WIP: URL blacklisting by policy.

chrome/browser/policy/url_blacklist_manager_unittest.cc

Index: chrome/browser/policy/url_blacklist_manager_unittest.cc
diff --git a/chrome/browser/policy/url_blacklist_manager_unittest.cc b/chrome/browser/policy/url_blacklist_manager_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..b1201dfe56017aef51ae7549eb26924d2ffc6716
--- /dev/null
+++ b/chrome/browser/policy/url_blacklist_manager_unittest.cc
@@ -0,0 +1,382 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/url_blacklist_manager.h"
+
+#include "base/basictypes.h"
+#include "base/message_loop.h"
+#include "chrome/common/pref_names.h"
+#include "chrome/test/base/testing_pref_service.h"
+#include "chrome/test/base/testing_profile.h"
+#include "content/browser/browser_thread.h"
+#include "content/common/notification_service.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace policy {
+
+namespace {
+
+using ::testing::_;
+using ::testing::Invoke;
+using ::testing::Mock;
+
+class TestingURLBlacklistManager : public URLBlacklistManager {
+ public:
+  explicit TestingURLBlacklistManager(Profile* profile)
+      : URLBlacklistManager(profile) {
+  }
+
+  virtual ~TestingURLBlacklistManager() {
+  }
+
+  // Make this method public for testing.
+  using URLBlacklistManager::ScheduleUpdate;
+
+  virtual void PostUpdateTask(Task* task) OVERRIDE {
+    // Post tasks without a delay during tests.
+    MessageLoop::current()->PostTask(FROM_HERE, task);
+  }
+
+  MOCK_METHOD0(Update, void());
+  MOCK_METHOD1(SetBlacklist, void(Blacklist*));
+
+  void UpdateNotMocked() {
+    URLBlacklistManager::Update();
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(TestingURLBlacklistManager);
+};
+
+class URLBlacklistManagerTest : public testing::Test {
+ protected:
+  URLBlacklistManagerTest()
+      : ui_thread_(BrowserThread::UI, &loop_),
+        file_thread_(BrowserThread::FILE, &loop_),
+        io_thread_(BrowserThread::IO, &loop_) {
+  }
+
+  virtual void SetUp() OVERRIDE {
+    pref_service_ = profile_.GetTestingPrefService();
+    url_blacklist_manager_.reset(new TestingURLBlacklistManager(&profile_));
+    url_blacklist_manager_->InitializeOnIOThread();
+    loop_.RunAllPending();
+  }
+
+  virtual void TearDown() OVERRIDE {
+    if (url_blacklist_manager_.get())
+      url_blacklist_manager_->ShutdownOnUIThread();
+    loop_.RunAllPending();
+  }
+
+  void ExpectUpdate() {
+    EXPECT_CALL(*url_blacklist_manager_, Update())
+        .WillOnce(Invoke(url_blacklist_manager_.get(),
+                         &TestingURLBlacklistManager::UpdateNotMocked));
+  }
+
+  MessageLoop loop_;
+  TestingProfile profile_;
+  TestingPrefService* pref_service_;
+  scoped_ptr<TestingURLBlacklistManager> url_blacklist_manager_;
+
+ private:
+  BrowserThread ui_thread_;
+  BrowserThread file_thread_;
+  BrowserThread io_thread_;
+
+  DISALLOW_COPY_AND_ASSIGN(URLBlacklistManagerTest);
+};
+
+TEST_F(URLBlacklistManagerTest, SingleUpdateForTwoPrefChanges) {
+  ExpectUpdate();
+
+  ListValue* blacklist = new ListValue;
+  blacklist->Append(new StringValue("*.google.com"));
+  ListValue* whitelist = new ListValue;
+  whitelist->Append(new StringValue("mail.google.com"));
+  pref_service_->SetManagedPref(prefs::kUrlBlacklist, blacklist);
+  pref_service_->SetManagedPref(prefs::kUrlBlacklist, whitelist);
+  loop_.RunAllPending();
+
+  Mock::VerifyAndClearExpectations(url_blacklist_manager_.get());
+}
+
+TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask0) {
+  // Post an update task to the UI thread.
