OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include <windows.h> |
| 6 |
| 7 #include <wininet.h> |
| 8 |
5 #include "content/browser/download/quarantine.h" | 9 #include "content/browser/download/quarantine.h" |
6 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
7 #include "base/files/file_util.h" | 11 #include "base/files/file_util.h" |
8 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
9 #include "base/test/histogram_tester.h" | 13 #include "base/test/histogram_tester.h" |
10 #include "net/base/filename_util.h" | 14 #include "net/base/filename_util.h" |
11 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
12 #include "url/gurl.h" | 16 #include "url/gurl.h" |
13 | 17 |
14 namespace content { | 18 namespace content { |
15 | 19 |
16 namespace { | 20 namespace { |
17 | 21 |
18 const char kDummySourceUrl[] = "https://example.com/foo"; | 22 const char kDummySourceUrl[] = "https://example.com/foo"; |
19 const char kDummyReferrerUrl[] = "https://example.com/referrer"; | 23 const char kDummyReferrerUrl[] = "https://example.com/referrer"; |
20 const char kDummyClientGuid[] = "A1B69307-8FA2-4B6F-9181-EA06051A48A7"; | 24 const char kDummyClientGuid[] = "A1B69307-8FA2-4B6F-9181-EA06051A48A7"; |
21 | 25 |
22 const char kMotwForInternetZone[] = "[ZoneTransfer]\r\nZoneId=3\r\n"; | 26 const char kMotwForInternetZone[] = "[ZoneTransfer]\r\nZoneId=3\r\n"; |
23 const base::FilePath::CharType kMotwStreamSuffix[] = | 27 const base::FilePath::CharType kMotwStreamSuffix[] = |
24 FILE_PATH_LITERAL(":Zone.Identifier"); | 28 FILE_PATH_LITERAL(":Zone.Identifier"); |
25 | 29 |
| 30 const char* const kUntrustedURLs[] = { |
| 31 "http://example.com/foo", |
| 32 "https://example.com/foo", |
| 33 "ftp://example.com/foo", |
| 34 "ftp://example.com:2121/foo", |
| 35 "data:text/plain,Hello%20world", |
| 36 "blob://example.com/126278b3-58f3-4b4a-a914-1d1185d634f6", |
| 37 "about:internet", |
| 38 ""}; |
| 39 |
26 } // namespace | 40 } // namespace |
27 | 41 |
28 // If the file is missing, the QuarantineFile() call should return FILE_MISSING. | 42 // If the file is missing, the QuarantineFile() call should return FILE_MISSING. |
29 TEST(QuarantineWinTest, MissingFile) { | 43 TEST(QuarantineWinTest, MissingFile) { |
30 base::ScopedTempDir test_dir; | 44 base::ScopedTempDir test_dir; |
31 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 45 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
32 | 46 |
33 EXPECT_EQ(QuarantineFileResult::FILE_MISSING, | 47 EXPECT_EQ(QuarantineFileResult::FILE_MISSING, |
34 QuarantineFile(test_dir.path().AppendASCII("does-not-exist.exe"), | 48 QuarantineFile(test_dir.path().AppendASCII("does-not-exist.exe"), |
35 GURL(kDummySourceUrl), GURL(kDummyReferrerUrl), | 49 GURL(kDummySourceUrl), GURL(kDummyReferrerUrl), |
36 kDummyClientGuid)); | 50 kDummyClientGuid)); |
37 } | 51 } |
38 | 52 |
39 // On Windows systems, files downloaded from a local source are considered | 53 // On Windows systems, files downloaded from a local source are considered |
40 // trustworthy. Hence they aren't annotated with source information. This test | 54 // trustworthy. Hence they aren't annotated with source information. This test |
41 // verifies this behavior since the other tests in this suite would pass with a | 55 // verifies this behavior since the other tests in this suite would pass with a |
42 // false positive if local files are being annotated with the MOTW for the | 56 // false positive if local files are being annotated with the MOTW for the |
43 // internet zone. | 57 // internet zone. |
44 TEST(QuarantineWinTest, LocalFileZoneAssumption_DependsOnLocalConfig) { | 58 TEST(QuarantineWinTest, LocalFile_DependsOnLocalConfig) { |
45 base::HistogramTester histogram_tester; | 59 base::HistogramTester histogram_tester; |
46 base::ScopedTempDir test_dir; | 60 base::ScopedTempDir test_dir; |
47 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 61 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
