| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This test creates a fake safebrowsing service, where we can inject known- | 5 // This test creates a fake safebrowsing service, where we can inject known- |
| 6 // threat urls. It then uses a real browser to go to these urls, and sends | 6 // threat urls. It then uses a real browser to go to these urls, and sends |
| 7 // "goback" or "proceed" commands and verifies they work. | 7 // "goback" or "proceed" commands and verifies they work. |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 13 #include "base/macros.h" | 13 #include "base/macros.h" |
| 14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "base/test/histogram_tester.h" | 16 #include "base/test/histogram_tester.h" |
| 17 #include "base/test/scoped_feature_list.h" | |
| 18 #include "base/values.h" | 17 #include "base/values.h" |
| 19 #include "build/build_config.h" | 18 #include "build/build_config.h" |
| 20 #include "chrome/browser/browser_process.h" | 19 #include "chrome/browser/browser_process.h" |
| 21 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" | 20 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" |
| 22 #include "chrome/browser/net/url_request_mock_util.h" | 21 #include "chrome/browser/net/url_request_mock_util.h" |
| 23 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
| 24 #include "chrome/browser/safe_browsing/local_database_manager.h" | 23 #include "chrome/browser/safe_browsing/local_database_manager.h" |
| 25 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 24 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
| 26 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" | 25 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" |
| 27 #include "chrome/browser/safe_browsing/threat_details.h" | 26 #include "chrome/browser/safe_browsing/threat_details.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 53 #include "content/public/browser/render_process_host.h" | 52 #include "content/public/browser/render_process_host.h" |
| 54 #include "content/public/browser/security_style_explanations.h" | 53 #include "content/public/browser/security_style_explanations.h" |
| 55 #include "content/public/browser/web_contents.h" | 54 #include "content/public/browser/web_contents.h" |
| 56 #include "content/public/test/browser_test_utils.h" | 55 #include "content/public/test/browser_test_utils.h" |
| 57 #include "content/public/test/test_browser_thread.h" | 56 #include "content/public/test/test_browser_thread.h" |
| 58 #include "content/public/test/test_utils.h" | 57 #include "content/public/test/test_utils.h" |
| 59 #include "net/cert/cert_verify_result.h" | 58 #include "net/cert/cert_verify_result.h" |
| 60 #include "net/cert/mock_cert_verifier.h" | 59 #include "net/cert/mock_cert_verifier.h" |
| 61 #include "net/test/embedded_test_server/embedded_test_server.h" | 60 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 62 #include "net/test/url_request/url_request_mock_http_job.h" | 61 #include "net/test/url_request/url_request_mock_http_job.h" |
| 62 #include "testing/gmock/include/gmock/gmock-matchers.h" |
| 63 #include "ui/base/l10n/l10n_util.h" | 63 #include "ui/base/l10n/l10n_util.h" |
| 64 | 64 |
| 65 using chrome_browser_interstitials::SecurityInterstitialIDNTest; | 65 using chrome_browser_interstitials::SecurityInterstitialIDNTest; |
| 66 using content::BrowserThread; | 66 using content::BrowserThread; |
| 67 using content::InterstitialPage; | 67 using content::InterstitialPage; |
| 68 using content::NavigationController; | 68 using content::NavigationController; |
| 69 using content::RenderFrameHost; | 69 using content::RenderFrameHost; |
| 70 using content::WebContents; | 70 using content::WebContents; |
| 71 using security_interstitials::SafeBrowsingErrorUI; | 71 using security_interstitials::SafeBrowsingErrorUI; |
| 72 | 72 |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 // Test UI manager and test database manager should be set before | 320 // Test UI manager and test database manager should be set before |
| 321 // InProcessBrowserTest::SetUp(). | 321 // InProcessBrowserTest::SetUp(). |
| 322 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); | 322 factory_.SetTestUIManager(new FakeSafeBrowsingUIManager()); |
| 323 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); | 323 factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager()); |
| 324 SafeBrowsingService::RegisterFactory(&factory_); | 324 SafeBrowsingService::RegisterFactory(&factory_); |
| 325 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); | 325 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_); |
| 326 ThreatDetails::RegisterFactory(&details_factory_); | 326 ThreatDetails::RegisterFactory(&details_factory_); |
