diff options
Diffstat (limited to 'components/net')
| -rw-r--r-- | components/net/Cargo.toml | 2 | ||||
| -rw-r--r-- | components/net/fetch/methods.rs | 29 | ||||
| -rw-r--r-- | components/net/hsts.rs | 106 | ||||
| -rw-r--r-- | components/net/resource_thread.rs | 19 | ||||
| -rw-r--r-- | components/net/tests/hsts.rs | 161 |
5 files changed, 142 insertions, 175 deletions
diff --git a/components/net/Cargo.toml b/components/net/Cargo.toml index 9af310f32bc..1945165b8c1 100644 --- a/components/net/Cargo.toml +++ b/components/net/Cargo.toml @@ -29,6 +29,7 @@ crossbeam-channel = { workspace = true } data-url = { workspace = true } devtools_traits = { workspace = true } embedder_traits = { workspace = true } +fst = "0.4" futures = { version = "0.3", package = "futures" } futures-core = { version = "0.3.30", default-features = false } futures-util = { version = "0.3.30", default-features = false } @@ -77,6 +78,7 @@ webrender_api = { workspace = true } [dev-dependencies] embedder_traits = { workspace = true, features = ["baked-default-resources"] } flate2 = "1" +fst = "0.4" futures = { version = "0.3", features = ["compat"] } hyper = { workspace = true, features = ["full"] } hyper-util = { workspace = true, features = ["server-graceful"] } diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 65c173fce3b..33d0da952fb 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -18,6 +18,7 @@ use http::{HeaderValue, Method, StatusCode}; use ipc_channel::ipc; use log::{debug, trace, warn}; use mime::{self, Mime}; +use net_traits::fetch::headers::extract_mime_type_as_mime; use net_traits::filemanager_thread::{FileTokenCheck, RelativePos}; use net_traits::http_status::HttpStatus; use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer}; @@ -886,7 +887,7 @@ pub fn should_be_blocked_due_to_nosniff( // Step 2 // Note: an invalid MIME type will produce a `None`. - let content_type_header = response_headers.typed_get::<ContentType>(); + let mime_type = extract_mime_type_as_mime(response_headers); /// <https://html.spec.whatwg.org/multipage/#scriptingLanguages> #[inline] @@ -915,16 +916,12 @@ pub fn should_be_blocked_due_to_nosniff( .any(|mime| mime.type_() == mime_type.type_() && mime.subtype() == mime_type.subtype()) } - match content_type_header { + match mime_type { // Step 4 - Some(ref ct) if destination.is_script_like() => { - !is_javascript_mime_type(&ct.clone().into()) - }, - + Some(ref mime_type) if destination.is_script_like() => !is_javascript_mime_type(mime_type), // Step 5 - Some(ref ct) if destination == Destination::Style => { - let m: mime::Mime = ct.clone().into(); - m.type_() != mime::TEXT && m.subtype() != mime::CSS + Some(ref mime_type) if destination == Destination::Style => { + mime_type.type_() != mime::TEXT && mime_type.subtype() != mime::CSS }, None if destination == Destination::Style || destination.is_script_like() => true, @@ -938,18 +935,22 @@ fn should_be_blocked_due_to_mime_type( destination: Destination, response_headers: &HeaderMap, ) -> bool { - // Step 1 - let mime_type: mime::Mime = match response_headers.typed_get::<ContentType>() { - Some(header) => header.into(), + // Step 1: Let mimeType be the result of extracting a MIME type from response’s header list. + let mime_type: mime::Mime = match extract_mime_type_as_mime(response_headers) { + Some(mime_type) => mime_type, + // Step 2: If mimeType is failure, then return allowed. None => return false, }; - // Step 2-3 + // Step 3: Let destination be request’s destination. + // Step 4: If destination is script-like and one of the following is true, then return blocked: + // - mimeType’s essence starts with "audio/", "image/", or "video/". + // - mimeType’s essence is "text/csv". + // Step 5: Return allowed. destination.is_script_like() && match mime_type.type_() { mime::AUDIO | mime::VIDEO | mime::IMAGE => true, mime::TEXT if mime_type.subtype() == mime::CSV => true, - // Step 4 _ => false, } } diff --git a/components/net/hsts.rs b/components/net/hsts.rs index be955980d2b..c50f3304142 100644 --- a/components/net/hsts.rs +++ b/components/net/hsts.rs @@ -9,9 +9,11 @@ use std::sync::LazyLock; use std::time::Duration; use embedder_traits::resources::{self, Resource}; +use fst::{Map, MapBuilder}; use headers::{HeaderMapExt, StrictTransportSecurity}; use http::HeaderMap; use log::{debug, error, info}; +use malloc_size_of::{MallocSizeOf, MallocSizeOfOps}; use malloc_size_of_derive::MallocSizeOf; use