Add javatests for the WebView SafeBrowsing feature

android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.android_webview.test;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.graphics.Bitmap;
+import android.graphics.Color;
+import android.support.test.filters.LargeTest;
+
+import org.chromium.android_webview.AwBrowserContext;
+import org.chromium.android_webview.AwContents;
+import org.chromium.android_webview.test.util.GraphicsTestUtils;
+import org.chromium.base.test.util.Feature;
+import org.chromium.base.test.util.InMemorySharedPreferences;
+import org.chromium.components.safe_browsing.SafeBrowsingApiBridge;
+import org.chromium.components.safe_browsing.SafeBrowsingApiHandler;
+import org.chromium.net.test.EmbeddedTestServer;
+
+import java.util.concurrent.Callable;
+
+/**
+ * Test suite for SafeBrowsing.
+ *
+ * Ensures that interstitials can be successfully created for malicous pages.
+ */
+public class SafeBrowsingTest extends AwTestBase {
+    private TestAwContentsClient mContentsClient;
+    private AwTestContainerView mContainerView;
+    private AwContents mAwContents;
+
+    private EmbeddedTestServer mTestServer;
+
+    // These colors correspond to the body.background attribute in GREEN_HTML_PATH, SAFE_HTML_PATH,
+    // MALWARE_HTML_PATH, and IFRAME_HTML_PATH. They should only be changed if those values are
+    // changed as well
+    private static final int COLOR_GREEN = Color.rgb(0, 255, 0);
+    private static final int COLOR_BLUE = Color.rgb(0, 0, 255);
+    private static final int COLOR_BLACK = Color.rgb(0, 0, 0);
+
+    private static final String RESOURCE_PATH = "/android_webview/test/data";
+
+    // A blank green page
+    private static final String GREEN_HTML_PATH = RESOURCE_PATH + "/green.html";
+
+    // Two blank blue pages, one which we treat as a malicious page
+    private static final String SAFE_HTML_PATH = RESOURCE_PATH + "/safe.html";
+    private static final String MALWARE_HTML_PATH = RESOURCE_PATH + "/malware.html";
+
+    // A black page with an iframe to MALWARE_HTML_PATH
+    private static final String IFRAME_HTML_PATH = RESOURCE_PATH + "/iframe.html";
+
+    /**
+     * A fake SafeBrowsingApiHandler which treats URLs ending in MALWARE_HTML_PATH as malicious URLs
+     * that should be blocked.
+     */
+    public static class MockSafeBrowsingApiHandler implements SafeBrowsingApiHandler {
+        private Observer mObserver;
+        private static final String SAFE_METADATA = "{}";
+        private static final String MALWARE_METADATA = "{\"matches\":[{\"threat_type\":\"5\"}]}";
+
+        @Override
+        public boolean init(Context context, Observer result) {
+            mObserver = result;
+            return true;
+        }
+
+        @Override
+        public void startUriLookup(long callbackId, String uri, int[] threatsOfInterest) {
+            int resultStatus = STATUS_SUCCESS;
+            String metadata = isMaliciousUrl(uri) ? MALWARE_METADATA : SAFE_METADATA;
+
+            mObserver.onUrlCheckDone(callbackId, resultStatus, metadata);
+        }
+
+        private static boolean isMaliciousUrl(String uri) {
+            return uri.endsWith(MALWARE_HTML_PATH);
+        }
+    }
+
+    /**
+     * A fake AwBrowserContext which loads the MockSafeBrowsingApiHandler instead of the real one.
+     */
+    private static class MockAwBrowserContext extends AwBrowserContext {
+        public MockAwBrowserContext(
+                SharedPreferences sharedPreferences, Context applicationContext) {
+            super(sharedPreferences, applicationContext);
+            SafeBrowsingApiBridge.setSafeBrowsingHandlerType(MockSafeBrowsingApiHandler.class);
+        }
+    }
+
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        mContentsClient = new TestAwContentsClient();
