Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Side by Side Diff: chrome/browser/safe_browsing/download_protection_service_unittest.cc

Issue 8459001: Extract the certificate to use in the download protection pingback. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Address Noe and Matt's comments Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/safe_browsing/download_protection_service.h" 5 #include "chrome/browser/safe_browsing/download_protection_service.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/callback.h" 11 #include "base/callback.h"
12 #include "base/file_path.h" 12 #include "base/file_path.h"
13 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
15 #include "base/message_loop.h" 15 #include "base/message_loop.h"
16 #include "chrome/browser/safe_browsing/safe_browsing_service.h" 16 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
17 #include "chrome/browser/safe_browsing/signature_util.h"
17 #include "chrome/common/safe_browsing/csd.pb.h" 18 #include "chrome/common/safe_browsing/csd.pb.h"
18 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
19 #include "content/browser/download/download_item.h" 19 #include "content/browser/download/download_item.h"
20 #include "content/public/common/url_fetcher_delegate.h" 20 #include "content/public/common/url_fetcher_delegate.h"
21 #include "content/test/test_browser_thread.h" 21 #include "content/test/test_browser_thread.h"
22 #include "content/test/test_url_fetcher_factory.h" 22 #include "content/test/test_url_fetcher_factory.h"
23 #include "googleurl/src/gurl.h" 23 #include "googleurl/src/gurl.h"
24 #include "testing/gmock/include/gmock/gmock.h" 24 #include "testing/gmock/include/gmock/gmock.h"
25 #include "testing/gtest/include/gtest/gtest.h" 25 #include "testing/gtest/include/gtest/gtest.h"
26 26
27 using ::testing::Return; 27 using ::testing::Return;
28 using ::testing::_; 28 using ::testing::_;
29 using content::BrowserThread; 29 using content::BrowserThread;
30 30
31 namespace safe_browsing { 31 namespace safe_browsing {
32 namespace { 32 namespace {
33 class MockSafeBrowsingService : public SafeBrowsingService { 33 class MockSafeBrowsingService : public SafeBrowsingService {
34 public: 34 public:
35 MockSafeBrowsingService() {} 35 MockSafeBrowsingService() {}
36 virtual ~MockSafeBrowsingService() {} 36 virtual ~MockSafeBrowsingService() {}
37 37
38 MOCK_METHOD1(MatchDownloadWhitelistUrl, bool(const GURL&)); 38 MOCK_METHOD1(MatchDownloadWhitelistUrl, bool(const GURL&));
39 39
40 private: 40 private:
41 DISALLOW_COPY_AND_ASSIGN(MockSafeBrowsingService); 41 DISALLOW_COPY_AND_ASSIGN(MockSafeBrowsingService);
42 }; 42 };
43
44 class MockSignatureUtil : public SignatureUtil {
45 public:
46 MockSignatureUtil() {}
47
48 MOCK_METHOD2(CheckSignature,
49 void(const FilePath&, ClientDownloadRequest_SignatureInfo*));
50
51 private:
52 virtual ~MockSignatureUtil() {}
53 DISALLOW_COPY_AND_ASSIGN(MockSignatureUtil);
54 };
43 } // namespace 55 } // namespace
44 56
57 ACTION_P(SetCertificateContents, contents) {
58 arg1->set_certificate_contents(contents);
59 }
60
45 class DownloadProtectionServiceTest : public testing::Test { 61 class DownloadProtectionServiceTest : public testing::Test {
46 protected: 62 protected:
47 virtual void SetUp() { 63 virtual void SetUp() {
48 ui_thread_.reset(new content::TestBrowserThread(BrowserThread::UI, 64 ui_thread_.reset(new content::TestBrowserThread(BrowserThread::UI,
49 &msg_loop_)); 65 &msg_loop_));
50 // Start real threads for the IO and File threads so that the DCHECKs 66 // Start real threads for the IO and File threads so that the DCHECKs
51 // to test that we're on the correct thread work. 67 // to test that we're on the correct thread work.
