| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/download_protection_service.h" | 5 #include "chrome/browser/safe_browsing/download_protection_service.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/base_paths.h" | 10 #include "base/base_paths.h" |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "base/file_path.h" | 13 #include "base/file_path.h" |
| 14 #include "base/file_util.h" | 14 #include "base/file_util.h" |
| 15 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
| 16 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
| 17 #include "base/message_loop.h" | 17 #include "base/message_loop.h" |
| 18 #include "base/path_service.h" | 18 #include "base/path_service.h" |
| 19 #include "base/scoped_temp_dir.h" |
| 19 #include "base/string_number_conversions.h" | 20 #include "base/string_number_conversions.h" |
| 20 #include "base/threading/sequenced_worker_pool.h" | 21 #include "base/threading/sequenced_worker_pool.h" |
| 21 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 22 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 22 #include "chrome/browser/safe_browsing/signature_util.h" | 23 #include "chrome/browser/safe_browsing/signature_util.h" |
| 23 #include "chrome/common/safe_browsing/csd.pb.h" | 24 #include "chrome/common/safe_browsing/csd.pb.h" |
| 25 #include "chrome/common/zip.h" |
| 24 #include "content/public/browser/download_item.h" | 26 #include "content/public/browser/download_item.h" |
| 25 #include "content/public/common/url_fetcher_delegate.h" | 27 #include "content/public/common/url_fetcher_delegate.h" |
| 26 #include "content/test/test_browser_thread.h" | 28 #include "content/test/test_browser_thread.h" |
| 27 #include "content/test/test_url_fetcher_factory.h" | 29 #include "content/test/test_url_fetcher_factory.h" |
| 28 #include "googleurl/src/gurl.h" | 30 #include "googleurl/src/gurl.h" |
| 29 #include "net/base/x509_certificate.h" | 31 #include "net/base/x509_certificate.h" |
| 30 #include "testing/gmock/include/gmock/gmock.h" | 32 #include "testing/gmock/include/gmock/gmock.h" |
| 31 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
| 32 | 34 |
| 33 using ::testing::ContainerEq; | 35 using ::testing::ContainerEq; |
| (...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 425 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 427 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 426 base::Unretained(this))); | 428 base::Unretained(this))); |
| 427 msg_loop_.Run(); | 429 msg_loop_.Run(); |
| 428 #if defined(OS_WIN) | 430 #if defined(OS_WIN) |
| 429 ExpectResult(DownloadProtectionService::UNCOMMON); | 431 ExpectResult(DownloadProtectionService::UNCOMMON); |
| 430 #else | 432 #else |
| 431 ExpectResult(DownloadProtectionService::SAFE); | 433 ExpectResult(DownloadProtectionService::SAFE); |
| 432 #endif | 434 #endif |
| 433 } | 435 } |
| 434 | 436 |
| 437 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadZip) { |
| 438 ClientDownloadResponse response; |
| 439 response.set_verdict(ClientDownloadResponse::SAFE); |
| 440 FakeURLFetcherFactory factory; |
| 441 // Empty response means SAFE. |
| 442 factory.SetFakeResponse( |
| 443 DownloadProtectionService::kDownloadRequestUrl, |
| 444 response.SerializeAsString(), |
| 445 true); |
| 446 |
| 447 ScopedTempDir download_dir; |
| 448 ASSERT_TRUE(download_dir.CreateUniqueTempDir()); |
| 449 |
| 450 DownloadProtectionService::DownloadInfo info; |
| 451 info.local_file = download_dir.path().Append(FILE_PATH_LITERAL("a.tmp")); |
| 452 info.target_file = FilePath(FILE_PATH_LITERAL("a.zip")); |
| 453 info.download_url_chain.push_back(GURL("http://www.evil.com/a.zip")); |
| 454 info.referrer_url = GURL("http://www.google.com/"); |
| 455 |
| 456 // Write out a zip archive to the temporary file. In this case, it |
| 457 // only contains a text file. |
| 458 ScopedTempDir zip_source_dir; |
| 459 ASSERT_TRUE(zip_source_dir.CreateUniqueTempDir()); |
| 460 std::string file_contents = "dummy file"; |
| 461 ASSERT_EQ(static_cast<int>(file_contents.size()), file_util::WriteFile( |
| 462 zip_source_dir.path().Append(FILE_PATH_LITERAL("file.txt")), |
| 463 file_contents.data(), file_contents.size())); |
| 464 ASSERT_TRUE(zip::Zip(zip_source_dir.path(), info.local_file, false)); |
| 465 |
| 466 download_service_->CheckClientDownload( |
| 467 info, |
| 468 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 469 base::Unretained(this))); |
| 470 msg_loop_.Run(); |
| 471 ExpectResult(DownloadProtectionService::SAFE); |
| 472 Mock::VerifyAndClearExpectations(sb_service_); |
| 473 Mock::VerifyAndClearExpectations(signature_util_); |
| 474 |
| 475 // Now check with an executable in the zip file as well. |
