chrome/browser/safe_browsing/threat_details_unittest.cc - Issue 2837603002: Content API changes to improve DOM stitching in ThreatDetails code.

Side by Side Diff: chrome/browser/safe_browsing/threat_details_unittest.cc

Issue 2837603002: Content API changes to improve DOM stitching in ThreatDetails code. (Closed)

Patch Set: Set output pointers correctly Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/safe_browsing/threat_details.cc ('K') | « chrome/browser/safe_browsing/threat_details.cc ('k') | components/safe_browsing/common/safebrowsing_messages.h » ('j') | components/safe_browsing/common/safebrowsing_messages.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stdint.h>	5 #include <stdint.h>

6	6

7 #include <algorithm>	7 #include <algorithm>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/macros.h"	10 #include "base/macros.h"

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
45 using testing::UnorderedPointwise;	45 using testing::UnorderedPointwise;

46	46

47 namespace safe_browsing {	47 namespace safe_browsing {

48	48

49 namespace {	49 namespace {

50	50

51 // Mixture of HTTP and HTTPS. No special treatment for HTTPS.	51 // Mixture of HTTP and HTTPS. No special treatment for HTTPS.

52 static const char* kOriginalLandingURL =	52 static const char* kOriginalLandingURL =

53 "http://www.originallandingpage.com/with/path";	53 "http://www.originallandingpage.com/with/path";

54 static const char* kDOMChildURL = "https://www.domchild.com/with/path";	54 static const char* kDOMChildURL = "https://www.domchild.com/with/path";

55 static const char* kDOMChildUrl2 = "https://www.domchild2.com/path";	55 // static const char* kDOMChildUrl2 = "https://www.domchild2.com/path";
	Charlie Reis 2017/05/05 21:03:07 I don't think you meant to leave all this commente I don't think you meant to leave all this commented out code in the test, right? :) lpz 2017/05/10 14:21:09 Not forever, but maybe you can help with this part Show quoted text On 2017/05/05 21:03:07, Charlie Reis wrote: > I don't think you meant to leave all this commented out code in the test, right? > :) Not forever, but maybe you can help with this part :) These tests currently fail because the call to RenderFrameHost::GetFrameTreeNodeIdForRoutingId doesn't work (I'm assuming because g_routing_id_frame_proxy_map isn't populated correctly) - it just returns -1. Is there support for mocking this lookup in content somewhere? My other options seem to be to just delete these test (we do have browser tests that exercise similar stuff), or try to figure out a way to plug in a fake object to do the lookup. Thoughts? Charlie Reis 2017/05/10 22:17:49 Ah. Yes, it's pretty hard to test subframes and O Show quoted text On 2017/05/10 14:21:09, lpz wrote: > On 2017/05/05 21:03:07, Charlie Reis wrote: > > I don't think you meant to leave all this commented out code in the test, > right? > > :) > > Not forever, but maybe you can help with this part :) > > These tests currently fail because the call to > RenderFrameHost::GetFrameTreeNodeIdForRoutingId doesn't work (I'm assuming > because g_routing_id_frame_proxy_map isn't populated correctly) - it just > returns -1. Is there support for mocking this lookup in content somewhere? My > other options seem to be to just delete these test (we do have browser tests > that exercise similar stuff), or try to figure out a way to plug in a fake > object to do the lookup. > > Thoughts? Ah. Yes, it's pretty hard to test subframes and OOPIFs in unit tests, without having renderer processes involved. It does look like you might be using the wrong (or missing) routing IDs below for child frames, but then again, there probably aren't any child RenderFrameHosts or RenderFrameProxyHosts created in this test. That explains why we can't look them up. I suppose you could use TestRenderFrameHost::AppendChild to create some subframes that have routing IDs, at which point you could simulate the renderer passing up that routing ID. That might let you keep this test code. It may even be possible to simulate an OOPIF that way, but I wouldn't recommend it-- it'd be fragile, and it's something that is better to test in a browser test. lpz 2017/05/12 13:53:15 Awesome, AppendChild did exactly what I need here. Show quoted text On 2017/05/10 22:17:49, Charlie Reis wrote: > On 2017/05/10 14:21:09, lpz wrote: > > On 2017/05/05 21:03:07, Charlie Reis wrote: > > > I don't think you meant to leave all this commented out code in the test, > > right? > > > :) > > > > Not forever, but maybe you can help with this part :) > > > > These tests currently fail because the call to > > RenderFrameHost::GetFrameTreeNodeIdForRoutingId doesn't work (I'm assuming > > because g_routing_id_frame_proxy_map isn't populated correctly) - it just > > returns -1. Is there support for mocking this lookup in content somewhere? My > > other options seem to be to just delete these test (we do have browser tests > > that exercise similar stuff), or try to figure out a way to plug in a fake > > object to do the lookup. > > > > Thoughts? > > Ah. Yes, it's pretty hard to test subframes and OOPIFs in unit tests, without > having renderer processes involved. > > It does look like you might be using the wrong (or missing) routing IDs below > for child frames, but then again, there probably aren't any child > RenderFrameHosts or RenderFrameProxyHosts created in this test. That explains > why we can't look them up. > > I suppose you could use TestRenderFrameHost::AppendChild to create some > subframes that have routing IDs, at which point you could simulate the renderer > passing up that routing ID. That might let you keep this test code. > > It may even be possible to simulate an OOPIF that way, but I wouldn't recommend > it-- it'd be fragile, and it's something that is better to test in a browser > test. Awesome, AppendChild did exactly what I need here. Thanks!
56 static const char* kDOMParentURL = "https://www.domparent.com/with/path";	56 static const char* kDOMParentURL = "https://www.domparent.com/with/path";