52 io_thread_.reset(new content::TestBrowserThread(BrowserThread::IO)); 68 io_thread_.reset(new content::TestBrowserThread(BrowserThread::IO));
53 ASSERT_TRUE(io_thread_->Start()); 69 ASSERT_TRUE(io_thread_->Start());
54 file_thread_.reset(new content::TestBrowserThread(BrowserThread::FILE)); 70 file_thread_.reset(new content::TestBrowserThread(BrowserThread::FILE));
55 ASSERT_TRUE(file_thread_->Start()); 71 ASSERT_TRUE(file_thread_->Start());
56 sb_service_ = new MockSafeBrowsingService(); 72 sb_service_ = new MockSafeBrowsingService();
73 signature_util_ = new MockSignatureUtil();
57 download_service_ = sb_service_->download_protection_service(); 74 download_service_ = sb_service_->download_protection_service();
75 download_service_->signature_util_ = signature_util_;
58 download_service_->SetEnabled(true); 76 download_service_->SetEnabled(true);
59 msg_loop_.RunAllPending(); 77 msg_loop_.RunAllPending();
60 } 78 }
61 79
62 virtual void TearDown() { 80 virtual void TearDown() {
63 // Flush all of the thread message loops to ensure that there are no 81 // Flush all of the thread message loops to ensure that there are no
64 // tasks currently running. 82 // tasks currently running.
65 FlushThreadMessageLoops(); 83 FlushThreadMessageLoops();
66 sb_service_ = NULL; 84 sb_service_ = NULL;
67 io_thread_.reset(); 85 io_thread_.reset();
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 result_ = result; 146 result_ = result;
129 msg_loop_.Quit(); 147 msg_loop_.Quit();
130 } 148 }
131 149
132 void SendURLFetchComplete(TestURLFetcher* fetcher) { 150 void SendURLFetchComplete(TestURLFetcher* fetcher) {
133 fetcher->delegate()->OnURLFetchComplete(fetcher); 151 fetcher->delegate()->OnURLFetchComplete(fetcher);
134 } 152 }
135 153
136 protected: 154 protected:
137 scoped_refptr<MockSafeBrowsingService> sb_service_; 155 scoped_refptr<MockSafeBrowsingService> sb_service_;
156 scoped_refptr<MockSignatureUtil> signature_util_;
138 DownloadProtectionService* download_service_; 157 DownloadProtectionService* download_service_;
139 MessageLoop msg_loop_; 158 MessageLoop msg_loop_;
140 DownloadProtectionService::DownloadCheckResult result_; 159 DownloadProtectionService::DownloadCheckResult result_;
141 scoped_ptr<content::TestBrowserThread> io_thread_; 160 scoped_ptr<content::TestBrowserThread> io_thread_;
142 scoped_ptr<content::TestBrowserThread> file_thread_; 161 scoped_ptr<content::TestBrowserThread> file_thread_;
143 scoped_ptr<content::TestBrowserThread> ui_thread_; 162 scoped_ptr<content::TestBrowserThread> ui_thread_;
144 }; 163 };
145 164
146 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadInvalidUrl) { 165 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadInvalidUrl) {
147 DownloadProtectionService::DownloadInfo info; 166 DownloadProtectionService::DownloadInfo info;
(...skipping 28 matching lines...) Expand all
176 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe")); 195 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe"));
177 info.download_url_chain.push_back(GURL("http://www.evil.com/bla.exe")); 196 info.download_url_chain.push_back(GURL("http://www.evil.com/bla.exe"));
178 info.download_url_chain.push_back(GURL("http://www.google.com/a.exe")); 197 info.download_url_chain.push_back(GURL("http://www.google.com/a.exe"));
179 info.referrer_url = GURL("http://www.google.com/"); 198 info.referrer_url = GURL("http://www.google.com/");
180 199
181 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) 200 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
182 .WillRepeatedly(Return(false)); 201 .WillRepeatedly(Return(false));
183 EXPECT_CALL(*sb_service_, 202 EXPECT_CALL(*sb_service_,
184 MatchDownloadWhitelistUrl(GURL("http://www.google.com/a.exe"))) 203 MatchDownloadWhitelistUrl(GURL("http://www.google.com/a.exe")))
185 .WillRepeatedly(Return(true)); 204 .WillRepeatedly(Return(true));
205 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)).Times(2);
186 206
187 download_service_->CheckClientDownload( 207 download_service_->CheckClientDownload(
188 info, 208 info,
189 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, 209 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
190 base::Unretained(this))); 210 base::Unretained(this)));
191 msg_loop_.Run(); 211 msg_loop_.Run();
192 EXPECT_EQ(DownloadProtectionService::SAFE, result_); 212 EXPECT_EQ(DownloadProtectionService::SAFE, result_);
193 213
194 // Check that the referrer is matched against the whitelist. 214 // Check that the referrer is matched against the whitelist.
