Bug 1350868 - Make HSTS preload script preload test domains for use in tests. r=keeler, a=jcristau
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 29 Mar 2017 07:21:01 +0800
changeset 395638 18015fe9a21fa50c437953325fda6787ce2f1994
parent 395637 d6eb36ce4c8ed3d18af6bd53d5eac93cac25524d
child 395639 f82da404520a3a60a58b8f7f2df5db9edd96bebb
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, jcristau
bugs1350868
milestone54.0a2
Bug 1350868 - Make HSTS preload script preload test domains for use in tests. r=keeler, a=jcristau This lets us migrate off depending on real preloaded domains and onto domains that are guaranteed to have the correct characteristics. MozReview-Commit-ID: 4TyOfdIA9I7
security/manager/tools/getHSTSPreloadList.js
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -434,34 +434,65 @@ function combineLists(newHosts, currentH
       }
     }
     if (!found) {
       newHosts.push({ name: currentHost, retries: MAX_RETRIES });
     }
   }
 }
 
+const TEST_ENTRIES = [
+  { name: "includesubdomains.preloaded.test", includeSubdomains: true },
+  { name: "includesubdomains2.preloaded.test", includeSubdomains: true },
+  { name: "noincludesubdomains.preloaded.test", includeSubdomains: false },
+];
+
+function deleteTestHosts(currentHosts) {
+  for (let testEntry of TEST_ENTRIES) {
+    delete currentHosts[testEntry.name];
+  }
+}
+
+function insertTestHosts(hstsStatuses) {
+  for (let testEntry of TEST_ENTRIES) {
+    hstsStatuses.push({
+      name: testEntry.name,
+      maxAge: MINIMUM_REQUIRED_MAX_AGE,
+      includeSubdomains: testEntry.includeSubdomains,
+      error: ERROR_NONE,
+      // This deliberately doesn't have a value for `retries` (because we should
+      // never attempt to connect to this host).
+      forceInclude: true,
+      originalIncludeSubdomains: testEntry.includeSubdomains,
+    });
+  }
+}
+
 // ****************************************************************************
 // This is where the action happens:
 if (arguments.length != 1) {
   throw new Error("Usage: getHSTSPreloadList.js " +
                   "<absolute path to current nsSTSPreloadList.inc>");
 }
 // get the current preload list
 var currentHosts = readCurrentList(arguments[0]);
+// delete any hosts we use in tests so we don't actually connect to them
+deleteTestHosts(currentHosts);
 // disable the current preload list so it won't interfere with requests we make
 Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
 // download and parse the raw json file from the Chromium source
 var rawdata = download();
 // get just the hosts with mode: "force-https"
 var hosts = getHosts(rawdata);
 // add hosts in the current list to the new list (avoiding duplicates)
 combineLists(hosts, currentHosts);
 // get the HSTS status of each host
 var hstsStatuses = [];
 getHSTSStatuses(hosts, hstsStatuses);
+// add the hosts we use in tests
+insertTestHosts(hstsStatuses);
 // sort the hosts alphabetically
 hstsStatuses.sort(compareHSTSStatus);
 // write the results to a file (this is where we filter out hosts that we
 // either couldn't connect to, didn't receive an HSTS header from, couldn't
 // parse the header, or had a header with too short a max-age)
 output(hstsStatuses, currentHosts);
 // ****************************************************************************