Chromium Code Reviews Chromium Code Reviews
Issue 2713233002:
Update ThreatDOMDetails to be able to collect non-resource HTML Elements based on their attributes. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/safe_browsing/threat_dom_details.h" | 5 #include "chrome/renderer/safe_browsing/threat_dom_details.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/strings/string_split.h" | |
| 9 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| 11 #include "base/test/scoped_feature_list.h" | |
| 10 #include "chrome/test/base/chrome_render_view_test.h" | 12 #include "chrome/test/base/chrome_render_view_test.h" |
| 11 #include "components/safe_browsing/common/safebrowsing_messages.h" | 13 #include "components/safe_browsing/common/safebrowsing_messages.h" |
| 14 #include "components/variations/variations_associated_data.h" | |
| 12 #include "content/public/renderer/render_view.h" | 15 #include "content/public/renderer/render_view.h" |
| 13 #include "net/base/escape.h" | 16 #include "net/base/escape.h" |
| 17 #include "testing/gmock/include/gmock/gmock.h" | |
| 14 #include "third_party/WebKit/public/web/WebRuntimeFeatures.h" | 18 #include "third_party/WebKit/public/web/WebRuntimeFeatures.h" |
| 15 #include "ui/native_theme/native_theme_switches.h" | 19 #include "ui/native_theme/native_theme_switches.h" |
| 16 | 20 |
| 17 typedef ChromeRenderViewTest ThreatDOMDetailsTest; | 21 namespace { |
| 22 | |
| 23 std::unique_ptr<base::test::ScopedFeatureList> SetupTagAndAttributeFeature() { | |
| 24 std::map<std::string, std::string> feature_params; | |
| 25 feature_params[std::string(safe_browsing::kTagAndAttributeParamName)] = | |
| 26 "div,foo,div,baz"; | |
| 27 variations::AssociateVariationParams( | |
| 28 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, "Group", | |
| 29 feature_params); | |
| 30 base::FieldTrial* trial = base::FieldTrialList::CreateFieldTrial( | |
| 31 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, "Group"); | |
| 32 std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList); | |
| 33 feature_list->InitializeFromCommandLine( | |
| 34 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, | |
| 35 std::string()); | |
| 36 feature_list->AssociateReportingFieldTrial( | |
| 37 safe_browsing::kThreatDomDetailsTagAndAttributeFeature.name, | |
| 38 base::FeatureList::OVERRIDE_ENABLE_FEATURE, trial); | |
| 39 std::unique_ptr<base::test::ScopedFeatureList> scoped_list( | |
| 40 new base::test::ScopedFeatureList); | |
| 41 scoped_list->InitWithFeatureList(std::move(feature_list)); | |
| 42 return scoped_list; | |
| 43 } | |
| 44 | |
| 45 } // namespace | |
| 46 | |
| 47 using ThreatDOMDetailsTest = ChromeRenderViewTest; | |
| 48 | |
| 49 using testing::ElementsAre; | |
| 18 | 50 |
| 19 TEST_F(ThreatDOMDetailsTest, Everything) { | 51 TEST_F(ThreatDOMDetailsTest, Everything) { |
| 20 blink::WebRuntimeFeatures::enableOverlayScrollbars( | 52 blink::WebRuntimeFeatures::enableOverlayScrollbars( |
| 21 ui::IsOverlayScrollbarEnabled()); | 53 ui::IsOverlayScrollbarEnabled()); |
| 22 std::unique_ptr<safe_browsing::ThreatDOMDetails> details( | 54 std::unique_ptr<safe_browsing::ThreatDOMDetails> details( |
| 23 safe_browsing::ThreatDOMDetails::Create(view_->GetMainRenderFrame())); | 55 safe_browsing::ThreatDOMDetails::Create(view_->GetMainRenderFrame())); |
