OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 package org.chromium.android_webview.test; |
| 6 |
| 7 import android.content.Context; |
| 8 import android.content.SharedPreferences; |
| 9 import android.graphics.Bitmap; |
| 10 import android.graphics.Color; |
| 11 import android.support.test.filters.SmallTest; |
| 12 |
| 13 import org.chromium.android_webview.AwBrowserContext; |
| 14 import org.chromium.android_webview.AwContents; |
| 15 import org.chromium.android_webview.AwSwitches; |
| 16 import org.chromium.android_webview.AwWebContentsObserver; |
| 17 import org.chromium.android_webview.test.util.GraphicsTestUtils; |
| 18 import org.chromium.base.ThreadUtils; |
| 19 import org.chromium.base.test.util.CallbackHelper; |
| 20 import org.chromium.base.test.util.CommandLineFlags; |
| 21 import org.chromium.base.test.util.Feature; |
| 22 import org.chromium.base.test.util.InMemorySharedPreferences; |
| 23 import org.chromium.components.safe_browsing.SafeBrowsingApiBridge; |
| 24 import org.chromium.components.safe_browsing.SafeBrowsingApiHandler; |
| 25 import org.chromium.content_public.browser.WebContents; |
| 26 import org.chromium.net.test.EmbeddedTestServer; |
| 27 |
| 28 /** |
| 29 * Test suite for SafeBrowsing. |
| 30 * |
| 31 * Ensures that interstitials can be successfully created for malicous pages. |
| 32 */ |
| 33 public class SafeBrowsingTest extends AwTestBase { |
| 34 private TestAwContentsClient mContentsClient; |
| 35 private AwTestContainerView mContainerView; |
| 36 private AwContents mAwContents; |
| 37 private TestAwWebContentsObserver mWebContentsObserver; |
| 38 |
| 39 private EmbeddedTestServer mTestServer; |
| 40 |
| 41 // These colors correspond to the body.background attribute in GREEN_HTML_PA
TH, SAFE_HTML_PATH, |
| 42 // MALWARE_HTML_PATH, and IFRAME_HTML_PATH. They should only be changed if t
hose values are |
| 43 // changed as well |
| 44 private static final int COLOR_GREEN = Color.rgb(0, 255, 0); |
| 45 private static final int COLOR_BLUE = Color.rgb(0, 0, 255); |
| 46 private static final int COLOR_GRAY = Color.rgb(10, 10, 10); |
| 47 |
| 48 private static final String RESOURCE_PATH = "/android_webview/test/data"; |
| 49 |
| 50 // A blank green page |
| 51 private static final String GREEN_HTML_PATH = RESOURCE_PATH + "/green.html"; |
| 52 |
| 53 // Two blank blue pages, one which we treat as a malicious page |
| 54 private static final String SAFE_HTML_PATH = RESOURCE_PATH + "/safe.html"; |
| 55 private static final String MALWARE_HTML_PATH = RESOURCE_PATH + "/malware.ht
ml"; |
| 56 |
| 57 // A gray page with an iframe to MALWARE_HTML_PATH |
| 58 private static final String IFRAME_HTML_PATH = RESOURCE_PATH + "/iframe.html
"; |
| 59 |
| 60 /** |
| 61 * A fake SafeBrowsingApiHandler which treats URLs ending in MALWARE_HTML_PA
TH as malicious URLs |
| 62 * that should be blocked. |
| 63 */ |
| 64 public static class MockSafeBrowsingApiHandler implements SafeBrowsingApiHan
dler { |
| 65 private Observer mObserver; |
| 66 private static final String SAFE_METADATA = "{}"; |
| 67 private static final String MALWARE_METADATA = "{\"matches\":[{\"threat_
type\":\"5\"}]}"; |
| 68 |
| 69 @Override |
