From 5da3a81494a056e819de1b84fef6c7b7145d6871 Mon Sep 17 00:00:00 2001 From: David Keeler Date: Thu, 20 Jun 2013 13:12:23 -0700 Subject: [PATCH] bug 883582 - use only domains likely to stay on the HSTS preload list in the test r=bsmith --- .../tests/unit/test_sts_preloadlist_perwindowpb.js | 122 +++++++++++---------- .../unit/test_sts_preloadlist_selfdestruct.js | 8 +- 2 files changed, 67 insertions(+), 63 deletions(-) diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js index f34cedb537a6..53ffb39a9ade 100644 --- a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js @@ -1,3 +1,8 @@ +// This test attempts to use only domains that are likely to remain on the +// preload list for a long time. Currently this includes bugzilla.mozilla.org +// and login.persona.org because they are Mozilla properties and we are +// invested in HSTS. Additionally, www.torproject.org was deemed likely to +// continue to use HSTS. var gSTSService = Cc["@mozilla.org/stsservice;1"] .getService(Ci.nsIStrictTransportSecurityService); @@ -12,20 +17,28 @@ Observer.prototype = { var gObserver = new Observer(); -// This is a list of every host we call processStsHeader with -// (we have to remove any state added to the sts service so as to not muck -// with other tests). -var hosts = ["http://keyerror.com", "http://subdomain.intercom.io", - "http://subdomain.pixi.me", "http://bugzilla.mozilla.org", - "http://logentries.com"]; +// nsIStrictTransportSecurityService.removeStsState removes a given domain's +// HSTS status. This means that a domain on the preload list will be +// considered not HSTS if this is called. So, to reset everything to its +// original state, we have to reach into the permission manager and clear +// any HSTS-related state manually. +function clearStsState() { + var permissionManager = Cc["@mozilla.org/permissionmanager;1"] + .getService(Ci.nsIPermissionManager); + // This is a list of every host we call processStsHeader with + // (so we can remove any state added to the sts service) + var hosts = ["bugzilla.mozilla.org", "login.persona.org", + "subdomain.www.torproject.org", + "subdomain.bugzilla.mozilla.org" ]; + for (var host of hosts) { + permissionManager.remove(host, "sts/use"); + permissionManager.remove(host, "sts/subd"); + } +} function cleanup() { Services.obs.removeObserver(gObserver, "last-pb-context-exited"); - - for (var host of hosts) { - var uri = Services.io.newURI(host, null, null); - gSTSService.removeStsState(uri, 0); - } + clearStsState(); } function run_test() { @@ -46,82 +59,70 @@ function test_part1() { // check that an ancestor domain is not identified as an sts host do_check_false(gSTSService.isStsHost("com", 0)); - // Note: the following were taken from the STS preload list - // as of Sept. 2012. If the list changes, this test will need to be modified. // check that the pref to toggle using the preload list works Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false); - do_check_false(gSTSService.isStsHost("factor.cc", 0)); + do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0)); Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true); - do_check_true(gSTSService.isStsHost("factor.cc", 0)); - - // check that an entry at the beginning of the list is an sts host - do_check_true(gSTSService.isStsHost("arivo.com.br", 0)); + do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0)); // check that a subdomain is an sts host (includeSubdomains is set) - do_check_true(gSTSService.isStsHost("subdomain.arivo.com.br", 0)); + do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0)); // check that another subdomain is an sts host (includeSubdomains is set) - do_check_true(gSTSService.isStsHost("a.b.c.subdomain.arivo.com.br", 0)); - - // check that an entry in the middle of the list is an sts host - do_check_true(gSTSService.isStsHost("neg9.org", 0)); + do_check_true(gSTSService.isStsHost("a.b.c.def.bugzilla.mozilla.org", 0)); // check that a subdomain is not an sts host (includeSubdomains is not set) - do_check_false(gSTSService.isStsHost("subdomain.neg9.org", 0)); - - // check that an entry at the end of the list is an sts host - do_check_true(gSTSService.isStsHost("www.noisebridge.net", 0)); - - // check that a subdomain is not an sts host (includeSubdomains is not set) - do_check_false(gSTSService.isStsHost("a.subdomain.www.noisebridge.net", 0)); + do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0)); // check that a host with a dot on the end won't break anything do_check_false(gSTSService.isStsHost("notsts.nonexistent.mozilla.com.", 0)); // check that processing a header with max-age: 0 will remove a preloaded // site from the list - var uri = Services.io.newURI("http://keyerror.com", null, null); + var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null); gSTSService.processStsHeader(uri, "max-age=0", 0); - do_check_false(gSTSService.isStsHost("keyerror.com", 0)); - do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0)); + do_check_false(gSTSService.isStsHost("bugzilla.mozilla.org", 0)); + do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0)); // check that processing another header (with max-age non-zero) will // re-enable a site's sts status gSTSService.processStsHeader(uri, "max-age=1000", 0); - do_check_true(gSTSService.isStsHost("keyerror.com", 0)); + do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0)); // but this time include subdomains was not set, so test for that - do_check_false(gSTSService.isStsHost("subdomain.keyerror.com", 0)); + do_check_false(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0)); + clearStsState(); // check that processing a header with max-age: 0 from a subdomain of a site // will not remove that (ancestor) site from the list - var uri = Services.io.newURI("http://subdomain.intercom.io", null, null); + var uri = Services.io.newURI("http://subdomain.www.torproject.org", null, null); gSTSService.processStsHeader(uri, "max-age=0", 