OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <windows.h> | |
6 | |
7 #include <wininet.h> | |
8 | |
5 #include "content/browser/download/quarantine.h" | 9 #include "content/browser/download/quarantine.h" |
6 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
7 #include "base/files/file_util.h" | 11 #include "base/files/file_util.h" |
8 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
9 #include "base/test/histogram_tester.h" | 13 #include "base/test/histogram_tester.h" |
10 #include "net/base/filename_util.h" | 14 #include "net/base/filename_util.h" |
11 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
12 #include "url/gurl.h" | 16 #include "url/gurl.h" |
13 | 17 |
14 namespace content { | 18 namespace content { |
(...skipping 19 matching lines...) Expand all Loading... | |
34 QuarantineFile(test_dir.path().AppendASCII("does-not-exist.exe"), | 38 QuarantineFile(test_dir.path().AppendASCII("does-not-exist.exe"), |
35 GURL(kDummySourceUrl), GURL(kDummyReferrerUrl), | 39 GURL(kDummySourceUrl), GURL(kDummyReferrerUrl), |
36 kDummyClientGuid)); | 40 kDummyClientGuid)); |
37 } | 41 } |
38 | 42 |
39 // On Windows systems, files downloaded from a local source are considered | 43 // On Windows systems, files downloaded from a local source are considered |
40 // trustworthy. Hence they aren't annotated with source information. This test | 44 // trustworthy. Hence they aren't annotated with source information. This test |
41 // verifies this behavior since the other tests in this suite would pass with a | 45 // verifies this behavior since the other tests in this suite would pass with a |
42 // false positive if local files are being annotated with the MOTW for the | 46 // false positive if local files are being annotated with the MOTW for the |
43 // internet zone. | 47 // internet zone. |
44 TEST(QuarantineWinTest, LocalFileZoneAssumption_DependsOnLocalConfig) { | 48 TEST(QuarantineWinTest, LocalFile_DependsOnLocalConfig) { |
45 base::HistogramTester histogram_tester; | 49 base::HistogramTester histogram_tester; |
46 base::ScopedTempDir test_dir; | 50 base::ScopedTempDir test_dir; |
47 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 51 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
48 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 52 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
49 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
50 | 53 |
51 EXPECT_EQ(QuarantineFileResult::OK, | 54 const char* const kLocalSourceURLs[] = { |
52 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 55 "http://localhost/foo", |
53 kDummyClientGuid)); | 56 "file:///C:/some-local-dir/foo.exe" |
54 std::string contents; | 57 }; |
55 EXPECT_FALSE(base::ReadFileToString( | 58 |
56 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 59 for (const auto source_url : kLocalSourceURLs) { |
60 SCOPED_TRACE(::testing::Message() << "Trying URL " << source_url); | |
61 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
62 | |
63 EXPECT_EQ( | |
64 QuarantineFileResult::OK, | |
65 QuarantineFile(test_file, GURL(source_url), GURL(), kDummyClientGuid)); | |
66 | |
67 std::string motw_contents; | |
68 base::ReadFileToString( | |
69 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents); | |
70 | |
71 // These warnings aren't displayed on successful test runs. They are there | |
72 // so that we can check for deviations in behavior during manual testing. | |
73 if (!motw_contents.empty()) { | |
74 LOG(WARNING) << "Unexpected zone marker for file " << test_file.value() | |
75 << " Source URL:" << source_url; | |
76 if (motw_contents != kMotwForInternetZone) | |
77 LOG(WARNING) << "Zone marker contents: " << motw_contents; | |
78 } | |
79 | |
80 base::DeleteFile(test_file, false); | |
81 } | |
57 | 82 |
58 // Bucket 1 is SUCCESS_WITHOUT_MOTW. | 83 // Bucket 1 is SUCCESS_WITHOUT_MOTW. |
59 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 1, | 84 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 1, |
60 1); | 85 arraysize(kLocalSourceURLs)); |
61 } | 86 } |
62 | 87 |
63 // A file downloaded from the internet should be annotated with .. something. | 88 // A file downloaded from the internet should be annotated with .. something. |
64 // The specific zone assigned to our dummy source URL depends on the local | 89 // The specific zone assigned to our dummy source URL depends on the local |
65 // configuration. But no sane configuration should be treating the dummy URL as | 90 // configuration. But no sane configuration should be treating the dummy URL as |
66 // a trusted source for anything. | 91 // a trusted source for anything. |
67 TEST(QuarantineWinTest, DownloadedFile_DependsOnLocalConfig) { | 92 TEST(QuarantineWinTest, DownloadedFile_DependsOnLocalConfig) { |
68 base::HistogramTester histogram_tester; | 93 base::HistogramTester histogram_tester; |
69 base::ScopedTempDir test_dir; | 94 base::ScopedTempDir test_dir; |
