| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/safe_browsing/binary_feature_extractor.h" | |
| 6 | |
| 7 #include <string> | |
| 8 #include <vector> | |
| 9 | |
| 10 #include "base/base_paths.h" | |
| 11 #include "base/files/file_path.h" | |
| 12 #include "base/memory/ref_counted.h" | |
| 13 #include "base/path_service.h" | |
| 14 #include "chrome/common/chrome_paths.h" | |
| 15 #include "chrome/common/safe_browsing/csd.pb.h" | |
| 16 #include "net/cert/x509_cert_types.h" | |
| 17 #include "net/cert/x509_certificate.h" | |
| 18 #include "testing/gtest/include/gtest/gtest.h" | |
| 19 | |
| 20 namespace safe_browsing { | |
| 21 | |
| 22 class BinaryFeatureExtractorWinTest : public testing::Test { | |
| 23 protected: | |
| 24 virtual void SetUp() override { | |
| 25 base::FilePath source_path; | |
| 26 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &source_path)); | |
| 27 testdata_path_ = source_path | |
| 28 .AppendASCII("safe_browsing") | |
| 29 .AppendASCII("download_protection"); | |
| 30 | |
| 31 binary_feature_extractor_ = new BinaryFeatureExtractor(); | |
| 32 } | |
| 33 | |
| 34 // Given a certificate chain protobuf, parse it into X509Certificates. | |
| 35 void ParseCertificateChain( | |
| 36 const ClientDownloadRequest_CertificateChain& chain, | |
| 37 std::vector<scoped_refptr<net::X509Certificate> >* certs) { | |
| 38 for (int i = 0; i < chain.element_size(); ++i) { | |
| 39 certs->push_back( | |
| 40 net::X509Certificate::CreateFromBytes( | |
| 41 chain.element(i).certificate().data(), | |
| 42 chain.element(i).certificate().size())); | |
| 43 } | |
| 44 } | |
| 45 | |
| 46 base::FilePath testdata_path_; | |
| 47 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_; | |
| 48 }; | |
| 49 | |
| 50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) { | |
| 51 // signed.exe is signed by an untrusted root CA. | |
| 52 ClientDownloadRequest_SignatureInfo signature_info; | |
| 53 binary_feature_extractor_->CheckSignature( | |
| 54 testdata_path_.Append(L"signed.exe"), | |
| 55 &signature_info); | |
| 56 ASSERT_EQ(1, signature_info.certificate_chain_size()); | |
| 57 std::vector<scoped_refptr<net::X509Certificate> > certs; | |
| 58 ParseCertificateChain(signature_info.certificate_chain(0), &certs); | |
| 59 ASSERT_EQ(2, certs.size()); | |
| 60 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name); | |
| 61 EXPECT_EQ("Root Agency", certs[1]->subject().common_name); | |
| 62 | |
| 63 EXPECT_TRUE(signature_info.has_trusted()); | |
| 64 EXPECT_FALSE(signature_info.trusted()); | |
| 65 } | |
| 66 | |
| 67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) { | |
| 68 // wow_helper.exe is signed using Google's signing certifiacte. | |
| 69 ClientDownloadRequest_SignatureInfo signature_info; | |
| 70 binary_feature_extractor_->CheckSignature( | |
| 71 testdata_path_.Append(L"wow_helper.exe"), | |
| 72 &signature_info); | |
| 73 ASSERT_EQ(1, signature_info.certificate_chain_size()); | |
| 74 std::vector<scoped_refptr<net::X509Certificate> > certs; | |
| 75 ParseCertificateChain(signature_info.certificate_chain(0), &certs); | |
| 76 ASSERT_EQ(3, certs.size()); | |
| 77 | |
| 78 EXPECT_EQ("Google Inc", certs[0]->subject().common_name); | |
| 79 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA", | |
| 80 certs[1]->subject().common_name); | |
| 81 EXPECT_EQ("Class 3 Public Primary Certification Authority", | |
| 82 certs[2]->subject().organization_unit_names[0]); | |
| 83 | |
| 84 EXPECT_TRUE(signature_info.trusted()); | |
| 85 } | |
| 86 | |
| 87 TEST_F(BinaryFeatureExtractorWinTest, UnsignedBinary) { | |
| 88 // unsigned.exe has no signature information. | |
| 89 ClientDownloadRequest_SignatureInfo signature_info; | |
| 90 binary_feature_extractor_->CheckSignature( | |
| 91 testdata_path_.Append(L"unsigned.exe"), | |
| 92 &signature_info); | |
| 93 EXPECT_EQ(0, signature_info.certificate_chain_size()); | |
| 94 EXPECT_FALSE(signature_info.has_trusted()); | |
| 95 } | |
| 96 | |
| 97 TEST_F(BinaryFeatureExtractorWinTest, NonExistentBinary) { | |
| 98 // Test a file that doesn't exist. | |
| 99 ClientDownloadRequest_SignatureInfo signature_info; | |
| 100 binary_feature_extractor_->CheckSignature( | |
| 101 testdata_path_.Append(L"doesnotexist.exe"), | |
| 102 &signature_info); | |
| 103 EXPECT_EQ(0, signature_info.certificate_chain_size()); | |