195 info.download_url_chain.pop_back(); 215 info.download_url_chain.pop_back();
196 info.referrer_url = GURL("http://www.google.com/a.exe"); 216 info.referrer_url = GURL("http://www.google.com/a.exe");
197 download_service_->CheckClientDownload( 217 download_service_->CheckClientDownload(
198 info, 218 info,
199 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, 219 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
200 base::Unretained(this))); 220 base::Unretained(this)));
201 msg_loop_.Run(); 221 msg_loop_.Run();
202 EXPECT_EQ(DownloadProtectionService::SAFE, result_); 222 EXPECT_EQ(DownloadProtectionService::SAFE, result_);
203 } 223 }
204 224
205 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadFetchFailed) { 225 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadFetchFailed) {
206 FakeURLFetcherFactory factory; 226 FakeURLFetcherFactory factory;
207 // HTTP request will fail. 227 // HTTP request will fail.
208 factory.SetFakeResponse( 228 factory.SetFakeResponse(
209 DownloadProtectionService::kDownloadRequestUrl, "", false); 229 DownloadProtectionService::kDownloadRequestUrl, "", false);
210 230
211 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
212 .WillRepeatedly(Return(false));
213
214 DownloadProtectionService::DownloadInfo info; 231 DownloadProtectionService::DownloadInfo info;
215 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe")); 232 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe"));
216 info.download_url_chain.push_back(GURL("http://www.evil.com/a.exe")); 233 info.download_url_chain.push_back(GURL("http://www.evil.com/a.exe"));
217 info.referrer_url = GURL("http://www.google.com/"); 234 info.referrer_url = GURL("http://www.google.com/");
235
236 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
237 .WillRepeatedly(Return(false));
238 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _));
239
218 download_service_->CheckClientDownload( 240 download_service_->CheckClientDownload(
219 info, 241 info,
220 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, 242 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
221 base::Unretained(this))); 243 base::Unretained(this)));
222 msg_loop_.Run(); 244 msg_loop_.Run();
223 EXPECT_EQ(DownloadProtectionService::SAFE, result_); 245 EXPECT_EQ(DownloadProtectionService::SAFE, result_);
224 } 246 }
225 247
226 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadSuccess) { 248 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadSuccess) {
227 ClientDownloadResponse response; 249 ClientDownloadResponse response;
228 response.set_verdict(ClientDownloadResponse::SAFE); 250 response.set_verdict(ClientDownloadResponse::SAFE);
229 FakeURLFetcherFactory factory; 251 FakeURLFetcherFactory factory;
230 // Empty response means SAFE. 252 // Empty response means SAFE.
