Remove Dangerous indicator after going back from interstitial

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This test creates a fake safebrowsing service, where we can inject known-
 // threat urls.  It then uses a real browser to go to these urls, and sends
 // "goback" or "proceed" commands and verifies they work.
 
 #include <algorithm>
 
@@ skipping 26 matching lines @@
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "components/safe_browsing_db/safe_browsing_prefs.h"
 #include "components/safe_browsing_db/test_database_manager.h"
 #include "components/safe_browsing_db/util.h"
 #include "components/security_interstitials/core/controller_client.h"
 #include "components/security_interstitials/core/metrics_helper.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_browser_thread.h"
 #include "content/public/test/test_utils.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/mock_cert_verifier.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
@@ skipping 53 matching lines @@
         MALWARE,
         expected_threats);
     sb_check.url_results[0] = badurls[gurl.spec()];
     sb_check.OnSafeBrowsingResult();
   }
 
   void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
     badurls[url.spec()] = threat_type;
   }
 
+  void ClearURL(const GURL& url) { badurls.erase(url.spec()); }

[Nathan Parker, 2016/10/31 23:54:38]

nit: ClearBadURL.  Same below.

[estark, 2016/11/01 02:41:16]

Done.

+
   // These are called when checking URLs, so we implement them.
   bool IsSupported() const override { return true; }
   bool ChecksAreAlwaysAsync() const override { return false; }
   bool CanCheckResourceType(
       content::ResourceType /* resource_type */) const override {
     return true;
   }
 
   // Called during startup, so must not check-fail.
   bool CheckExtensionIDs(const std::set<std::string>& extension_ids,
@@ skipping 190 matching lines @@
 
   void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
     TestSafeBrowsingService* service = factory_.test_safe_browsing_service();
     ASSERT_TRUE(service);
 
     static_cast<FakeSafeBrowsingDatabaseManager*>(
         service->database_manager().get())
         ->SetURLThreatType(url, threat_type);
   }
 
+  void ClearURL(const GURL& url) {
+    TestSafeBrowsingService* service = factory_.test_safe_browsing_service();
+    ASSERT_TRUE(service);
+
+    static_cast<FakeSafeBrowsingDatabaseManager*>(
+        service->database_manager().get())
+        ->ClearURL(url);
+  }
+
   // The basic version of this method, which uses a HTTP test URL.
   GURL SetupWarningAndNavigate() {
     return SetupWarningAndNavigateToURL(
         net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage));
   }
 
   // Navigates to a warning on a valid HTTPS website.
   GURL SetupWarningAndNavigateToValidHTTPS() {
     EXPECT_TRUE(https_server_.Start());
     scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
@@ skipping 234 matching lines @@
     ASSERT_TRUE(model_client);
     security_state::SecurityStateModel::SecurityInfo security_info;
     model_client->GetSecurityInfo(&security_info);
     EXPECT_EQ(security_state::SecurityStateModel::DANGEROUS,
               security_info.security_level);
     EXPECT_TRUE(security_info.fails_malware_check);
     // TODO(felt): Restore this check when https://crbug.com/641187 is fixed.
     // EXPECT_EQ(cert_status, model_client->GetSecurityInfo().cert_status);
   }
 
+  void ExpectNoSecurityIndicatorDowngrade(content::WebContents* tab) {
+    ChromeSecurityStateModelClient* model_client =
+        ChromeSecurityStateModelClient::FromWebContents(tab);
+    ASSERT_TRUE(model_client);
+    security_state::SecurityStateModel::SecurityInfo security_info;
+    model_client->GetSecurityInfo(&security_info);
+    EXPECT_EQ(security_state::SecurityStateModel::NONE,
+              security_info.security_level);
+    EXPECT_FALSE(security_info.fails_malware_check);
+  }
+
  protected:
   TestThreatDetailsFactory details_factory_;
 
  private:
   // Adds a safebrowsing result of the current test threat to the fake
   // safebrowsing service, navigates to that page, and returns the url.
   // The various wrappers supply different URLs.
   GURL SetupWarningAndNavigateToURL(GURL url) {
     SetURLThreatType(url, testing::get<0>(GetParam()));
     ui_test_utils::NavigateToURL(browser(), url);
@@ skipping 452 matching lines @@
   EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
   AssertNoInterstitial(true);
 }
 
 namespace {
 
 class SecurityStyleTestObserver : public content::WebContentsObserver {
  public:
   explicit SecurityStyleTestObserver(content::WebContents* web_contents)
       : content::WebContentsObserver(web_contents),
-        latest_security_style_(blink::WebSecurityStyleUnknown){};
+        latest_security_style_(blink::WebSecurityStyleUnknown) {}
 
   blink::WebSecurityStyle latest_security_style() const {
     return latest_security_style_;
   }
 
   // WebContentsObserver:
   void SecurityStyleChanged(blink::WebSecurityStyle security_style,
                             const content::SecurityStyleExplanations&
                                 security_style_explanations) override {
     latest_security_style_ = security_style;
@@ skipping 21 matching lines @@
             observer.latest_security_style());
 
