OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This test creates a fake safebrowsing service, where we can inject known- | 5 // This test creates a fake safebrowsing service, where we can inject known- |
6 // threat urls. It then uses a real browser to go to these urls, and sends | 6 // threat urls. It then uses a real browser to go to these urls, and sends |
7 // "goback" or "proceed" commands and verifies they work. | 7 // "goback" or "proceed" commands and verifies they work. |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 26 matching lines...) Expand all Loading... |
37 #include "chrome/test/base/ui_test_utils.h" | 37 #include "chrome/test/base/ui_test_utils.h" |
38 #include "components/prefs/pref_service.h" | 38 #include "components/prefs/pref_service.h" |
39 #include "components/safe_browsing_db/database_manager.h" | 39 #include "components/safe_browsing_db/database_manager.h" |
40 #include "components/safe_browsing_db/safe_browsing_prefs.h" | 40 #include "components/safe_browsing_db/safe_browsing_prefs.h" |
41 #include "components/safe_browsing_db/test_database_manager.h" | 41 #include "components/safe_browsing_db/test_database_manager.h" |
42 #include "components/safe_browsing_db/util.h" | 42 #include "components/safe_browsing_db/util.h" |
43 #include "components/security_interstitials/core/controller_client.h" | 43 #include "components/security_interstitials/core/controller_client.h" |
44 #include "components/security_interstitials/core/metrics_helper.h" | 44 #include "components/security_interstitials/core/metrics_helper.h" |
45 #include "content/public/browser/interstitial_page.h" | 45 #include "content/public/browser/interstitial_page.h" |
46 #include "content/public/browser/navigation_controller.h" | 46 #include "content/public/browser/navigation_controller.h" |
| 47 #include "content/public/browser/navigation_entry.h" |
47 #include "content/public/browser/notification_types.h" | 48 #include "content/public/browser/notification_types.h" |
48 #include "content/public/browser/render_frame_host.h" | 49 #include "content/public/browser/render_frame_host.h" |
49 #include "content/public/browser/render_process_host.h" | 50 #include "content/public/browser/render_process_host.h" |
50 #include "content/public/browser/web_contents.h" | 51 #include "content/public/browser/web_contents.h" |
51 #include "content/public/test/browser_test_utils.h" | 52 #include "content/public/test/browser_test_utils.h" |
52 #include "content/public/test/test_browser_thread.h" | 53 #include "content/public/test/test_browser_thread.h" |
53 #include "content/public/test/test_utils.h" | 54 #include "content/public/test/test_utils.h" |
54 #include "net/cert/cert_verify_result.h" | 55 #include "net/cert/cert_verify_result.h" |
55 #include "net/cert/mock_cert_verifier.h" | 56 #include "net/cert/mock_cert_verifier.h" |
56 #include "net/test/embedded_test_server/embedded_test_server.h" | 57 #include "net/test/embedded_test_server/embedded_test_server.h" |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
110 MALWARE, | 111 MALWARE, |
111 expected_threats); | 112 expected_threats); |
112 sb_check.url_results[0] = badurls[gurl.spec()]; | 113 sb_check.url_results[0] = badurls[gurl.spec()]; |
113 sb_check.OnSafeBrowsingResult(); | 114 sb_check.OnSafeBrowsingResult(); |
114 } | 115 } |
115 | 116 |
116 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { | 117 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { |
117 badurls[url.spec()] = threat_type; | 118 badurls[url.spec()] = threat_type; |
118 } | 119 } |
119 | 120 |
| 121 void ClearBadURL(const GURL& url) { badurls.erase(url.spec()); } |
| 122 |
120 // These are called when checking URLs, so we implement them. | 123 // These are called when checking URLs, so we implement them. |
121 bool IsSupported() const override { return true; } | 124 bool IsSupported() const override { return true; } |
