Chromium Code Reviews Chromium Code Reviews
Issue 1509073002:
Fixes for Safe Browsing with unrelated pending navigations. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
| 6 #include "base/memory/ref_counted.h" | 6 #include "base/memory/ref_counted.h" |
| 7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/run_loop.h" | 8 #include "base/run_loop.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "base/synchronization/waitable_event.h" | 10 #include "base/synchronization/waitable_event.h" |
| (...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 344 EXPECT_EQ(resource.is_subresource, | 344 EXPECT_EQ(resource.is_subresource, |
| 345 csd_host_->unsafe_resource_->is_subresource); | 345 csd_host_->unsafe_resource_->is_subresource); |
| 346 EXPECT_EQ(resource.threat_type, csd_host_->unsafe_resource_->threat_type); | 346 EXPECT_EQ(resource.threat_type, csd_host_->unsafe_resource_->threat_type); |
| 347 EXPECT_TRUE(csd_host_->unsafe_resource_->callback.is_null()); | 347 EXPECT_TRUE(csd_host_->unsafe_resource_->callback.is_null()); |
| 348 EXPECT_EQ(resource.render_process_host_id, | 348 EXPECT_EQ(resource.render_process_host_id, |
| 349 csd_host_->unsafe_resource_->render_process_host_id); | 349 csd_host_->unsafe_resource_->render_process_host_id); |
| 350 EXPECT_EQ(resource.render_view_id, | 350 EXPECT_EQ(resource.render_view_id, |
| 351 csd_host_->unsafe_resource_->render_view_id); | 351 csd_host_->unsafe_resource_->render_view_id); |
| 352 } | 352 } |
| 353 | 353 |
| 354 void SetUnsafeSubResourceForCurrent() { | 354 void SetUnsafeSubResourceForCurrent(bool expect_unsafe_resource) { |
| 355 UnsafeResource resource; | 355 UnsafeResource resource; |
| 356 resource.url = GURL("http://www.malware.com/"); | 356 resource.url = GURL("http://www.malware.com/"); |
| 357 resource.original_url = web_contents()->GetURL(); | 357 resource.original_url = web_contents()->GetURL(); |
| 358 resource.is_subresource = true; | 358 resource.is_subresource = true; |
| 359 resource.threat_type = SB_THREAT_TYPE_URL_MALWARE; | 359 resource.threat_type = SB_THREAT_TYPE_URL_MALWARE; |
| 360 resource.callback = base::Bind(&EmptyUrlCheckCallback); | 360 resource.callback = base::Bind(&EmptyUrlCheckCallback); |
| 361 resource.callback_thread = | 361 resource.callback_thread = |
| 362 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); | 362 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); |
| 363 resource.render_process_host_id = web_contents()->GetRenderProcessHost()-> | 363 resource.render_process_host_id = web_contents()->GetRenderProcessHost()-> |
| 364 GetID(); | 364 GetID(); |
| 365 resource.render_view_id = | 365 resource.render_view_id = |
| 366 web_contents()->GetRenderViewHost()->GetRoutingID(); | 366 web_contents()->GetRenderViewHost()->GetRoutingID(); |
| 367 csd_host_->OnSafeBrowsingHit(resource); | 367 csd_host_->OnSafeBrowsingHit(resource); |
| 368 resource.callback.Reset(); | 368 resource.callback.Reset(); |
| 369 ASSERT_TRUE(csd_host_->DidShowSBInterstitial()); | 369 ASSERT_EQ(expect_unsafe_resource, csd_host_->DidShowSBInterstitial()); |
| 370 TestUnsafeResourceCopied(resource); | 370 if (expect_unsafe_resource) |
| 371 TestUnsafeResourceCopied(resource); | |
| 371 } | 372 } |
| 372 | 373 |
| 373 void NavigateWithSBHitAndCommit(const GURL& url) { | 374 void NavigateWithSBHitAndCommit(const GURL& url) { |
