Chromium Code Reviews Chromium Code Reviews
Issue 2713233002:
Update ThreatDOMDetails to be able to collect non-resource HTML Elements based on their attributes. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/safe_browsing/threat_dom_details.h" | 5 #include "chrome/renderer/safe_browsing/threat_dom_details.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/strings/string_split.h" | |
| 9 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| 11 #include "base/test/scoped_feature_list.h" | |
| 10 #include "chrome/test/base/chrome_render_view_test.h" | 12 #include "chrome/test/base/chrome_render_view_test.h" |
| 11 #include "components/safe_browsing/common/safebrowsing_messages.h" | 13 #include "components/safe_browsing/common/safebrowsing_messages.h" |
| 14 #include "components/variations/variations_associated_data.h" | |
| 12 #include "content/public/renderer/render_view.h" | 15 #include "content/public/renderer/render_view.h" |
| 13 #include "net/base/escape.h" | 16 #include "net/base/escape.h" |
| 17 #include "testing/gmock/include/gmock/gmock.h" | |
| 14 #include "third_party/WebKit/public/web/WebRuntimeFeatures.h" | 18 #include "third_party/WebKit/public/web/WebRuntimeFeatures.h" |
| 15 #include "ui/native_theme/native_theme_switches.h" | 19 #include "ui/native_theme/native_theme_switches.h" |
| 16 | 20 |
| 21 namespace { | |
| 22 | |
| 23 std::unique_ptr<base::test::ScopedFeatureList> SetupTagAndAttributeFeature() { | |
| 24 std::map<std::string, std::string> feature_params; | |
| 25 feature_params[std::string(safe_browsing::kTagAndAttributeParamName)] = | |
| 26 "div,foo,div,baz"; | |
| 27 variations::AssociateVariationParams( | |
| 28 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, "Group", | |
| 29 feature_params); | |
| 30 base::FieldTrial* trial = base::FieldTrialList::CreateFieldTrial( | |
| 31 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, "Group"); | |
| 32 std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList); | |
| 33 feature_list->InitializeFromCommandLine( | |
| 34 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, | |
| 35 std::string()); | |
| 36 feature_list->AssociateReportingFieldTrial( | |
| 37 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, | |
| 38 base::FeatureList::OVERRIDE_ENABLE_FEATURE, trial); | |
| 39 std::unique_ptr<base::test::ScopedFeatureList> scoped_list( | |
| 40 new base::test::ScopedFeatureList); | |
| 41 scoped_list->InitWithFeatureList(std::move(feature_list)); | |
| 42 return scoped_list; | |
| 43 } | |
|
Jialiu Lin
2017/02/25 00:46:18
empty line before "} // namespace"
lpz
2017/02/27 15:46:43
Done.
| |
| 44 } // namespace | |
| 45 | |
| 17 typedef ChromeRenderViewTest ThreatDOMDetailsTest; | 46 typedef ChromeRenderViewTest ThreatDOMDetailsTest; |
|
Jialiu Lin
2017/02/25 00:46:18
Since you're using "using" in other places, maybe
lpz
2017/02/27 15:46:43
Done.
