OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This test creates a safebrowsing service using test safebrowsing database | 5 // This test creates a safebrowsing service using test safebrowsing database |
6 // and a test protocol manager. It is used to test logics in safebrowsing | 6 // and a test protocol manager. It is used to test logics in safebrowsing |
7 // service. | 7 // service. |
8 | 8 |
9 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 9 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
10 | 10 |
(...skipping 22 matching lines...) Expand all Loading... | |
33 #include "chrome/browser/prerender/prerender_manager.h" | 33 #include "chrome/browser/prerender/prerender_manager.h" |
34 #include "chrome/browser/profiles/profile.h" | 34 #include "chrome/browser/profiles/profile.h" |
35 #include "chrome/browser/profiles/profile_manager.h" | 35 #include "chrome/browser/profiles/profile_manager.h" |
36 #include "chrome/browser/safe_browsing/client_side_detection_service.h" | 36 #include "chrome/browser/safe_browsing/client_side_detection_service.h" |
37 #include "chrome/browser/safe_browsing/local_database_manager.h" | 37 #include "chrome/browser/safe_browsing/local_database_manager.h" |
38 #include "chrome/browser/safe_browsing/protocol_manager.h" | 38 #include "chrome/browser/safe_browsing/protocol_manager.h" |
39 #include "chrome/browser/safe_browsing/safe_browsing_database.h" | 39 #include "chrome/browser/safe_browsing/safe_browsing_database.h" |
40 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" | 40 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" |
41 #include "chrome/browser/safe_browsing/ui_manager.h" | 41 #include "chrome/browser/safe_browsing/ui_manager.h" |
42 #include "chrome/browser/safe_browsing/v4_test_utils.h" | 42 #include "chrome/browser/safe_browsing/v4_test_utils.h" |
43 #include "chrome/browser/subresource_filter/test_ruleset_publisher.h" | 43 #include "chrome/browser/subresource_filter/test_ruleset_publisher.h" |
engedy
2017/04/26 13:47:09
nit: No longer needed.
melandory
2017/04/26 15:02:20
Done.
| |
44 #include "chrome/browser/ui/browser.h" | 44 #include "chrome/browser/ui/browser.h" |
45 #include "chrome/browser/ui/browser_navigator_params.h" | 45 #include "chrome/browser/ui/browser_navigator_params.h" |
46 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 46 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
47 #include "chrome/common/chrome_paths.h" | 47 #include "chrome/common/chrome_paths.h" |
48 #include "chrome/common/pref_names.h" | 48 #include "chrome/common/pref_names.h" |
49 #include "chrome/test/base/in_process_browser_test.h" | 49 #include "chrome/test/base/in_process_browser_test.h" |
50 #include "chrome/test/base/ui_test_utils.h" | 50 #include "chrome/test/base/ui_test_utils.h" |
51 #include "components/bookmarks/browser/startup_task_runner_service.h" | 51 #include "components/bookmarks/browser/startup_task_runner_service.h" |
52 #include "components/content_settings/core/browser/host_content_settings_map.h" | 52 #include "components/content_settings/core/browser/host_content_settings_map.h" |
53 #include "components/prefs/pref_service.h" | 53 #include "components/prefs/pref_service.h" |
54 #include "components/safe_browsing/common/safebrowsing_switches.h" | 54 #include "components/safe_browsing/common/safebrowsing_switches.h" |
55 #include "components/safe_browsing_db/database_manager.h" | 55 #include "components/safe_browsing_db/database_manager.h" |
56 #include "components/safe_browsing_db/metadata.pb.h" | 56 #include "components/safe_browsing_db/metadata.pb.h" |
57 #include "components/safe_browsing_db/test_database_manager.h" | 57 #include "components/safe_browsing_db/test_database_manager.h" |
58 #include "components/safe_browsing_db/util.h" | 58 #include "components/safe_browsing_db/util.h" |
59 #include "components/safe_browsing_db/v4_database.h" | 59 #include "components/safe_browsing_db/v4_database.h" |
60 #include "components/safe_browsing_db/v4_feature_list.h" | 60 #include "components/safe_browsing_db/v4_feature_list.h" |
61 #include "components/safe_browsing_db/v4_get_hash_protocol_manager.h" | 61 #include "components/safe_browsing_db/v4_get_hash_protocol_manager.h" |
62 #include "components/safe_browsing_db/v4_protocol_manager_util.h" | 62 #include "components/safe_browsing_db/v4_protocol_manager_util.h" |
63 #include "components/subresource_filter/core/browser/subresource_filter_features .h" | 63 #include "components/subresource_filter/core/browser/subresource_filter_features .h" |
64 #include "components/subresource_filter/core/browser/subresource_filter_features _test_support.h" | 64 #include "components/subresource_filter/core/browser/subresource_filter_features _test_support.h" |
engedy
2017/04/26 13:47:09
nit: This and below no longer needed.
