chrome/browser/ssl/chrome_security_state_model_client_unittest.cc - Issue 2483423002: HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings

Side by Side Diff: chrome/browser/ssl/chrome_security_state_model_client_unittest.cc

Issue 2483423002: HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings (Closed)

Patch Set: Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc ('K') | « chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc ('k') | components/security_state/security_state_model.h » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/chrome_security_state_model_client.h"	5 #include "chrome/browser/ssl/chrome_security_state_model_client.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/test/histogram_tester.h"	8 #include "base/test/histogram_tester.h"

9 #include "chrome/test/base/chrome_render_view_host_test_harness.h"	9 #include "chrome/test/base/chrome_render_view_host_test_harness.h"

10 #include "components/security_state/security_state_model.h"	10 #include "components/security_state/security_state_model.h"

11 #include "components/security_state/switches.h"	11 #include "components/security_state/switches.h"

12 #include "content/public/browser/security_style_explanation.h"	12 #include "content/public/browser/security_style_explanation.h"

13 #include "content/public/browser/security_style_explanations.h"	13 #include "content/public/browser/security_style_explanations.h"

14 #include "net/cert/cert_status_flags.h"	14 #include "net/cert/cert_status_flags.h"

15 #include "net/ssl/ssl_cipher_suite_names.h"	15 #include "net/ssl/ssl_cipher_suite_names.h"

16 #include "net/ssl/ssl_connection_status_flags.h"	16 #include "net/ssl/ssl_connection_status_flags.h"

17 #include "testing/gtest/include/gtest/gtest.h"	17 #include "testing/gtest/include/gtest/gtest.h"

18	18

19 namespace {	19 namespace {

20	20

21 const char kHTTPBadHistogram[] =	21 const char kHTTPBadHistogramPassword[] =

22 "Security.HTTPBad.UserWarnedAboutSensitiveInput";	22 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password";

23	23

24 // Tests that SecurityInfo flags for subresources with certificate	24 // Tests that SecurityInfo flags for subresources with certificate

25 // errors are reflected in the SecurityStyleExplanations produced by	25 // errors are reflected in the SecurityStyleExplanations produced by

26 // ChromeSecurityStateModelClient.	26 // ChromeSecurityStateModelClient.

27 TEST(ChromeSecurityStateModelClientTest,	27 TEST(ChromeSecurityStateModelClientTest,

28 GetSecurityStyleForContentWithCertErrors) {	28 GetSecurityStyleForContentWithCertErrors) {

29 content::SecurityStyleExplanations explanations;	29 content::SecurityStyleExplanations explanations;

30 security_state::SecurityStateModel::SecurityInfo security_info;	30 security_state::SecurityStateModel::SecurityInfo security_info;

31 security_info.cert_status = 0;	31 security_info.cert_status = 0;

32 security_info.scheme_is_cryptographic = true;	32 security_info.scheme_is_cryptographic = true;

(...skipping 196 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
229 security_state::SecurityStateModel::HTTP_SHOW_WARNING;	229 security_state::SecurityStateModel::HTTP_SHOW_WARNING;

230 blink::WebSecurityStyle security_style =	230 blink::WebSecurityStyle security_style =

231 ChromeSecurityStateModelClient::GetSecurityStyle(security_info,	231 ChromeSecurityStateModelClient::GetSecurityStyle(security_info,

232 &explanations);	232 &explanations);

233 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style);	233 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style);

234 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size());	234 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size());

235 }	235 }

236	236

237 // Tests that a security level of NONE when there is a password or	237 // Tests that a security level of NONE when there is a password or

238 // credit card field on HTTP produces a content::SecurityStyle of	238 // credit card field on HTTP produces a content::SecurityStyle of

239 // UNAUTHENTICATED, with an info explanation.	239 // UNAUTHENTICATED, with an info explanation for each.

240 TEST(ChromeSecurityStateModelClientTest, HTTPWarningInFuture) {	240 TEST(ChromeSecurityStateModelClientTest, HTTPWarningInFuture) {

241 security_state::SecurityStateModel::SecurityInfo security_info;	241 security_state::SecurityStateModel::SecurityInfo security_info;

242 content::SecurityStyleExplanations explanations;	242 content::SecurityStyleExplanations explanations;

243 security_info.security_level = security_state::SecurityStateModel::NONE;	243 security_info.security_level = security_state::SecurityStateModel::NONE;

244 security_info.displayed_private_user_data_input_on_http = true;	244 security_info.displayed_password_field_on_http = true;

245 blink::WebSecurityStyle security_style =	245 blink::WebSecurityStyle security_style =

246 ChromeSecurityStateModelClient::GetSecurityStyle(security_info,	246 ChromeSecurityStateModelClient::GetSecurityStyle(security_info,

247 &explanations);	247 &explanations);

248 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style);	248 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style);

