net/der/parse_values_unittest.cc - Issue 1160643002: Remove dangerous std::string constructor for der::Input

Unified Diff: net/der/parse_values_unittest.cc

Issue 1160643002: Remove dangerous std::string constructor for der::Input (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove FromCString; use uint8_t array literals instead of string literals now Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/der/parse_values_unittest.cc

diff --git a/net/der/parse_values_unittest.cc b/net/der/parse_values_unittest.cc

index 8233042418db3e545c275673b59f170e6446ae4a..35e59e67476b64439ff6da91dc2eef2402c5acb4 100644

--- a/net/der/parse_values_unittest.cc

+++ b/net/der/parse_values_unittest.cc

@@ -38,117 +38,389 @@ TEST(ParseValuesTest, ParseBool) {

TEST(ParseValuesTest, ParseTimes) {

GeneralizedTime out;

- EXPECT_TRUE(ParseUTCTime(Input("140218161200Z"), &out));

+ const uint8_t valid_utc_time[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'Z'};

+ EXPECT_TRUE(ParseUTCTime(Input(valid_utc_time), &out));

// DER-encoded UTCTime must end with 'Z'.

- EXPECT_FALSE(ParseUTCTime(Input("140218161200X"), &out));

+ const uint8_t utc_time_missing_z[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'X'};

+ EXPECT_FALSE(ParseUTCTime(Input(utc_time_missing_z), &out));

// Check that a negative number (-4 in this case) doesn't get parsed as

// a 2-digit number.

- EXPECT_FALSE(ParseUTCTime(Input("-40218161200Z"), &out));

+ const uint8_t utc_time_negative_number[] = {

+ '-', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'Z'};

+ EXPECT_FALSE(ParseUTCTime(Input(utc_time_negative_number), &out));

// Check that numbers with a leading 0 don't get parsed in octal by making

// the second digit an invalid octal digit (e.g. 09).

- EXPECT_TRUE(ParseUTCTime(Input("090218161200Z"), &out));

+ const uint8_t utc_time_test_octal[] = {

+ '0', '9', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'Z'};

+ EXPECT_TRUE(ParseUTCTime(Input(utc_time_test_octal), &out));

// Check that the length is validated.

- EXPECT_FALSE(ParseUTCTime(Input("140218161200"), &out));

- EXPECT_FALSE(ParseUTCTime(Input("140218161200Z0"), &out));

- EXPECT_FALSE(ParseUTCTimeRelaxed(Input("140218161200"), &out));

- EXPECT_FALSE(ParseUTCTimeRelaxed(Input("140218161200Z0"), &out));

+ const uint8_t utc_time_too_short[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0'};

+ const uint8_t utc_time_too_long[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'Z', '0'};

+ EXPECT_FALSE(ParseUTCTime(Input(utc_time_too_short), &out));

+ EXPECT_FALSE(ParseUTCTime(Input(utc_time_too_long), &out));

+ EXPECT_FALSE(ParseUTCTimeRelaxed(Input(utc_time_too_short), &out));

+ EXPECT_FALSE(ParseUTCTimeRelaxed(Input(utc_time_too_long), &out));

// Check strictness of UTCTime parsers.

- EXPECT_FALSE(ParseUTCTime(Input("1402181612Z"), &out));

- EXPECT_TRUE(ParseUTCTimeRelaxed(Input("1402181612Z"), &out));

+ const uint8_t utc_time_relaxed[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', 'Z'};

+ EXPECT_FALSE(ParseUTCTime(Input(utc_time_relaxed), &out));

+ EXPECT_TRUE(ParseUTCTimeRelaxed(Input(utc_time_relaxed), &out));

// Check that the time ends in Z.

- EXPECT_FALSE(ParseUTCTimeRelaxed(Input("1402181612Z0"), &out));

+ const uint8_t utc_time_relaxed_too_long[] = {

+ '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', 'Z', '0'};

+ EXPECT_FALSE(ParseUTCTimeRelaxed(Input(utc_time_relaxed_too_long), &out));

// Check format of GeneralizedTime.

