Chromium Code Reviews Chromium Code Reviews
Issue 8724014:
Only enable improved SafeBrowsing download protection on Windows. (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/download_protection_service.h" | 5 #include "chrome/browser/safe_browsing/download_protection_service.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 346 factory.SetFakeResponse( | 346 factory.SetFakeResponse( |
| 347 DownloadProtectionService::kDownloadRequestUrl, | 347 DownloadProtectionService::kDownloadRequestUrl, |
| 348 response.SerializeAsString(), | 348 response.SerializeAsString(), |
| 349 true); | 349 true); |
| 350 | 350 |
| 351 download_service_->CheckClientDownload( | 351 download_service_->CheckClientDownload( |
| 352 info, | 352 info, |
| 353 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 353 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 354 base::Unretained(this))); | 354 base::Unretained(this))); |
| 355 msg_loop_.Run(); | 355 msg_loop_.Run(); |
| 356 #if defined(OS_WIN) | |
| 356 ExpectResult(DownloadProtectionService::DANGEROUS); | 357 ExpectResult(DownloadProtectionService::DANGEROUS); |
| 358 #else | |
| 359 ExpectResult(DownloadProtectionService::SAFE); | |
| 360 #endif | |
| 357 } | 361 } |
| 358 | 362 |
| 359 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadValidateRequest) { | 363 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadValidateRequest) { |
| 360 TestURLFetcherFactory factory; | 364 TestURLFetcherFactory factory; |
| 361 | 365 |
| 362 DownloadProtectionService::DownloadInfo info; | 366 DownloadProtectionService::DownloadInfo info; |
| 363 info.local_file = FilePath(FILE_PATH_LITERAL("bla.tmp")); | 367 info.local_file = FilePath(FILE_PATH_LITERAL("bla.tmp")); |
| 364 info.target_file = FilePath(FILE_PATH_LITERAL("bla.exe")); | 368 info.target_file = FilePath(FILE_PATH_LITERAL("bla.exe")); |
| 365 info.download_url_chain.push_back(GURL("http://www.google.com/")); | 369 info.download_url_chain.push_back(GURL("http://www.google.com/")); |
| 366 info.download_url_chain.push_back(GURL("http://www.google.com/bla.exe")); | 370 info.download_url_chain.push_back(GURL("http://www.google.com/bla.exe")); |
| 367 info.referrer_url = GURL("http://www.google.com/"); | 371 info.referrer_url = GURL("http://www.google.com/"); |
| 368 info.sha256_hash = "hash"; | 372 info.sha256_hash = "hash"; |
| 369 info.total_bytes = 100; | 373 info.total_bytes = 100; |
| 370 info.user_initiated = false; | 374 info.user_initiated = false; |
| 371 | 375 |
| 372 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) | 376 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) |
| 373 .WillRepeatedly(Return(false)); | 377 .WillRepeatedly(Return(false)); |
| 374 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)) | 378 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)) |
| 375 .WillOnce(SetCertificateContents("dummy cert data")); | 379 .WillOnce(SetCertificateContents("dummy cert data")); |
| 380 #if !defined(OS_WIN) | |
| 381 // If we're not on windows we won't be sending any request but instead | |
| 382 // we'll be lookup up the download hash. | |
|
Brian Ryner
2011/11/30 21:45:28
typo: lookup up -> looking up
| |
| 383 EXPECT_CALL(*sb_service_, | |
| 384 CheckDownloadHash(info.sha256_hash, NotNull())) | |
| 385 .WillOnce(Return(true)); | |
| 386 #endif | |
| 376 | 387 |
