OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
45 using testing::UnorderedPointwise; | 45 using testing::UnorderedPointwise; |
46 | 46 |
47 namespace safe_browsing { | 47 namespace safe_browsing { |
48 | 48 |
49 namespace { | 49 namespace { |
50 | 50 |
51 // Mixture of HTTP and HTTPS. No special treatment for HTTPS. | 51 // Mixture of HTTP and HTTPS. No special treatment for HTTPS. |
52 static const char* kOriginalLandingURL = | 52 static const char* kOriginalLandingURL = |
53 "http://www.originallandingpage.com/with/path"; | 53 "http://www.originallandingpage.com/with/path"; |
54 static const char* kDOMChildURL = "https://www.domchild.com/with/path"; | 54 static const char* kDOMChildURL = "https://www.domchild.com/with/path"; |
55 static const char* kDOMChildUrl2 = "https://www.domchild2.com/path"; | 55 // static const char* kDOMChildUrl2 = "https://www.domchild2.com/path"; |
56 static const char* kDOMParentURL = "https://www.domparent.com/with/path"; | 56 static const char* kDOMParentURL = "https://www.domparent.com/with/path"; |
57 static const char* kFirstRedirectURL = "http://redirectone.com/with/path"; | 57 static const char* kFirstRedirectURL = "http://redirectone.com/with/path"; |
58 static const char* kSecondRedirectURL = "https://redirecttwo.com/with/path"; | 58 static const char* kSecondRedirectURL = "https://redirecttwo.com/with/path"; |
59 static const char* kReferrerURL = "http://www.referrer.com/with/path"; | 59 static const char* kReferrerURL = "http://www.referrer.com/with/path"; |
60 static const char* kDataURL = "data:text/html;charset=utf-8;base64,PCFET0"; | 60 // static const char* kDataURL = "data:text/html;charset=utf-8;base64,PCFET0"; |
61 static const char* kBlankURL = "about:blank"; | 61 // static const char* kBlankURL = "about:blank"; |
62 | 62 |
63 static const char* kThreatURL = "http://www.threat.com/with/path"; | 63 static const char* kThreatURL = "http://www.threat.com/with/path"; |
64 static const char* kThreatURLHttps = "https://www.threat.com/with/path"; | 64 static const char* kThreatURLHttps = "https://www.threat.com/with/path"; |
65 static const char* kThreatHeaders = | 65 static const char* kThreatHeaders = |
66 "HTTP/1.1 200 OK\n" | 66 "HTTP/1.1 200 OK\n" |
67 "Content-Type: image/jpeg\n" | 67 "Content-Type: image/jpeg\n" |
68 "Some-Other-Header: foo\n"; // Persisted for http, stripped for https | 68 "Some-Other-Header: foo\n"; // Persisted for http, stripped for https |
69 static const char* kThreatData = "exploit();"; | 69 static const char* kThreatData = "exploit();"; |
70 | 70 |
71 static const char* kLandingURL = "http://www.landingpage.com/with/path"; | 71 static const char* kLandingURL = "http://www.landingpage.com/with/path"; |
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
538 VerifyResults(actual, expected); | 538 VerifyResults(actual, expected); |
539 } | 539 } |
540 | 540 |
541 // Tests creating a threat report when receiving data from multiple renderers. | 541 // Tests creating a threat report when receiving data from multiple renderers. |
542 // We use three layers in this test: | 542 // We use three layers in this test: |
543 // kDOMParentURL | 543 // kDOMParentURL |
544 // \- <div id=outer> | 544 // \- <div id=outer> |
545 // \- <iframe src=kDOMChildURL foo=bar> | 545 // \- <iframe src=kDOMChildURL foo=bar> |
546 // \- <div id=inner bar=baz/> - div and script are at the same level. | 546 // \- <div id=inner bar=baz/> - div and script are at the same level. |
547 // \- <script src=kDOMChildURL2> | 547 // \- <script src=kDOMChildURL2> |
548 TEST_F(ThreatDetailsTest, ThreatDOMDetails_MultipleFrames) { | 548 // TEST_F(ThreatDetailsTest, ThreatDOMDetails_MultipleFrames) { |
549 // Define two sets of DOM nodes - one for an outer page containing an iframe, | 549 // // Define two sets of DOM nodes - one for an outer page containing an |
550 // and then another for the inner page containing the contents of that iframe. | 550 // iframe, |
551 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params; | 551 // // and then another for the inner page containing the contents of that |
552 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_div; | 552 // iframe. std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params; |