70 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 95 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
71 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 96 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
97 | |
98 const char* const kUnsafeSourceURLs[] = { | |
99 "http://example.com/foo", | |
100 "https://example.com/foo", | |
101 "ftp://example.com/foo", | |
102 "ftp://example.com:2121/foo", | |
103 "data:text/plain,Hello%20world", | |
104 "blob://example.com/126278b3-58f3-4b4a-a914-1d1185d634f6", | |
105 "about:internet", | |
106 "" | |
107 }; | |
108 | |
109 for (const auto source_url : kUnsafeSourceURLs) { | |
110 SCOPED_TRACE(::testing::Message() << "Trying URL " << source_url); | |
111 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
112 EXPECT_EQ( | |
113 QuarantineFileResult::OK, | |
114 QuarantineFile(test_file, GURL(source_url), GURL(), kDummyClientGuid)); | |
115 std::string motw_contents; | |
116 ASSERT_TRUE(base::ReadFileToString( | |
117 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); | |
118 // The actual assigned zone could be anything. So only testing that there is | |
119 // a zone annotation. | |
120 EXPECT_FALSE(motw_contents.empty()); | |
121 | |
122 // These warnings aren't displayed on successful test runs. They are there | |
123 // so that we can check for deviations in behavior during manual testing. | |
124 if (motw_contents != kMotwForInternetZone) | |
125 LOG(WARNING) << "Unexpected zone marker: " << motw_contents; | |
126 base::DeleteFile(test_file, false); | |
127 } | |
128 | |
129 // Bucket 0 is SUCCESS_WITH_MOTW. | |
130 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, | |
131 arraysize(kUnsafeSourceURLs)); | |
132 } | |
133 | |
134 TEST(QuarantineWinTest, UnsafeReferrer_DependsOnLocalConfig) { | |
135 base::HistogramTester histogram_tester; | |
136 base::ScopedTempDir test_dir; | |
137 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | |
138 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | |
139 | |
140 std::string referrer_string = "http://example.com/"; | |
elawrence
2016/09/23 20:27:25
Nit: Maybe name "huge_referrer_string" or similar
asanka
2016/09/23 20:41:15
Done.
| |
141 referrer_string.append(INTERNET_MAX_URL_LENGTH * 2, 'a'); | |
142 | |
143 const char* const kUnsafeReferrerURLs[] = { | |
144 "http://example.com/foo", | |
145 "https://example.com/foo", | |
146 "ftp://example.com/foo", | |
147 "ftp://example.com:2121/foo", | |
148 "data:text/plain,Hello%20world", | |
149 "blob://example.com/126278b3-58f3-4b4a-a914-1d1185d634f6", | |
150 "about:internet", | |
151 "" | |
152 }; | |
153 | |
154 std::vector<std::string> unsafe_referrers(std::begin(kUnsafeReferrerURLs), | |
155 std::end(kUnsafeReferrerURLs)); | |
156 unsafe_referrers.push_back(referrer_string); | |
157 | |
158 for (const auto referrer_url : unsafe_referrers) { | |
159 SCOPED_TRACE(::testing::Message() << "Trying URL " << referrer_url); | |
160 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
161 EXPECT_EQ(QuarantineFileResult::OK, | |
162 QuarantineFile(test_file, GURL("http://example.com/good"), | |
163 GURL(referrer_url), kDummyClientGuid)); | |
164 std::string motw_contents; | |
165 ASSERT_TRUE(base::ReadFileToString( | |
166 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); | |
167 // The actual assigned zone could be anything. So only testing that there is | |
168 // a zone annotation. | |
169 EXPECT_FALSE(motw_contents.empty()); | |
170 | |
171 // These warnings aren't displayed on successful test runs. They are there | |
172 // so that we can check for deviations in behavior during manual testing. | |
173 if (motw_contents != kMotwForInternetZone) | |
174 LOG(WARNING) << "Unexpected zone marker: " << motw_contents; | |
175 base::DeleteFile(test_file, false); | |
176 } | |
177 | |
178 // Bucket 0 is SUCCESS_WITH_MOTW. | |
179 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, | |
180 unsafe_referrers.size()); | |
181 } | |
182 | |
183 // An empty source URL should result in a file that's treated the same as one | |
184 // downloaded from the internet. | |
185 TEST(QuarantineWinTest, EmptySource_DependsOnLocalConfig) { | |
186 base::HistogramTester histogram_tester; | |
187 base::ScopedTempDir test_dir; | |
188 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | |
189 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | |
72 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | 190 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
73 | 191 |
74 EXPECT_EQ(QuarantineFileResult::OK, | 192 EXPECT_EQ(QuarantineFileResult::OK, |
75 QuarantineFile(test_file, GURL(kDummySourceUrl), | 193 QuarantineFile(test_file, GURL(), GURL(), kDummyClientGuid)); |
76 GURL(kDummyReferrerUrl), kDummyClientGuid)); | 194 std::string motw_contents; |
77 std::string contents; | |
78 ASSERT_TRUE(base::ReadFileToString( | 195 ASSERT_TRUE(base::ReadFileToString( |
79 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 196 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