| 377 download_service_->CheckClientDownload( | 388 download_service_->CheckClientDownload( |
| 378 info, | 389 info, |
| 379 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 390 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 380 base::Unretained(this))); | 391 base::Unretained(this))); |
| 381 // Run the message loop(s) until SendRequest is called. | 392 // Run the message loop(s) until SendRequest is called. |
| 382 FlushThreadMessageLoops(); | 393 FlushThreadMessageLoops(); |
| 383 | 394 |
| 384 TestURLFetcher* fetcher = factory.GetFetcherByID(0); | 395 TestURLFetcher* fetcher = factory.GetFetcherByID(0); |
| 396 #if !defined(OS_WIN) | |
| 397 EXPECT_EQ(NULL, fetcher); | |
| 398 #else | |
| 385 ASSERT_TRUE(fetcher); | 399 ASSERT_TRUE(fetcher); |
| 386 ClientDownloadRequest request; | 400 ClientDownloadRequest request; |
| 387 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data())); | 401 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data())); |
| 388 EXPECT_EQ("http://www.google.com/bla.exe", request.url()); | 402 EXPECT_EQ("http://www.google.com/bla.exe", request.url()); |
| 389 EXPECT_EQ(info.sha256_hash, request.digests().sha256()); | 403 EXPECT_EQ(info.sha256_hash, request.digests().sha256()); |
| 390 EXPECT_EQ(info.total_bytes, request.length()); | 404 EXPECT_EQ(info.total_bytes, request.length()); |
| 391 EXPECT_EQ(info.user_initiated, request.user_initiated()); | 405 EXPECT_EQ(info.user_initiated, request.user_initiated()); |
| 392 EXPECT_EQ(2, request.resources_size()); | 406 EXPECT_EQ(2, request.resources_size()); |
| 393 EXPECT_TRUE(RequestContainsResource(request, | 407 EXPECT_TRUE(RequestContainsResource(request, |
| 394 ClientDownloadRequest::DOWNLOAD_REDIRECT, | 408 ClientDownloadRequest::DOWNLOAD_REDIRECT, |
| 395 "http://www.google.com/", "")); | 409 "http://www.google.com/", "")); |
| 396 EXPECT_TRUE(RequestContainsResource(request, | 410 EXPECT_TRUE(RequestContainsResource(request, |
| 397 ClientDownloadRequest::DOWNLOAD_URL, | 411 ClientDownloadRequest::DOWNLOAD_URL, |
| 398 "http://www.google.com/bla.exe", | 412 "http://www.google.com/bla.exe", |
| 399 info.referrer_url.spec())); | 413 info.referrer_url.spec())); |
| 400 EXPECT_TRUE(request.has_signature()); | 414 EXPECT_TRUE(request.has_signature()); |
| 401 ASSERT_EQ(1, request.signature().certificate_chain_size()); | 415 ASSERT_EQ(1, request.signature().certificate_chain_size()); |
| 402 const ClientDownloadRequest_CertificateChain& chain = | 416 const ClientDownloadRequest_CertificateChain& chain = |
| 403 request.signature().certificate_chain(0); | 417 request.signature().certificate_chain(0); |
| 404 ASSERT_EQ(1, chain.element_size()); | 418 ASSERT_EQ(1, chain.element_size()); |
| 405 EXPECT_EQ("dummy cert data", chain.element(0).certificate()); | 419 EXPECT_EQ("dummy cert data", chain.element(0).certificate()); |
| 406 | 420 |
| 407 // Simulate the request finishing. | 421 // Simulate the request finishing. |
| 408 MessageLoop::current()->PostTask( | 422 MessageLoop::current()->PostTask( |
| 409 FROM_HERE, | 423 FROM_HERE, |
| 410 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete, | 424 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete, |
| 411 base::Unretained(this), fetcher)); | 425 base::Unretained(this), fetcher)); |
| 412 msg_loop_.Run(); | 426 msg_loop_.Run(); |
| 427 #endif | |
| 413 } | 428 } |
| 414 | 429 |
