| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_tab_helper.h" | 5 #include "chrome/browser/ssl/security_state_tab_helper.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 881 | 881 |
| 882 // Navigate to a page that doesn't finish loading. Test that the | 882 // Navigate to a page that doesn't finish loading. Test that the |
| 883 // security state is neutral while the page is loading. | 883 // security state is neutral while the page is loading. |
| 884 browser()->OpenURL(content::OpenURLParams( | 884 browser()->OpenURL(content::OpenURLParams( |
| 885 embedded_test_server()->GetURL("/title1.html"), content::Referrer(), | 885 embedded_test_server()->GetURL("/title1.html"), content::Referrer(), |
| 886 WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false)); | 886 WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false)); |
| 887 CheckSecurityInfoForNonSecure( | 887 CheckSecurityInfoForNonSecure( |
| 888 browser()->tab_strip_model()->GetActiveWebContents()); | 888 browser()->tab_strip_model()->GetActiveWebContents()); |
| 889 } | 889 } |
| 890 | 890 |
| 891 // Inject a script into the page. Used by tests that check for visible |
| 892 // password fields to wait for notifications about these |
| 893 // fields. Notifications about visible password fields are queued at the |
| 894 // end of the event loop, so waiting for a dummy script to run ensures |
| 895 // that these notifcations have been sent. |
| 896 void InjectScript(content::WebContents* contents) { |
| 897 bool js_result = false; |
| 898 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 899 contents, "window.domAutomationController.send(true);", &js_result)); |
| 900 EXPECT_TRUE(js_result); |
| 901 } |
| 902 |
| 891 // Tests that when a visible password field is detected on an HTTP page | 903 // Tests that when a visible password field is detected on an HTTP page |
| 892 // load, and when the command-line flag is set, the security level is | 904 // load, and when the command-line flag is set, the security level is |
| 893 // downgraded to HTTP_SHOW_WARNING. | 905 // downgraded to HTTP_SHOW_WARNING. |
| 894 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 906 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 895 PasswordSecurityLevelDowngraded) { | 907 PasswordSecurityLevelDowngraded) { |
| 896 content::WebContents* contents = | 908 content::WebContents* contents = |
| 897 browser()->tab_strip_model()->GetActiveWebContents(); | 909 browser()->tab_strip_model()->GetActiveWebContents(); |
| 898 ASSERT_TRUE(contents); | 910 ASSERT_TRUE(contents); |
| 899 | 911 |
| 900 SecurityStateTabHelper* helper = | 912 SecurityStateTabHelper* helper = |
| 901 SecurityStateTabHelper::FromWebContents(contents); | 913 SecurityStateTabHelper::FromWebContents(contents); |
| 902 ASSERT_TRUE(helper); | 914 ASSERT_TRUE(helper); |
| 903 | 915 |
| 904 ui_test_utils::NavigateToURL( | 916 ui_test_utils::NavigateToURL( |
| 905 browser(), GetURLWithNonLocalHostname(embedded_test_server(), | 917 browser(), GetURLWithNonLocalHostname(embedded_test_server(), |
| 906 "/password/simple_password.html")); | 918 "/password/simple_password.html")); |
| 919 InjectScript(contents); |
| 907 security_state::SecurityInfo security_info; | 920 security_state::SecurityInfo security_info; |
| 908 helper->GetSecurityInfo(&security_info); | 921 helper->GetSecurityInfo(&security_info); |
| 909 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 922 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 910 | 923 |
| 911 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 924 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 912 ASSERT_TRUE(entry); | 925 ASSERT_TRUE(entry); |
| 913 EXPECT_TRUE(entry->GetSSL().content_status & | 926 EXPECT_TRUE(entry->GetSSL().content_status & |
| 914 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 927 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 915 } | 928 } |
| 916 | 929 |
| 917 // Tests that when an invisible password field is present on an HTTP page | 930 // Tests that when an invisible password field is present on an HTTP page |
| 918 // load, and when the command-line flag is set, the security level is | 931 // load, and when the command-line flag is set, the security level is |