249 EXPECT_EQ(1u, explanations.info_explanations.size());	249 EXPECT_EQ(1u, explanations.info_explanations.size());

	250

	251 security_info.displayed_credit_card_field_on_http = true;
	estark 2016/11/09 15:56:46 Maybe you could call explanations.info_explanation Maybe you could call explanations.info_explanations.clear() here. (It's a little confusing to see 2u on line 255 because normally \|explanations\| is empty when GetSecurityStyle() is called.) lshang 2016/11/10 04:53:54 Done. Show quoted text On 2016/11/09 15:56:46, estark (slow thru Nov 18) wrote: > Maybe you could call explanations.info_explanations.clear() here. (It's a little > confusing to see 2u on line 255 because normally \|explanations\| is empty when > GetSecurityStyle() is called.) Done.
	252 security_style = ChromeSecurityStateModelClient::GetSecurityStyle(

	253 security_info, &explanations);

	254 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style);

	255 EXPECT_EQ(2u, explanations.info_explanations.size());
	estark 2016/11/09 15:56:46 Could you please add another section that one info Could you please add another section that one info explanation is added if both the password and credit card fields are true? (I'd like to have a test that we don't add two explanations if both fields are set.) lshang 2016/11/10 04:53:55 Done. Show quoted text On 2016/11/09 15:56:46, estark (slow thru Nov 18) wrote: > Could you please add another section that one info explanation is added if > both the password and credit card fields are true? (I'd like to have a test > that we don't add two explanations if both fields are set.) Done.
250 }	256 }

251	257

252 class ChromeSecurityStateModelClientHistogramTest	258 class ChromeSecurityStateModelClientHistogramTest

253 : public ChromeRenderViewHostTestHarness {	259 : public ChromeRenderViewHostTestHarness {

254 public:	260 public:

255 ChromeSecurityStateModelClientHistogramTest() {}	261 ChromeSecurityStateModelClientHistogramTest() {}

256 ~ChromeSecurityStateModelClientHistogramTest() override {}	262 ~ChromeSecurityStateModelClientHistogramTest() override {}

257	263

258 void SetUp() override {	264 void SetUp() override {

259 ChromeRenderViewHostTestHarness::SetUp();	265 ChromeRenderViewHostTestHarness::SetUp();

(...skipping 22 matching lines...) Expand all Loading...
282 // HTTP_SHOW_WARNING.	288 // HTTP_SHOW_WARNING.

283 TEST_F(ChromeSecurityStateModelClientHistogramTest,	289 TEST_F(ChromeSecurityStateModelClientHistogramTest,

284 HTTPOmniboxWarningHistogram) {	290 HTTPOmniboxWarningHistogram) {

285 // Show Warning Chip.	291 // Show Warning Chip.

286 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(	292 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(

287 security_state::switches::kMarkHttpAs,	293 security_state::switches::kMarkHttpAs,

288 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip);	294 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip);

289	295

290 base::HistogramTester histograms;	296 base::HistogramTester histograms;

291 signal_password();	297 signal_password();

292 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1);	298 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, true, 1);

293	299

294 // Fire again and ensure no sample is recorded.	300 // Fire again and ensure no sample is recorded.

295 signal_password();	301 signal_password();

296 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1);	302 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, true, 1);

297	303

298 // Navigate to a new page and ensure a sample is recorded.	304 // Navigate to a new page and ensure a sample is recorded.

299 navigate_to_http();	305 navigate_to_http();

300 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1);	306 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, true, 1);

301 signal_password();	307 signal_password();

302 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 2);	308 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, true, 2);

303 }	309 }

304	310

305 // Tests that UMA logs the console warning when security level is NONE.	311 // Tests that UMA logs the console warning when security level is NONE.

306 TEST_F(ChromeSecurityStateModelClientHistogramTest,	312 TEST_F(ChromeSecurityStateModelClientHistogramTest,

307 HTTPConsoleWarningHistogram) {	313 HTTPConsoleWarningHistogram) {

308 // Show Neutral for HTTP	314 // Show Neutral for HTTP

309 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(	315 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(

310 security_state::switches::kMarkHttpAs,	316 security_state::switches::kMarkHttpAs,

311 security_state::switches::kMarkHttpAsNeutral);	317 security_state::switches::kMarkHttpAsNeutral);

312	318

313 base::HistogramTester histograms;	319 base::HistogramTester histograms;

314 signal_password();	320 signal_password();

315 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1);	321 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, false, 1);

316	322

317 // Fire again and ensure no sample is recorded.	323 // Fire again and ensure no sample is recorded.

318 signal_password();	324 signal_password();

319 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1);	325 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, false, 1);

320	326

321 // Navigate to a new page and ensure a sample is recorded.	327 // Navigate to a new page and ensure a sample is recorded.

322 navigate_to_http();	328 navigate_to_http();

323 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1);	329 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, false, 1);

324 signal_password();	330 signal_password();

325 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 2);	331 histograms.ExpectUniqueSample(kHTTPBadHistogramPassword, false, 2);

326 }	332 }

327	333
	estark 2016/11/09 15:56:46 I think you can also use INSTANTIATE_TEST_CASE_P f I think you can also use INSTANTIATE_TEST_CASE_P for unit tests. Could you use that here so that each of these tests runs for both the password histogram and the credit card histogram? lshang 2016/11/10 04:53:55 Done. Show quoted text On 2016/11/09 15:56:46, estark (slow thru Nov 18) wrote: > I think you can also use INSTANTIATE_TEST_CASE_P for unit tests. Could you use > that here so that each of these tests runs for both the password histogram and > the credit card histogram? Done.
328 } // namespace	334 } // namespace

OLD	NEW