| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_tab_helper.h" | 5 #include "chrome/browser/ssl/security_state_tab_helper.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 873 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 884 | 884 |
| 885 // Navigate to a page that doesn't finish loading. Test that the | 885 // Navigate to a page that doesn't finish loading. Test that the |
| 886 // security state is neutral while the page is loading. | 886 // security state is neutral while the page is loading. |
| 887 browser()->OpenURL(content::OpenURLParams( | 887 browser()->OpenURL(content::OpenURLParams( |
| 888 embedded_test_server()->GetURL("/title1.html"), content::Referrer(), | 888 embedded_test_server()->GetURL("/title1.html"), content::Referrer(), |
| 889 WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false)); | 889 WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false)); |
| 890 CheckSecurityInfoForNonSecure( | 890 CheckSecurityInfoForNonSecure( |
| 891 browser()->tab_strip_model()->GetActiveWebContents()); | 891 browser()->tab_strip_model()->GetActiveWebContents()); |
| 892 } | 892 } |
| 893 | 893 |
| 894 // Inject a script into the page. Used by tests that check for visible |
| 895 // password fields to wait for notifications about these |
| 896 // fields. Notifications about visible password fields are queued at the |
| 897 // end of the event loop, so waiting for a dummy script to run ensures |
| 898 // that these notifcations have been sent. |
| 899 void InjectScript(content::WebContents* contents) { |
| 900 bool js_result = false; |
| 901 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 902 contents, "window.domAutomationController.send(true);", &js_result)); |
| 903 EXPECT_TRUE(js_result); |
| 904 } |
| 905 |
| 894 // Tests that when a visible password field is detected on an HTTP page | 906 // Tests that when a visible password field is detected on an HTTP page |
| 895 // load, and when the command-line flag is set, the security level is | 907 // load, and when the command-line flag is set, the security level is |
| 896 // downgraded to HTTP_SHOW_WARNING. | 908 // downgraded to HTTP_SHOW_WARNING. |
| 897 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 909 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 898 PasswordSecurityLevelDowngraded) { | 910 PasswordSecurityLevelDowngraded) { |
| 899 content::WebContents* contents = | 911 content::WebContents* contents = |
| 900 browser()->tab_strip_model()->GetActiveWebContents(); | 912 browser()->tab_strip_model()->GetActiveWebContents(); |
| 901 ASSERT_TRUE(contents); | 913 ASSERT_TRUE(contents); |
| 902 | 914 |
| 903 SecurityStateTabHelper* helper = | 915 SecurityStateTabHelper* helper = |
| 904 SecurityStateTabHelper::FromWebContents(contents); | 916 SecurityStateTabHelper::FromWebContents(contents); |
| 905 ASSERT_TRUE(helper); | 917 ASSERT_TRUE(helper); |
| 906 | 918 |
| 907 ui_test_utils::NavigateToURL( | 919 ui_test_utils::NavigateToURL( |
| 908 browser(), GetURLWithNonLocalHostname(embedded_test_server(), | 920 browser(), GetURLWithNonLocalHostname(embedded_test_server(), |
| 909 "/password/simple_password.html")); | 921 "/password/simple_password.html")); |
| 922 InjectScript(contents); |
| 910 security_state::SecurityInfo security_info; | 923 security_state::SecurityInfo security_info; |
| 911 helper->GetSecurityInfo(&security_info); | 924 helper->GetSecurityInfo(&security_info); |
| 912 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 925 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 913 | 926 |
| 914 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 927 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 915 ASSERT_TRUE(entry); | 928 ASSERT_TRUE(entry); |
| 916 EXPECT_TRUE(entry->GetSSL().content_status & | 929 EXPECT_TRUE(entry->GetSSL().content_status & |
| 917 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 930 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 918 } | 931 } |
| 919 | 932 |
| 920 // Tests that when an invisible password field is present on an HTTP page | 933 // Tests that when an invisible password field is present on an HTTP page |
| 921 // load, and when the command-line flag is set, the security level is | 934 // load, and when the command-line flag is set, the security level is |