| 919 // *not* downgraded to HTTP_SHOW_WARNING. | 932 // *not* downgraded to HTTP_SHOW_WARNING. |
| 920 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 933 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 921 PasswordSecurityLevelNotDowngradedForInvisibleInput) { | 934 PasswordSecurityLevelNotDowngradedForInvisibleInput) { |
| 922 content::WebContents* contents = | 935 content::WebContents* contents = |
| 923 browser()->tab_strip_model()->GetActiveWebContents(); | 936 browser()->tab_strip_model()->GetActiveWebContents(); |
| 924 ASSERT_TRUE(contents); | 937 ASSERT_TRUE(contents); |
| 925 | 938 |
| 926 SecurityStateTabHelper* helper = | 939 SecurityStateTabHelper* helper = |
| 927 SecurityStateTabHelper::FromWebContents(contents); | 940 SecurityStateTabHelper::FromWebContents(contents); |
| 928 ASSERT_TRUE(helper); | 941 ASSERT_TRUE(helper); |
| 929 | 942 |
| 930 ui_test_utils::NavigateToURL( | 943 ui_test_utils::NavigateToURL( |
| 931 browser(), | 944 browser(), |
| 932 GetURLWithNonLocalHostname(embedded_test_server(), | 945 GetURLWithNonLocalHostname(embedded_test_server(), |
| 933 "/password/invisible_password.html")); | 946 "/password/invisible_password.html")); |
| 947 InjectScript(contents); |
| 934 security_state::SecurityInfo security_info; | 948 security_state::SecurityInfo security_info; |
| 935 helper->GetSecurityInfo(&security_info); | 949 helper->GetSecurityInfo(&security_info); |
| 936 EXPECT_EQ(security_state::NONE, security_info.security_level); | 950 EXPECT_EQ(security_state::NONE, security_info.security_level); |
| 937 | 951 |
| 938 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 952 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 939 ASSERT_TRUE(entry); | 953 ASSERT_TRUE(entry); |
| 940 EXPECT_FALSE(entry->GetSSL().content_status & | 954 EXPECT_FALSE(entry->GetSSL().content_status & |
| 941 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 955 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 942 } | 956 } |
| 943 | 957 |
| 944 // Tests that when a visible password field is detected inside an iframe | 958 // Tests that when a visible password field is detected inside an iframe |
| 945 // on an HTTP page load, and when the command-line flag is set, the | 959 // on an HTTP page load, and when the command-line flag is set, the |
| 946 // security level is downgraded to HTTP_SHOW_WARNING. | 960 // security level is downgraded to HTTP_SHOW_WARNING. |
| 947 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 961 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 948 PasswordSecurityLevelDowngradedFromIframe) { | 962 PasswordSecurityLevelDowngradedFromIframe) { |
| 949 content::WebContents* contents = | 963 content::WebContents* contents = |
| 950 browser()->tab_strip_model()->GetActiveWebContents(); | 964 browser()->tab_strip_model()->GetActiveWebContents(); |
| 951 ASSERT_TRUE(contents); | 965 ASSERT_TRUE(contents); |
| 952 | 966 |
| 953 SecurityStateTabHelper* helper = | 967 SecurityStateTabHelper* helper = |
| 954 SecurityStateTabHelper::FromWebContents(contents); | 968 SecurityStateTabHelper::FromWebContents(contents); |
| 955 ASSERT_TRUE(helper); | 969 ASSERT_TRUE(helper); |
| 956 | 970 |
| 957 ui_test_utils::NavigateToURL( | 971 ui_test_utils::NavigateToURL( |
| 958 browser(), | 972 browser(), |
| 959 GetURLWithNonLocalHostname(embedded_test_server(), | 973 GetURLWithNonLocalHostname(embedded_test_server(), |
| 960 "/password/simple_password_in_iframe.html")); | 974 "/password/simple_password_in_iframe.html")); |
| 975 InjectScript(contents); |
| 961 security_state::SecurityInfo security_info; | 976 security_state::SecurityInfo security_info; |
| 962 helper->GetSecurityInfo(&security_info); | 977 helper->GetSecurityInfo(&security_info); |
| 963 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 978 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 964 | 979 |
| 965 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 980 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 966 ASSERT_TRUE(entry); | 981 ASSERT_TRUE(entry); |
| 967 EXPECT_TRUE(entry->GetSSL().content_status & | 982 EXPECT_TRUE(entry->GetSSL().content_status & |
