Update ActivityLog detection to use previous values, hrefs.

chrome/test/data/extensions/activity_log/ad_injection/content_script.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file contains the tests for detecting extension's ad injection in
 // Chrome. This contains many different, independent tests, but it is all run
 // as a "single" browser test. The reason for this is that we want to do many
 // short tests for ad injection, and the set-up/tear-down time for a browsertest
 // implementation of each would be prohibitive.
 // See also chrome/browser/extensions/activity_log/ad_injection_browsertest.cc
@@ skipping 15 matching lines @@
 // ----------------------------------------------------------
 
 // This html block is just designed to be a massive playground for ad injectors,
 // where they can let loose and have fun.
 // We use this to populate our page at the start of every test.
 var kBodyHtml =
     '<iframe id="ad-iframe" src="http://www.known-ads.adnetwork"></iframe>' +
     '<iframe id="non-ad-iframe" src="http://www.not-ads.adnetwork"></iframe>' +
     '<embed id="ad-embed" src="http://www.known-ads.adnetwork"><embed>' +
     '<embed id="non-ad-embed" src="http://www.not-ads.adnetwork"><embed>' +
-    '<a id="ad-link" href="http://www.known-ads.adnetwork"></a>' +
-    '<a id="non-ad-link" href="http://www.not-ads.adnetwork"></a>' +
+    '<a id="ad-anchor" href="http://www.known-ads.adnetwork"></a>' +
+    '<a id="non-ad-anchor" href="http://www.not-ads.adnetwork"></a>' +
     '<div id="empty-div"></div>';
 
-
-
 /**
  * The AdInjectorTest infrastructure. Basically, this allows the test to follow
  * a simple iteration cycle:
  * - Signal the C++ test that we're going to do page setup, and we shouldn't
  *   record any ad-injector events (as some of the page setup could qualify).
  * - Do the page setup, which involves creating a 'playground' for ad injectors
  *   of iframes, embeds, etc. See also ad_injectors.html. We do this set up for
  *   each test, so that none of the tests conflicts with each other.
  * - Signal that we are done with page setup, and should start recording events.
  * - Run the next test.
@@ skipping 77 matching lines @@
       this.runNextFunction();
     }.bind(this));
   }
 };
 
 // Return values to signal the result of a test. Each test should return the
 // appropriate value in order to indicate if an ad was injected, and, if so,
 // what kind of injection.
 // These match the enum values in
 // chrome/browser/extensions/activity_log/activity_actions.h.
-var NO_AD_INJECTION = 0;        // The signal that there was no ad injection.
-var INJECTION_NEW_AD = 1;       // The signal that there was a new ad injected.
-var INJECTION_REMOVED_AD = 2;   // The signal that an ad was removed.
-var INJECTION_REPLACED_AD = 3;  // The signal that an ad was replaced.
+// The signal that there was no ad injection.
+var NO_AD_INJECTION = 0;
+// The signal that there was a new ad injected.
+var INJECTION_NEW_AD = 1;
+// The signal that an ad was removed.
+var INJECTION_REMOVED_AD = 2;
+// The signal that an ad was replaced.
+var INJECTION_REPLACED_AD = 3;
+// The signal that an ad was likely injected, but we didn't detect it fully.
+var INJECTION_LIKELY_NEW_AD = 4;
+// The signal that an ad was likely replaced, but we didn't detect it fully.
+var INJECTION_LIKELY_REPLACED_AD = 5;
 
 /* The "ad network" url to use for tests. */
 var kAdNetwork = 'http://www.known-ads.adnetwork';
+var kAdNetwork2 = 'http://www.also-known-ads.adnetwork';
 
 /* The "non ad network" url to use for tests. */
-var kNonAdNetwork = 'http://www.not-ads.adnetwork';
+var kMaybeAdNetwork = 'http://www.maybe-ads.adnetwork';
 
 /* @return {?HTMLElement} The element with the given id. */
 var $ = function(id) { return document.getElementById(id); }
 
 // The following is a collection of functions to "get" an HTML ad. We need to do
 // this for internal counting in testing, because if we simply do:
 //   var iframe = document.createElement('iframe');
 //   iframe.src = kAdNetwork;
 //   document.body.appendChild(iframe);
 // We end up double counting ad injections. We count one for modifying the src
@@ skipping 19 matching lines @@
 var kEmbedAdTemplate = document.createElement('embed');
 kEmbedAdTemplate.src = kAdNetwork;
 
 /**
  * @return An embed element which will count as ad injection in the tests.
  */
 var getEmbedAd = function() {
   return kEmbedAdTemplate.cloneNode(true);
 };
 
-// Creates a link ad, like so:
+// Creates an anchor ad, like so:
 // <a href="http://www.known-ads.adnetwork"></a>
-var kLinkAdTemplate = document.createElement('a');
-kLinkAdTemplate.href = kAdNetwork;
+var kAnchorAdTemplate = document.createElement('a');
+kAnchorAdTemplate.href = kAdNetwork;
 
 /**
- * @return A link ('a') element which will count as ad injection in the tests.
+ * @return An anchor ('a') element which will count as ad injection in the
+ *     tests.
  */
-var getLinkAd = function() {
-  return kLinkAdTemplate.cloneNode(true);
+var getAnchorAd = function() {
+  return kAnchorAdTemplate.cloneNode(true);
 };
 
 // This series constructs a nested ad, which looks like this:
 // <div>
 //   <div>
 //     <span></span>
 //     <iframe src="http://www.known-ads.adnetwork"></iframe>
 //   </div>
 // </div>
 var div = document.createElement('div');
@@ skipping 13 matching lines @@
 /*
  * The collection of functions to use for testing.
  * In order to add a new test, simply append it to the collection of functions.
  * All functions will be run in the test, and each will report its success or
  * failure independently of the others.
  * All test functions must be synchronous.
  * @type {Array.<Function>}
  */
 var functions = [];
 