57 static const char* kFirstRedirectURL = "http://redirectone.com/with/path";	57 static const char* kFirstRedirectURL = "http://redirectone.com/with/path";

58 static const char* kSecondRedirectURL = "https://redirecttwo.com/with/path";	58 static const char* kSecondRedirectURL = "https://redirecttwo.com/with/path";

59 static const char* kReferrerURL = "http://www.referrer.com/with/path";	59 static const char* kReferrerURL = "http://www.referrer.com/with/path";

60 static const char* kDataURL = "data:text/html;charset=utf-8;base64,PCFET0";	60 // static const char* kDataURL = "data:text/html;charset=utf-8;base64,PCFET0";

61 static const char* kBlankURL = "about:blank";	61 // static const char* kBlankURL = "about:blank";

62	62

63 static const char* kThreatURL = "http://www.threat.com/with/path";	63 static const char* kThreatURL = "http://www.threat.com/with/path";

64 static const char* kThreatURLHttps = "https://www.threat.com/with/path";	64 static const char* kThreatURLHttps = "https://www.threat.com/with/path";

65 static const char* kThreatHeaders =	65 static const char* kThreatHeaders =

66 "HTTP/1.1 200 OK\n"	66 "HTTP/1.1 200 OK\n"

67 "Content-Type: image/jpeg\n"	67 "Content-Type: image/jpeg\n"

68 "Some-Other-Header: foo\n"; // Persisted for http, stripped for https	68 "Some-Other-Header: foo\n"; // Persisted for http, stripped for https

69 static const char* kThreatData = "exploit();";	69 static const char* kThreatData = "exploit();";

70	70

71 static const char* kLandingURL = "http://www.landingpage.com/with/path";	71 static const char* kLandingURL = "http://www.landingpage.com/with/path";

(...skipping 466 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
538 VerifyResults(actual, expected);	538 VerifyResults(actual, expected);

539 }	539 }

540	540

541 // Tests creating a threat report when receiving data from multiple renderers.	541 // Tests creating a threat report when receiving data from multiple renderers.

542 // We use three layers in this test:	542 // We use three layers in this test:

543 // kDOMParentURL	543 // kDOMParentURL

544 // \- <div id=outer>	544 // \- <div id=outer>

545 // \- <iframe src=kDOMChildURL foo=bar>	545 // \- <iframe src=kDOMChildURL foo=bar>

546 // \- <div id=inner bar=baz/> - div and script are at the same level.	546 // \- <div id=inner bar=baz/> - div and script are at the same level.

547 // \- <script src=kDOMChildURL2>	547 // \- <script src=kDOMChildURL2>

548 TEST_F(ThreatDetailsTest, ThreatDOMDetails_MultipleFrames) {	548 // TEST_F(ThreatDetailsTest, ThreatDOMDetails_MultipleFrames) {

549 // Define two sets of DOM nodes - one for an outer page containing an iframe,	549 // // Define two sets of DOM nodes - one for an outer page containing an

550 // and then another for the inner page containing the contents of that iframe.	550 // iframe,

551 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params;	551 // // and then another for the inner page containing the contents of that

552 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_div;	552 // iframe. std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params;

553 outer_child_div.node_id = 1;	553 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_div;

554 outer_child_div.child_node_ids.push_back(2);	554 // outer_child_div.node_id = 1;

555 outer_child_div.tag_name = "div";	555 // outer_child_div.child_node_ids.push_back(2);

556 outer_child_div.parent = GURL(kDOMParentURL);	556 // outer_child_div.tag_name = "div";

557 outer_child_div.attributes.push_back(std::make_pair("id", "outer"));	557 // outer_child_div.parent = GURL(kDOMParentURL);

558 outer_params.push_back(outer_child_div);	558 // outer_child_div.attributes.push_back(std::make_pair("id", "outer"));

559	559 // outer_params.push_back(outer_child_div);

560 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_iframe;	560 //

561 outer_child_iframe.node_id = 2;	561 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_iframe;

562 outer_child_iframe.parent_node_id = 1;	562 // outer_child_iframe.node_id = 2;

563 outer_child_iframe.url = GURL(kDOMChildURL);	563 // outer_child_iframe.parent_node_id = 1;

564 outer_child_iframe.tag_name = "iframe";	564 // outer_child_iframe.url = GURL(kDOMChildURL);

565 outer_child_iframe.parent = GURL(kDOMParentURL);	565 // outer_child_iframe.tag_name = "iframe";

