Add (some) password detection for HTTP-bad

chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include <openssl/ssl.h>
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/ssl/cert_verifier_browser_test.h"
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/prefs/pref_service.h"
+#include "components/security_state/switches.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/ssl_status.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/referrer.h"
@@ skipping 258 matching lines @@
 
     mock_cert_verifier()->AddResultForCert(cert, verify_result, net_result);
   }
 
   net::EmbeddedTestServer https_server_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientTest);
 };
 
+GURL GetURLWithNonLocalHostname(net::EmbeddedTestServer* server,
+                                const std::string& path) {
+  GURL::Replacements replace_host;
+  replace_host.SetHostStr("example.test");
+  return server->GetURL(path).ReplaceComponents(replace_host);
+}
+
+class ChromeSecurityStateModelClientTestWithPasswordCcSwitch
+    : public ChromeSecurityStateModelClientTest {
+ public:
+  ChromeSecurityStateModelClientTestWithPasswordCcSwitch()
+      : ChromeSecurityStateModelClientTest() {}
+
+  void SetUpOnMainThread() override {
+    ASSERT_TRUE(embedded_test_server()->Start());
+    ASSERT_TRUE(https_server_.Start());
+    host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host());
+    SetUpMockCertVerifierForHttpsServer(0, net::OK);
+  }
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    ChromeSecurityStateModelClientTest::SetUpCommandLine(command_line);
+    command_line->AppendSwitchASCII(
+        security_state::switches::kMarkHttpAs,
+        security_state::switches::kMarkHttpWithPasswordsOrCcWithChip);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(
+      ChromeSecurityStateModelClientTestWithPasswordCcSwitch);
+};
+
 class SecurityStyleChangedTest : public InProcessBrowserTest {
  public:
   SecurityStyleChangedTest()
       : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
     https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot));
   }
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will both run and display insecure content.
     command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
@@ skipping 582 matching lines @@
   SecurityStateModel::VisibleSecurityState
       visible_security_state_sensitive_inputs;
   model_client->GetVisibleSecurityState(
       &visible_security_state_sensitive_inputs);
   EXPECT_TRUE(
       visible_security_state_sensitive_inputs.displayed_password_field_on_http);
   EXPECT_TRUE(visible_security_state_sensitive_inputs
                   .displayed_credit_card_field_on_http);
 }
 
+// Tests that when a visible password field is detected on an HTTP page
+// load, and when the command-line flag is set, the security level is
+// downgraded to HTTP_SHOW_WARNING.
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
+                       PasswordSecurityLevelDowngraded) {
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  ui_test_utils::NavigateToURL(
+      browser(), GetURLWithNonLocalHostname(embedded_test_server(),
+                                            "/password/simple_password.html"));
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::HTTP_SHOW_WARNING,
+            security_info.security_level);
+
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_TRUE(entry->GetSSL().content_status &
+              content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that when an invisible password field is present on an HTTP page
+// load, and when the command-line flag is set, the security level is
+// downgraded to HTTP_SHOW_WARNING.
+//
+// TODO(estark): this will eventually be refined so that the warning
+// will not show up for invisible password
+// inputs. https://codereview.chromium.org/2378503002/
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
+                       PasswordSecurityLevelDowngradedForInvisibleInput) {
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  ui_test_utils::NavigateToURL(
+      browser(),
+      GetURLWithNonLocalHostname(embedded_test_server(),
+                                 "/password/invisible_password.html"));
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::HTTP_SHOW_WARNING,
+            security_info.security_level);
+
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_TRUE(entry->GetSSL().content_status &
+              content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that when a visible password field is detected inside an iframe
+// on an HTTP page load, and when the command-line flag is set, the
+// security level is downgraded to HTTP_SHOW_WARNING.
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
+                       PasswordSecurityLevelDowngradedFromIframe) {
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  ui_test_utils::NavigateToURL(
+      browser(),
+      GetURLWithNonLocalHostname(embedded_test_server(),
+                                 "/password/simple_password_in_iframe.html"));
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::HTTP_SHOW_WARNING,
+            security_info.security_level);
+
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_TRUE(entry->GetSSL().content_status &
+              content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that when a visible password field is detected inside an iframe
+// on an HTTP page load, and when the command-line flag is set, the
+// security level is downgraded to HTTP_SHOW_WARNING, even if the iframe
+// itself was loaded over HTTPS.
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
+                       PasswordSecurityLevelDowngradedFromHttpsIframe) {
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  // Navigate to an HTTP URL, which loads an iframe using the host and port of
+  // |https_server_|.
+  std::string replacement_path;
+  GetFilePathWithHostAndPortReplacement(
+      "/password/simple_password_in_https_iframe.html",
+      https_server_.host_port_pair(), &replacement_path);
+  ui_test_utils::NavigateToURL(
+      browser(),
+      GetURLWithNonLocalHostname(embedded_test_server(), replacement_path));
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::HTTP_SHOW_WARNING,
+            security_info.security_level);
+
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_TRUE(entry->GetSSL().content_status &
+              content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that when a visible password field is detected on an HTTP page
+// load, and when the command-line flag is *not* set, the security level is
+// *not* downgraded to HTTP_SHOW_WARNING.
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest,
+                       PasswordSecurityLevelNotDowngradedWithoutSwitch) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host());
+
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  ui_test_utils::NavigateToURL(
+      browser(), GetURLWithNonLocalHostname(embedded_test_server(),
+                                            "/password/simple_password.html"));
+  // The security level should not be HTTP_SHOW_WARNING, because the
+  // command-line switch was not set.
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::NONE,
+            security_info.security_level);
+
+  // The appropriate SSLStatus flags should be set, however.
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_TRUE(entry->GetSSL().content_status &
+              content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that when a visible password field is detected on an HTTPS page
+// load, and when the command-line flag is set, the security level is
+// *not* downgraded to HTTP_SHOW_WARNING.
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
+                       PasswordSecurityLevelNotDowngradedOnHttps) {
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(contents);
+  ASSERT_TRUE(model_client);
+
+  GURL url = GetURLWithNonLocalHostname(&https_server_,
+                                        "/password/simple_password.html");
+  ui_test_utils::NavigateToURL(browser(), url);
+  // The security level should not be HTTP_SHOW_WARNING, because the page was
+  // HTTPS instead of HTTP.
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  model_client->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURE,
+            security_info.security_level);
+
+  // The SSLStatus flags should only be set if the top-level page load was HTTP,
+  // which it was not in this case.
+  content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_FALSE(entry->GetSSL().content_status &
+               content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
 // Tests that the SecurityStateModel for a WebContents is up to date
 // when the WebContents is inserted into a Browser's TabStripModel.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, AddedTab) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   content::WebContents* tab =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(tab);
 
@@ skipping 537 matching lines @@
   ChromeSecurityStateModelClient* model_client =
       ChromeSecurityStateModelClient::FromWebContents(web_contents);
   ASSERT_TRUE(model_client);
   SecurityStateModel::SecurityInfo security_info;
   model_client->GetSecurityInfo(&security_info);
   EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level);
   EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses);
 }
 
 }  // namespace