122 bool ChecksAreAlwaysAsync() const override { return false; } | 125 bool ChecksAreAlwaysAsync() const override { return false; } |
123 bool CanCheckResourceType( | 126 bool CanCheckResourceType( |
124 content::ResourceType /* resource_type */) const override { | 127 content::ResourceType /* resource_type */) const override { |
125 return true; | 128 return true; |
126 } | 129 } |
127 | 130 |
128 // Called during startup, so must not check-fail. | 131 // Called during startup, so must not check-fail. |
129 bool CheckExtensionIDs(const std::set<std::string>& extension_ids, | 132 bool CheckExtensionIDs(const std::set<std::string>& extension_ids, |
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
320 | 323 |
321 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { | 324 void SetURLThreatType(const GURL& url, SBThreatType threat_type) { |
322 TestSafeBrowsingService* service = factory_.test_safe_browsing_service(); | 325 TestSafeBrowsingService* service = factory_.test_safe_browsing_service(); |
323 ASSERT_TRUE(service); | 326 ASSERT_TRUE(service); |
324 | 327 |
325 static_cast<FakeSafeBrowsingDatabaseManager*>( | 328 static_cast<FakeSafeBrowsingDatabaseManager*>( |
326 service->database_manager().get()) | 329 service->database_manager().get()) |
327 ->SetURLThreatType(url, threat_type); | 330 ->SetURLThreatType(url, threat_type); |
328 } | 331 } |
329 | 332 |
| 333 void ClearBadURL(const GURL& url) { |
| 334 TestSafeBrowsingService* service = factory_.test_safe_browsing_service(); |
| 335 ASSERT_TRUE(service); |
| 336 |
| 337 static_cast<FakeSafeBrowsingDatabaseManager*>( |
| 338 service->database_manager().get()) |
| 339 ->ClearBadURL(url); |
| 340 } |
| 341 |
330 // The basic version of this method, which uses a HTTP test URL. | 342 // The basic version of this method, which uses a HTTP test URL. |
331 GURL SetupWarningAndNavigate() { | 343 GURL SetupWarningAndNavigate() { |
332 return SetupWarningAndNavigateToURL( | 344 return SetupWarningAndNavigateToURL( |
333 net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage)); | 345 net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage)); |
334 } | 346 } |
335 | 347 |
336 // Navigates to a warning on a valid HTTPS website. | 348 // Navigates to a warning on a valid HTTPS website. |
337 GURL SetupWarningAndNavigateToValidHTTPS() { | 349 GURL SetupWarningAndNavigateToValidHTTPS() { |
338 EXPECT_TRUE(https_server_.Start()); | 350 EXPECT_TRUE(https_server_.Start()); |
339 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 351 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
574 ASSERT_TRUE(model_client); | 586 ASSERT_TRUE(model_client); |
575 security_state::SecurityStateModel::SecurityInfo security_info; | 587 security_state::SecurityStateModel::SecurityInfo security_info; |
576 model_client->GetSecurityInfo(&security_info); | 588 model_client->GetSecurityInfo(&security_info); |
577 EXPECT_EQ(security_state::SecurityStateModel::DANGEROUS, | 589 EXPECT_EQ(security_state::SecurityStateModel::DANGEROUS, |
578 security_info.security_level); | 590 security_info.security_level); |
579 EXPECT_TRUE(security_info.fails_malware_check); | 591 EXPECT_TRUE(security_info.fails_malware_check); |
580 // TODO(felt): Restore this check when https://crbug.com/641187 is fixed. | 592 // TODO(felt): Restore this check when https://crbug.com/641187 is fixed. |
581 // EXPECT_EQ(cert_status, model_client->GetSecurityInfo().cert_status); | 593 // EXPECT_EQ(cert_status, model_client->GetSecurityInfo().cert_status); |
582 } | 594 } |
583 | 595 |
| 596 void ExpectNoSecurityIndicatorDowngrade(content::WebContents* tab) { |
| 597 ChromeSecurityStateModelClient* model_client = |
| 598 ChromeSecurityStateModelClient::FromWebContents(tab); |
| 599 ASSERT_TRUE(model_client); |
