| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 const char kHttpUrl[] = "http://foo.test/"; | 27 const char kHttpUrl[] = "http://foo.test/"; |
| 28 | 28 |
| 29 bool IsOriginSecure(const GURL& url) { | 29 bool IsOriginSecure(const GURL& url) { |
| 30 return url == kHttpsUrl; | 30 return url == kHttpsUrl; |
| 31 } | 31 } |
| 32 | 32 |
| 33 class TestSecurityStateHelper { | 33 class TestSecurityStateHelper { |
| 34 public: | 34 public: |
| 35 TestSecurityStateHelper() | 35 TestSecurityStateHelper() |
| 36 : url_(kHttpsUrl), | 36 : url_(kHttpsUrl), |
| 37 cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 38 "sha1_2016.pem")), |
| 37 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 39 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 38 << net::SSL_CONNECTION_VERSION_SHIFT), | 40 << net::SSL_CONNECTION_VERSION_SHIFT), |
| 39 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), | 41 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
| 40 displayed_mixed_content_(false), | 42 displayed_mixed_content_(false), |
| 41 ran_mixed_content_(false), | 43 ran_mixed_content_(false), |
| 42 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), | 44 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), |
| 43 displayed_password_field_on_http_(false), | 45 displayed_password_field_on_http_(false), |
| 44 displayed_credit_card_field_on_http_(false) { | 46 displayed_credit_card_field_on_http_(false) {} |
| 45 cert_ = | |
| 46 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); | |
| 47 } | |
| 48 virtual ~TestSecurityStateHelper() {} | 47 virtual ~TestSecurityStateHelper() {} |
| 49 | 48 |
| 50 void set_connection_status(int connection_status) { | 49 void set_connection_status(int connection_status) { |
| 51 connection_status_ = connection_status; | 50 connection_status_ = connection_status; |
| 52 } | 51 } |
| 53 void SetCipherSuite(uint16_t ciphersuite) { | 52 void SetCipherSuite(uint16_t ciphersuite) { |
| 54 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); | 53 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
| 55 } | 54 } |
| 56 void AddCertStatus(net::CertStatus cert_status) { | 55 void AddCertStatus(net::CertStatus cert_status) { |
| 57 cert_status_ |= cert_status; | 56 cert_status_ |= cert_status; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 68 } | 67 } |
| 69 void set_displayed_password_field_on_http( | 68 void set_displayed_password_field_on_http( |
| 70 bool displayed_password_field_on_http) { | 69 bool displayed_password_field_on_http) { |
| 71 displayed_password_field_on_http_ = displayed_password_field_on_http; | 70 displayed_password_field_on_http_ = displayed_password_field_on_http; |
| 72 } | 71 } |
| 73 void set_displayed_credit_card_field_on_http( | 72 void set_displayed_credit_card_field_on_http( |
| 74 bool displayed_credit_card_field_on_http) { | 73 bool displayed_credit_card_field_on_http) { |
| 75 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; | 74 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; |
| 76 } | 75 } |
| 77 | 76 |
| 78 void UseHttpUrl() { url_ = GURL(kHttpUrl); } | 77 void SetUrl(const GURL& url) { url_ = url; } |
| 79 | 78 |
| 80 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() { | 79 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const { |
| 81 auto state = base::MakeUnique<VisibleSecurityState>(); | 80 auto state = base::MakeUnique<VisibleSecurityState>(); |
| 82 state->connection_info_initialized = true; | 81 state->connection_info_initialized = true; |
| 83 state->url = url_; | 82 state->url = url_; |
| 84 state->certificate = cert_; | 83 state->certificate = cert_; |
| 85 state->cert_status = cert_status_; | 84 state->cert_status = cert_status_; |
| 86 state->connection_status = connection_status_; | 85 state->connection_status = connection_status_; |
| 87 state->security_bits = 256; | 86 state->security_bits = 256; |
