[PATCH] tests: 780 - 783, new HSTS tests

test780: verify updated HSTS data in response header

test781: HSTS update expiry, with parent includeSubDomains domain
present

test782: HSTS update expiry, with two includeSubDomains domains present

test783: HSTS update expiry, removing includesubdomains in update

Backported by: Aquila Macedo Costa <aquilamacedo@riseup.net>.

Changes:
- Adjust `tests/data/Makefile.inc` to include new HSTS tests (780 - 783).
- Updates 'Debug' to 'debug' in test data files (`test780`, `test781`,
  `test782`, `test783`) to align with curl conventions in bookworm and
  ensure consistency in feature definitions.
- Additionally, `%LOGDIR` is replaced with log in the test files due to
  its absence in curl bookworm.

Gbp-Pq: Name CVE-2024-9681-1.patch

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 85b2e8cd68804333076f7f3ea03d7a07f2ba4e41..379e6e0f221a81adf8da107d05cac3155e7062fe 100644 (file)
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -102,6 +102,8 @@ test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 test716 test717 \
 test718 test719 test720 test721 test728\
 \
+test780 test781 test782 test783 \
+\
 test800 test801 test802 test803 test804 test805 test806 test807 test808 \
 test809 test810 test811 test812 test813 test814 test815 test816 test817 \
 test818 test819 test820 test821 test822 test823 test824 test825 test826 \

diff --git a/tests/data/test780 b/tests/data/test780
new file mode 100644 (file)
index 0000000..7bd362a
--- /dev/null
+++ b/tests/data/test780
@@ -0,0 +1,81 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HSTS
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+</connect>
+
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000
+
+</data>
+</reply>
+
+<client>
+<server>
+http
+http-proxy
+https
+</server>
+<features>
+HSTS
+proxy
+https
+debug
+</features>
+
+<setenv>
+CURL_HSTS_HTTP=yes
+CURL_TIME=1728465947
+</setenv>
+
+<file name="log/input%TESTNUMBER">
+this.hsts.example "99991001 04:47:41"
+</file>
+
+<name>
+HSTS with updated expiry in response
+</name>
+<command>
+-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k
+</command>
+</client>
+
+<verify>
+
+<stdout>
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000
+
+</stdout>
+
+<file name="log/input%TESTNUMBER" mode="text">
+# Your HSTS cache. https://curl.se/docs/hsts.html
+# This file was generated by libcurl! Edit at your own risk.
+this.hsts.example "20241009 09:42:27"
+</file>
+</verify>
+</testcase>

diff --git a/tests/data/test781 b/tests/data/test781
new file mode 100644 (file)
index 0000000..e9a023a
--- /dev/null
+++ b/tests/data/test781
@@ -0,0 +1,84 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HSTS
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+</connect>
+
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000
+
+</data>
+</reply>
+
+<client>
+<server>
+http
+http-proxy
+https
+</server>
+<features>
+HSTS
+proxy
+https
+debug
+large-time
+</features>
+
+<setenv>
+CURL_HSTS_HTTP=yes
+CURL_TIME=1728465947
+</setenv>
+
+<file name="log/input%TESTNUMBER">
+.hsts.example "20991001 04:47:41"
+this.hsts.example "99991001 04:47:41"
+</file>
+
+<name>
+HSTS update expiry, with parent includeSubDomains domain present
+</name>
+<command>
+-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k
+</command>
+</client>
+
+<verify>
+
+<stdout>
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000
+
+</stdout>
+
+<file name="log/input%TESTNUMBER" mode="text">
+# Your HSTS cache. https://curl.se/docs/hsts.html
+# This file was generated by libcurl! Edit at your own risk.
+.hsts.example "20991001 04:47:41"
+this.hsts.example "20241009 09:42:27"
+</file>
+</verify>
+</testcase>

diff --git a/tests/data/test782 b/tests/data/test782
new file mode 100644 (file)
index 0000000..8f12658
--- /dev/null
+++ b/tests/data/test782
@@ -0,0 +1,84 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HSTS
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+</connect>
+
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000; includesubdomains
+
+</data>
+</reply>
+
+<client>
+<server>
+http
+http-proxy
+https
+</server>
+<features>
+HSTS
+proxy
+https
+debug
+large-time
+</features>
+
+<setenv>
+CURL_HSTS_HTTP=yes
+CURL_TIME=1728465947
+</setenv>
+
+<file name="log/input%TESTNUMBER">
+.hsts.example "20991001 04:47:41"
+.this.hsts.example "99991001 04:47:41"
+</file>
+
+<name>
+HSTS update expiry, with two includeSubDomains domains present
+</name>
+<command>
+-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k
+</command>
+</client>
+
+<verify>
+
+<stdout>
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000; includesubdomains
+
+</stdout>
+
+<file name="log/input%TESTNUMBER" mode="text">
+# Your HSTS cache. https://curl.se/docs/hsts.html
+# This file was generated by libcurl! Edit at your own risk.
+.hsts.example "20991001 04:47:41"
+.this.hsts.example "20241009 09:42:27"
+</file>
+</verify>
+</testcase>

diff --git a/tests/data/test783 b/tests/data/test783
new file mode 100644 (file)
index 0000000..59313d3
--- /dev/null
+++ b/tests/data/test783
@@ -0,0 +1,84 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HSTS
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+</connect>
+
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000;
+
+</data>
+</reply>
+
+<client>
+<server>
+http
+http-proxy
+https
+</server>
+<features>
+HSTS
+proxy
+https
+debug
+large-time
+</features>
+
+<setenv>
+CURL_HSTS_HTTP=yes
+CURL_TIME=1728465947
+</setenv>
+
+<file name="log/input%TESTNUMBER">
+.hsts.example "20991001 04:47:41"
+.this.hsts.example "99991001 04:47:41"
+</file>
+
+<name>
+HSTS update expiry, removing includesubdomains in update
+</name>
+<command>
+-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k
+</command>
+</client>
+
+<verify>
+
+<stdout>
+HTTP/1.1 200 OK\r
+Server: fake\r
+\r
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Strict-Transport-Security: max-age=1000;
+
+</stdout>
+
+<file name="log/input%TESTNUMBER" mode="text">
+# Your HSTS cache. https://curl.se/docs/hsts.html
+# This file was generated by libcurl! Edit at your own risk.
+.hsts.example "20991001 04:47:41"
+this.hsts.example "20241009 09:42:27"
+</file>
+</verify>
+</testcase>