OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/safe_browsing/binary_feature_extractor.h" | 5 #include "chrome/common/safe_browsing/binary_feature_extractor.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/base_paths.h" | 10 #include "base/base_paths.h" |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 | 49 |
50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) { | 50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) { |
51 // signed.exe is signed by an untrusted root CA. | 51 // signed.exe is signed by an untrusted root CA. |
52 ClientDownloadRequest_SignatureInfo signature_info; | 52 ClientDownloadRequest_SignatureInfo signature_info; |
53 binary_feature_extractor_->CheckSignature( | 53 binary_feature_extractor_->CheckSignature( |
54 testdata_path_.Append(L"signed.exe"), | 54 testdata_path_.Append(L"signed.exe"), |
55 &signature_info); | 55 &signature_info); |
56 ASSERT_EQ(1, signature_info.certificate_chain_size()); | 56 ASSERT_EQ(1, signature_info.certificate_chain_size()); |
57 std::vector<scoped_refptr<net::X509Certificate> > certs; | 57 std::vector<scoped_refptr<net::X509Certificate> > certs; |
58 ParseCertificateChain(signature_info.certificate_chain(0), &certs); | 58 ParseCertificateChain(signature_info.certificate_chain(0), &certs); |
59 ASSERT_EQ(2, certs.size()); | 59 ASSERT_EQ(2u, certs.size()); |
60 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name); | 60 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name); |
61 EXPECT_EQ("Root Agency", certs[1]->subject().common_name); | 61 EXPECT_EQ("Root Agency", certs[1]->subject().common_name); |
62 | 62 |
63 EXPECT_TRUE(signature_info.has_trusted()); | 63 EXPECT_TRUE(signature_info.has_trusted()); |
64 EXPECT_FALSE(signature_info.trusted()); | 64 EXPECT_FALSE(signature_info.trusted()); |
65 } | 65 } |
66 | 66 |
67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) { | 67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) { |
68 // wow_helper.exe is signed using Google's signing certifiacte. | 68 // wow_helper.exe is signed using Google's signing certifiacte. |
69 ClientDownloadRequest_SignatureInfo signature_info; | 69 ClientDownloadRequest_SignatureInfo signature_info; |
70 binary_feature_extractor_->CheckSignature( | 70 binary_feature_extractor_->CheckSignature( |
71 testdata_path_.Append(L"wow_helper.exe"), | 71 testdata_path_.Append(L"wow_helper.exe"), |
72 &signature_info); | 72 &signature_info); |
73 ASSERT_EQ(1, signature_info.certificate_chain_size()); | 73 ASSERT_EQ(1, signature_info.certificate_chain_size()); |
74 std::vector<scoped_refptr<net::X509Certificate> > certs; | 74 std::vector<scoped_refptr<net::X509Certificate> > certs; |
75 ParseCertificateChain(signature_info.certificate_chain(0), &certs); | 75 ParseCertificateChain(signature_info.certificate_chain(0), &certs); |
76 ASSERT_EQ(3, certs.size()); | 76 ASSERT_EQ(3u, certs.size()); |
77 | 77 |
78 EXPECT_EQ("Google Inc", certs[0]->subject().common_name); | 78 EXPECT_EQ("Google Inc", certs[0]->subject().common_name); |
79 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA", | 79 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA", |
80 certs[1]->subject().common_name); | 80 certs[1]->subject().common_name); |
81 EXPECT_EQ("Class 3 Public Primary Certification Authority", | 81 EXPECT_EQ("Class 3 Public Primary Certification Authority", |
82 certs[2]->subject().organization_unit_names[0]); | 82 certs[2]->subject().organization_unit_names[0]); |
83 | 83 |
84 EXPECT_TRUE(signature_info.trusted()); | 84 EXPECT_TRUE(signature_info.trusted()); |
85 } | 85 } |
86 | 86 |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
153 nullptr /* signed_data */)); | 153 nullptr /* signed_data */)); |
154 EXPECT_TRUE(image_headers.has_pe_headers()); | 154 EXPECT_TRUE(image_headers.has_pe_headers()); |
155 const ClientDownloadRequest_PEImageHeaders& pe_headers = | 155 const ClientDownloadRequest_PEImageHeaders& pe_headers = |
156 image_headers.pe_headers(); | 156 image_headers.pe_headers(); |
157 EXPECT_TRUE(pe_headers.has_dos_header()); | 157 EXPECT_TRUE(pe_headers.has_dos_header()); |
158 EXPECT_TRUE(pe_headers.has_file_header()); | 158 EXPECT_TRUE(pe_headers.has_file_header()); |
159 EXPECT_TRUE(pe_headers.has_optional_headers32()); | 159 EXPECT_TRUE(pe_headers.has_optional_headers32()); |
160 EXPECT_FALSE(pe_headers.has_optional_headers64()); | 160 EXPECT_FALSE(pe_headers.has_optional_headers64()); |
161 EXPECT_NE(0, pe_headers.section_header_size()); | 161 EXPECT_NE(0, pe_headers.section_header_size()); |