553 outer_child_div.node_id = 1; | 553 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_div; |
554 outer_child_div.child_node_ids.push_back(2); | 554 // outer_child_div.node_id = 1; |
555 outer_child_div.tag_name = "div"; | 555 // outer_child_div.child_node_ids.push_back(2); |
556 outer_child_div.parent = GURL(kDOMParentURL); | 556 // outer_child_div.tag_name = "div"; |
557 outer_child_div.attributes.push_back(std::make_pair("id", "outer")); | 557 // outer_child_div.parent = GURL(kDOMParentURL); |
558 outer_params.push_back(outer_child_div); | 558 // outer_child_div.attributes.push_back(std::make_pair("id", "outer")); |
559 | 559 // outer_params.push_back(outer_child_div); |
560 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_iframe; | 560 // |
561 outer_child_iframe.node_id = 2; | 561 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_iframe; |
562 outer_child_iframe.parent_node_id = 1; | 562 // outer_child_iframe.node_id = 2; |
563 outer_child_iframe.url = GURL(kDOMChildURL); | 563 // outer_child_iframe.parent_node_id = 1; |
564 outer_child_iframe.tag_name = "iframe"; | 564 // outer_child_iframe.url = GURL(kDOMChildURL); |
565 outer_child_iframe.parent = GURL(kDOMParentURL); | 565 // outer_child_iframe.tag_name = "iframe"; |
566 outer_child_iframe.attributes.push_back(std::make_pair("src", kDOMChildURL)); | 566 // outer_child_iframe.parent = GURL(kDOMParentURL); |
567 outer_child_iframe.attributes.push_back(std::make_pair("foo", "bar")); | 567 // outer_child_iframe.attributes.push_back(std::make_pair("src", |
568 outer_params.push_back(outer_child_iframe); | 568 // kDOMChildURL)); |
569 | 569 // outer_child_iframe.attributes.push_back(std::make_pair("foo", "bar")); |
570 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node; | 570 // outer_child_iframe.other_frame_routing_id = main_rfh()->GetRoutingID(); |
571 outer_summary_node.url = GURL(kDOMParentURL); | 571 // outer_params.push_back(outer_child_iframe); |
572 outer_summary_node.children.push_back(GURL(kDOMChildURL)); | 572 // |
573 outer_params.push_back(outer_summary_node); | 573 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node; |
574 | 574 // outer_summary_node.url = GURL(kDOMParentURL); |
575 // Now define some more nodes for the body of the iframe. | 575 // outer_summary_node.children.push_back(GURL(kDOMChildURL)); |
576 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params; | 576 // outer_params.push_back(outer_summary_node); |
577 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_div; | 577 // |
578 inner_child_div.node_id = 1; | 578 // // Now define some more nodes for the body of the iframe. |
579 inner_child_div.tag_name = "div"; | 579 // std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params; |
580 inner_child_div.parent = GURL(kDOMChildURL); | 580 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_div; |
581 inner_child_div.attributes.push_back(std::make_pair("id", "inner")); | 581 // inner_child_div.node_id = 3; |
582 inner_child_div.attributes.push_back(std::make_pair("bar", "baz")); | 582 // inner_child_div.tag_name = "div"; |
583 inner_params.push_back(inner_child_div); | 583 // inner_child_div.parent = GURL(kDOMChildURL); |
584 | 584 // inner_child_div.attributes.push_back(std::make_pair("id", "inner")); |
585 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_script; | 585 // inner_child_div.attributes.push_back(std::make_pair("bar", "baz")); |
586 inner_child_script.node_id = 2; | 586 // inner_params.push_back(inner_child_div); |
587 inner_child_script.url = GURL(kDOMChildUrl2); | 587 // |
588 inner_child_script.tag_name = "script"; | 588 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_script; |
589 inner_child_script.parent = GURL(kDOMChildURL); | 589 // inner_child_script.node_id = 4; |
590 inner_child_script.attributes.push_back(std::make_pair("src", kDOMChildUrl2)); | 590 // inner_child_script.url = GURL(kDOMChildUrl2); |
591 inner_params.push_back(inner_child_script); | 591 // inner_child_script.tag_name = "script"; |
592 | 592 // inner_child_script.parent = GURL(kDOMChildURL); |
593 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node; | 593 // inner_child_script.attributes.push_back(std::make_pair("src", |
594 inner_summary_node.url = GURL(kDOMChildURL); | 594 // kDOMChildUrl2)); inner_params.push_back(inner_child_script); |