566 outer_child_iframe.attributes.push_back(std::make_pair("src", kDOMChildURL));	566 // outer_child_iframe.parent = GURL(kDOMParentURL);

567 outer_child_iframe.attributes.push_back(std::make_pair("foo", "bar"));	567 // outer_child_iframe.attributes.push_back(std::make_pair("src",

568 outer_params.push_back(outer_child_iframe);	568 // kDOMChildURL));

569	569 // outer_child_iframe.attributes.push_back(std::make_pair("foo", "bar"));

570 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node;	570 // outer_child_iframe.other_frame_routing_id = main_rfh()->GetRoutingID();
	Charlie Reis 2017/05/10 22:17:49 This looks like one problem-- we're using the main This looks like one problem-- we're using the main frame's routing ID when it should be the child frame's routing ID, right? lpz 2017/05/12 13:53:15 Done. Show quoted text On 2017/05/10 22:17:49, Charlie Reis wrote: > This looks like one problem-- we're using the main frame's routing ID when it > should be the child frame's routing ID, right? Done.
571 outer_summary_node.url = GURL(kDOMParentURL);	571 // outer_params.push_back(outer_child_iframe);

572 outer_summary_node.children.push_back(GURL(kDOMChildURL));	572 //

573 outer_params.push_back(outer_summary_node);	573 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node;

574	574 // outer_summary_node.url = GURL(kDOMParentURL);

575 // Now define some more nodes for the body of the iframe.	575 // outer_summary_node.children.push_back(GURL(kDOMChildURL));

576 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params;	576 // outer_params.push_back(outer_summary_node);

577 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_div;	577 //

578 inner_child_div.node_id = 1;	578 // // Now define some more nodes for the body of the iframe.

579 inner_child_div.tag_name = "div";	579 // std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params;

580 inner_child_div.parent = GURL(kDOMChildURL);	580 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_div;

581 inner_child_div.attributes.push_back(std::make_pair("id", "inner"));	581 // inner_child_div.node_id = 3;

582 inner_child_div.attributes.push_back(std::make_pair("bar", "baz"));	582 // inner_child_div.tag_name = "div";

583 inner_params.push_back(inner_child_div);	583 // inner_child_div.parent = GURL(kDOMChildURL);

584	584 // inner_child_div.attributes.push_back(std::make_pair("id", "inner"));

585 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_script;	585 // inner_child_div.attributes.push_back(std::make_pair("bar", "baz"));

586 inner_child_script.node_id = 2;	586 // inner_params.push_back(inner_child_div);

587 inner_child_script.url = GURL(kDOMChildUrl2);	587 //

588 inner_child_script.tag_name = "script";	588 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_script;

589 inner_child_script.parent = GURL(kDOMChildURL);	589 // inner_child_script.node_id = 4;

590 inner_child_script.attributes.push_back(std::make_pair("src", kDOMChildUrl2));	590 // inner_child_script.url = GURL(kDOMChildUrl2);

591 inner_params.push_back(inner_child_script);	591 // inner_child_script.tag_name = "script";

592	592 // inner_child_script.parent = GURL(kDOMChildURL);

593 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node;	593 // inner_child_script.attributes.push_back(std::make_pair("src",

594 inner_summary_node.url = GURL(kDOMChildURL);	594 // kDOMChildUrl2)); inner_params.push_back(inner_child_script);

595 inner_summary_node.children.push_back(GURL(kDOMChildUrl2));	595 //

596 inner_params.push_back(inner_summary_node);	596 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node;

597	597 // inner_summary_node.url = GURL(kDOMChildURL);

598 ClientSafeBrowsingReportRequest expected;	598 // inner_summary_node.children.push_back(GURL(kDOMChildUrl2));

599 expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED);	599 // inner_params.push_back(inner_summary_node);

600 expected.set_url(kThreatURL);	600 //

601 expected.set_page_url(kLandingURL);	601 // ClientSafeBrowsingReportRequest expected;

602 expected.set_referrer_url("");	602 // expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED);

603 expected.set_did_proceed(false);	603 // expected.set_url(kThreatURL);

604 expected.set_repeat_visit(false);	604 // expected.set_page_url(kLandingURL);

605	605 // expected.set_referrer_url("");

606 ClientSafeBrowsingReportRequest::Resource* pb_resource =	606 // expected.set_did_proceed(false);

607 expected.add_resources();	607 // expected.set_repeat_visit(false);

608 pb_resource->set_id(0);	608 //

609 pb_resource->set_url(kLandingURL);	609 // ClientSafeBrowsingReportRequest::Resource* pb_resource =

610	610 // expected.add_resources();

611 pb_resource = expected.add_resources();	611 // pb_resource->set_id(0);

612 pb_resource->set_id(1);	612 // pb_resource->set_url(kLandingURL);

613 pb_resource->set_url(kThreatURL);	613 //

614	614 // pb_resource = expected.add_resources();

615 ClientSafeBrowsingReportRequest::Resource* res_dom_child =	615 // pb_resource->set_id(1);

616 expected.add_resources();	616 // pb_resource->set_url(kThreatURL);