48 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 62 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
49 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | |
50 | 63 |
51 EXPECT_EQ(QuarantineFileResult::OK, | 64 const char* const kLocalSourceURLs[] = { |
52 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 65 "http://localhost/foo", |
53 kDummyClientGuid)); | 66 "file:///C:/some-local-dir/foo.exe" |
54 std::string contents; | 67 }; |
55 EXPECT_FALSE(base::ReadFileToString( | 68 |
56 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 69 for (const auto source_url : kLocalSourceURLs) { |
| 70 SCOPED_TRACE(::testing::Message() << "Trying URL " << source_url); |
| 71 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
| 72 |
| 73 EXPECT_EQ( |
| 74 QuarantineFileResult::OK, |
| 75 QuarantineFile(test_file, GURL(source_url), GURL(), kDummyClientGuid)); |
| 76 |
| 77 std::string motw_contents; |
| 78 base::ReadFileToString( |
| 79 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents); |
| 80 |
| 81 // These warnings aren't displayed on successful test runs. They are there |
| 82 // so that we can check for deviations in behavior during manual testing. |
| 83 if (!motw_contents.empty()) { |
| 84 LOG(WARNING) << "Unexpected zone marker for file " << test_file.value() |
| 85 << " Source URL:" << source_url; |
| 86 if (motw_contents != kMotwForInternetZone) |
| 87 LOG(WARNING) << "Zone marker contents: " << motw_contents; |
| 88 } |
| 89 |
| 90 base::DeleteFile(test_file, false); |
| 91 } |
57 | 92 |
58 // Bucket 1 is SUCCESS_WITHOUT_MOTW. | 93 // Bucket 1 is SUCCESS_WITHOUT_MOTW. |
59 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 1, | 94 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 1, |
60 1); | 95 arraysize(kLocalSourceURLs)); |
61 } | 96 } |
62 | 97 |
63 // A file downloaded from the internet should be annotated with .. something. | 98 // A file downloaded from the internet should be annotated with .. something. |
64 // The specific zone assigned to our dummy source URL depends on the local | 99 // The specific zone assigned to our dummy source URL depends on the local |
65 // configuration. But no sane configuration should be treating the dummy URL as | 100 // configuration. But no sane configuration should be treating the dummy URL as |
66 // a trusted source for anything. | 101 // a trusted source for anything. |
67 TEST(QuarantineWinTest, DownloadedFile_DependsOnLocalConfig) { | 102 TEST(QuarantineWinTest, DownloadedFile_DependsOnLocalConfig) { |
68 base::HistogramTester histogram_tester; | 103 base::HistogramTester histogram_tester; |
69 base::ScopedTempDir test_dir; | 104 base::ScopedTempDir test_dir; |
70 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 105 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
71 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 106 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
| 107 |
| 108 for (const auto source_url : kUntrustedURLs) { |
| 109 SCOPED_TRACE(::testing::Message() << "Trying URL " << source_url); |
| 110 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
| 111 EXPECT_EQ( |
| 112 QuarantineFileResult::OK, |
| 113 QuarantineFile(test_file, GURL(source_url), GURL(), kDummyClientGuid)); |
| 114 std::string motw_contents; |
| 115 ASSERT_TRUE(base::ReadFileToString( |
| 116 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
| 117 // The actual assigned zone could be anything. So only testing that there is |
| 118 // a zone annotation. |
| 119 EXPECT_FALSE(motw_contents.empty()); |
| 120 |
| 121 // These warnings aren't displayed on successful test runs. They are there |
| 122 // so that we can check for deviations in behavior during manual testing. |
| 123 if (motw_contents != kMotwForInternetZone) |
| 124 LOG(WARNING) << "Unexpected zone marker: " << motw_contents; |
| 125 base::DeleteFile(test_file, false); |
| 126 } |
| 127 |
| 128 // Bucket 0 is SUCCESS_WITH_MOTW. |