0); - do_check_true(gSTSService.isStsHost("intercom.io", 0)); - do_check_false(gSTSService.isStsHost("subdomain.intercom.io", 0)); + do_check_true(gSTSService.isStsHost("www.torproject.org", 0)); + do_check_false(gSTSService.isStsHost("subdomain.www.torproject.org", 0)); - var uri = Services.io.newURI("http://subdomain.pixi.me", null, null); + var uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org", null, null); gSTSService.processStsHeader(uri, "max-age=0", 0); // we received a header with "max-age=0", so we have "no information" - // regarding the sts state of subdomain.pixi.me specifically, but - // it is actually still an STS host, because of the preloaded pixi.me - // including subdomains. + // regarding the sts state of subdomain.bugzilla.mozilla.org specifically, + // but it is actually still an STS host, because of the preloaded + // bugzilla.mozilla.org including subdomains. // Here's a drawing: - // |-- pixi.me (in preload list, includes subdomains) IS sts host - // |-- subdomain.pixi.me IS sts host - // | `-- another.subdomain.pixi.me IS sts host - // `-- sibling.pixi.me IS sts host - do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0)); - do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0)); - do_check_true(gSTSService.isStsHost("another.subdomain.pixi.me", 0)); + // |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host + // |-- subdomain.bugzilla.mozilla.org IS sts host + // | `-- another.subdomain.bugzilla.mozilla.org IS sts host + // `-- sibling.bugzilla.mozilla.org IS sts host + do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", 0)); + do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0)); + do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0)); + do_check_true(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0)); gSTSService.processStsHeader(uri, "max-age=1000", 0); // Here's what we have now: - // |-- pixi.me (in preload list, includes subdomains) IS sts host - // |-- subdomain.pixi.me (include subdomains is false) IS sts host - // | `-- another.subdomain.pixi.me IS NOT sts host - // `-- sibling.pixi.me IS sts host - do_check_true(gSTSService.isStsHost("subdomain.pixi.me", 0)); - do_check_true(gSTSService.isStsHost("sibling.pixi.me", 0)); - do_check_false(gSTSService.isStsHost("another.subdomain.pixi.me", 0)); + // |-- bugzilla.mozilla.org (in preload list, includes subdomains) IS sts host + // |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host + // | `-- another.subdomain.bugzilla.mozilla.org IS NOT sts host + // `-- sibling.bugzilla.mozilla.org IS sts host + do_check_true(gSTSService.isStsHost("subdomain.bugzilla.mozilla.org", 0)); + do_check_true(gSTSService.isStsHost("sibling.bugzilla.mozilla.org", 0)); + do_check_false(gSTSService.isStsHost("another.subdomain.bugzilla.mozilla.org", 0)); // Simulate leaving private browsing mode Services.obs.notifyObservers(null, "last-pb-context-exited", null); @@ -130,6 +131,7 @@ function test_part1() { const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE; function test_private_browsing1() { + clearStsState(); // sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set do_check_true(gSTSService.isStsHost("bugzilla.mozilla.org", IS_PRIVATE)); do_check_true(gSTSService.isStsHost("a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE)); @@ -159,12 +161,12 @@ function test_private_browsing1() { // a site on the preload list, and that header later expires. We need to // then treat that host as no longer an sts host.) // (sanity check first - this should be in the preload list) - do_check_true(gSTSService.isStsHost("logentries.com", IS_PRIVATE)); - var uri = Services.io.newURI("http://logentries.com", null, null); + do_check_true(gSTSService.isStsHost("login.persona.org", IS_PRIVATE)); + var uri = Services.io.newURI("http://login.persona.org", null, null); // according to the rfc, max-age can't be negative, but this is a great // way to test an expired entry gSTSService.processStsHeader(uri, "max-age=-1000", IS_PRIVATE); - do_check_false(gSTSService.isStsHost("logentries.com", IS_PRIVATE)); + do_check_false(gSTSService.isStsHost("login.persona.org", IS_PRIVATE)); // Simulate leaving private browsing mode Services.obs.notifyObservers(null, "last-pb-context-exited", null); @@ -178,7 +180,7 @@ function test_private_browsing2() { // Now that we're out of private browsing mode, we need to make sure // we've "forgotten" that we "forgot" this site's sts status. - do_check_true(gSTSService.isStsHost("logentries.com", 0)); + do_check_true(gSTSService.isStsHost("login.persona.org", 0)); run_next_test(); } diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js index 121c4dc267b7..1c41087de274 100644 --- a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js @@ -1,19 +1,21 @@ +// This test uses bugzilla.mozilla.org given that it is likely to remain +// on the preload list for a long time. function run_test() { let STSService = Cc["@mozilla.org/stsservice;1"] .getService(Ci.nsIStrictTransportSecurityService); // check that a host on the preload list is identified as an sts host - do_check_true(STSService.isStsHost("alpha.irccloud.com", 0)); + do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0)); // now simulate that it's 19 weeks later than it actually is let offsetSeconds = 19 * 7 * 24 * 60 * 60; Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds); // check that the preloaded host is no longer considered sts - do_check_false(STSService.isStsHost("alpha.irccloud.com", 0)); + do_check_false(STSService.isStsHost("bugzilla.mozilla.org", 0)); // just make sure we can get everything back to normal Services.prefs.clearUserPref("test.currentTimeOffsetSeconds"); - do_check_true(STSService.isStsHost("alpha.irccloud.com", 0)); + do_check_true(STSService.isStsHost("bugzilla.mozilla.org", 0)); } -- 2.11.4.GIT