617 res_dom_child->set_id(2);	617 //

618 res_dom_child->set_url(kDOMChildURL);	618 // ClientSafeBrowsingReportRequest::Resource* res_dom_child =

619 res_dom_child->set_parent_id(3);	619 // expected.add_resources();

620 res_dom_child->add_child_ids(4);	620 // res_dom_child->set_id(2);

621	621 // res_dom_child->set_url(kDOMChildURL);

622 ClientSafeBrowsingReportRequest::Resource* res_dom_parent =	622 // res_dom_child->set_parent_id(3);

623 expected.add_resources();	623 // res_dom_child->add_child_ids(4);

624 res_dom_parent->set_id(3);	624 //

625 res_dom_parent->set_url(kDOMParentURL);	625 // ClientSafeBrowsingReportRequest::Resource* res_dom_parent =

626 res_dom_parent->add_child_ids(2);	626 // expected.add_resources();

627	627 // res_dom_parent->set_id(3);

628 ClientSafeBrowsingReportRequest::Resource* res_dom_child2 =	628 // res_dom_parent->set_url(kDOMParentURL);

629 expected.add_resources();	629 // res_dom_parent->add_child_ids(2);

630 res_dom_child2->set_id(4);	630 //

631 res_dom_child2->set_url(kDOMChildUrl2);	631 // ClientSafeBrowsingReportRequest::Resource* res_dom_child2 =

632 res_dom_child2->set_parent_id(2);	632 // expected.add_resources();

633	633 // res_dom_child2->set_id(4);

634 expected.set_complete(false); // Since the cache was missing.	634 // res_dom_child2->set_url(kDOMChildUrl2);

635	635 // res_dom_child2->set_parent_id(2);

636 HTMLElement* elem_dom_outer_div = expected.add_dom();	636 //

637 elem_dom_outer_div->set_id(0);	637 // expected.set_complete(false); // Since the cache was missing.

638 elem_dom_outer_div->set_tag("DIV");	638 //

639 elem_dom_outer_div->add_attribute()->set_name("id");	639 // HTMLElement* elem_dom_outer_div = expected.add_dom();

640 elem_dom_outer_div->mutable_attribute(0)->set_value("outer");	640 // elem_dom_outer_div->set_id(0);

641 elem_dom_outer_div->add_child_ids(1);	641 // elem_dom_outer_div->set_tag("DIV");

642	642 // elem_dom_outer_div->add_attribute()->set_name("id");

643 HTMLElement* elem_dom_outer_iframe = expected.add_dom();	643 // elem_dom_outer_div->mutable_attribute(0)->set_value("outer");

644 elem_dom_outer_iframe->set_id(1);	644 // elem_dom_outer_div->add_child_ids(1);

645 elem_dom_outer_iframe->set_tag("IFRAME");	645 //

646 elem_dom_outer_iframe->set_resource_id(res_dom_child->id());	646 // HTMLElement* elem_dom_outer_iframe = expected.add_dom();

647 elem_dom_outer_iframe->add_attribute()->set_name("src");	647 // elem_dom_outer_iframe->set_id(1);

648 elem_dom_outer_iframe->mutable_attribute(0)->set_value(kDOMChildURL);	648 // elem_dom_outer_iframe->set_tag("IFRAME");

649 elem_dom_outer_iframe->add_attribute()->set_name("foo");	649 // elem_dom_outer_iframe->set_resource_id(res_dom_child->id());

650 elem_dom_outer_iframe->mutable_attribute(1)->set_value("bar");	650 // elem_dom_outer_iframe->add_attribute()->set_name("src");

651 elem_dom_outer_iframe->add_child_ids(2);	651 // elem_dom_outer_iframe->mutable_attribute(0)->set_value(kDOMChildURL);

652 elem_dom_outer_iframe->add_child_ids(3);	652 // elem_dom_outer_iframe->add_attribute()->set_name("foo");

653	653 // elem_dom_outer_iframe->mutable_attribute(1)->set_value("bar");

654 HTMLElement* elem_dom_inner_div = expected.add_dom();	654 // elem_dom_outer_iframe->add_child_ids(2);

655 elem_dom_inner_div->set_id(2);	655 // elem_dom_outer_iframe->add_child_ids(3);

656 elem_dom_inner_div->set_tag("DIV");	656 //

657 elem_dom_inner_div->add_attribute()->set_name("id");	657 // HTMLElement* elem_dom_inner_div = expected.add_dom();

658 elem_dom_inner_div->mutable_attribute(0)->set_value("inner");	658 // elem_dom_inner_div->set_id(2);

659 elem_dom_inner_div->add_attribute()->set_name("bar");	659 // elem_dom_inner_div->set_tag("DIV");

660 elem_dom_inner_div->mutable_attribute(1)->set_value("baz");	660 // elem_dom_inner_div->add_attribute()->set_name("id");

661	661 // elem_dom_inner_div->mutable_attribute(0)->set_value("inner");

662 HTMLElement* elem_dom_inner_script = expected.add_dom();	662 // elem_dom_inner_div->add_attribute()->set_name("bar");