| 70 public boolean init(Context context, Observer result) { |
| 71 mObserver = result; |
| 72 return true; |
| 73 } |
| 74 |
| 75 @Override |
| 76 public void startUriLookup(final long callbackId, String uri, int[] thre
atsOfInterest) { |
| 77 final int resultStatus = STATUS_SUCCESS; |
| 78 final String metadata = isMaliciousUrl(uri) ? MALWARE_METADATA : SAF
E_METADATA; |
| 79 |
| 80 ThreadUtils.runOnUiThread(new Runnable() { |
| 81 @Override |
| 82 public void run() { |
| 83 mObserver.onUrlCheckDone(callbackId, resultStatus, metadata)
; |
| 84 } |
| 85 }); |
| 86 } |
| 87 |
| 88 private static boolean isMaliciousUrl(String uri) { |
| 89 return uri.endsWith(MALWARE_HTML_PATH); |
| 90 } |
| 91 } |
| 92 |
| 93 /** |
| 94 * A fake AwBrowserContext which loads the MockSafeBrowsingApiHandler instea
d of the real one. |
| 95 */ |
| 96 private static class MockAwBrowserContext extends AwBrowserContext { |
| 97 public MockAwBrowserContext( |
| 98 SharedPreferences sharedPreferences, Context applicationContext)
{ |
| 99 super(sharedPreferences, applicationContext); |
| 100 SafeBrowsingApiBridge.setSafeBrowsingHandlerType(MockSafeBrowsingApi
Handler.class); |
| 101 } |
| 102 } |
| 103 |
| 104 private static class TestAwWebContentsObserver extends AwWebContentsObserver
{ |
| 105 private CallbackHelper mDidAttachInterstitialPageHelper; |
| 106 |
| 107 public TestAwWebContentsObserver(WebContents webContents, AwContents awC
ontents, |
| 108 TestAwContentsClient contentsClient) { |
| 109 super(webContents, awContents, contentsClient); |
| 110 mDidAttachInterstitialPageHelper = new CallbackHelper(); |
| 111 } |
| 112 |
| 113 public CallbackHelper getAttachedInterstitialPageHelper() { |
| 114 return mDidAttachInterstitialPageHelper; |
| 115 } |
| 116 |
| 117 @Override |
| 118 public void didAttachInterstitialPage() { |
| 119 mDidAttachInterstitialPageHelper.notifyCalled(); |
| 120 } |
| 121 } |
| 122 |
| 123 @Override |
| 124 public void setUp() throws Exception { |
| 125 super.setUp(); |
| 126 mContentsClient = new TestAwContentsClient(); |
| 127 mContainerView = createAwTestContainerViewOnMainSync(mContentsClient); |
| 128 mAwContents = mContainerView.getAwContents(); |
| 129 |
| 130 mTestServer = EmbeddedTestServer.createAndStartServer(getInstrumentation
().getContext()); |
| 131 getInstrumentation().runOnMainSync(new Runnable() { |
| 132 @Override |
| 133 public void run() { |
| 134 mWebContentsObserver = new TestAwWebContentsObserver( |
| 135 mContainerView.getContentViewCore().getWebContents(), mA
wContents, |
| 136 mContentsClient) {}; |
| 137 } |
| 138 }); |
| 139 } |
| 140 |
| 141 @Override |
| 142 public void tearDown() throws Exception { |
| 143 mTestServer.stopAndDestroyServer(); |
| 144 super.tearDown(); |
| 145 } |
| 146 |
| 147 /** |
| 148 * Creates a special BrowserContext that has a safebrowsing api handler whic
h always says |
| 149 * sites are malicious |
| 150 */ |
| 151 @Override |
| 152 protected AwBrowserContext createAwBrowserContextOnUiThread( |
| 153 InMemorySharedPreferences prefs, Context appContext) { |
| 154 return new MockAwBrowserContext(prefs, appContext); |
| 155 } |
| 156 |
| 157 private int getPageColor() { |