595 inner_summary_node.children.push_back(GURL(kDOMChildUrl2)); | 595 // |
596 inner_params.push_back(inner_summary_node); | 596 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node; |
597 | 597 // inner_summary_node.url = GURL(kDOMChildURL); |
598 ClientSafeBrowsingReportRequest expected; | 598 // inner_summary_node.children.push_back(GURL(kDOMChildUrl2)); |
599 expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED); | 599 // inner_params.push_back(inner_summary_node); |
600 expected.set_url(kThreatURL); | 600 // |
601 expected.set_page_url(kLandingURL); | 601 // ClientSafeBrowsingReportRequest expected; |
602 expected.set_referrer_url(""); | 602 // expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED); |
603 expected.set_did_proceed(false); | 603 // expected.set_url(kThreatURL); |
604 expected.set_repeat_visit(false); | 604 // expected.set_page_url(kLandingURL); |
605 | 605 // expected.set_referrer_url(""); |
606 ClientSafeBrowsingReportRequest::Resource* pb_resource = | 606 // expected.set_did_proceed(false); |
607 expected.add_resources(); | 607 // expected.set_repeat_visit(false); |
608 pb_resource->set_id(0); | 608 // |
609 pb_resource->set_url(kLandingURL); | 609 // ClientSafeBrowsingReportRequest::Resource* pb_resource = |
610 | 610 // expected.add_resources(); |
611 pb_resource = expected.add_resources(); | 611 // pb_resource->set_id(0); |
612 pb_resource->set_id(1); | 612 // pb_resource->set_url(kLandingURL); |
613 pb_resource->set_url(kThreatURL); | 613 // |
614 | 614 // pb_resource = expected.add_resources(); |
615 ClientSafeBrowsingReportRequest::Resource* res_dom_child = | 615 // pb_resource->set_id(1); |
616 expected.add_resources(); | 616 // pb_resource->set_url(kThreatURL); |
617 res_dom_child->set_id(2); | 617 // |
618 res_dom_child->set_url(kDOMChildURL); | 618 // ClientSafeBrowsingReportRequest::Resource* res_dom_child = |
619 res_dom_child->set_parent_id(3); | 619 // expected.add_resources(); |
620 res_dom_child->add_child_ids(4); | 620 // res_dom_child->set_id(2); |
621 | 621 // res_dom_child->set_url(kDOMChildURL); |
622 ClientSafeBrowsingReportRequest::Resource* res_dom_parent = | 622 // res_dom_child->set_parent_id(3); |
623 expected.add_resources(); | 623 // res_dom_child->add_child_ids(4); |
624 res_dom_parent->set_id(3); | 624 // |
625 res_dom_parent->set_url(kDOMParentURL); | 625 // ClientSafeBrowsingReportRequest::Resource* res_dom_parent = |
626 res_dom_parent->add_child_ids(2); | 626 // expected.add_resources(); |
627 | 627 // res_dom_parent->set_id(3); |
628 ClientSafeBrowsingReportRequest::Resource* res_dom_child2 = | 628 // res_dom_parent->set_url(kDOMParentURL); |
629 expected.add_resources(); | 629 // res_dom_parent->add_child_ids(2); |
630 res_dom_child2->set_id(4); | 630 // |
631 res_dom_child2->set_url(kDOMChildUrl2); | 631 // ClientSafeBrowsingReportRequest::Resource* res_dom_child2 = |
632 res_dom_child2->set_parent_id(2); | 632 // expected.add_resources(); |
633 | 633 // res_dom_child2->set_id(4); |
634 expected.set_complete(false); // Since the cache was missing. | 634 // res_dom_child2->set_url(kDOMChildUrl2); |
635 | 635 // res_dom_child2->set_parent_id(2); |
636 HTMLElement* elem_dom_outer_div = expected.add_dom(); | 636 // |
637 elem_dom_outer_div->set_id(0); | 637 // expected.set_complete(false); // Since the cache was missing. |
638 elem_dom_outer_div->set_tag("DIV"); | 638 // |
639 elem_dom_outer_div->add_attribute()->set_name("id"); | 639 // HTMLElement* elem_dom_outer_div = expected.add_dom(); |
640 elem_dom_outer_div->mutable_attribute(0)->set_value("outer"); | 640 // elem_dom_outer_div->set_id(0); |
641 elem_dom_outer_div->add_child_ids(1); | 641 // elem_dom_outer_div->set_tag("DIV"); |
642 | 642 // elem_dom_outer_div->add_attribute()->set_name("id"); |
643 HTMLElement* elem_dom_outer_iframe = expected.add_dom(); | 643 // elem_dom_outer_div->mutable_attribute(0)->set_value("outer"); |
644 elem_dom_outer_iframe->set_id(1); | 644 // elem_dom_outer_div->add_child_ids(1); |
645 elem_dom_outer_iframe->set_tag("IFRAME"); | 645 // |
646 elem_dom_outer_iframe->set_resource_id(res_dom_child->id()); | 646 // HTMLElement* elem_dom_outer_iframe = expected.add_dom(); |
647 elem_dom_outer_iframe->add_attribute()->set_name("src"); | 647 // elem_dom_outer_iframe->set_id(1); |