+  url_blacklist_manager_->ScheduleUpdate();
+  // Shutdown comes before the task is executed.
+  url_blacklist_manager_->ShutdownOnUIThread();
+  url_blacklist_manager_.reset();
+  // Run the task after shutdown and deletion.
+  loop_.RunAllPending();
+}
+
+TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask1) {
+  EXPECT_CALL(*url_blacklist_manager_, Update()).Times(0);
+  // Post an update task.
+  url_blacklist_manager_->ScheduleUpdate();
+  // Shutdown comes before the task is executed.
+  url_blacklist_manager_->ShutdownOnUIThread();
+  // Run the task after shutdown, but before deletion.
+  loop_.RunAllPending();
+  Mock::VerifyAndClearExpectations(url_blacklist_manager_.get());
+  url_blacklist_manager_.reset();
+  loop_.RunAllPending();
+}
+
+TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask2) {
+  // Update posts a BuildBlacklistTask to the FILE thread.
+  url_blacklist_manager_->UpdateNotMocked();
+  // Shutdown comes before the task is executed.
+  url_blacklist_manager_->ShutdownOnUIThread();
+  url_blacklist_manager_.reset();
+  // Run the task after shutdown and deletion.
+  loop_.RunAllPending();
+}
+
+TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask3) {
+  EXPECT_CALL(*url_blacklist_manager_, SetBlacklist(_)).Times(0);
+  // Update posts a BuildBlacklistTask to the FILE thread.
+  url_blacklist_manager_->UpdateNotMocked();
+  // Shutdown comes before the task is executed.
+  url_blacklist_manager_->ShutdownOnUIThread();
+  // Run the task after shutdown, but before deletion.
+  loop_.RunAllPending();
+  Mock::VerifyAndClearExpectations(url_blacklist_manager_.get());
+  url_blacklist_manager_.reset();
+  loop_.RunAllPending();
+}
+
+TEST_F(URLBlacklistManagerTest, SchemeToFlag) {
+  Blacklist::SchemeFlag flag;
+  EXPECT_TRUE(Blacklist::SchemeToFlag("http", &flag));
+  EXPECT_EQ(Blacklist::SCHEME_HTTP, flag);
+  EXPECT_TRUE(Blacklist::SchemeToFlag("https", &flag));
+  EXPECT_EQ(Blacklist::SCHEME_HTTPS, flag);
+  EXPECT_TRUE(Blacklist::SchemeToFlag("ftp", &flag));
+  EXPECT_EQ(Blacklist::SCHEME_FTP, flag);
+  EXPECT_TRUE(Blacklist::SchemeToFlag("", &flag));
+  EXPECT_EQ(Blacklist::SCHEME_ALL, flag);
+  EXPECT_FALSE(Blacklist::SchemeToFlag("wtf", &flag));
+}
+
+TEST_F(URLBlacklistManagerTest, FilterToComponents) {
+  std::string scheme;
+  std::string host;
+  uint16 port;
+  std::string path;
+
+  Blacklist::FilterToComponents("google.com", &scheme, &host, &port, &path);
+  EXPECT_EQ("", scheme);
+  EXPECT_EQ("google.com", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents(
+      "http://google.com", &scheme, &host, &port, &path);
+  EXPECT_EQ("http", scheme);
+  EXPECT_EQ("google.com", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents("google.com/", &scheme, &host, &port, &path);
+  EXPECT_EQ("", scheme);
+  EXPECT_EQ("google.com", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("/", path);
+
+  Blacklist::FilterToComponents(
+      "http://google.com:8080/whatever", &scheme, &host, &port, &path);
+  EXPECT_EQ("http", scheme);
+  EXPECT_EQ("google.com", host);
+  EXPECT_EQ(8080u, port);
+  EXPECT_EQ("/whatever", path);
+
+  Blacklist::FilterToComponents(
+      "http://user:pass@google.com:8080/whatever",
+      &scheme, &host, &port, &path);
+  EXPECT_EQ("http", scheme);
+  EXPECT_EQ("google.com", host);
+  EXPECT_EQ(8080u, port);
+  EXPECT_EQ("/whatever", path);
+
+  Blacklist::FilterToComponents(
+      "123.123.123.123", &scheme, &host, &port, &path);
+  EXPECT_EQ("", scheme);
+  EXPECT_EQ("123.123.123.123", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents(
+      "https://123.123.123.123", &scheme, &host, &port, &path);
+  EXPECT_EQ("https", scheme);
+  EXPECT_EQ("123.123.123.123", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents(
+      "123.123.123.123/", &scheme, &host, &port, &path);
+  EXPECT_EQ("", scheme);
+  EXPECT_EQ("123.123.123.123", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("/", path);
+
+  Blacklist::FilterToComponents(
+      "http://123.123.123.123:123/whatever", &scheme, &host, &port, &path);
+  EXPECT_EQ("http", scheme);
+  EXPECT_EQ("123.123.123.123", host);
+  EXPECT_EQ(123u, port);
+  EXPECT_EQ("/whatever", path);
+
+  Blacklist::FilterToComponents("*", &scheme, &host, &port, &path);
+  EXPECT_EQ("", scheme);
+  EXPECT_EQ("", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents("ftp://*", &scheme, &host, &port, &path);
+  EXPECT_EQ("ftp", scheme);
