Chromium Code Reviews Chromium Code Reviews
Issue 2481743009:
Expose malware/phishing/etc. distinction from SafeBrowsingUIManager (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/security_state_model.h" | 5 #include "components/security_state/security_state_model.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/test/histogram_tester.h" | 10 #include "base/test/histogram_tester.h" |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 27 | 27 |
| 28 class TestSecurityStateModelClient : public SecurityStateModelClient { | 28 class TestSecurityStateModelClient : public SecurityStateModelClient { |
| 29 public: | 29 public: |
| 30 TestSecurityStateModelClient() | 30 TestSecurityStateModelClient() |
| 31 : url_(kHttpsUrl), | 31 : url_(kHttpsUrl), |
| 32 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 32 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 33 << net::SSL_CONNECTION_VERSION_SHIFT), | 33 << net::SSL_CONNECTION_VERSION_SHIFT), |
| 34 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), | 34 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
| 35 displayed_mixed_content_(false), | 35 displayed_mixed_content_(false), |
| 36 ran_mixed_content_(false), | 36 ran_mixed_content_(false), |
| 37 fails_malware_check_(false), | 37 malicious_content_status_( |
| 38 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE), | |
| 38 displayed_password_field_on_http_(false), | 39 displayed_password_field_on_http_(false), |
| 39 displayed_credit_card_field_on_http_(false) { | 40 displayed_credit_card_field_on_http_(false) { |
| 40 cert_ = | 41 cert_ = |
| 41 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); | 42 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); |
| 42 } | 43 } |
| 43 ~TestSecurityStateModelClient() override {} | 44 ~TestSecurityStateModelClient() override {} |
| 44 | 45 |
| 45 void set_connection_status(int connection_status) { | 46 void set_connection_status(int connection_status) { |
| 46 connection_status_ = connection_status; | 47 connection_status_ = connection_status; |
| 47 } | 48 } |
| 48 void SetCipherSuite(uint16_t ciphersuite) { | 49 void SetCipherSuite(uint16_t ciphersuite) { |
| 49 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); | 50 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
| 50 } | 51 } |
| 51 void AddCertStatus(net::CertStatus cert_status) { | 52 void AddCertStatus(net::CertStatus cert_status) { |
| 52 cert_status_ |= cert_status; | 53 cert_status_ |= cert_status; |
| 53 } | 54 } |
| 54 void SetDisplayedMixedContent(bool displayed_mixed_content) { | 55 void SetDisplayedMixedContent(bool displayed_mixed_content) { |
| 55 displayed_mixed_content_ = displayed_mixed_content; | 56 displayed_mixed_content_ = displayed_mixed_content; |
| 56 } | 57 } |
| 57 void SetRanMixedContent(bool ran_mixed_content) { | 58 void SetRanMixedContent(bool ran_mixed_content) { |
| 58 ran_mixed_content_ = ran_mixed_content; | 59 ran_mixed_content_ = ran_mixed_content; |
| 59 } | 60 } |
| 60 void set_fails_malware_check(bool fails_malware_check) { | 61 void set_malicious_content_status( |
| 61 fails_malware_check_ = fails_malware_check; | 62 SecurityStateModel::MaliciousContentStatus malicious_content_status) { |
| 63 malicious_content_status_ = malicious_content_status; | |
| 62 } | 64 } |
| 63 void set_displayed_password_field_on_http( | 65 void set_displayed_password_field_on_http( |
| 64 bool displayed_password_field_on_http) { | 66 bool displayed_password_field_on_http) { |
| 65 displayed_password_field_on_http_ = displayed_password_field_on_http; | 67 displayed_password_field_on_http_ = displayed_password_field_on_http; |
| 66 } | 68 } |
| 67 void set_displayed_credit_card_field_on_http( | 69 void set_displayed_credit_card_field_on_http( |
| 68 bool displayed_credit_card_field_on_http) { | 70 bool displayed_credit_card_field_on_http) { |
| 69 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; | 71 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; |
| 70 } | 72 } |