net_traits::IncludeSubdomains; use net_traits::pub_domains::reg_suffix; @@ -85,99 +87,67 @@ pub struct HstsList { /// it is split out to allow sharing between the private and public http state /// as well as potentially swpaping out the underlying type to something immutable /// and more efficient like FSTs or DAFSA/DAWGs. -#[derive(Clone, Debug, Default, Deserialize, MallocSizeOf, Serialize)] -pub struct HstsPreloadList { - pub entries_map: HashMap<String, Vec<HstsEntry>>, +/// To generate a new version of the FST map file run `./mach update-hsts-preload` +#[derive(Clone, Debug)] +pub struct HstsPreloadList(pub fst::Map<Vec<u8>>); + +impl MallocSizeOf for HstsPreloadList { + #[allow(unsafe_code)] + fn size_of(&self, ops: &mut malloc_size_of::MallocSizeOfOps) -> usize { + unsafe { ops.malloc_size_of(self.0.as_fst().as_inner().as_ptr()) } + } } -pub static PRELOAD_LIST_ENTRIES: LazyLock<HstsPreloadList> = +static PRELOAD_LIST_ENTRIES: LazyLock<HstsPreloadList> = LazyLock::new(HstsPreloadList::from_servo_preload); +pub fn hsts_preload_size_of(ops: &mut MallocSizeOfOps) -> usize { + PRELOAD_LIST_ENTRIES.size_of(ops) +} + impl HstsPreloadList { /// Create an `HstsList` from the bytes of a JSON preload file. - pub fn from_preload(preload_content: &str) -> Option<HstsPreloadList> { - #[derive(Deserialize)] - struct HstsEntries { - entries: Vec<HstsEntry>, - } - - let hsts_entries: Option<HstsEntries> = serde_json::from_str(preload_content).ok(); - - hsts_entries.map(|hsts_entries| { - let mut hsts_list: HstsPreloadList = HstsPreloadList::default(); - - for hsts_entry in hsts_entries.entries { - hsts_list.push(hsts_entry); - } - - hsts_list - }) + pub fn from_preload(preload_content: Vec<u8>) -> Option<HstsPreloadList> { + Map::new(preload_content).map(HstsPreloadList).ok() } pub fn from_servo_preload() -> HstsPreloadList { debug!("Intializing HSTS Preload list"); - let list = resources::read_string(Resource::HstsPreloadList); - HstsPreloadList::from_preload(&list).unwrap_or_else(|| { + let map_bytes = resources::read_bytes(Resource::HstsPreloadList); + HstsPreloadList::from_preload(map_bytes).unwrap_or_else(|| { error!("HSTS preload file is invalid. Setting HSTS list to default values"); - HstsPreloadList { - entries_map: Default::default(), - } + HstsPreloadList(MapBuilder::memory().into_map()) }) } pub fn is_host_secure(&self, host: &str) -> bool { let base_domain = reg_suffix(host); - self.entries_map.get(base_domain).is_some_and(|entries| { - // No need to check for expiration in the preload list - entries.iter().any(|e| { - if e.include_subdomains { - e.matches_subdomain(host) || e.matches_domain(host) - } else { - e.matches_domain(host) - } - }) - }) - } + let parts = host[..host.len() - base_domain.len()].rsplit_terminator('.'); + let mut domain_to_test = base_domain.to_owned(); - pub fn has_domain(&self, host: &str, base_domain: &str) -> bool { - self.entries_map - .get(base_domain) - .is_some_and(|entries| entries.iter().any(|e| e.matches_domain(host))) - } - - pub fn has_subdomain(&self, host: &str, base_domain: &str) -> bool { - self.entries_map.get(base_domain).is_some_and(|entries| { - entries - .iter() - .any(|e| e.include_subdomains && e.matches_subdomain(host)) - }) - } - - pub fn push(&mut self, entry: HstsEntry) { - let host = entry.host.clone(); - let base_domain = reg_suffix(&host); - let have_domain = self.has_domain(&entry.host, base_domain); - let have_subdomain = self.has_subdomain(&entry.host, base_domain); + if self.0.get(&domain_to_test).is_some_and(|id| { + // The FST map ids were constructed such that the parity represents the includeSubdomain flag + id % 2 == 1 || domain_to_test == host + }) { + return true; + } - let entries = self.entries_map.entry(base_domain.to_owned()).or_default(); - if !have_domain && !have_subdomain { - entries.push(entry); - } else if !have_subdomain { - for e in entries { - if e.matches_domain(&entry.host) { - e.include_subdomains = entry.include_subdomains; - // TODO(sebsebmc): We could shrink the the HSTS preload memory use further by using a type - // that doesn't store an expiry since all preload entries should be "forever" - e.expires_at = entry.expires_at; - } + // Check all further subdomains up to the passed host + for part in parts { + domain_to_test = format!("{}.