OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This test creates a fake safebrowsing service, where we can inject known- | 5 // This test creates a fake safebrowsing service, where we can inject known- |
6 // threat urls. It then uses a real browser to go to these urls, and sends | 6 // threat urls. It then uses a real browser to go to these urls, and sends |
7 // "goback" or "proceed" commands and verifies they work. | 7 // "goback" or "proceed" commands and verifies they work. |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
13 #include "base/macros.h" | 13 #include "base/macros.h" |
14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
16 #include "base/test/histogram_tester.h" | 16 #include "base/test/histogram_tester.h" |
17 #include "base/values.h" | 17 #include "base/values.h" |
18 #include "build/build_config.h" | 18 #include "build/build_config.h" |
19 #include "chrome/browser/browser_process.h" | 19 #include "chrome/browser/browser_process.h" |
20 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" | 20 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" |
21 #include "chrome/browser/net/url_request_mock_util.h" | 21 #include "chrome/browser/net/url_request_mock_util.h" |
22 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
23 #include "chrome/browser/safe_browsing/local_database_manager.h" | 23 #include "chrome/browser/safe_browsing/local_database_manager.h" |
24 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 24 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
25 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" | 25 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" |
26 #include "chrome/browser/safe_browsing/threat_details.h" | 26 #include "chrome/browser/safe_browsing/threat_details.h" |
27 #include "chrome/browser/safe_browsing/ui_manager.h" | 27 #include "chrome/browser/safe_browsing/ui_manager.h" |
28 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | |
29 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | |
30 #include "chrome/browser/ssl/ssl_blocking_page.h" | |
28 #include "chrome/browser/ui/browser.h" | 31 #include "chrome/browser/ui/browser.h" |
29 #include "chrome/browser/ui/browser_tabstrip.h" | 32 #include "chrome/browser/ui/browser_tabstrip.h" |
30 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 33 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
31 #include "chrome/common/pref_names.h" | 34 #include "chrome/common/pref_names.h" |
32 #include "chrome/common/url_constants.h" | 35 #include "chrome/common/url_constants.h" |
33 #include "chrome/test/base/in_process_browser_test.h" | 36 #include "chrome/test/base/in_process_browser_test.h" |
34 #include "chrome/test/base/ui_test_utils.h" | 37 #include "chrome/test/base/ui_test_utils.h" |
35 #include "components/prefs/pref_service.h" | 38 #include "components/prefs/pref_service.h" |
36 #include "components/safe_browsing_db/database_manager.h" | 39 #include "components/safe_browsing_db/database_manager.h" |
37 #include "components/safe_browsing_db/test_database_manager.h" | 40 #include "components/safe_browsing_db/test_database_manager.h" |
38 #include "components/safe_browsing_db/util.h" | 41 #include "components/safe_browsing_db/util.h" |
39 #include "components/security_interstitials/core/controller_client.h" | 42 #include "components/security_interstitials/core/controller_client.h" |
40 #include "components/security_interstitials/core/metrics_helper.h" | 43 #include "components/security_interstitials/core/metrics_helper.h" |
41 #include "content/public/browser/interstitial_page.h" | 44 #include "content/public/browser/interstitial_page.h" |
42 #include "content/public/browser/navigation_controller.h" | 45 #include "content/public/browser/navigation_controller.h" |
43 #include "content/public/browser/notification_types.h" | 46 #include "content/public/browser/notification_types.h" |
44 #include "content/public/browser/render_frame_host.h" | 47 #include "content/public/browser/render_frame_host.h" |
45 #include "content/public/browser/render_process_host.h" | 48 #include "content/public/browser/render_process_host.h" |