| 24 // Lower kMaxNodes for the test. Loading 500 subframes in a | 56 // Lower kMaxNodes for the test. Loading 500 subframes in a |
| 25 // debug build takes a while. | 57 // debug build takes a while. |
| 26 details->kMaxNodes = 50; | 58 details->kMaxNodes = 50; |
| 27 | 59 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 71 EXPECT_TRUE(param.child_node_ids.empty()); | 103 EXPECT_TRUE(param.child_node_ids.empty()); |
| 72 | 104 |
| 73 param = params[2]; | 105 param = params[2]; |
| 74 EXPECT_EQ(url, param.url); | 106 EXPECT_EQ(url, param.url); |
| 75 EXPECT_EQ(0, param.node_id); | 107 EXPECT_EQ(0, param.node_id); |
| 76 EXPECT_EQ(0, param.parent_node_id); | 108 EXPECT_EQ(0, param.parent_node_id); |
| 77 EXPECT_TRUE(param.child_node_ids.empty()); | 109 EXPECT_TRUE(param.child_node_ids.empty()); |
| 78 } | 110 } |
| 79 | 111 |
| 80 { | 112 { |
| 81 // A page with an iframe which in turn contains an iframe. | 113 // A page with some divs containing an iframe which itself contains an |
| 114 // iframe. | |
| 82 // html | 115 // html |
| 83 // \ iframe1 | 116 // \ div foo |
| 84 // \ iframe2 | 117 // \ div bar |
| 118 // \ div baz, iframe1 | |
| 119 // \ iframe2 | |
| 85 // Since ThreatDOMDetails is a RenderFrameObserver, it will only | 120 // Since ThreatDOMDetails is a RenderFrameObserver, it will only |
| 86 // extract resources from the frame it assigned to (in this case, | 121 // extract resources from the frame it assigned to (in this case, |
| 87 // the main frame). Extracting resources from all frames within a | 122 // the main frame). Extracting resources from all frames within a |
| 88 // page is covered in SafeBrowsingBlockingPageBrowserTest. | 123 // page is covered in SafeBrowsingBlockingPageBrowserTest. |
| 89 // In this example, ExtractResources() will still touch iframe1 | 124 // In this example, ExtractResources() will still touch iframe1 |
| 90 // since it is the direct child of the main frame, but it would not | 125 // since it is the direct child of the main frame, but it would not |
| 91 // go inside of iframe1. | 126 // go inside of iframe1. |
| 127 // We configure the test to collect divs with attribute foo and baz, but not | |
| 128 // divs with attribute bar. So div foo will be collected and contain iframe1 | |
| 129 // and div baz as children. | |
| 92 std::string iframe2_html = "<html><body>iframe2</body></html>"; | 130 std::string iframe2_html = "<html><body>iframe2</body></html>"; |
| 93 GURL iframe2_url(urlprefix + iframe2_html); | 131 GURL iframe2_url(urlprefix + iframe2_html); |
| 94 std::string iframe1_html = "<iframe src=\"" + | 132 std::string iframe1_html = "<iframe src=\"" + |
| 95 net::EscapeForHTML(iframe2_url.spec()) + | 133 net::EscapeForHTML(iframe2_url.spec()) + |
| 96 "\"></iframe>"; | 134 "\"></iframe>"; |
| 97 GURL iframe1_url(urlprefix + iframe1_html); | 135 GURL iframe1_url(urlprefix + iframe1_html); |
| 98 std::string html = "<html><head><iframe src=\"" + | 136 std::string html = |
| 99 net::EscapeForHTML(iframe1_url.spec()) + | 137 "<html><head><div foo=1><div bar=1><div baz=1></div>" |
|
Nathan Parker
2017/02/27 23:00:36
This doesn't strictly verify that "div" is compare
lpz
2017/02/28 22:53:28
Good idea, done.