| 374 // Create a pending navigation. | 375 // Create a pending navigation. |
| 375 controller().LoadURL( | 376 controller().LoadURL( |
| 376 url, content::Referrer(), ui::PAGE_TRANSITION_LINK, std::string()); | 377 url, content::Referrer(), ui::PAGE_TRANSITION_LINK, std::string()); |
| 377 | 378 |
| 378 ASSERT_TRUE(pending_rvh()); | 379 ASSERT_TRUE(pending_rvh()); |
| 379 if (web_contents()->GetRenderViewHost()->GetProcess()->GetID() == | 380 if (web_contents()->GetRenderViewHost()->GetProcess()->GetID() == |
| 380 pending_rvh()->GetProcess()->GetID()) { | 381 pending_rvh()->GetProcess()->GetID()) { |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 408 controller().LoadURL( | 409 controller().LoadURL( |
| 409 safe_url, content::Referrer(), ui::PAGE_TRANSITION_LINK, | 410 safe_url, content::Referrer(), ui::PAGE_TRANSITION_LINK, |
| 410 std::string()); | 411 std::string()); |
| 411 | 412 |
| 412 ASSERT_TRUE(pending_rvh()); | 413 ASSERT_TRUE(pending_rvh()); |
| 413 if (web_contents()->GetRenderViewHost()->GetProcess()->GetID() == | 414 if (web_contents()->GetRenderViewHost()->GetProcess()->GetID() == |
| 414 pending_rvh()->GetProcess()->GetID()) { | 415 pending_rvh()->GetProcess()->GetID()) { |
| 415 EXPECT_NE(web_contents()->GetRenderViewHost()->GetRoutingID(), | 416 EXPECT_NE(web_contents()->GetRenderViewHost()->GetRoutingID(), |
| 416 pending_rvh()->GetRoutingID()); | 417 pending_rvh()->GetRoutingID()); |
| 417 } | 418 } |
| 418 ASSERT_FALSE(csd_host_->DidShowSBInterstitial()); | |
| 419 | 419 |
| 420 content::WebContentsTester::For(web_contents())->CommitPendingNavigation(); | 420 content::WebContentsTester::For(web_contents())->CommitPendingNavigation(); |
| 421 ASSERT_FALSE(csd_host_->DidShowSBInterstitial()); | 421 ASSERT_FALSE(csd_host_->DidShowSBInterstitial()); |
| 422 } | 422 } |
| 423 | 423 |
| 424 void CheckIPUrlEqual(const std::vector<IPUrlInfo>& expect, | 424 void CheckIPUrlEqual(const std::vector<IPUrlInfo>& expect, |
| 425 const std::vector<IPUrlInfo>& result) { | 425 const std::vector<IPUrlInfo>& result) { |
| 426 ASSERT_EQ(expect.size(), result.size()); | 426 ASSERT_EQ(expect.size(), result.size()); |
| 427 | 427 |
| 428 for (unsigned int i = 0; i < expect.size(); ++i) { | 428 for (unsigned int i = 0; i < expect.size(); ++i) { |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 683 ClientPhishingRequest verdict; | 683 ClientPhishingRequest verdict; |
| 684 verdict.set_url(url.spec()); | 684 verdict.set_url(url.spec()); |
| 685 verdict.set_client_score(0.1f); | 685 verdict.set_client_score(0.1f); |
| 686 verdict.set_is_phishing(false); | 686 verdict.set_is_phishing(false); |
| 687 | 687 |
| 688 // First we have to navigate to the URL to set the unique page ID. | 688 // First we have to navigate to the URL to set the unique page ID. |
| 689 ExpectPreClassificationChecks(url, &kFalse, &kFalse, &kFalse, &kFalse, | 689 ExpectPreClassificationChecks(url, &kFalse, &kFalse, &kFalse, &kFalse, |
| 690 &kFalse, &kFalse, &kFalse, &kFalse); | 690 &kFalse, &kFalse, &kFalse, &kFalse); |
| 691 NavigateAndCommit(url); | 691 NavigateAndCommit(url); |
| 692 WaitAndCheckPreClassificationChecks(); | 692 WaitAndCheckPreClassificationChecks(); |
| 693 SetUnsafeSubResourceForCurrent(); | 693 SetUnsafeSubResourceForCurrent(true /* expect_unsafe_resource */); |
| 694 | 694 |
| 695 EXPECT_CALL(*csd_service_, | 695 EXPECT_CALL(*csd_service_, |