| 968 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 983 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 969 } | 984 } |
| 970 | 985 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 992 | 1007 |
| 993 // Navigate to an HTTP URL, which loads an iframe using the host and port of | 1008 // Navigate to an HTTP URL, which loads an iframe using the host and port of |
| 994 // |https_server_|. | 1009 // |https_server_|. |
| 995 std::string replacement_path; | 1010 std::string replacement_path; |
| 996 GetFilePathWithHostAndPortReplacement( | 1011 GetFilePathWithHostAndPortReplacement( |
| 997 "/password/simple_password_in_https_iframe.html", | 1012 "/password/simple_password_in_https_iframe.html", |
| 998 https_server_.host_port_pair(), &replacement_path); | 1013 https_server_.host_port_pair(), &replacement_path); |
| 999 ui_test_utils::NavigateToURL( | 1014 ui_test_utils::NavigateToURL( |
| 1000 browser(), | 1015 browser(), |
| 1001 GetURLWithNonLocalHostname(embedded_test_server(), replacement_path)); | 1016 GetURLWithNonLocalHostname(embedded_test_server(), replacement_path)); |
| 1017 InjectScript(contents); |
| 1002 security_state::SecurityInfo security_info; | 1018 security_state::SecurityInfo security_info; |
| 1003 helper->GetSecurityInfo(&security_info); | 1019 helper->GetSecurityInfo(&security_info); |
| 1004 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 1020 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 1005 | 1021 |
| 1006 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1022 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1007 ASSERT_TRUE(entry); | 1023 ASSERT_TRUE(entry); |
| 1008 EXPECT_TRUE(entry->GetSSL().content_status & | 1024 EXPECT_TRUE(entry->GetSSL().content_status & |
| 1009 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 1025 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 1010 } | 1026 } |
| 1011 | 1027 |
| 1012 // Tests that when a visible password field is detected on an HTTP page | 1028 // Tests that when a visible password field is detected on an HTTP page |
| 1013 // load, and when the command-line flag is *not* set, the security level is | 1029 // load, and when the command-line flag is *not* set, the security level is |
| 1014 // *not* downgraded to HTTP_SHOW_WARNING. | 1030 // *not* downgraded to HTTP_SHOW_WARNING. |
| 1015 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, | 1031 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, |
| 1016 PasswordSecurityLevelNotDowngradedWithoutSwitch) { | 1032 PasswordSecurityLevelNotDowngradedWithoutSwitch) { |
| 1017 ASSERT_TRUE(embedded_test_server()->Start()); | 1033 ASSERT_TRUE(embedded_test_server()->Start()); |
| 1018 host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host()); | 1034 host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host()); |
| 1019 | 1035 |
| 1020 content::WebContents* contents = | 1036 content::WebContents* contents = |
| 1021 browser()->tab_strip_model()->GetActiveWebContents(); | 1037 browser()->tab_strip_model()->GetActiveWebContents(); |
| 1022 ASSERT_TRUE(contents); | 1038 ASSERT_TRUE(contents); |
| 1023 | 1039 |
| 1024 SecurityStateTabHelper* helper = | 1040 SecurityStateTabHelper* helper = |
| 1025 SecurityStateTabHelper::FromWebContents(contents); | 1041 SecurityStateTabHelper::FromWebContents(contents); |
| 1026 ASSERT_TRUE(helper); | 1042 ASSERT_TRUE(helper); |
| 1027 | 1043 |
| 1028 ui_test_utils::NavigateToURL( | 1044 ui_test_utils::NavigateToURL( |
| 1029 browser(), GetURLWithNonLocalHostname(embedded_test_server(), | 1045 browser(), GetURLWithNonLocalHostname(embedded_test_server(), |
| 1030 "/password/simple_password.html")); | 1046 "/password/simple_password.html")); |
| 1047 InjectScript(contents); |
| 1031 // The security level should not be HTTP_SHOW_WARNING, because the | 1048 // The security level should not be HTTP_SHOW_WARNING, because the |
| 1032 // command-line switch was not set. | 1049 // command-line switch was not set. |
| 1033 security_state::SecurityInfo security_info; | 1050 security_state::SecurityInfo security_info; |
| 1034 helper->GetSecurityInfo(&security_info); | 1051 helper->GetSecurityInfo(&security_info); |
| 1035 EXPECT_EQ(security_state::NONE, security_info.security_level); | 1052 EXPECT_EQ(security_state::NONE, security_info.security_level); |