231 factory.SetFakeResponse( 253 factory.SetFakeResponse(
232 DownloadProtectionService::kDownloadRequestUrl, 254 DownloadProtectionService::kDownloadRequestUrl,
233 response.SerializeAsString(), 255 response.SerializeAsString(),
234 true); 256 true);
235 257
236 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
237 .WillRepeatedly(Return(false));
238
239 DownloadProtectionService::DownloadInfo info; 258 DownloadProtectionService::DownloadInfo info;
240 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe")); 259 info.local_file = FilePath(FILE_PATH_LITERAL("a.exe"));
241 info.download_url_chain.push_back(GURL("http://www.evil.com/a.exe")); 260 info.download_url_chain.push_back(GURL("http://www.evil.com/a.exe"));
242 info.referrer_url = GURL("http://www.google.com/"); 261 info.referrer_url = GURL("http://www.google.com/");
262
263 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
264 .WillRepeatedly(Return(false));
265 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)).Times(3);
266
243 download_service_->CheckClientDownload( 267 download_service_->CheckClientDownload(
244 info, 268 info,
245 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, 269 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
246 base::Unretained(this))); 270 base::Unretained(this)));
247 msg_loop_.Run(); 271 msg_loop_.Run();
248 EXPECT_EQ(DownloadProtectionService::SAFE, result_); 272 EXPECT_EQ(DownloadProtectionService::SAFE, result_);
249 273
250 // Invalid response should be safe too. 274 // Invalid response should be safe too.
251 response.Clear(); 275 response.Clear();
252 factory.SetFakeResponse( 276 factory.SetFakeResponse(
(...skipping 30 matching lines...) Expand all
283 info.local_file = FilePath(FILE_PATH_LITERAL("bla.exe")); 307 info.local_file = FilePath(FILE_PATH_LITERAL("bla.exe"));
284 info.download_url_chain.push_back(GURL("http://www.google.com/")); 308 info.download_url_chain.push_back(GURL("http://www.google.com/"));
285 info.download_url_chain.push_back(GURL("http://www.google.com/bla.exe")); 309 info.download_url_chain.push_back(GURL("http://www.google.com/bla.exe"));
286 info.referrer_url = GURL("http://www.google.com/"); 310 info.referrer_url = GURL("http://www.google.com/");
287 info.sha256_hash = "hash"; 311 info.sha256_hash = "hash";
288 info.total_bytes = 100; 312 info.total_bytes = 100;
289 info.user_initiated = false; 313 info.user_initiated = false;
290 314
291 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) 315 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
292 .WillRepeatedly(Return(false)); 316 .WillRepeatedly(Return(false));
317 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _))
318 .WillOnce(SetCertificateContents("dummy cert data"));
319
293 download_service_->CheckClientDownload( 320 download_service_->CheckClientDownload(
294 info, 321 info,
295 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, 322 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
296 base::Unretained(this))); 323 base::Unretained(this)));
297 // Run the message loop(s) until SendRequest is called. 324 // Run the message loop(s) until SendRequest is called.
298 FlushThreadMessageLoops(); 325 FlushThreadMessageLoops();
299 326
300 TestURLFetcher* fetcher = factory.GetFetcherByID(0); 327 TestURLFetcher* fetcher = factory.GetFetcherByID(0);
301 ASSERT_TRUE(fetcher); 328 ASSERT_TRUE(fetcher);
302 ClientDownloadRequest request; 329 ClientDownloadRequest request;
303 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data())); 330 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data()));
304 EXPECT_EQ("http://www.google.com/bla.exe", request.url()); 331 EXPECT_EQ("http://www.google.com/bla.exe", request.url());
305 EXPECT_EQ(info.sha256_hash, request.digests().sha256()); 332 EXPECT_EQ(info.sha256_hash, request.digests().sha256());
306 EXPECT_EQ(info.total_bytes, request.length()); 333 EXPECT_EQ(info.total_bytes, request.length());
307 EXPECT_EQ(info.user_initiated, request.user_initiated()); 334 EXPECT_EQ(info.user_initiated, request.user_initiated());
308 EXPECT_EQ(2, request.resources_size()); 335 EXPECT_EQ(2, request.resources_size());
309 EXPECT_TRUE(RequestContainsResource(request, 336 EXPECT_TRUE(RequestContainsResource(request,
310 ClientDownloadRequest::DOWNLOAD_REDIRECT, 337 ClientDownloadRequest::DOWNLOAD_REDIRECT,
311 "http://www.google.com/", "")); 338 "http://www.google.com/", ""));
312 EXPECT_TRUE(RequestContainsResource(request, 339 EXPECT_TRUE(RequestContainsResource(request,
313 ClientDownloadRequest::DOWNLOAD_URL, 340 ClientDownloadRequest::DOWNLOAD_URL,
314 "http://www.google.com/bla.exe", 341 "http://www.google.com/bla.exe",
315 info.referrer_url.spec())); 342 info.referrer_url.spec()));
343 EXPECT_TRUE(request.has_signature());
344 EXPECT_TRUE(request.signature().has_certificate_contents());
345 EXPECT_EQ("dummy cert data", request.signature().certificate_contents());
316 346
317 // Simulate the request finishing. 347 // Simulate the request finishing.
