Fix incorrect |main_frame_url_| parameter to BaseBlockingPage

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This test creates a fake safebrowsing service, where we can inject known-
 // threat urls.  It then uses a real browser to go to these urls, and sends
 // "goback" or "proceed" commands and verifies they work.
 
 #include <algorithm>
 
@@ skipping 60 matching lines @@
 using security_interstitials::SafeBrowsingErrorUI;
 
 namespace safe_browsing {
 
 namespace {
 
 const char kEmptyPage[] = "empty.html";
 const char kHTTPSPage[] = "/ssl/google.html";
 const char kMaliciousPage[] = "safe_browsing/malware.html";
 const char kCrossSiteMaliciousPage[] = "safe_browsing/malware2.html";
+const char kPageWithCrossOriginMaliciousIframe[] =
+    "safe_browsing/malware3.html";
+const char kCrossOriginMaliciousIframeHost[] = "malware.test";
 const char kMaliciousIframe[] = "safe_browsing/malware_iframe.html";
 const char kUnrelatedUrl[] = "https://www.google.com";
 
 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious
 // URLs.
 class FakeSafeBrowsingDatabaseManager : public TestSafeBrowsingDatabaseManager {
  public:
   FakeSafeBrowsingDatabaseManager() {}
 
   // Called on the IO thread to check if the given url is safe or not.  If we
@@ skipping 332 matching lines @@
   GURL SetupThreatIframeWarningAndNavigate() {
     GURL url = net::URLRequestMockHTTPJob::GetMockUrl(kCrossSiteMaliciousPage);
     GURL iframe_url = net::URLRequestMockHTTPJob::GetMockUrl(kMaliciousIframe);
     SetURLThreatType(iframe_url, testing::get<0>(GetParam()));
 
     ui_test_utils::NavigateToURL(browser(), url);
     EXPECT_TRUE(WaitForReady());
     return url;
   }
 
+  // Adds a safebrowsing threat results to the fake safebrowsing service, and
+  // navigates to a page with a cross-origin iframe containing the threat site.
+  // Returns the url of the parent page and sets |iframe_url| to the malicious
+  // cross-origin iframe.
+  GURL SetupCrossOriginThreatIframeWarningAndNavigate(GURL* iframe_url) {
+    content::SetupCrossSiteRedirector(embedded_test_server());
+    EXPECT_TRUE(embedded_test_server()->Start());
+    GURL url = embedded_test_server()->GetURL(
+        std::string("/") + kPageWithCrossOriginMaliciousIframe);
+    *iframe_url =
+        embedded_test_server()->GetURL(std::string("/") + kMaliciousIframe);
+    GURL::Replacements replace_host;
+    replace_host.SetHostStr(kCrossOriginMaliciousIframeHost);
+    *iframe_url = iframe_url->ReplaceComponents(replace_host);
+    SetURLThreatType(*iframe_url, testing::get<0>(GetParam()));
+
+    ui_test_utils::NavigateToURL(browser(), url);
+    EXPECT_TRUE(WaitForReady());
+    return url;
+  }
+
   void SendCommand(
       security_interstitials::SecurityInterstitialCommands command) {
     WebContents* contents =
         browser()->tab_strip_model()->GetActiveWebContents();
     // We use InterstitialPage::GetInterstitialPage(tab) instead of
     // tab->GetInterstitialPage() because the tab doesn't have a pointer
     // to its interstital page until it gets a command from the renderer
     // that it has indeed displayed it -- and this sometimes happens after
     // NavigateToURL returns.
     SafeBrowsingBlockingPage* interstitial_page =
@@ skipping 845 matching lines @@
 // Test that the security indicator does not stay downgraded after
 // clicking back from a Safe Browsing interstitial triggered by a
 // subresource. Regression test for https://crbug.com/659709.
 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
                        SecurityStateGoBackOnSubresourceInterstitial) {
   // Navigate to a page so that there is somewhere to go back to.
   GURL start_url =
       net::URLRequestMockHTTPJob::GetMockUrl("http://example.test");
   ui_test_utils::NavigateToURL(browser(), start_url);
 
-  // The security indicator should be downgraded while the interstitial shows.
-  SetupThreatIframeWarningAndNavigate();
+  // The security indicator should be downgraded while the interstitial
+  // shows. Load a cross-origin iframe to be sure that the main frame origin
+  // (rather than the subresource origin) is being added and removed from the
+  // whitelist; this is a regression test for https://crbug.com/710955.
+  GURL bad_iframe_url;
+  GURL main_url =
+      SetupCrossOriginThreatIframeWarningAndNavigate(&bad_iframe_url);
   WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(error_tab);
   ExpectSecurityIndicatorDowngrade(error_tab, 0u);
 
   // Go back.
   EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
   EXPECT_EQ(HIDDEN, GetVisibility("details"));
   EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
   EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
   EXPECT_TRUE(Click("details-button"));
   EXPECT_EQ(VISIBLE, GetVisibility("details"));
   EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
   EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
   EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
 
   // The security indicator should *not* still be downgraded after going back.
   AssertNoInterstitial(true);
   WebContents* post_tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(post_tab);
   content::NavigationEntry* entry = post_tab->GetController().GetVisibleEntry();
   ASSERT_TRUE(entry);
   EXPECT_EQ(start_url, entry->GetURL());
   ExpectNoSecurityIndicatorDowngrade(post_tab);
+
+  // Clear the malicious subresource URL, and check that the hostname of the
+  // interstitial is no longer marked as Dangerous.
+  ClearBadURL(bad_iframe_url);
+  ui_test_utils::NavigateToURL(browser(), main_url);
+  ExpectNoSecurityIndicatorDowngrade(
+      browser()->tab_strip_model()->GetActiveWebContents());
 }
 
 // Test that the security indicator is downgraded after clicking through a
 // Safe Browsing interstitial.
 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
                        SecurityState_HTTP) {
   // The security indicator should be downgraded while the interstitial shows.
   SetupWarningAndNavigate();
   WebContents* error_tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(error_tab);
@@ skipping 104 matching lines @@
 
 INSTANTIATE_TEST_CASE_P(
     SafeBrowsingBlockingPageIDNTestWithThreatType,
     SafeBrowsingBlockingPageIDNTest,
     testing::Combine(testing::Values(false, true),
                      testing::Values(SB_THREAT_TYPE_URL_MALWARE,
                                      SB_THREAT_TYPE_URL_PHISHING,
                                      SB_THREAT_TYPE_URL_UNWANTED)));
 
 }  // namespace safe_browsing