Parse the whitelist expressions from the phishing verdict response if

chrome/browser/safe_browsing/client_side_detection_service_unittest.cc

Index: chrome/browser/safe_browsing/client_side_detection_service_unittest.cc
diff --git a/chrome/browser/safe_browsing/client_side_detection_service_unittest.cc b/chrome/browser/safe_browsing/client_side_detection_service_unittest.cc
index dcf2076c6e5def5700a288cf8c44074219a5e7e3..2576aae846a39ebe6b61e42655b0ce2964f64c28 100644
--- a/chrome/browser/safe_browsing/client_side_detection_service_unittest.cc
+++ b/chrome/browser/safe_browsing/client_side_detection_service_unittest.cc
@@ -351,14 +351,22 @@ TEST_F(ClientSideDetectionServiceTest, SendClientReportPhishingRequest) {
   GURL second_url("http://b.com/");
   response.set_phishy(false);
   SetClientReportPhishingResponse(response.SerializeAsString(),
-                                  false /* success*/);
+                                  false /* success */);
   EXPECT_FALSE(SendClientReportPhishingRequest(second_url, score));
 
+  // This is a false positive.
+  response.set_phishy(true);
+  response.add_whitelist_expression("c.com/a.html");
+  SetClientReportPhishingResponse(response.SerializeAsString(),
+                                  true /* success */);
+  GURL third_url("http://c.com/");
+  EXPECT_FALSE(SendClientReportPhishingRequest(third_url, score));
+
   base::Time after = base::Time::Now();
 
-  // Check that we have recorded all 3 requests within the correct time range.
+  // Check that we have recorded all 4 requests within the correct time range.
   std::queue<base::Time>& report_times = GetPhishingReportTimes();
-  EXPECT_EQ(3U, report_times.size());
+  EXPECT_EQ(4U, report_times.size());
   while (!report_times.empty()) {
     base::Time time = report_times.back();
     report_times.pop();
@@ -751,4 +759,36 @@ TEST_F(ClientSideDetectionServiceTest, SanitizeRequestForPingback) {
             sanitized_request.SerializeAsString());
 }
 
+TEST_F(ClientSideDetectionServiceTest, IsFalsePositiveResponse) {
+  GURL url("http://www.google.com/");
+  ClientPhishingResponse response;
+
+  // If the response is not phishing is should never be a false positive.
+  response.set_phishy(false);
+  response.add_whitelist_expression("www.google.com/");
+  EXPECT_FALSE(ClientSideDetectionService::IsFalsePositiveResponse(
+      url, response));
+
+  // If there are no entries in the whitelist it should always return false.
+  response.clear_whitelist_expression();
+  response.set_phishy(true);
+  EXPECT_FALSE(ClientSideDetectionService::IsFalsePositiveResponse(
+      url, response));
+
+  // If the URL doesn't match any whitelist entries it whould return false.
+  response.add_whitelist_expression("www.yahoo.com/");
+  EXPECT_FALSE(ClientSideDetectionService::IsFalsePositiveResponse(
+      url, response));
+
+  // If the URL matches the whitelist it should return true.
+  response.add_whitelist_expression("google.com/");
+  EXPECT_TRUE(ClientSideDetectionService::IsFalsePositiveResponse(
+      url, response));
+
+  // If an entry in the whitelist matches the URL it should return true.
+  response.clear_whitelist_expression();
+  response.add_whitelist_expression("www.google.com/a/b.html");
+  EXPECT_TRUE(ClientSideDetectionService::IsFalsePositiveResponse(
+      url, response));

[mattm, 2011/08/30 02:23:09]

The whitelist matching against the URL seems a bit weird, but maybe I'm not
seeing the use case.

[noelutz, 2011/08/30 16:45:12]

This whitelist works in two ways.  I.e., if we 'classify' http://www.a.com/b/ as
phishing then we want to be able to whitelist it either by adding a.com/ to the
whitelist or a more specific expression www.a.com/b/index.html.

+}
 }  // namespace safe_browsing