melandory
2017/04/26 15:02:20
Done.
| |
65 #include "components/subresource_filter/core/common/test_ruleset_creator.h" | 65 #include "components/subresource_filter/core/common/test_ruleset_creator.h" |
66 #include "content/public/browser/interstitial_page.h" | 66 #include "content/public/browser/interstitial_page.h" |
67 #include "content/public/browser/navigation_entry.h" | 67 #include "content/public/browser/navigation_entry.h" |
68 #include "content/public/browser/render_frame_host.h" | 68 #include "content/public/browser/render_frame_host.h" |
69 #include "content/public/browser/web_contents.h" | 69 #include "content/public/browser/web_contents.h" |
70 #include "content/public/common/content_switches.h" | 70 #include "content/public/common/content_switches.h" |
71 #include "content/public/test/browser_test_utils.h" | 71 #include "content/public/test/browser_test_utils.h" |
72 #include "crypto/sha2.h" | 72 #include "crypto/sha2.h" |
73 #include "net/cookies/cookie_store.h" | 73 #include "net/cookies/cookie_store.h" |
74 #include "net/cookies/cookie_util.h" | 74 #include "net/cookies/cookie_util.h" |
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
532 SafeBrowsingDatabase::RegisterFactory(nullptr); | 532 SafeBrowsingDatabase::RegisterFactory(nullptr); |
533 SafeBrowsingProtocolManager::RegisterFactory(nullptr); | 533 SafeBrowsingProtocolManager::RegisterFactory(nullptr); |
534 SafeBrowsingService::RegisterFactory(nullptr); | 534 SafeBrowsingService::RegisterFactory(nullptr); |
535 } | 535 } |
536 | 536 |
537 void SetUpCommandLine(base::CommandLine* command_line) override { | 537 void SetUpCommandLine(base::CommandLine* command_line) override { |
538 // Makes sure the auto update is not triggered during the test. | 538 // Makes sure the auto update is not triggered during the test. |
539 // This test will fill up the database using testing prefixes | 539 // This test will fill up the database using testing prefixes |
540 // and urls. | 540 // and urls. |
541 command_line->AppendSwitch(safe_browsing::switches::kSbDisableAutoUpdate); | 541 command_line->AppendSwitch(safe_browsing::switches::kSbDisableAutoUpdate); |
542 command_line->AppendSwitchASCII( | 542 command_line->AppendSwitchASCII( |
engedy
2017/04/26 13:47:09
nit: Probably no longer needed and can be removed
melandory
2017/04/26 15:02:20
Done.