| 600 security_state::SecurityStateModel::SecurityInfo security_info; |
| 601 model_client->GetSecurityInfo(&security_info); |
| 602 EXPECT_EQ(security_state::SecurityStateModel::NONE, |
| 603 security_info.security_level); |
| 604 EXPECT_FALSE(security_info.fails_malware_check); |
| 605 } |
| 606 |
584 protected: | 607 protected: |
585 TestThreatDetailsFactory details_factory_; | 608 TestThreatDetailsFactory details_factory_; |
586 | 609 |
587 private: | 610 private: |
588 // Adds a safebrowsing result of the current test threat to the fake | 611 // Adds a safebrowsing result of the current test threat to the fake |
589 // safebrowsing service, navigates to that page, and returns the url. | 612 // safebrowsing service, navigates to that page, and returns the url. |
590 // The various wrappers supply different URLs. | 613 // The various wrappers supply different URLs. |
591 GURL SetupWarningAndNavigateToURL(GURL url) { | 614 GURL SetupWarningAndNavigateToURL(GURL url) { |
592 SetURLThreatType(url, testing::get<0>(GetParam())); | 615 SetURLThreatType(url, testing::get<0>(GetParam())); |
593 ui_test_utils::NavigateToURL(browser(), url); | 616 ui_test_utils::NavigateToURL(browser(), url); |
(...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1046 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1069 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
1047 AssertNoInterstitial(true); | 1070 AssertNoInterstitial(true); |
1048 } | 1071 } |
1049 | 1072 |
1050 namespace { | 1073 namespace { |
1051 | 1074 |
1052 class SecurityStyleTestObserver : public content::WebContentsObserver { | 1075 class SecurityStyleTestObserver : public content::WebContentsObserver { |
1053 public: | 1076 public: |
1054 explicit SecurityStyleTestObserver(content::WebContents* web_contents) | 1077 explicit SecurityStyleTestObserver(content::WebContents* web_contents) |
1055 : content::WebContentsObserver(web_contents), | 1078 : content::WebContentsObserver(web_contents), |
1056 latest_security_style_(blink::WebSecurityStyleUnknown){}; | 1079 latest_security_style_(blink::WebSecurityStyleUnknown) {} |
1057 | 1080 |
1058 blink::WebSecurityStyle latest_security_style() const { | 1081 blink::WebSecurityStyle latest_security_style() const { |
1059 return latest_security_style_; | 1082 return latest_security_style_; |
1060 } | 1083 } |
1061 | 1084 |
1062 // WebContentsObserver: | 1085 // WebContentsObserver: |
1063 void SecurityStyleChanged(blink::WebSecurityStyle security_style, | 1086 void SecurityStyleChanged(blink::WebSecurityStyle security_style, |
1064 const content::SecurityStyleExplanations& | 1087 const content::SecurityStyleExplanations& |
1065 security_style_explanations) override { | 1088 security_style_explanations) override { |
1066 latest_security_style_ = security_style; | 1089 latest_security_style_ = security_style; |
(...skipping 21 matching lines...) Expand all Loading... |
1088 observer.latest_security_style()); | 1111 observer.latest_security_style()); |
1089 | 1112 |
1090 // The security indicator should still be downgraded post-interstitial. | 1113 // The security indicator should still be downgraded post-interstitial. |
1091 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); | 1114 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link")); |
1092 AssertNoInterstitial(true); | 1115 AssertNoInterstitial(true); |
1093 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1116 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
1094 ASSERT_TRUE(post_tab); | 1117 ASSERT_TRUE(post_tab); |
1095 ExpectSecurityIndicatorDowngrade(post_tab, 0u); | 1118 ExpectSecurityIndicatorDowngrade(post_tab, 0u); |
1096 } | 1119 } |
1097 | 1120 |
| 1121 // Test that the security indicator does not stay downgraded after |
| 1122 // clicking back from a Safe Browsing interstitial. Regression test for |
| 1123 // https://crbug.com/659709. |