| |
| 100 "\"></iframe></head></html>"; | 138 "<iframe src=\"" + |
| 139 net::EscapeForHTML(iframe1_url.spec()) + | |
| 140 "\"></iframe></div></div></head></html>"; | |
| 101 GURL url(urlprefix + html); | 141 GURL url(urlprefix + html); |
| 102 | 142 |
| 143 // Configure a field trial to collect divs with attribute foo. | |
| 144 std::unique_ptr<base::test::ScopedFeatureList> feature_list = | |
| 145 SetupTagAndAttributeFeature(); | |
| 146 | |
| 103 LoadHTML(html.c_str()); | 147 LoadHTML(html.c_str()); |
| 104 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params; | 148 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> params; |
| 105 details->ExtractResources(¶ms); | 149 details->ExtractResources(¶ms); |
| 106 ASSERT_EQ(2u, params.size()); | 150 ASSERT_EQ(4u, params.size()); |
| 107 | 151 |
| 108 auto& param = params[0]; | 152 auto& param = params[0]; |
| 153 EXPECT_TRUE(param.url.is_empty()); | |
| 154 EXPECT_EQ(url, param.parent); | |
| 155 EXPECT_EQ("DIV", param.tag_name); | |
| 156 // The children field contains URLs, but this mapping is not currently | |
| 157 // maintained among the interior nodes. The summary node is the parent of | |
| 158 // all elements in the frame. | |
| 159 EXPECT_TRUE(param.children.empty()); | |
| 160 EXPECT_EQ(1, param.node_id); | |
| 161 EXPECT_EQ(0, param.parent_node_id); | |
| 162 EXPECT_THAT(param.child_node_ids, ElementsAre(2, 3)); | |
| 163 | |
| 164 param = params[1]; | |
| 165 EXPECT_TRUE(param.url.is_empty()); | |
| 166 EXPECT_EQ(url, param.parent); | |
| 167 EXPECT_EQ("DIV", param.tag_name); | |
| 168 EXPECT_TRUE(param.children.empty()); | |
| 169 EXPECT_EQ(2, param.node_id); | |
| 170 EXPECT_EQ(1, param.parent_node_id); | |
| 171 EXPECT_TRUE(param.child_node_ids.empty()); | |
| 172 | |
| 173 param = params[2]; | |
| 109 EXPECT_EQ(iframe1_url, param.url); | 174 EXPECT_EQ(iframe1_url, param.url); |
| 110 EXPECT_EQ(url, param.parent); | 175 EXPECT_EQ(url, param.parent); |
| 111 EXPECT_EQ("IFRAME", param.tag_name); | 176 EXPECT_EQ("IFRAME", param.tag_name); |
| 112 EXPECT_EQ(0u, param.children.size()); | 177 EXPECT_TRUE(param.children.empty()); |
| 113 EXPECT_EQ(1, param.node_id); | 178 EXPECT_EQ(3, param.node_id); |
| 114 EXPECT_EQ(0, param.parent_node_id); | 179 EXPECT_EQ(1, param.parent_node_id); |
| 115 EXPECT_TRUE(param.child_node_ids.empty()); | 180 EXPECT_TRUE(param.child_node_ids.empty()); |
| 116 | 181 |
| 117 param = params[1]; | 182 param = params[3]; |
| 118 EXPECT_EQ(url, param.url); | 183 EXPECT_EQ(url, param.url); |
| 119 EXPECT_EQ(GURL(), param.parent); | 184 EXPECT_EQ(GURL(), param.parent); |
| 120 EXPECT_EQ(1u, param.children.size()); | 185 EXPECT_THAT(param.children, ElementsAre(iframe1_url)); |
| 121 EXPECT_EQ(0, param.node_id); | 186 EXPECT_EQ(0, param.node_id); |
| 122 EXPECT_EQ(0, param.parent_node_id); | 187 EXPECT_EQ(0, param.parent_node_id); |
| 123 EXPECT_TRUE(param.child_node_ids.empty()); | 188 EXPECT_TRUE(param.child_node_ids.empty()); |
| 124 } | 189 } |
| 125 | 190 |
| 126 { | 191 { |
| 127 // Test >50 subframes. | 192 // Test >50 subframes. |
| 128 std::string html; | 193 std::string html; |
| 129 for (int i = 0; i < 55; ++i) { | 194 for (int i = 0; i < 55; ++i) { |
| 130 // The iframe contents is just a number. | 195 // The iframe contents is just a number. |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 168 // The element nodes should all have node IDs. | 233 // The element nodes should all have node IDs. |
| 169 for (size_t i = 0; i < params.size() - 1; ++i) { | 234 for (size_t i = 0; i < params.size() - 1; ++i) { |
| 170 auto& param = params[i]; | 235 auto& param = params[i]; |
| 171 const int expected_id = i + 1; | 236 const int expected_id = i + 1; |
| 172 EXPECT_EQ(expected_id, param.node_id); | 237 EXPECT_EQ(expected_id, param.node_id); |
| 173 EXPECT_EQ(0, param.parent_node_id); | 238 EXPECT_EQ(0, param.parent_node_id); |
| 174 EXPECT_TRUE(param.child_node_ids.empty()); | 239 EXPECT_TRUE(param.child_node_ids.empty()); |
| 175 } | 240 } |
| 176 } | 241 } |
| 177 } | 242 } |
| OLD | NEW |