663 elem_dom_inner_script->set_id(3);	663 // elem_dom_inner_div->mutable_attribute(1)->set_value("baz");

664 elem_dom_inner_script->set_tag("SCRIPT");	664 //

665 elem_dom_inner_script->set_resource_id(res_dom_child2->id());	665 // HTMLElement* elem_dom_inner_script = expected.add_dom();

666 elem_dom_inner_script->add_attribute()->set_name("src");	666 // elem_dom_inner_script->set_id(3);

667 elem_dom_inner_script->mutable_attribute(0)->set_value(kDOMChildUrl2);	667 // elem_dom_inner_script->set_tag("SCRIPT");

668	668 // elem_dom_inner_script->set_resource_id(res_dom_child2->id());

669 content::WebContentsTester::For(web_contents())	669 // elem_dom_inner_script->add_attribute()->set_name("src");

670 ->NavigateAndCommit(GURL(kLandingURL));	670 // elem_dom_inner_script->mutable_attribute(0)->set_value(kDOMChildUrl2);

671	671 //

672 UnsafeResource resource;	672 // content::WebContentsTester::For(web_contents())

673 InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED,	673 // ->NavigateAndCommit(GURL(kLandingURL));

674 true /* is_subresource */, GURL(kThreatURL));	674 //

675	675 // UnsafeResource resource;

676 // Send both sets of nodes, from different render frames.	676 // InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED,

677 {	677 // true /* is_subresource */, GURL(kThreatURL));

678 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(	678 //

679 ui_manager_.get(), web_contents(), resource, NULL, history_service());	679 // // Send both sets of nodes, from different render frames.

680	680 // {

681 // We call AddDOMDetails directly so we can specify different render frame	681 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(

682 // IDs.	682 // ui_manager_.get(), web_contents(), resource, NULL, history_service());

683 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params);	683 //

684 report->AddDOMDetails(200, GURL(kDOMChildURL), inner_params);	684 // // We call AddDOMDetails directly so we can specify different render frame

685 std::string serialized = WaitForSerializedReport(	685 // // IDs.

686 report.get(), false /* did_proceed/, 0 / num_visit */);	686 // // TODO: this is still failing - maybe try by setting

687 ClientSafeBrowsingReportRequest actual;	687 // // "other_frame_routing_id" on the node in the IPC?

688 actual.ParseFromString(serialized);	688 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

689 VerifyResults(actual, expected);	689 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL),

690 }	690 // outer_params);

691	691 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

692 // Try again but with the messages coming in a different order. The IDs change	692 // main_rfh()->GetRoutingID(), GURL(kDOMChildURL),

693 // slightly, but everything else remains the same.	693 // inner_params);

694 {	694 // std::string serialized = WaitForSerializedReport(

695 // Adjust the expected IDs: the inner params come first, so InnerScript and	695 // report.get(), false /* did_proceed/, 0 / num_visit */);

696 // appear before DomParent	696 // ClientSafeBrowsingReportRequest actual;

697 res_dom_child2->set_id(2);	697 // actual.ParseFromString(serialized);

698 res_dom_child2->set_parent_id(3);	698 // VerifyResults(actual, expected);

699 res_dom_child->set_id(3);	699 // }

700 res_dom_child->set_parent_id(4);	700 //

701 res_dom_child->clear_child_ids();	701 // // Try again but with the messages coming in a different order. The IDs

702 res_dom_child->add_child_ids(2);	702 // change

703 res_dom_parent->set_id(4);	703 // // slightly, but everything else remains the same.

704 res_dom_parent->clear_child_ids();	704 // {

705 res_dom_parent->add_child_ids(3);	705 // // Adjust the expected IDs: the inner params come first, so InnerScript

706	706 // and

707 // Also adjust the elements - they change order since InnerDiv and	707 // // appear before DomParent

708 // InnerScript come in first.	708 // res_dom_child2->set_id(2);

709 elem_dom_inner_div->set_id(0);	709 // res_dom_child2->set_parent_id(3);

710 elem_dom_inner_script->set_id(1);	710 // res_dom_child->set_id(3);

711 elem_dom_inner_script->set_resource_id(res_dom_child2->id());	711 // res_dom_child->set_parent_id(4);

712	712 // res_dom_child->clear_child_ids();

713 elem_dom_outer_div->set_id(2);	713 // res_dom_child->add_child_ids(2);

714 elem_dom_outer_div->clear_child_ids();	714 // res_dom_parent->set_id(4);

715 elem_dom_outer_div->add_child_ids(3);	715 // res_dom_parent->clear_child_ids();

716 elem_dom_outer_iframe->set_id(3);	716 // res_dom_parent->add_child_ids(3);

717 elem_dom_outer_iframe->set_resource_id(res_dom_child->id());	717 //

718 elem_dom_outer_iframe->clear_child_ids();	718 // // Also adjust the elements - they change order since InnerDiv and

719 elem_dom_outer_iframe->add_child_ids(0);	719 // // InnerScript come in first.