   // The security indicator should still be downgraded post-interstitial.
   EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
   AssertNoInterstitial(true);
   WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(post_tab);
   ExpectSecurityIndicatorDowngrade(post_tab, 0u);
 }
 
+// Test that the security indicator does not stay downgraded after
+// clicking back from a Safe Browsing interstitial. Regression test for
+// https://crbug.com/659709.
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityStateGoBack) {
+  // Navigate to a page so that there is somewhere to go back to.
+  GURL start_url =
+      net::URLRequestMockHTTPJob::GetMockUrl("http://example.test");
+  ui_test_utils::NavigateToURL(browser(), start_url);
+
+  // The security indicator should be downgraded while the interstitial shows.
+  GURL bad_url = net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage);
+  SetupWarningAndNavigate();
+  WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(error_tab);
+  ExpectSecurityIndicatorDowngrade(error_tab, 0u);
+  content::NavigationEntry* entry =
+      error_tab->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  ASSERT_EQ(bad_url, entry->GetURL());
+
+  // Go back.
+  EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
+  EXPECT_EQ(HIDDEN, GetVisibility("details"));
+  EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
+  EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+  EXPECT_TRUE(Click("details-button"));
+  EXPECT_EQ(VISIBLE, GetVisibility("details"));
+  EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
+  EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+  EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
+
+  // The security indicator should *not* still be downgraded after going back.
+  AssertNoInterstitial(true);
+  WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(post_tab);
+  entry = post_tab->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_EQ(start_url, entry->GetURL());
+  ExpectNoSecurityIndicatorDowngrade(post_tab);
+
+  ClearURL(bad_url);
+  // Navigate to the URL that the interstitial was on, and check that it
+  // is no longer marked as dangerous.
+  ui_test_utils::NavigateToURL(browser(), bad_url);
+  ExpectNoSecurityIndicatorDowngrade(
+      browser()->tab_strip_model()->GetActiveWebContents());
+}
+
+// Test that the security indicator does not stay downgraded after
+// clicking back from a Safe Browsing interstitial triggered by a
+// subresource. Regression test for https://crbug.com/659709.
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityStateGoBackOnSubresourceInterstitial) {
+  // Navigate to a page so that there is somewhere to go back to.
+  GURL start_url =
+      net::URLRequestMockHTTPJob::GetMockUrl("http://example.test");
+  ui_test_utils::NavigateToURL(browser(), start_url);
+
+  // The security indicator should be downgraded while the interstitial shows.
+  SetupThreatIframeWarningAndNavigate();
+  WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(error_tab);
+  ExpectSecurityIndicatorDowngrade(error_tab, 0u);
+
+  // Go back.
+  EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
+  EXPECT_EQ(HIDDEN, GetVisibility("details"));
+  EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
+  EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+  EXPECT_TRUE(Click("details-button"));
+  EXPECT_EQ(VISIBLE, GetVisibility("details"));
+  EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
+  EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+  EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
+
+  // The security indicator should *not* still be downgraded after going back.
+  AssertNoInterstitial(true);
+  WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(post_tab);
+  content::NavigationEntry* entry = post_tab->GetController().GetVisibleEntry();
+  ASSERT_TRUE(entry);
+  EXPECT_EQ(start_url, entry->GetURL());
+  ExpectNoSecurityIndicatorDowngrade(post_tab);
+}
+
 // Test that the security indicator is downgraded after clicking through a
 // Safe Browsing interstitial.
 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
                        SecurityState_HTTP) {
   // The security indicator should be downgraded while the interstitial shows.
   SetupWarningAndNavigate();
   WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(error_tab);
   ExpectSecurityIndicatorDowngrade(error_tab, 0u);
 
@@ skipping 55 matching lines @@
 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are
 // displayed.
 class SafeBrowsingBlockingPageIDNTest
     : public SecurityInterstitialIDNTest,
       public testing::WithParamInterface<testing::tuple<bool, SBThreatType>> {
  protected:
   // SecurityInterstitialIDNTest implementation
   SecurityInterstitialPage* CreateInterstitial(
       content::WebContents* contents,
       const GURL& request_url) const override {
+    SafeBrowsingUIManager::CreateWhitelistForTesting(contents);
     const bool is_subresource = testing::get<0>(GetParam());
 
     SafeBrowsingService* sb_service =
         g_browser_process->safe_browsing_service();
     SafeBrowsingBlockingPage::UnsafeResource resource;
 
     resource.url = request_url;
     resource.is_subresource = is_subresource;
     resource.threat_type = testing::get<1>(GetParam());
     resource.web_contents_getter =
@@ skipping 16 matching lines @@
 
 INSTANTIATE_TEST_CASE_P(
     SafeBrowsingBlockingPageIDNTestWithThreatType,
     SafeBrowsingBlockingPageIDNTest,
     testing::Combine(testing::Values(false, true),
                      testing::Values(SB_THREAT_TYPE_URL_MALWARE,
                                      SB_THREAT_TYPE_URL_PHISHING,
                                      SB_THREAT_TYPE_URL_UNWANTED)));
 
 }  // namespace safe_browsing