| 327 InProcessBrowserTest::SetUp(); | 327 InProcessBrowserTest::SetUp(); |
| 328 } | 328 } |
| 329 | 329 |
| 330 void SetUpInProcessBrowserTestFixture() override { | |
| 331 feature_list_.reset(new base::test::ScopedFeatureList); | |
| 332 feature_list_->InitAndEnableFeature(kFillDOMInThreatDetails); | |
| 333 } | |
| 334 | |
| 335 void TearDown() override { | 330 void TearDown() override { |
| 336 InProcessBrowserTest::TearDown(); | 331 InProcessBrowserTest::TearDown(); |
| 337 SafeBrowsingBlockingPage::RegisterFactory(NULL); | 332 SafeBrowsingBlockingPage::RegisterFactory(NULL); |
| 338 SafeBrowsingService::RegisterFactory(NULL); | 333 SafeBrowsingService::RegisterFactory(NULL); |
| 339 ThreatDetails::RegisterFactory(NULL); | 334 ThreatDetails::RegisterFactory(NULL); |
| 340 } | 335 } |
| 341 | 336 |
| 342 void SetUpCommandLine(base::CommandLine* command_line) override { | 337 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 338 command_line->AppendSwitchASCII( |
| 339 "enable-features", |
| 340 "FillDOMInThreatDetails,ThreatDomDetailsTagAttributes<SBDomStudy"); |
| 341 command_line->AppendSwitchASCII("force-fieldtrials", |
| 342 "SBDomStudy/SBDomGroup"); |
| 343 command_line->AppendSwitchASCII( |
| 344 "force-fieldtrial-params", |
| 345 "SBDomStudy.SBDomGroup:tag_attribute_csv/div%2Cfoo%2Cdiv%2Cbaz"); |
| 346 |
| 343 if (testing::get<1>(GetParam())) | 347 if (testing::get<1>(GetParam())) |
| 344 content::IsolateAllSitesForTesting(command_line); | 348 content::IsolateAllSitesForTesting(command_line); |
| 345 } | 349 } |
| 346 | 350 |
| 347 void SetUpOnMainThread() override { | 351 void SetUpOnMainThread() override { |
| 348 BrowserThread::PostTask( | 352 BrowserThread::PostTask( |
| 349 BrowserThread::IO, FROM_HERE, | 353 BrowserThread::IO, FROM_HERE, |
| 350 base::Bind(&chrome_browser_net::SetUrlRequestMocksEnabled, true)); | 354 base::Bind(&chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
| 351 } | 355 } |
| 352 | 356 |
| (...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 604 break; | 608 break; |
| 605 } | 609 } |
| 606 } | 610 } |
| 607 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); | 611 EXPECT_EQ(expected_child_size, actual_resource.child_ids_size()); |
| 608 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); | 612 EXPECT_EQ(expected_tag_name, actual_resource.tag_name()); |
| 609 } | 613 } |
| 610 | 614 |
| 611 void VerifyElement(const ClientSafeBrowsingReportRequest& report, | 615 void VerifyElement(const ClientSafeBrowsingReportRequest& report, |
| 612 const HTMLElement& actual_element, | 616 const HTMLElement& actual_element, |
| 613 const std::string& expected_url, | 617 const std::string& expected_url, |
| 614 const std::string& expected_tag_name) { | 618 const std::string& expected_tag_name, |
| 615 ASSERT_EQ(1, actual_element.attribute_size()); | 619 const int expected_child_ids_size) { |
| 616 EXPECT_EQ(expected_url, actual_element.attribute(0).value()); | 620 if (!expected_url.empty()) { |
| 621 ASSERT_EQ(1, actual_element.attribute_size()); |
| 622 EXPECT_EQ(expected_url, actual_element.attribute(0).value()); |
| 623 } |
| 617 EXPECT_EQ(expected_tag_name, actual_element.tag()); | 624 EXPECT_EQ(expected_tag_name, actual_element.tag()); |
| 625 EXPECT_EQ(expected_child_ids_size, actual_element.child_ids_size()); |
| 618 } | 626 } |
| 619 | 627 |
| 620 void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, | 628 void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, |
| 621 net::CertStatus cert_status) { | 629 net::CertStatus cert_status) { |
| 622 SecurityStateTabHelper* helper = | 630 SecurityStateTabHelper* helper = |
| 623 SecurityStateTabHelper::FromWebContents(tab); | 631 SecurityStateTabHelper::FromWebContents(tab); |
| 624 ASSERT_TRUE(helper); | 632 ASSERT_TRUE(helper); |
| 625 security_state::SecurityInfo security_info; | 633 security_state::SecurityInfo security_info; |
| 626 helper->GetSecurityInfo(&security_info); | 634 helper->GetSecurityInfo(&security_info); |
| 627 EXPECT_EQ(security_state::DANGEROUS, security_info.security_level); | 635 EXPECT_EQ(security_state::DANGEROUS, security_info.security_level); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 652 GURL SetupWarningAndNavigateToURL(GURL url) { | 660 GURL SetupWarningAndNavigateToURL(GURL url) { |
| 653 SetURLThreatType(url, testing::get<0>(GetParam())); | 661 SetURLThreatType(url, testing::get<0>(GetParam())); |
| 654 ui_test_utils::NavigateToURL(browser(), url); | 662 ui_test_utils::NavigateToURL(browser(), url); |
| 655 EXPECT_TRUE(WaitForReady()); | 663 EXPECT_TRUE(WaitForReady()); |
| 656 return url; | 664 return url; |
| 657 } | 665 } |
| 658 | 666 |
| 659 TestSafeBrowsingServiceFactory factory_; | 667 TestSafeBrowsingServiceFactory factory_; |
