| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/test/histogram_tester.h" | 8 #include "base/test/histogram_tester.h" |
| 9 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | 9 #include "chrome/test/base/chrome_render_view_host_test_harness.h" |
| 10 #include "components/security_state/security_state_model.h" | 10 #include "components/security_state/security_state_model.h" |
| 11 #include "components/security_state/switches.h" | 11 #include "components/security_state/switches.h" |
| 12 #include "content/public/browser/security_style_explanation.h" | 12 #include "content/public/browser/security_style_explanation.h" |
| 13 #include "content/public/browser/security_style_explanations.h" | 13 #include "content/public/browser/security_style_explanations.h" |
| 14 #include "net/cert/cert_status_flags.h" | 14 #include "net/cert/cert_status_flags.h" |
| 15 #include "net/ssl/ssl_cipher_suite_names.h" | 15 #include "net/ssl/ssl_cipher_suite_names.h" |
| 16 #include "net/ssl/ssl_connection_status_flags.h" | 16 #include "net/ssl/ssl_connection_status_flags.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 18 |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 const char kHTTPBadHistogram[] = |
| 22 "Security.HTTPBad.UserWarnedAboutSensitiveInput"; |
| 23 |
| 21 // Tests that SecurityInfo flags for subresources with certificate | 24 // Tests that SecurityInfo flags for subresources with certificate |
| 22 // errors are reflected in the SecurityStyleExplanations produced by | 25 // errors are reflected in the SecurityStyleExplanations produced by |
| 23 // ChromeSecurityStateModelClient. | 26 // ChromeSecurityStateModelClient. |
| 24 TEST(ChromeSecurityStateModelClientTest, | 27 TEST(ChromeSecurityStateModelClientTest, |
| 25 GetSecurityStyleForContentWithCertErrors) { | 28 GetSecurityStyleForContentWithCertErrors) { |
| 26 content::SecurityStyleExplanations explanations; | 29 content::SecurityStyleExplanations explanations; |
| 27 security_state::SecurityStateModel::SecurityInfo security_info; | 30 security_state::SecurityStateModel::SecurityInfo security_info; |
| 28 security_info.cert_status = 0; | 31 security_info.cert_status = 0; |
| 29 security_info.scheme_is_cryptographic = true; | 32 security_info.scheme_is_cryptographic = true; |
| 30 | 33 |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 226 security_state::SecurityStateModel::HTTP_SHOW_WARNING; | 229 security_state::SecurityStateModel::HTTP_SHOW_WARNING; |
| 227 blink::WebSecurityStyle security_style = | 230 blink::WebSecurityStyle security_style = |
| 228 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 231 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 229 &explanations); | 232 &explanations); |
| 230 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 233 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 231 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size()); | 234 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size()); |
| 232 } | 235 } |
| 233 | 236 |
| 234 // Tests that a security level of NONE when there is a password or | 237 // Tests that a security level of NONE when there is a password or |
| 235 // credit card field on HTTP produces a content::SecurityStyle of | 238 // credit card field on HTTP produces a content::SecurityStyle of |
| 236 // UNAUTHENTICATED, with an info explanation for each. | 239 // UNAUTHENTICATED, with an info explanation. |
| 237 TEST(ChromeSecurityStateModelClientTest, HTTPWarningInFuture) { | 240 TEST(ChromeSecurityStateModelClientTest, HTTPWarningInFuture) { |
| 238 security_state::SecurityStateModel::SecurityInfo security_info; | 241 security_state::SecurityStateModel::SecurityInfo security_info; |
| 239 content::SecurityStyleExplanations explanations; | 242 content::SecurityStyleExplanations explanations; |
| 240 security_info.security_level = security_state::SecurityStateModel::NONE; | 243 security_info.security_level = security_state::SecurityStateModel::NONE; |
| 241 security_info.displayed_password_field_on_http = true; | 244 security_info.displayed_private_user_data_input_on_http = true; |
| 242 blink::WebSecurityStyle security_style = | 245 blink::WebSecurityStyle security_style = |
