OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 package org.chromium.android_webview.test; | |
6 | |
7 import android.content.Context; | |
8 import android.content.SharedPreferences; | |
9 import android.graphics.Bitmap; | |
10 import android.support.test.filters.SmallTest; | |
11 import android.util.AndroidRuntimeException; | |
12 | |
13 import org.chromium.android_webview.AwBrowserContext; | |
14 import org.chromium.android_webview.AwContents; | |
15 import org.chromium.android_webview.test.util.GraphicsTestUtils; | |
16 import org.chromium.base.test.util.Feature; | |
17 import org.chromium.base.test.util.InMemorySharedPreferences; | |
18 import org.chromium.components.safe_browsing.SafeBrowsingApiBridge; | |
19 import org.chromium.components.safe_browsing.SafeBrowsingApiHandler; | |
20 import org.chromium.net.test.util.TestWebServer; | |
21 | |
22 import java.util.regex.Pattern; | |
23 | |
24 /** | |
25 * Test suite for SafeBrowsing. | |
26 * | |
27 * Ensures that interstitials can be successfully created for malicous pages. | |
28 */ | |
29 public class SafeBrowsingTest extends AwTestBase { | |
30 private TestAwContentsClient mContentsClient; | |
31 private AwTestContainerView mContainerView; | |
32 private AwContents mAwContents; | |
33 private MockAwBrowserContext mBrowserContext; | |
34 | |
35 // The background color of the safebrowsing interstitial HTML | |
36 private static final int INTERSTITIAL_COLOR = 0xffce3426; | |
37 | |
38 private static final String SIMPLE_RESPONSE_DATA = "<html></html>"; | |
39 private static final int WAIT_TIMEOUT_MS = 10000; | |
40 private static final String SAFE_URL = "/safe"; | |
41 private static final String MALWARE_URL = "/malware"; | |
42 | |
43 /** | |
44 * A fake SafeBrowsingApiHandler which treats URLs ending in SAFE_URL as saf e and those ending | |
45 * in MALWARE_URL as malicious URLs that should be blocked. | |
46 */ | |
47 public static class MockSafeBrowsingApiHandler implements SafeBrowsingApiHan dler { | |
48 private Observer mObserver; | |
49 private static final String SAFE_METADATA = "{}"; | |
50 private static final String MALWARE_METADATA = "{\"matches\":[{\"threat_ type\":\"5\"}]}"; | |
51 | |
52 @Override | |
53 public boolean init(Context context, Observer result) { | |
54 mObserver = result; | |
55 return true; | |
56 } | |
57 | |
58 @Override | |
59 public void startUriLookup(long callbackId, String uri, int[] threatsOfI nterest) { | |
60 int resultStatus = STATUS_SUCCESS; | |
61 String metadata = isMaliciousUrl(uri) ? MALWARE_METADATA : SAFE_META DATA; | |
62 | |
63 mObserver.onUrlCheckDone(callbackId, resultStatus, metadata); | |
64 } | |
65 | |
66 private static boolean isMaliciousUrl(String uri) { | |
67 return Pattern.compile(".*" + MALWARE_URL).matcher(uri).matches(); | |
boliu
2017/02/14 02:34:32
endsWith good enough?
Nate Fischer
2017/02/14 17:17:55
That's better, thanks. Done
| |
68 } | |
69 } | |
70 | |
71 /** | |
72 * A fake AwBrowserContext which loads the MockSafeBrowsingApiHandler instea d of the real one. | |
73 */ | |
74 private static class MockAwBrowserContext extends AwBrowserContext { | |
75 public MockAwBrowserContext( | |
76 SharedPreferences sharedPreferences, Context applicationContext) { | |
77 super(sharedPreferences, applicationContext); | |
78 SafeBrowsingApiBridge.setSafeBrowsingHandlerType(MockSafeBrowsingApi Handler.class); | |
79 } | |
80 } | |
81 | |
82 @Override | |
83 public void setUp() throws Exception { | |
84 super.setUp(); | |
85 mContentsClient = new TestAwContentsClient(); | |
86 mContainerView = createAwTestContainerViewOnMainSync(mContentsClient); | |
87 mAwContents = mContainerView.getAwContents(); | |
88 } | |
89 | |
90 /** | |
91 * Creates a special BrowserContext that has a safebrowsing api handler whic h always says | |
92 * sites are malicious | |
93 */ | |
94 @Override | |
95 protected void createAwBrowserContext() { | |
96 if (mBrowserContext != null) { | |
97 throw new AndroidRuntimeException("There should only be one browser context."); | |
98 } | |
99 getActivity(); // The Activity must be launched in order to load native code | |
100 final InMemorySharedPreferences prefs = new InMemorySharedPreferences(); | |
101 final Context appContext = getInstrumentation().getTargetContext().getAp plicationContext(); | |
boliu
2017/02/14 02:34:31
this is a lot of copied code, meaning AwTestBase i
Nate Fischer
2017/02/14 17:17:55
I broke it into 3 methods. The intermediate method
| |
102 getInstrumentation().runOnMainSync(new Runnable() { | |
103 @Override | |
104 public void run() { | |
105 mBrowserContext = new MockAwBrowserContext(prefs, appContext); | |
106 } | |
107 }); | |
108 } | |
109 | |
110 private boolean isShowingInterstitial() { | |
111 Bitmap bitmap = GraphicsTestUtils.drawAwContentsOnUiThread( | |
112 mAwContents, mContainerView.getWidth(), mContainerView.getHeight ()); | |
113 return (bitmap.getPixel(0, 0) == INTERSTITIAL_COLOR); | |
boliu
2017/02/14 02:34:31
where is this color from?