| |
| 18 | 47 |
| 48 using testing::ElementsAre; | |
| 49 | |
| 19 TEST_F(ThreatDOMDetailsTest, Everything) { | 50 TEST_F(ThreatDOMDetailsTest, Everything) { |
| 20 blink::WebRuntimeFeatures::enableOverlayScrollbars( | 51 blink::WebRuntimeFeatures::enableOverlayScrollbars( |
| 21 ui::IsOverlayScrollbarEnabled()); | 52 ui::IsOverlayScrollbarEnabled()); |
| 22 std::unique_ptr<safe_browsing::ThreatDOMDetails> details( | 53 std::unique_ptr<safe_browsing::ThreatDOMDetails> details( |
| 23 safe_browsing::ThreatDOMDetails::Create(view_->GetMainRenderFrame())); | 54 safe_browsing::ThreatDOMDetails::Create(view_->GetMainRenderFrame())); |
| 24 // Lower kMaxNodes for the test. Loading 500 subframes in a | 55 // Lower kMaxNodes for the test. Loading 500 subframes in a |
| 25 // debug build takes a while. | 56 // debug build takes a while. |
| 26 details->kMaxNodes = 50; | 57 details->kMaxNodes = 50; |
| 27 | 58 |
| 28 const char urlprefix[] = "data:text/html;charset=utf-8,"; | 59 const char urlprefix[] = "data:text/html;charset=utf-8,"; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 71 EXPECT_TRUE(param.child_node_ids.empty()); | 102 EXPECT_TRUE(param.child_node_ids.empty()); |
| 72 | 103 |
| 73 param = params[2]; | 104 param = params[2]; |
| 74 EXPECT_EQ(url, param.url); | 105 EXPECT_EQ(url, param.url); |
| 75 EXPECT_EQ(0, param.node_id); | 106 EXPECT_EQ(0, param.node_id); |
| 76 EXPECT_EQ(0, param.parent_node_id); | 107 EXPECT_EQ(0, param.parent_node_id); |
| 77 EXPECT_TRUE(param.child_node_ids.empty()); | 108 EXPECT_TRUE(param.child_node_ids.empty()); |
| 78 } | 109 } |
| 79 | 110 |
| 80 { | 111 { |
| 81 // A page with an iframe which in turn contains an iframe. | 112 // A page with some divs containing an iframe which itself contains an |
| 113 // iframe. | |
| 82 // html | 114 // html |
| 83 // \ iframe1 | 115 // \ div foo |
| 84 // \ iframe2 | 116 // \ div bar |
| 117 // \ div baz, iframe1 | |
| 118 // \ iframe2 | |
| 85 // Since ThreatDOMDetails is a RenderFrameObserver, it will only | 119 // Since ThreatDOMDetails is a RenderFrameObserver, it will only |
| 86 // extract resources from the frame it assigned to (in this case, | 120 // extract resources from the frame it assigned to (in this case, |
| 87 // the main frame). Extracting resources from all frames within a | 121 // the main frame). Extracting resources from all frames within a |
| 88 // page is covered in SafeBrowsingBlockingPageBrowserTest. | 122 // page is covered in SafeBrowsingBlockingPageBrowserTest. |
| 89 // In this example, ExtractResources() will still touch iframe1 | 123 // In this example, ExtractResources() will still touch iframe1 |
| 90 // since it is the direct child of the main frame, but it would not | 124 // since it is the direct child of the main frame, but it would not |
| 91 // go inside of iframe1. | 125 // go inside of iframe1. |
| 126 // We configure the test to collect divs with attribute foo and baz, but not | |
| 127 // divs with attribute bar. So div foo will be collected and contain iframe1 | |
| 128 // and div baz as children. | |
| 92 std::string iframe2_html = "<html><body>iframe2</body></html>"; | 129 std::string iframe2_html = "<html><body>iframe2</body></html>"; |
| 93 GURL iframe2_url(urlprefix + iframe2_html); | 130 GURL iframe2_url(urlprefix + iframe2_html); |
| 94 std::string iframe1_html = "<iframe src=\"" + | 131 std::string iframe1_html = "<iframe src=\"" + |
| 95 net::EscapeForHTML(iframe2_url.spec()) + | 132 net::EscapeForHTML(iframe2_url.spec()) + |
| 96 "\"></iframe>"; | 133 "\"></iframe>"; |
| 97 GURL iframe1_url(urlprefix + iframe1_html); | 134 GURL iframe1_url(urlprefix + iframe1_html); |
| 98 std::string html = "<html><head><iframe src=\"" + | 135 std::string html = |
| 99 net::EscapeForHTML(iframe1_url.spec()) + | 136 "<html><head><div foo=1><div bar=1><div baz=1></div>" |
| 100 "\"></iframe></head></html>"; | 137 "<iframe src=\"" + |
| 138 net::EscapeForHTML(iframe1_url.spec()) + | |
