OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 package org.chromium.android_webview.test; | |
6 | |
7 import android.content.Context; | |
8 import android.content.SharedPreferences; | |
9 import android.graphics.Bitmap; | |
10 import android.graphics.Color; | |
11 import android.support.test.filters.LargeTest; | |
12 | |
13 import org.chromium.android_webview.AwBrowserContext; | |
14 import org.chromium.android_webview.AwContents; | |
15 import org.chromium.android_webview.test.util.GraphicsTestUtils; | |
16 import org.chromium.base.test.util.Feature; | |
17 import org.chromium.base.test.util.InMemorySharedPreferences; | |
18 import org.chromium.components.safe_browsing.SafeBrowsingApiBridge; | |
19 import org.chromium.components.safe_browsing.SafeBrowsingApiHandler; | |
20 import org.chromium.net.test.EmbeddedTestServer; | |
21 | |
22 import java.util.concurrent.Callable; | |
23 | |
24 /** | |
25 * Test suite for SafeBrowsing. | |
26 * | |
27 * Ensures that interstitials can be successfully created for malicous pages. | |
28 */ | |
29 public class SafeBrowsingTest extends AwTestBase { | |
30 private TestAwContentsClient mContentsClient; | |
31 private AwTestContainerView mContainerView; | |
32 private AwContents mAwContents; | |
33 | |
34 private EmbeddedTestServer mTestServer; | |
35 | |
36 // These colors correspond to the body.background attribute in GREEN_HTML_PA TH, SAFE_HTML_PATH, | |
37 // MALWARE_HTML_PATH, and IFRAME_HTML_PATH. They should only be changed if t hose values are | |
38 // changed as well | |
39 private static final int COLOR_GREEN = Color.rgb(0, 255, 0); | |
40 private static final int COLOR_BLUE = Color.rgb(0, 0, 255); | |
41 private static final int COLOR_BLACK = Color.rgb(0, 0, 0); | |
42 | |
43 private static final String RESOURCE_PATH = "/android_webview/test/data"; | |
44 | |
45 // A blank green page | |
46 private static final String GREEN_HTML_PATH = RESOURCE_PATH + "/green.html"; | |
47 | |
48 // Two blank blue pages, one which we treat as a malicious page | |
49 private static final String SAFE_HTML_PATH = RESOURCE_PATH + "/safe.html"; | |
50 private static final String MALWARE_HTML_PATH = RESOURCE_PATH + "/malware.ht ml"; | |
51 | |
52 // A black page with an iframe to MALWARE_HTML_PATH | |
53 private static final String IFRAME_HTML_PATH = RESOURCE_PATH + "/iframe.html "; | |
54 | |
55 /** | |
56 * A fake SafeBrowsingApiHandler which treats URLs ending in MALWARE_HTML_PA TH as malicious URLs | |
57 * that should be blocked. | |
58 */ | |
59 public static class MockSafeBrowsingApiHandler implements SafeBrowsingApiHan dler { | |
60 private Observer mObserver; | |
61 private static final String SAFE_METADATA = "{}"; | |
62 private static final String MALWARE_METADATA = "{\"matches\":[{\"threat_ type\":\"5\"}]}"; | |
63 | |
64 @Override | |
65 public boolean init(Context context, Observer result) { | |
66 mObserver = result; | |
67 return true; | |
68 } | |
69 | |
70 @Override | |
71 public void startUriLookup(long callbackId, String uri, int[] threatsOfI nterest) { | |
72 int resultStatus = STATUS_SUCCESS; | |
73 String metadata = isMaliciousUrl(uri) ? MALWARE_METADATA : SAFE_META DATA; | |
74 | |
75 mObserver.onUrlCheckDone(callbackId, resultStatus, metadata); | |
76 } | |
77 | |
78 private static boolean isMaliciousUrl(String uri) { | |
79 return uri.endsWith(MALWARE_HTML_PATH); | |
80 } | |
81 } | |
82 | |
83 /** | |
84 * A fake AwBrowserContext which loads the MockSafeBrowsingApiHandler instea d of the real one. | |
85 */ | |
86 private static class MockAwBrowserContext extends AwBrowserContext { | |
87 public MockAwBrowserContext( | |
88 SharedPreferences sharedPreferences, Context applicationContext) { | |
89 super(sharedPreferences, applicationContext); | |