| 129 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, |
| 130 arraysize(kUntrustedURLs)); |
| 131 } |
| 132 |
| 133 TEST(QuarantineWinTest, UnsafeReferrer_DependsOnLocalConfig) { |
| 134 base::HistogramTester histogram_tester; |
| 135 base::ScopedTempDir test_dir; |
| 136 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
| 137 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
| 138 |
| 139 std::vector<std::string> unsafe_referrers(std::begin(kUntrustedURLs), |
| 140 std::end(kUntrustedURLs)); |
| 141 |
| 142 std::string huge_referrer = "http://example.com/"; |
| 143 huge_referrer.append(INTERNET_MAX_URL_LENGTH * 2, 'a'); |
| 144 unsafe_referrers.push_back(huge_referrer); |
| 145 |
| 146 for (const auto referrer_url : unsafe_referrers) { |
| 147 SCOPED_TRACE(::testing::Message() << "Trying URL " << referrer_url); |
| 148 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
| 149 EXPECT_EQ(QuarantineFileResult::OK, |
| 150 QuarantineFile(test_file, GURL("http://example.com/good"), |
| 151 GURL(referrer_url), kDummyClientGuid)); |
| 152 std::string motw_contents; |
| 153 ASSERT_TRUE(base::ReadFileToString( |
| 154 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
| 155 // The actual assigned zone could be anything. So only testing that there is |
| 156 // a zone annotation. |
| 157 EXPECT_FALSE(motw_contents.empty()); |
| 158 |
| 159 // These warnings aren't displayed on successful test runs. They are there |
| 160 // so that we can check for deviations in behavior during manual testing. |
| 161 if (motw_contents != kMotwForInternetZone) |
| 162 LOG(WARNING) << "Unexpected zone marker: " << motw_contents; |
| 163 base::DeleteFile(test_file, false); |
| 164 } |
| 165 |
| 166 // Bucket 0 is SUCCESS_WITH_MOTW. |
| 167 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, |
| 168 unsafe_referrers.size()); |
| 169 } |
| 170 |
| 171 // An empty source URL should result in a file that's treated the same as one |
| 172 // downloaded from the internet. |
| 173 TEST(QuarantineWinTest, EmptySource_DependsOnLocalConfig) { |
| 174 base::HistogramTester histogram_tester; |
| 175 base::ScopedTempDir test_dir; |
| 176 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
| 177 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
72 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | 178 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
73 | 179 |
74 EXPECT_EQ(QuarantineFileResult::OK, | 180 EXPECT_EQ(QuarantineFileResult::OK, |
75 QuarantineFile(test_file, GURL(kDummySourceUrl), | 181 QuarantineFile(test_file, GURL(), GURL(), kDummyClientGuid)); |
76 GURL(kDummyReferrerUrl), kDummyClientGuid)); | 182 std::string motw_contents; |
77 std::string contents; | |
78 ASSERT_TRUE(base::ReadFileToString( | 183 ASSERT_TRUE(base::ReadFileToString( |
79 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 184 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
80 // The actual assigned zone could be anything. So only testing that there is a | 185 // The actual assigned zone could be anything. So only testing that there is a |
81 // zone annotation. | 186 // zone annotation. |
82 EXPECT_FALSE(contents.empty()); | 187 EXPECT_FALSE(motw_contents.empty()); |
83 | 188 |
84 // Bucket 0 is SUCCESS_WITH_MOTW. | 189 // Bucket 0 is SUCCESS_WITH_MOTW. |
85 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, | 190 histogram_tester.ExpectUniqueSample("Download.AttachmentServices.Result", 0, |
86 1); | 191 1); |
87 } | 192 } |
88 | 193 |
89 // Empty files aren't passed to AVScanFile. They are instead marked manually. If | 194 // Empty files aren't passed to AVScanFile. They are instead marked manually. If |
90 // the file is passed to AVScanFile, then there wouldn't be a MOTW attached to | 195 // the file is passed to AVScanFile, then there wouldn't be a MOTW attached to |
91 // it and the test would fail. | 196 // it and the test would fail. |
92 TEST(QuarantineWinTest, EmptyFile) { | 197 TEST(QuarantineWinTest, EmptyFile) { |