46 #include "content/public/browser/web_contents.h" | 49 #include "content/public/browser/web_contents.h" |
47 #include "content/public/test/browser_test_utils.h" | 50 #include "content/public/test/browser_test_utils.h" |
48 #include "content/public/test/test_browser_thread.h" | 51 #include "content/public/test/test_browser_thread.h" |
49 #include "content/public/test/test_utils.h" | 52 #include "content/public/test/test_utils.h" |
53 #include "net/cert/cert_verify_result.h" | |
54 #include "net/cert/mock_cert_verifier.h" | |
55 #include "net/test/embedded_test_server/embedded_test_server.h" | |
50 #include "net/test/url_request/url_request_mock_http_job.h" | 56 #include "net/test/url_request/url_request_mock_http_job.h" |
51 | 57 |
52 using chrome_browser_interstitials::SecurityInterstitialIDNTest; | 58 using chrome_browser_interstitials::SecurityInterstitialIDNTest; |
53 using content::BrowserThread; | 59 using content::BrowserThread; |
54 using content::InterstitialPage; | 60 using content::InterstitialPage; |
55 using content::NavigationController; | 61 using content::NavigationController; |
56 using content::RenderFrameHost; | 62 using content::RenderFrameHost; |
57 using content::WebContents; | 63 using content::WebContents; |
58 | 64 |
59 namespace safe_browsing { | 65 namespace safe_browsing { |
60 | 66 |
61 namespace { | 67 namespace { |
62 | 68 |
63 const char kEmptyPage[] = "empty.html"; | 69 const char kEmptyPage[] = "empty.html"; |
70 const char kHTTPSPage[] = "/ssl/google.html"; | |
64 const char kMalwarePage[] = "safe_browsing/malware.html"; | 71 const char kMalwarePage[] = "safe_browsing/malware.html"; |
65 const char kCrossSiteMalwarePage[] = "safe_browsing/malware2.html"; | 72 const char kCrossSiteMalwarePage[] = "safe_browsing/malware2.html"; |
66 const char kMalwareIframe[] = "safe_browsing/malware_iframe.html"; | 73 const char kMalwareIframe[] = "safe_browsing/malware_iframe.html"; |
67 const char kCrossSiteIframeUrl[] = "http://example.com/cross_site_iframe.html"; | 74 const char kCrossSiteIframeUrl[] = "http://example.com/cross_site_iframe.html"; |
68 const char kUnrelatedUrl[] = "https://www.google.com"; | 75 const char kUnrelatedUrl[] = "https://www.google.com"; |
69 | 76 |
70 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious | 77 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious |
71 // URLs. | 78 // URLs. |
72 class FakeSafeBrowsingDatabaseManager : public TestSafeBrowsingDatabaseManager { | 79 class FakeSafeBrowsingDatabaseManager : public TestSafeBrowsingDatabaseManager { |
73 public: | 80 public: |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
263 const GURL& main_frame_url, | 270 const GURL& main_frame_url, |
264 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) | 271 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) |
265 override { | 272 override { |
266 return new TestSafeBrowsingBlockingPage(delegate, web_contents, | 273 return new TestSafeBrowsingBlockingPage(delegate, web_contents, |
267 main_frame_url, unsafe_resources); | 274 main_frame_url, unsafe_resources); |
268 } | 275 } |
269 }; | 276 }; |
270 | 277 |
271 // Tests the safe browsing blocking page in a browser. | 278 // Tests the safe browsing blocking page in a browser. |
272 class SafeBrowsingBlockingPageBrowserTest | 279 class SafeBrowsingBlockingPageBrowserTest |
273 : public InProcessBrowserTest, | 280 : public CertVerifierBrowserTest, |
274 public testing::WithParamInterface<testing::tuple<SBThreatType, bool>> { | 281 public testing::WithParamInterface<testing::tuple<SBThreatType, bool>> { |
275 public: | 282 public: |
276 enum Visibility { | 283 enum Visibility { |
277 VISIBILITY_ERROR = -1, | 284 VISIBILITY_ERROR = -1, |
278 HIDDEN = 0, | 285 HIDDEN = 0, |
279 VISIBLE = 1 | 286 VISIBLE = 1 |
280 }; | 287 }; |
281 | 288 |
282 SafeBrowsingBlockingPageBrowserTest() {} | 289 SafeBrowsingBlockingPageBrowserTest() |
290 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {} | |
283 | 291 |