| 696 SendClientReportPhishingRequest( | 696 SendClientReportPhishingRequest( |
| 697 Pointee(PartiallyEqualVerdict(verdict)), _, CallbackIsNull())) | 697 Pointee(PartiallyEqualVerdict(verdict)), _, CallbackIsNull())) |
| 698 .WillOnce(DoAll(DeleteArg<0>(), QuitUIMessageLoop())); | 698 .WillOnce(DoAll(DeleteArg<0>(), QuitUIMessageLoop())); |
| 699 std::vector<GURL> redirect_chain; | 699 std::vector<GURL> redirect_chain; |
| 700 redirect_chain.push_back(url); | 700 redirect_chain.push_back(url); |
| 701 SetRedirectChain(redirect_chain); | 701 SetRedirectChain(redirect_chain); |
| 702 OnPhishingDetectionDone(verdict.SerializeAsString()); | 702 OnPhishingDetectionDone(verdict.SerializeAsString()); |
| 703 base::MessageLoop::current()->Run(); | 703 base::MessageLoop::current()->Run(); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 741 OnPhishingDetectionDone(verdict.SerializeAsString()); | 741 OnPhishingDetectionDone(verdict.SerializeAsString()); |
| 742 base::MessageLoop::current()->Run(); | 742 base::MessageLoop::current()->Run(); |
| 743 EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get())); | 743 EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get())); |
| 744 | 744 |
| 745 ExpectPreClassificationChecks(start_url, &kFalse, &kFalse, &kFalse, &kFalse, | 745 ExpectPreClassificationChecks(start_url, &kFalse, &kFalse, &kFalse, &kFalse, |
| 746 &kFalse, &kFalse, &kFalse, &kFalse); | 746 &kFalse, &kFalse, &kFalse, &kFalse); |
| 747 NavigateWithoutSBHitAndCommit(start_url); | 747 NavigateWithoutSBHitAndCommit(start_url); |
| 748 WaitAndCheckPreClassificationChecks(); | 748 WaitAndCheckPreClassificationChecks(); |
| 749 } | 749 } |
| 750 | 750 |
| 751 TEST_F( | |
| 752 ClientSideDetectionHostTest, | |
| 753 OnPhishingDetectionDoneVerdictNotPhishingButSBMatchOnSubresourceWhileNavPend ing) { | |
|
Bernhard Bauer
2015/12/17 16:02:02
Umm... I think you might win an award for longest
| |
| 754 // When a malware hit happens on a committed page while a slow pending load is | |
| 755 // in progress, the csd report should be sent for the committed page. | |
| 756 | |
| 757 // Do an initial navigation to a safe host. | |
| 758 GURL start_url("http://safe.example.com/"); | |
| 759 ExpectPreClassificationChecks( | |
| 760 start_url, &kFalse, &kFalse, &kFalse, &kFalse, &kFalse, &kFalse, &kFalse, | |
| 761 &kFalse); | |
| 762 NavigateAndCommit(start_url); | |
| 763 WaitAndCheckPreClassificationChecks(); | |
| 764 | |
| 765 // Now navigate to a different host which does not have a SB hit. | |
| 766 GURL url("http://not-malware-not-phishing-but-malware-subresource.com/"); | |
| 767 ClientPhishingRequest verdict; | |
| 768 verdict.set_url(url.spec()); | |
| 769 verdict.set_client_score(0.1f); | |
| 770 verdict.set_is_phishing(false); | |
| 771 | |
| 772 ExpectPreClassificationChecks(url, &kFalse, &kFalse, &kFalse, &kFalse, | |
| 773 &kFalse, &kFalse, &kFalse, &kFalse); | |
| 774 NavigateWithoutSBHitAndCommit(url); | |
| 775 | |
| 776 // Simulate a subresource malware hit on committed page. | |
| 777 SetUnsafeSubResourceForCurrent(true /* expect_unsafe_resource */); | |
| 778 | |
| 779 // Create a pending navigation, but don't commit it. | |
| 780 GURL pending_url("http://slow.example.com/"); | |
| 781 content::WebContentsTester::For(web_contents())->StartNavigation(pending_url); | |
| 782 | |
