tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_sss_readstate_garbage.js (2961B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 "use strict";
      5 
      6 // The purpose of this test is to create a mostly bogus old site security
      7 // service state file and see that the site security service migrates it
      8 // to the new format properly, discarding invalid data.
      9 
     10 function run_test() {
     11  let profileDir = do_get_profile();
     12  let stateFile = profileDir.clone();
     13  stateFile.append(SSS_STATE_OLD_FILE_NAME);
     14  // Assuming we're working with a clean slate, the file shouldn't exist
     15  // until we create it.
     16  ok(!stateFile.exists());
     17  let outputStream = FileUtils.openFileOutputStream(stateFile);
     18  let expiryTime = Date.now() + 100000;
     19  let lines = [
     20    // General state file entry tests.
     21    `example1.example.com\t0\t0\t${expiryTime},1,0`,
     22    "I'm a lumberjack and I'm okay; I work all night and I sleep all day!",
     23    "This is a totally bogus entry\t",
     24    "0\t0\t0\t0\t",
     25    "\t\t\t\t\t\t\t",
     26    "example.com\t\t\t\t\t\t\t",
     27    "example3.example.com\t0\t\t\t\t\t\t",
     28    `example2.example.com\t0\t0\t${expiryTime},1,0`,
     29    // HSTS state string parsing tests
     30    `extra.comma.example.com\t0\t0\t${expiryTime},,1,0`,
     31    "empty.statestring.example.com\t0\t0\t",
     32    "rubbish.statestring.example.com\t0\t0\tfoobar",
     33    `spaces.statestring.example.com\t0\t0\t${expiryTime}, 1,0 `,
     34    `invalid.expirytime.example.com\t0\t0\t${expiryTime}foo123,1,0`,
     35    `text.securitypropertystate.example.com\t0\t0\t${expiryTime},1foo,0`,
     36    `invalid.securitypropertystate.example.com\t0\t0\t${expiryTime},999,0`,
     37    `text.includesubdomains.example.com\t0\t0\t${expiryTime},1,1foo`,
     38    `invalid.includesubdomains.example.com\t0\t0\t${expiryTime},1,0foo`,
     39  ];
     40  writeLinesAndClose(lines, outputStream);
     41 
     42  let siteSecurityService = Cc["@mozilla.org/ssservice;1"].getService(
     43    Ci.nsISiteSecurityService
     44  );
     45  notEqual(siteSecurityService, null);
     46 
     47  const HSTS_HOSTS = [
     48    "https://example1.example.com",
     49    "https://example2.example.com",
     50  ];
     51  for (let host of HSTS_HOSTS) {
     52    ok(
     53      siteSecurityService.isSecureURI(Services.io.newURI(host)),
     54      `${host} should be HSTS enabled`
     55    );
     56  }
     57 
     58  const NOT_HSTS_HOSTS = [
     59    "https://example.com",
     60    "https://example3.example.com",
     61    "https://extra.comma.example.com",
     62    "https://empty.statestring.example.com",
     63    "https://rubbish.statestring.example.com",
     64    "https://spaces.statestring.example.com",
     65    "https://invalid.expirytime.example.com",
     66    "https://text.securitypropertystate.example.com",
     67    "https://invalid.securitypropertystate.example.com",
     68    "https://text.includesubdomains.example.com",
     69    "https://invalid.includesubdomains.example.com",
     70  ];
     71  for (let host of NOT_HSTS_HOSTS) {
     72    ok(
     73      !siteSecurityService.isSecureURI(Services.io.newURI(host)),
     74      `${host} should not be HSTS enabled`
     75    );
     76  }
     77 }