284 void SetUp() override { | 292 void SetUp() override { |
285 // Test UI manager and test database manager should be set before | 293 // Test UI manager and test database manager should be set before |
286 // InProcessBrowserTest::SetUp(). | 294 // InProcessBrowserTest::SetUp(). |
287 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); | 295 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); |
288 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); | 296 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); |
289 SafeBrowsingService::RegisterFactory(&factory_); | 297 SafeBrowsingService::RegisterFactory(&factory_); |
290 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); | 298 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); |
291 ThreatDetails::RegisterFactory(&details_factory_); | 299 ThreatDetails::RegisterFactory(&details_factory_); |
292 InProcessBrowserTest::SetUp(); | 300 InProcessBrowserTest::SetUp(); |
(...skipping 19 matching lines...) Expand all Loading... | |
312 | 320 |
313 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { | 321 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { |
314 TestSafeBrowsingService* service = factory_.test_safe_browsing_service(); | 322 TestSafeBrowsingService* service = factory_.test_safe_browsing_service(); |
315 ASSERT_TRUE(service); | 323 ASSERT_TRUE(service); |
316 | 324 |
317 static_cast<FakeSafeBrowsingDatabaseManager*>( | 325 static_cast<FakeSafeBrowsingDatabaseManager*>( |
318 service->database_manager().get()) | 326 service->database_manager().get()) |
319 ->SetURLThreatType(url, threat_type); | 327 ->SetURLThreatType(url, threat_type); |
320 } | 328 } |
321 | 329 |
330 // The basic version of this method, which uses a HTTP test URL. | |
331 GURL SetupWarningAndNavigate() { | |
332 return SetupWarningAndNavigateToURL( | |
333 net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage)); | |
334 } | |
335 | |
336 // Navigates to a warning on a valid HTTPS website. | |
337 GURL SetupWarningAndNavigateToValidHTTPS() { | |
338 EXPECT_TRUE(https_server_.Start()); | |
339 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
340 net::CertVerifyResult verify_result; | |
341 verify_result.is_issued_by_known_root = true; | |
342 verify_result.verified_cert = cert; | |
343 verify_result.cert_status = 0; | |
344 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | |
345 GURL url = https_server_.GetURL(kHTTPSPage); | |
346 return SetupWarningAndNavigateToURL(url); | |
347 } | |
348 | |
349 // Navigates through an HTTPS interstitial, then opens up a SB warning on that | |
350 // same URL. | |
351 GURL SetupWarningAndNavigateToInvalidHTTPS() { | |
352 https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | |
353 EXPECT_TRUE(https_server_.Start()); | |
354 GURL url = https_server_.GetURL(kHTTPSPage); | |
355 | |
356 // Proceed through the HTTPS interstitial. | |
357 ui_test_utils::NavigateToURL(browser(), url); | |
358 EXPECT_TRUE(WaitForReady()); | |
359 InterstitialPage* https_warning = browser() | |
360 ->tab_strip_model() | |
361 ->GetActiveWebContents() | |
362 ->GetInterstitialPage(); | |
363 EXPECT_EQ(SSLBlockingPage::kTypeForTesting, | |
364 https_warning->GetDelegateForTesting()->GetTypeForTesting()); | |
365 https_warning->Proceed(); | |
366 content::WaitForInterstitialDetach( | |
367 browser()->tab_strip_model()->GetActiveWebContents()); | |
368 | |
369 return SetupWarningAndNavigateToURL(url); | |
370 } | |
371 | |
322 // Adds a safebrowsing result of the current test threat to the fake | 372 // Adds a safebrowsing result of the current test threat to the fake |
323 // safebrowsing service, navigates to that page, and returns the url. | 373 // safebrowsing service, navigates to that page, and returns the url. |
324 GURL SetupWarningAndNavigate() { | 374 // The various wrappers supply different URLs. |
325 GURL url = net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage); | 375 GURL SetupWarningAndNavigateToURL(GURL url) { |
estark
2016/08/24 22:30:39
nit: looks like this could be private
felt
2016/08/25 01:03:43
Done.
