Downgrade security state after user clicks through SB interstitial

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This test creates a fake safebrowsing service, where we can inject known-
 // threat urls.  It then uses a real browser to go to these urls, and sends
 // "goback" or "proceed" commands and verifies they work.
 
 #include <algorithm>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/histogram_tester.h"
 #include "base/values.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/net/url_request_mock_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/local_database_manager.h"
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/threat_details.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
+#include "chrome/browser/ssl/cert_verifier_browser_test.h"
+#include "chrome/browser/ssl/chrome_security_state_model_client.h"
+#include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "components/safe_browsing_db/test_database_manager.h"
 #include "components/safe_browsing_db/util.h"
 #include "components/security_interstitials/core/controller_client.h"
 #include "components/security_interstitials/core/metrics_helper.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_browser_thread.h"
 #include "content/public/test/test_utils.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/cert/mock_cert_verifier.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/url_request/url_request_mock_http_job.h"
 
 using chrome_browser_interstitials::SecurityInterstitialIDNTest;
 using content::BrowserThread;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::RenderFrameHost;
 using content::WebContents;
 
 namespace safe_browsing {
 
 namespace {
 
 const char kEmptyPage[] = "empty.html";
+const char kHTTPSPage[] = "/ssl/google.html";
 const char kMalwarePage[] = "safe_browsing/malware.html";
 const char kCrossSiteMalwarePage[] = "safe_browsing/malware2.html";
 const char kMalwareIframe[] = "safe_browsing/malware_iframe.html";
 const char kCrossSiteIframeUrl[] = "http://example.com/cross_site_iframe.html";
 const char kUnrelatedUrl[] = "https://www.google.com";
 
 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious
 // URLs.
 class FakeSafeBrowsingDatabaseManager : public TestSafeBrowsingDatabaseManager {
  public:
@@ skipping 189 matching lines @@
       const GURL& main_frame_url,
       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources)
       override {
     return new TestSafeBrowsingBlockingPage(delegate, web_contents,
                                             main_frame_url, unsafe_resources);
   }
 };
 
 // Tests the safe browsing blocking page in a browser.
 class SafeBrowsingBlockingPageBrowserTest
-    : public InProcessBrowserTest,
+    : public CertVerifierBrowserTest,
       public testing::WithParamInterface<testing::tuple<SBThreatType, bool>> {
  public:
   enum Visibility {
     VISIBILITY_ERROR = -1,
     HIDDEN = 0,
     VISIBLE = 1
   };
 
-  SafeBrowsingBlockingPageBrowserTest() {}
+  SafeBrowsingBlockingPageBrowserTest()
+      : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
 
   void SetUp() override {
     // Test UI manager and test database manager should be set before
     // InProcessBrowserTest::SetUp().
     factory_.SetTestUIManager(new FakeSafeBrowsingUIManager());
     factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager());
     SafeBrowsingService::RegisterFactory(&factory_);
     SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_);
     ThreatDetails::RegisterFactory(&details_factory_);
     InProcessBrowserTest::SetUp();
@@ skipping 19 matching lines @@
 
   void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
     TestSafeBrowsingService* service = factory_.test_safe_browsing_service();
     ASSERT_TRUE(service);
 
     static_cast<FakeSafeBrowsingDatabaseManager*>(
         service->database_manager().get())
         ->SetURLThreatType(url, threat_type);
   }
 
+  // The basic version of this method, which uses a HTTP test URL.
+  GURL SetupWarningAndNavigate() {
+    return SetupWarningAndNavigateToURL(
+        net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage));
+  }
+
+  // Navigates to a warning on a valid HTTPS website.
+  GURL SetupWarningAndNavigateToValidHTTPS() {
+    EXPECT_TRUE(https_server_.Start());
+    scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
+    net::CertVerifyResult verify_result;
+    verify_result.is_issued_by_known_root = true;
+    verify_result.verified_cert = cert;
+    verify_result.cert_status = 0;
+    mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
+    GURL url = https_server_.GetURL(kHTTPSPage);
+    return SetupWarningAndNavigateToURL(url);
+  }
+
+  // Navigates through an HTTPS interstitial, then opens up a SB warning on that
+  // same URL.
+  GURL SetupWarningAndNavigateToInvalidHTTPS() {
+    https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
+    EXPECT_TRUE(https_server_.Start());
+    GURL url = https_server_.GetURL(kHTTPSPage);
+
+    // Proceed through the HTTPS interstitial.
+    ui_test_utils::NavigateToURL(browser(), url);
+    EXPECT_TRUE(WaitForReady());
+    InterstitialPage* https_warning = browser()
+                                          ->tab_strip_model()
+                                          ->GetActiveWebContents()
+                                          ->GetInterstitialPage();
+    EXPECT_EQ(SSLBlockingPage::kTypeForTesting,
+              https_warning->GetDelegateForTesting()->GetTypeForTesting());
+    https_warning->Proceed();
+    content::WaitForInterstitialDetach(
+        browser()->tab_strip_model()->GetActiveWebContents());
+
+    return SetupWarningAndNavigateToURL(url);
+  }
+
   // Adds a safebrowsing result of the current test threat to the fake
   // safebrowsing service, navigates to that page, and returns the url.
-  GURL SetupWarningAndNavigate() {
-    GURL url = net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage);
+  // The various wrappers supply different URLs.
+  GURL SetupWarningAndNavigateToURL(GURL url) {

[estark, 2016/08/24 22:30:39]

nit: looks like this could be private

[felt, 2016/08/25 01:03:43]

Done.