720 elem_dom_outer_iframe->add_child_ids(1);	720 // elem_dom_inner_div->set_id(0);

721	721 // elem_dom_inner_script->set_id(1);

722 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(	722 // elem_dom_inner_script->set_resource_id(res_dom_child2->id());

723 ui_manager_.get(), web_contents(), resource, NULL, history_service());	723 //

724	724 // elem_dom_outer_div->set_id(2);

725 // We call AddDOMDetails directly so we can specify different render frame	725 // elem_dom_outer_div->clear_child_ids();

726 // IDs.	726 // elem_dom_outer_div->add_child_ids(3);

727 report->AddDOMDetails(200, GURL(kDOMChildURL), inner_params);	727 // elem_dom_outer_iframe->set_id(3);

728 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params);	728 // elem_dom_outer_iframe->set_resource_id(res_dom_child->id());

729 std::string serialized = WaitForSerializedReport(	729 // elem_dom_outer_iframe->clear_child_ids();

730 report.get(), false /* did_proceed/, 0 / num_visit */);	730 // elem_dom_outer_iframe->add_child_ids(0);

731 ClientSafeBrowsingReportRequest actual;	731 // elem_dom_outer_iframe->add_child_ids(1);

732 actual.ParseFromString(serialized);	732 //

733 VerifyResults(actual, expected);	733 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(

734 }	734 // ui_manager_.get(), web_contents(), resource, NULL, history_service());

735 }	735 //

	736 // // We call AddDOMDetails directly so we can specify different render frame

	737 // // IDs.

	738 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

	739 // main_rfh()->GetRoutingID(), GURL(kDOMChildURL),

	740 // inner_params);

	741 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

	742 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL),

	743 // outer_params);

	744 // std::string serialized = WaitForSerializedReport(

	745 // report.get(), false /* did_proceed/, 0 / num_visit */);

	746 // ClientSafeBrowsingReportRequest actual;

	747 // actual.ParseFromString(serialized);

	748 // VerifyResults(actual, expected);

	749 // }

	750 //}

736	751

737 // Tests an ambiguous DOM, meaning that an inner render frame has URL that can	752 // Tests an ambiguous DOM, meaning that an inner render frame has URL that can

738 // not be mapped to an iframe element in the parent frame with that same URL.	753 // not be mapped to an iframe element in the parent frame with that same URL.

739 // Typically this happens when the iframe tag has a data URL.	754 // Typically this happens when the iframe tag has a data URL.

740 // We use three layers in this test:	755 // We use three layers in this test:

741 // kDOMParentURL	756 // kDOMParentURL

742 // \- <iframe src=kDataURL>	757 // \- <iframe src=kDataURL>

743 // \- <script src=kDOMChildURL2>	758 // \- <script src=kDOMChildURL2>

744 TEST_F(ThreatDetailsTest, ThreatDOMDetails_AmbiguousDOM) {	759 // TEST_F(ThreatDetailsTest, ThreatDOMDetails_AmbiguousDOM) {

745 const char kAmbiguousDomMetric[] = "SafeBrowsing.ThreatReport.DomIsAmbiguous";	760 // // const char kAmbiguousDomMetric[] =

746	761 // // "SafeBrowsing.ThreatReport.DomIsAmbiguous";

747 // Define two sets of DOM nodes - one for an outer page containing an iframe,	762 //

748 // and then another for the inner page containing the contents of that iframe.	763 // // Define two sets of DOM nodes - one for an outer page containing an

749 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params;	764 // iframe,

750 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_node;	765 // // and then another for the inner page containing the contents of that

751 outer_child_node.url = GURL(kDataURL);	766 // iframe. std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> outer_params;

752 outer_child_node.tag_name = "frame";	767 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_child_node;

753 outer_child_node.parent = GURL(kDOMParentURL);	768 // outer_child_node.url = GURL(kDataURL);

754 outer_child_node.attributes.push_back(std::make_pair("src", kDataURL));	769 // outer_child_node.tag_name = "frame";
	Charlie Reis 2017/05/10 22:17:49 Should this one have a child_frame_routing_id as w Should this one have a child_frame_routing_id as well? lpz 2017/05/12 13:53:15 Done. Show quoted text On 2017/05/10 22:17:49, Charlie Reis wrote: > Should this one have a child_frame_routing_id as well? Done.
755 outer_params.push_back(outer_child_node);	770 // outer_child_node.parent = GURL(kDOMParentURL);

756 SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node;	771 // outer_child_node.attributes.push_back(std::make_pair("src", kDataURL));

757 outer_summary_node.url = GURL(kDOMParentURL);	772 // outer_params.push_back(outer_child_node);

758 outer_summary_node.children.push_back(GURL(kDataURL));	773 // SafeBrowsingHostMsg_ThreatDOMDetails_Node outer_summary_node;

759 outer_params.push_back(outer_summary_node);	774 // outer_summary_node.url = GURL(kDOMParentURL);

760	775 // outer_summary_node.children.push_back(GURL(kDataURL));

761 // Now define some more nodes for the body of the iframe. The URL of this	776 // outer_params.push_back(outer_summary_node);

762 // inner frame is "about:blank".	777 //

763 std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params;	778 // // Now define some more nodes for the body of the iframe. The URL of this

764 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_node;	779 // // inner frame is "about:blank".

