OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 const char kHttpUrl[] = "http://foo.test/"; | 27 const char kHttpUrl[] = "http://foo.test/"; |
28 | 28 |
29 bool IsOriginSecure(const GURL& url) { | 29 bool IsOriginSecure(const GURL& url) { |
30 return url == kHttpsUrl; | 30 return url == kHttpsUrl; |
31 } | 31 } |
32 | 32 |
33 class TestSecurityStateHelper { | 33 class TestSecurityStateHelper { |
34 public: | 34 public: |
35 TestSecurityStateHelper() | 35 TestSecurityStateHelper() |
36 : url_(kHttpsUrl), | 36 : url_(kHttpsUrl), |
| 37 cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 38 "sha1_2016.pem")), |
37 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 39 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
38 << net::SSL_CONNECTION_VERSION_SHIFT), | 40 << net::SSL_CONNECTION_VERSION_SHIFT), |
39 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), | 41 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
40 displayed_mixed_content_(false), | 42 displayed_mixed_content_(false), |
41 ran_mixed_content_(false), | 43 ran_mixed_content_(false), |
42 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), | 44 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), |
43 displayed_password_field_on_http_(false), | 45 displayed_password_field_on_http_(false), |
44 displayed_credit_card_field_on_http_(false) { | 46 displayed_credit_card_field_on_http_(false) {} |
45 cert_ = | |
46 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); | |
47 } | |
48 virtual ~TestSecurityStateHelper() {} | 47 virtual ~TestSecurityStateHelper() {} |
49 | 48 |
50 void set_connection_status(int connection_status) { | 49 void set_connection_status(int connection_status) { |
51 connection_status_ = connection_status; | 50 connection_status_ = connection_status; |
52 } | 51 } |
53 void SetCipherSuite(uint16_t ciphersuite) { | 52 void SetCipherSuite(uint16_t ciphersuite) { |
54 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); | 53 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
55 } | 54 } |
56 void AddCertStatus(net::CertStatus cert_status) { | 55 void AddCertStatus(net::CertStatus cert_status) { |
57 cert_status_ |= cert_status; | 56 cert_status_ |= cert_status; |
(...skipping 10 matching lines...) Expand all Loading... |
68 } | 67 } |
69 void set_displayed_password_field_on_http( | 68 void set_displayed_password_field_on_http( |
70 bool displayed_password_field_on_http) { | 69 bool displayed_password_field_on_http) { |
71 displayed_password_field_on_http_ = displayed_password_field_on_http; | 70 displayed_password_field_on_http_ = displayed_password_field_on_http; |
72 } | 71 } |
73 void set_displayed_credit_card_field_on_http( | 72 void set_displayed_credit_card_field_on_http( |
74 bool displayed_credit_card_field_on_http) { | 73 bool displayed_credit_card_field_on_http) { |
75 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; | 74 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; |
76 } | 75 } |
77 | 76 |
78 void UseHttpUrl() { url_ = GURL(kHttpUrl); } | 77 void SetUrl(const GURL& url) { url_ = url; } |
79 | 78 |
80 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() { | 79 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const { |
81 auto state = base::MakeUnique<VisibleSecurityState>(); | 80 auto state = base::MakeUnique<VisibleSecurityState>(); |
82 state->connection_info_initialized = true; | 81 state->connection_info_initialized = true; |
83 state->url = url_; | 82 state->url = url_; |
84 state->certificate = cert_; | 83 state->certificate = cert_; |
85 state->cert_status = cert_status_; | 84 state->cert_status = cert_status_; |
86 state->connection_status = connection_status_; | 85 state->connection_status = connection_status_; |
87 state->security_bits = 256; | 86 state->security_bits = 256; |
88 state->displayed_mixed_content = displayed_mixed_content_; | 87 state->displayed_mixed_content = displayed_mixed_content_; |
89 state->ran_mixed_content = ran_mixed_content_; | 88 state->ran_mixed_content = ran_mixed_content_; |
90 state->malicious_content_status = malicious_content_status_; | 89 state->malicious_content_status = malicious_content_status_; |
91 state->displayed_password_field_on_http = displayed_password_field_on_http_; | 90 state->displayed_password_field_on_http = displayed_password_field_on_http_; |
92 state->displayed_credit_card_field_on_http = | 91 state->displayed_credit_card_field_on_http = |
93 displayed_credit_card_field_on_http_; | 92 displayed_credit_card_field_on_http_; |