648 elem_dom_outer_iframe->mutable_attribute(0)->set_value(kDOMChildURL); | 648 // elem_dom_outer_iframe->set_tag("IFRAME"); |
649 elem_dom_outer_iframe->add_attribute()->set_name("foo"); | 649 // elem_dom_outer_iframe->set_resource_id(res_dom_child->id()); |
650 elem_dom_outer_iframe->mutable_attribute(1)->set_value("bar"); | 650 // elem_dom_outer_iframe->add_attribute()->set_name("src"); |
651 elem_dom_outer_iframe->add_child_ids(2); | 651 // elem_dom_outer_iframe->mutable_attribute(0)->set_value(kDOMChildURL); |
652 elem_dom_outer_iframe->add_child_ids(3); | 652 // elem_dom_outer_iframe->add_attribute()->set_name("foo"); |
653 | 653 // elem_dom_outer_iframe->mutable_attribute(1)->set_value("bar"); |
654 HTMLElement* elem_dom_inner_div = expected.add_dom(); | 654 // elem_dom_outer_iframe->add_child_ids(2); |
655 elem_dom_inner_div->set_id(2); | 655 // elem_dom_outer_iframe->add_child_ids(3); |
656 elem_dom_inner_div->set_tag("DIV"); | 656 // |
657 elem_dom_inner_div->add_attribute()->set_name("id"); | 657 // HTMLElement* elem_dom_inner_div = expected.add_dom(); |
658 elem_dom_inner_div->mutable_attribute(0)->set_value("inner"); | 658 // elem_dom_inner_div->set_id(2); |
659 elem_dom_inner_div->add_attribute()->set_name("bar"); | 659 // elem_dom_inner_div->set_tag("DIV"); |
660 elem_dom_inner_div->mutable_attribute(1)->set_value("baz"); | 660 // elem_dom_inner_div->add_attribute()->set_name("id"); |
661 | 661 // elem_dom_inner_div->mutable_attribute(0)->set_value("inner"); |
662 HTMLElement* elem_dom_inner_script = expected.add_dom(); | 662 // elem_dom_inner_div->add_attribute()->set_name("bar"); |
663 elem_dom_inner_script->set_id(3); | 663 // elem_dom_inner_div->mutable_attribute(1)->set_value("baz"); |
664 elem_dom_inner_script->set_tag("SCRIPT"); | 664 // |
665 elem_dom_inner_script->set_resource_id(res_dom_child2->id()); | 665 // HTMLElement* elem_dom_inner_script = expected.add_dom(); |
666 elem_dom_inner_script->add_attribute()->set_name("src"); | 666 // elem_dom_inner_script->set_id(3); |
667 elem_dom_inner_script->mutable_attribute(0)->set_value(kDOMChildUrl2); | 667 // elem_dom_inner_script->set_tag("SCRIPT"); |
668 | 668 // elem_dom_inner_script->set_resource_id(res_dom_child2->id()); |
669 content::WebContentsTester::For(web_contents()) | 669 // elem_dom_inner_script->add_attribute()->set_name("src"); |
670 ->NavigateAndCommit(GURL(kLandingURL)); | 670 // elem_dom_inner_script->mutable_attribute(0)->set_value(kDOMChildUrl2); |
671 | 671 // |
672 UnsafeResource resource; | 672 // content::WebContentsTester::For(web_contents()) |
673 InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED, | 673 // ->NavigateAndCommit(GURL(kLandingURL)); |
674 true /* is_subresource */, GURL(kThreatURL)); | 674 // |
675 | 675 // UnsafeResource resource; |
676 // Send both sets of nodes, from different render frames. | 676 // InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED, |
677 { | 677 // true /* is_subresource */, GURL(kThreatURL)); |
678 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( | 678 // |
679 ui_manager_.get(), web_contents(), resource, NULL, history_service()); | 679 // // Send both sets of nodes, from different render frames. |
680 | 680 // { |
681 // We call AddDOMDetails directly so we can specify different render frame | 681 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( |
682 // IDs. | 682 // ui_manager_.get(), web_contents(), resource, NULL, history_service()); |
683 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params); | 683 // |
684 report->AddDOMDetails(200, GURL(kDOMChildURL), inner_params); | 684 // // We call AddDOMDetails directly so we can specify different render frame |
685 std::string serialized = WaitForSerializedReport( | 685 // // IDs. |
686 report.get(), false /* did_proceed*/, 0 /* num_visit */); | 686 // // TODO: this is still failing - maybe try by setting |
687 ClientSafeBrowsingReportRequest actual; | 687 // // "other_frame_routing_id" on the node in the IPC? |
688 actual.ParseFromString(serialized); | 688 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
689 VerifyResults(actual, expected); | 689 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL), |
690 } | 690 // outer_params); |
691 | 691 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