| 104 EXPECT_FALSE(signature_info.has_trusted()); | |
| 105 } | |
| 106 | |
| 107 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersNoFile) { | |
| 108 // Test extracting headers from a file that doesn't exist. | |
| 109 ClientDownloadRequest_ImageHeaders image_headers; | |
| 110 ASSERT_FALSE(binary_feature_extractor_->ExtractImageHeaders( | |
| 111 testdata_path_.AppendASCII("this_file_does_not_exist"), | |
| 112 BinaryFeatureExtractor::kDefaultOptions, | |
| 113 &image_headers)); | |
| 114 EXPECT_FALSE(image_headers.has_pe_headers()); | |
| 115 } | |
| 116 | |
| 117 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersNonImage) { | |
| 118 // Test extracting headers from something that is not a PE image. | |
| 119 ClientDownloadRequest_ImageHeaders image_headers; | |
| 120 ASSERT_FALSE(binary_feature_extractor_->ExtractImageHeaders( | |
| 121 testdata_path_.AppendASCII("simple_exe.cc"), | |
| 122 BinaryFeatureExtractor::kDefaultOptions, | |
| 123 &image_headers)); | |
| 124 EXPECT_FALSE(image_headers.has_pe_headers()); | |
| 125 } | |
| 126 | |
| 127 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeaders) { | |
| 128 // Test extracting headers from something that is a PE image. | |
| 129 ClientDownloadRequest_ImageHeaders image_headers; | |
| 130 ASSERT_TRUE(binary_feature_extractor_->ExtractImageHeaders( | |
| 131 testdata_path_.AppendASCII("unsigned.exe"), | |
| 132 BinaryFeatureExtractor::kDefaultOptions, | |
| 133 &image_headers)); | |
| 134 EXPECT_TRUE(image_headers.has_pe_headers()); | |
| 135 const ClientDownloadRequest_PEImageHeaders& pe_headers = | |
| 136 image_headers.pe_headers(); | |
| 137 EXPECT_TRUE(pe_headers.has_dos_header()); | |
| 138 EXPECT_TRUE(pe_headers.has_file_header()); | |
| 139 EXPECT_TRUE(pe_headers.has_optional_headers32()); | |
| 140 EXPECT_FALSE(pe_headers.has_optional_headers64()); | |
| 141 EXPECT_NE(0, pe_headers.section_header_size()); | |
| 142 EXPECT_FALSE(pe_headers.has_export_section_data()); | |
| 143 EXPECT_EQ(0, pe_headers.debug_data_size()); | |
| 144 } | |
| 145 | |
| 146 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersWithDebugData) { | |
| 147 // Test extracting headers from something that is a PE image with debug data. | |
| 148 ClientDownloadRequest_ImageHeaders image_headers; | |
| 149 ASSERT_TRUE(binary_feature_extractor_->ExtractImageHeaders( | |
| 150 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"), | |
| 151 BinaryFeatureExtractor::kDefaultOptions, | |
| 152 &image_headers)); | |
| 153 EXPECT_TRUE(image_headers.has_pe_headers()); | |
| 154 const ClientDownloadRequest_PEImageHeaders& pe_headers = | |
| 155 image_headers.pe_headers(); | |
| 156 EXPECT_TRUE(pe_headers.has_dos_header()); | |
| 157 EXPECT_TRUE(pe_headers.has_file_header()); | |
| 158 EXPECT_TRUE(pe_headers.has_optional_headers32()); | |
| 159 EXPECT_FALSE(pe_headers.has_optional_headers64()); | |
| 160 EXPECT_NE(0, pe_headers.section_header_size()); | |
| 161 EXPECT_TRUE(pe_headers.has_export_section_data()); | |
| 162 EXPECT_EQ(1U, pe_headers.debug_data_size()); | |
| 163 } | |
| 164 | |
| 165 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersWithoutExports) { | |
| 166 // Test extracting headers from something that is a PE image with debug data. | |
| 167 ClientDownloadRequest_ImageHeaders image_headers; | |
| 168 ASSERT_TRUE(binary_feature_extractor_->ExtractImageHeaders( | |
| 169 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"), | |
| 170 BinaryFeatureExtractor::kOmitExports, | |
| 171 &image_headers)); | |
| 172 EXPECT_TRUE(image_headers.has_pe_headers()); | |
| 173 const ClientDownloadRequest_PEImageHeaders& pe_headers = | |
| 174 image_headers.pe_headers(); | |
| 175 EXPECT_TRUE(pe_headers.has_dos_header()); | |
| 176 EXPECT_TRUE(pe_headers.has_file_header()); | |
| 177 EXPECT_TRUE(pe_headers.has_optional_headers32()); | |
| 178 EXPECT_FALSE(pe_headers.has_optional_headers64()); | |
| 179 EXPECT_NE(0, pe_headers.section_header_size()); | |
| 180 EXPECT_FALSE(pe_headers.has_export_section_data()); | |
| 181 EXPECT_EQ(1U, pe_headers.debug_data_size()); | |
| 182 } | |
| 183 | |
| 184 } // namespace safe_browsing | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1015363003:
Move BinaryFeatureExtractor and PEImageReader to common. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@zip2