+// Add a bunch of elements, but nothing that looks like ad injection (no
+// elements with an external source, no modifying existing sources).
+functions.push(function NoAdInjection() {
+  var div = document.createElement('div');
+  var iframe = document.createElement('iframe');
+  var embed = document.createElement('embed');
+  var anchor = document.createElement('anchor');
+  var span = document.createElement('span');
+  span.textContent = 'Hello, world';
+  div.appendChild(iframe);
+  div.appendChild(embed);
+  div.appendChild(anchor);
+  div.appendChild(span);
+  document.body.appendChild(div);
+  return NO_AD_INJECTION;
+});
+
 // Add a new iframe with an AdNetwork source by creating the element and
 // appending it.
 functions.push(function NewIframeAdNetwork() {
   document.body.appendChild(getIframeAd());
   return INJECTION_NEW_AD;
 });
 
 // Add a new iframe which does not serve ads. We should not record anything.
-functions.push(function NewIframeNonAdNetwork() {
+functions.push(function NewIframeLikelyAdNetwork() {
   var frame = document.createElement('iframe');
-  frame.src = kNonAdNetwork;
-  document.body.appendChild(frame);
-  return NO_AD_INJECTION;
+  document.body.appendChild(frame).src = kMaybeAdNetwork;
+  return INJECTION_LIKELY_NEW_AD;
 });
 
 // Modify an iframe which is currently in the DOM, switching the src to an
 // ad network.
 functions.push(function ModifyExistingIframeToAdNetwork() {
-  var frame = $('ad-iframe');
+  var frame = $('non-ad-iframe');
   frame.src = kAdNetwork;
   return INJECTION_NEW_AD;
 });
 
 // Add a new embed element which serves ads.
 functions.push(function NewEmbedAdNetwork() {
   document.body.appendChild(getEmbedAd());
   return INJECTION_NEW_AD;
 });
 
 // Add a new embed element which does not serve ads. We should not record
 // anything.
-functions.push(function NewEmbedNonAdNetwork() {
+functions.push(function NewEmbedLikelyAdNetwork() {
   var embed = document.createElement('embed');
-  embed.src = kNonAdNetwork;
-  document.body.appendChild(embed);
-  return NO_AD_INJECTION;
+  document.body.appendChild(embed).src = kMaybeAdNetwork;
+  return INJECTION_LIKELY_NEW_AD;
 });
 
 // Modify an embed which is currently in the DOM, switching the src to an
 // ad network.
 functions.push(function ModifyExistingEmbedToAdNetwork() {
-  var embed = $('ad-embed');
+  var embed = $('non-ad-embed');
   embed.src = kAdNetwork;
   return INJECTION_NEW_AD;
 });
 
-// Add a new link element which serves ads.
-functions.push(function NewLinkAd() {
-  document.body.appendChild(getLinkAd());
+// Add a new anchor element which serves ads.
+functions.push(function NewAnchorAd() {
+  document.body.appendChild(getAnchorAd());
   return INJECTION_NEW_AD;
 });
 
+functions.push(function NewAnchorLikelyAd() {
+  var anchor = document.createElement('a');
+  document.body.appendChild(anchor).href = kMaybeAdNetwork;
+  return INJECTION_LIKELY_NEW_AD;
+});
+
+functions.push(function ModifyExistingAnchorToAdNetwork() {
+  var anchor = $('non-ad-anchor');
+  anchor.href = kAdNetwork;
+  return INJECTION_NEW_AD;
+});
+
 // Add a new element which has a nested ad, to ensure we do a deep check of
 // elements appended to the dom.
 functions.push(function NewNestedAd() {
   document.body.appendChild(getNestedAd());
   return INJECTION_NEW_AD;
 });
 
+// Switch an existing embed ad to a new ad network.
+functions.push(function ReplaceEmbedAd() {
+  $('ad-embed').src = kAdNetwork2;
+  return INJECTION_REPLACED_AD;
+});
+
+// Switch an existing iframe ad to a new ad network.
+functions.push(function ReplaceIframeAd() {
+  $('ad-iframe').src = kAdNetwork2;
+  return INJECTION_REPLACED_AD;
+});
+
+// Switch an existing anchor ad to a new ad network.
+functions.push(function ReplaceAnchorAd() {
+  $('ad-anchor').href = kAdNetwork2;
+  return INJECTION_REPLACED_AD;
+});
+
+// Remove an existing embed ad by setting it's src to a non-ad network.
+functions.push(function RemoveAdBySettingSrc() {
+  $('ad-embed').src = kMaybeAdNetwork;
+  return INJECTION_REMOVED_AD;
+});
+
+// Ensure that we flag actions that look a lot like ad injection, even if we're
+// not sure.
+functions.push(function LikelyReplacedAd() {
+  // Switching from one valid url src to another valid url src is very
+  // suspicious behavior, and should be relatively rare. This helps us determine
+  // the effectiveness of our ad network recognition.
+  $('non-ad-embed').src = 'http://www.thismightbeanadnetwork.ads';
+  return INJECTION_LIKELY_REPLACED_AD;
+});
+
 // Verify that we do not enter the javascript world when we check for ad
 // injection.
 functions.push(function VerifyNoAccess() {
   var frame = document.createElement('iframe');
   frame.__defineGetter__('src', function() {
     throw new Error('Forbidden access into javascript execution!');
     return kAdNetwork;
   });
   return NO_AD_INJECTION;
 });
 
 // TODO(rdevlin.cronin): We are not covering every case yet. Fix this.
 // See crbug.com/357204.
 
 // Kick off the tests.
 var test = new AdInjectorTest(functions);
 test.runNextFunction();