318 MessageLoop::current()->PostTask( 348 MessageLoop::current()->PostTask(
319 FROM_HERE, 349 FROM_HERE,
320 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete, 350 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete,
321 base::Unretained(this), fetcher)); 351 base::Unretained(this), fetcher));
322 msg_loop_.Run(); 352 msg_loop_.Run();
323 } 353 }
354
355 // Similar to above, but with an unsigned binary.
356 TEST_F(DownloadProtectionServiceTest,
357 CheckClientDownloadValidateRequestNoSignature) {
358 TestURLFetcherFactory factory;
359
360 DownloadProtectionService::DownloadInfo info;
361 info.local_file = FilePath(FILE_PATH_LITERAL("bla.exe"));
362 info.download_url_chain.push_back(GURL("http://www.google.com/"));
363 info.download_url_chain.push_back(GURL("http://www.google.com/bla.exe"));
364 info.referrer_url = GURL("http://www.google.com/");
365 info.sha256_hash = "hash";
366 info.total_bytes = 100;
367 info.user_initiated = false;
368
369 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_))
370 .WillRepeatedly(Return(false));
371 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _));
372
373 download_service_->CheckClientDownload(
374 info,
375 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
376 base::Unretained(this)));
377 // Run the message loop(s) until SendRequest is called.
378 FlushThreadMessageLoops();
379
380 TestURLFetcher* fetcher = factory.GetFetcherByID(0);
381 ASSERT_TRUE(fetcher);
382 ClientDownloadRequest request;
383 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data()));
384 EXPECT_EQ("http://www.google.com/bla.exe", request.url());
385 EXPECT_EQ(info.sha256_hash, request.digests().sha256());
386 EXPECT_EQ(info.total_bytes, request.length());
387 EXPECT_EQ(info.user_initiated, request.user_initiated());
388 EXPECT_EQ(2, request.resources_size());
389 EXPECT_TRUE(RequestContainsResource(request,
390 ClientDownloadRequest::DOWNLOAD_REDIRECT,
391 "http://www.google.com/", ""));
392 EXPECT_TRUE(RequestContainsResource(request,
393 ClientDownloadRequest::DOWNLOAD_URL,
394 "http://www.google.com/bla.exe",
395 info.referrer_url.spec()));
396 EXPECT_TRUE(request.has_signature());
397 EXPECT_FALSE(request.signature().has_certificate_contents());
398
399 // Simulate the request finishing.
400 MessageLoop::current()->PostTask(
401 FROM_HERE,
402 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete,
403 base::Unretained(this), fetcher));
404 msg_loop_.Run();
405 }
324 } // namespace safe_browsing 406 } // namespace safe_browsing
OLDNEW
« no previous file with comments | « chrome/browser/safe_browsing/download_protection_service.cc ('k') | chrome/browser/safe_browsing/signature_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698