| 1124 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 1125 SecurityStateGoBack) { |
| 1126 // Navigate to a page so that there is somewhere to go back to. |
| 1127 GURL start_url = |
| 1128 net::URLRequestMockHTTPJob::GetMockUrl("http://example.test"); |
| 1129 ui_test_utils::NavigateToURL(browser(), start_url); |
| 1130 |
| 1131 // The security indicator should be downgraded while the interstitial shows. |
| 1132 GURL bad_url = net::URLRequestMockHTTPJob::GetMockUrl(kEmptyPage); |
| 1133 SetupWarningAndNavigate(); |
| 1134 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1135 ASSERT_TRUE(error_tab); |
| 1136 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
| 1137 content::NavigationEntry* entry = |
| 1138 error_tab->GetController().GetVisibleEntry(); |
| 1139 ASSERT_TRUE(entry); |
| 1140 ASSERT_EQ(bad_url, entry->GetURL()); |
| 1141 |
| 1142 // Go back. |
| 1143 EXPECT_EQ(VISIBLE, GetVisibility("primary-button")); |
| 1144 EXPECT_EQ(HIDDEN, GetVisibility("details")); |
| 1145 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link")); |
| 1146 EXPECT_EQ(HIDDEN, GetVisibility("error-code")); |
| 1147 EXPECT_TRUE(Click("details-button")); |
| 1148 EXPECT_EQ(VISIBLE, GetVisibility("details")); |
| 1149 EXPECT_EQ(VISIBLE, GetVisibility("proceed-link")); |
| 1150 EXPECT_EQ(HIDDEN, GetVisibility("error-code")); |
| 1151 EXPECT_TRUE(ClickAndWaitForDetach("primary-button")); |
| 1152 |
| 1153 // The security indicator should *not* still be downgraded after going back. |
| 1154 AssertNoInterstitial(true); |
| 1155 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1156 ASSERT_TRUE(post_tab); |
| 1157 entry = post_tab->GetController().GetVisibleEntry(); |
| 1158 ASSERT_TRUE(entry); |
| 1159 EXPECT_EQ(start_url, entry->GetURL()); |
| 1160 ExpectNoSecurityIndicatorDowngrade(post_tab); |
| 1161 |
| 1162 ClearBadURL(bad_url); |
| 1163 // Navigate to the URL that the interstitial was on, and check that it |
| 1164 // is no longer marked as dangerous. |
| 1165 ui_test_utils::NavigateToURL(browser(), bad_url); |
| 1166 ExpectNoSecurityIndicatorDowngrade( |
| 1167 browser()->tab_strip_model()->GetActiveWebContents()); |
| 1168 } |
| 1169 |
| 1170 // Test that the security indicator does not stay downgraded after |
| 1171 // clicking back from a Safe Browsing interstitial triggered by a |
| 1172 // subresource. Regression test for https://crbug.com/659709. |
| 1173 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 1174 SecurityStateGoBackOnSubresourceInterstitial) { |
| 1175 // Navigate to a page so that there is somewhere to go back to. |
| 1176 GURL start_url = |
| 1177 net::URLRequestMockHTTPJob::GetMockUrl("http://example.test"); |
| 1178 ui_test_utils::NavigateToURL(browser(), start_url); |
| 1179 |
| 1180 // The security indicator should be downgraded while the interstitial shows. |
| 1181 SetupThreatIframeWarningAndNavigate(); |
| 1182 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1183 ASSERT_TRUE(error_tab); |
| 1184 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
| 1185 |
| 1186 // Go back. |
| 1187 EXPECT_EQ(VISIBLE, GetVisibility("primary-button")); |
| 1188 EXPECT_EQ(HIDDEN, GetVisibility("details")); |
| 1189 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link")); |
| 1190 EXPECT_EQ(HIDDEN, GetVisibility("error-code")); |
| 1191 EXPECT_TRUE(Click("details-button")); |
| 1192 EXPECT_EQ(VISIBLE, GetVisibility("details")); |
| 1193 EXPECT_EQ(VISIBLE, GetVisibility("proceed-link")); |
| 1194 EXPECT_EQ(HIDDEN, GetVisibility("error-code")); |
| 1195 EXPECT_TRUE(ClickAndWaitForDetach("primary-button")); |
| 1196 |
| 1197 // The security indicator should *not* still be downgraded after going back. |
| 1198 AssertNoInterstitial(true); |
| 1199 WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1200 ASSERT_TRUE(post_tab); |
