Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(673)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/certificate_transparency/log_dns_client_unittest.cc

Issue 2375693002: LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string (Closed)
Patch Set: Use checked_cast Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/certificate_transparency/log_dns_client.cc ('k') | components/certificate_transparency/mock_log_dns_traffic.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/certificate_transparency/log_dns_client_unittest.cc
diff --git a/components/certificate_transparency/log_dns_client_unittest.cc b/components/certificate_transparency/log_dns_client_unittest.cc
index 7ec219b35f52aef94c4a4594a3fbd2a68299f2dd..9d285384790d4dbe9e32d3f0b7663254b05e6a5d 100644
--- a/components/certificate_transparency/log_dns_client_unittest.cc
+++ b/components/certificate_transparency/log_dns_client_unittest.cc
@@ -3,10 +3,11 @@
// found in the LICENSE file.
#include "components/certificate_transparency/log_dns_client.h"
#include <memory>
+#include <numeric>
#include <string>
#include <utility>
#include <vector>
#include "base/message_loop/message_loop.h"
@@ -151,11 +152,11 @@ class LogDnsClientTest : public ::testing::TestWithParam<net::IoMode> {
};
TEST_P(LogDnsClientTest, QueryLeafIndex) {
mock_dns_.ExpectLeafIndexRequestAndResponse(
"D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
- "123456");
+ 123456);
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsOk());
@@ -197,65 +198,92 @@ TEST_P(LogDnsClientTest, QueryLeafIndexReportsServerRefusal) {
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
EXPECT_THAT(callback.leaf_index(), 0);
}
TEST_P(LogDnsClientTest,
+ QueryLeafIndexReportsMalformedResponseIfContainsNoStrings) {
+ mock_dns_.ExpectRequestAndResponse(
+ "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
+ std::vector<base::StringPiece>());
+
+ MockLeafIndexCallback callback;
+ QueryLeafIndex("ct.test", kLeafHash, &callback);
+ ASSERT_TRUE(callback.called());
+ EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
+ EXPECT_THAT(callback.leaf_index(), 0);
+}
+
+TEST_P(LogDnsClientTest,
+ QueryLeafIndexReportsMalformedResponseIfContainsMoreThanOneString) {
+ mock_dns_.ExpectRequestAndResponse(
+ "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
+ {"123456", "7"});
+
+ MockLeafIndexCallback callback;
+ QueryLeafIndex("ct.test", kLeafHash, &callback);
+ ASSERT_TRUE(callback.called());
+ EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
+ EXPECT_THAT(callback.leaf_index(), 0);
+}
+
+TEST_P(LogDnsClientTest,
QueryLeafIndexReportsMalformedResponseIfLeafIndexIsNotNumeric) {
- mock_dns_.ExpectLeafIndexRequestAndResponse(
+ mock_dns_.ExpectRequestAndResponse(
"D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
- "foo");
+ {"foo"});
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
EXPECT_THAT(callback.leaf_index(), 0);
}
TEST_P(LogDnsClientTest,
QueryLeafIndexReportsMalformedResponseIfLeafIndexIsFloatingPoint) {
- mock_dns_.ExpectLeafIndexRequestAndResponse(
+ mock_dns_.ExpectRequestAndResponse(
"D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
- "123456.0");
+ {"123456.0"});
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
EXPECT_THAT(callback.leaf_index(), 0);
}
TEST_P(LogDnsClientTest,
QueryLeafIndexReportsMalformedResponseIfLeafIndexIsEmpty) {
- mock_dns_.ExpectLeafIndexRequestAndResponse(
- "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.", "");
+ mock_dns_.ExpectRequestAndResponse(
+ "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
+ {""});
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
EXPECT_THAT(callback.leaf_index(), 0);
}
TEST_P(LogDnsClientTest,
QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) {
- mock_dns_.ExpectLeafIndexRequestAndResponse(
+ mock_dns_.ExpectRequestAndResponse(
"D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
- "foo123456");
+ {"foo123456"});
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
EXPECT_THAT(callback.leaf_index(), 0);
}
TEST_P(LogDnsClientTest,
QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) {
- mock_dns_.ExpectLeafIndexRequestAndResponse(
+ mock_dns_.ExpectRequestAndResponse(
"D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
- "123456foo");
+ {"123456foo"});
MockLeafIndexCallback callback;
QueryLeafIndex("ct.test", kLeafHash, &callback);
ASSERT_TRUE(callback.called());
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
@@ -415,10 +443,44 @@ TEST_P(LogDnsClientTest, QueryAuditProofReportsServerRefusal) {
EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
EXPECT_THAT(callback.proof(), IsNull());
}
TEST_P(LogDnsClientTest,
+ QueryAuditProofReportsResponseMalformedIfContainsNoStrings) {
+ mock_dns_.ExpectRequestAndResponse("0.123456.999999.tree.ct.test.",
+ std::vector<base::StringPiece>());
+
+ MockAuditProofCallback callback;
+ QueryAuditProof("ct.test", 123456, 999999, &callback);
+ ASSERT_TRUE(callback.called());
+ EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
+ EXPECT_THAT(callback.proof(), IsNull());
+}
+
+TEST_P(LogDnsClientTest,
+ QueryAuditProofReportsResponseMalformedIfContainsMoreThanOneString) {
+ // The CT-over-DNS draft RFC states that the response will contain "exactly
+ // one character-string."
+ const std::vector<std::string> audit_proof = GetSampleAuditProof(10);
+
+ std::string first_chunk_of_proof = std::accumulate(
+ audit_proof.begin(), audit_proof.begin() + 7, std::string());
+ std::string second_chunk_of_proof = std::accumulate(
+ audit_proof.begin() + 7, audit_proof.end(), std::string());
+
+ mock_dns_.ExpectRequestAndResponse(
+ "0.123456.999999.tree.ct.test.",
+ {first_chunk_of_proof, second_chunk_of_proof});
+
+ MockAuditProofCallback callback;
+ QueryAuditProof("ct.test", 123456, 999999, &callback);
+ ASSERT_TRUE(callback.called());
+ EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
+ EXPECT_THAT(callback.proof(), IsNull());
+}
+
+TEST_P(LogDnsClientTest,
QueryAuditProofReportsResponseMalformedIfNodeTooShort) {
// node is shorter than a SHA-256 hash (31 vs 32 bytes)
const std::vector<std::string> audit_proof(1, std::string(31, 'a'));
mock_dns_.ExpectAuditProofRequestAndResponse(
« no previous file with comments | « components/certificate_transparency/log_dns_client.cc ('k') | components/certificate_transparency/mock_log_dns_traffic.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698