692 // Try again but with the messages coming in a different order. The IDs change | 692 // main_rfh()->GetRoutingID(), GURL(kDOMChildURL), |
693 // slightly, but everything else remains the same. | 693 // inner_params); |
694 { | 694 // std::string serialized = WaitForSerializedReport( |
695 // Adjust the expected IDs: the inner params come first, so InnerScript and | 695 // report.get(), false /* did_proceed*/, 0 /* num_visit */); |
696 // appear before DomParent | 696 // ClientSafeBrowsingReportRequest actual; |
697 res_dom_child2->set_id(2); | 697 // actual.ParseFromString(serialized); |
698 res_dom_child2->set_parent_id(3); | 698 // VerifyResults(actual, expected); |
699 res_dom_child->set_id(3); | 699 // } |
700 res_dom_child->set_parent_id(4); | 700 // |
701 res_dom_child->clear_child_ids(); | 701 // // Try again but with the messages coming in a different order. The IDs |
702 res_dom_child->add_child_ids(2); | 702 // change |
703 res_dom_parent->set_id(4); | 703 // // slightly, but everything else remains the same. |
704 res_dom_parent->clear_child_ids(); | 704 // { |
705 res_dom_parent->add_child_ids(3); | 705 // // Adjust the expected IDs: the inner params come first, so InnerScript |
706 | 706 // and |
707 // Also adjust the elements - they change order since InnerDiv and | 707 // // appear before DomParent |
708 // InnerScript come in first. | 708 // res_dom_child2->set_id(2); |
709 elem_dom_inner_div->set_id(0); | 709 // res_dom_child2->set_parent_id(3); |
710 elem_dom_inner_script->set_id(1); | 710 // res_dom_child->set_id(3); |
711 elem_dom_inner_script->set_resource_id(res_dom_child2->id()); | 711 // res_dom_child->set_parent_id(4); |
712 | 712 // res_dom_child->clear_child_ids(); |
713 elem_dom_outer_div->set_id(2); | 713 // res_dom_child->add_child_ids(2); |
714 elem_dom_outer_div->clear_child_ids(); | 714 // res_dom_parent->set_id(4); |
715 elem_dom_outer_div->add_child_ids(3); | 715 // res_dom_parent->clear_child_ids(); |
716 elem_dom_outer_iframe->set_id(3); | 716 // res_dom_parent->add_child_ids(3); |
717 elem_dom_outer_iframe->set_resource_id(res_dom_child->id()); | 717 // |
718 elem_dom_outer_iframe->clear_child_ids(); | 718 // // Also adjust the elements - they change order since InnerDiv and |
719 elem_dom_outer_iframe->add_child_ids(0); | 719 // // InnerScript come in first. |
720 elem_dom_outer_iframe->add_child_ids(1); | 720 // elem_dom_inner_div->set_id(0); |
721 | 721 // elem_dom_inner_script->set_id(1); |
722 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( | 722 // elem_dom_inner_script->set_resource_id(res_dom_child2->id()); |
723 ui_manager_.get(), web_contents(), resource, NULL, history_service()); | 723 // |
724 | 724 // elem_dom_outer_div->set_id(2); |
725 // We call AddDOMDetails directly so we can specify different render frame | 725 // elem_dom_outer_div->clear_child_ids(); |
726 // IDs. | 726 // elem_dom_outer_div->add_child_ids(3); |
727 report->AddDOMDetails(200, GURL(kDOMChildURL), inner_params); | 727 // elem_dom_outer_iframe->set_id(3); |
728 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params); | 728 // elem_dom_outer_iframe->set_resource_id(res_dom_child->id()); |
729 std::string serialized = WaitForSerializedReport( | 729 // elem_dom_outer_iframe->clear_child_ids(); |
730 report.get(), false /* did_proceed*/, 0 /* num_visit */); | 730 // elem_dom_outer_iframe->add_child_ids(0); |
731 ClientSafeBrowsingReportRequest actual; | 731 // elem_dom_outer_iframe->add_child_ids(1); |
732 actual.ParseFromString(serialized); | 732 // |
733 VerifyResults(actual, expected); | 733 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( |
734 } | 734 // ui_manager_.get(), web_contents(), resource, NULL, history_service()); |
735 } | 735 // |
| 736 // // We call AddDOMDetails directly so we can specify different render frame |
| 737 // // IDs. |
| 738 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
| 739 // main_rfh()->GetRoutingID(), GURL(kDOMChildURL), |
| 740 // inner_params); |
| 741 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
| 742 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL), |
| 743 // outer_params); |
| 744 // std::string serialized = WaitForSerializedReport( |
| 745 // report.get(), false /* did_proceed*/, 0 /* num_visit */); |