| 1201 content::NavigationEntry* entry = post_tab->GetController().GetVisibleEntry(); |
| 1202 ASSERT_TRUE(entry); |
| 1203 EXPECT_EQ(start_url, entry->GetURL()); |
| 1204 ExpectNoSecurityIndicatorDowngrade(post_tab); |
| 1205 } |
| 1206 |
1098 // Test that the security indicator is downgraded after clicking through a | 1207 // Test that the security indicator is downgraded after clicking through a |
1099 // Safe Browsing interstitial. | 1208 // Safe Browsing interstitial. |
1100 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 1209 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
1101 SecurityState_HTTP) { | 1210 SecurityState_HTTP) { |
1102 // The security indicator should be downgraded while the interstitial shows. | 1211 // The security indicator should be downgraded while the interstitial shows. |
1103 SetupWarningAndNavigate(); | 1212 SetupWarningAndNavigate(); |
1104 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1213 WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents(); |
1105 ASSERT_TRUE(error_tab); | 1214 ASSERT_TRUE(error_tab); |
1106 ExpectSecurityIndicatorDowngrade(error_tab, 0u); | 1215 ExpectSecurityIndicatorDowngrade(error_tab, 0u); |
1107 | 1216 |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1163 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are | 1272 // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are |
1164 // displayed. | 1273 // displayed. |
1165 class SafeBrowsingBlockingPageIDNTest | 1274 class SafeBrowsingBlockingPageIDNTest |
1166 : public SecurityInterstitialIDNTest, | 1275 : public SecurityInterstitialIDNTest, |
1167 public testing::WithParamInterface<testing::tuple<bool, SBThreatType>> { | 1276 public testing::WithParamInterface<testing::tuple<bool, SBThreatType>> { |
1168 protected: | 1277 protected: |
1169 // SecurityInterstitialIDNTest implementation | 1278 // SecurityInterstitialIDNTest implementation |
1170 SecurityInterstitialPage* CreateInterstitial( | 1279 SecurityInterstitialPage* CreateInterstitial( |
1171 content::WebContents* contents, | 1280 content::WebContents* contents, |
1172 const GURL& request_url) const override { | 1281 const GURL& request_url) const override { |
| 1282 SafeBrowsingUIManager::CreateWhitelistForTesting(contents); |
1173 const bool is_subresource = testing::get<0>(GetParam()); | 1283 const bool is_subresource = testing::get<0>(GetParam()); |
1174 | 1284 |
1175 SafeBrowsingService* sb_service = | 1285 SafeBrowsingService* sb_service = |
1176 g_browser_process->safe_browsing_service(); | 1286 g_browser_process->safe_browsing_service(); |
1177 SafeBrowsingBlockingPage::UnsafeResource resource; | 1287 SafeBrowsingBlockingPage::UnsafeResource resource; |
1178 | 1288 |
1179 resource.url = request_url; | 1289 resource.url = request_url; |
1180 resource.is_subresource = is_subresource; | 1290 resource.is_subresource = is_subresource; |
1181 resource.threat_type = testing::get<1>(GetParam()); | 1291 resource.threat_type = testing::get<1>(GetParam()); |
1182 resource.web_contents_getter = | 1292 resource.web_contents_getter = |
(...skipping 16 matching lines...) Expand all Loading... |
1199 | 1309 |
1200 INSTANTIATE_TEST_CASE_P( | 1310 INSTANTIATE_TEST_CASE_P( |
1201 SafeBrowsingBlockingPageIDNTestWithThreatType, | 1311 SafeBrowsingBlockingPageIDNTestWithThreatType, |
1202 SafeBrowsingBlockingPageIDNTest, | 1312 SafeBrowsingBlockingPageIDNTest, |
1203 testing::Combine(testing::Values(false, true), | 1313 testing::Combine(testing::Values(false, true), |
1204 testing::Values(SB_THREAT_TYPE_URL_MALWARE, | 1314 testing::Values(SB_THREAT_TYPE_URL_MALWARE, |
1205 SB_THREAT_TYPE_URL_PHISHING, | 1315 SB_THREAT_TYPE_URL_PHISHING, |
1206 SB_THREAT_TYPE_URL_UNWANTED))); | 1316 SB_THREAT_TYPE_URL_UNWANTED))); |
1207 | 1317 |
1208 } // namespace safe_browsing | 1318 } // namespace safe_browsing |
OLD | NEW |