| 783 WaitAndCheckPreClassificationChecks(); | |
| 784 | |
| 785 // Even though we have a pending navigation, the DidShowSBInterstitial check | |
| 786 // should apply to the committed navigation, so we should get a report even | |
| 787 // though the verdict has is_phishing = false. | |
| 788 EXPECT_CALL(*csd_service_, | |
| 789 SendClientReportPhishingRequest( | |
| 790 Pointee(PartiallyEqualVerdict(verdict)), _, CallbackIsNull())) | |
| 791 .WillOnce(DoAll(DeleteArg<0>(), QuitUIMessageLoop())); | |
| 792 std::vector<GURL> redirect_chain; | |
| 793 redirect_chain.push_back(url); | |
| 794 SetRedirectChain(redirect_chain); | |
| 795 OnPhishingDetectionDone(verdict.SerializeAsString()); | |
| 796 base::MessageLoop::current()->Run(); | |
| 797 EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get())); | |
| 798 } | |
| 799 | |
| 800 TEST_F(ClientSideDetectionHostTest, SafeBrowsingHitOnFreshTab) { | |
| 801 // A fresh WebContents should not have any NavigationEntries yet. (See | |
| 802 // https://crbug.com/524208.) | |
| 803 EXPECT_EQ(nullptr, controller().GetLastCommittedEntry()); | |
| 804 EXPECT_EQ(nullptr, controller().GetPendingEntry()); | |
| 805 | |
| 806 // Simulate a subresource malware hit (this could happen if the WebContents | |
| 807 // was created with window.open, and had content injected into it). | |
| 808 SetUnsafeSubResourceForCurrent(false /* expect_unsafe_resource */); | |
| 809 | |
| 810 // If the test didn't crash, we're good. (Nothing else to test, since there | |
| 811 // was no DidNavigateMainFrame, CSD won't do anything with this hit.) | |
| 812 } | |
| 813 | |
| 751 TEST_F(ClientSideDetectionHostTest, | 814 TEST_F(ClientSideDetectionHostTest, |
| 752 DidStopLoadingShowMalwareInterstitial) { | 815 DidStopLoadingShowMalwareInterstitial) { |
| 753 // Case 9: client thinks the page match malware IP and so does the server. | 816 // Case 9: client thinks the page match malware IP and so does the server. |
| 754 // We show an sub-resource malware interstitial. | 817 // We show an sub-resource malware interstitial. |
| 755 MockBrowserFeatureExtractor* mock_extractor = | 818 MockBrowserFeatureExtractor* mock_extractor = |
| 756 new StrictMock<MockBrowserFeatureExtractor>( | 819 new StrictMock<MockBrowserFeatureExtractor>( |
| 757 web_contents(), | 820 web_contents(), |
| 758 csd_host_.get()); | 821 csd_host_.get()); |
| 759 SetFeatureExtractor(mock_extractor); // The host class takes ownership. | 822 SetFeatureExtractor(mock_extractor); // The host class takes ownership. |
| 760 | 823 |
| (...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1129 EXPECT_EQ(url, resource.url); | 1192 EXPECT_EQ(url, resource.url); |
| 1130 EXPECT_EQ(url, resource.original_url); | 1193 EXPECT_EQ(url, resource.original_url); |
| 1131 | 1194 |
| 1132 ExpectStartPhishingDetection(NULL); | 1195 ExpectStartPhishingDetection(NULL); |
| 1133 | 1196 |
| 1134 // Showing a phishing warning will invalidate all the weak pointers which | 1197 // Showing a phishing warning will invalidate all the weak pointers which |
| 1135 // means we will not extract malware features. | 1198 // means we will not extract malware features. |
| 1136 ExpectShouldClassifyForMalwareResult(false); | 1199 ExpectShouldClassifyForMalwareResult(false); |
| 1137 } | 1200 } |
| 1138 } // namespace safe_browsing | 1201 } // namespace safe_browsing |
| OLD | NEW |