| |
543 ::switches::kEnableFeatures, | 543 ::switches::kEnableFeatures, |
544 subresource_filter::kSafeBrowsingSubresourceFilter.name); | 544 subresource_filter::kSafeBrowsingSubresourceFilter.name); |
545 #if defined(OS_CHROMEOS) | 545 #if defined(OS_CHROMEOS) |
546 command_line->AppendSwitch( | 546 command_line->AppendSwitch( |
547 chromeos::switches::kIgnoreUserProfileMappingForTests); | 547 chromeos::switches::kIgnoreUserProfileMappingForTests); |
548 #endif | 548 #endif |
549 } | 549 } |
550 | 550 |
551 void SetUpOnMainThread() override { | 551 void SetUpOnMainThread() override { |
552 InProcessBrowserTest::SetUpOnMainThread(); | 552 InProcessBrowserTest::SetUpOnMainThread(); |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
585 pm->AddGetFullHashResponse(full_hash); | 585 pm->AddGetFullHashResponse(full_hash); |
586 } | 586 } |
587 | 587 |
588 bool ShowingInterstitialPage() { | 588 bool ShowingInterstitialPage() { |
589 WebContents* contents = | 589 WebContents* contents = |
590 browser()->tab_strip_model()->GetActiveWebContents(); | 590 browser()->tab_strip_model()->GetActiveWebContents(); |
591 InterstitialPage* interstitial_page = contents->GetInterstitialPage(); | 591 InterstitialPage* interstitial_page = contents->GetInterstitialPage(); |
592 return interstitial_page != nullptr; | 592 return interstitial_page != nullptr; |
593 } | 593 } |
594 | 594 |
595 bool WasSubresourceFilterProbeScriptLoaded() { | 595 bool WasSubresourceFilterProbeScriptLoaded() { |
engedy
2017/04/26 13:47:09
nit: No longer needed.
melandory
2017/04/26 15:02:20
Done.
| |
596 bool script_resource_was_loaded = false; | 596 bool script_resource_was_loaded = false; |
597 WebContents* web_contents = | 597 WebContents* web_contents = |
598 browser()->tab_strip_model()->GetActiveWebContents(); | 598 browser()->tab_strip_model()->GetActiveWebContents(); |
599 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 599 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
600 web_contents->GetMainFrame(), | 600 web_contents->GetMainFrame(), |
601 "domAutomationController.send(!!document.scriptExecuted)", | 601 "domAutomationController.send(!!document.scriptExecuted)", |
602 &script_resource_was_loaded)); | 602 &script_resource_was_loaded)); |
603 return script_resource_was_loaded; | 603 return script_resource_was_loaded; |
604 } | 604 } |
605 | 605 |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
896 ui_test_utils::NavigateToURL(¶ms); | 896 ui_test_utils::NavigateToURL(¶ms); |
897 | 897 |
898 EXPECT_TRUE(ShowingInterstitialPage()); | 898 EXPECT_TRUE(ShowingInterstitialPage()); |
899 EXPECT_TRUE(got_hit_report()); | 899 EXPECT_TRUE(got_hit_report()); |
900 EXPECT_EQ(bad_url, hit_report().malicious_url); | 900 EXPECT_EQ(bad_url, hit_report().malicious_url); |
901 EXPECT_EQ(bad_url, hit_report().page_url); | 901 EXPECT_EQ(bad_url, hit_report().page_url); |
902 EXPECT_EQ(first_url, hit_report().referrer_url); | 902 EXPECT_EQ(first_url, hit_report().referrer_url); |
903 EXPECT_FALSE(hit_report().is_subresource); | 903 EXPECT_FALSE(hit_report().is_subresource); |
904 } | 904 } |
905 | 905 |
906 IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest, SubresourceFilterEndToEndTest) { | |
907 subresource_filter::testing::ScopedSubresourceFilterFeatureToggle | |
908 scoped_feature_toggle( | |