| 71 | 73 |
| 72 void UseHttpUrl() { url_ = GURL(kHttpUrl); } | 74 void UseHttpUrl() { url_ = GURL(kHttpUrl); } |
| 73 | 75 |
| 74 // SecurityStateModelClient: | 76 // SecurityStateModelClient: |
| 75 void GetVisibleSecurityState( | 77 void GetVisibleSecurityState( |
| 76 SecurityStateModel::VisibleSecurityState* state) override { | 78 SecurityStateModel::VisibleSecurityState* state) override { |
| 77 state->connection_info_initialized = true; | 79 state->connection_info_initialized = true; |
| 78 state->url = url_; | 80 state->url = url_; |
| 79 state->certificate = cert_; | 81 state->certificate = cert_; |
| 80 state->cert_status = cert_status_; | 82 state->cert_status = cert_status_; |
| 81 state->connection_status = connection_status_; | 83 state->connection_status = connection_status_; |
| 82 state->security_bits = 256; | 84 state->security_bits = 256; |
| 83 state->displayed_mixed_content = displayed_mixed_content_; | 85 state->displayed_mixed_content = displayed_mixed_content_; |
| 84 state->ran_mixed_content = ran_mixed_content_; | 86 state->ran_mixed_content = ran_mixed_content_; |
| 85 state->fails_malware_check = fails_malware_check_; | 87 state->malicious_content_status = malicious_content_status_; |
| 86 state->displayed_password_field_on_http = displayed_password_field_on_http_; | 88 state->displayed_password_field_on_http = displayed_password_field_on_http_; |
| 87 state->displayed_credit_card_field_on_http = | 89 state->displayed_credit_card_field_on_http = |
| 88 displayed_credit_card_field_on_http_; | 90 displayed_credit_card_field_on_http_; |
| 89 } | 91 } |
| 90 | 92 |
| 91 bool UsedPolicyInstalledCertificate() override { return false; } | 93 bool UsedPolicyInstalledCertificate() override { return false; } |
| 92 | 94 |
| 93 bool IsOriginSecure(const GURL& url) override { | 95 bool IsOriginSecure(const GURL& url) override { |
| 94 return url_ == GURL(kHttpsUrl); | 96 return url_ == GURL(kHttpsUrl); |
| 95 } | 97 } |
| 96 | 98 |
| 97 private: | 99 private: |
| 98 GURL url_; | 100 GURL url_; |
| 99 scoped_refptr<net::X509Certificate> cert_; | 101 scoped_refptr<net::X509Certificate> cert_; |
| 100 int connection_status_; | 102 int connection_status_; |
| 101 net::CertStatus cert_status_; | 103 net::CertStatus cert_status_; |
| 102 bool displayed_mixed_content_; | 104 bool displayed_mixed_content_; |
| 103 bool ran_mixed_content_; | 105 bool ran_mixed_content_; |
| 104 bool fails_malware_check_; | 106 SecurityStateModel::MaliciousContentStatus malicious_content_status_; |
| 105 bool displayed_password_field_on_http_; | 107 bool displayed_password_field_on_http_; |
| 106 bool displayed_credit_card_field_on_http_; | 108 bool displayed_credit_card_field_on_http_; |
| 107 }; | 109 }; |
| 108 | 110 |
| 109 // Tests that SHA1-signed certificates expiring in 2016 downgrade the | 111 // Tests that SHA1-signed certificates expiring in 2016 downgrade the |
| 110 // security state of the page. | 112 // security state of the page. |
| 111 TEST(SecurityStateModelTest, SHA1Warning) { | 113 TEST(SecurityStateModelTest, SHA1Warning) { |
| 112 TestSecurityStateModelClient client; | 114 TestSecurityStateModelClient client; |
| 113 SecurityStateModel model; | 115 SecurityStateModel model; |
| 114 model.SetClient(&client); | 116 model.SetClient(&client); |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 211 TEST(SecurityStateModelTest, MalwareOverride) { | 213 TEST(SecurityStateModelTest, MalwareOverride) { |
| 212 TestSecurityStateModelClient client; | 214 TestSecurityStateModelClient client; |
| 213 SecurityStateModel model; | 215 SecurityStateModel model; |
| 214 model.SetClient(&client); | 216 model.SetClient(&client); |
| 215 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 217 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 216 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param eters-4 | 218 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param eters-4 |
| 217 const uint16_t ciphersuite = 0xc02f; | 219 const uint16_t ciphersuite = 0xc02f; |