80 // The actual assigned zone could be anything. So only testing that there is a | 197 // The actual assigned zone could be anything. So only testing that there is a |
81 // zone annotation. | 198 // zone annotation. |
82 EXPECT_FALSE(contents.empty()); | 199 EXPECT_FALSE(motw_contents.empty()); |
83 | 200 |
84 // Bucket 0 is SUCCESS_WITH_MOTW. | 201 // Bucket 0 is SUCCESS_WITH_MOTW. |
85 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, | 202 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, |
86 1); | 203 1); |
87 } | 204 } |
88 | 205 |
89 // Empty files aren't passed to AVScanFile. They are instead marked manually. If | 206 // Empty files aren't passed to AVScanFile. They are instead marked manually. If |
90 // the file is passed to AVScanFile, then there wouldn't be a MOTW attached to | 207 // the file is passed to AVScanFile, then there wouldn't be a MOTW attached to |
91 // it and the test would fail. | 208 // it and the test would fail. |
92 TEST(QuarantineWinTest, EmptyFile) { | 209 TEST(QuarantineWinTest, EmptyFile) { |
93 base::ScopedTempDir test_dir; | 210 base::ScopedTempDir test_dir; |
94 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 211 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
95 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 212 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
96 ASSERT_EQ(0, base::WriteFile(test_file, "", 0u)); | 213 ASSERT_EQ(0, base::WriteFile(test_file, "", 0u)); |
97 | 214 |
98 EXPECT_EQ(QuarantineFileResult::OK, | 215 EXPECT_EQ(QuarantineFileResult::OK, |
99 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 216 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), |
100 kDummyClientGuid)); | 217 kDummyClientGuid)); |
101 std::string contents; | 218 std::string motw_contents; |
102 ASSERT_TRUE(base::ReadFileToString( | 219 ASSERT_TRUE(base::ReadFileToString( |
103 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 220 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
104 EXPECT_STREQ(kMotwForInternetZone, contents.c_str()); | 221 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); |
105 } | 222 } |
106 | 223 |
107 // If there is no client GUID supplied to the QuarantineFile() call, then rather | 224 // If there is no client GUID supplied to the QuarantineFile() call, then rather |
108 // than invoking AVScanFile, the MOTW will be applied manually. If the file is | 225 // than invoking AVScanFile, the MOTW will be applied manually. If the file is |
109 // passed to AVScanFile, then there wouldn't be a MOTW attached to it and the | 226 // passed to AVScanFile, then there wouldn't be a MOTW attached to it and the |
110 // test would fail. | 227 // test would fail. |
111 TEST(QuarantineWinTest, NoClientGuid) { | 228 TEST(QuarantineWinTest, NoClientGuid) { |
112 base::ScopedTempDir test_dir; | 229 base::ScopedTempDir test_dir; |
113 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 230 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
114 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 231 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
115 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | 232 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
116 | 233 |
117 EXPECT_EQ(QuarantineFileResult::OK, | 234 EXPECT_EQ(QuarantineFileResult::OK, |
118 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 235 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), |
119 std::string())); | 236 std::string())); |
120 std::string contents; | 237 std::string motw_contents; |
121 ASSERT_TRUE(base::ReadFileToString( | 238 ASSERT_TRUE(base::ReadFileToString( |
122 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 239 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
123 EXPECT_STREQ(kMotwForInternetZone, contents.c_str()); | 240 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); |
241 } | |
242 | |
243 // URLs longer than INTERNET_MAX_URL_LENGTH are known to break URLMon. Such a | |
244 // URL, when used as a source URL shouldn't break QuarantineFile() which should | |
245 // mark the file as being from the internet zone as a safe fallback. | |
246 TEST(QuarantineWinTest, SuperLongURL) { | |
247 base::ScopedTempDir test_dir; | |
248 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | |
249 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | |
250 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
251 | |
252 std::string source_url("http://example.com/"); | |
253 source_url.append(INTERNET_MAX_URL_LENGTH * 2, 'a'); | |
254 EXPECT_EQ(QuarantineFileResult::OK, | |
255 QuarantineFile(test_file, GURL(source_url), GURL(), std::string())); | |
256 | |
257 std::string motw_contents; | |
258 ASSERT_TRUE(base::ReadFileToString( | |
259 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); | |
260 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); | |
124 } | 261 } |
125 | 262 |
126 } // content | 263 } // content |
OLD | NEW |