happyDomain/checker-http
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
nemunaire 2026-04-27 01:31:20 +07:00
commit 542ebdea34
40 changed files with 4592 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

78
checker/rules_sri_test.go Normal file
View file

@ -0,0 +1,78 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
package checker
import (
"testing"
sdk "git.happydns.org/checker-sdk-go/checker"
)
func TestSRIRule_NoHTML(t *testing.T) {
// A probe without Resources is treated as "no parsed body".
data := &HTTPData{Probes: []HTTPProbe{httpsProbe("a:443")}}
states := runRule(t, &sriRule{}, data, nil)
mustStatus(t, states, sdk.StatusUnknown)
if !hasCode(states, "http.sri.no_html") {
t.Errorf("expected no_html: %+v", states)
}
}
func TestSRIRule_NoCrossOrigin(t *testing.T) {
p := httpsProbe("a:443")
p.Resources = []HTMLResource{
{Tag: "script", URL: "/local.js", CrossOrigin: false},
{Tag: "link", URL: "/style.css", CrossOrigin: false, Rel: "stylesheet"},
}
states := runRule(t, &sriRule{}, &HTTPData{Probes: []HTTPProbe{p}}, nil)
mustStatus(t, states, sdk.StatusOK)
if !hasCode(states, "http.sri.no_cross_origin") {
t.Errorf("expected no_cross_origin: %+v", states)
}
}
func TestSRIRule_AllCovered(t *testing.T) {
p := httpsProbe("a:443")
p.Resources = []HTMLResource{
{Tag: "script", URL: "https://cdn.example/lib.js", CrossOrigin: true, Integrity: "sha384-abc"},
{Tag: "link", URL: "https://cdn.example/style.css", CrossOrigin: true, Integrity: "sha384-def"},
}
states := runRule(t, &sriRule{}, &HTTPData{Probes: []HTTPProbe{p}}, nil)
mustStatus(t, states, sdk.StatusOK)
if !hasCode(states, "http.sri.ok") {
t.Errorf("expected ok: %+v", states)
}
}
func TestSRIRule_SomeMissing(t *testing.T) {
p := httpsProbe("a:443")
p.Resources = []HTMLResource{
{Tag: "script", URL: "https://cdn.example/lib.js", CrossOrigin: true},
{Tag: "link", URL: "https://cdn.example/style.css", CrossOrigin: true, Integrity: "sha384-def"},
{Tag: "script", URL: "/local.js", CrossOrigin: false},
}
states := runRule(t, &sriRule{}, &HTTPData{Probes: []HTTPProbe{p}}, nil)
if len(states) != 1 {
t.Fatalf("expected 1 missing-state, got %d: %+v", len(states), states)
}
mustStatus(t, states, sdk.StatusWarn)
if states[0].Code != "http.sri.missing" {
t.Errorf("unexpected code: %q", states[0].Code)
}
if states[0].Meta["url"] != "https://cdn.example/lib.js" {
t.Errorf("meta.url = %v, want lib.js", states[0].Meta["url"])
}
}
func TestSRIRule_PicksFirstHTTPSWithResources(t *testing.T) {
a := httpsProbe("a:443")
b := httpsProbe("b:443")
b.Resources = []HTMLResource{{Tag: "script", URL: "https://cdn/x.js", CrossOrigin: true, Integrity: "sha384-abc"}}
states := runRule(t, &sriRule{}, &HTTPData{Probes: []HTTPProbe{a, b}}, nil)
mustStatus(t, states, sdk.StatusOK)
if !hasCode(states, "http.sri.ok") {
t.Errorf("expected ok with resources from second probe, got %+v", states)
}
}