93 base::ScopedTempDir test_dir; | 198 base::ScopedTempDir test_dir; |
94 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 199 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
95 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 200 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
96 ASSERT_EQ(0, base::WriteFile(test_file, "", 0u)); | 201 ASSERT_EQ(0, base::WriteFile(test_file, "", 0u)); |
97 | 202 |
98 EXPECT_EQ(QuarantineFileResult::OK, | 203 EXPECT_EQ(QuarantineFileResult::OK, |
99 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 204 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), |
100 kDummyClientGuid)); | 205 kDummyClientGuid)); |
101 std::string contents; | 206 std::string motw_contents; |
102 ASSERT_TRUE(base::ReadFileToString( | 207 ASSERT_TRUE(base::ReadFileToString( |
103 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 208 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
104 EXPECT_STREQ(kMotwForInternetZone, contents.c_str()); | 209 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); |
105 } | 210 } |
106 | 211 |
107 // If there is no client GUID supplied to the QuarantineFile() call, then rather | 212 // If there is no client GUID supplied to the QuarantineFile() call, then rather |
108 // than invoking AVScanFile, the MOTW will be applied manually. If the file is | 213 // than invoking AVScanFile, the MOTW will be applied manually. If the file is |
109 // passed to AVScanFile, then there wouldn't be a MOTW attached to it and the | 214 // passed to AVScanFile, then there wouldn't be a MOTW attached to it and the |
110 // test would fail. | 215 // test would fail. |
111 TEST(QuarantineWinTest, NoClientGuid) { | 216 TEST(QuarantineWinTest, NoClientGuid) { |
112 base::ScopedTempDir test_dir; | 217 base::ScopedTempDir test_dir; |
113 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); | 218 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
114 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); | 219 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
115 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); | 220 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
116 | 221 |
117 EXPECT_EQ(QuarantineFileResult::OK, | 222 EXPECT_EQ(QuarantineFileResult::OK, |
118 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), | 223 QuarantineFile(test_file, net::FilePathToFileURL(test_file), GURL(), |
119 std::string())); | 224 std::string())); |
120 std::string contents; | 225 std::string motw_contents; |
121 ASSERT_TRUE(base::ReadFileToString( | 226 ASSERT_TRUE(base::ReadFileToString( |
122 base::FilePath(test_file.value() + kMotwStreamSuffix), &contents)); | 227 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
123 EXPECT_STREQ(kMotwForInternetZone, contents.c_str()); | 228 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); |
| 229 } |
| 230 |
| 231 // URLs longer than INTERNET_MAX_URL_LENGTH are known to break URLMon. Such a |
| 232 // URL, when used as a source URL shouldn't break QuarantineFile() which should |
| 233 // mark the file as being from the internet zone as a safe fallback. |
| 234 TEST(QuarantineWinTest, SuperLongURL) { |
| 235 base::ScopedTempDir test_dir; |
| 236 ASSERT_TRUE(test_dir.CreateUniqueTempDir()); |
| 237 base::FilePath test_file = test_dir.path().AppendASCII("foo.exe"); |
| 238 ASSERT_EQ(5, base::WriteFile(test_file, "Hello", 5u)); |
| 239 |
| 240 std::string source_url("http://example.com/"); |
| 241 source_url.append(INTERNET_MAX_URL_LENGTH * 2, 'a'); |
| 242 EXPECT_EQ(QuarantineFileResult::OK, |
| 243 QuarantineFile(test_file, GURL(source_url), GURL(), std::string())); |
| 244 |
| 245 std::string motw_contents; |
| 246 ASSERT_TRUE(base::ReadFileToString( |
| 247 base::FilePath(test_file.value() + kMotwStreamSuffix), &motw_contents)); |
| 248 EXPECT_STREQ(kMotwForInternetZone, motw_contents.c_str()); |
124 } | 249 } |
125 | 250 |
126 } // content | 251 } // content |
OLD | NEW |