{}", part, domain_to_test); + if self.0.get(&domain_to_test).is_some_and(|id| { + // The FST map ids were constructed such that the parity represents the includeSubdomain flag + id % 2 == 1 || domain_to_test == host + }) { + return true; } } + false } } impl HstsList { pub fn is_host_secure(&self, host: &str) -> bool { - debug!("HSTS: is {host} secure?"); if PRELOAD_LIST_ENTRIES.is_host_secure(host) { info!("{host} is in the preload list"); return true; diff --git a/components/net/resource_thread.rs b/components/net/resource_thread.rs index 4077256d6ca..8e9cc8236f3 100644 --- a/components/net/resource_thread.rs +++ b/components/net/resource_thread.rs @@ -21,9 +21,9 @@ use embedder_traits::EmbedderProxy; use hyper_serde::Serde; use ipc_channel::ipc::{self, IpcReceiver, IpcReceiverSet, IpcSender}; use log::{debug, trace, warn}; -use malloc_size_of::MallocSizeOf; use net_traits::blob_url_store::parse_blob_url; use net_traits::filemanager_thread::FileTokenCheck; +use net_traits::pub_domains::public_suffix_list_size_of; use net_traits::request::{Destination, RequestBuilder, RequestId}; use net_traits::response::{Response, ResponseInit}; use net_traits::storage_thread::StorageThreadMsg; @@ -287,11 +287,18 @@ impl ResourceChannelManager { perform_memory_report(|ops| { let mut reports = public_http_state.memory_reports("public", ops); reports.extend(private_http_state.memory_reports("private", ops)); - reports.push(Report { - path: path!["hsts-preload-list"], - kind: ReportKind::ExplicitJemallocHeapSize, - size: hsts::PRELOAD_LIST_ENTRIES.size_of(ops), - }); + reports.extend(vec![ + Report { + path: path!["hsts-preload-list"], + kind: ReportKind::ExplicitJemallocHeapSize, + size: hsts::hsts_preload_size_of(ops), + }, + Report { + path: path!["public-suffix-list"], + kind: ReportKind::ExplicitJemallocHeapSize, + size: public_suffix_list_size_of(ops), + }, + ]); msg.send(ProcessReports::new(reports)); }) } diff --git a/components/net/tests/hsts.rs b/components/net/tests/hsts.rs index e1e754beb3c..3598b232111 100644 --- a/components/net/tests/hsts.rs +++ b/components/net/tests/hsts.rs @@ -6,13 +6,14 @@ use std::collections::HashMap; use std::num::NonZeroU64; use std::time::Duration as StdDuration; +use base64::Engine; use net::hsts::{HstsEntry, HstsList, HstsPreloadList}; use net_traits::IncludeSubdomains; #[test] fn test_hsts_entry_is_not_expired_when_it_has_no_expires_at() { let entry = HstsEntry { - host: "mozilla.org".to_owned(), + host: "example.com".to_owned(), include_subdomains: false, expires_at: None, }; @@ -23,7 +24,7 @@ fn test_hsts_entry_is_not_expired_when_it_has_no_expires_at() { #[test] fn test_hsts_entry_is_expired_when_it_has_reached_its_max_age() { let entry = HstsEntry { - host: "mozilla.org".to_owned(), + host: "example.com".to_owned(), include_subdomains: false, expires_at: Some(NonZeroU64::new(1).unwrap()), }; @@ -59,7 +60,7 @@ fn test_base_domain_in_entries_map() { list.push( HstsEntry::new( - "servo.mozilla.org".to_owned(), + "servo.example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -67,7 +68,7 @@ fn test_base_domain_in_entries_map() { ); list.push( HstsEntry::new( - "firefox.mozilla.org".to_owned(), + "firefox.example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -75,7 +76,7 @@ fn test_base_domain_in_entries_map() { ); list.push( HstsEntry::new( - "bugzilla.org".to_owned(), + "example.org".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -83,17 +84,17 @@ fn test_base_domain_in_entries_map() { ); assert_eq!(list.entries_map.len(), 2); - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 2); + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 2); } #[test] fn test_push_entry_with_0_max_age_is_not_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, Some(StdDuration::from_secs(500000)), ) @@ -106,23 +107,23 @@ fn test_push_entry_with_0_max_age_is_not_secure() { list.push( HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, Some(StdDuration::ZERO), ) .unwrap(), ); - assert_eq!(list.is_host_secure("mozilla.org"), false) + assert_eq!