| 660 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; | 668 TestSafeBrowsingBlockingPageFactory blocking_page_factory_; |
| 661 net::EmbeddedTestServer https_server_; | 669 net::EmbeddedTestServer https_server_; |
| 662 std::unique_ptr<base::test::ScopedFeatureList> feature_list_; | |
| 663 | 670 |
| 664 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); | 671 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest); |
| 665 }; | 672 }; |
| 666 | 673 |
| 667 // TODO(linux_aura) https://crbug.com/163931 | 674 // TODO(linux_aura) https://crbug.com/163931 |
| 668 // TODO(win_aura) https://crbug.com/154081 | 675 // TODO(win_aura) https://crbug.com/154081 |
| 669 #if defined(USE_AURA) && !defined(OS_CHROMEOS) | 676 #if defined(USE_AURA) && !defined(OS_CHROMEOS) |
| 670 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled | 677 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled |
| 671 #else | 678 #else |
| 672 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled | 679 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 797 report, resources[0], | 804 report, resources[0], |
| 798 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), | 805 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), |
| 799 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), | 806 net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage).spec(), |
| 800 1, ""); | 807 1, ""); |
| 801 VerifyResource( | 808 VerifyResource( |
| 802 report, resources[1], | 809 report, resources[1], |
| 803 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), | 810 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), |
| 804 url.spec(), // kCrossSiteMaliciousPage | 811 url.spec(), // kCrossSiteMaliciousPage |
| 805 0, "IFRAME"); | 812 0, "IFRAME"); |
| 806 | 813 |
| 807 ASSERT_EQ(1, report.dom_size()); | 814 ASSERT_EQ(2, report.dom_size()); |
| 808 VerifyElement( | 815 // Because the order of elements is not deterministic, we basically need to |
| 809 report, report.dom(0), | 816 // verify the relationship. Namely that there is an IFRAME element and that |
| 810 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), | 817 // its has a DIV as its parent. |
| 811 "IFRAME"); | 818 int iframe_node_id = -1; |
| 819 for (const HTMLElement& elem : report.dom()) { |
| 820 if (elem.tag() == "IFRAME") { |
| 821 iframe_node_id = elem.id(); |
| 822 VerifyElement( |
| 823 report, elem, |
| 824 net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe).spec(), |
| 825 "IFRAME", /*child_size=*/0); |
| 826 break; |
| 827 } |
| 828 } |
| 829 EXPECT_GT(iframe_node_id, -1); |
| 830 |
| 831 // Find the parent DIV that is the parent of the iframe. |
| 832 // TODO(lpz): Test the identify of the DIV once we start collecting its |
| 833 // attributes. |
| 834 for (const HTMLElement& elem : report.dom()) { |
| 835 if (elem.id() != iframe_node_id) { |
| 836 // Not the IIFRAME, so this is the parent DIV |
| 837 VerifyElement(report, elem, /*url=*/"", "DIV", /*child_size=*/1); |
| 838 // Make sure this DIV has the IFRAME as a child. |
| 839 EXPECT_EQ(iframe_node_id, elem.child_ids(0)); |
| 840 } |
| 841 } |
| 812 } | 842 } |
| 813 } | 843 } |
| 814 | 844 |
| 815 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, | 845 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, |
| 816 MainFrameBlockedShouldHaveNoDOMDetailsWhenDontProceed) { | 846 MainFrameBlockedShouldHaveNoDOMDetailsWhenDontProceed) { |
| 817 const bool expect_threat_details = | 847 const bool expect_threat_details = |
| 818 SafeBrowsingBlockingPage::ShouldReportThreatDetails( | 848 SafeBrowsingBlockingPage::ShouldReportThreatDetails( |
| 819 testing::get<0>(GetParam())); | 849 testing::get<0>(GetParam())); |
| 820 | 850 |
| 821 scoped_refptr<content::MessageLoopRunner> threat_report_sent_runner( | 851 scoped_refptr<content::MessageLoopRunner> threat_report_sent_runner( |
| (...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1401 | 1431 |
| 1402 INSTANTIATE_TEST_CASE_P( | 1432 INSTANTIATE_TEST_CASE_P( |
| 1403 SafeBrowsingBlockingPageIDNTestWithThreatType, | 1433 SafeBrowsingBlockingPageIDNTestWithThreatType, |
| 1404 SafeBrowsingBlockingPageIDNTest, | 1434 SafeBrowsingBlockingPageIDNTest, |
| 1405 testing::Combine(testing::Values(false, true), | 1435 testing::Combine(testing::Values(false, true), |
| 1406 testing::Values(SB_THREAT_TYPE_URL_MALWARE, | 1436 testing::Values(SB_THREAT_TYPE_URL_MALWARE, |
| 1407 SB_THREAT_TYPE_URL_PHISHING, | 1437 SB_THREAT_TYPE_URL_PHISHING, |
| 1408 SB_THREAT_TYPE_URL_UNWANTED))); | 1438 SB_THREAT_TYPE_URL_UNWANTED))); |
| 1409 | 1439 |
| 1410 } // namespace safe_browsing | 1440 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2713233002:
Update ThreatDOMDetails to be able to collect non-resource HTML Elements based on their attributes. (Closed)
