Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1742)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/security_state/security_state_model_unittest.cc

Issue 2350273002: Add SSLStatus flags to feed HTTP_WARNING security level (Closed)
Patch Set: fix comment typos Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/security_state/security_state_model.cc ('K') | « components/security_state/security_state_model.cc ('k') | content/public/browser/ssl_status.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/security_state/security_state_model_unittest.cc
diff --git a/components/security_state/security_state_model_unittest.cc b/components/security_state/security_state_model_unittest.cc
index f0b7b77a1d627c9243de4ca82c6551ff57da47be..8d04bc110b4ef1426f45a58cc5a9d50e0cc72d1a 100644
--- a/components/security_state/security_state_model_unittest.cc
+++ b/components/security_state/security_state_model_unittest.cc
@@ -6,7 +6,9 @@
#include <stdint.h>
+#include "base/command_line.h"
#include "components/security_state/security_state_model_client.h"
+#include "components/security_state/switches.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_cipher_suite_names.h"
#include "net/ssl/ssl_connection_status_flags.h"
@@ -19,18 +21,22 @@ namespace security_state {
namespace {
-const char kUrl[] = "https://foo.test";
+const char kHttpsUrl[] = "https://foo.test";
+const char kHttpUrl[] = "http://foo.test";
class TestSecurityStateModelClient : public SecurityStateModelClient {
public:
TestSecurityStateModelClient()
- : initial_security_level_(SecurityStateModel::SECURE),
+ : url_(kHttpsUrl),
+ initial_security_level_(SecurityStateModel::SECURE),
connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2
<< net::SSL_CONNECTION_VERSION_SHIFT),
cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT),
displayed_mixed_content_(false),
ran_mixed_content_(false),
- fails_malware_check_(false) {
+ fails_malware_check_(false),
+ displayed_nonsecure_password_field_(false),
+ displayed_nonsecure_credit_card_field_(false) {
cert_ =
net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem");
}
@@ -58,12 +64,23 @@ class TestSecurityStateModelClient : public SecurityStateModelClient {
SecurityStateModel::SecurityLevel security_level) {
initial_security_level_ = security_level;
}
+ void set_displayed_nonsecure_password_field(
+ bool displayed_nonsecure_password_field) {
+ displayed_nonsecure_password_field_ = displayed_nonsecure_password_field;
+ }
+ void set_displayed_nonsecure_credit_card_field(
+ bool displayed_nonsecure_credit_card_field) {
+ displayed_nonsecure_credit_card_field_ =
+ displayed_nonsecure_credit_card_field;
+ }
+
+ void UseHttpUrl() { url_ = GURL(kHttpUrl); }
// SecurityStateModelClient:
void GetVisibleSecurityState(
SecurityStateModel::VisibleSecurityState* state) override {
state->connection_info_initialized = true;
- state->url = GURL(kUrl);
+ state->url = url_;
state->initial_security_level = initial_security_level_;
state->cert_status = cert_status_;
state->connection_status = connection_status_;
@@ -71,6 +88,10 @@ class TestSecurityStateModelClient : public SecurityStateModelClient {
state->displayed_mixed_content = displayed_mixed_content_;
state->ran_mixed_content = ran_mixed_content_;
state->fails_malware_check = fails_malware_check_;
+ state->displayed_nonsecure_password_field =
+ displayed_nonsecure_password_field_;
+ state->displayed_nonsecure_credit_card_field =
+ displayed_nonsecure_credit_card_field_;
}
bool RetrieveCert(scoped_refptr<net::X509Certificate>* cert) override {
@@ -80,11 +101,12 @@ class TestSecurityStateModelClient : public SecurityStateModelClient {
bool UsedPolicyInstalledCertificate() override { return false; }
- // Always returns true because all unit tests in this file test
- // scenarios in which the origin is secure.
- bool IsOriginSecure(const GURL& url) override { return true; }
+ bool IsOriginSecure(const GURL& url) override {
+ return url_ == GURL(kHttpsUrl);
+ }
felt 2016/09/20 06:09:41 this seems brittle -- why is the override needed?
estark 2016/09/20 17:53:33 The natural thing would be to use content::IsOrigi
felt 2016/09/20 19:36:13 Ahh right, content dependency. Umm-- yes, I think
private:
+ GURL url_;
SecurityStateModel::SecurityLevel initial_security_level_;
scoped_refptr<net::X509Certificate> cert_;
int connection_status_;
@@ -92,6 +114,8 @@ class TestSecurityStateModelClient : public SecurityStateModelClient {
bool displayed_mixed_content_;
bool ran_mixed_content_;
bool fails_malware_check_;
+ bool displayed_nonsecure_password_field_;
+ bool displayed_nonsecure_credit_card_field_;
};
// Tests that SHA1-signed certificates expiring in 2016 downgrade the
@@ -228,6 +252,56 @@ TEST(SecurityStateModelTest, MalwareWithoutCOnnectionState) {
EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level);
}
+// Tests that password fields cause the security level to be downgraded
+// to HTTP_WARNING when the command-line switch is set.
+TEST(SecurityStateModelTest, PasswordFieldWarning) {
+ base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+ switches::kMarkNonSecureAs,
+ switches::kMarkNonSecureWithPasswordsOrCcAsNonSecure);
+ TestSecurityStateModelClient client;
+ client.UseHttpUrl();
+ client.set_initial_security_level(SecurityStateModel::NONE);
+ SecurityStateModel model;
+ model.SetClient(&client);
+ client.set_displayed_nonsecure_password_field(true);
+ const SecurityStateModel::SecurityInfo& security_info =
+ model.GetSecurityInfo();
+ EXPECT_EQ(SecurityStateModel::HTTP_WARNING, security_info.security_level);
+}
+
+// Tests that credit card fields cause the security level to be downgraded
+// to HTTP_WARNING when the command-line switch is set.
+TEST(SecurityStateModelTest, CreditCardFieldWarning) {
+ base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+ switches::kMarkNonSecureAs,
+ switches::kMarkNonSecureWithPasswordsOrCcAsNonSecure);
+ TestSecurityStateModelClient client;
+ client.UseHttpUrl();
+ client.set_initial_security_level(SecurityStateModel::NONE);
+ SecurityStateModel model;
+ model.SetClient(&client);
+ client.set_displayed_nonsecure_credit_card_field(true);
+ const SecurityStateModel::SecurityInfo& security_info =
+ model.GetSecurityInfo();
+ EXPECT_EQ(SecurityStateModel::HTTP_WARNING, security_info.security_level);
+}
+
+// Tests that neither password nor credit fields cause the security
+// level to be downgraded to HTTP_WARNING when the command-line switch
+// is NOT set.
+TEST(SecurityStateModelTest, HttpWarningNotSetWithoutSwitch) {
+ TestSecurityStateModelClient client;
+ client.UseHttpUrl();
+ client.set_initial_security_level(SecurityStateModel::NONE);
+ SecurityStateModel model;
+ model.SetClient(&client);
+ client.set_displayed_nonsecure_password_field(true);
+ client.set_displayed_nonsecure_credit_card_field(true);
+ const SecurityStateModel::SecurityInfo& security_info =
+ model.GetSecurityInfo();
+ EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level);
+}
+
} // namespace
} // namespace security_state
« components/security_state/security_state_model.cc ('K') | « components/security_state/security_state_model.cc ('k') | content/public/browser/ssl_status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698