Knock out injected safe-browsing prefixes.

chrome/browser/safe_browsing/safe_browsing_database_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Unit tests for the SafeBrowsing storage system.
 
 #include "base/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
@@ skipping 23 matching lines @@
   EXPECT_TRUE(net::ParseIPLiteralToNumber(ip_prefix, &ip_number));
   EXPECT_EQ(net::kIPv6AddressSize, ip_number.size());
   const std::string hashed_ip_prefix = base::SHA1HashString(
       net::IPAddressToPackedString(ip_number));
   std::string hash(crypto::kSHA256Length, '\0');
   hash.replace(0, hashed_ip_prefix.size(), hashed_ip_prefix);
   hash[base::kSHA1Length] = static_cast<char>(prefix_size);
   return hash;
 }
 
+// Add a host-level entry.
+void InsertAddChunkHostPrefix(SBChunk* chunk,
+                              int chunk_number,
+                              const std::string& host_name) {
+  chunk->chunk_number = chunk_number;
+  chunk->is_add = true;
+  SBChunkHost host;
+  host.host = SBPrefixForString(host_name);
+  host.entry = SBEntry::Create(SBEntry::ADD_PREFIX, 0);
+  host.entry->set_chunk_id(chunk->chunk_number);
+  chunk->hosts.push_back(host);
+}
+
 // Same as InsertAddChunkHostPrefixUrl, but with pre-computed
 // prefix values.
 void InsertAddChunkHostPrefixValue(SBChunk* chunk,
                                    int chunk_number,
                                    const SBPrefix& host_prefix,
                                    const SBPrefix& url_prefix) {
   chunk->chunk_number = chunk_number;
   chunk->is_add = true;
   SBChunkHost host;
   host.host = host_prefix;
@@ skipping 1799 matching lines @@
   EXPECT_FALSE(database_->ContainsMalwareIP("192.1.124.0"));
 
   EXPECT_FALSE(database_->ContainsMalwareIP("192.1.127.255"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.0"));
   EXPECT_TRUE(database_->ContainsMalwareIP("::ffff:192.1.128.1"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.255"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.0"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.255"));
   EXPECT_FALSE(database_->ContainsMalwareIP("192.2.0.0"));
 }
+
+TEST_F(SafeBrowsingDatabaseTest, ContainsBrowseURL) {
+  std::vector<SBListChunkRanges> lists;
+  EXPECT_TRUE(database_->UpdateStarted(&lists));
+
+  // Add a host-level hit.
+  {
+    SBChunkList chunks;
+    SBChunk chunk;
+    InsertAddChunkHostPrefix(&chunk, 1, "www.evil.com/");
+    chunks.push_back(chunk);
+    database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  }
+
+  // Add a specific fullhash.
+  static const char kWhateverMalware[] = "www.whatever.com/malware.html";
+  {
+    SBChunkList chunks;
+    SBChunk chunk;
+    InsertAddChunkHostFullHashes(&chunk, 2, "www.whatever.com/",
+                                 kWhateverMalware);
+    chunks.push_back(chunk);
+    database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  }
+
+  // Add a fullhash which has a prefix collision for a known url.
+  static const char kExampleFine[] = "www.example.com/fine.html";
+  static const char kExampleCollision[] =
+      "www.example.com/3123364814/malware.htm";
+  ASSERT_EQ(SBPrefixForString(kExampleFine),
+            SBPrefixForString(kExampleCollision));
+  {
+    SBChunkList chunks;
+    SBChunk chunk;
+    InsertAddChunkHostFullHashes(&chunk, 3, "www.example.com/",
+                                 kExampleCollision);
+    chunks.push_back(chunk);
+    database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  }
+
+  database_->UpdateFinished(true);
+
+  const Time now = Time::Now();
+  std::vector<SBFullHashResult> cached_hashes;
+  std::vector<SBPrefix> prefix_hits;
+
+  // Anything will hit the host prefix.
+  EXPECT_TRUE(database_->ContainsBrowseUrl(
+      GURL("http://www.evil.com/malware.html"),
+      &prefix_hits, &cached_hashes, now));
+  ASSERT_EQ(1U, prefix_hits.size());
+  EXPECT_EQ(SBPrefixForString("www.evil.com/"), prefix_hits[0]);
+  EXPECT_TRUE(cached_hashes.empty());
+
+  // Hit the specific URL prefix.
+  EXPECT_TRUE(database_->ContainsBrowseUrl(
+      GURL(std::string("http://") + kWhateverMalware),
+      &prefix_hits, &cached_hashes, now));
+  ASSERT_EQ(1U, prefix_hits.size());
+  EXPECT_EQ(SBPrefixForString(kWhateverMalware), prefix_hits[0]);
+  EXPECT_TRUE(cached_hashes.empty());
+
+  // Other URLs at that host are fine.
+  EXPECT_FALSE(database_->ContainsBrowseUrl(
+      GURL("http://www.whatever.com/fine.html"),
+      &prefix_hits, &cached_hashes, now));
+  EXPECT_TRUE(prefix_hits.empty());
+  EXPECT_TRUE(cached_hashes.empty());
+
+  // Hit the specific URL full hash.
+  EXPECT_TRUE(database_->ContainsBrowseUrl(
+      GURL(std::string("http://") + kExampleCollision),
+      &prefix_hits, &cached_hashes, now));
+  ASSERT_EQ(1U, prefix_hits.size());
+  EXPECT_EQ(SBPrefixForString(kExampleCollision), prefix_hits[0]);
+  EXPECT_TRUE(cached_hashes.empty());
+
+  // This prefix collides, but no full hash match.
+  EXPECT_FALSE(database_->ContainsBrowseUrl(
+      GURL(std::string("http://") + kExampleFine),
+      &prefix_hits, &cached_hashes, now));
+}