94 return state; | 93 return state; |
95 } | 94 } |
96 | 95 |
97 void GetSecurityInfo(SecurityInfo* security_info) { | 96 void GetSecurityInfo(SecurityInfo* security_info) const { |
98 security_state::GetSecurityInfo( | 97 security_state::GetSecurityInfo( |
99 GetVisibleSecurityState(), | 98 GetVisibleSecurityState(), |
100 false /* used policy installed certificate */, | 99 false /* used policy installed certificate */, |
101 base::Bind(&IsOriginSecure), security_info); | 100 base::Bind(&IsOriginSecure), security_info); |
102 } | 101 } |
103 | 102 |
104 private: | 103 private: |
105 GURL url_; | 104 GURL url_; |
106 scoped_refptr<net::X509Certificate> cert_; | 105 const scoped_refptr<net::X509Certificate> cert_; |
107 int connection_status_; | 106 int connection_status_; |
108 net::CertStatus cert_status_; | 107 net::CertStatus cert_status_; |
109 bool displayed_mixed_content_; | 108 bool displayed_mixed_content_; |
110 bool ran_mixed_content_; | 109 bool ran_mixed_content_; |
111 MaliciousContentStatus malicious_content_status_; | 110 MaliciousContentStatus malicious_content_status_; |
112 bool displayed_password_field_on_http_; | 111 bool displayed_password_field_on_http_; |
113 bool displayed_credit_card_field_on_http_; | 112 bool displayed_credit_card_field_on_http_; |
114 }; | 113 }; |
115 | 114 |
116 } // namespace | 115 } // namespace |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 TestSecurityStateHelper helper; | 238 TestSecurityStateHelper helper; |
240 helper.set_malicious_content_status( | 239 helper.set_malicious_content_status( |
241 MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING); | 240 MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING); |
242 SecurityInfo security_info; | 241 SecurityInfo security_info; |
243 helper.GetSecurityInfo(&security_info); | 242 helper.GetSecurityInfo(&security_info); |
244 EXPECT_EQ(MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, | 243 EXPECT_EQ(MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, |
245 security_info.malicious_content_status); | 244 security_info.malicious_content_status); |
246 EXPECT_EQ(DANGEROUS, security_info.security_level); | 245 EXPECT_EQ(DANGEROUS, security_info.security_level); |
247 } | 246 } |
248 | 247 |
| 248 // Tests that pseudo URLs always cause an HTTP_SHOW_WARNING to be shown, |
| 249 // regardless of whether a password or credit card field was displayed. |
| 250 TEST(SecurityStateTest, AlwaysWarnOnDataUrls) { |
| 251 TestSecurityStateHelper helper; |
| 252 helper.SetUrl(GURL("data:text/html,<html>test</html>")); |
| 253 helper.set_displayed_password_field_on_http(false); |
| 254 helper.set_displayed_credit_card_field_on_http(false); |
| 255 SecurityInfo security_info; |
| 256 helper.GetSecurityInfo(&security_info); |
| 257 EXPECT_FALSE(security_info.displayed_password_field_on_http); |
| 258 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); |
| 259 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
| 260 } |
| 261 |
249 // Tests that password fields cause the security level to be downgraded | 262 // Tests that password fields cause the security level to be downgraded |
250 // to HTTP_SHOW_WARNING when the command-line switch is set. | 263 // to HTTP_SHOW_WARNING when the command-line switch is set. |
251 TEST(SecurityStateTest, PasswordFieldWarning) { | 264 TEST(SecurityStateTest, PasswordFieldWarning) { |
252 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 265 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
253 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 266 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
254 TestSecurityStateHelper helper; | 267 TestSecurityStateHelper helper; |
255 helper.UseHttpUrl(); | 268 helper.SetUrl(GURL(kHttpUrl)); |
256 helper.set_displayed_password_field_on_http(true); | 269 helper.set_displayed_password_field_on_http(true); |
257 SecurityInfo security_info; | 270 SecurityInfo security_info; |
258 helper.GetSecurityInfo(&security_info); | 271 helper.GetSecurityInfo(&security_info); |
259 EXPECT_TRUE(security_info.displayed_password_field_on_http); | 272 EXPECT_TRUE(security_info.displayed_password_field_on_http); |
260 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); | 273 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
261 } | 274 } |
262 | 275 |
263 // Tests that credit card fields cause the security level to be downgraded | 276 // Tests that credit card fields cause the security level to be downgraded |
