Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING

chrome/browser/ssl/security_state_tab_helper_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/security_state_tab_helper.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
@@ skipping 778 matching lines @@
 }
 
 // Tests that the security level of data: URLs is always downgraded to
 // HTTP_SHOW_WARNING.
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest,
                        SecurityLevelDowngradedOnDataUrl) {
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
+  SecurityStyleTestObserver observer(contents);
+
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(contents);
   ASSERT_TRUE(helper);
 
   ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,<html></html>"));
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
 
+  // Ensure Developer Tools don't show an incorrect Form Not Secure explanation.

[estark, 2017/03/02 22:53:33]

layering-and-comment nit: it's mildly undesirable to talk about devtools here,
since ostensibly you're testing a generic API that happens to be used by
devtools but could also be used by other stuff. Also, I sometimes like to point
out when something's a regression test with a link to the bug. Suggested
rephrasing:

// Ensure that WebContentsObservers don't show an incorrect Form Not Secure
explanation. Regression test for https://crbug.com/XXXXXX.

[elawrence, 2017/03/02 23:11:43]

Done.

+  const content::SecurityStyleExplanations& explanations =
+      observer.latest_explanations();

[estark, 2017/03/02 22:53:33]

Perhaps also check that latest_security_style() is Unauthenticated, to sanity
check that the observer indeed saw the event.

[elawrence, 2017/03/02 23:11:43]

Done.

+  EXPECT_EQ(0u, explanations.unauthenticated_explanations.size());

[estark, 2017/03/02 22:53:33]

optional nit: since you're only using it once, I'd skip the |explanations| var
and just inline it:

EXPECT_EQ(0u,
observer.latest_explanations().unauthenticated_explanations.size());

[elawrence, 2017/03/02 23:11:43]

Done.

+
   content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
   ASSERT_TRUE(entry);
   EXPECT_EQ(content::SSLStatus::NORMAL_CONTENT, entry->GetSSL().content_status);
 }
 
 const char kReportURI[] = "https://report-hpkp.test";
 
 class PKPModelClientTest : public SecurityStateTabHelperTest {
  public:
   void SetUpOnMainThread() override {
@@ skipping 1191 matching lines @@
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(web_contents);
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::SECURE, security_info.security_level);
   EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses);
 }
 
 }  // namespace