| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This test creates a fake safebrowsing service, where we can inject known- | 5 // This test creates a fake safebrowsing service, where we can inject known- |
| 6 // threat urls. It then uses a real browser to go to these urls, and sends | 6 // threat urls. It then uses a real browser to go to these urls, and sends |
| 7 // "goback" or "proceed" commands and verifies they work. | 7 // "goback" or "proceed" commands and verifies they work. |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 564 for (auto resource : report.resources()) { | 564 for (auto resource : report.resources()) { |
| 565 if (actual_resource.parent_id() == resource.id()) { | 565 if (actual_resource.parent_id() == resource.id()) { |
| 566 EXPECT_EQ(expected_parent, resource.url()); | 566 EXPECT_EQ(expected_parent, resource.url()); |
| 567 break; | 567 break; |
| 568 } | 568 } |
| 569 } | 569 } |
| 570 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); | 570 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); |
| 571 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); | 571 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); |
| 572 } | 572 } |
| 573 | 573 |
| 574 void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, |
| 575 net::CertStatus cert_status) { |
| 576 ChromeSecurityStateModelClient* model_client = |
| 577 ChromeSecurityStateModelClient::FromWebContents(tab); |
| 578 ASSERT_TRUE(model_client); |
| 579 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, |
| 580 model_client->GetSecurityInfo().security_level); |
| 581 EXPECT_TRUE(model_client->GetSecurityInfo().fails_malware_check); |
| 582 // TODO(felt): Restore this check when https://crbug.com/641187 is fixed. |
| 583 // EXPECT_EQ(cert_status, model_client->GetSecurityInfo().cert_status); |
| 584 } |
| 585 |
| 574 protected: | 586 protected: |
| 575 TestThreatDetailsFactory details_factory_; | 587 TestThreatDetailsFactory details_factory_; |
| 576 | 588 |
| 577 private: | 589 private: |
| 578 // Adds a safebrowsing result of the current test threat to the fake | 590 // Adds a safebrowsing result of the current test threat to the fake |
| 579 // safebrowsing service, navigates to that page, and returns the url. | 591 // safebrowsing service, navigates to that page, and returns the url. |
| 580 // The various wrappers supply different URLs. | 592 // The various wrappers supply different URLs. |
| 581 GURL SetupWarningAndNavigateToURL(GURL url) { | 593 GURL SetupWarningAndNavigateToURL(GURL url) { |
| 582 SetURLThreatType(url, testing::get<0>(GetParam())); | 594 SetURLThreatType(url, testing::get<0>(GetParam())); |
| 583 ui_test_utils::NavigateToURL(browser(), url); | 595 ui_test_utils::NavigateToURL(browser(), url); |
| (...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1042 ui_test_utils::NavigateToURL(browser(), url); | 1054 ui_test_utils::NavigateToURL(browser(), url); |
| 1043 EXPECT_TRUE(WaitForReady()); | 1055 EXPECT_TRUE(WaitForReady()); |
| 1044 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1056 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
| 1045 AssertNoInterstitial(true); | 1057 AssertNoInterstitial(true); |
| 1046 } | 1058 } |
| 1047 | 1059 |
| 1048 // Test that the security indicator is downgraded after clicking through a | 1060 // Test that the security indicator is downgraded after clicking through a |
| 1049 // Safe Browsing interstitial. | 1061 // Safe Browsing interstitial. |
| 1050 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 1062 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 1051 SecurityState_HTTP) { | 1063 SecurityState_HTTP) { |
| 1064 // The security indicator should be downgraded while the interstitial shows. |
| 1052 SetupWarningAndNavigate(); | 1065 SetupWarningAndNavigate(); |
| 1066 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1067 ASSERT_TRUE(error_tab); |
| 1068 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
| 1069 |
| 1070 // The security indicator should still be downgraded post-interstitial. |
| 1053 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1071 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
| 1054 AssertNoInterstitial(true); | 1072 AssertNoInterstitial(true); |
| 1055 | 1073 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1056 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1074 ASSERT_TRUE(post_tab); |
| 1057 ASSERT_TRUE(tab); | 1075 ExpectSecurityIndicatorDowngrade(post_tab, 0u); |
| 1058 ChromeSecurityStateModelClient* model_client = | |
| 1059 ChromeSecurityStateModelClient::FromWebContents(tab); | |
| 1060 ASSERT_TRUE(model_client); | |
| 1061 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
| 1062 model_client->GetSecurityInfo().security_level); | |
| 1063 EXPECT_TRUE(model_client->GetSecurityInfo().fails_malware_check); | |
| 1064 } | 1076 } |
| 1065 | 1077 |
| 1066 // Test that the security indicator is downgraded even if the website has valid | 1078 // Test that the security indicator is downgraded even if the website has valid |
| 1067 // HTTPS (meaning that the SB state overrides the HTTPS state). | 1079 // HTTPS (meaning that the SB state overrides the HTTPS state). |