| 243 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 246 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 244 &explanations); | 247 &explanations); |
| 245 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 248 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 246 EXPECT_EQ(1u, explanations.info_explanations.size()); | 249 EXPECT_EQ(1u, explanations.info_explanations.size()); |
| 247 | |
| 248 explanations.info_explanations.clear(); | |
| 249 security_info.displayed_credit_card_field_on_http = true; | |
| 250 security_style = ChromeSecurityStateModelClient::GetSecurityStyle( | |
| 251 security_info, &explanations); | |
| 252 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | |
| 253 EXPECT_EQ(1u, explanations.info_explanations.size()); | |
| 254 | |
| 255 // Check that when both password and credit card fields get displayed, only | |
| 256 // one explanation is added. | |
| 257 explanations.info_explanations.clear(); | |
| 258 security_info.displayed_credit_card_field_on_http = true; | |
| 259 security_info.displayed_password_field_on_http = true; | |
| 260 security_style = ChromeSecurityStateModelClient::GetSecurityStyle( | |
| 261 security_info, &explanations); | |
| 262 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | |
| 263 EXPECT_EQ(1u, explanations.info_explanations.size()); | |
| 264 } | 250 } |
| 265 | 251 |
| 266 class ChromeSecurityStateModelClientHistogramTest | 252 class ChromeSecurityStateModelClientHistogramTest |
| 267 : public ChromeRenderViewHostTestHarness, | 253 : public ChromeRenderViewHostTestHarness { |
| 268 public testing::WithParamInterface<bool> { | |
| 269 public: | 254 public: |
| 270 ChromeSecurityStateModelClientHistogramTest() {} | 255 ChromeSecurityStateModelClientHistogramTest() {} |
| 271 ~ChromeSecurityStateModelClientHistogramTest() override {} | 256 ~ChromeSecurityStateModelClientHistogramTest() override {} |
| 272 | 257 |
| 273 void SetUp() override { | 258 void SetUp() override { |
| 274 ChromeRenderViewHostTestHarness::SetUp(); | 259 ChromeRenderViewHostTestHarness::SetUp(); |
| 275 | 260 |
| 276 ChromeSecurityStateModelClient::CreateForWebContents(web_contents()); | 261 ChromeSecurityStateModelClient::CreateForWebContents(web_contents()); |
| 277 client_ = ChromeSecurityStateModelClient::FromWebContents(web_contents()); | 262 client_ = ChromeSecurityStateModelClient::FromWebContents(web_contents()); |
| 278 navigate_to_http(); | 263 navigate_to_http(); |
| 279 } | 264 } |
| 280 | 265 |
| 281 protected: | 266 protected: |
| 282 ChromeSecurityStateModelClient* client() { return client_; } | 267 ChromeSecurityStateModelClient* client() { return client_; } |
| 283 | 268 |
| 284 void signal_sensitive_input() { | 269 void signal_password() { |
| 285 if (GetParam()) | 270 web_contents()->OnPasswordInputShownOnHttp(); |
| 286 web_contents()->OnPasswordInputShownOnHttp(); | |
| 287 else | |
| 288 web_contents()->OnCreditCardInputShownOnHttp(); | |
| 289 client_->VisibleSecurityStateChanged(); | 271 client_->VisibleSecurityStateChanged(); |
| 290 } | 272 } |
| 291 | 273 |
| 292 const std::string histogram_name() { | |
| 293 if (GetParam()) | |
| 294 return "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password"; | |
| 295 else | |
| 296 return "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard"; | |
| 297 } | |
| 298 | |
| 299 void navigate_to_http() { NavigateAndCommit(GURL("http://example.test")); } | 274 void navigate_to_http() { NavigateAndCommit(GURL("http://example.test")); } |
| 300 | 275 |
| 301 void navigate_to_different_http_page() { | 276 void navigate_to_different_http_page() { |
| 302 NavigateAndCommit(GURL("http://example2.test")); | 277 NavigateAndCommit(GURL("http://example2.test")); |
| 303 } | 278 } |
| 304 | 279 |
| 305 private: | 280 private: |
| 306 ChromeSecurityStateModelClient* client_; | 281 ChromeSecurityStateModelClient* client_; |
| 307 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientHistogramTest); | 282 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientHistogramTest); |
| 308 }; | 283 }; |
| 309 | 284 |
| 310 // Tests that UMA logs the omnibox warning when security level is | 285 // Tests that UMA logs the omnibox warning when security level is |