Nate Fischer
2017/02/14 17:17:55
It's the background color of the interstitial HTML
boliu
2017/02/14 18:31:40
It's not ok to depend on arbitrary values in far o
| |
114 } | |
115 | |
116 @SmallTest | |
117 @Feature({"AndroidWebView"}) | |
118 public void testSafeBrowsingDoesNotBlockSafePages() throws Throwable { | |
119 TestWebServer webServer = TestWebServer.start(); | |
120 | |
121 final String responseUrl = webServer.setResponse(SAFE_URL, SIMPLE_RESPON SE_DATA, null); | |
122 try { | |
123 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), responseUrl); | |
124 } finally { | |
125 webServer.shutdown(); | |
126 } | |
127 | |
128 assertFalse("Should not create an interstitial", isShowingInterstitial() ); | |
129 } | |
130 | |
131 @SmallTest | |
132 @Feature({"AndroidWebView"}) | |
133 public void testSafeBrowsingShowsInterstitialForMalware() throws Throwable { | |
134 TestWebServer webServer = TestWebServer.start(); | |
135 | |
136 final String responseUrl = webServer.setResponse(MALWARE_URL, SIMPLE_RES PONSE_DATA, null); | |
137 try { | |
138 // loadUrlSync never finishes if an interstitial gets shown, so we h ave to call the | |
139 // async version | |
140 loadUrlAsync(mAwContents, responseUrl); | |
141 Thread.sleep(WAIT_TIMEOUT_MS); | |
boliu
2017/02/14 02:34:32
no sleeps
you can wait for startUriLookup to be c
Nate Fischer
2017/02/14 17:17:55
I wasn't sure how to implement what you suggested,
| |
142 } finally { | |
143 webServer.shutdown(); | |
144 } | |
145 | |
146 assertTrue("Should create an interstitial", isShowingInterstitial()); | |
147 } | |
148 | |
149 @SmallTest | |
150 @Feature({"AndroidWebView"}) | |
151 public void testSafeBrowsingMaliciousSubresourceShowsInterstitial() throws T hrowable { | |
152 TestWebServer webServer = TestWebServer.start(); | |
153 | |
154 final String iframeUrl = webServer.setResponse(MALWARE_URL, SIMPLE_RESPO NSE_DATA, null); | |
155 | |
156 final String responseData = "<html>" | |
157 + " <body bgcolor=\"#E6E6FA\">" | |
158 + " <p>This is outside the iframe</p>" | |
159 + " <iframe src=\"" + iframeUrl + "\"></iframe>" | |
160 + " </body>" | |
161 + "</html>"; | |
162 final String responseUrl = webServer.setResponse(SAFE_URL, responseData, null); | |
163 try { | |
164 // loadUrlSync never finishes if an interstitial gets shown, so we h ave to call the | |
165 // async version | |
166 loadUrlAsync(mAwContents, responseUrl); | |
167 Thread.sleep(WAIT_TIMEOUT_MS); | |
boliu
2017/02/14 02:34:32
ditto
Nate Fischer
2017/02/14 17:17:55
Done
| |
168 } finally { | |
169 webServer.shutdown(); | |
170 } | |
171 | |
172 assertTrue("Should create an interstitial", isShowingInterstitial()); | |
173 } | |
174 } | |
OLD | NEW |