| 158 Bitmap bitmap = GraphicsTestUtils.drawAwContentsOnUiThread( |
| 159 mAwContents, mContainerView.getWidth(), mContainerView.getHeight
()); |
| 160 return bitmap.getPixel(0, 0); |
| 161 } |
| 162 |
| 163 private void loadGreenPage() throws Exception { |
| 164 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), |
| 165 mTestServer.getURL(GREEN_HTML_PATH)); |
| 166 |
| 167 // Make sure we actually wait for the page to be visible |
| 168 waitForVisualStateCallback(mAwContents); |
| 169 } |
| 170 |
| 171 @SmallTest |
| 172 @Feature({"AndroidWebView"}) |
| 173 @CommandLineFlags.Add(AwSwitches.WEBVIEW_ENABLE_SAFEBROWSING_SUPPORT) |
| 174 public void testSafeBrowsingDoesNotBlockSafePages() throws Throwable { |
| 175 loadGreenPage(); |
| 176 final String responseUrl = mTestServer.getURL(SAFE_HTML_PATH); |
| 177 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), resp
onseUrl); |
| 178 waitForVisualStateCallback(mAwContents); |
| 179 assertEquals("Target page should be visible", COLOR_BLUE, |
| 180 GraphicsTestUtils.getPixelColorAtCenterOfView(mAwContents, mCont
ainerView)); |
| 181 } |
| 182 |
| 183 @SmallTest |
| 184 @Feature({"AndroidWebView"}) |
| 185 @CommandLineFlags.Add(AwSwitches.WEBVIEW_ENABLE_SAFEBROWSING_SUPPORT) |
| 186 public void testSafeBrowsingShowsInterstitialForMalware() throws Throwable { |
| 187 loadGreenPage(); |
| 188 int count = mWebContentsObserver.getAttachedInterstitialPageHelper().get
CallCount(); |
| 189 final String responseUrl = mTestServer.getURL(MALWARE_HTML_PATH); |
| 190 loadUrlAsync(mAwContents, responseUrl); |
| 191 mWebContentsObserver.getAttachedInterstitialPageHelper().waitForCallback
(count); |
| 192 assertTrue("Original page should not be showing", COLOR_GREEN |
| 193 != GraphicsTestUtils.getPixelColorAtCenterOfView( |
| 194 mAwContents, mContainerView)); |
| 195 assertTrue("Target page should not be visible", COLOR_BLUE |
| 196 != GraphicsTestUtils.getPixelColorAtCenterOfView( |
| 197 mAwContents, mContainerView)); |
| 198 // Assume that we are rendering the interstitial, since we see neither t
he previous page nor |
| 199 // the target page |
| 200 } |
| 201 |
| 202 @SmallTest |
| 203 @Feature({"AndroidWebView"}) |
| 204 @CommandLineFlags.Add(AwSwitches.WEBVIEW_ENABLE_SAFEBROWSING_SUPPORT) |
| 205 public void testSafeBrowsingMaliciousSubresourceShowsInterstitial() throws T
hrowable { |
| 206 loadGreenPage(); |
| 207 int count = mWebContentsObserver.getAttachedInterstitialPageHelper().get
CallCount(); |
| 208 final String responseUrl = mTestServer.getURL(IFRAME_HTML_PATH); |
| 209 loadUrlAsync(mAwContents, responseUrl); |
| 210 mWebContentsObserver.getAttachedInterstitialPageHelper().waitForCallback
(count); |
| 211 assertTrue("Original page should not be showing", COLOR_GREEN |
| 212 != GraphicsTestUtils.getPixelColorAtCenterOfView( |
| 213 mAwContents, mContainerView)); |
| 214 assertTrue("Target page should not be visible", COLOR_GRAY |
| 215 != GraphicsTestUtils.getPixelColorAtCenterOfView( |
| 216 mAwContents, mContainerView)); |
| 217 // Assume that we are rendering the interstitial, since we see neither t
he previous page nor |
| 218 // the target page |
| 219 } |
| 220 } |
OLD | NEW |