Markéta Machová
c46649eaa8
- Update to 2022.9.1 - Automated updates to the HSTS preload list on 2022-9-1 * Automated updates to the HSTS preload list on 2022-8-1 * Fix build module name * Automated updates to the HSTS preload list on 2022-7-10 * forgot flake8 * Also update the test URL * Move requirements to their own directory * Allow manually running cron.sh * Update branch from 'master' to 'main' of Chromium repository * Add explicit support for Python 3.9 and 3.10 * Automated updates to the HSTS preload list on 2021-12-1 * Automated updates to the HSTS preload list on 2021-11-1 * Automated updates to the HSTS preload list on 2021-10-1 * Automated updates to the HSTS preload list on 2021-9-1 * Automated updates to the HSTS preload list on 2021-8-1 * Run monthly instead of weekly * Use env field in GHA * Fix cron? add manual deploy * Automated updates to the HSTS preload list on 2021-7-5 * Automated updates to the HSTS preload list on 2021-6-28 * Automated updates to the HSTS preload list on 2021-6-21 * Automated updates to the HSTS preload list on 2021-6-14 * Automated updates to the HSTS preload list on 2021-5-31 * Automated updates to the HSTS preload list on 2021-5-24 * Automated updates to the HSTS preload list on 2021-5-17 * Use main instead of master * Update cron.sh * Automated updates to the HSTS preload list on 2021-5-3 * Automated updates to the HSTS preload list on 2021-4-26 OBS-URL: https://build.opensuse.org/request/show/1006800 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-hstspreload?expand=0&rev=3
80 lines
2.3 KiB
Python
80 lines
2.3 KiB
Python
import base64
|
|
import hashlib
|
|
import json
|
|
|
|
import pytest
|
|
import urllib3
|
|
|
|
import hstspreload
|
|
|
|
HSTS_PRELOAD_URL = (
|
|
"https://chromium.googlesource.com/chromium/src/+/main/"
|
|
"net/http/transport_security_state_static.json?format=TEXT"
|
|
)
|
|
|
|
|
|
def load_test_cases():
|
|
http = urllib3.PoolManager()
|
|
r = http.request(
|
|
"GET",
|
|
HSTS_PRELOAD_URL,
|
|
headers={"Accept": "application/json"},
|
|
preload_content=True,
|
|
)
|
|
content = base64.b64decode(r.data)
|
|
content_checksum = hashlib.sha256(content).hexdigest()
|
|
|
|
assert content_checksum == hstspreload.__checksum__
|
|
|
|
content = content.decode("ascii")
|
|
entries = json.loads(
|
|
"\n".join(
|
|
[line for line in content.split("\n") if not line.strip().startswith("//")]
|
|
)
|
|
)["entries"]
|
|
|
|
allow_subdomains = []
|
|
|
|
for entry in sorted(entries, key=lambda x: len(x["name"])):
|
|
host = entry["name"].encode("ascii")
|
|
include_subdomains = entry.get("include_subdomains", False)
|
|
force_https = entry.get("mode", "") == "force-https"
|
|
|
|
if force_https:
|
|
yield host, True
|
|
if include_subdomains:
|
|
allow_subdomains.append(b"." + host)
|
|
|
|
# Handle cases where a subdomain like 'example.org' is
|
|
# given 'includeSubdomains' but then the 'www.example.org'
|
|
# entry isn't assigned 'includeSubdomains'. Thankfully
|
|
# this isn't allowed anymore and they only accept
|
|
# 'example.org' domains now.
|
|
if not include_subdomains:
|
|
for subdom in allow_subdomains:
|
|
if host.endswith(subdom):
|
|
include_subdomains = True
|
|
break
|
|
|
|
yield b"zzz-subdomain." + host, include_subdomains
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
["host", "expected"],
|
|
[
|
|
(b"www.google.com", False),
|
|
("www.google.com", False),
|
|
(b"google.com", False),
|
|
("google.com", False),
|
|
("paypal.com", True),
|
|
(b"paypal.com", True),
|
|
],
|
|
)
|
|
def test_data_types(host, expected):
|
|
assert hstspreload.in_hsts_preload(host) is expected
|
|
|
|
|
|
@pytest.mark.parametrize(["host", "expected"], list(load_test_cases()))
|
|
def test_in_hsts_preload(host, expected):
|
|
assert hstspreload.in_hsts_preload(host) is expected
|