Chromium Code Reviews Chromium Code Reviews
Issue 2495783003:
Implement support for checking bad IPs aka MatchMalwareIP (Closed)
| Index: components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| diff --git a/components/safe_browsing_db/v4_local_database_manager_unittest.cc b/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| index 5d0f850c6714182d2ce65272b9116f37e984d8ee..e19bbdecc4f2d4c005c2753acaf119bfa37cb1cb 100644 |
| --- a/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| +++ b/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| @@ -37,7 +37,12 @@ class FakeV4Database : public V4Database { |
| const FullHash& full_hash, |
| const StoresToCheck& stores_to_check, |
| StoreAndHashPrefixes* store_and_hash_prefixes) override { |
| - *store_and_hash_prefixes = store_and_hash_prefixes_; |
| + for (const StoreAndHashPrefix& stored_sahp : store_and_hash_prefixes_) { |
| + const PrefixSize& prefix_size = stored_sahp.hash_prefix.size(); |
| + if (stored_sahp.hash_prefix == full_hash.substr(0, prefix_size)) { |
|
Scott Hess - ex-Googler
2016/11/12 23:11:34
Could you phrase this in terms of std::string::com
vakh (use Gerrit instead)
2016/11/14 19:59:16
Done.
|
| + store_and_hash_prefixes->push_back(stored_sahp); |
|
Scott Hess - ex-Googler
2016/11/12 23:11:34
You should probably clear() things up front to rep
vakh (use Gerrit instead)
2016/11/14 19:59:16
Done.
|
| + } |
| + } |
| } |
| private: |
| @@ -189,6 +194,12 @@ class V4LocalDatabaseManagerTest : public PlatformTest { |
| base::RunLoop().RunUntilIdle(); |
| } |
| + bool IPAddressToEncodedIPV6(const std::string& ip_address, |
| + std::string* encoded_ip) { |
| + return V4LocalDatabaseManager::IPAddressToEncodedIPV6(ip_address, |
| + encoded_ip); |
| + } |
| + |
| base::ScopedTempDir base_dir_; |
| scoped_refptr<base::TestSimpleTaskRunner> task_runner_; |
| content::TestBrowserThreadBundle thread_bundle_; |
| @@ -231,7 +242,8 @@ TEST_F(V4LocalDatabaseManagerTest, TestCheckBrowseUrlWithFakeDbReturnsMatch) { |
| net::TestURLFetcherFactory factory; |
| StoreAndHashPrefixes store_and_hash_prefixes; |
| - store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); |
| + store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| + HashPrefix("eW\x1A\xF\xA9")); |
| ReplaceV4Database(store_and_hash_prefixes); |
| // The fake database returns a matched hash prefix. |
| @@ -318,7 +330,8 @@ TEST_F(V4LocalDatabaseManagerTest, PerformFullHashCheckCalledAsync) { |
| net::TestURLFetcherFactory factory; |
| StoreAndHashPrefixes store_and_hash_prefixes; |
| - store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); |
| + store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| + HashPrefix("eW\x1A\xF\xA9")); |
| ReplaceV4Database(store_and_hash_prefixes); |
| // The fake database returns a matched hash prefix. |
| @@ -347,7 +360,8 @@ TEST_F(V4LocalDatabaseManagerTest, UsingWeakPtrDropsCallback) { |
| net::TestURLFetcherFactory factory; |
| StoreAndHashPrefixes store_and_hash_prefixes; |
| - store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); |
| + store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| + HashPrefix("eW\x1A\xF\xA9")); |
| ReplaceV4Database(store_and_hash_prefixes); |
| // The fake database returns a matched hash prefix. |
| @@ -365,4 +379,67 @@ TEST_F(V4LocalDatabaseManagerTest, UsingWeakPtrDropsCallback) { |
| WaitForTasksOnTaskRunner(); |
| } |
| +TEST_F(V4LocalDatabaseManagerTest, TestIPAddressToEncodedIPV6) { |
| + // To verify the test values, here's the python code: |
| + // >> import socket, hashlib, binascii |
| + // >> hashlib.sha1(socket.inet_pton(socket.AF_INET6, input)).digest() + |
| + // chr(128) |
| + // For example: |
| + // >>> hashlib.sha1(socket.inet_pton(socket.AF_INET6, |
| + // '::ffff:192.168.1.1')).digest() + chr(128) |
| + // 'X\xf8\xa1\x17I\xe6Pl\xfd\xdb\xbb\xa0\x0c\x02\x9d#\n|\xe7\xcd\x80' |
| + std::vector<std::tuple<bool, std::string, std::string>> test_cases = { |
| + std::make_tuple(false, "", ""), |
| + std::make_tuple( |
| + true, "192.168.1.1", |
| + "X\xF8\xA1\x17I\xE6Pl\xFD\xDB\xBB\xA0\f\x2\x9D#\n|\xE7\xCD\x80"), |
| + std::make_tuple( |
| + true, "::", |
| + "\xE1)\xF2|Q\x3\xBC\\\xC4K\xCD\xF0\xA1^\x16\rDPf\xFF\x80")}; |
| + for (size_t i = 0; i < test_cases.size(); i++) { |
| + DVLOG(1) << "Running case: " << i; |
| + bool success = std::get<0>(test_cases[i]); |
| + const auto& input = std::get<1>(test_cases[i]); |
| + const auto& expected_output = std::get<2>(test_cases[i]); |
| + std::string encoded_ip; |
| + ASSERT_EQ(success, IPAddressToEncodedIPV6(input, &encoded_ip)); |
| + if (success) { |
| + ASSERT_EQ(expected_output, encoded_ip); |
| + } |
| + } |
| +} |
| + |
| +TEST_F(V4LocalDatabaseManagerTest, TestMatchMalwareIP) { |
| + StopLocalDatabaseManager(); |
| + v4_local_database_manager_ = |
| + make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); |
| + SetTaskRunnerForTest(); |
| + StartLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + // >>> hashlib.sha1(socket.inet_pton(socket.AF_INET6, |
| + // '::ffff:192.168.1.2')).digest() + chr(128) |
| + // '\xb3\xe0z\xafAv#h\x9a\xcf<\xf3ee\x94\xda\xf6y\xb1\xad\x80' |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + store_and_hash_prefixes.emplace_back(GetAnyIpMalwareId(), |
| + FullHash("\xB3\xE0z\xAF" |
| + "Av#h\x9A\xCF<\xF3" |
| + "ee\x94\xDA\xF6y\xB1\xAD\x80")); |
| + ReplaceV4Database(store_and_hash_prefixes); |
| + |
| + EXPECT_FALSE(v4_local_database_manager_->MatchMalwareIP("")); |
| + EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( |
| + v4_local_database_manager_)); |
| + |
| + // The fake database returns no match. |
| + EXPECT_FALSE(v4_local_database_manager_->MatchMalwareIP("192.168.1.1")); |
| + EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( |
| + v4_local_database_manager_)); |
| + |
| + // The fake database returns a matched hash prefix. |
| + EXPECT_TRUE(v4_local_database_manager_->MatchMalwareIP("192.168.1.2")); |
| + EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( |
| + v4_local_database_manager_)); |
| +} |
| + |
| } // namespace safe_browsing |