| 139 "\"></iframe></div></div></head></html>"; | |
| 101 GURL url(urlprefix + html); | 140 GURL url(urlprefix + html); |
| 102 | 141 |
| 142 // Configure a field trial to collect divs with attribute foo. | |
| 143 std::unique_ptr<base::test::ScopedFeatureList> feature_list = | |
| 144 SetupTagAndAttributeFeature(); | |
| 145 | |
| 103 LoadHTML(html.c_str()); | 146 LoadHTML(html.c_str()); |
| 104 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params; | 147 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params; |
| 105 details->ExtractResources(¶ms); | 148 details->ExtractResources(¶ms); |
| 106 ASSERT_EQ(2u, params.size()); | 149 ASSERT_EQ(4u, params.size()); |
| 107 | 150 |
| 108 auto& param = params[0]; | 151 auto& param = params[0]; |
| 152 EXPECT_TRUE(param.url.is_empty()); | |
| 153 EXPECT_EQ(url, param.parent); | |
| 154 EXPECT_EQ("DIV", param.tag_name); | |
| 155 // The children field contains URLs, but this mapping is not currently | |
| 156 // maintained among the interior nodes. The summary node is the parent of | |
| 157 // all elements in the frame. | |
| 158 EXPECT_TRUE(param.children.empty()); | |
| 159 EXPECT_EQ(1, param.node_id); | |
| 160 EXPECT_EQ(0, param.parent_node_id); | |
| 161 EXPECT_THAT(param.child_node_ids, ElementsAre(2, 3)); | |
| 162 | |
| 163 param = params[1]; | |
| 164 EXPECT_TRUE(param.url.is_empty()); | |
| 165 EXPECT_EQ(url, param.parent); | |
| 166 EXPECT_EQ("DIV", param.tag_name); | |
| 167 EXPECT_TRUE(param.children.empty()); | |
| 168 EXPECT_EQ(2, param.node_id); | |
| 169 EXPECT_EQ(1, param.parent_node_id); | |
| 170 EXPECT_TRUE(param.child_node_ids.empty()); | |
| 171 | |
| 172 param = params[2]; | |
| 109 EXPECT_EQ(iframe1_url, param.url); | 173 EXPECT_EQ(iframe1_url, param.url); |
| 110 EXPECT_EQ(url, param.parent); | 174 EXPECT_EQ(url, param.parent); |
| 111 EXPECT_EQ("IFRAME", param.tag_name); | 175 EXPECT_EQ("IFRAME", param.tag_name); |
| 112 EXPECT_EQ(0u, param.children.size()); | 176 EXPECT_TRUE(param.children.empty()); |
| 113 EXPECT_EQ(1, param.node_id); | 177 EXPECT_EQ(3, param.node_id); |
| 114 EXPECT_EQ(0, param.parent_node_id); | 178 EXPECT_EQ(1, param.parent_node_id); |
| 115 EXPECT_TRUE(param.child_node_ids.empty()); | 179 EXPECT_TRUE(param.child_node_ids.empty()); |
| 116 | 180 |
| 117 param = params[1]; | 181 param = params[3]; |
| 118 EXPECT_EQ(url, param.url); | 182 EXPECT_EQ(url, param.url); |
| 119 EXPECT_EQ(GURL(), param.parent); | 183 EXPECT_EQ(GURL(), param.parent); |
| 120 EXPECT_EQ(1u, param.children.size()); | 184 EXPECT_THAT(param.children, ElementsAre(iframe1_url)); |
| 121 EXPECT_EQ(0, param.node_id); | 185 EXPECT_EQ(0, param.node_id); |
| 122 EXPECT_EQ(0, param.parent_node_id); | 186 EXPECT_EQ(0, param.parent_node_id); |
| 123 EXPECT_TRUE(param.child_node_ids.empty()); | 187 EXPECT_TRUE(param.child_node_ids.empty()); |
| 124 } | 188 } |
| 125 | 189 |
| 126 { | 190 { |
| 127 // Test >50 subframes. | 191 // Test >50 subframes. |
| 128 std::string html; | 192 std::string html; |
| 129 for (int i = 0; i < 55; ++i) { | 193 for (int i = 0; i < 55; ++i) { |
| 130 // The iframe contents is just a number. | 194 // The iframe contents is just a number. |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 168 // The element nodes should all have node IDs. | 232 // The element nodes should all have node IDs. |
| 169 for (size_t i = 0; i < params.size() - 1; ++i) { | 233 for (size_t i = 0; i < params.size() - 1; ++i) { |
| 170 auto& param = params[i]; | 234 auto& param = params[i]; |
| 171 const int expected_id = i + 1; | 235 const int expected_id = i + 1; |
| 172 EXPECT_EQ(expected_id, param.node_id); | 236 EXPECT_EQ(expected_id, param.node_id); |
| 173 EXPECT_EQ(0, param.parent_node_id); | 237 EXPECT_EQ(0, param.parent_node_id); |
| 174 EXPECT_TRUE(param.child_node_ids.empty()); | 238 EXPECT_TRUE(param.child_node_ids.empty()); |
| 175 } | 239 } |
| 176 } | 240 } |
| 177 } | 241 } |
| OLD | NEW |