| 88 state->displayed_mixed_content = displayed_mixed_content_; | 87 state->displayed_mixed_content = displayed_mixed_content_; |
| 89 state->ran_mixed_content = ran_mixed_content_; | 88 state->ran_mixed_content = ran_mixed_content_; |
| 90 state->malicious_content_status = malicious_content_status_; | 89 state->malicious_content_status = malicious_content_status_; |
| 91 state->displayed_password_field_on_http = displayed_password_field_on_http_; | 90 state->displayed_password_field_on_http = displayed_password_field_on_http_; |
| 92 state->displayed_credit_card_field_on_http = | 91 state->displayed_credit_card_field_on_http = |
| 93 displayed_credit_card_field_on_http_; | 92 displayed_credit_card_field_on_http_; |
| 94 return state; | 93 return state; |
| 95 } | 94 } |
| 96 | 95 |
| 97 void GetSecurityInfo(SecurityInfo* security_info) { | 96 void GetSecurityInfo(SecurityInfo* security_info) const { |
| 98 security_state::GetSecurityInfo( | 97 security_state::GetSecurityInfo( |
| 99 GetVisibleSecurityState(), | 98 GetVisibleSecurityState(), |
| 100 false /* used policy installed certificate */, | 99 false /* used policy installed certificate */, |
| 101 base::Bind(&IsOriginSecure), security_info); | 100 base::Bind(&IsOriginSecure), security_info); |
| 102 } | 101 } |
| 103 | 102 |
| 104 private: | 103 private: |
| 105 GURL url_; | 104 GURL url_; |
| 106 scoped_refptr<net::X509Certificate> cert_; | 105 const scoped_refptr<net::X509Certificate> cert_; |
| 107 int connection_status_; | 106 int connection_status_; |
| 108 net::CertStatus cert_status_; | 107 net::CertStatus cert_status_; |
| 109 bool displayed_mixed_content_; | 108 bool displayed_mixed_content_; |
| 110 bool ran_mixed_content_; | 109 bool ran_mixed_content_; |
| 111 MaliciousContentStatus malicious_content_status_; | 110 MaliciousContentStatus malicious_content_status_; |
| 112 bool displayed_password_field_on_http_; | 111 bool displayed_password_field_on_http_; |
| 113 bool displayed_credit_card_field_on_http_; | 112 bool displayed_credit_card_field_on_http_; |
| 114 }; | 113 }; |
| 115 | 114 |
| 116 } // namespace | 115 } // namespace |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 227 TestSecurityStateHelper helper; | 226 TestSecurityStateHelper helper; |
| 228 helper.set_malicious_content_status( | 227 helper.set_malicious_content_status( |
| 229 MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING); | 228 MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING); |
| 230 SecurityInfo security_info; | 229 SecurityInfo security_info; |
| 231 helper.GetSecurityInfo(&security_info); | 230 helper.GetSecurityInfo(&security_info); |
| 232 EXPECT_EQ(MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, | 231 EXPECT_EQ(MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, |
| 233 security_info.malicious_content_status); | 232 security_info.malicious_content_status); |
| 234 EXPECT_EQ(DANGEROUS, security_info.security_level); | 233 EXPECT_EQ(DANGEROUS, security_info.security_level); |
| 235 } | 234 } |
| 236 | 235 |
| 236 // Tests that pseudo URLs always cause an HTTP_SHOW_WARNING to be shown, |
| 237 // regardless of whether a password or credit card field was displayed. |
| 238 TEST(SecurityStateTest, AlwaysWarnOnDataUrls) { |
| 239 TestSecurityStateHelper helper; |
| 240 helper.SetUrl(GURL("data:text/html,<html>test</html>")); |
| 241 helper.set_displayed_password_field_on_http(false); |
| 242 helper.set_displayed_credit_card_field_on_http(false); |
| 243 SecurityInfo security_info; |
| 244 helper.GetSecurityInfo(&security_info); |
| 245 EXPECT_FALSE(security_info.displayed_password_field_on_http); |
| 246 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); |
| 247 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
| 248 } |
| 249 |
| 237 // Tests that password fields cause the security level to be downgraded | 250 // Tests that password fields cause the security level to be downgraded |
