| Index: components/security_state/core/security_state_unittest.cc
|
| diff --git a/components/security_state/core/security_state_unittest.cc b/components/security_state/core/security_state_unittest.cc
|
| index 4e4aa701103218690a47160ca4bceb9296053aee..73652481b37214a099876ad14d1a366b17ccbbc6 100644
|
| --- a/components/security_state/core/security_state_unittest.cc
|
| +++ b/components/security_state/core/security_state_unittest.cc
|
| @@ -34,6 +34,8 @@ class TestSecurityStateHelper {
|
| public:
|
| TestSecurityStateHelper()
|
| : url_(kHttpsUrl),
|
| + cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(),
|
| + "sha1_2016.pem")),
|
| connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2
|
| << net::SSL_CONNECTION_VERSION_SHIFT),
|
| cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT),
|
| @@ -41,10 +43,7 @@ class TestSecurityStateHelper {
|
| ran_mixed_content_(false),
|
| malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE),
|
| displayed_password_field_on_http_(false),
|
| - displayed_credit_card_field_on_http_(false) {
|
| - cert_ =
|
| - net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem");
|
| - }
|
| + displayed_credit_card_field_on_http_(false) {}
|
| virtual ~TestSecurityStateHelper() {}
|
|
|
| void set_connection_status(int connection_status) {
|
| @@ -75,9 +74,9 @@ class TestSecurityStateHelper {
|
| displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http;
|
| }
|
|
|
| - void UseHttpUrl() { url_ = GURL(kHttpUrl); }
|
| + void SetUrl(const GURL& url) { url_ = url; }
|
|
|
| - std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() {
|
| + std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const {
|
| auto state = base::MakeUnique<VisibleSecurityState>();
|
| state->connection_info_initialized = true;
|
| state->url = url_;
|
| @@ -94,7 +93,7 @@ class TestSecurityStateHelper {
|
| return state;
|
| }
|
|
|
| - void GetSecurityInfo(SecurityInfo* security_info) {
|
| + void GetSecurityInfo(SecurityInfo* security_info) const {
|
| security_state::GetSecurityInfo(
|
| GetVisibleSecurityState(),
|
| false /* used policy installed certificate */,
|
| @@ -103,7 +102,7 @@ class TestSecurityStateHelper {
|
|
|
| private:
|
| GURL url_;
|
| - scoped_refptr<net::X509Certificate> cert_;
|
| + const scoped_refptr<net::X509Certificate> cert_;
|
| int connection_status_;
|
| net::CertStatus cert_status_;
|
| bool displayed_mixed_content_;
|
| @@ -234,13 +233,27 @@ TEST(SecurityStateTest, MalwareWithoutConnectionState) {
|
| EXPECT_EQ(DANGEROUS, security_info.security_level);
|
| }
|
|
|
| +// Tests that pseudo URLs always cause an HTTP_SHOW_WARNING to be shown,
|
| +// regardless of whether a password or credit card field was displayed.
|
| +TEST(SecurityStateTest, AlwaysWarnOnDataUrls) {
|
| + TestSecurityStateHelper helper;
|
| + helper.SetUrl(GURL("data:text/html,<html>test</html>"));
|
| + helper.set_displayed_password_field_on_http(false);
|
| + helper.set_displayed_credit_card_field_on_http(false);
|
| + SecurityInfo security_info;
|
| + helper.GetSecurityInfo(&security_info);
|
| + EXPECT_FALSE(security_info.displayed_password_field_on_http);
|
| + EXPECT_FALSE(security_info.displayed_credit_card_field_on_http);
|
| + EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level);
|
| +}
|
| +
|
| // Tests that password fields cause the security level to be downgraded
|
| // to HTTP_SHOW_WARNING when the command-line switch is set.
|
| TEST(SecurityStateTest, PasswordFieldWarning) {
|
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
| switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip);
|
| TestSecurityStateHelper helper;
|
| - helper.UseHttpUrl();
|
| + helper.SetUrl(GURL(kHttpUrl));
|
| helper.set_displayed_password_field_on_http(true);
|
| SecurityInfo security_info;
|
| helper.GetSecurityInfo(&security_info);
|
| @@ -254,7 +267,7 @@ TEST(SecurityStateTest, CreditCardFieldWarning) {
|
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
| switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip);
|
| TestSecurityStateHelper helper;
|
| - helper.UseHttpUrl();
|
| + helper.SetUrl(GURL(kHttpUrl));
|
| helper.set_displayed_credit_card_field_on_http(true);
|
| SecurityInfo security_info;
|
| helper.GetSecurityInfo(&security_info);
|
| @@ -267,7 +280,7 @@ TEST(SecurityStateTest, CreditCardFieldWarning) {
|
| // is NOT set.
|
| TEST(SecurityStateTest, HttpWarningNotSetWithoutSwitch) {
|
| TestSecurityStateHelper helper;
|
| - helper.UseHttpUrl();
|
| + helper.SetUrl(GURL(kHttpUrl));
|
| helper.set_displayed_password_field_on_http(true);
|
| SecurityInfo security_info;
|
| helper.GetSecurityInfo(&security_info);
|
| @@ -285,7 +298,7 @@ TEST(SecurityStateTest, HttpWarningNotSetWithoutSwitch) {
|
| // VisibleSecurityState flags are not set.
|
| TEST(SecurityStateTest, PrivateUserDataNotSet) {
|
| TestSecurityStateHelper helper;
|
| - helper.UseHttpUrl();
|
| + helper.SetUrl(GURL(kHttpUrl));
|
| SecurityInfo security_info;
|
| helper.GetSecurityInfo(&security_info);
|
| EXPECT_FALSE(security_info.displayed_password_field_on_http);
|
| @@ -301,7 +314,7 @@ TEST(SecurityStateTest, MarkHttpAsStatusHistogram) {
|
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
| switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip);
|
| TestSecurityStateHelper helper;
|
| - helper.UseHttpUrl();
|
| + helper.SetUrl(GURL(kHttpUrl));
|
|
|
| // Ensure histogram recorded correctly when a non-secure password input is
|
| // found on the page.
|
|
|
Chromium Code Reviews
Issue 2666783006:
[Merge M-56] Display "Not secure" verbose state for data: URLs (Closed)