909 base::FeatureList::OVERRIDE_ENABLE_FEATURE, | |
910 subresource_filter::kActivationLevelEnabled, | |
911 subresource_filter::kActivationScopeActivationList, | |
912 subresource_filter::kActivationListSocialEngineeringAdsInterstitial); | |
913 | |
914 subresource_filter::testing::TestRulesetCreator ruleset_creator; | |
915 subresource_filter::testing::TestRulesetPair test_ruleset_pair; | |
916 ruleset_creator.CreateRulesetToDisallowURLsWithPathSuffix( | |
917 "included_script.js", &test_ruleset_pair); | |
918 subresource_filter::testing::TestRulesetPublisher test_ruleset_publisher; | |
919 ASSERT_NO_FATAL_FAILURE( | |
920 test_ruleset_publisher.SetRuleset(test_ruleset_pair.unindexed)); | |
921 | |
922 GURL phishing_url = embedded_test_server()->GetURL( | |
923 "/subresource_filter/frame_with_included_script.html"); | |
924 SBFullHashResult malware_full_hash; | |
925 GenUrlFullHashResultWithMetadata(phishing_url, PHISH, | |
926 ThreatPatternType::SOCIAL_ENGINEERING_ADS, | |
927 &malware_full_hash); | |
928 SetupResponseForUrl(phishing_url, malware_full_hash); | |
929 | |
930 WebContents* web_contents = | |
931 browser()->tab_strip_model()->GetActiveWebContents(); | |
932 | |
933 // Navigation to a phishing page should trigger an interstitial. If the user | |
934 // clicks through it, the page load should proceed, but with subresource | |
935 // filtering activated. This is verified by probing whether `included_script` | |
936 // that is disallowed above indeed fails to load. | |
937 EXPECT_CALL(observer_, OnSafeBrowsingHit(IsUnsafeResourceFor(phishing_url))); | |
938 ui_test_utils::NavigateToURL(browser(), phishing_url); | |
939 ASSERT_TRUE(Mock::VerifyAndClearExpectations(&observer_)); | |
940 ASSERT_TRUE(got_hit_report()); | |
941 content::WaitForInterstitialAttach(web_contents); | |
942 ASSERT_TRUE(ShowingInterstitialPage()); | |
943 | |
944 content::WindowedNotificationObserver load_stop_observer( | |
945 content::NOTIFICATION_LOAD_STOP, | |
946 content::Source<content::NavigationController>( | |
947 &web_contents->GetController())); | |
948 InterstitialPage* interstitial_page = web_contents->GetInterstitialPage(); | |
949 ASSERT_TRUE(interstitial_page); | |
950 interstitial_page->Proceed(); | |
951 load_stop_observer.Wait(); | |
952 ASSERT_FALSE(ShowingInterstitialPage()); | |
953 EXPECT_FALSE(WasSubresourceFilterProbeScriptLoaded()); | |
954 | |
955 // Navigate to a page that loads the same script, but is not a phishing page. | |
956 // The load should be allowed. | |
957 GURL safe_url = embedded_test_server()->GetURL( | |
958 "/subresource_filter/frame_with_allowed_script.html"); | |
959 ui_test_utils::NavigateToURL(browser(), safe_url); | |
960 EXPECT_FALSE(ShowingInterstitialPage()); | |
961 EXPECT_TRUE(WasSubresourceFilterProbeScriptLoaded()); | |
962 | |
963 // Navigate to the phishing page again -- should be no interstitial shown, but | |
964 // subresource filtering should still be activated. | |
965 EXPECT_CALL(observer_, OnSafeBrowsingHit(IsUnsafeResourceFor(phishing_url))) | |
966 .Times(0); | |
967 ui_test_utils::NavigateToURL(browser(), phishing_url); | |
968 EXPECT_FALSE(ShowingInterstitialPage()); | |
969 EXPECT_FALSE(WasSubresourceFilterProbeScriptLoaded()); | |
970 } | |
971 | |
972 IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest, | 906 IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest, |