| 238 // to HTTP_SHOW_WARNING when the command-line switch is set. | 251 // to HTTP_SHOW_WARNING when the command-line switch is set. |
| 239 TEST(SecurityStateTest, PasswordFieldWarning) { | 252 TEST(SecurityStateTest, PasswordFieldWarning) { |
| 240 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 253 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 241 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 254 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 242 TestSecurityStateHelper helper; | 255 TestSecurityStateHelper helper; |
| 243 helper.UseHttpUrl(); | 256 helper.SetUrl(GURL(kHttpUrl)); |
| 244 helper.set_displayed_password_field_on_http(true); | 257 helper.set_displayed_password_field_on_http(true); |
| 245 SecurityInfo security_info; | 258 SecurityInfo security_info; |
| 246 helper.GetSecurityInfo(&security_info); | 259 helper.GetSecurityInfo(&security_info); |
| 247 EXPECT_TRUE(security_info.displayed_password_field_on_http); | 260 EXPECT_TRUE(security_info.displayed_password_field_on_http); |
| 248 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); | 261 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
| 249 } | 262 } |
| 250 | 263 |
| 251 // Tests that credit card fields cause the security level to be downgraded | 264 // Tests that credit card fields cause the security level to be downgraded |
| 252 // to HTTP_SHOW_WARNING when the command-line switch is set. | 265 // to HTTP_SHOW_WARNING when the command-line switch is set. |
| 253 TEST(SecurityStateTest, CreditCardFieldWarning) { | 266 TEST(SecurityStateTest, CreditCardFieldWarning) { |
| 254 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 267 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 255 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 268 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 256 TestSecurityStateHelper helper; | 269 TestSecurityStateHelper helper; |
| 257 helper.UseHttpUrl(); | 270 helper.SetUrl(GURL(kHttpUrl)); |
| 258 helper.set_displayed_credit_card_field_on_http(true); | 271 helper.set_displayed_credit_card_field_on_http(true); |
| 259 SecurityInfo security_info; | 272 SecurityInfo security_info; |
| 260 helper.GetSecurityInfo(&security_info); | 273 helper.GetSecurityInfo(&security_info); |
| 261 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); | 274 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); |
| 262 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); | 275 EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level); |
| 263 } | 276 } |
| 264 | 277 |
| 265 // Tests that neither password nor credit fields cause the security | 278 // Tests that neither password nor credit fields cause the security |
| 266 // level to be downgraded to HTTP_SHOW_WARNING when the command-line switch | 279 // level to be downgraded to HTTP_SHOW_WARNING when the command-line switch |
| 267 // is NOT set. | 280 // is NOT set. |
| 268 TEST(SecurityStateTest, HttpWarningNotSetWithoutSwitch) { | 281 TEST(SecurityStateTest, HttpWarningNotSetWithoutSwitch) { |
| 269 TestSecurityStateHelper helper; | 282 TestSecurityStateHelper helper; |
| 270 helper.UseHttpUrl(); | 283 helper.SetUrl(GURL(kHttpUrl)); |
| 271 helper.set_displayed_password_field_on_http(true); | 284 helper.set_displayed_password_field_on_http(true); |
| 272 SecurityInfo security_info; | 285 SecurityInfo security_info; |
| 273 helper.GetSecurityInfo(&security_info); | 286 helper.GetSecurityInfo(&security_info); |
| 274 EXPECT_TRUE(security_info.displayed_password_field_on_http); | 287 EXPECT_TRUE(security_info.displayed_password_field_on_http); |
| 275 EXPECT_EQ(NONE, security_info.security_level); | 288 EXPECT_EQ(NONE, security_info.security_level); |
| 276 | 289 |
| 277 helper.set_displayed_credit_card_field_on_http(true); | 290 helper.set_displayed_credit_card_field_on_http(true); |