| 922 // *not* downgraded to HTTP_SHOW_WARNING. | 935 // *not* downgraded to HTTP_SHOW_WARNING. |
| 923 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 936 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 924 PasswordSecurityLevelNotDowngradedForInvisibleInput) { | 937 PasswordSecurityLevelNotDowngradedForInvisibleInput) { |
| 925 content::WebContents* contents = | 938 content::WebContents* contents = |
| 926 browser()->tab_strip_model()->GetActiveWebContents(); | 939 browser()->tab_strip_model()->GetActiveWebContents(); |
| 927 ASSERT_TRUE(contents); | 940 ASSERT_TRUE(contents); |
| 928 | 941 |
| 929 SecurityStateTabHelper* helper = | 942 SecurityStateTabHelper* helper = |
| 930 SecurityStateTabHelper::FromWebContents(contents); | 943 SecurityStateTabHelper::FromWebContents(contents); |
| 931 ASSERT_TRUE(helper); | 944 ASSERT_TRUE(helper); |
| 932 | 945 |
| 933 ui_test_utils::NavigateToURL( | 946 ui_test_utils::NavigateToURL( |
| 934 browser(), | 947 browser(), |
| 935 GetURLWithNonLocalHostname(embedded_test_server(), | 948 GetURLWithNonLocalHostname(embedded_test_server(), |
| 936 "/password/invisible_password.html")); | 949 "/password/invisible_password.html")); |
| 950 InjectScript(contents); |
| 937 security_state::SecurityInfo security_info; | 951 security_state::SecurityInfo security_info; |
| 938 helper->GetSecurityInfo(&security_info); | 952 helper->GetSecurityInfo(&security_info); |
| 939 EXPECT_EQ(security_state::NONE, security_info.security_level); | 953 EXPECT_EQ(security_state::NONE, security_info.security_level); |
| 940 | 954 |
| 941 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 955 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 942 ASSERT_TRUE(entry); | 956 ASSERT_TRUE(entry); |
| 943 EXPECT_FALSE(entry->GetSSL().content_status & | 957 EXPECT_FALSE(entry->GetSSL().content_status & |
| 944 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 958 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 945 } | 959 } |
| 946 | 960 |
| 947 // Tests that when a visible password field is detected inside an iframe | 961 // Tests that when a visible password field is detected inside an iframe |
| 948 // on an HTTP page load, and when the command-line flag is set, the | 962 // on an HTTP page load, and when the command-line flag is set, the |
| 949 // security level is downgraded to HTTP_SHOW_WARNING. | 963 // security level is downgraded to HTTP_SHOW_WARNING. |
| 950 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 964 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 951 PasswordSecurityLevelDowngradedFromIframe) { | 965 PasswordSecurityLevelDowngradedFromIframe) { |
| 952 content::WebContents* contents = | 966 content::WebContents* contents = |
| 953 browser()->tab_strip_model()->GetActiveWebContents(); | 967 browser()->tab_strip_model()->GetActiveWebContents(); |
| 954 ASSERT_TRUE(contents); | 968 ASSERT_TRUE(contents); |
| 955 | 969 |
| 956 SecurityStateTabHelper* helper = | 970 SecurityStateTabHelper* helper = |
| 957 SecurityStateTabHelper::FromWebContents(contents); | 971 SecurityStateTabHelper::FromWebContents(contents); |
| 958 ASSERT_TRUE(helper); | 972 ASSERT_TRUE(helper); |
| 959 | 973 |
| 960 ui_test_utils::NavigateToURL( | 974 ui_test_utils::NavigateToURL( |
| 961 browser(), | 975 browser(), |
| 962 GetURLWithNonLocalHostname(embedded_test_server(), | 976 GetURLWithNonLocalHostname(embedded_test_server(), |
| 963 "/password/simple_password_in_iframe.html")); | 977 "/password/simple_password_in_iframe.html")); |
| 978 InjectScript(contents); |
| 964 security_state::SecurityInfo security_info; | 979 security_state::SecurityInfo security_info; |
| 965 helper->GetSecurityInfo(&security_info); | 980 helper->GetSecurityInfo(&security_info); |
| 966 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 981 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 967 | 982 |
| 968 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 983 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 969 ASSERT_TRUE(entry); | 984 ASSERT_TRUE(entry); |
| 970 EXPECT_TRUE(entry->GetSSL().content_status & | 985 EXPECT_TRUE(entry->GetSSL().content_status & |