+        mContainerView = createAwTestContainerViewOnMainSync(mContentsClient);
+        mAwContents = mContainerView.getAwContents();
+
+        mTestServer = EmbeddedTestServer.createAndStartServer(getInstrumentation().getContext());
+    }
+
+    @Override
+    public void tearDown() throws Exception {
+        mTestServer.stopAndDestroyServer();
+        super.tearDown();
+    }
+
+    /**
+     * Creates a special BrowserContext that has a safebrowsing api handler which always says
+     * sites are malicious
+     */
+    @Override
+    protected AwBrowserContext createAwBrowserContextOnUiThread(
+            InMemorySharedPreferences prefs, Context appContext) {
+        return new MockAwBrowserContext(prefs, appContext);
+    }
+
+    private int getPageColor() {
+        Bitmap bitmap = GraphicsTestUtils.drawAwContentsOnUiThread(
+                mAwContents, mContainerView.getWidth(), mContainerView.getHeight());
+        return bitmap.getPixel(0, 0);
+    }
+
+    private void loadGreenPage() throws Exception {
+        loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
+                mTestServer.getURL(GREEN_HTML_PATH));
+    }
+
+    private void waitForPageToNotBeColor(final int col) throws Exception {
+        pollUiThread(new Callable<Boolean>() {
+            @Override
+            public Boolean call() {
+                return getPageColor() != col;
+            }
+        });
+    }
+
+    @LargeTest
+    @Feature({"AndroidWebView"})
+    public void testSafeBrowsingDoesNotBlockSafePages() throws Throwable {
+        loadGreenPage();
+        final String responseUrl = mTestServer.getURL(SAFE_HTML_PATH);
+        loadUrlAsync(mAwContents, responseUrl);
+        waitForPixelColorAtCenterOfView(mAwContents, mContainerView, COLOR_BLUE);
+        assertEquals("Target page should be visible", COLOR_BLUE, getPageColor());
+    }
+
+    @LargeTest
+    @Feature({"AndroidWebView"})
+    public void testSafeBrowsingShowsInterstitialForMalware() throws Throwable {
+        loadGreenPage();
+        final String responseUrl = mTestServer.getURL(MALWARE_HTML_PATH);
+        loadUrlAsync(mAwContents, responseUrl);
+        waitForPageToNotBeColor(COLOR_GREEN);
+        assertFalse("Original page should not be showing", COLOR_GREEN == getPageColor());
+        assertFalse("Target page should not be visible", COLOR_BLUE == getPageColor());
+        // Assume that we can render the interstitial, since we see neither the original page nor
+        // the target page
+    }
+
+    @LargeTest
+    @Feature({"AndroidWebView"})
+    public void testSafeBrowsingMaliciousSubresourceShowsInterstitial() throws Throwable {
+        loadGreenPage();
+        final String responseUrl = mTestServer.getURL(IFRAME_HTML_PATH);
+        loadUrlAsync(mAwContents, responseUrl);
+        waitForPageToNotBeColor(COLOR_GREEN);
+        waitForPageToNotBeColor(COLOR_BLACK);

[Nate Fischer, 2017/02/15 22:53:20]

It's necessary to wait for both colors to disappear, since for subresources we
typically load the main frame successfully and then create an interstitial after
realizing the subresource is malicious. If we only
waitForPageToNotBeColor(COLOR_GREEN) then we'll still be seeing the target page,
not the interstitial.

[Nate Fischer, 2017/02/15 23:35:21]

Ignore this comment. It's from a previous patchset.

+        assertFalse("Original page should not be showing", COLOR_GREEN == getPageColor());
+        assertFalse("Target page should not be visible", COLOR_BLACK == getPageColor());
+        assertFalse("The iframe should not be visible", COLOR_BLUE == getPageColor());
+        // Assume that we can render the interstitial, since we see neither the original page nor
+        // the target page
+    }
+}