1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
describe("hsts module", function()
local http_hsts = require "http.hsts"
it("doesn't store ip addresses", function()
local s = http_hsts.new_store()
assert.falsy(s:store("127.0.0.1", {
["max-age"] = "100";
}))
assert.falsy(s:check("127.0.0.1"))
end)
it("can be cloned", function()
local s = http_hsts.new_store()
do
local clone = s:clone()
local old_heap = s.expiry_heap
s.expiry_heap = nil
clone.expiry_heap = nil
assert.same(s, clone)
s.expiry_heap = old_heap
end
assert.truthy(s:store("foo.example.com", {
["max-age"] = "100";
}))
do
local clone = s:clone()
local old_heap = s.expiry_heap
s.expiry_heap = nil
clone.expiry_heap = nil
assert.same(s, clone)
s.expiry_heap = old_heap
end
local clone = s:clone()
assert.truthy(s:check("foo.example.com"))
assert.truthy(clone:check("foo.example.com"))
end)
it("rejects :store() when max-age directive is missing", function()
local s = http_hsts.new_store()
assert.falsy(s:store("foo.example.com", {}))
assert.falsy(s:check("foo.example.com"))
end)
it("rejects :store() when max-age directive is invalid", function()
local s = http_hsts.new_store()
assert.falsy(s:store("foo.example.com", {
["max-age"] = "-1";
}))
assert.falsy(s:check("foo.example.com"))
end)
it("erases on max-age == 0", function()
local s = http_hsts.new_store()
assert.truthy(s:store("foo.example.com", {
["max-age"] = "100";
}))
assert.truthy(s:check("foo.example.com"))
assert.truthy(s:store("foo.example.com", {
["max-age"] = "0";
}))
assert.falsy(s:check("foo.example.com"))
end)
it("respects includeSubdomains", function()
local s = http_hsts.new_store()
assert(s:store("foo.example.com", {
["max-age"] = "100";
includeSubdomains = true;
}))
assert.truthy(s:check("foo.example.com"))
assert.truthy(s:check("qaz.bar.foo.example.com"))
assert.falsy(s:check("example.com"))
assert.falsy(s:check("other.com"))
end)
it("removes expired entries on :clean()", function()
local s = http_hsts.new_store()
assert(s:store("foo.example.com", {
["max-age"] = "100";
}))
assert(s:store("other.com", {
["max-age"] = "200";
}))
assert(s:store("keep.me", {
["max-age"] = "100000";
}))
-- Set clock forward
local now = s.time()
s.time = function() return now+1000 end
assert.truthy(s:clean())
assert.falsy(s:check("qaz.bar.foo.example.com"))
assert.falsy(s:check("foo.example.com"))
assert.falsy(s:check("example.com"))
assert.truthy(s:check("keep.me"))
end)
it("cleans out expired entries automatically", function()
local s = http_hsts.new_store()
assert(s:store("foo.example.com", {
["max-age"] = "100";
}))
assert(s:store("other.com", {
["max-age"] = "200";
}))
assert(s:store("keep.me", {
["max-age"] = "100000";
}))
-- Set clock forward
local now = s.time()
s.time = function() return now+1000 end
assert.falsy(s:check("qaz.bar.foo.example.com"))
-- Set clock back to current; everything should have been cleaned out already.
s.time = function() return now end
assert.falsy(s:check("foo.example.com"))
assert.falsy(s:check("example.com"))
assert.truthy(s:check("keep.me"))
end)
it("enforces .max_items", function()
local s = http_hsts.new_store()
s.max_items = 0
assert.falsy(s:store("example.com", {
["max-age"] = "100";
}))
s.max_items = 1
assert.truthy(s:store("example.com", {
["max-age"] = "100";
}))
assert.falsy(s:store("other.com", {
["max-age"] = "100";
}))
s:remove("example.com", "/", "foo")
assert.truthy(s:store("other.com", {
["max-age"] = "100";
}))
end)
end)
|
