android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java - Issue 2691073003: Add javatests for the WebView SafeBrowsing feature

Side by Side Diff: android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java

Issue 2691073003: Add javatests for the WebView SafeBrowsing feature (Closed)

Patch Set: Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 package org.chromium.android_webview.test;

	6

	7 import android.content.Context;

	8 import android.content.SharedPreferences;

	9 import android.graphics.Bitmap;

	10 import android.support.test.filters.SmallTest;

	11 import android.util.AndroidRuntimeException;

	12

	13 import org.chromium.android_webview.AwBrowserContext;

	14 import org.chromium.android_webview.AwContents;

	15 import org.chromium.android_webview.test.util.GraphicsTestUtils;

	16 import org.chromium.base.test.util.Feature;

	17 import org.chromium.base.test.util.InMemorySharedPreferences;

	18 import org.chromium.components.safe_browsing.SafeBrowsingApiBridge;

	19 import org.chromium.components.safe_browsing.SafeBrowsingApiHandler;

	20 import org.chromium.net.test.util.TestWebServer;

	21

	22 import java.util.regex.Pattern;

	23

	24 /**

	25 * Test suite for SafeBrowsing.

	26 *

	27 * Ensures that interstitials can be successfully created for malicous pages.

	28 */

	29 public class SafeBrowsingTest extends AwTestBase {

	30 private TestAwContentsClient mContentsClient;

	31 private AwTestContainerView mContainerView;

	32 private AwContents mAwContents;

	33 private MockAwBrowserContext mBrowserContext;

	34

	35 // The background color of the safebrowsing interstitial HTML

	36 private static final int INTERSTITIAL_COLOR = 0xffce3426;

	37

	38 private static final String SIMPLE_RESPONSE_DATA = "<html></html>";

	39 private static final int WAIT_TIMEOUT_MS = 10000;

	40 private static final String SAFE_URL = "/safe";

	41 private static final String MALWARE_URL = "/malware";

	42

	43 /**

	44 * A fake SafeBrowsingApiHandler which treats URLs ending in SAFE_URL as saf e and those ending

	45 * in MALWARE_URL as malicious URLs that should be blocked.

	46 */

	47 public static class MockSafeBrowsingApiHandler implements SafeBrowsingApiHan dler {

	48 private Observer mObserver;

	49 private static final String SAFE_METADATA = "{}";

	50 private static final String MALWARE_METADATA = "{\"matches\":[{\"threat_ type\":\"5\"}]}";

	51

	52 @Override

	53 public boolean init(Context context, Observer result) {

	54 mObserver = result;

	55 return true;

	56 }

	57

	58 @Override

	59 public void startUriLookup(long callbackId, String uri, int[] threatsOfI nterest) {

	60 int resultStatus = STATUS_SUCCESS;

	61 String metadata = isMaliciousUrl(uri) ? MALWARE_METADATA : SAFE_META DATA;

	62

	63 mObserver.onUrlCheckDone(callbackId, resultStatus, metadata);

	64 }

	65

	66 private static boolean isMaliciousUrl(String uri) {

	67 return Pattern.compile(".*" + MALWARE_URL).matcher(uri).matches();
	boliu 2017/02/14 02:34:32 endsWith good enough? endsWith good enough? Nate Fischer 2017/02/14 17:17:55 That's better, thanks. Done Show quoted text On 2017/02/14 at 02:34:32, boliu wrote: > endsWith good enough? That's better, thanks. Done
	68 }

	69 }

	70

	71 /**

	72 * A fake AwBrowserContext which loads the MockSafeBrowsingApiHandler instea d of the real one.

	73 */

	74 private static class MockAwBrowserContext extends AwBrowserContext {

	75 public MockAwBrowserContext(

	76 SharedPreferences sharedPreferences, Context applicationContext) {

	77 super(sharedPreferences, applicationContext);

	78 SafeBrowsingApiBridge.setSafeBrowsingHandlerType(MockSafeBrowsingApi Handler.class);

	79 }

	80 }

	81

	82 @Override

	83 public void setUp() throws Exception {

	84 super.setUp();

	85 mContentsClient = new TestAwContentsClient();

	86 mContainerView = createAwTestContainerViewOnMainSync(mContentsClient);

	87 mAwContents = mContainerView.getAwContents();

	88 }

	89

	90 /**

	91 * Creates a special BrowserContext that has a safebrowsing api handler whic h always says

	92 * sites are malicious

	93 */

	94 @Override

	95 protected void createAwBrowserContext() {

	96 if (mBrowserContext != null) {

	97 throw new AndroidRuntimeException("There should only be one browser context.");

	98 }

	99 getActivity(); // The Activity must be launched in order to load native code

	100 final InMemorySharedPreferences prefs = new InMemorySharedPreferences();

	101 final Context appContext = getInstrumentation().getTargetContext().getAp plicationContext();
	boliu 2017/02/14 02:34:31 this is a lot of copied code, meaning AwTestBase i this is a lot of copied code, meaning AwTestBase is doing things wrong, duplicated code should be in a private method in AwTestBase, and then have the pref and context passed into the protected method Nate Fischer 2017/02/14 17:17:55 I broke it into 3 methods. The intermediate method Show quoted text On 2017/02/14 at 02:34:31, boliu wrote: > this is a lot of copied code, meaning AwTestBase is doing things wrong, duplicated code should be in a private method in AwTestBase, and then have the pref and context passed into the protected method I broke it into 3 methods. The intermediate method is overridden in the sub class. By splitting it in 3, I was able to get rid of the MockAwBrowserContext member variable in the sub class.
	102 getInstrumentation().runOnMainSync(new Runnable() {