765 inner_child_node.url = GURL(kDOMChildUrl2);	780 // std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node> inner_params;

766 inner_child_node.tag_name = "script";	781 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_child_node;

767 inner_child_node.parent = GURL(kBlankURL);	782 // inner_child_node.url = GURL(kDOMChildUrl2);

768 inner_child_node.attributes.push_back(std::make_pair("src", kDOMChildUrl2));	783 // inner_child_node.tag_name = "script";

769 inner_params.push_back(inner_child_node);	784 // inner_child_node.parent = GURL(kBlankURL);

770 SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node;	785 // inner_child_node.attributes.push_back(std::make_pair("src", kDOMChildUrl2));

771 inner_summary_node.url = GURL(kBlankURL);	786 // inner_params.push_back(inner_child_node);

772 inner_summary_node.children.push_back(GURL(kDOMChildUrl2));	787 // SafeBrowsingHostMsg_ThreatDOMDetails_Node inner_summary_node;

773 inner_params.push_back(inner_summary_node);	788 // inner_summary_node.url = GURL(kBlankURL);

774	789 // inner_summary_node.children.push_back(GURL(kDOMChildUrl2));

775 ClientSafeBrowsingReportRequest expected;	790 // inner_params.push_back(inner_summary_node);

776 expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED);	791 //

777 expected.set_url(kThreatURL);	792 // ClientSafeBrowsingReportRequest expected;

778 expected.set_page_url(kLandingURL);	793 // expected.set_type(ClientSafeBrowsingReportRequest::URL_UNWANTED);

779 expected.set_referrer_url("");	794 // expected.set_url(kThreatURL);

780 expected.set_did_proceed(false);	795 // expected.set_page_url(kLandingURL);

781 expected.set_repeat_visit(false);	796 // expected.set_referrer_url("");

782	797 // expected.set_did_proceed(false);

783 ClientSafeBrowsingReportRequest::Resource* pb_resource =	798 // expected.set_repeat_visit(false);

784 expected.add_resources();	799 //

785 pb_resource->set_id(0);	800 // ClientSafeBrowsingReportRequest::Resource* pb_resource =

786 pb_resource->set_url(kLandingURL);	801 // expected.add_resources();

787	802 // pb_resource->set_id(0);

788 pb_resource = expected.add_resources();	803 // pb_resource->set_url(kLandingURL);

789 pb_resource->set_id(1);	804 //

790 pb_resource->set_url(kThreatURL);	805 // pb_resource = expected.add_resources();

791	806 // pb_resource->set_id(1);

792 pb_resource = expected.add_resources();	807 // pb_resource->set_url(kThreatURL);

793 pb_resource->set_id(2);	808 //

794 pb_resource->set_url(kDOMParentURL);	809 // pb_resource = expected.add_resources();

795 pb_resource->add_child_ids(3);	810 // pb_resource->set_id(2);

796	811 // pb_resource->set_url(kDOMParentURL);

797 // TODO(lpz): The data URL is added, despite being unreportable, because it	812 // pb_resource->add_child_ids(3);

798 // is a child of the top-level page. Consider if this should happen.	813 //

799 pb_resource = expected.add_resources();	814 // // TODO(lpz): The data URL is added, despite being unreportable, because it

800 pb_resource->set_id(3);	815 // // is a child of the top-level page. Consider if this should happen.

801 pb_resource->set_url(kDataURL);	816 // pb_resource = expected.add_resources();

802	817 // pb_resource->set_id(3);

803 // This child can't be mapped to its containing iframe so its parent is unset.	818 // pb_resource->set_url(kDataURL);

804 pb_resource = expected.add_resources();	819 //

805 pb_resource->set_id(4);	820 // // This child can't be mapped to its containing iframe so its parent is

806 pb_resource->set_url(kDOMChildUrl2);	821 // unset. pb_resource = expected.add_resources(); pb_resource->set_id(4);

807	822 // pb_resource->set_url(kDOMChildUrl2);

808 expected.set_complete(false); // Since the cache was missing.	823 //

809	824 // expected.set_complete(false); // Since the cache was missing.

810 // This Element represents the Frame with the data URL. It has no resource or	825 //

811 // children since it couldn't be mapped to anything. It does still contain the	826 // // This Element represents the Frame with the data URL. It has no resource

812 // src attribute with the data URL set.	827 // or

813 HTMLElement* pb_element = expected.add_dom();	828 // // children since it couldn't be mapped to anything. It does still contain

814 pb_element->set_id(0);	829 // the

815 pb_element->set_tag("FRAME");	830 // // src attribute with the data URL set.