| 971 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 986 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 972 } | 987 } |
| 973 | 988 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 995 | 1010 |
| 996 // Navigate to an HTTP URL, which loads an iframe using the host and port of | 1011 // Navigate to an HTTP URL, which loads an iframe using the host and port of |
| 997 // |https_server_|. | 1012 // |https_server_|. |
| 998 std::string replacement_path; | 1013 std::string replacement_path; |
| 999 GetFilePathWithHostAndPortReplacement( | 1014 GetFilePathWithHostAndPortReplacement( |
| 1000 "/password/simple_password_in_https_iframe.html", | 1015 "/password/simple_password_in_https_iframe.html", |
| 1001 https_server_.host_port_pair(), &replacement_path); | 1016 https_server_.host_port_pair(), &replacement_path); |
| 1002 ui_test_utils::NavigateToURL( | 1017 ui_test_utils::NavigateToURL( |
| 1003 browser(), | 1018 browser(), |
| 1004 GetURLWithNonLocalHostname(embedded_test_server(), replacement_path)); | 1019 GetURLWithNonLocalHostname(embedded_test_server(), replacement_path)); |
| 1020 InjectScript(contents); |
| 1005 security_state::SecurityInfo security_info; | 1021 security_state::SecurityInfo security_info; |
| 1006 helper->GetSecurityInfo(&security_info); | 1022 helper->GetSecurityInfo(&security_info); |
| 1007 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); | 1023 EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
| 1008 | 1024 |
| 1009 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1025 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1010 ASSERT_TRUE(entry); | 1026 ASSERT_TRUE(entry); |
| 1011 EXPECT_TRUE(entry->GetSSL().content_status & | 1027 EXPECT_TRUE(entry->GetSSL().content_status & |
| 1012 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 1028 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 1013 } | 1029 } |
| 1014 | 1030 |
| 1015 // Tests that when a visible password field is detected on an HTTP page | 1031 // Tests that when a visible password field is detected on an HTTP page |
| 1016 // load, and when the command-line flag is *not* set, the security level is | 1032 // load, and when the command-line flag is *not* set, the security level is |
| 1017 // *not* downgraded to HTTP_SHOW_WARNING. | 1033 // *not* downgraded to HTTP_SHOW_WARNING. |
| 1018 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, | 1034 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, |
| 1019 PasswordSecurityLevelNotDowngradedWithoutSwitch) { | 1035 PasswordSecurityLevelNotDowngradedWithoutSwitch) { |
| 1020 ASSERT_TRUE(embedded_test_server()->Start()); | 1036 ASSERT_TRUE(embedded_test_server()->Start()); |
| 1021 host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host()); | 1037 host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host()); |
| 1022 | 1038 |
| 1023 content::WebContents* contents = | 1039 content::WebContents* contents = |
| 1024 browser()->tab_strip_model()->GetActiveWebContents(); | 1040 browser()->tab_strip_model()->GetActiveWebContents(); |
| 1025 ASSERT_TRUE(contents); | 1041 ASSERT_TRUE(contents); |
| 1026 | 1042 |
| 1027 SecurityStateTabHelper* helper = | 1043 SecurityStateTabHelper* helper = |
| 1028 SecurityStateTabHelper::FromWebContents(contents); | 1044 SecurityStateTabHelper::FromWebContents(contents); |
| 1029 ASSERT_TRUE(helper); | 1045 ASSERT_TRUE(helper); |
| 1030 | 1046 |
| 1031 ui_test_utils::NavigateToURL( | 1047 ui_test_utils::NavigateToURL( |
| 1032 browser(), GetURLWithNonLocalHostname(embedded_test_server(), | 1048 browser(), GetURLWithNonLocalHostname(embedded_test_server(), |
| 1033 "/password/simple_password.html")); | 1049 "/password/simple_password.html")); |
| 1050 InjectScript(contents); |
| 1034 // The security level should not be HTTP_SHOW_WARNING, because the | 1051 // The security level should not be HTTP_SHOW_WARNING, because the |
| 1035 // command-line switch was not set. | 1052 // command-line switch was not set. |
| 1036 security_state::SecurityInfo security_info; | 1053 security_state::SecurityInfo security_info; |
| 1037 helper->GetSecurityInfo(&security_info); | 1054 helper->GetSecurityInfo(&security_info); |
| 1038 EXPECT_EQ(security_state::NONE, security_info.security_level); | 1055 EXPECT_EQ(security_state::NONE, security_info.security_level); |