     SetURLThreatType(url, testing::get<0>(GetParam()));
-
     ui_test_utils::NavigateToURL(browser(), url);
     EXPECT_TRUE(WaitForReady());
     return url;
   }
 
   // Adds two safebrowsing threat results to the fake safebrowsing service,
   // navigates to a page with an iframe containing the threat site, and another
   // cross site iframe containing another threat site, and returns the url of
   // the parent page.
   GURL SetupThreatIframeWarningAndNavigate() {
@@ skipping 193 matching lines @@
     EXPECT_EQ(expected_child_size, actual_resource.child_ids_size());
     EXPECT_EQ(expected_tag_name, actual_resource.tag_name());
   }
 
  protected:
   TestThreatDetailsFactory details_factory_;
 
  private:
   TestSafeBrowsingServiceFactory factory_;
   TestSafeBrowsingBlockingPageFactory blocking_page_factory_;
+  net::EmbeddedTestServer https_server_;
 
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest);
 };
 
 // TODO(linux_aura) https://crbug.com/163931
 // TODO(win_aura) https://crbug.com/154081
 #if defined(USE_AURA) && !defined(OS_CHROMEOS)
 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled
 #else
 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled
@@ skipping 435 matching lines @@
   ui_test_utils::NavigateToURL(browser(), GURL(kUnrelatedUrl));
   AssertNoInterstitial(false);
 
   // The non-whitelisted page should now show an interstitial.
   ui_test_utils::NavigateToURL(browser(), url);
   EXPECT_TRUE(WaitForReady());
   EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
   AssertNoInterstitial(true);
 }
 
+// Test that the security indicator is downgraded after clicking through a
+// Safe Browsing interstitial.
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityState_HTTP) {
+  SetupWarningAndNavigate();
+  EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
+  AssertNoInterstitial(true);
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(tab);
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(model_client);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR,

[estark, 2016/08/24 22:30:39]

nit: could also check that model_client->GetSecurityInfo().fails_malware_check
is true for all of these, if you feel so inclined

[felt, 2016/08/25 01:03:43]

Done.

+            model_client->GetSecurityInfo().security_level);
+}
+
+// Test that the security indicator is downgraded even if the website has valid
+// HTTPS (meaning that the SB state overrides the HTTPS state).
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityState_ValidHTTPS) {
+  SetupWarningAndNavigateToValidHTTPS();
+  EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
+  AssertNoInterstitial(true);
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(tab);
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(model_client);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR,
+            model_client->GetSecurityInfo().security_level);

[estark, 2016/08/24 22:30:39]

nit: as a sanity check, you could do EXPECT_EQ(0,
model_client->GetSecurityInfo().cert_status) here, and the same thing but
EXPECT_NE in the test below.

[felt, 2016/08/25 01:03:43]

Done.

+}
+
+// Test that the security indicator is still downgraded after two interstitials
+// are shown in a row (one for Safe Browsing, one for invalid HTTPS).
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityState_InvalidHTTPS) {
+  SetupWarningAndNavigateToInvalidHTTPS();
+  EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
+  AssertNoInterstitial(true);
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(tab);
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(model_client);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR,
+            model_client->GetSecurityInfo().security_level);
+}
+
 INSTANTIATE_TEST_CASE_P(
     SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting,
     SafeBrowsingBlockingPageBrowserTest,
     testing::Combine(
         testing::Values(SB_THREAT_TYPE_URL_MALWARE,  // Threat types
                         SB_THREAT_TYPE_URL_PHISHING,
                         SB_THREAT_TYPE_URL_UNWANTED),
         testing::Bool()));  // If isolate all sites for testing.
 
 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are
@@ skipping 35 matching lines @@
 
 INSTANTIATE_TEST_CASE_P(
     SafeBrowsingBlockingPageIDNTestWithThreatType,
     SafeBrowsingBlockingPageIDNTest,
     testing::Combine(testing::Values(false, true),
                      testing::Values(SB_THREAT_TYPE_URL_MALWARE,
                                      SB_THREAT_TYPE_URL_PHISHING,
                                      SB_THREAT_TYPE_URL_UNWANTED)));
 
 }  // namespace safe_browsing