| |
326 SetURLThreatType(url, testing::get<0>(GetParam())); | 376 SetURLThreatType(url, testing::get<0>(GetParam())); |
327 | |
328 ui_test_utils::NavigateToURL(browser(), url); | 377 ui_test_utils::NavigateToURL(browser(), url); |
329 EXPECT_TRUE(WaitForReady()); | 378 EXPECT_TRUE(WaitForReady()); |
330 return url; | 379 return url; |
331 } | 380 } |
332 | 381 |
333 // Adds two safebrowsing threat results to the fake safebrowsing service, | 382 // Adds two safebrowsing threat results to the fake safebrowsing service, |
334 // navigates to a page with an iframe containing the threat site, and another | 383 // navigates to a page with an iframe containing the threat site, and another |
335 // cross site iframe containing another threat site, and returns the url of | 384 // cross site iframe containing another threat site, and returns the url of |
336 // the parent page. | 385 // the parent page. |
337 GURL SetupThreatIframeWarningAndNavigate() { | 386 GURL SetupThreatIframeWarningAndNavigate() { |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
531 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); | 580 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); |
532 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); | 581 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); |
533 } | 582 } |
534 | 583 |
535 protected: | 584 protected: |
536 TestThreatDetailsFactory details_factory_; | 585 TestThreatDetailsFactory details_factory_; |
537 | 586 |
538 private: | 587 private: |
539 TestSafeBrowsingServiceFactory factory_; | 588 TestSafeBrowsingServiceFactory factory_; |
540 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; | 589 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; |
590 net::EmbeddedTestServer https_server_; | |
541 | 591 |
542 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); | 592 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); |
543 }; | 593 }; |
544 | 594 |
545 // TODO(linux_aura) https://crbug.com/163931 | 595 // TODO(linux_aura) https://crbug.com/163931 |
546 // TODO(win_aura) https://crbug.com/154081 | 596 // TODO(win_aura) https://crbug.com/154081 |
547 #if defined(USE_AURA) && !defined(OS_CHROMEOS) | 597 #if defined(USE_AURA) && !defined(OS_CHROMEOS) |
548 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled | 598 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled |
549 #else | 599 #else |
550 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled | 600 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled |
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
986 ui_test_utils::NavigateToURL(browser(), GURL(kUnrelatedUrl)); | 1036 ui_test_utils::NavigateToURL(browser(), GURL(kUnrelatedUrl)); |
987 AssertNoInterstitial(false); | 1037 AssertNoInterstitial(false); |
988 | 1038 |
989 // The non-whitelisted page should now show an interstitial. | 1039 // The non-whitelisted page should now show an interstitial. |
990 ui_test_utils::NavigateToURL(browser(), url); | 1040 ui_test_utils::NavigateToURL(browser(), url); |
991 EXPECT_TRUE(WaitForReady()); | 1041 EXPECT_TRUE(WaitForReady()); |
992 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1042 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
993 AssertNoInterstitial(true); | 1043 AssertNoInterstitial(true); |
994 } | 1044 } |
995 | 1045 |
1046 // Test that the security indicator is downgraded after clicking through a | |
1047 // Safe Browsing interstitial. | |
1048 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | |
1049 SecurityState_HTTP) { | |
1050 SetupWarningAndNavigate(); | |
1051 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | |
1052 AssertNoInterstitial(true); | |
1053 | |
1054 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
1055 ASSERT_TRUE(tab); | |
1056 ChromeSecurityStateModelClient* model_client = | |
1057 ChromeSecurityStateModelClient::FromWebContents(tab); | |
1058 ASSERT_TRUE(model_client); | |
1059 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
estark
2016/08/24 22:30:39
nit: could also check that model_client->GetSecuri
felt
2016/08/25 01:03:43
Done.