| 476 ASSERT_EQ(static_cast<int>(file_contents.size()), file_util::WriteFile( |
| 477 zip_source_dir.path().Append(FILE_PATH_LITERAL("file.exe")), |
| 478 file_contents.data(), file_contents.size())); |
| 479 ASSERT_TRUE(zip::Zip(zip_source_dir.path(), info.local_file, false)); |
| 480 |
| 481 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) |
| 482 .WillRepeatedly(Return(false)); |
| 483 |
| 484 download_service_->CheckClientDownload( |
| 485 info, |
| 486 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 487 base::Unretained(this))); |
| 488 msg_loop_.Run(); |
| 489 ExpectResult(DownloadProtectionService::SAFE); |
| 490 Mock::VerifyAndClearExpectations(signature_util_); |
| 491 |
| 492 // If the response is dangerous the result should also be marked as |
| 493 // dangerous. |
| 494 response.set_verdict(ClientDownloadResponse::DANGEROUS); |
| 495 factory.SetFakeResponse( |
| 496 DownloadProtectionService::kDownloadRequestUrl, |
| 497 response.SerializeAsString(), |
| 498 true); |
| 499 |
| 500 download_service_->CheckClientDownload( |
| 501 info, |
| 502 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 503 base::Unretained(this))); |
| 504 msg_loop_.Run(); |
| 505 #if defined(OS_WIN) |
| 506 ExpectResult(DownloadProtectionService::DANGEROUS); |
| 507 #else |
| 508 ExpectResult(DownloadProtectionService::SAFE); |
| 509 #endif |
| 510 Mock::VerifyAndClearExpectations(signature_util_); |
| 511 } |
| 512 |
| 513 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadCorruptZip) { |
| 514 ScopedTempDir download_dir; |
| 515 ASSERT_TRUE(download_dir.CreateUniqueTempDir()); |
| 516 |
| 517 DownloadProtectionService::DownloadInfo info; |
| 518 info.local_file = download_dir.path().Append(FILE_PATH_LITERAL("a.tmp")); |
| 519 info.target_file = FilePath(FILE_PATH_LITERAL("a.zip")); |
| 520 info.download_url_chain.push_back(GURL("http://www.evil.com/a.zip")); |
| 521 info.referrer_url = GURL("http://www.google.com/"); |
| 522 |
| 523 std::string file_contents = "corrupt zip file"; |
| 524 ASSERT_EQ(static_cast<int>(file_contents.size()), file_util::WriteFile( |
| 525 download_dir.path().Append(FILE_PATH_LITERAL("a.tmp")), |
| 526 file_contents.data(), file_contents.size())); |
| 527 |
| 528 download_service_->CheckClientDownload( |
| 529 info, |
| 530 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 531 base::Unretained(this))); |
| 532 msg_loop_.Run(); |
| 533 ExpectResult(DownloadProtectionService::SAFE); |
| 534 Mock::VerifyAndClearExpectations(sb_service_); |
| 535 Mock::VerifyAndClearExpectations(signature_util_); |
| 536 } |
| 537 |
| 435 TEST_F(DownloadProtectionServiceTest, CheckClientCrxDownloadSuccess) { | 538 TEST_F(DownloadProtectionServiceTest, CheckClientCrxDownloadSuccess) { |
| 436 ClientDownloadResponse response; | 539 ClientDownloadResponse response; |
| 437 // Even if the server verdict is dangerous we should return SAFE because | 540 // Even if the server verdict is dangerous we should return SAFE because |
| 438 // DownloadProtectionService::IsSupportedDownload() will return false | 541 // DownloadProtectionService::IsSupportedDownload() will return false |
| 439 // for crx downloads. | 542 // for crx downloads. |
| 440 response.set_verdict(ClientDownloadResponse::DANGEROUS); | 543 response.set_verdict(ClientDownloadResponse::DANGEROUS); |
| 441 FakeURLFetcherFactory factory; | 544 FakeURLFetcherFactory factory; |
| 442 // Empty response means SAFE. | 545 // Empty response means SAFE. |
| 443 factory.SetFakeResponse( | 546 factory.SetFakeResponse( |
| 444 DownloadProtectionService::kDownloadRequestUrl, | 547 DownloadProtectionService::kDownloadRequestUrl, |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 745 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 848 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 746 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/OU=unit")); | 849 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/OU=unit")); |
| 747 | 850 |
| 748 cert = ReadTestCertificate("test_c.pem"); | 851 cert = ReadTestCertificate("test_c.pem"); |
| 749 ASSERT_TRUE(cert.get()); | 852 ASSERT_TRUE(cert.get()); |
| 750 whitelist_strings.clear(); | 853 whitelist_strings.clear(); |
| 751 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 854 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 752 EXPECT_THAT(whitelist_strings, ElementsAre()); | 855 EXPECT_THAT(whitelist_strings, ElementsAre()); |
| 753 } | 856 } |
| 754 } // namespace safe_browsing | 857 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10382113:
Add SafeBrowsing support for checking downloaded zip files that contain executables. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src