973 SubResourceHitWithMainFrameReferrer) { | 907 SubResourceHitWithMainFrameReferrer) { |
974 GURL first_url = embedded_test_server()->GetURL(kEmptyPage); | 908 GURL first_url = embedded_test_server()->GetURL(kEmptyPage); |
975 GURL second_url = embedded_test_server()->GetURL(kMalwarePage); | 909 GURL second_url = embedded_test_server()->GetURL(kMalwarePage); |
976 GURL bad_url = embedded_test_server()->GetURL(kMalwareImg); | 910 GURL bad_url = embedded_test_server()->GetURL(kMalwareImg); |
977 | 911 |
978 SBFullHashResult malware_full_hash; | 912 SBFullHashResult malware_full_hash; |
979 GenUrlFullHashResult(bad_url, MALWARE, &malware_full_hash); | 913 GenUrlFullHashResult(bad_url, MALWARE, &malware_full_hash); |
980 SetupResponseForUrl(bad_url, malware_full_hash); | 914 SetupResponseForUrl(bad_url, malware_full_hash); |
981 | 915 |
(...skipping 987 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1969 | 1903 |
1970 EXPECT_TRUE(ShowingInterstitialPage()); | 1904 EXPECT_TRUE(ShowingInterstitialPage()); |
1971 EXPECT_TRUE(got_hit_report()); | 1905 EXPECT_TRUE(got_hit_report()); |
1972 EXPECT_EQ(bad_url, hit_report().malicious_url); | 1906 EXPECT_EQ(bad_url, hit_report().malicious_url); |
1973 EXPECT_EQ(bad_url, hit_report().page_url); | 1907 EXPECT_EQ(bad_url, hit_report().page_url); |
1974 EXPECT_EQ(first_url, hit_report().referrer_url); | 1908 EXPECT_EQ(first_url, hit_report().referrer_url); |
1975 EXPECT_FALSE(hit_report().is_subresource); | 1909 EXPECT_FALSE(hit_report().is_subresource); |
1976 } | 1910 } |
1977 | 1911 |
1978 IN_PROC_BROWSER_TEST_F(V4SafeBrowsingServiceTest, | 1912 IN_PROC_BROWSER_TEST_F(V4SafeBrowsingServiceTest, |
1979 SubresourceFilterEndToEndTest) { | |
1980 subresource_filter::testing::ScopedSubresourceFilterFeatureToggle | |
1981 scoped_feature_toggle( | |
1982 base::FeatureList::OVERRIDE_ENABLE_FEATURE, | |
1983 subresource_filter::kActivationLevelEnabled, | |
1984 subresource_filter::kActivationScopeActivationList, | |
1985 subresource_filter::kActivationListSocialEngineeringAdsInterstitial); | |
1986 | |
1987 subresource_filter::testing::TestRulesetCreator ruleset_creator; | |
1988 subresource_filter::testing::TestRulesetPair test_ruleset_pair; | |
1989 ruleset_creator.CreateRulesetToDisallowURLsWithPathSuffix( | |
1990 "included_script.js", &test_ruleset_pair); | |
1991 subresource_filter::testing::TestRulesetPublisher test_ruleset_publisher; | |
1992 ASSERT_NO_FATAL_FAILURE( | |
1993 test_ruleset_publisher.SetRuleset(test_ruleset_pair.unindexed)); | |
1994 | |
1995 GURL phishing_url = embedded_test_server()->GetURL( | |
1996 "/subresource_filter/frame_with_included_script.html"); | |
1997 MarkUrlForPhishingUnexpired(phishing_url, | |
1998 ThreatPatternType::SOCIAL_ENGINEERING_ADS); | |
1999 | |
2000 WebContents* web_contents = | |
2001 browser()->tab_strip_model()->GetActiveWebContents(); | |
2002 | |
2003 // Navigation to a phishing page should trigger an interstitial. If the user | |
2004 // clicks through it, the page load should proceed, but with subresource | |
2005 // filtering activated. This is verified by probing whether `included_script` | |
2006 // that is disallowed above indeed fails to load. | |
2007 EXPECT_CALL(observer_, OnSafeBrowsingHit(IsUnsafeResourceFor(phishing_url))); | |
