Chromium Code Reviews Chromium Code Reviews
Issue 184483002:
Set insecure content status also when there are other security issues. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ssl/ssl_browser_tests.cc |
| diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
| index bcf8cf123c4db3449f87c32ae54814fd4562e198..10505b143fa0d75e759a571d9d87670173756143 100644 |
| --- a/chrome/browser/ssl/ssl_browser_tests.cc |
| +++ b/chrome/browser/ssl/ssl_browser_tests.cc |
| @@ -146,12 +146,15 @@ class SSLUITest : public InProcessBrowserTest { |
| CheckState(tab, content::SECURITY_STYLE_UNAUTHENTICATED, false, false); |
| } |
| - void CheckBrokenAuthenticatedState(WebContents* tab) { |
| - CheckState(tab, content::SECURITY_STYLE_AUTHENTICATION_BROKEN, false, true); |
| + void CheckBrokenAuthenticatedState(WebContents* tab, |
| + bool expected_displayed_insecure_content) { |
| + CheckState(tab, content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
| + expected_displayed_insecure_content, true); |
| } |
| void CheckAuthenticationBrokenState(WebContents* tab, |
| net::CertStatus error, |
| + bool displayed_insecure_content, |
| bool ran_insecure_content, |
| bool interstitial) { |
|
Ryan Sleevi
2014/03/11 01:46:55
I'm wondering whether we should change these three
|
| ASSERT_FALSE(tab->IsCrashed()); |
| @@ -166,8 +169,9 @@ class SSLUITest : public InProcessBrowserTest { |
| // to SECURITY_STYLE_AUTHENTICATION_BROKEN. |
| ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); |
| EXPECT_EQ(error, entry->GetSSL().cert_status & error); |
| - EXPECT_FALSE(!!(entry->GetSSL().content_status & |
| - SSLStatus::DISPLAYED_INSECURE_CONTENT)); |
| + EXPECT_EQ(displayed_insecure_content, |
| + !!(entry->GetSSL().content_status & |
| + SSLStatus::DISPLAYED_INSECURE_CONTENT)); |
| EXPECT_EQ(ran_insecure_content, |
| !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT)); |
| net::CertStatus extra_cert_errors = error ^ (entry->GetSSL().cert_status & |
| @@ -365,6 +369,29 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { |
| browser()->tab_strip_model()->GetActiveWebContents()); |
| } |
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) { |
| + ASSERT_TRUE(test_server()->Start()); |
| + ASSERT_TRUE(https_server_expired_.Start()); |
| + |
| + std::string replacement_path; |
| + ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( |
| + "files/ssl/page_displays_insecure_content.html", |
| + test_server()->host_port_pair(), |
| + &replacement_path)); |
| + |
| + ui_test_utils::NavigateToURL(browser(), |
| + https_server_expired_.GetURL(replacement_path)); |
| + |
| + WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
| + false, false, true); |
| + |
| + ProceedThroughInterstitial(tab); |
| + |
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
| + true, false, false); |
| +} |
| + |
| // http://crbug.com/91745 |
| #if defined(OS_CHROMEOS) |
| #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |
| @@ -392,12 +419,12 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) { |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No interstitial showing |
| + false, false); // No interstitial showing |
| } |
| #ifndef NEDBUG |
| @@ -439,7 +466,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) { |
| // An interstitial should be showing. |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| - false, true); |
| + false, false, true); |
| // Simulate user clicking "Take me back". |
| InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| @@ -472,7 +499,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_expired_.GetURL("files/ssl/google.html")); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| ProvisionalLoadWaiter load_failed_observer(tab); |
| @@ -509,7 +536,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_expired_.GetURL("files/ssl/google.html")); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| // Simulate user clicking and holding on back button (crbug.com/37215). |
| tab->GetController().GoToOffset(-1); |
| @@ -552,7 +579,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) { |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_expired_.GetURL("files/ssl/google.html")); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| // Simulate user clicking and holding on forward button. |
| { |
| @@ -641,7 +668,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) { |
| wss_server_expired_.GetURL( |
| "connect_check.html").ReplaceComponents(replacements)); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| // Proceed anyway. |
| ProceedThroughInterstitial(tab); |
| @@ -852,7 +879,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, |
| "files/ssl/page_runs_insecure_content.html")); |
| CheckAuthenticationBrokenState( |
| - browser()->tab_strip_model()->GetActiveWebContents(), 0, true, false); |
| + browser()->tab_strip_model()->GetActiveWebContents(), |
| + 0, true, true, false); |
| } |
| // Visits a page with unsafe content and make sure that: |
| @@ -1009,11 +1037,11 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { |
| EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost()); |
| // The new tab has insecure content. |
| - CheckAuthenticationBrokenState(tab2, 0, true, false); |
| + CheckAuthenticationBrokenState(tab2, 0, true, true, false); |
| // Which means the origin for the first tab has also been contaminated with |
| // insecure content. |
| - CheckAuthenticationBrokenState(tab1, 0, true, false); |
| + CheckAuthenticationBrokenState(tab1, 0, false, true, false); |
|
joleksy
2014/03/03 11:22:45
Note: RAN_INSECURE_CONTENT is stored at host level
Ryan Sleevi
2014/03/11 01:46:55
Right. Active content has the potential of corrupt