| 1036 | 1053 |
| 1037 // The appropriate SSLStatus flags should be set, however. | 1054 // The appropriate SSLStatus flags should be set, however. |
| 1038 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1055 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1039 ASSERT_TRUE(entry); | 1056 ASSERT_TRUE(entry); |
| 1040 EXPECT_TRUE(entry->GetSSL().content_status & | 1057 EXPECT_TRUE(entry->GetSSL().content_status & |
| 1041 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 1058 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 1042 } | 1059 } |
| 1043 | 1060 |
| 1044 // Tests that when a visible password field is detected on an HTTPS page | 1061 // Tests that when a visible password field is detected on an HTTPS page |
| 1045 // load, and when the command-line flag is set, the security level is | 1062 // load, and when the command-line flag is set, the security level is |
| 1046 // *not* downgraded to HTTP_SHOW_WARNING. | 1063 // *not* downgraded to HTTP_SHOW_WARNING. |
| 1047 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 1064 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 1048 PasswordSecurityLevelNotDowngradedOnHttps) { | 1065 PasswordSecurityLevelNotDowngradedOnHttps) { |
| 1049 content::WebContents* contents = | 1066 content::WebContents* contents = |
| 1050 browser()->tab_strip_model()->GetActiveWebContents(); | 1067 browser()->tab_strip_model()->GetActiveWebContents(); |
| 1051 ASSERT_TRUE(contents); | 1068 ASSERT_TRUE(contents); |
| 1052 | 1069 |
| 1053 SecurityStateTabHelper* helper = | 1070 SecurityStateTabHelper* helper = |
| 1054 SecurityStateTabHelper::FromWebContents(contents); | 1071 SecurityStateTabHelper::FromWebContents(contents); |
| 1055 ASSERT_TRUE(helper); | 1072 ASSERT_TRUE(helper); |
| 1056 | 1073 |
| 1057 GURL url = GetURLWithNonLocalHostname(&https_server_, | 1074 GURL url = GetURLWithNonLocalHostname(&https_server_, |
| 1058 "/password/simple_password.html"); | 1075 "/password/simple_password.html"); |
| 1059 ui_test_utils::NavigateToURL(browser(), url); | 1076 ui_test_utils::NavigateToURL(browser(), url); |
| 1077 InjectScript(contents); |
| 1060 // The security level should not be HTTP_SHOW_WARNING, because the page was | 1078 // The security level should not be HTTP_SHOW_WARNING, because the page was |
| 1061 // HTTPS instead of HTTP. | 1079 // HTTPS instead of HTTP. |
| 1062 security_state::SecurityInfo security_info; | 1080 security_state::SecurityInfo security_info; |
| 1063 helper->GetSecurityInfo(&security_info); | 1081 helper->GetSecurityInfo(&security_info); |
| 1064 EXPECT_EQ(security_state::SECURE, security_info.security_level); | 1082 EXPECT_EQ(security_state::SECURE, security_info.security_level); |
| 1065 | 1083 |
| 1066 // The SSLStatus flags should only be set if the top-level page load was HTTP, | 1084 // The SSLStatus flags should only be set if the top-level page load was HTTP, |
| 1067 // which it was not in this case. | 1085 // which it was not in this case. |
| 1068 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1086 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1069 ASSERT_TRUE(entry); | 1087 ASSERT_TRUE(entry); |
| (...skipping 940 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2010 SecurityStateTabHelper* helper = | 2028 SecurityStateTabHelper* helper = |
| 2011 SecurityStateTabHelper::FromWebContents(web_contents); | 2029 SecurityStateTabHelper::FromWebContents(web_contents); |
| 2012 ASSERT_TRUE(helper); | 2030 ASSERT_TRUE(helper); |
| 2013 security_state::SecurityInfo security_info; | 2031 security_state::SecurityInfo security_info; |
| 2014 helper->GetSecurityInfo(&security_info); | 2032 helper->GetSecurityInfo(&security_info); |
| 2015 EXPECT_EQ(security_state::SECURE, security_info.security_level); | 2033 EXPECT_EQ(security_state::SECURE, security_info.security_level); |
| 2016 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); | 2034 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); |
| 2017 } | 2035 } |
| 2018 | 2036 |
| 2019 } // namespace | 2037 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2536203004:
Reland of Post tasks for sensitive input visibility notifications (patchset #1 id:1 of https://code… (Closed)