| 1068 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 1080 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 1069 SecurityState_ValidHTTPS) { | 1081 SecurityState_ValidHTTPS) { |
| 1082 // The security indicator should be downgraded while the interstitial shows. |
| 1070 SetupWarningAndNavigateToValidHTTPS(); | 1083 SetupWarningAndNavigateToValidHTTPS(); |
| 1084 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1085 ASSERT_TRUE(error_tab); |
| 1086 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
| 1087 |
| 1088 // The security indicator should still be downgraded post-interstitial. |
| 1071 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1089 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
| 1072 AssertNoInterstitial(true); | 1090 AssertNoInterstitial(true); |
| 1073 | 1091 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1074 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1092 ASSERT_TRUE(post_tab); |
| 1075 ASSERT_TRUE(tab); | 1093 ExpectSecurityIndicatorDowngrade(post_tab, 0u); |
| 1076 ChromeSecurityStateModelClient* model_client = | |
| 1077 ChromeSecurityStateModelClient::FromWebContents(tab); | |
| 1078 ASSERT_TRUE(model_client); | |
| 1079 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
| 1080 model_client->GetSecurityInfo().security_level); | |
| 1081 EXPECT_TRUE(model_client->GetSecurityInfo().fails_malware_check); | |
| 1082 EXPECT_EQ(0u, model_client->GetSecurityInfo().cert_status); | |
| 1083 } | 1094 } |
| 1084 | 1095 |
| 1085 // Test that the security indicator is still downgraded after two interstitials | 1096 // Test that the security indicator is still downgraded after two interstitials |
| 1086 // are shown in a row (one for Safe Browsing, one for invalid HTTPS). | 1097 // are shown in a row (one for Safe Browsing, one for invalid HTTPS). |
| 1087 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 1098 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 1088 SecurityState_InvalidHTTPS) { | 1099 SecurityState_InvalidHTTPS) { |
| 1100 // The security indicator should be downgraded while the interstitial shows. |
| 1089 SetupWarningAndNavigateToInvalidHTTPS(); | 1101 SetupWarningAndNavigateToInvalidHTTPS(); |
| 1102 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1103 ASSERT_TRUE(error_tab); |
| 1104 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
| 1105 |
| 1106 // The security indicator should still be downgraded post-interstitial. |
| 1090 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1107 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
| 1091 AssertNoInterstitial(true); | 1108 AssertNoInterstitial(true); |
| 1092 | 1109 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1093 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1110 ASSERT_TRUE(post_tab); |
| 1094 ASSERT_TRUE(tab); | 1111 // TODO(felt): Sometimes the cert status here is 0u, which is wrong. |
| 1095 ChromeSecurityStateModelClient* model_client = | 1112 // Filed https://crbug.com/641187 to investigate. |
| 1096 ChromeSecurityStateModelClient::FromWebContents(tab); | 1113 ExpectSecurityIndicatorDowngrade(post_tab, net::CERT_STATUS_INVALID); |
| 1097 ASSERT_TRUE(model_client); | |
| 1098 EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR, | |
| 1099 model_client->GetSecurityInfo().security_level); | |
| 1100 EXPECT_TRUE(model_client->GetSecurityInfo().fails_malware_check); | |
| 1101 | |
| 1102 // TODO(felt): In the testing framework, the cert status gets reset to 0 | |
| 1103 // after the malware interstitial and stays that way. | |
| 1104 //EXPECT_NE(0u, model_client->GetSecurityInfo().cert_status); | |
| 1105 } | 1114 } |
| 1106 | 1115 |
| 1107 INSTANTIATE_TEST_CASE_P( | 1116 INSTANTIATE_TEST_CASE_P( |
| 1108 SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting, | 1117 SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting, |
| 1109 SafeBrowsingBlockingPageBrowserTest, | 1118 SafeBrowsingBlockingPageBrowserTest, |
| 1110 testing::Combine( | 1119 testing::Combine( |
| 1111 testing::Values(SB_THREAT_TYPE_URL_MALWARE, // Threat types | 1120 testing::Values(SB_THREAT_TYPE_URL_MALWARE, // Threat types |
| 1112 SB_THREAT_TYPE_URL_PHISHING, | 1121 SB_THREAT_TYPE_URL_PHISHING, |
| 1113 SB_THREAT_TYPE_URL_UNWANTED), | 1122 SB_THREAT_TYPE_URL_UNWANTED), |
| 1114 testing::Bool())); // If isolate all sites for testing. | 1123 testing::Bool())); // If isolate all sites for testing. |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1152 | 1161 |
| 1153 INSTANTIATE_TEST_CASE_P( | 1162 INSTANTIATE_TEST_CASE_P( |
| 1154 SafeBrowsingBlockingPageIDNTestWithThreatType, | 1163 SafeBrowsingBlockingPageIDNTestWithThreatType, |
| 1155 SafeBrowsingBlockingPageIDNTest, | 1164 SafeBrowsingBlockingPageIDNTest, |
| 1156 testing::Combine(testing::Values(false, true), | 1165 testing::Combine(testing::Values(false, true), |
| 1157 testing::Values(SB_THREAT_TYPE_URL_MALWARE, | 1166 testing::Values(SB_THREAT_TYPE_URL_MALWARE, |
| 1158 SB_THREAT_TYPE_URL_PHISHING, | 1167 SB_THREAT_TYPE_URL_PHISHING, |
| 1159 SB_THREAT_TYPE_URL_UNWANTED))); | 1168 SB_THREAT_TYPE_URL_UNWANTED))); |
| 1160 | 1169 |
| 1161 } // namespace safe_browsing | 1170 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2275123004:
Downgrade security state while displaying an SB interstitial (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@dangerstate