| 415 // Similar to above, but with an unsigned binary. | 430 // Similar to above, but with an unsigned binary. |
| 416 TEST_F(DownloadProtectionServiceTest, | 431 TEST_F(DownloadProtectionServiceTest, |
| 417 CheckClientDownloadValidateRequestNoSignature) { | 432 CheckClientDownloadValidateRequestNoSignature) { |
| 418 TestURLFetcherFactory factory; | 433 TestURLFetcherFactory factory; |
| 419 | 434 |
| 420 DownloadProtectionService::DownloadInfo info; | 435 DownloadProtectionService::DownloadInfo info; |
| 421 info.local_file = FilePath(FILE_PATH_LITERAL("bla.tmp")); | 436 info.local_file = FilePath(FILE_PATH_LITERAL("bla.tmp")); |
| 422 info.target_file = FilePath(FILE_PATH_LITERAL("bla.exe")); | 437 info.target_file = FilePath(FILE_PATH_LITERAL("bla.exe")); |
| 423 info.download_url_chain.push_back(GURL("http://www.google.com/")); | 438 info.download_url_chain.push_back(GURL("http://www.google.com/")); |
| 424 info.download_url_chain.push_back(GURL("ftp://www.google.com/bla.exe")); | 439 info.download_url_chain.push_back(GURL("ftp://www.google.com/bla.exe")); |
| 425 info.referrer_url = GURL("http://www.google.com/"); | 440 info.referrer_url = GURL("http://www.google.com/"); |
| 426 info.sha256_hash = "hash"; | 441 info.sha256_hash = "hash"; |
| 427 info.total_bytes = 100; | 442 info.total_bytes = 100; |
| 428 info.user_initiated = false; | 443 info.user_initiated = false; |
| 429 | 444 |
| 430 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) | 445 EXPECT_CALL(*sb_service_, MatchDownloadWhitelistUrl(_)) |
| 431 .WillRepeatedly(Return(false)); | 446 .WillRepeatedly(Return(false)); |
| 432 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)); | 447 EXPECT_CALL(*signature_util_, CheckSignature(info.local_file, _)); |
| 448 #if !defined(OS_WIN) | |
| 449 // If we're not on windows we won't be sending any request but instead | |
| 450 // we'll be lookup up the download hash. | |
|
Brian Ryner
2011/11/30 21:45:28
same here.
| |
| 451 EXPECT_CALL(*sb_service_, | |
| 452 CheckDownloadHash(info.sha256_hash, NotNull())) | |
| 453 .WillOnce(Return(true)); | |
| 454 #endif | |
| 433 | 455 |
| 434 download_service_->CheckClientDownload( | 456 download_service_->CheckClientDownload( |
| 435 info, | 457 info, |
| 436 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 458 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 437 base::Unretained(this))); | 459 base::Unretained(this))); |
| 438 // Run the message loop(s) until SendRequest is called. | 460 // Run the message loop(s) until SendRequest is called. |
| 439 FlushThreadMessageLoops(); | 461 FlushThreadMessageLoops(); |
| 440 | 462 |
| 441 TestURLFetcher* fetcher = factory.GetFetcherByID(0); | 463 TestURLFetcher* fetcher = factory.GetFetcherByID(0); |
| 464 #if !defined(OS_WIN) | |
| 465 EXPECT_EQ(NULL, fetcher); | |
| 466 #else | |
| 442 ASSERT_TRUE(fetcher); | 467 ASSERT_TRUE(fetcher); |
| 443 ClientDownloadRequest request; | 468 ClientDownloadRequest request; |
| 444 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data())); | 469 EXPECT_TRUE(request.ParseFromString(fetcher->upload_data())); |
| 445 EXPECT_EQ("ftp://www.google.com/bla.exe", request.url()); | 470 EXPECT_EQ("ftp://www.google.com/bla.exe", request.url()); |
| 446 EXPECT_EQ(info.sha256_hash, request.digests().sha256()); | 471 EXPECT_EQ(info.sha256_hash, request.digests().sha256()); |