	103 @Override

	104 public void run() {

	105 mBrowserContext = new MockAwBrowserContext(prefs, appContext);

	106 }

	107 });

	108 }

	109

	110 private boolean isShowingInterstitial() {

	111 Bitmap bitmap = GraphicsTestUtils.drawAwContentsOnUiThread(

	112 mAwContents, mContainerView.getWidth(), mContainerView.getHeight ());

	113 return (bitmap.getPixel(0, 0) == INTERSTITIAL_COLOR);
	boliu 2017/02/14 02:34:31 where is this color from? where is this color from? Nate Fischer 2017/02/14 17:17:55 It's the background color of the interstitial HTML Show quoted text On 2017/02/14 at 02:34:31, boliu wrote: > where is this color from? It's the background color of the interstitial HTML. I found it in this css file: https://cs.chromium.org/chromium/src/components/security_interstitials/core/b... 0xffce3426 is the hex representation of rgb(206, 52, 38) (the 'ff' is the alpha channel). I rewrote it as `Color.rgb(206, 52, 38)` and added an explanatory comment to improve clarity. Is there any way I can make this better? boliu 2017/02/14 18:31:40 It's not ok to depend on arbitrary values in far o Show quoted text On 2017/02/14 17:17:55, Nate Fischer wrote: > On 2017/02/14 at 02:34:31, boliu wrote: > > where is this color from? > > It's the background color of the interstitial HTML. I found it in this css file: > > https://cs.chromium.org/chromium/src/components/security_interstitials/core/b... > > 0xffce3426 is the hex representation of rgb(206, 52, 38) (the 'ff' is the alpha > channel). > > I rewrote it as `Color.rgb(206, 52, 38)` and added an explanatory comment to > improve clarity. Is there any way I can make this better? It's not ok to depend on arbitrary values in far off code like that. Imagine if someone is redesigning the interstitial later and suddenly these tests start breaking. Besides, how do you even know 0,0 is the background color and not something else? If you just want to check interstitial exists, then you want to wait for the signal that an interstitial is created. If you really want to check interstitial is being rendered, then you'll have to somehow override the interstitial html in the tes here.
	114 }

	115

	116 @SmallTest

	117 @Feature({"AndroidWebView"})

	118 public void testSafeBrowsingDoesNotBlockSafePages() throws Throwable {

	119 TestWebServer webServer = TestWebServer.start();

	120

	121 final String responseUrl = webServer.setResponse(SAFE_URL, SIMPLE_RESPON SE_DATA, null);

	122 try {

	123 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), responseUrl);

	124 } finally {

	125 webServer.shutdown();

	126 }

	127

	128 assertFalse("Should not create an interstitial", isShowingInterstitial() );

	129 }

	130

	131 @SmallTest

	132 @Feature({"AndroidWebView"})

	133 public void testSafeBrowsingShowsInterstitialForMalware() throws Throwable {

	134 TestWebServer webServer = TestWebServer.start();

	135

	136 final String responseUrl = webServer.setResponse(MALWARE_URL, SIMPLE_RES PONSE_DATA, null);

	137 try {

	138 // loadUrlSync never finishes if an interstitial gets shown, so we h ave to call the

	139 // async version

	140 loadUrlAsync(mAwContents, responseUrl);

	141 Thread.sleep(WAIT_TIMEOUT_MS);
	boliu 2017/02/14 02:34:32 no sleeps you can wait for startUriLookup to be c no sleeps you can wait for startUriLookup to be called Nate Fischer 2017/02/14 17:17:55 I wasn't sure how to implement what you suggested, Show quoted text On 2017/02/14 at 02:34:32, boliu wrote: > no sleeps > > you can wait for startUriLookup to be called I wasn't sure how to implement what you suggested, so I wrote up something else that I think will be sufficient. This is replaced with waitForInterstitial, which polls until it sees an interstitial. This is based off AwTestBase#waitForPixelColorAtCenterOfView.
	142 } finally {

	143 webServer.shutdown();

	144 }

	145

	146 assertTrue("Should create an interstitial", isShowingInterstitial());

	147 }

	148

	149 @SmallTest

	150 @Feature({"AndroidWebView"})

	151 public void testSafeBrowsingMaliciousSubresourceShowsInterstitial() throws T hrowable {

	152 TestWebServer webServer = TestWebServer.start();

	153

	154 final String iframeUrl = webServer.setResponse(MALWARE_URL, SIMPLE_RESPO NSE_DATA, null);

	155

	156 final String responseData = "<html>"

	157 + " <body bgcolor=\"#E6E6FA\">"

	158 + " <p>This is outside the iframe</p>"

	159 + " <iframe src=\"" + iframeUrl + "\"></iframe>"

	160 + " </body>"

	161 + "</html>";

	162 final String responseUrl = webServer.setResponse(SAFE_URL, responseData, null);

	163 try {

	164 // loadUrlSync never finishes if an interstitial gets shown, so we h ave to call the

	165 // async version

	166 loadUrlAsync(mAwContents, responseUrl);

	167 Thread.sleep(WAIT_TIMEOUT_MS);
	boliu 2017/02/14 02:34:32 ditto ditto Nate Fischer 2017/02/14 17:17:55 Done Show quoted text On 2017/02/14 at 02:34:32, boliu wrote: > ditto Done
	168 } finally {

	169 webServer.shutdown();

	170 }

	171

	172 assertTrue("Should create an interstitial", isShowingInterstitial());

	173 }

	174 }

OLD	NEW

« no previous file with comments | « no previous file | android_webview/test/BUILD.gn » ('j') | no next file with comments »