(list.is_host_secure("example.com"), false) } fn test_push_entry_with_0_max_age_evicts_entry_from_list() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, Some(StdDuration::from_secs(500000)), ) @@ -133,25 +134,25 @@ fn test_push_entry_with_0_max_age_evicts_entry_from_list() { entries_map: entries_map, }; - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 1); + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 1); list.push( HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, Some(StdDuration::ZERO), ) .unwrap(), ); - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 0); + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 0); } #[test] fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_already_matched() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), - vec![HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()], + "example.com".to_owned(), + vec![HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()], ); let mut list = HstsList { entries_map: entries_map, @@ -159,24 +160,24 @@ fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_a list.push( HstsEntry::new( - "servo.mozilla.org".to_owned(), + "servo.example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) .unwrap(), ); - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 1) + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 1) } #[test] fn test_push_entry_to_hsts_list_should_add_subdomains_whose_superdomain_doesnt_include() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -189,49 +190,49 @@ fn test_push_entry_to_hsts_list_should_add_subdomains_whose_superdomain_doesnt_i list.push( HstsEntry::new( - "servo.mozilla.org".to_owned(), + "servo.example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) .unwrap(), ); - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 2) + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 2) } #[test] fn test_push_entry_to_hsts_list_should_update_existing_domain_entrys_include_subdomains() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), - vec![HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()], + "example.com".to_owned(), + vec![HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()], ); let mut list = HstsList { entries_map: entries_map, }; - assert!(list.is_host_secure("servo.mozilla.org")); + assert!(list.is_host_secure("servo.example.com")); list.push( HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) .unwrap(), ); - assert!(!list.is_host_secure("servo.mozilla.org")) + assert!(!list.is_host_secure("servo.example.com")) } #[test] fn test_push_entry_to_hsts_list_should_not_create_duplicate_entry() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -244,14 +245,14 @@ fn test_push_entry_to_hsts_list_should_not_create_duplicate_entry() { list.push( HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) .unwrap(), ); - assert_eq!(list.entries_map.get("mozilla.org").unwrap().len(), 1) + assert_eq!(list.entries_map.get("example.com").unwrap().len(), 1) } #[test] @@ -260,16 +261,14 @@ fn test_push_multiple_entrie_to_hsts_list_should_add_them_all() { entries_map: HashMap::new(), }; - assert!(!list.is_host_secure("mozilla.org")); - assert!(!list.is_host_secure("bugzilla.org")); + assert!(!list.is_host_secure("example.com")); + assert!(!list.is_host_secure("example.org")); - list.push(HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()); - list.push( - HstsEntry::new("bugzilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap(), - ); + list.push(HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()); + list.push(HstsEntry::new("example.org".to_owned(), IncludeSubdomains::Included, None).unwrap()); - assert!(list.is_host_secure("mozilla.org")); - assert!(list.is_host_secure("bugzilla.org")); + assert!(list.is_host_secure("example.com")); + assert!(list.is_host_secure("example.org")); } #[test] @@ -278,25 +277,16 @@ fn test_push_entry_to_hsts_list_should_add_an_entry() { entries_map: HashMap::new(), }; - assert!(!list.is_host_secure("mozilla.org")); + assert!(!list.is_host_secure("example.com")); - list.push(HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()); + list.push(HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()); - assert!(list.is_host_secure("mozilla.org")); + assert!(list.is_host_secure("example.com")); } #[test] fn test_parse_hsts_preload_should_return_none_when_json_invalid() { - let mock_preload_content = "derp"; - assert!( - HstsPreloadList::from_preload(mock_preload_content).is_none(), - "invalid preload list should not have parsed" - ) -} - -#[test] -fn test_parse_hsts_preload_should_return_none_when_json_contains_no_entries_map_key() { - let mock_preload_content = "{\"nothing\": \"to see here\"}"; + let mock_preload_content = "derp".as_bytes().to_vec(); assert!