Fix policy_util iterator and re-enable networking tests

chromeos/network/policy_util.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/policy_util.h"
 
 #include <utility>
 
 #include "base/logging.h"
 #include "base/values.h"
@@ skipping 17 matching lines @@
 // This fake credential contains a random postfix which is extremely unlikely to
 // be used by any user.
 const char kFakeCredential[] = "FAKE_CREDENTIAL_VPaJDV9x";
 
 
 // Removes all kFakeCredential values from sensitive fields (determined by
 // onc::FieldIsCredential) of |onc_object|.
 void RemoveFakeCredentials(
     const onc::OncValueSignature& signature,
     base::DictionaryValue* onc_object) {
-  base::DictionaryValue::Iterator it(*onc_object);
-  while (!it.IsAtEnd()) {
-    base::Value* value = NULL;
+  std::vector<std::string> entries_to_remove;
+  for (base::DictionaryValue::Iterator it(*onc_object); !it.IsAtEnd();
+       it.Advance()) {
+    base::Value* value = nullptr;
     std::string field_name = it.key();
     // We need the non-const entry to remove nested values but DictionaryValue
     // has no non-const iterator.
     onc_object->GetWithoutPathExpansion(field_name, &value);
-    // Advance before delete.
-    it.Advance();
 
     // If |value| is a dictionary, recurse.
-    base::DictionaryValue* nested_object = NULL;
+    base::DictionaryValue* nested_object = nullptr;
     if (value->GetAsDictionary(&nested_object)) {
       const onc::OncFieldSignature* field_signature =
           onc::GetFieldSignature(signature, field_name);
       if (field_signature)
         RemoveFakeCredentials(*field_signature->value_signature, nested_object);
       else
         LOG(ERROR) << "ONC has unrecognized field: " << field_name;
       continue;
     }
 
     // If |value| is a string, check if it is a fake credential.
     std::string string_value;
     if (value->GetAsString(&string_value) &&
         onc::FieldIsCredential(signature, field_name)) {
       if (string_value == kFakeCredential) {
         // The value wasn't modified by the UI, thus we remove the field to keep
         // the existing value that is stored in Shill.
-        onc_object->RemoveWithoutPathExpansion(field_name, NULL);
+        entries_to_remove.push_back(field_name);
       }
       // Otherwise, the value is set and modified by the UI, thus we keep that
       // value to overwrite whatever is stored in Shill.
     }
   }
+  for (auto field_name : entries_to_remove)
+    onc_object->RemoveWithoutPathExpansion(field_name, nullptr);
 }
 
 // Returns true if |policy| matches |actual_network|, which must be part of a
 // ONC NetworkConfiguration. This should be the only such matching function
 // within Chrome. Shill does such matching in several functions for network
 // identification. For compatibility, we currently should stick to Shill's
 // matching behavior.
 bool IsPolicyMatching(const base::DictionaryValue& policy,
                       const base::DictionaryValue& actual_network) {
   std::string policy_type;
@@ skipping 318 matching lines @@
   for (auto it = policies.begin(); it != policies.end(); ++it) {
     if (IsPolicyMatching(*it->second, actual_network))
       return it->second.get();
   }
   return NULL;
 }
 
 }  // namespace policy_util
 
 }  // namespace chromeos