OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This test creates a fake safebrowsing service, where we can inject known- | 5 // This test creates a fake safebrowsing service, where we can inject known- |
6 // threat urls. It then uses a real browser to go to these urls, and sends | 6 // threat urls. It then uses a real browser to go to these urls, and sends |
7 // "goback" or "proceed" commands and verifies they work. | 7 // "goback" or "proceed" commands and verifies they work. |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
13 #include "base/macros.h" | 13 #include "base/macros.h" |
14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
16 #include "base/test/histogram_tester.h" | 16 #include "base/test/histogram_tester.h" |
17 #include "base/test/scoped_feature_list.h" | |
18 #include "base/values.h" | 17 #include "base/values.h" |
19 #include "build/build_config.h" | 18 #include "build/build_config.h" |
20 #include "chrome/browser/browser_process.h" | 19 #include "chrome/browser/browser_process.h" |
21 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" | 20 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" |
22 #include "chrome/browser/net/url_request_mock_util.h" | 21 #include "chrome/browser/net/url_request_mock_util.h" |
23 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
24 #include "chrome/browser/safe_browsing/local_database_manager.h" | 23 #include "chrome/browser/safe_browsing/local_database_manager.h" |
25 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 24 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
26 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" | 25 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" |
27 #include "chrome/browser/safe_browsing/threat_details.h" | 26 #include "chrome/browser/safe_browsing/threat_details.h" |
(...skipping 25 matching lines...) Expand all Loading... |
53 #include "content/public/browser/render_process_host.h" | 52 #include "content/public/browser/render_process_host.h" |
54 #include "content/public/browser/security_style_explanations.h" | 53 #include "content/public/browser/security_style_explanations.h" |
55 #include "content/public/browser/web_contents.h" | 54 #include "content/public/browser/web_contents.h" |
56 #include "content/public/test/browser_test_utils.h" | 55 #include "content/public/test/browser_test_utils.h" |
57 #include "content/public/test/test_browser_thread.h" | 56 #include "content/public/test/test_browser_thread.h" |
58 #include "content/public/test/test_utils.h" | 57 #include "content/public/test/test_utils.h" |
59 #include "net/cert/cert_verify_result.h" | 58 #include "net/cert/cert_verify_result.h" |
60 #include "net/cert/mock_cert_verifier.h" | 59 #include "net/cert/mock_cert_verifier.h" |
61 #include "net/test/embedded_test_server/embedded_test_server.h" | 60 #include "net/test/embedded_test_server/embedded_test_server.h" |
62 #include "net/test/url_request/url_request_mock_http_job.h" | 61 #include "net/test/url_request/url_request_mock_http_job.h" |
| 62 #include "testing/gmock/include/gmock/gmock-matchers.h" |
63 #include "ui/base/l10n/l10n_util.h" | 63 #include "ui/base/l10n/l10n_util.h" |
64 | 64 |
65 using chrome_browser_interstitials::SecurityInterstitialIDNTest; | 65 using chrome_browser_interstitials::SecurityInterstitialIDNTest; |
66 using content::BrowserThread; | 66 using content::BrowserThread; |
67 using content::InterstitialPage; | 67 using content::InterstitialPage; |
68 using content::NavigationController; | 68 using content::NavigationController; |
69 using content::RenderFrameHost; | 69 using content::RenderFrameHost; |
70 using content::WebContents; | 70 using content::WebContents; |
71 using security_interstitials::SafeBrowsingErrorUI; | 71 using security_interstitials::SafeBrowsingErrorUI; |
72 | 72 |
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
320 // Test UI manager and test database manager should be set before | 320 // Test UI manager and test database manager should be set before |
321 // InProcessBrowserTest::SetUp(). | 321 // InProcessBrowserTest::SetUp(). |
322 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); | 322 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); |
323 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); | 323 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); |
324 SafeBrowsingService::RegisterFactory(&factory_); | 324 SafeBrowsingService::RegisterFactory(&factory_); |
325 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); | 325 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); |
