diff options
Diffstat (limited to 'tests/auto/network/access/hsts')
| -rw-r--r-- | tests/auto/network/access/hsts/CMakeLists.txt | 11 | ||||
| -rw-r--r-- | tests/auto/network/access/hsts/tst_qhsts.cpp | 91 |
2 files changed, 55 insertions, 47 deletions
diff --git a/tests/auto/network/access/hsts/CMakeLists.txt b/tests/auto/network/access/hsts/CMakeLists.txt index db9deb7623..821a034940 100644 --- a/tests/auto/network/access/hsts/CMakeLists.txt +++ b/tests/auto/network/access/hsts/CMakeLists.txt @@ -1,12 +1,16 @@ # Copyright (C) 2022 The Qt Company Ltd. -# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 - -# Generated from hsts.pro. +# SPDX-License-Identifier: BSD-3-Clause ##################################################################### ## tst_qhsts Test: ##################################################################### +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qhsts LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + qt_internal_add_test(tst_qhsts SOURCES tst_qhsts.cpp @@ -16,5 +20,4 @@ qt_internal_add_test(tst_qhsts Qt::NetworkPrivate ) -#### Keys ignored in scope 1:.:.:hsts.pro:<TRUE>: # TEMPLATE = "app" diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp index 252f5e8f57..4e9a5cc53f 100644 --- a/tests/auto/network/access/hsts/tst_qhsts.cpp +++ b/tests/auto/network/access/hsts/tst_qhsts.cpp @@ -1,5 +1,5 @@ // Copyright (C) 2016 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> @@ -9,6 +9,7 @@ #include <QtCore/qpair.h> #include <QtCore/qurl.h> +#include <QtNetwork/qhttpheaders.h> #include <QtNetwork/private/qhstsstore_p.h> #include <QtNetwork/private/qhsts_p.h> @@ -189,104 +190,108 @@ void tst_QHsts::testPolicyExpiration() void tst_QHsts::testSTSHeaderParser() { QHstsHeaderParser parser; - using Header = QPair<QByteArray, QByteArray>; - using Headers = QList<Header>; QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); - Headers list; - QVERIFY(!parser.parse(list)); + QHttpHeaders headers; + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); - list << Header("Strict-Transport-security", "200"); - QVERIFY(!parser.parse(list)); + headers.append("Strict-Transport-security", "200"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); // This header is missing REQUIRED max-age directive, so we'll ignore it: - list << Header("Strict-Transport-Security", "includeSubDomains"); - QVERIFY(!parser.parse(list)); + headers.append("Strict-Transport-Security", "includeSubDomains"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); - list.pop_back(); - list << Header("Strict-Transport-Security", "includeSubDomains;max-age=1000"); - QVERIFY(parser.parse(list)); + headers.removeAt(headers.size() - 1); + headers.append("Strict-Transport-Security", "includeSubDomains;max-age=1000"); + QVERIFY(parser.parse(headers)); QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); QVERIFY(parser.includeSubDomains()); - list.pop_back(); + headers.removeAt(headers.size() - 1); + headers.append("strict-transport-security", "includeSubDomains;max-age=1000"); + QVERIFY(parser.parse(headers)); + QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); + QVERIFY(parser.includeSubDomains()); + + headers.removeAt(headers.size() - 1); // Invalid (includeSubDomains twice): - list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains"); - QVERIFY(!parser.parse(list)); + headers.append("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); - list.pop_back(); + headers.removeAt(headers.size() - 1); // Invalid (weird number of seconds): - list << Header("Strict-Transport-Security", "max-age=-1000 ; includeSubDomains"); - QVERIFY(!parser.parse(list)); + headers.append("Strict-Transport-Security", "max-age=-1000 ; includeSubDomains"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); - list.pop_back(); + headers.removeAt(headers.size() - 1); // Note, directives are case-insensitive + we should ignore unknown directive. - list << Header("Strict-Transport-Security", ";max-age=1000 ;includesubdomains;;" + headers.append("Strict-Transport-Security", ";max-age=1000 ;includesubdomains;;" "nowsomeunknownheader=\"somevaluewithescapes\\;\""); - QVERIFY(parser.parse(list)); + QVERIFY(parser.parse(headers)); QVERIFY(parser.includeSubDomains()); QVERIFY(parser.expirationDate().isValid()); - list.pop_back(); + headers.removeAt(headers.size() - 1); // Check that we know how to unescape max-age: - list << Header("Strict-Transport-Security", "max-age=\"1000\""); - QVERIFY(parser.parse(list)); + headers.append("Strict-Transport-Security", "max-age=\"1000\""); + QVERIFY(parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(parser.expirationDate().isValid()); - list.pop_back(); + headers.removeAt(headers.size() - 1); // The only STS header, with invalid syntax though, to be ignored: - list << Header("Strict-Transport-Security", "max-age; max-age=15768000"); - QVERIFY(!parser.parse(list)); + headers.append("Strict-Transport-Security", "max-age; max-age=15768000"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); // Now we check that our parse chosses the first valid STS header and ignores // others: - list.clear(); - list << Header("Strict-Transport-Security", "includeSubdomains; max-age=\"hehehe\";"); - list << Header("Strict-Transport-Security", "max-age=10101"); - QVERIFY(parser.parse(list)); + headers.clear(); + headers.append("Strict-Transport-Security", "includeSubdomains; max-age=\"hehehe\";"); + headers.append("Strict-Transport-Security", "max-age=10101"); + QVERIFY(parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(parser.expirationDate().isValid()); - list.clear(); - list << Header("Strict-Transport-Security", "max-age=0"); - QVERIFY(parser.parse(list)); + headers.clear(); + headers.append("Strict-Transport-Security", "max-age=0"); + QVERIFY(parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(parser.expirationDate() <= QDateTime::currentDateTimeUtc()); // Parsing is case-insensitive: - list.pop_back(); - list << Header("Strict-Transport-Security", "Max-aGE=1000; InclUdesUbdomains"); - QVERIFY(parser.parse(list)); + headers.removeAt(headers.size() - 1); + headers.append("Strict-Transport-Security", "Max-aGE=1000; InclUdesUbdomains"); + QVERIFY(parser.parse(headers)); QVERIFY(parser.includeSubDomains()); QVERIFY(parser.expirationDate().isValid()); // Grammar of STS header is quite permissive, let's check we can parse // some weird but valid header: - list.pop_back(); - list << Header("Strict-Transport-Security", ";;; max-age = 17; ; ; ; ;;; ;;" + headers.removeAt(headers.size() - 1); + headers.append("Strict-Transport-Security", ";;; max-age = 17; ; ; ; ;;; ;;" ";;; ; includeSubdomains ;;thisIsUnknownDirective;;;;"); - QVERIFY(parser.parse(list)); + QVERIFY(parser.parse(headers)); QVERIFY(parser.includeSubDomains()); QVERIFY(parser.expirationDate().isValid()); - list.pop_back(); - list << Header("Strict-Transport-Security", "max-age=1000; includeSubDomains bogon"); - QVERIFY(!parser.parse(list)); + headers.removeAt(headers.size() - 1); + headers.append("Strict-Transport-Security", "max-age=1000; includeSubDomains bogon"); + QVERIFY(!parser.parse(headers)); QVERIFY(!parser.includeSubDomains()); QVERIFY(!parser.expirationDate().isValid()); } |