tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_sts_parser.js (5094B)

      1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 * vim: sw=2 ts=2 sts=2
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 "use strict";
      8 
      9 // STS parser tests
     10 
     11 let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
     12 
     13 function test_valid_header(header, expectedMaxAge, expectedIncludeSubdomains) {
     14  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
     15  let maxAge = {};
     16  let includeSubdomains = {};
     17 
     18  sss.processHeader(dummyUri, header, {}, maxAge, includeSubdomains);
     19 
     20  equal(maxAge.value, expectedMaxAge, "Correctly parsed maxAge");
     21  equal(
     22    includeSubdomains.value,
     23    expectedIncludeSubdomains,
     24    "Correctly parsed presence/absence of includeSubdomains"
     25  );
     26 }
     27 
     28 function test_invalid_header(header) {
     29  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
     30  let maxAge = {};
     31  let includeSubdomains = {};
     32 
     33  throws(
     34    () => {
     35      sss.processHeader(dummyUri, header, {}, maxAge, includeSubdomains);
     36    },
     37    /NS_ERROR_FAILURE/,
     38    "Correctly rejected invalid header: " + header
     39  );
     40 }
     41 
     42 function run_test() {
     43  // SHOULD SUCCEED:
     44  test_valid_header("max-age=100", 100, false);
     45  test_valid_header("max-age  =100", 100, false);
     46  test_valid_header(" max-age=100", 100, false);
     47  test_valid_header("max-age = 100 ", 100, false);
     48  test_valid_header('max-age = "100" ', 100, false);
     49  test_valid_header('max-age="100"', 100, false);
     50  test_valid_header(' max-age ="100" ', 100, false);
     51  test_valid_header('\tmax-age\t=\t"100"\t', 100, false);
     52  test_valid_header("max-age  =       100             ", 100, false);
     53 
     54  test_valid_header("maX-aGe=100", 100, false);
     55  test_valid_header("MAX-age  =100", 100, false);
     56  test_valid_header("max-AGE=100", 100, false);
     57  test_valid_header("Max-Age = 100 ", 100, false);
     58  test_valid_header("MAX-AGE = 100 ", 100, false);
     59 
     60  test_valid_header("max-age=100;includeSubdomains", 100, true);
     61  test_valid_header("max-age=100\t; includeSubdomains", 100, true);
     62  test_valid_header(" max-age=100; includeSubdomains", 100, true);
     63  test_valid_header("max-age = 100 ; includeSubdomains", 100, true);
     64  test_valid_header(
     65    "max-age  =       100             ; includeSubdomains",
     66    100,
     67    true
     68  );
     69 
     70  test_valid_header("maX-aGe=100; includeSUBDOMAINS", 100, true);
     71  test_valid_header("MAX-age  =100; includeSubDomains", 100, true);
     72  test_valid_header("max-AGE=100; iNcLuDeSuBdoMaInS", 100, true);
     73  test_valid_header("Max-Age = 100; includesubdomains ", 100, true);
     74  test_valid_header("INCLUDESUBDOMAINS;MaX-AgE = 100 ", 100, true);
     75  // Turns out, the actual directive is entirely optional (hence the
     76  // trailing semicolon)
     77  test_valid_header("max-age=100;includeSubdomains;", 100, true);
     78 
     79  // these are weird tests, but are testing that some extended syntax is
     80  // still allowed (but it is ignored)
     81  test_valid_header("max-age=100 ; includesubdomainsSomeStuff", 100, false);
     82  test_valid_header(
     83    "\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103" +
     84      "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
     85    34520103,
     86    true
     87  );
     88  test_valid_header('max-age=100; unrelated="quoted \\"thingy\\""', 100, false);
     89 
     90  // Test a max-age greater than 100 years. It will be capped at 100 years.
     91  test_valid_header("max-age=4294967296", 60 * 60 * 24 * 365 * 100, false);
     92 
     93  // SHOULD FAIL:
     94  // invalid max-ages
     95  test_invalid_header("max-age");
     96  test_invalid_header("max-age ");
     97  test_invalid_header("max-age=");
     98  test_invalid_header("max-age=p");
     99  test_invalid_header("max-age=*1p2");
    100  test_invalid_header("max-age=.20032");
    101  test_invalid_header("max-age=!20032");
    102  test_invalid_header("max-age==20032");
    103 
    104  // invalid headers
    105  test_invalid_header("foobar");
    106  test_invalid_header("maxage=100");
    107  test_invalid_header("maxa-ge=100");
    108  test_invalid_header("max-ag=100");
    109  test_invalid_header("includesubdomains");
    110  test_invalid_header("includesubdomains=");
    111  test_invalid_header("max-age=100; includesubdomains=");
    112  test_invalid_header(";");
    113  test_invalid_header('max-age="100');
    114  // The max-age directive here doesn't conform to the spec, so it MUST
    115  // be ignored. Consequently, the REQUIRED max-age directive is not
    116  // present in this header, and so it is invalid.
    117  test_invalid_header("max-age=100, max-age=200; includeSubdomains");
    118  test_invalid_header("max-age=100 includesubdomains");
    119  test_invalid_header("max-age=100 bar foo");
    120  test_invalid_header("max-age=100randomstuffhere");
    121  // All directives MUST appear only once in an STS header field.
    122  test_invalid_header("max-age=100; max-age=200");
    123  test_invalid_header("includeSubdomains; max-age=200; includeSubdomains");
    124  test_invalid_header("max-age=200; includeSubdomains; includeSubdomains");
    125  // The includeSubdomains directive is valueless.
    126  test_invalid_header("max-age=100; includeSubdomains=unexpected");
    127  // LWS must have at least one space or horizontal tab
    128  test_invalid_header("\r\nmax-age=200");
    129 }