| 1039 | 1056 |
| 1040 // The appropriate SSLStatus flags should be set, however. | 1057 // The appropriate SSLStatus flags should be set, however. |
| 1041 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1058 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1042 ASSERT_TRUE(entry); | 1059 ASSERT_TRUE(entry); |
| 1043 EXPECT_TRUE(entry->GetSSL().content_status & | 1060 EXPECT_TRUE(entry->GetSSL().content_status & |
| 1044 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 1061 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 1045 } | 1062 } |
| 1046 | 1063 |
| 1047 // Tests that when a visible password field is detected on an HTTPS page | 1064 // Tests that when a visible password field is detected on an HTTPS page |
| 1048 // load, and when the command-line flag is set, the security level is | 1065 // load, and when the command-line flag is set, the security level is |
| 1049 // *not* downgraded to HTTP_SHOW_WARNING. | 1066 // *not* downgraded to HTTP_SHOW_WARNING. |
| 1050 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, | 1067 IN_PROC_BROWSER_TEST_P(SecurityStateTabHelperTestWithPasswordCcSwitch, |
| 1051 PasswordSecurityLevelNotDowngradedOnHttps) { | 1068 PasswordSecurityLevelNotDowngradedOnHttps) { |
| 1052 content::WebContents* contents = | 1069 content::WebContents* contents = |
| 1053 browser()->tab_strip_model()->GetActiveWebContents(); | 1070 browser()->tab_strip_model()->GetActiveWebContents(); |
| 1054 ASSERT_TRUE(contents); | 1071 ASSERT_TRUE(contents); |
| 1055 | 1072 |
| 1056 SecurityStateTabHelper* helper = | 1073 SecurityStateTabHelper* helper = |
| 1057 SecurityStateTabHelper::FromWebContents(contents); | 1074 SecurityStateTabHelper::FromWebContents(contents); |
| 1058 ASSERT_TRUE(helper); | 1075 ASSERT_TRUE(helper); |
| 1059 | 1076 |
| 1060 GURL url = GetURLWithNonLocalHostname(&https_server_, | 1077 GURL url = GetURLWithNonLocalHostname(&https_server_, |
| 1061 "/password/simple_password.html"); | 1078 "/password/simple_password.html"); |
| 1062 ui_test_utils::NavigateToURL(browser(), url); | 1079 ui_test_utils::NavigateToURL(browser(), url); |
| 1080 InjectScript(contents); |
| 1063 // The security level should not be HTTP_SHOW_WARNING, because the page was | 1081 // The security level should not be HTTP_SHOW_WARNING, because the page was |
| 1064 // HTTPS instead of HTTP. | 1082 // HTTPS instead of HTTP. |
| 1065 security_state::SecurityInfo security_info; | 1083 security_state::SecurityInfo security_info; |
| 1066 helper->GetSecurityInfo(&security_info); | 1084 helper->GetSecurityInfo(&security_info); |
| 1067 EXPECT_EQ(security_state::SECURE, security_info.security_level); | 1085 EXPECT_EQ(security_state::SECURE, security_info.security_level); |
| 1068 | 1086 |
| 1069 // The SSLStatus flags should only be set if the top-level page load was HTTP, | 1087 // The SSLStatus flags should only be set if the top-level page load was HTTP, |
| 1070 // which it was not in this case. | 1088 // which it was not in this case. |
| 1071 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); | 1089 content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
| 1072 ASSERT_TRUE(entry); | 1090 ASSERT_TRUE(entry); |
| (...skipping 940 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2013 SecurityStateTabHelper* helper = | 2031 SecurityStateTabHelper* helper = |
| 2014 SecurityStateTabHelper::FromWebContents(web_contents); | 2032 SecurityStateTabHelper::FromWebContents(web_contents); |
| 2015 ASSERT_TRUE(helper); | 2033 ASSERT_TRUE(helper); |
| 2016 security_state::SecurityInfo security_info; | 2034 security_state::SecurityInfo security_info; |
| 2017 helper->GetSecurityInfo(&security_info); | 2035 helper->GetSecurityInfo(&security_info); |
| 2018 EXPECT_EQ(security_state::SECURE, security_info.security_level); | 2036 EXPECT_EQ(security_state::SECURE, security_info.security_level); |
| 2019 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); | 2037 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); |
| 2020 } | 2038 } |
| 2021 | 2039 |
| 2022 } // namespace | 2040 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2538473002:
Reland of Post tasks for sensitive input visibility notifications (Closed)