// Leap seconds are allowed.

- EXPECT_TRUE(ParseGeneralizedTime(Input("20140218161260Z"), &out));

+ const uint8_t generalized_time_with_leap_second[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '6',

+ '0',

+ 'Z'};

nharper 2015/05/26 22:11:49 I don't particularly like how these look. I tried

Ryan Sleevi 2015/06/03 23:09:11 As soon as the new clang rolls in to Chromium, thi

+ EXPECT_TRUE(

+ ParseGeneralizedTime(Input(generalized_time_with_leap_second), &out));

// But nothing larger than a leap second.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161261Z"), &out));

+ const uint8_t generalized_time_second_too_big[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '6',

+ '1',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_second_too_big), &out));

// Minutes only go up to 59.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140218166000Z"), &out));

+ const uint8_t generalized_time_minute_too_big[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_minute_too_big), &out));

// Hours only go up to 23.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140218240000Z"), &out));

+ const uint8_t generalized_time_hour_too_big[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '2',

+ '4',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_hour_too_big), &out));

// The 0th day of a month is invalid.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140200161200Z"), &out));

+ const uint8_t generalized_time_zeroth_day[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '0',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_zeroth_day), &out));

// The 0th month is invalid.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140018161200Z"), &out));

+ const uint8_t generalized_time_zeroth_month[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_zeroth_month), &out));

// Months greater than 12 are invalid.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20141318161200Z"), &out));

+ const uint8_t generalized_time_13th_month[] = {'2',

+ '0',

+ '1',

+ '4',

+ '1',

+ '3',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_13th_month), &out));

// Some months have 31 days.

- EXPECT_TRUE(ParseGeneralizedTime(Input("20140131000000Z"), &out));

+ const uint8_t generalized_time_january_thirty_first[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '1',

+ '3',

+ '1',

+ '0',

+ 'Z'};

+ EXPECT_TRUE(

+ ParseGeneralizedTime(Input(generalized_time_january_thirty_first), &out));

// September has only 30 days.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140931000000Z"), &out));

+ const uint8_t generalized_time_september_31st[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '9',

+ '3',

+ '1',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_september_31st), &out));

// February has only 28 days...

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140229000000Z"), &out));

+ const uint8_t generalized_time_february_29th_non_leap_year[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '9',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(ParseGeneralizedTime(

+ Input(generalized_time_february_29th_non_leap_year), &out));

// ... unless it's a leap year.

- EXPECT_TRUE(ParseGeneralizedTime(Input("20160229000000Z"), &out));

+ const uint8_t generalized_time_february_29th_leap_year[] = {'2',

+ '0',

+ '1',

+ '6',

+ '0',

+ '2',

+ '9',

+ '0',

+ 'Z'};

+ EXPECT_TRUE(ParseGeneralizedTime(

+ Input(generalized_time_february_29th_leap_year), &out));

// There aren't any leap days in years divisible by 100...

- EXPECT_FALSE(ParseGeneralizedTime(Input("21000229000000Z"), &out));

+ const uint8_t generalized_time_leap_day_100th_year[] = {'2',

+ '1',

+ '0',

+ '2',

+ '9',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(

+ ParseGeneralizedTime(Input(generalized_time_leap_day_100th_year), &out));

// ...unless it's also divisible by 400.

- EXPECT_TRUE(ParseGeneralizedTime(Input("20000229000000Z"), &out));

+ const uint8_t generalized_time_leap_day_400th_year[] = {'2',

+ '0',

+ '2',

+ '9',

+ '0',

+ 'Z'};

+ EXPECT_TRUE(

+ ParseGeneralizedTime(Input(generalized_time_leap_day_400th_year), &out));

// Check more perverse invalid inputs.