326 ThreatDetails::RegisterFactory(&details_factory_); | 326 ThreatDetails::RegisterFactory(&details_factory_); |
327 InProcessBrowserTest::SetUp(); | 327 InProcessBrowserTest::SetUp(); |
328 } | 328 } |
329 | 329 |
330 void SetUpInProcessBrowserTestFixture() override { | |
331 feature_list_.reset(new base::test::ScopedFeatureList); | |
332 feature_list_->InitAndEnableFeature(kFillDOMInThreatDetails); | |
333 } | |
334 | |
335 void TearDown() override { | 330 void TearDown() override { |
336 InProcessBrowserTest::TearDown(); | 331 InProcessBrowserTest::TearDown(); |
337 SafeBrowsingBlockingPage::RegisterFactory(NULL); | 332 SafeBrowsingBlockingPage::RegisterFactory(NULL); |
338 SafeBrowsingService::RegisterFactory(NULL); | 333 SafeBrowsingService::RegisterFactory(NULL); |
339 ThreatDetails::RegisterFactory(NULL); | 334 ThreatDetails::RegisterFactory(NULL); |
340 } | 335 } |
341 | 336 |
342 void SetUpCommandLine(base::CommandLine* command_line) override { | 337 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 338 command_line->AppendSwitchASCII( |
| 339 "enable-features", |
| 340 "FillDOMInThreatDetails,ThreatDomDetailsTagAttributes<SBDomStudy"); |
| 341 command_line->AppendSwitchASCII("force-fieldtrials", |
| 342 "SBDomStudy/SBDomGroup"); |
| 343 command_line->AppendSwitchASCII( |
| 344 "force-fieldtrial-params", |
| 345 "SBDomStudy.SBDomGroup:tag_attribute_csv/div%2Cfoo%2Cdiv%2Cbaz"); |
| 346 |
343 if (testing::get<1>(GetParam())) | 347 if (testing::get<1>(GetParam())) |
344 content::IsolateAllSitesForTesting(command_line); | 348 content::IsolateAllSitesForTesting(command_line); |
345 } | 349 } |
346 | 350 |
347 void SetUpOnMainThread() override { | 351 void SetUpOnMainThread() override { |
348 BrowserThread::PostTask( | 352 BrowserThread::PostTask( |
349 BrowserThread::IO, FROM_HERE, | 353 BrowserThread::IO, FROM_HERE, |
350 base::Bind(&chrome_browser_net::SetUrlRequestMocksEnabled, true)); | 354 base::Bind(&chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
351 } | 355 } |
352 | 356 |
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
604 break; | 608 break; |
605 } | 609 } |
606 } | 610 } |
607 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); | 611 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); |
608 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); | 612 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); |
609 } | 613 } |
610 | 614 |
611 void VerifyElement(const ClientSafeBrowsingReportRequest& report, | 615 void VerifyElement(const ClientSafeBrowsingReportRequest& report, |
612 const HTMLElement& actual_element, | 616 const HTMLElement& actual_element, |
613 const std::string& expected_url, | 617 const std::string& expected_url, |
614 const std::string& expected_tag_name) { | 618 const std::string& expected_tag_name, |
615 ASSERT_EQ(1, actual_element.attribute_size()); | 619 const int expected_child_ids_size) { |
616 EXPECT_EQ(expected_url, actual_element.attribute(0).value()); | 620 if (!expected_url.empty()) { |
| 621 ASSERT_EQ(1, actual_element.attribute_size()); |
| 622 EXPECT_EQ(expected_url, actual_element.attribute(0).value()); |
| 623 } |
617 EXPECT_EQ(expected_tag_name, actual_element.tag()); | 624 EXPECT_EQ(expected_tag_name, actual_element.tag()); |
| 625 EXPECT_EQ(expected_child_ids_size, actual_element.child_ids_size()); |
618 } | 626 } |
619 | 627 |
620 void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, | 628 void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, |
621 net::CertStatus cert_status) { | 629 net::CertStatus cert_status) { |
622 SecurityStateTabHelper* helper = | 630 SecurityStateTabHelper* helper = |
623 SecurityStateTabHelper::FromWebContents(tab); | 631 SecurityStateTabHelper::FromWebContents(tab); |
624 ASSERT_TRUE(helper); | 632 ASSERT_TRUE(helper); |
625 security_state::SecurityInfo security_info; | 633 security_state::SecurityInfo security_info; |
626 helper->GetSecurityInfo(&security_info); | 634 helper->GetSecurityInfo(&security_info); |
627 EXPECT_EQ(security_state::DANGEROUS, security_info.security_level); | 635 EXPECT_EQ(security_state::DANGEROUS, security_info.security_level); |
(...skipping 24 matching lines...) Expand all Loading... |
652 GURL SetupWarningAndNavigateToURL(GURL url) { | 660 GURL SetupWarningAndNavigateToURL(GURL url) { |
653 SetURLThreatType(url, testing::get<0>(GetParam())); | 661 SetURLThreatType(url, testing::get<0>(GetParam())); |
654 ui_test_utils::NavigateToURL(browser(), url); | 662 ui_test_utils::NavigateToURL(browser(), url); |
655 EXPECT_TRUE(WaitForReady()); | 663 EXPECT_TRUE(WaitForReady()); |
656 return url; | 664 return url; |
657 } | 665 } |
658 | 666 |