| 278 helper.GetSecurityInfo(&security_info); | 291 helper.GetSecurityInfo(&security_info); |
| 279 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); | 292 EXPECT_TRUE(security_info.displayed_credit_card_field_on_http); |
| 280 EXPECT_EQ(NONE, security_info.security_level); | 293 EXPECT_EQ(NONE, security_info.security_level); |
| 281 } | 294 } |
| 282 | 295 |
| 283 // Tests that neither |displayed_password_field_on_http| nor | 296 // Tests that neither |displayed_password_field_on_http| nor |
| 284 // |displayed_credit_card_field_on_http| is set when the corresponding | 297 // |displayed_credit_card_field_on_http| is set when the corresponding |
| 285 // VisibleSecurityState flags are not set. | 298 // VisibleSecurityState flags are not set. |
| 286 TEST(SecurityStateTest, PrivateUserDataNotSet) { | 299 TEST(SecurityStateTest, PrivateUserDataNotSet) { |
| 287 TestSecurityStateHelper helper; | 300 TestSecurityStateHelper helper; |
| 288 helper.UseHttpUrl(); | 301 helper.SetUrl(GURL(kHttpUrl)); |
| 289 SecurityInfo security_info; | 302 SecurityInfo security_info; |
| 290 helper.GetSecurityInfo(&security_info); | 303 helper.GetSecurityInfo(&security_info); |
| 291 EXPECT_FALSE(security_info.displayed_password_field_on_http); | 304 EXPECT_FALSE(security_info.displayed_password_field_on_http); |
| 292 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); | 305 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); |
| 293 EXPECT_EQ(NONE, security_info.security_level); | 306 EXPECT_EQ(NONE, security_info.security_level); |
| 294 } | 307 } |
| 295 | 308 |
| 296 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is | 309 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is |
| 297 // computed for a page. | 310 // computed for a page. |
| 298 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { | 311 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { |
| 299 const char* kHistogramName = "SSL.MarkHttpAsStatus"; | 312 const char* kHistogramName = "SSL.MarkHttpAsStatus"; |
| 300 base::HistogramTester histograms; | 313 base::HistogramTester histograms; |
| 301 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 314 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 302 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 315 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 303 TestSecurityStateHelper helper; | 316 TestSecurityStateHelper helper; |
| 304 helper.UseHttpUrl(); | 317 helper.SetUrl(GURL(kHttpUrl)); |
| 305 | 318 |
| 306 // Ensure histogram recorded correctly when a non-secure password input is | 319 // Ensure histogram recorded correctly when a non-secure password input is |
| 307 // found on the page. | 320 // found on the page. |
| 308 helper.set_displayed_password_field_on_http(true); | 321 helper.set_displayed_password_field_on_http(true); |
| 309 SecurityInfo security_info; | 322 SecurityInfo security_info; |
| 310 histograms.ExpectTotalCount(kHistogramName, 0); | 323 histograms.ExpectTotalCount(kHistogramName, 0); |
| 311 helper.GetSecurityInfo(&security_info); | 324 helper.GetSecurityInfo(&security_info); |
| 312 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); | 325 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); |
| 313 | 326 |
| 314 // Ensure histogram recorded correctly even without a password input. | 327 // Ensure histogram recorded correctly even without a password input. |
| 315 helper.set_displayed_password_field_on_http(false); | 328 helper.set_displayed_password_field_on_http(false); |
| 316 helper.GetSecurityInfo(&security_info); | 329 helper.GetSecurityInfo(&security_info); |
| 317 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 330 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); |
| 318 } | 331 } |
| 319 | 332 |
| 320 } // namespace security_state | 333 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2666783006:
[Merge M-56] Display "Not secure" verbose state for data: URLs (Closed)