| 311 // HTTP_SHOW_WARNING. | 286 // HTTP_SHOW_WARNING. |
| 312 TEST_P(ChromeSecurityStateModelClientHistogramTest, | 287 TEST_F(ChromeSecurityStateModelClientHistogramTest, |
| 313 HTTPOmniboxWarningHistogram) { | 288 HTTPOmniboxWarningHistogram) { |
| 314 // Show Warning Chip. | 289 // Show Warning Chip. |
| 315 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 290 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 316 security_state::switches::kMarkHttpAs, | 291 security_state::switches::kMarkHttpAs, |
| 317 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip); | 292 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 318 | 293 |
| 319 base::HistogramTester histograms; | 294 base::HistogramTester histograms; |
| 320 signal_sensitive_input(); | 295 signal_password(); |
| 321 histograms.ExpectUniqueSample(histogram_name(), true, 1); | 296 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); |
| 322 | 297 |
| 323 // Fire again and ensure no sample is recorded. | 298 // Fire again and ensure no sample is recorded. |
| 324 signal_sensitive_input(); | 299 signal_password(); |
| 325 histograms.ExpectUniqueSample(histogram_name(), true, 1); | 300 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); |
| 326 | 301 |
| 327 // Navigate to a new page and ensure a sample is recorded. | 302 // Navigate to a new page and ensure a sample is recorded. |
| 328 navigate_to_different_http_page(); | 303 navigate_to_different_http_page(); |
| 329 histograms.ExpectUniqueSample(histogram_name(), true, 1); | 304 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 1); |
| 330 signal_sensitive_input(); | 305 signal_password(); |
| 331 histograms.ExpectUniqueSample(histogram_name(), true, 2); | 306 histograms.ExpectUniqueSample(kHTTPBadHistogram, true, 2); |
| 332 } | 307 } |
| 333 | 308 |
| 334 // Tests that UMA logs the console warning when security level is NONE. | 309 // Tests that UMA logs the console warning when security level is NONE. |
| 335 TEST_P(ChromeSecurityStateModelClientHistogramTest, | 310 TEST_F(ChromeSecurityStateModelClientHistogramTest, |
| 336 HTTPConsoleWarningHistogram) { | 311 HTTPConsoleWarningHistogram) { |
| 337 // Show Neutral for HTTP | 312 // Show Neutral for HTTP |
| 338 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 313 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 339 security_state::switches::kMarkHttpAs, | 314 security_state::switches::kMarkHttpAs, |
| 340 security_state::switches::kMarkHttpAsNeutral); | 315 security_state::switches::kMarkHttpAsNeutral); |
| 341 | 316 |
| 342 base::HistogramTester histograms; | 317 base::HistogramTester histograms; |
| 343 signal_sensitive_input(); | 318 signal_password(); |
| 344 histograms.ExpectUniqueSample(histogram_name(), false, 1); | 319 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); |
| 345 | 320 |
| 346 // Fire again and ensure no sample is recorded. | 321 // Fire again and ensure no sample is recorded. |
| 347 signal_sensitive_input(); | 322 signal_password(); |
| 348 histograms.ExpectUniqueSample(histogram_name(), false, 1); | 323 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); |
| 349 | 324 |
| 350 // Navigate to a new page and ensure a sample is recorded. | 325 // Navigate to a new page and ensure a sample is recorded. |
| 351 navigate_to_different_http_page(); | 326 navigate_to_different_http_page(); |
| 352 histograms.ExpectUniqueSample(histogram_name(), false, 1); | 327 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 1); |
| 353 signal_sensitive_input(); | 328 signal_password(); |
| 354 histograms.ExpectUniqueSample(histogram_name(), false, 2); | 329 histograms.ExpectUniqueSample(kHTTPBadHistogram, false, 2); |
| 355 } | 330 } |
| 356 | 331 |
| 357 INSTANTIATE_TEST_CASE_P(ChromeSecurityStateModelClientHistogramTest, | |
| 358 ChromeSecurityStateModelClientHistogramTest, | |
| 359 // Here 'true' to test password field triggered | |
| 360 // histogram and 'false' to test credit card field. | |
| 361 testing::Bool()); | |
| 362 | |
| 363 } // namespace | 332 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2494033002:
Revert "HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings" (Closed)