2008 ui_test_utils::NavigateToURL(browser(), phishing_url); | |
2009 ASSERT_TRUE(Mock::VerifyAndClearExpectations(&observer_)); | |
2010 ASSERT_TRUE(got_hit_report()); | |
2011 content::WaitForInterstitialAttach(web_contents); | |
2012 ASSERT_TRUE(ShowingInterstitialPage()); | |
2013 | |
2014 content::WindowedNotificationObserver load_stop_observer( | |
2015 content::NOTIFICATION_LOAD_STOP, | |
2016 content::Source<content::NavigationController>( | |
2017 &web_contents->GetController())); | |
2018 InterstitialPage* interstitial_page = web_contents->GetInterstitialPage(); | |
2019 ASSERT_TRUE(interstitial_page); | |
2020 interstitial_page->Proceed(); | |
2021 load_stop_observer.Wait(); | |
2022 ASSERT_FALSE(ShowingInterstitialPage()); | |
2023 EXPECT_FALSE(WasSubresourceFilterProbeScriptLoaded()); | |
2024 | |
2025 // Navigate to a page that loads the same script, but is not a phishing page. | |
2026 // The load should be allowed. | |
2027 GURL safe_url = embedded_test_server()->GetURL( | |
2028 "/subresource_filter/frame_with_allowed_script.html"); | |
2029 ui_test_utils::NavigateToURL(browser(), safe_url); | |
2030 EXPECT_FALSE(ShowingInterstitialPage()); | |
2031 EXPECT_TRUE(WasSubresourceFilterProbeScriptLoaded()); | |
2032 | |
2033 // Navigate to the phishing page again -- should be no interstitial shown, but | |
2034 // subresource filtering should still be activated. | |
2035 EXPECT_CALL(observer_, OnSafeBrowsingHit(IsUnsafeResourceFor(phishing_url))) | |
2036 .Times(0); | |
2037 ui_test_utils::NavigateToURL(browser(), phishing_url); | |
2038 EXPECT_FALSE(ShowingInterstitialPage()); | |
2039 EXPECT_FALSE(WasSubresourceFilterProbeScriptLoaded()); | |
2040 } | |
2041 | |
2042 IN_PROC_BROWSER_TEST_F(V4SafeBrowsingServiceTest, | |
2043 SubResourceHitWithMainFrameReferrer) { | 1913 SubResourceHitWithMainFrameReferrer) { |
2044 GURL first_url = embedded_test_server()->GetURL(kEmptyPage); | 1914 GURL first_url = embedded_test_server()->GetURL(kEmptyPage); |
2045 GURL second_url = embedded_test_server()->GetURL(kMalwarePage); | 1915 GURL second_url = embedded_test_server()->GetURL(kMalwarePage); |
2046 GURL bad_url = embedded_test_server()->GetURL(kMalwareImg); | 1916 GURL bad_url = embedded_test_server()->GetURL(kMalwareImg); |
2047 | 1917 |
2048 MarkUrlForMalwareUnexpired(bad_url); | 1918 MarkUrlForMalwareUnexpired(bad_url); |
2049 | 1919 |
2050 // Navigate to first, safe page. | 1920 // Navigate to first, safe page. |
2051 ui_test_utils::NavigateToURL(browser(), first_url); | 1921 ui_test_utils::NavigateToURL(browser(), first_url); |
2052 EXPECT_FALSE(ShowingInterstitialPage()); | 1922 EXPECT_FALSE(ShowingInterstitialPage()); |
(...skipping 436 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2489 } | 2359 } |
2490 | 2360 |
2491 INSTANTIATE_TEST_CASE_P( | 2361 INSTANTIATE_TEST_CASE_P( |
2492 MaybeSetMetadata, | 2362 MaybeSetMetadata, |
2493 V4SafeBrowsingServiceMetadataTest, | 2363 V4SafeBrowsingServiceMetadataTest, |
2494 testing::Values(ThreatPatternType::NONE, | 2364 testing::Values(ThreatPatternType::NONE, |
2495 ThreatPatternType::MALWARE_LANDING, | 2365 ThreatPatternType::MALWARE_LANDING, |
2496 ThreatPatternType::MALWARE_DISTRIBUTION)); | 2366 ThreatPatternType::MALWARE_DISTRIBUTION)); |
2497 | 2367 |
2498 } // namespace safe_browsing | 2368 } // namespace safe_browsing |
OLD | NEW |