Fixes for Safe Browsing with unrelated pending navigations.

chrome/browser/safe_browsing/threat_details_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 
 #include "base/bind.h"
 #include "base/pickle.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
 #include "chrome/browser/history/history_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/threat_details.h"
 #include "chrome/browser/safe_browsing/threat_details_history.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "chrome/common/safe_browsing/safebrowsing_messages.h"
 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/history/core/browser/history_backend.h"
 #include "components/history/core/browser/history_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/test/web_contents_tester.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/disk_cache/disk_cache.h"
 #include "net/http/http_cache.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
@@ skipping 289 matching lines @@
                                reinterpret_cast<history::ContextID>(1), 0,
                                GURL(), *redirects, ui::PAGE_TRANSITION_TYPED,
                                history::SOURCE_BROWSED, false);
   }
 
   scoped_refptr<MockSafeBrowsingUIManager> ui_manager_;
 };
 
 // Tests creating a simple threat report of a malware URL.
 TEST_F(ThreatDetailsTest, ThreatSubResource) {
-  // Start a load.
-  controller().LoadURL(
-      GURL(kLandingURL),
-      content::Referrer(GURL(kReferrerURL), blink::WebReferrerPolicyDefault),
-      ui::PAGE_TRANSITION_TYPED, std::string());
+  // Commit a load.
+  content::WebContentsTester::For(web_contents())
+      ->TestDidNavigateWithReferrer(
+          web_contents()->GetMainFrame(), 1 /* page_id */, 0 /* nav_entry_id */,
+          true /* did_create_new_entry */, GURL(kLandingURL),
+          content::Referrer(GURL(kReferrerURL),
+                            blink::WebReferrerPolicyDefault),
+          ui::PAGE_TRANSITION_TYPED);
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true, GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,
+               GURL(kThreatURL));
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
   std::string serialized = WaitForSerializedReport(
       report.get(), true /* did_proceed*/, 1 /* num_visit */);
 
   ClientSafeBrowsingReportRequest actual;
   actual.ParseFromString(serialized);
 
@@ skipping 17 matching lines @@
   pb_resource = expected.add_resources();
   pb_resource->set_id(2);
   pb_resource->set_url(kReferrerURL);
 
   VerifyResults(actual, expected);
 }
 
 // Tests creating a simple threat report of a phishing page where the
 // subresource has a different original_url.
 TEST_F(ThreatDetailsTest, ThreatSubResourceWithOriginalUrl) {
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_URL_PHISHING, true, GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_URL_PHISHING,
+               true /* is_subresource */, GURL(kThreatURL));
   resource.original_url = GURL(kOriginalLandingURL);
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
   std::string serialized = WaitForSerializedReport(
       report.get(), false /* did_proceed*/, 1 /* num_visit */);
 
   ClientSafeBrowsingReportRequest actual;
   actual.ParseFromString(serialized);
@@ skipping 20 matching lines @@
   pb_resource->set_url(kThreatURL);
   // The Resource for kThreatURL should have the Resource for
   // kOriginalLandingURL (with id 1) as parent.
   pb_resource->set_parent_id(1);
 
   VerifyResults(actual, expected);
 }
 
 // Tests creating a threat report of a UwS page with data from the renderer.
 TEST_F(ThreatDetailsTest, ThreatDOMDetails) {
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED, true, GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED,
+               true /* is_subresource */, GURL(kThreatURL));
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
   // Send a message from the DOM, with 2 nodes, a parent and a child.
   std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params;
   SafeBrowsingHostMsg_ThreatDOMDetails_Node child_node;
   child_node.url = GURL(kDOMChildURL);
   child_node.tag_name = "iframe";
   child_node.parent = GURL(kDOMParentURL);
@@ skipping 36 matching lines @@
   pb_resource->set_url(kDOMParentURL);
   pb_resource->add_child_ids(2);
   expected.set_complete(false);  // Since the cache was missing.
 