659 TestSafeBrowsingServiceFactory factory_; | 667 TestSafeBrowsingServiceFactory factory_; |
660 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; | 668 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; |
661 net::EmbeddedTestServer https_server_; | 669 net::EmbeddedTestServer https_server_; |
662 std::unique_ptr<base::test::ScopedFeatureList> feature_list_; | |
663 | 670 |
664 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); | 671 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); |
665 }; | 672 }; |
666 | 673 |
667 // TODO(linux_aura) https://crbug.com/163931 | 674 // TODO(linux_aura) https://crbug.com/163931 |
668 // TODO(win_aura) https://crbug.com/154081 | 675 // TODO(win_aura) https://crbug.com/154081 |
669 #if defined(USE_AURA) && !defined(OS_CHROMEOS) | 676 #if defined(USE_AURA) && !defined(OS_CHROMEOS) |
670 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled | 677 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled |
671 #else | 678 #else |
672 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled | 679 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
797 report, resources[0], | 804 report, resources[0], |
798 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), | 805 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), |
799 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), | 806 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), |
800 1, ""); | 807 1, ""); |
801 VerifyResource( | 808 VerifyResource( |
802 report, resources[1], | 809 report, resources[1], |
803 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), | 810 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), |
804 url.spec(), // kCrossSiteMaliciousPage | 811 url.spec(), // kCrossSiteMaliciousPage |
805 0, "IFRAME"); | 812 0, "IFRAME"); |
806 | 813 |
807 ASSERT_EQ(1, report.dom_size()); | 814 ASSERT_EQ(2, report.dom_size()); |
808 VerifyElement( | 815 // Because the order of elements is not deterministic, we basically need to |
809 report, report.dom(0), | 816 // verify the relationship. Namely that there is an IFRAME element and that |
810 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), | 817 // its has a DIV as its parent. |
811 "IFRAME"); | 818 int iframe_node_id = -1; |
| 819 for (const HTMLElement& elem : report.dom()) { |
| 820 if (elem.tag() == "IFRAME") { |
| 821 iframe_node_id = elem.id(); |
| 822 VerifyElement( |
| 823 report, elem, |
| 824 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), |
| 825 "IFRAME", /*child_size=*/0); |
| 826 break; |
| 827 } |
| 828 } |
| 829 EXPECT_GT(iframe_node_id, -1); |
| 830 |
| 831 // Find the parent DIV that is the parent of the iframe. |
| 832 // TODO(lpz): Test the identify of the DIV once we start collecting its |
| 833 // attributes. |
| 834 for (const HTMLElement& elem : report.dom()) { |
| 835 if (elem.id() != iframe_node_id) { |
| 836 // Not the IIFRAME, so this is the parent DIV |
| 837 VerifyElement(report, elem, /*url=*/"", "DIV", /*child_size=*/1); |
| 838 // Make sure this DIV has the IFRAME as a child. |
| 839 EXPECT_EQ(iframe_node_id, elem.child_ids(0)); |
| 840 } |
| 841 } |
812 } | 842 } |
813 } | 843 } |
814 | 844 |
815 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 845 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
816 MainFrameBlockedShouldHaveNoDOMDetailsWhenDontProceed) { | 846 MainFrameBlockedShouldHaveNoDOMDetailsWhenDontProceed) { |
817 const bool expect_threat_details = | 847 const bool expect_threat_details = |
818 SafeBrowsingBlockingPage::ShouldReportThreatDetails( | 848 SafeBrowsingBlockingPage::ShouldReportThreatDetails( |
819 testing::get<0>(GetParam())); | 849 testing::get<0>(GetParam())); |
820 | 850 |
821 scoped_refptr<content::MessageLoopRunner> threat_report_sent_runner( | 851 scoped_refptr<content::MessageLoopRunner> threat_report_sent_runner( |
(...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1401 | 1431 |
1402 INSTANTIATE_TEST_CASE_P( | 1432 INSTANTIATE_TEST_CASE_P( |
1403 SafeBrowsingBlockingPageIDNTestWithThreatType, | 1433 SafeBrowsingBlockingPageIDNTestWithThreatType, |
1404 SafeBrowsingBlockingPageIDNTest, | 1434 SafeBrowsingBlockingPageIDNTest, |
1405 testing::Combine(testing::Values(false, true), | 1435 testing::Combine(testing::Values(false, true), |
1406 testing::Values(SB_THREAT_TYPE_URL_MALWARE, | 1436 testing::Values(SB_THREAT_TYPE_URL_MALWARE, |
1407 SB_THREAT_TYPE_URL_PHISHING, | 1437 SB_THREAT_TYPE_URL_PHISHING, |
1408 SB_THREAT_TYPE_URL_UNWANTED))); | 1438 SB_THREAT_TYPE_URL_UNWANTED))); |
1409 | 1439 |
1410 } // namespace safe_browsing | 1440 } // namespace safe_browsing |
OLD | NEW |