Add a build flag to configure bundling of HSTS preload list

net/http/http_security_headers_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/strings/string_piece.h"
 #include "crypto/sha2.h"
@@ skipping 635 matching lines @@
 
 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) {
   TestBogusPinsHeaders(HASH_VALUE_SHA256);
 }
 
 TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) {
   TestValidPKPHeaders(HASH_VALUE_SHA256);
 }
 
 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
+#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
+  return;
+#endif

[Ryan Sleevi, 2017/06/29 20:47:40]

To better allow the compiler to optimize this out, shouldn't this be an #if /
#else - so that it doesn't have to compile this code?

Alternatively, using the DISABLED_ conditional macro for the test based on the
build flag (which forces compilation, but uses our more idiomatic approach to
disabling tests)

[xunjieli, 2017/06/30 19:12:18]

Done.

   TransportSecurityState state;
   TransportSecurityState::STSState static_sts_state;
   TransportSecurityState::PKPState static_pkp_state;
 
   // docs.google.com has preloaded pins.
   std::string domain = "docs.google.com";
   state.enable_static_pins_ = true;
   EXPECT_TRUE(
       state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state));
   EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL);
@@ skipping 56 matching lines @@
   hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(),
                    new_dynamic_pkp_state.spki_hashes.end(), good_hash);
   EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash);
 
   hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(),
                    new_dynamic_pkp_state.spki_hashes.end(), backup_hash);
   EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash);
 }
 
 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
+#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
+  return;
+#endif
   TransportSecurityState state;
   TransportSecurityState::STSState static_sts_state;
   TransportSecurityState::PKPState static_pkp_state;
 
   // docs.google.com has preloaded pins.
   std::string domain = "docs.google.com";
   state.enable_static_pins_ = true;
   ASSERT_TRUE(
       state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state));
   EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL);
@@ skipping 58 matching lines @@
                 domain_port, is_issued_by_known_root,
                 new_static_pkp_state2.spki_hashes, nullptr, nullptr,
                 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
   EXPECT_NE(0UL, failure_log.length());
 }
 
 // Tests that when a static HSTS and a static HPKP entry are present, adding a
 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a
 // dynamic HPKP entry could not affect the HSTS entry for the site.
 TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
+#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
+  return;
+#endif
   TransportSecurityState state;
   TransportSecurityState::STSState sts_state;
   TransportSecurityState::PKPState pkp_state;
 
   // accounts.google.com has preloaded pins.
   std::string domain = "accounts.google.com";
   state.enable_static_pins_ = true;
 
   // Retrieve the static STS and PKP states as it is by default, including its
   // known good pins.
@@ skipping 373 matching lines @@
   EXPECT_TRUE(ParseExpectCTHeader(
       "  max-age=999999999999999999999999999999999999999999999  ,"
       "  enforce   ",
       &max_age, &enforce, &report_uri));
   EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
   EXPECT_TRUE(enforce);
   EXPECT_TRUE(report_uri.is_empty());
 }
 
 }  // namespace net