90 SafeBrowsingApiBridge.setSafeBrowsingHandlerType(MockSafeBrowsingApi Handler.class); | |
91 } | |
92 } | |
93 | |
94 @Override | |
95 public void setUp() throws Exception { | |
96 super.setUp(); | |
97 mContentsClient = new TestAwContentsClient(); | |
98 mContainerView = createAwTestContainerViewOnMainSync(mContentsClient); | |
99 mAwContents = mContainerView.getAwContents(); | |
100 | |
101 mTestServer = EmbeddedTestServer.createAndStartServer(getInstrumentation ().getContext()); | |
102 } | |
103 | |
104 @Override | |
105 public void tearDown() throws Exception { | |
106 mTestServer.stopAndDestroyServer(); | |
107 super.tearDown(); | |
108 } | |
109 | |
110 /** | |
111 * Creates a special BrowserContext that has a safebrowsing api handler whic h always says | |
112 * sites are malicious | |
113 */ | |
114 @Override | |
115 protected AwBrowserContext createAwBrowserContextOnUiThread( | |
116 InMemorySharedPreferences prefs, Context appContext) { | |
117 return new MockAwBrowserContext(prefs, appContext); | |
118 } | |
119 | |
120 private int getPageColor() { | |
121 Bitmap bitmap = GraphicsTestUtils.drawAwContentsOnUiThread( | |
122 mAwContents, mContainerView.getWidth(), mContainerView.getHeight ()); | |
123 return bitmap.getPixel(0, 0); | |
124 } | |
125 | |
126 private void loadGreenPage() throws Exception { | |
127 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), | |
128 mTestServer.getURL(GREEN_HTML_PATH)); | |
129 } | |
130 | |
131 private void waitForPageToNotBeColor(final int col) throws Exception { | |
132 pollUiThread(new Callable<Boolean>() { | |
133 @Override | |
134 public Boolean call() { | |
135 return getPageColor() != col; | |
136 } | |
137 }); | |
138 } | |
139 | |
140 @LargeTest | |
141 @Feature({"AndroidWebView"}) | |
142 public void testSafeBrowsingDoesNotBlockSafePages() throws Throwable { | |
143 loadGreenPage(); | |
144 final String responseUrl = mTestServer.getURL(SAFE_HTML_PATH); | |
145 loadUrlAsync(mAwContents, responseUrl); | |
146 waitForPixelColorAtCenterOfView(mAwContents, mContainerView, COLOR_BLUE) ; | |
147 assertEquals("Target page should be visible", COLOR_BLUE, getPageColor() ); | |
148 } | |
149 | |
150 @LargeTest | |
151 @Feature({"AndroidWebView"}) | |
152 public void testSafeBrowsingShowsInterstitialForMalware() throws Throwable { | |
153 loadGreenPage(); | |
154 final String responseUrl = mTestServer.getURL(MALWARE_HTML_PATH); | |
155 loadUrlAsync(mAwContents, responseUrl); | |
156 waitForPageToNotBeColor(COLOR_GREEN); | |
157 assertFalse("Original page should not be showing", COLOR_GREEN == getPag eColor()); | |
158 assertFalse("Target page should not be visible", COLOR_BLUE == getPageCo lor()); | |
159 // Assume that we can render the interstitial, since we see neither the original page nor | |
160 // the target page | |
161 } | |
162 | |
163 @LargeTest | |
164 @Feature({"AndroidWebView"}) | |
165 public void testSafeBrowsingMaliciousSubresourceShowsInterstitial() throws T hrowable { | |
166 loadGreenPage(); | |
167 final String responseUrl = mTestServer.getURL(IFRAME_HTML_PATH); | |
168 loadUrlAsync(mAwContents, responseUrl); | |
169 waitForPageToNotBeColor(COLOR_GREEN); | |
170 waitForPageToNotBeColor(COLOR_BLACK); | |
Nate Fischer
2017/02/15 22:53:20
It's necessary to wait for both colors to disappea
Nate Fischer
2017/02/15 23:35:21
Ignore this comment. It's from a previous patchset
| |
171 assertFalse("Original page should not be showing", COLOR_GREEN == getPag eColor()); | |
172 assertFalse("Target page should not be visible", COLOR_BLACK == getPageC olor()); | |
173 assertFalse("The iframe should not be visible", COLOR_BLUE == getPageCol or()); | |
174 // Assume that we can render the interstitial, since we see neither the original page nor | |
175 // the target page | |
176 } | |
177 } | |
OLD | NEW |