816 pb_element->add_attribute()->set_name("src");	831 // HTMLElement* pb_element = expected.add_dom();

817 pb_element->mutable_attribute(0)->set_value(kDataURL);	832 // pb_element->set_id(0);

818	833 // pb_element->set_tag("FRAME");

819 pb_element = expected.add_dom();	834 // pb_element->add_attribute()->set_name("src");

820 pb_element->set_id(1);	835 // pb_element->mutable_attribute(0)->set_value(kDataURL);

821 pb_element->set_tag("SCRIPT");	836 //

822 pb_element->set_resource_id(4);	837 // pb_element = expected.add_dom();

823 pb_element->add_attribute()->set_name("src");	838 // pb_element->set_id(1);

824 pb_element->mutable_attribute(0)->set_value(kDOMChildUrl2);	839 // pb_element->set_tag("SCRIPT");

825	840 // pb_element->set_resource_id(4);

826 content::WebContentsTester::For(web_contents())	841 // pb_element->add_attribute()->set_name("src");

827 ->NavigateAndCommit(GURL(kLandingURL));	842 // pb_element->mutable_attribute(0)->set_value(kDOMChildUrl2);

828	843 //

829 UnsafeResource resource;	844 // content::WebContentsTester::For(web_contents())

830 InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED,	845 // ->NavigateAndCommit(GURL(kLandingURL));

831 true /* is_subresource */, GURL(kThreatURL));	846 //

832 scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(	847 // UnsafeResource resource;

833 ui_manager_.get(), web_contents(), resource, NULL, history_service());	848 // InitResource(&resource, SB_THREAT_TYPE_URL_UNWANTED,

834 base::HistogramTester histograms;	849 // true /* is_subresource */, GURL(kThreatURL));

835	850 // scoped_refptr<ThreatDetailsWrap> report = new ThreatDetailsWrap(

836 // Send both sets of nodes, from different render frames. We call	851 // ui_manager_.get(), web_contents(), resource, NULL, history_service());

837 // AddDOMDetails directly so we can specify different render frame IDs.	852 // base::HistogramTester histograms;

838 report->AddDOMDetails(100, GURL(kDOMParentURL), outer_params);	853 //

839 // The inner frame was using a data URL so its last committed URL is empty.	854 // // Send both sets of nodes, from different render frames. We call

840 report->AddDOMDetails(200, GURL(), inner_params);	855 // // AddDOMDetails directly so we can specify different render frame IDs.

841	856 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

842 std::string serialized = WaitForSerializedReport(	857 // main_rfh()->GetRoutingID(), GURL(kDOMParentURL),

843 report.get(), false /* did_proceed/, 0 / num_visit */);	858 // outer_params);

844 ClientSafeBrowsingReportRequest actual;	859 // // The inner frame was using a data URL so its last committed URL is empty.

845 actual.ParseFromString(serialized);	860 // report->AddDOMDetails(main_rfh()->GetProcess()->GetID(),

846 VerifyResults(actual, expected);	861 // main_rfh()->GetRoutingID(), GURL(), inner_params);

847	862 //

848 // This DOM should be ambiguous, expect the UMA metric to be incremented.	863 // std::string serialized = WaitForSerializedReport(

849 histograms.ExpectTotalCount(kAmbiguousDomMetric, 1);	864 // report.get(), false /* did_proceed/, 0 / num_visit */);

850 }	865 // ClientSafeBrowsingReportRequest actual;

	866 // actual.ParseFromString(serialized);

	867 // VerifyResults(actual, expected);

	868 //

	869 // // This DOM should be ambiguous, expect the UMA metric to be incremented.

	870 // // histograms.ExpectTotalCount(kAmbiguousDomMetric, 1);

	871 //}

851	872

852 // Tests creating a threat report of a malware page where there are redirect	873 // Tests creating a threat report of a malware page where there are redirect

853 // urls to an unsafe resource url.	874 // urls to an unsafe resource url.

854 TEST_F(ThreatDetailsTest, ThreatWithRedirectUrl) {	875 TEST_F(ThreatDetailsTest, ThreatWithRedirectUrl) {

855 content::WebContentsTester::For(web_contents())	876 content::WebContentsTester::For(web_contents())

856 ->NavigateAndCommit(GURL(kLandingURL));	877 ->NavigateAndCommit(GURL(kLandingURL));

857	878

858 UnsafeResource resource;	879 UnsafeResource resource;

859 InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,	880 InitResource(&resource, SB_THREAT_TYPE_URL_MALWARE, true /* is_subresource */,

860 GURL(kThreatURL));	881 GURL(kThreatURL));

(...skipping 468 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1329 pb_resource->set_parent_id(3);	1350 pb_resource->set_parent_id(3);

1330 pb_resource->set_url(kSecondRedirectURL);	1351 pb_resource->set_url(kSecondRedirectURL);

1331 pb_resource = expected.add_resources();	1352 pb_resource = expected.add_resources();

1332 pb_resource->set_id(3);	1353 pb_resource->set_id(3);

1333 pb_resource->set_url(kFirstRedirectURL);	1354 pb_resource->set_url(kFirstRedirectURL);

1334	1355

1335 VerifyResults(actual, expected);	1356 VerifyResults(actual, expected);

1336 }	1357 }

1337	1358

1338 } // namespace safe_browsing	1359 } // namespace safe_browsing

OLD	NEW