| |
1060 model_client->GetSecurityInfo().security_level); | |
1061 } | |
1062 | |
1063 // Test that the security indicator is downgraded even if the website has valid | |
1064 // HTTPS (meaning that the SB state overrides the HTTPS state). | |
1065 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | |
1066 SecurityState_ValidHTTPS) { | |
1067 SetupWarningAndNavigateToValidHTTPS(); | |
1068 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | |
1069 AssertNoInterstitial(true); | |
1070 | |
1071 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
1072 ASSERT_TRUE(tab); | |
1073 ChromeSecurityStateModelClient* model_client = | |
1074 ChromeSecurityStateModelClient::FromWebContents(tab); | |
1075 ASSERT_TRUE(model_client); | |
1076 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
1077 model_client->GetSecurityInfo().security_level); | |
estark
2016/08/24 22:30:39
nit: as a sanity check, you could do EXPECT_EQ(0,
felt
2016/08/25 01:03:43
Done.
| |
1078 } | |
1079 | |
1080 // Test that the security indicator is still downgraded after two interstitials | |
1081 // are shown in a row (one for Safe Browsing, one for invalid HTTPS). | |
1082 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | |
1083 SecurityState_InvalidHTTPS) { | |
1084 SetupWarningAndNavigateToInvalidHTTPS(); | |
1085 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | |
1086 AssertNoInterstitial(true); | |
1087 | |
1088 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
1089 ASSERT_TRUE(tab); | |
1090 ChromeSecurityStateModelClient* model_client = | |
1091 ChromeSecurityStateModelClient::FromWebContents(tab); | |
1092 ASSERT_TRUE(model_client); | |
1093 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
1094 model_client->GetSecurityInfo().security_level); | |
1095 } | |
1096 | |
996 INSTANTIATE_TEST_CASE_P( | 1097 INSTANTIATE_TEST_CASE_P( |
997 SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting, | 1098 SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting, |
998 SafeBrowsingBlockingPageBrowserTest, | 1099 SafeBrowsingBlockingPageBrowserTest, |
999 testing::Combine( | 1100 testing::Combine( |
1000 testing::Values(SB_THREAT_TYPE_URL_MALWARE, // Threat types | 1101 testing::Values(SB_THREAT_TYPE_URL_MALWARE, // Threat types |
1001 SB_THREAT_TYPE_URL_PHISHING, | 1102 SB_THREAT_TYPE_URL_PHISHING, |
1002 SB_THREAT_TYPE_URL_UNWANTED), | 1103 SB_THREAT_TYPE_URL_UNWANTED), |
1003 testing::Bool())); // If isolate all sites for testing. | 1104 testing::Bool())); // If isolate all sites for testing. |
1004 | 1105 |
1005 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are | 1106 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1041 | 1142 |
1042 INSTANTIATE_TEST_CASE_P( | 1143 INSTANTIATE_TEST_CASE_P( |
1043 SafeBrowsingBlockingPageIDNTestWithThreatType, | 1144 SafeBrowsingBlockingPageIDNTestWithThreatType, |
1044 SafeBrowsingBlockingPageIDNTest, | 1145 SafeBrowsingBlockingPageIDNTest, |
1045 testing::Combine(testing::Values(false, true), | 1146 testing::Combine(testing::Values(false, true), |
1046 testing::Values(SB_THREAT_TYPE_URL_MALWARE, | 1147 testing::Values(SB_THREAT_TYPE_URL_MALWARE, |
1047 SB_THREAT_TYPE_URL_PHISHING, | 1148 SB_THREAT_TYPE_URL_PHISHING, |
1048 SB_THREAT_TYPE_URL_UNWANTED))); | 1149 SB_THREAT_TYPE_URL_UNWANTED))); |
1049 | 1150 |
1050 } // namespace safe_browsing | 1151 } // namespace safe_browsing |
OLD | NEW |