|
| } |
| // Visits a page with an image over http. Visits another page over https |
| @@ -1073,7 +1101,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) { |
| // content (even though the image comes from the WebCore memory cache). |
| const GURL url_https = https_server_.GetURL(replacement_path); |
| ui_test_utils::NavigateToURL(browser(), url_https); |
| - CheckAuthenticationBrokenState(tab, 0, true, false); |
| + CheckAuthenticationBrokenState(tab, 0, true, true, false); |
| } |
| // This test ensures the CN invalid status does not 'stick' to a certificate |
| @@ -1090,10 +1118,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) { |
| // We get an interstitial page as a result. |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| - false, true); // Interstitial showing. |
| + false, false, true); // Interstitial showing. |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| - false, false); // No interstitial showing. |
| + false, false, false); // No interstitial. |
| // Now we try again with the right host name this time. |
| GURL url(https_server_.GetURL("files/ssl/google.html")); |
| @@ -1108,7 +1136,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) { |
| // Since we OKed the interstitial last time, we get right to the page. |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| - false, false); // No interstitial showing. |
| + false, false, false); // No interstitial. |
| } |
| #if defined(OS_CHROMEOS) |
| @@ -1128,12 +1156,12 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing. |
| + false, true); // Interstitial showing. |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No interstitial showing. |
| + false, false); // No interstitial showing. |
| // Now navigate to a ref in the page, the security state should not have |
| // changed. |
| @@ -1141,7 +1169,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { |
| https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No interstitial showing. |
| + false, false); // No interstitial showing. |
| } |
| // Tests that closing a page that has a unsafe pop-up does not crash the |
| @@ -1201,7 +1229,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) { |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing. |
| + false, true); // Interstitial showing. |
| ProceedThroughInterstitial(tab); |
| @@ -1220,12 +1248,12 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing. |
| + false, true); // Interstitial showing. |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No interstitial showing. |
| + false, false); // No interstitial showing. |
| } |
| // Visit a page over http that is a redirect to a page with good HTTPS. |
| @@ -1258,12 +1286,12 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) { |
| ui_test_utils::NavigateToURL(browser(), |
| GURL(http_url.spec() + bad_https_url.spec())); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing. |
| + false, true); // Interstitial showing. |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No interstitial showing. |
| + false, false); // No interstitial showing. |
| } |
| // Visit a page over https that is a redirect to a page with http (to make sure |
| @@ -1389,7 +1417,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) { |
| } |
| // Our state should be unathenticated (in the ran mixed script sense) |
| - CheckBrokenAuthenticatedState(tab); |
| + CheckBrokenAuthenticatedState(tab, true); |
| // Go back, our state should be unchanged. |
| { |
| @@ -1400,7 +1428,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) { |
| observer.Wait(); |
| } |
| - CheckBrokenAuthenticatedState(tab); |
| + CheckBrokenAuthenticatedState(tab, true); |
| } |
| // From a bad HTTPS top frame: |
| @@ -1419,7 +1447,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) { |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_expired_.GetURL(top_frame_path)); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| ProceedThroughInterstitial(tab); |
| @@ -1437,7 +1465,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) { |
| // We should still be authentication broken. |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); |
| + false, false); |
| } |
| // From an HTTP top frame, navigate to good and bad HTTPS (security state should |
| @@ -1534,10 +1562,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) { |
| https_server_expired_.GetURL("files/ssl/blank_page.html")); |
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| ProceedThroughInterstitial(tab); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - false); // No Interstitial |
| + false, false); // No Interstitial |
| // Navigate to safe page that has Worker loading unsafe content. |
| // Expect content to load but be marked as auth broken due to running insecure |
| @@ -1548,7 +1576,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) { |
| ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( |
| page_with_unsafe_worker_path)); |
| CheckWorkerLoadResult(tab, true); // Worker loads insecure content |
| - CheckAuthenticationBrokenState(tab, 0, true, false); |
| + CheckAuthenticationBrokenState(tab, 0, false, true, false); |
| } |
| // Test that when the browser blocks displaying insecure content (images), the |
| @@ -1652,7 +1680,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) { |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_expired_.GetURL("files/ssl/google.html")); |
| CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, |
| - true); // Interstitial showing |
| + false, true); // Interstitial showing |
| InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| content::RenderViewHost* interstitial_rvh = |
