From 463d24f104abcc5f88e024eec7547d07372b32f2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 9 Oct 2024 11:27:29 +0200 Subject: [PATCH] [PATCH] tests: 780 - 783, new HSTS tests test780: verify updated HSTS data in response header test781: HSTS update expiry, with parent includeSubDomains domain present test782: HSTS update expiry, with two includeSubDomains domains present test783: HSTS update expiry, removing includesubdomains in update Backported by: Aquila Macedo Costa . Changes: - Adjust `tests/data/Makefile.inc` to include new HSTS tests (780 - 783). - Updates 'Debug' to 'debug' in test data files (`test780`, `test781`, `test782`, `test783`) to align with curl conventions in bookworm and ensure consistency in feature definitions. - Additionally, `%LOGDIR` is replaced with log in the test files due to its absence in curl bookworm. Gbp-Pq: Name CVE-2024-9681-1.patch --- tests/data/Makefile.inc | 2 + tests/data/test780 | 81 +++++++++++++++++++++++++++++++++++++++ tests/data/test781 | 84 +++++++++++++++++++++++++++++++++++++++++ tests/data/test782 | 84 +++++++++++++++++++++++++++++++++++++++++ tests/data/test783 | 84 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 335 insertions(+) create mode 100644 tests/data/test780 create mode 100644 tests/data/test781 create mode 100644 tests/data/test782 create mode 100644 tests/data/test783 diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 85b2e8cd..379e6e0f 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -102,6 +102,8 @@ test700 test701 test702 test703 test704 test705 test706 test707 test708 \ test709 test710 test711 test712 test713 test714 test715 test716 test717 \ test718 test719 test720 test721 test728\ \ +test780 test781 test782 test783 \ +\ test800 test801 test802 test803 test804 test805 test806 test807 test808 \ test809 test810 test811 test812 test813 test814 test815 test816 test817 \ test818 test819 test820 test821 test822 test823 test824 test825 test826 \ diff --git a/tests/data/test780 b/tests/data/test780 new file mode 100644 index 00000000..7bd362a8 --- /dev/null +++ b/tests/data/test780 @@ -0,0 +1,81 @@ + + + +HTTP +HTTP proxy +HSTS + + + + + +# we use this as response to a CONNECT + +HTTP/1.1 200 OK +Server: fake + + + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000 + + + + + + +http +http-proxy +https + + +HSTS +proxy +https +debug + + + +CURL_HSTS_HTTP=yes +CURL_TIME=1728465947 + + + +this.hsts.example "99991001 04:47:41" + + + +HSTS with updated expiry in response + + +-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k + + + + + + +HTTP/1.1 200 OK +Server: fake + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000 + + + + +# Your HSTS cache. https://curl.se/docs/hsts.html +# This file was generated by libcurl! Edit at your own risk. +this.hsts.example "20241009 09:42:27" + + + diff --git a/tests/data/test781 b/tests/data/test781 new file mode 100644 index 00000000..e9a023af --- /dev/null +++ b/tests/data/test781 @@ -0,0 +1,84 @@ + + + +HTTP +HTTP proxy +HSTS + + + + + +# we use this as response to a CONNECT + +HTTP/1.1 200 OK +Server: fake + + + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000 + + + + + + +http +http-proxy +https + + +HSTS +proxy +https +debug +large-time + + + +CURL_HSTS_HTTP=yes +CURL_TIME=1728465947 + + + +.hsts.example "20991001 04:47:41" +this.hsts.example "99991001 04:47:41" + + + +HSTS update expiry, with parent includeSubDomains domain present + + +-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k + + + + + + +HTTP/1.1 200 OK +Server: fake + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000 + + + + +# Your HSTS cache. https://curl.se/docs/hsts.html +# This file was generated by libcurl! Edit at your own risk. +.hsts.example "20991001 04:47:41" +this.hsts.example "20241009 09:42:27" + + + diff --git a/tests/data/test782 b/tests/data/test782 new file mode 100644 index 00000000..8f126589 --- /dev/null +++ b/tests/data/test782 @@ -0,0 +1,84 @@ + + + +HTTP +HTTP proxy +HSTS + + + + + +# we use this as response to a CONNECT + +HTTP/1.1 200 OK +Server: fake + + + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000; includesubdomains + + + + + + +http +http-proxy +https + + +HSTS +proxy +https +debug +large-time + + + +CURL_HSTS_HTTP=yes +CURL_TIME=1728465947 + + + +.hsts.example "20991001 04:47:41" +.this.hsts.example "99991001 04:47:41" + + + +HSTS update expiry, with two includeSubDomains domains present + + +-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k + + + + + + +HTTP/1.1 200 OK +Server: fake + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000; includesubdomains + + + + +# Your HSTS cache. https://curl.se/docs/hsts.html +# This file was generated by libcurl! Edit at your own risk. +.hsts.example "20991001 04:47:41" +.this.hsts.example "20241009 09:42:27" + + + diff --git a/tests/data/test783 b/tests/data/test783 new file mode 100644 index 00000000..59313d35 --- /dev/null +++ b/tests/data/test783 @@ -0,0 +1,84 @@ + + + +HTTP +HTTP proxy +HSTS + + + + + +# we use this as response to a CONNECT + +HTTP/1.1 200 OK +Server: fake + + + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000; + + + + + + +http +http-proxy +https + + +HSTS +proxy +https +debug +large-time + + + +CURL_HSTS_HTTP=yes +CURL_TIME=1728465947 + + + +.hsts.example "20991001 04:47:41" +.this.hsts.example "99991001 04:47:41" + + + +HSTS update expiry, removing includesubdomains in update + + +-x http://%HOSTIP:%PROXYPORT http://this.hsts.example:%HTTPSPORT/%TESTNUMBER --hsts log/input%TESTNUMBER -k + + + + + + +HTTP/1.1 200 OK +Server: fake + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Strict-Transport-Security: max-age=1000; + + + + +# Your HSTS cache. https://curl.se/docs/hsts.html +# This file was generated by libcurl! Edit at your own risk. +.hsts.example "20991001 04:47:41" +this.hsts.example "20241009 09:42:27" + + + -- 2.30.2