162 EXPECT_TRUE(pe_headers.has_export_section_data()); | 162 EXPECT_TRUE(pe_headers.has_export_section_data()); |
163 EXPECT_EQ(1U, pe_headers.debug_data_size()); | 163 EXPECT_EQ(1, pe_headers.debug_data_size()); |
164 } | 164 } |
165 | 165 |
166 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithoutExports) { | 166 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithoutExports) { |
167 // Test extracting headers from something that is a PE image with debug data. | 167 // Test extracting headers from something that is a PE image with debug data. |
168 ClientDownloadRequest_ImageHeaders image_headers; | 168 ClientDownloadRequest_ImageHeaders image_headers; |
169 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( | 169 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( |
170 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"), | 170 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"), |
171 BinaryFeatureExtractor::kOmitExports, &image_headers, | 171 BinaryFeatureExtractor::kOmitExports, &image_headers, |
172 nullptr /* signed_data */)); | 172 nullptr /* signed_data */)); |
173 EXPECT_TRUE(image_headers.has_pe_headers()); | 173 EXPECT_TRUE(image_headers.has_pe_headers()); |
174 const ClientDownloadRequest_PEImageHeaders& pe_headers = | 174 const ClientDownloadRequest_PEImageHeaders& pe_headers = |
175 image_headers.pe_headers(); | 175 image_headers.pe_headers(); |
176 EXPECT_TRUE(pe_headers.has_dos_header()); | 176 EXPECT_TRUE(pe_headers.has_dos_header()); |
177 EXPECT_TRUE(pe_headers.has_file_header()); | 177 EXPECT_TRUE(pe_headers.has_file_header()); |
178 EXPECT_TRUE(pe_headers.has_optional_headers32()); | 178 EXPECT_TRUE(pe_headers.has_optional_headers32()); |
179 EXPECT_FALSE(pe_headers.has_optional_headers64()); | 179 EXPECT_FALSE(pe_headers.has_optional_headers64()); |
180 EXPECT_NE(0, pe_headers.section_header_size()); | 180 EXPECT_NE(0, pe_headers.section_header_size()); |
181 EXPECT_FALSE(pe_headers.has_export_section_data()); | 181 EXPECT_FALSE(pe_headers.has_export_section_data()); |
182 EXPECT_EQ(1U, pe_headers.debug_data_size()); | 182 EXPECT_EQ(1, pe_headers.debug_data_size()); |
183 } | 183 } |
184 | 184 |
185 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesUntrustedSigned) { | 185 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesUntrustedSigned) { |
186 // Test extracting features from a signed PE image. | 186 // Test extracting features from a signed PE image. |
187 ClientDownloadRequest_ImageHeaders image_headers; | 187 ClientDownloadRequest_ImageHeaders image_headers; |
188 google::protobuf::RepeatedPtrField<std::string> signed_data; | 188 google::protobuf::RepeatedPtrField<std::string> signed_data; |
189 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( | 189 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( |
190 testdata_path_.AppendASCII("signed.exe"), | 190 testdata_path_.AppendASCII("signed.exe"), |
191 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data)); | 191 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data)); |
192 ASSERT_EQ(1, signed_data.size()); | 192 ASSERT_EQ(1, signed_data.size()); |
193 ASSERT_LT(0U, signed_data.Get(0).size()); | 193 ASSERT_LT(0U, signed_data.Get(0).size()); |
194 } | 194 } |
195 | 195 |
196 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesTrustedSigned) { | 196 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesTrustedSigned) { |
197 // Test extracting features from a signed PE image from a trusted root. | 197 // Test extracting features from a signed PE image from a trusted root. |
198 ClientDownloadRequest_ImageHeaders image_headers; | 198 ClientDownloadRequest_ImageHeaders image_headers; |
199 google::protobuf::RepeatedPtrField<std::string> signed_data; | 199 google::protobuf::RepeatedPtrField<std::string> signed_data; |
200 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( | 200 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures( |
201 testdata_path_.AppendASCII("wow_helper.exe"), | 201 testdata_path_.AppendASCII("wow_helper.exe"), |
202 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data)); | 202 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data)); |
203 ASSERT_EQ(1, signed_data.size()); | 203 ASSERT_EQ(1, signed_data.size()); |
204 ASSERT_LT(0U, signed_data.Get(0).size()); | 204 ASSERT_LT(0U, signed_data.Get(0).size()); |
205 } | 205 } |
206 | 206 |
207 } // namespace safe_browsing | 207 } // namespace safe_browsing |
OLD | NEW |