Chromium Code Reviews Chromium Code Reviews
Issue 2451293002:
Add a histogram for each time the HTTP Bad UI is shown (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | |
| 8 #include "base/test/histogram_tester.h" | |
| 9 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | |
| 7 #include "components/security_state/security_state_model.h" | 10 #include "components/security_state/security_state_model.h" |
| 11 #include "components/security_state/switches.h" | |
| 8 #include "content/public/browser/security_style_explanation.h" | 12 #include "content/public/browser/security_style_explanation.h" |
| 9 #include "content/public/browser/security_style_explanations.h" | 13 #include "content/public/browser/security_style_explanations.h" |
| 10 #include "net/cert/cert_status_flags.h" | 14 #include "net/cert/cert_status_flags.h" |
| 11 #include "net/ssl/ssl_cipher_suite_names.h" | 15 #include "net/ssl/ssl_cipher_suite_names.h" |
| 12 #include "net/ssl/ssl_connection_status_flags.h" | 16 #include "net/ssl/ssl_connection_status_flags.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 18 |
| 15 namespace { | 19 namespace { |
| 16 | 20 |
| 21 const char kHTTPBadHistogram[] = | |
| 22 "Security.HTTPBad.UserWarnedAboutSensitiveInput"; | |
| 23 | |
| 17 // Tests that SecurityInfo flags for subresources with certificate | 24 // Tests that SecurityInfo flags for subresources with certificate |
| 18 // errors are reflected in the SecurityStyleExplanations produced by | 25 // errors are reflected in the SecurityStyleExplanations produced by |
| 19 // ChromeSecurityStateModelClient. | 26 // ChromeSecurityStateModelClient. |
| 20 TEST(ChromeSecurityStateModelClientTest, | 27 TEST(ChromeSecurityStateModelClientTest, |
| 21 GetSecurityStyleForContentWithCertErrors) { | 28 GetSecurityStyleForContentWithCertErrors) { |
| 22 content::SecurityStyleExplanations explanations; | 29 content::SecurityStyleExplanations explanations; |
| 23 security_state::SecurityStateModel::SecurityInfo security_info; | 30 security_state::SecurityStateModel::SecurityInfo security_info; |
| 24 security_info.cert_status = 0; | 31 security_info.cert_status = 0; |
| 25 security_info.scheme_is_cryptographic = true; | 32 security_info.scheme_is_cryptographic = true; |
| 26 | 33 |
| (...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 235 content::SecurityStyleExplanations explanations; | 242 content::SecurityStyleExplanations explanations; |
| 236 security_info.security_level = security_state::SecurityStateModel::NONE; | 243 security_info.security_level = security_state::SecurityStateModel::NONE; |
| 237 security_info.displayed_private_user_data_input_on_http = true; | 244 security_info.displayed_private_user_data_input_on_http = true; |
| 238 blink::WebSecurityStyle security_style = | 245 blink::WebSecurityStyle security_style = |
| 239 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 246 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 240 &explanations); | 247 &explanations); |
| 241 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 248 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 242 EXPECT_EQ(1u, explanations.info_explanations.size()); | 249 EXPECT_EQ(1u, explanations.info_explanations.size()); |
| 243 } | 250 } |
| 244 | 251 |
| 252 class ChromeSecurityStateModelClientHistogramTest | |
| 253 : public ChromeRenderViewHostTestHarness { | |
| 254 public: | |
| 255 ChromeSecurityStateModelClientHistogramTest() {} | |
| 256 ~ChromeSecurityStateModelClientHistogramTest() override {} | |
| 257 | |
| 258 void SetUp() override { | |
| 259 ChromeRenderViewHostTestHarness::SetUp(); | |
| 260 | |
| 261 ChromeSecurityStateModelClient::CreateForWebContents(web_contents()); | |
| 262 client_ = ChromeSecurityStateModelClient::FromWebContents(web_contents()); | |
| 263 navigate_to_http(); | |
| 264 } | |
| 265 | |
| 266 protected: | |
| 267 ChromeSecurityStateModelClient* client() { return client_; } | |
| 268 | |
| 269 void signal_password() { | |
| 270 web_contents()->OnPasswordInputShownOnHttp(); | |
| 271 client_->VisibleSSLStateChanged(); | |
| 272 } | |
| 273 | |
| 274 void navigate_to_http() { NavigateAndCommit(GURL("http://example.test")); } | |
| 275 | |
| 276 private: | |
| 277 ChromeSecurityStateModelClient* client_; | |
|
estark
2016/10/26 22:56:53
Sorry, one more nit I just noticed, this should ha
| |
| 278 }; | |
| 279 | |
| 280 // Tests that UMA logs the omnibox warning when security level is | |
| 281 // HTTP_SHOW_WARNING. | |
| 282 TEST_F(ChromeSecurityStateModelClientHistogramTest, | |
| 283 HTTPOmniboxWarningHistogram) { | |
| 284 // Show Warning Chip. | |
| 285 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | |
| 286 security_state::switches::kMarkHttpAs, | |
| 287 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip); | |
| 288 | |
| 289 base::HistogramTester histograms; | |
| 290 signal_password(); | |
| 291 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); | |
| 292 | |
| 293 // Fire again and ensure no sample is recorded. | |
| 294 signal_password(); | |
| 295 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); | |
| 296 | |
| 297 // Navigate to a new page and ensure a sample is recorded. | |
| 298 navigate_to_http(); | |
| 299 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); | |
| 300 signal_password(); | |
| 301 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 2); | |
| 302 } | |
| 303 | |
| 304 // Tests that UMA logs the console warning when security level is NONE. | |
| 305 TEST_F(ChromeSecurityStateModelClientHistogramTest, | |
| 306 HTTPConsoleWarningHistogram) { | |
| 307 // Show Neutral for HTTP | |
| 308 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | |
| 309 security_state::switches::kMarkHttpAs, | |
| 310 security_state::switches::kMarkHttpAsNeutral); | |
| 311 | |
| 312 base::HistogramTester histograms; | |
| 313 signal_password(); | |
| 314 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); | |
| 315 | |
| 316 // Fire again and ensure no sample is recorded. | |
| 317 signal_password(); | |
| 318 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); | |
| 319 | |
| 320 // Navigate to a new page and ensure a sample is recorded. | |
| 321 navigate_to_http(); | |
| 322 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); | |
| 323 signal_password(); | |
| 324 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 2); | |
| 325 } | |
| 326 | |
| 245 } // namespace | 327 } // namespace |
| OLD | NEW |