264 // to HTTP_SHOW_WARNING when the command-line switch is set. | 277 // to HTTP_SHOW_WARNING when the command-line switch is set. |
265 TEST(SecurityStateTest, CreditCardFieldWarning) { | 278 TEST(SecurityStateTest, CreditCardFieldWarning) { |
266 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 279 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
267 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 280 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
268 TestSecurityStateHelper helper; | 281 TestSecurityStateHelper helper; |
269 helper.UseHttpUrl(); | 282 helper.SetUrl(GURL(kHttpUrl)); |
270 helper.set_displayed_credit_card_field_on_http(true); | 283 helper.set_displayed_credit_card_field_on_http(true); |
271 SecurityInfo security_info; | 284 SecurityInfo security_info; |
272 helper.GetSecurityInfo(&security_info); | 285 helper.GetSecurityInfo(&security_info); |
273 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); | 286 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); |
274 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); | 287 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
275 } | 288 } |
276 | 289 |
277 // Tests that neither |displayed_password_field_on_http| nor | 290 // Tests that neither |displayed_password_field_on_http| nor |
278 // |displayed_credit_card_field_on_http| is set when the corresponding | 291 // |displayed_credit_card_field_on_http| is set when the corresponding |
279 // VisibleSecurityState flags are not set. | 292 // VisibleSecurityState flags are not set. |
280 TEST(SecurityStateTest, PrivateUserDataNotSet) { | 293 TEST(SecurityStateTest, PrivateUserDataNotSet) { |
281 TestSecurityStateHelper helper; | 294 TestSecurityStateHelper helper; |
282 helper.UseHttpUrl(); | 295 helper.SetUrl(GURL(kHttpUrl)); |
283 SecurityInfo security_info; | 296 SecurityInfo security_info; |
284 helper.GetSecurityInfo(&security_info); | 297 helper.GetSecurityInfo(&security_info); |
285 EXPECT_FALSE(security_info.displayed_password_field_on_http); | 298 EXPECT_FALSE(security_info.displayed_password_field_on_http); |
286 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); | 299 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); |
287 EXPECT_EQ(NONE, security_info.security_level); | 300 EXPECT_EQ(NONE, security_info.security_level); |
288 } | 301 } |
289 | 302 |
290 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is | 303 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is |
291 // computed for a page. | 304 // computed for a page. |
292 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { | 305 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { |
293 const char* kHistogramName = "SSL.MarkHttpAsStatus"; | 306 const char* kHistogramName = "SSL.MarkHttpAsStatus"; |
294 base::HistogramTester histograms; | 307 base::HistogramTester histograms; |
295 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 308 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
296 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 309 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
297 TestSecurityStateHelper helper; | 310 TestSecurityStateHelper helper; |
298 helper.UseHttpUrl(); | 311 helper.SetUrl(GURL(kHttpUrl)); |
299 | 312 |
300 // Ensure histogram recorded correctly when a non-secure password input is | 313 // Ensure histogram recorded correctly when a non-secure password input is |
301 // found on the page. | 314 // found on the page. |
302 helper.set_displayed_password_field_on_http(true); | 315 helper.set_displayed_password_field_on_http(true); |
303 SecurityInfo security_info; | 316 SecurityInfo security_info; |
304 histograms.ExpectTotalCount(kHistogramName, 0); | 317 histograms.ExpectTotalCount(kHistogramName, 0); |
305 helper.GetSecurityInfo(&security_info); | 318 helper.GetSecurityInfo(&security_info); |
306 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); | 319 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); |
307 | 320 |
308 // Ensure histogram recorded correctly even without a password input. | 321 // Ensure histogram recorded correctly even without a password input. |
309 helper.set_displayed_password_field_on_http(false); | 322 helper.set_displayed_password_field_on_http(false); |
310 helper.GetSecurityInfo(&security_info); | 323 helper.GetSecurityInfo(&security_info); |
311 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 324 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); |
312 } | 325 } |
313 | 326 |
314 } // namespace security_state | 327 } // namespace security_state |
OLD | NEW |