+  EXPECT_EQ("", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("", path);
+
+  Blacklist::FilterToComponents(
+      "http://*/whatever", &scheme, &host, &port, &path);
+  EXPECT_EQ("http", scheme);
+  EXPECT_EQ("", host);
+  EXPECT_EQ(0u, port);
+  EXPECT_EQ("/whatever", path);
+}
+
+TEST_F(URLBlacklistManagerTest, Filtering) {
+  Blacklist blacklist;
+
+  // Block domain and all subdomains, for any filtered scheme.
+  blacklist.Block("google.com");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/whatever")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("bogus://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.mail.google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://x.mail.google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
+
+  // Filter only http and ftp schemes.
+  blacklist.Block("http://secure.com");
+  blacklist.Block("ftp://secure.com");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
+
+  // Filter only a certain path prefix.
+  blacklist.Block("path.to/ruin");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://path.to/ruin")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruins")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin/signup")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.path.to/ruin")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://path.to/fortune")));
+
+  // Filter only a certain path prefix and scheme.
+  blacklist.Block("https://s.aaa.com/path");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path/bbb")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.aaa.com/path")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://aaa.com/path")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://x.aaa.com/path")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
+
+  // Test exceptions to path prefixes, and most specific matches.
+  blacklist.Block("s.xxx.com/a");
+  blacklist.Allow("s.xxx.com/a/b");
+  blacklist.Block("https://s.xxx.com/a/b/c");
+  blacklist.Allow("https://s.xxx.com/a/b/c/d");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/x")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/x")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/x")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/x")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d/x")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d/x")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a/b")));
+
+  // Block an ip address.
+  blacklist.Block("123.123.123.123");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://123.123.123.123/")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://123.123.123.124/")));
+
+  // Open an exception.
+  blacklist.Allow("plus.google.com");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com/")));
+
+  // Open an exception only when using https for mail.
+  blacklist.Allow("https://mail.google.com");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://www.google.com/")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com/")));
+
+  // Match exactly "google.com", only for http. Subdomains without exceptions
+  // are still blocked.
+  blacklist.Allow("http://.google.com");
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
+
+  // A smaller path match in an exact host overrides a longer path for hosts
+  // that also match subdomains.
+  blacklist.Block("yyy.com/aaa");
+  blacklist.Allow(".yyy.com/a");
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa2")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.yyy.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa2")));
+}
+
+TEST_F(URLBlacklistManagerTest, BlockAllWithExceptions) {
+  Blacklist blacklist;
+
+  blacklist.Block("*");
+  blacklist.Allow(".www.google.com");
+  blacklist.Allow("plus.google.com");
+  blacklist.Allow("https://mail.google.com");
+  blacklist.Allow("https://very.safe/path");
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://random.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.www.google.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.plus.google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.mail.google.com")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://very.safe/")));
+  EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://very.safe/path")));
+  EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://very.safe/path")));
+}
+
+}  // namespace
+
+}  // namespace policy