   VerifyResults(actual, expected);
 }
 
 // Tests creating a threat report of a malware page where there are redirect
 // urls to an unsafe resource url.
 TEST_F(ThreatDetailsTest, ThreatWithRedirectUrl) {
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true, GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,
+               GURL(kThreatURL));
   resource.original_url = GURL(kOriginalLandingURL);
 
   // add some redirect urls
   resource.redirect_urls.push_back(GURL(kFirstRedirectURL));
   resource.redirect_urls.push_back(GURL(kSecondRedirectURL));
   resource.redirect_urls.push_back(GURL(kThreatURL));
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
@@ skipping 30 matching lines @@
   pb_resource->set_parent_id(1);
 
   pb_resource = expected.add_resources();
   pb_resource->set_id(4);
   pb_resource->set_url(kSecondRedirectURL);
   pb_resource->set_parent_id(3);
 
   VerifyResults(actual, expected);
 }
 
+// Test collecting threat details for a blocked main frame load.
+TEST_F(ThreatDetailsTest, ThreatOnMainPageLoadBlocked) {
+  const char* kUnrelatedReferrerURL = "http://www.unrelatedreferrer.com/some/path";

[Charlie Reis, 2015/12/11 05:39:24]

nit: 80 chars

[mattm, 2015/12/15 01:42:25]

Done.

+  const char* kUnrelatedURL = "http://www.unrelated.com/some/path";
+
+  // Load and commit an unrelated URL. The ThreatDetails should not use this
+  // navigation entry.
+  content::WebContentsTester::For(web_contents())
+      ->TestDidNavigateWithReferrer(
+          web_contents()->GetMainFrame(), 1 /* page_id */, 0 /* nav_entry_id */,
+          true /* did_create_new_entry */, GURL(kUnrelatedURL),
+          content::Referrer(GURL(kUnrelatedReferrerURL),
+                            blink::WebReferrerPolicyDefault),
+          ui::PAGE_TRANSITION_TYPED);
+
+  // Start a pending load with a referrer.
+  controller().LoadURL(GURL(kLandingURL),
+                       content::Referrer(GURL(kReferrerURL),
+                                         blink::WebReferrerPolicyDefault),
+                       ui::PAGE_TRANSITION_TYPED, std::string());
+
+  // Create UnsafeResource for the pending main page load.
+  UnsafeResource resource;
+  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE,
+               false /* is_subresource */, GURL(kLandingURL));
+
+  // Start ThreatDetails collection.
+  scoped_refptr<ThreatDetailsWrap> report =
+      new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
+
+  // Simulate clicking don't proceed.
+  controller().DiscardNonCommittedEntries();
+
+  // Finish ThreatDetails collection.
+  std::string serialized = WaitForSerializedReport(
+      report.get(), false /* did_proceed*/, 1 /* num_visit */);
+
+  ClientSafeBrowsingReportRequest actual;
+  actual.ParseFromString(serialized);
+
+  ClientSafeBrowsingReportRequest expected;
+  expected.set_type(ClientSafeBrowsingReportRequest::URL_MALWARE);
+  expected.set_url(kLandingURL);
+  expected.set_page_url(kLandingURL);
+  // Note that the referrer policy is not actually enacted here, since that's
+  // done in Blink.
+  expected.set_referrer_url(kReferrerURL);
+  expected.set_did_proceed(false);
+  expected.set_repeat_visit(true);
+
+  ClientSafeBrowsingReportRequest::Resource* pb_resource =
+      expected.add_resources();
+  pb_resource->set_id(0);
+  pb_resource->set_url(kLandingURL);
+  pb_resource = expected.add_resources();
+  pb_resource->set_id(1);
+  pb_resource->set_url(kReferrerURL);
+
+  VerifyResults(actual, expected);
+}
+
+// Tests that a pending load does not interfere with collecting threat details
+// for the committed page.
+TEST_F(ThreatDetailsTest, ThreatWithPendingLoad) {
+  const char* kPendingReferrerURL = "http://www.pendingreferrer.com/some/path";
+  const char* kPendingURL = "http://www.pending.com/some/path";
+
+  // Load and commit the landing URL with a referrer.
+  content::WebContentsTester::For(web_contents())
+      ->TestDidNavigateWithReferrer(
+          web_contents()->GetMainFrame(), 1 /* page_id */, 0 /* nav_entry_id */,
+          true /* did_create_new_entry */, GURL(kLandingURL),
+          content::Referrer(GURL(kReferrerURL),
+                            blink::WebReferrerPolicyDefault),
+          ui::PAGE_TRANSITION_TYPED);
+
+  // Create UnsafeResource for fake sub-resource of landing page.
+  UnsafeResource resource;
+  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,
+               GURL(kThreatURL));
+
+  // Start a pending load before creating ThreatDetails.
+  controller().LoadURL(GURL(kPendingURL),
+                       content::Referrer(GURL(kPendingReferrerURL),
+                                         blink::WebReferrerPolicyDefault),
+                       ui::PAGE_TRANSITION_TYPED, std::string());
+
+  // Do ThreatDetails collection.
+  scoped_refptr<ThreatDetailsWrap> report =
+      new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
+  std::string serialized = WaitForSerializedReport(
+      report.get(), true /* did_proceed*/, 1 /* num_visit */);
+
+  ClientSafeBrowsingReportRequest actual;
+  actual.ParseFromString(serialized);
+
+  ClientSafeBrowsingReportRequest expected;
+  expected.set_type(ClientSafeBrowsingReportRequest::URL_MALWARE);
+  expected.set_url(kThreatURL);
+  expected.set_page_url(kLandingURL);
+  // Note that the referrer policy is not actually enacted here, since that's
+  // done in Blink.
+  expected.set_referrer_url(kReferrerURL);
+  expected.set_did_proceed(true);
+  expected.set_repeat_visit(true);
+
+  ClientSafeBrowsingReportRequest::Resource* pb_resource =
+      expected.add_resources();
+  pb_resource->set_id(0);
+  pb_resource->set_url(kLandingURL);
+  pb_resource = expected.add_resources();
+  pb_resource->set_id(1);
+  pb_resource->set_url(kThreatURL);
+  pb_resource = expected.add_resources();
+  pb_resource->set_id(2);
+  pb_resource->set_url(kReferrerURL);
+
+  VerifyResults(actual, expected);
+}
+
 // Tests the interaction with the HTTP cache.
 TEST_F(ThreatDetailsTest, HTTPCache) {
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL, true,
-               GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL,
+               true /* is_subresource */, GURL(kThreatURL));
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource,
                             profile()->GetRequestContext());
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&FillCache,
                  make_scoped_refptr(profile()->GetRequestContext())));
 