- const uint8_t trailing_null_bytes[] = {'2',

- '0',

- '1',

- '2',

- '3',

- '1',

- '0',

- '1',

- '0',

- '2',

- '0',

- '3',

- 'Z',

- '\0'};

- Input trailing_null(trailing_null_bytes, sizeof(trailing_null_bytes));

- EXPECT_FALSE(ParseGeneralizedTime(trailing_null, &out));

- const uint8_t embedded_null_bytes[] = {'2',

- '0',

- '\0',

- '1',

- '2',

- '3',

- '1',

- '0',

- '1',

- '0',

- '2',

- '0',

- '3',

- 'Z'};

- Input embedded_null(embedded_null_bytes, sizeof(embedded_null_bytes));

- EXPECT_FALSE(ParseGeneralizedTime(embedded_null, &out));

+ // Check that trailing null bytes are not ignored.

+ const uint8_t trailing_null[] = {'2',

+ '0',

+ '1',

+ '2',

+ '3',

+ '1',

+ '0',

+ '1',

+ '0',

+ '2',

+ '0',

+ '3',

+ 'Z',

+ '\0'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(trailing_null), &out));

+ // Check what happens when a null byte is in the middle of the input.

+ const uint8_t embedded_null[] = {'2',

+ '0',

+ '\0',

+ '1',

+ '2',

+ '3',

+ '1',

+ '0',

+ '1',

+ '0',

+ '2',

+ '0',

+ '3',

+ 'Z'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(embedded_null), &out));

// The year can't be in hex.

- EXPECT_FALSE(ParseGeneralizedTime(Input("0x201231000000Z"), &out));

+ const uint8_t generalized_time_year_in_hex[] = {'0',

+ 'x',

+ '2',

+ '0',

+ '1',

+ '2',

+ '3',

+ '1',

+ '0',

+ 'Z'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_year_in_hex), &out));

// The last byte must be 'Z'.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20001231000000X"), &out));

+ const uint8_t generalized_time_missing_z[] = {'2',

+ '0',

+ '1',

+ '2',

+ '3',

+ '1',

+ '0',

+ 'X'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_missing_z), &out));

// Check that the length is validated.

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161200"), &out));

- EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161200Z0"), &out));

+ const uint8_t generalized_time_too_short[] = {

+ '2', '0', '1', '4', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0'};

+ const uint8_t generalized_time_too_long[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z',

+ '0'};

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_too_short), &out));

+ EXPECT_FALSE(ParseGeneralizedTime(Input(generalized_time_too_long), &out));

}

TEST(ParseValuesTest, TimesCompare) {

@@ -156,9 +428,42 @@ TEST(ParseValuesTest, TimesCompare) {

GeneralizedTime time2;

GeneralizedTime time3;

- ASSERT_TRUE(ParseGeneralizedTime(Input("20140218161200Z"), &time1));

- ASSERT_TRUE(ParseUTCTime(Input("150218161200Z"), &time2));

- ASSERT_TRUE(ParseGeneralizedTime(Input("20160218161200Z"), &time3));

+ const uint8_t time1_bytes[] = {'2',

+ '0',

+ '1',

+ '4',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z'};

+ const uint8_t time2_bytes[] = {

+ '1', '5', '0', '2', '1', '8', '1', '6', '1', '2', '0', '0', 'Z'};

+ const uint8_t time3_bytes[] = {'2',

+ '0',

+ '1',

+ '6',

+ '0',

+ '2',

+ '1',

+ '8',

+ '1',

+ '6',

+ '1',

+ '2',

+ '0',

+ 'Z'};

+ ASSERT_TRUE(ParseGeneralizedTime(Input(time1_bytes), &time1));

+ ASSERT_TRUE(ParseUTCTime(Input(time2_bytes), &time2));

+ ASSERT_TRUE(ParseGeneralizedTime(Input(time3_bytes), &time3));

EXPECT_TRUE(time1 < time2);

EXPECT_TRUE(time2 < time3);

EXPECT_TRUE(time1 < time3);

« no previous file with comments | « net/der/input_unittest.cc ('k') | no next file » | no next file with comments »