| 447 EXPECT_EQ(info.total_bytes, request.length()); | 472 EXPECT_EQ(info.total_bytes, request.length()); |
| 448 EXPECT_EQ(info.user_initiated, request.user_initiated()); | 473 EXPECT_EQ(info.user_initiated, request.user_initiated()); |
| 449 EXPECT_EQ(2, request.resources_size()); | 474 EXPECT_EQ(2, request.resources_size()); |
| 450 EXPECT_TRUE(RequestContainsResource(request, | 475 EXPECT_TRUE(RequestContainsResource(request, |
| 451 ClientDownloadRequest::DOWNLOAD_REDIRECT, | 476 ClientDownloadRequest::DOWNLOAD_REDIRECT, |
| 452 "http://www.google.com/", "")); | 477 "http://www.google.com/", "")); |
| 453 EXPECT_TRUE(RequestContainsResource(request, | 478 EXPECT_TRUE(RequestContainsResource(request, |
| 454 ClientDownloadRequest::DOWNLOAD_URL, | 479 ClientDownloadRequest::DOWNLOAD_URL, |
| 455 "ftp://www.google.com/bla.exe", | 480 "ftp://www.google.com/bla.exe", |
| 456 info.referrer_url.spec())); | 481 info.referrer_url.spec())); |
| 457 EXPECT_TRUE(request.has_signature()); | 482 EXPECT_TRUE(request.has_signature()); |
| 458 EXPECT_EQ(0, request.signature().certificate_chain_size()); | 483 EXPECT_EQ(0, request.signature().certificate_chain_size()); |
| 459 | 484 |
| 460 // Simulate the request finishing. | 485 // Simulate the request finishing. |
| 461 MessageLoop::current()->PostTask( | 486 MessageLoop::current()->PostTask( |
| 462 FROM_HERE, | 487 FROM_HERE, |
| 463 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete, | 488 base::Bind(&DownloadProtectionServiceTest::SendURLFetchComplete, |
| 464 base::Unretained(this), fetcher)); | 489 base::Unretained(this), fetcher)); |
| 465 msg_loop_.Run(); | 490 msg_loop_.Run(); |
| 491 #endif | |
| 466 } | 492 } |
| 467 | 493 |
| 468 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadDigestList) { | 494 TEST_F(DownloadProtectionServiceTest, CheckClientDownloadDigestList) { |
| 469 DownloadProtectionService::DownloadInfo info; | 495 DownloadProtectionService::DownloadInfo info; |
| 470 info.local_file = FilePath(FILE_PATH_LITERAL("a.tmp")); | 496 info.local_file = FilePath(FILE_PATH_LITERAL("a.tmp")); |
| 471 info.target_file = FilePath(FILE_PATH_LITERAL("a.exe")); | 497 info.target_file = FilePath(FILE_PATH_LITERAL("a.exe")); |
| 472 | 498 |
| 473 // HTTPs URLs never result in a server ping for privacy reasons. However, | 499 // HTTPs URLs never result in a server ping for privacy reasons. However, |
| 474 // we do lookup the bad binary digest list. | 500 // we do lookup the bad binary digest list. |
| 475 info.download_url_chain.push_back(GURL("https://www.evil.com/a.exe")); | 501 info.download_url_chain.push_back(GURL("https://www.evil.com/a.exe")); |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 669 info, | 695 info, |
| 670 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 696 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 671 base::Unretained(this))); | 697 base::Unretained(this))); |
| 672 | 698 |
| 673 // The request should time out because the HTTP request hasn't returned | 699 // The request should time out because the HTTP request hasn't returned |
| 674 // anything yet. | 700 // anything yet. |
| 675 msg_loop_.Run(); | 701 msg_loop_.Run(); |
| 676 ExpectResult(DownloadProtectionService::SAFE); | 702 ExpectResult(DownloadProtectionService::SAFE); |
| 677 } | 703 } |
| 678 } // namespace safe_browsing | 704 } // namespace safe_browsing |
| OLD | NEW |