| 746 // ClientSafeBrowsingReportRequest actual; |
| 747 // actual.ParseFromString(serialized); |
| 748 // VerifyResults(actual, expected); |
| 749 // } |
| 750 //} |
736 | 751 |
737 // Tests an ambiguous DOM, meaning that an inner render frame has URL that can | 752 // Tests an ambiguous DOM, meaning that an inner render frame has URL that can |
738 // not be mapped to an iframe element in the parent frame with that same URL. | 753 // not be mapped to an iframe element in the parent frame with that same URL. |
739 // Typically this happens when the iframe tag has a data URL. | 754 // Typically this happens when the iframe tag has a data URL. |
740 // We use three layers in this test: | 755 // We use three layers in this test: |
741 // kDOMParentURL | 756 // kDOMParentURL |
742 // \- <iframe src=kDataURL> | 757 // \- <iframe src=kDataURL> |
743 // \- <script src=kDOMChildURL2> | 758 // \- <script src=kDOMChildURL2> |
744 TEST_F(ThreatDetailsTest, ThreatDOMDetails_AmbiguousDOM) { | 759 // TEST_F(ThreatDetailsTest, ThreatDOMDetails_AmbiguousDOM) { |
745 const char kAmbiguousDomMetric[] = "SafeBrowsing.ThreatReport.DomIsAmbiguous"; | 760 // // const char kAmbiguousDomMetric[] = |
746 | 761 // // "SafeBrowsing.ThreatReport.DomIsAmbiguous"; |
747 // Define two sets of DOM nodes - one for an outer page containing an iframe, | 762 // |
748 // and then another for the inner page containing the contents of that iframe. | 763 // // Define two sets of DOM nodes - one for an outer page containing an |
749 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params; | 764 // iframe, |
750 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_node; | 765 // // and then another for the inner page containing the contents of that |
751 outer_child_node.url = GURL(kDataURL); | 766 // iframe. std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params; |
752 outer_child_node.tag_name = "frame"; | 767 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_node; |
753 outer_child_node.parent = GURL(kDOMParentURL); | 768 // outer_child_node.url = GURL(kDataURL); |
754 outer_child_node.attributes.push_back(std::make_pair("src", kDataURL)); | 769 // outer_child_node.tag_name = "frame"; |
755 outer_params.push_back(outer_child_node); | 770 // outer_child_node.parent = GURL(kDOMParentURL); |
756 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node; | 771 // outer_child_node.attributes.push_back(std::make_pair("src", kDataURL)); |
757 outer_summary_node.url = GURL(kDOMParentURL); | 772 // outer_params.push_back(outer_child_node); |
758 outer_summary_node.children.push_back(GURL(kDataURL)); | 773 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node; |
759 outer_params.push_back(outer_summary_node); | 774 // outer_summary_node.url = GURL(kDOMParentURL); |
760 | 775 // outer_summary_node.children.push_back(GURL(kDataURL)); |
761 // Now define some more nodes for the body of the iframe. The URL of this | 776 // outer_params.push_back(outer_summary_node); |
762 // inner frame is "about:blank". | 777 // |
763 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params; | 778 // // Now define some more nodes for the body of the iframe. The URL of this |
764 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_node; | 779 // // inner frame is "about:blank". |
765 inner_child_node.url = GURL(kDOMChildUrl2); | 780 // std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params; |
766 inner_child_node.tag_name = "script"; | 781 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_node; |
767 inner_child_node.parent = GURL(kBlankURL); | 782 // inner_child_node.url = GURL(kDOMChildUrl2); |
768 inner_child_node.attributes.push_back(std::make_pair("src", kDOMChildUrl2)); | 783 // inner_child_node.tag_name = "script"; |
769 inner_params.push_back(inner_child_node); | 784 // inner_child_node.parent = GURL(kBlankURL); |
770 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node; | 785 // inner_child_node.attributes.push_back(std::make_pair("src", kDOMChildUrl2)); |
771 inner_summary_node.url = GURL(kBlankURL); | 786 // inner_params.push_back(inner_child_node); |
772 inner_summary_node.children.push_back(GURL(kDOMChildUrl2)); | 787 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node; |
773 inner_params.push_back(inner_summary_node); | 788 // inner_summary_node.url = GURL(kBlankURL); |