( HstsPreloadList::from_preload(mock_preload_content).is_none(), "invalid preload list should not have parsed" @@ -305,20 +295,17 @@ fn test_parse_hsts_preload_should_return_none_when_json_contains_no_entries_map_ #[test] fn test_parse_hsts_preload_should_decode_host_and_includes_subdomains() { - let mock_preload_content = "{\ - \"entries\": [\ - {\"host\": \"mozilla.org\",\ - \"include_subdomains\": false}\ - ]\ - }"; - let hsts_list = HstsPreloadList::from_preload(mock_preload_content); - let entries_map = hsts_list.unwrap().entries_map; - - assert_eq!( - entries_map.get("mozilla.org").unwrap()[0].host, - "mozilla.org" - ); - assert!(!entries_map.get("mozilla.org").unwrap()[0].include_subdomains); + // Generated with `fst map --sorted` on a csv of "example.com,0\nexample.org,3" + let mock_preload_content = base64::engine::general_purpose::STANDARD + .decode("AwAAAAAAAAAAAAAAAAAAAAAQkMQAEJfHAwABBW9jEQLNws/J0MXqwgIAAAAAAAAAJwAAAAAAAADVOFe6") + .unwrap(); + let hsts_list = HstsPreloadList::from_preload(mock_preload_content).unwrap(); + + assert_eq!(hsts_list.is_host_secure("derp"), false); + assert_eq!(hsts_list.is_host_secure("example.com"), true); + assert_eq!(hsts_list.is_host_secure("servo.example.com"), false); + assert_eq!(hsts_list.is_host_secure("example.org"), true); + assert_eq!(hsts_list.is_host_secure("servo.example.org"), true); } #[test] @@ -327,17 +314,17 @@ fn test_hsts_list_with_no_entries_map_does_not_is_host_secure() { entries_map: HashMap::new(), }; - assert!(!hsts_list.is_host_secure("mozilla.org")); + assert!(!hsts_list.is_host_secure("example.com")); } #[test] fn test_hsts_list_with_exact_domain_entry_is_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -349,31 +336,31 @@ fn test_hsts_list_with_exact_domain_entry_is_is_host_secure() { entries_map: entries_map, }; - assert!(hsts_list.is_host_secure("mozilla.org")); + assert!(hsts_list.is_host_secure("example.com")); } #[test] fn test_hsts_list_with_subdomain_when_include_subdomains_is_true_is_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), - vec![HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()], + "example.com".to_owned(), + vec![HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()], ); let hsts_list = HstsList { entries_map: entries_map, }; - assert!(hsts_list.is_host_secure("servo.mozilla.org")); + assert!(hsts_list.is_host_secure("servo.example.com")); } #[test] fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![ HstsEntry::new( - "mozilla.org".to_owned(), + "example.com".to_owned(), IncludeSubdomains::NotIncluded, None, ) @@ -384,44 +371,44 @@ fn test_hsts_list_with_subdomain_when_include_subdomains_is_false_is_not_is_host entries_map: entries_map, }; - assert!(!hsts_list.is_host_secure("servo.mozilla.org")); + assert!(!hsts_list.is_host_secure("servo.example.com")); } #[test] fn test_hsts_list_with_subdomain_when_host_is_not_a_subdomain_is_not_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), - vec![HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()], + "example.com".to_owned(), + vec![HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()], ); let hsts_list = HstsList { entries_map: entries_map, }; - assert!(!hsts_list.is_host_secure("servo-mozilla.org")); + assert!(!hsts_list.is_host_secure("servo-example.com")); } #[test] fn test_hsts_list_with_subdomain_when_host_is_exact_match_is_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), - vec![HstsEntry::new("mozilla.org".to_owned(), IncludeSubdomains::Included, None).unwrap()], + "example.com".to_owned(), + vec![HstsEntry::new("example.com".to_owned(), IncludeSubdomains::Included, None).unwrap()], ); let hsts_list = HstsList { entries_map: entries_map, }; - assert!(hsts_list.is_host_secure("mozilla.org")); + assert!(hsts_list.is_host_secure("example.com")); } #[test] fn test_hsts_list_with_expired_entry_is_not_is_host_secure() { let mut entries_map = HashMap::new(); entries_map.insert( - "mozilla.org".to_owned(), + "example.com".to_owned(), vec![HstsEntry { - host: "mozilla.org".to_owned(), + host: "example.com".to_owned(), include_subdomains: false, expires_at: Some(NonZeroU64::new(1).unwrap()), }], @@ -430,11 +417,11 @@ fn test_hsts_list_with_expired_entry_is_not_is_host_secure() { entries_map: entries_map, }; - assert!(!hsts_list.is_host_secure("mozilla.org")); + assert!(!hsts_list.is_host_secure("example.com")); } #[test] fn test_preload_hsts_domains_well_formed() { let hsts_list = HstsPreloadList::from_servo_preload(); - assert!(!hsts_list.entries_map.is_empty()); + assert_ne!(hsts_list.0.len(), 0); } |