| 218 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 220 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 219 << net::SSL_CONNECTION_VERSION_SHIFT); | 221 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 220 client.SetCipherSuite(ciphersuite); | 222 client.SetCipherSuite(ciphersuite); |
| 221 client.set_fails_malware_check(true); | 223 client.set_malicious_content_status( |
| 224 SecurityStateModel::MALICIOUS_CONTENT_STATUS_MALWARE); | |
| 222 SecurityStateModel::SecurityInfo security_info; | 225 SecurityStateModel::SecurityInfo security_info; |
| 223 model.GetSecurityInfo(&security_info); | 226 model.GetSecurityInfo(&security_info); |
| 224 EXPECT_TRUE(security_info.fails_malware_check); | 227 EXPECT_EQ(SecurityStateModel::MALICIOUS_CONTENT_STATUS_MALWARE, |
|
Nathan Parker
2016/11/10 00:13:04
nit: Do you want a check to verify it starts in th
estark
2016/11/11 20:28:14
Done.
| |
| 228 security_info.malicious_content_status); | |
| 225 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); | 229 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); |
| 226 } | 230 } |
| 227 | 231 |
| 228 // Tests that the malware/phishing status is set, even if other connection info | 232 // Tests that the malware/phishing status is set, even if other connection info |
| 229 // is not available. | 233 // is not available. |
| 230 TEST(SecurityStateModelTest, MalwareWithoutCOnnectionState) { | 234 TEST(SecurityStateModelTest, MalwareWithoutCOnnectionState) { |
| 231 TestSecurityStateModelClient client; | 235 TestSecurityStateModelClient client; |
| 232 SecurityStateModel model; | 236 SecurityStateModel model; |
| 233 model.SetClient(&client); | 237 model.SetClient(&client); |
| 234 client.set_fails_malware_check(true); | 238 client.set_malicious_content_status( |
| 239 SecurityStateModel::MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING); | |
| 235 SecurityStateModel::SecurityInfo security_info; | 240 SecurityStateModel::SecurityInfo security_info; |
| 236 model.GetSecurityInfo(&security_info); | 241 model.GetSecurityInfo(&security_info); |
| 237 EXPECT_TRUE(security_info.fails_malware_check); | 242 EXPECT_EQ(SecurityStateModel::MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, |
| 243 security_info.malicious_content_status); | |
| 238 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); | 244 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); |
| 239 } | 245 } |
| 240 | 246 |
| 241 // Tests that password fields cause the security level to be downgraded | 247 // Tests that password fields cause the security level to be downgraded |
| 242 // to HTTP_SHOW_WARNING when the command-line switch is set. | 248 // to HTTP_SHOW_WARNING when the command-line switch is set. |
| 243 TEST(SecurityStateModelTest, PasswordFieldWarning) { | 249 TEST(SecurityStateModelTest, PasswordFieldWarning) { |
| 244 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 250 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 245 switches::kMarkHttpAs, | 251 switches::kMarkHttpAs, |
| 246 switches::kMarkHttpWithPasswordsOrCcWithChip); | 252 switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 247 TestSecurityStateModelClient client; | 253 TestSecurityStateModelClient client; |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 325 | 331 |
| 326 // Ensure histogram recorded correctly even without a password input. | 332 // Ensure histogram recorded correctly even without a password input. |
| 327 client.set_displayed_password_field_on_http(false); | 333 client.set_displayed_password_field_on_http(false); |
| 328 model.GetSecurityInfo(&security_info); | 334 model.GetSecurityInfo(&security_info); |
| 329 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 335 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); |
| 330 } | 336 } |
| 331 | 337 |
| 332 } // namespace | 338 } // namespace |
| 333 | 339 |
| 334 } // namespace security_state | 340 } // namespace security_state |
| OLD | NEW |