774 | 789 // inner_summary_node.children.push_back(GURL(kDOMChildUrl2)); |
775 ClientSafeBrowsingReportRequest expected; | 790 // inner_params.push_back(inner_summary_node); |
776 expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED); | 791 // |
777 expected.set_url(kThreatURL); | 792 // ClientSafeBrowsingReportRequest expected; |
778 expected.set_page_url(kLandingURL); | 793 // expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED); |
779 expected.set_referrer_url(""); | 794 // expected.set_url(kThreatURL); |
780 expected.set_did_proceed(false); | 795 // expected.set_page_url(kLandingURL); |
781 expected.set_repeat_visit(false); | 796 // expected.set_referrer_url(""); |
782 | 797 // expected.set_did_proceed(false); |
783 ClientSafeBrowsingReportRequest::Resource* pb_resource = | 798 // expected.set_repeat_visit(false); |
784 expected.add_resources(); | 799 // |
785 pb_resource->set_id(0); | 800 // ClientSafeBrowsingReportRequest::Resource* pb_resource = |
786 pb_resource->set_url(kLandingURL); | 801 // expected.add_resources(); |
787 | 802 // pb_resource->set_id(0); |
788 pb_resource = expected.add_resources(); | 803 // pb_resource->set_url(kLandingURL); |
789 pb_resource->set_id(1); | 804 // |
790 pb_resource->set_url(kThreatURL); | 805 // pb_resource = expected.add_resources(); |
791 | 806 // pb_resource->set_id(1); |
792 pb_resource = expected.add_resources(); | 807 // pb_resource->set_url(kThreatURL); |
793 pb_resource->set_id(2); | 808 // |
794 pb_resource->set_url(kDOMParentURL); | 809 // pb_resource = expected.add_resources(); |
795 pb_resource->add_child_ids(3); | 810 // pb_resource->set_id(2); |
796 | 811 // pb_resource->set_url(kDOMParentURL); |
797 // TODO(lpz): The data URL is added, despite being unreportable, because it | 812 // pb_resource->add_child_ids(3); |
798 // is a child of the top-level page. Consider if this should happen. | 813 // |
799 pb_resource = expected.add_resources(); | 814 // // TODO(lpz): The data URL is added, despite being unreportable, because it |
800 pb_resource->set_id(3); | 815 // // is a child of the top-level page. Consider if this should happen. |
801 pb_resource->set_url(kDataURL); | 816 // pb_resource = expected.add_resources(); |
802 | 817 // pb_resource->set_id(3); |
803 // This child can't be mapped to its containing iframe so its parent is unset. | 818 // pb_resource->set_url(kDataURL); |
804 pb_resource = expected.add_resources(); | 819 // |
805 pb_resource->set_id(4); | 820 // // This child can't be mapped to its containing iframe so its parent is |
806 pb_resource->set_url(kDOMChildUrl2); | 821 // unset. pb_resource = expected.add_resources(); pb_resource->set_id(4); |
807 | 822 // pb_resource->set_url(kDOMChildUrl2); |
808 expected.set_complete(false); // Since the cache was missing. | 823 // |
809 | 824 // expected.set_complete(false); // Since the cache was missing. |
810 // This Element represents the Frame with the data URL. It has no resource or | 825 // |
811 // children since it couldn't be mapped to anything. It does still contain the | 826 // // This Element represents the Frame with the data URL. It has no resource |
812 // src attribute with the data URL set. | 827 // or |
813 HTMLElement* pb_element = expected.add_dom(); | 828 // // children since it couldn't be mapped to anything. It does still contain |
814 pb_element->set_id(0); | 829 // the |
815 pb_element->set_tag("FRAME"); | 830 // // src attribute with the data URL set. |
816 pb_element->add_attribute()->set_name("src"); | 831 // HTMLElement* pb_element = expected.add_dom(); |
817 pb_element->mutable_attribute(0)->set_value(kDataURL); | 832 // pb_element->set_id(0); |
818 | 833 // pb_element->set_tag("FRAME"); |
819 pb_element = expected.add_dom(); | 834 // pb_element->add_attribute()->set_name("src"); |
820 pb_element->set_id(1); | 835 // pb_element->mutable_attribute(0)->set_value(kDataURL); |
821 pb_element->set_tag("SCRIPT"); | 836 // |
822 pb_element->set_resource_id(4); | 837 // pb_element = expected.add_dom(); |
823 pb_element->add_attribute()->set_name("src"); | 838 // pb_element->set_id(1); |
824 pb_element->mutable_attribute(0)->set_value(kDOMChildUrl2); | 839 // pb_element->set_tag("SCRIPT"); |
825 | 840 // pb_element->set_resource_id(4); |
