost("alpha.irccloud.com", 0));
do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
// now simulate that it's 19 weeks later than it actually is
let offsetSeconds = 19 * 7 * 24 * 60 * 60;
Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
// check that the preloaded host is no longer considered sts
do_check_false(STSService.isStsHost("alpha.irccloud.com", 0));
do_check_false(STSService.isStsHost("bugzilla.mozilla.org", 0));
// just make sure we can get everything back to normal
Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
do_check_true(STSService.isStsHost("alpha.irccloud.com", 0));
do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0));
}