@@ skipping 53 matching lines @@
   pb_response->set_bodylength(threat_data.size());
   pb_response->set_bodydigest(base::MD5String(threat_data));
   pb_response->set_remote_ip("1.2.3.4:80");
   expected.set_complete(true);
 
   VerifyResults(actual, expected);
 }
 
 // Tests the interaction with the HTTP cache (where the cache is empty).
 TEST_F(ThreatDetailsTest, HTTPCacheNoEntries) {
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL, true,
-               GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL,
+               true /* is_subresource */, GURL(kThreatURL));
 
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource,
                             profile()->GetRequestContext());
 
   // No call to FillCache
 
   // The cache collection starts after the IPC from the DOM is fired.
   std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params;
   report->OnReceivedThreatDOMDetails(params);
@@ skipping 32 matching lines @@
   // There are two redirect urls before reacing malware url:
   // kFirstRedirectURL -> kSecondRedirectURL -> kThreatURL
   GURL baseurl(kThreatURL);
   history::RedirectList redirects;
   redirects.push_back(GURL(kFirstRedirectURL));
   redirects.push_back(GURL(kSecondRedirectURL));
   AddPageToHistory(baseurl, &redirects);
   // Wait for history service operation finished.
   profile()->BlockUntilHistoryProcessesPendingRequests();
 
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  content::WebContentsTester::For(web_contents())
+      ->NavigateAndCommit(GURL(kLandingURL));
 
   UnsafeResource resource;
-  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true, GURL(kThreatURL));
+  InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,
+               GURL(kThreatURL));
   scoped_refptr<ThreatDetailsWrap> report =
       new ThreatDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
   // The redirects collection starts after the IPC from the DOM is fired.
   std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params;
   report->OnReceivedThreatDOMDetails(params);
 
   // Let the redirects callbacks complete.
   base::RunLoop().RunUntilIdle();
 
@@ skipping 23 matching lines @@
   pb_resource->set_parent_id(3);
   pb_resource->set_url(kSecondRedirectURL);
   pb_resource = expected.add_resources();
   pb_resource->set_id(3);
   pb_resource->set_url(kFirstRedirectURL);
 
   VerifyResults(actual, expected);
 }
 
 }  // namespace safe_browsing