[libsoup/hsts: 97/101] Add a test to ensure that subdomain policies don't modify superdomain's



commit 73068525a0c432dcda95b7e3277264850209cf7a
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Wed Sep 19 16:47:52 2018 +0300

    Add a test to ensure that subdomain policies don't modify superdomain's

 tests/hsts-test.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
---
diff --git a/tests/hsts-test.c b/tests/hsts-test.c
index c42f2de9..a5ad3f58 100644
--- a/tests/hsts-test.c
+++ b/tests/hsts-test.c
@@ -287,6 +287,28 @@ do_hsts_subdomains_test (void)
        soup_test_session_abort_unref (session);
 }
 
+static void
+do_hsts_superdomain_test (void)
+{
+       SoupHSTSEnforcer *enforcer = soup_hsts_enforcer_new ();
+       SoupHSTSPolicy *policy;
+
+       SoupSession *session = hsts_session_new (enforcer);
+       /* This adds a long-lasting policy for localhost. */
+       session_get_uri (session, "https://localhost/long-lasting";, SOUP_STATUS_OK);
+
+       /* We want to set a policy with age = 0 for a subdomain, to test that the
+          superdomain's policy is not removed. We cannot test this with a
+          server, so we just create one by hand and add it to the enforcer. */
+       policy = soup_hsts_policy_new ("subdomain.localhost", 0, TRUE);
+       soup_hsts_enforcer_set_policy (enforcer, policy);
+       soup_hsts_policy_free (policy);
+
+       /* This should work, as we have a long-lasting policy in place. If it fails,
+          the subdomain policy has modified the superdomain's policy, which is wrong. */
+       session_get_uri (session, "http://localhost";, SOUP_STATUS_OK);
+}
+
 static void
 do_hsts_multiple_headers_test (void)
 {
@@ -439,6 +461,7 @@ main (int argc, char **argv)
        g_test_add_func ("/hsts/no_hsts_header", do_hsts_no_hsts_header_test);
        g_test_add_func ("/hsts/persistency", do_hsts_persistency_test);
        g_test_add_func ("/hsts/subdomains", do_hsts_subdomains_test);
+       g_test_add_func ("/hsts/superdomain", do_hsts_superdomain_test);
        g_test_add_func ("/hsts/multiple-headers", do_hsts_multiple_headers_test);
        g_test_add_func ("/hsts/insecure-sts", do_hsts_insecure_sts_test);
        g_test_add_func ("/hsts/missing-values", do_hsts_missing_values_test);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]