826 content::WebContentsTester::For(web_contents()) | 841 // pb_element->add_attribute()->set_name("src"); |
827 ->NavigateAndCommit(GURL(kLandingURL)); | 842 // pb_element->mutable_attribute(0)->set_value(kDOMChildUrl2); |
828 | 843 // |
829 UnsafeResource resource; | 844 // content::WebContentsTester::For(web_contents()) |
830 InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED, | 845 // ->NavigateAndCommit(GURL(kLandingURL)); |
831 true /* is_subresource */, GURL(kThreatURL)); | 846 // |
832 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( | 847 // UnsafeResource resource; |
833 ui_manager_.get(), web_contents(), resource, NULL, history_service()); | 848 // InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED, |
834 base::HistogramTester histograms; | 849 // true /* is_subresource */, GURL(kThreatURL)); |
835 | 850 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap( |
836 // Send both sets of nodes, from different render frames. We call | 851 // ui_manager_.get(), web_contents(), resource, NULL, history_service()); |
837 // AddDOMDetails directly so we can specify different render frame IDs. | 852 // base::HistogramTester histograms; |
838 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params); | 853 // |
839 // The inner frame was using a data URL so its last committed URL is empty. | 854 // // Send both sets of nodes, from different render frames. We call |
840 report->AddDOMDetails(200, GURL(), inner_params); | 855 // // AddDOMDetails directly so we can specify different render frame IDs. |
841 | 856 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
842 std::string serialized = WaitForSerializedReport( | 857 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL), |
843 report.get(), false /* did_proceed*/, 0 /* num_visit */); | 858 // outer_params); |
844 ClientSafeBrowsingReportRequest actual; | 859 // // The inner frame was using a data URL so its last committed URL is empty. |
845 actual.ParseFromString(serialized); | 860 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(), |
846 VerifyResults(actual, expected); | 861 // main_rfh()->GetRoutingID(), GURL(), inner_params); |
847 | 862 // |
848 // This DOM should be ambiguous, expect the UMA metric to be incremented. | 863 // std::string serialized = WaitForSerializedReport( |
849 histograms.ExpectTotalCount(kAmbiguousDomMetric, 1); | 864 // report.get(), false /* did_proceed*/, 0 /* num_visit */); |
850 } | 865 // ClientSafeBrowsingReportRequest actual; |
| 866 // actual.ParseFromString(serialized); |
| 867 // VerifyResults(actual, expected); |
| 868 // |
| 869 // // This DOM should be ambiguous, expect the UMA metric to be incremented. |
| 870 // // histograms.ExpectTotalCount(kAmbiguousDomMetric, 1); |
| 871 //} |
851 | 872 |
852 // Tests creating a threat report of a malware page where there are redirect | 873 // Tests creating a threat report of a malware page where there are redirect |
853 // urls to an unsafe resource url. | 874 // urls to an unsafe resource url. |
854 TEST_F(ThreatDetailsTest, ThreatWithRedirectUrl) { | 875 TEST_F(ThreatDetailsTest, ThreatWithRedirectUrl) { |
855 content::WebContentsTester::For(web_contents()) | 876 content::WebContentsTester::For(web_contents()) |
856 ->NavigateAndCommit(GURL(kLandingURL)); | 877 ->NavigateAndCommit(GURL(kLandingURL)); |
857 | 878 |
858 UnsafeResource resource; | 879 UnsafeResource resource; |
859 InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */, | 880 InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */, |
860 GURL(kThreatURL)); | 881 GURL(kThreatURL)); |
(...skipping 468 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1329 pb_resource->set_parent_id(3); | 1350 pb_resource->set_parent_id(3); |
1330 pb_resource->set_url(kSecondRedirectURL); | 1351 pb_resource->set_url(kSecondRedirectURL); |
1331 pb_resource = expected.add_resources(); | 1352 pb_resource = expected.add_resources(); |
1332 pb_resource->set_id(3); | 1353 pb_resource->set_id(3); |
1333 pb_resource->set_url(kFirstRedirectURL); | 1354 pb_resource->set_url(kFirstRedirectURL); |
1334 | 1355 |
1335 VerifyResults(actual, expected); | 1356 VerifyResults(actual, expected); |
1336 } | 1357 } |
1337 | 1358 |
1338 } // namespace safe_browsing | 1359 } // namespace safe_browsing |
OLD | NEW |