Chromium Code Reviews Chromium Code Reviews
Issue 2890293004:
Add the ability to check the CSD Whitelist asynchronously, for PhishGuard. (Closed)
| Index: components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| diff --git a/components/safe_browsing_db/v4_local_database_manager_unittest.cc b/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| index 34cb4ac58871df20b2c77da5b3781a504867ff23..5e20cb753068b6b3dc8919faa76c56272dc503ae 100644 |
| --- a/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| +++ b/components/safe_browsing_db/v4_local_database_manager_unittest.cc |
| @@ -31,7 +31,7 @@ FullHash HashForUrl(const GURL& url) { |
| return full_hashes[0]; |
| } |
| -// Always returns misses from GetFullHashes(). |
| +// Use this if you want GetFullHashes() to always return prescribed results. |
| class FakeGetHashProtocolManager : public V4GetHashProtocolManager { |
| public: |
| FakeGetHashProtocolManager( |
| @@ -74,6 +74,7 @@ class FakeGetHashProtocolManagerFactory |
| }; |
| // Use FakeGetHashProtocolManagerFactory in scope, then reset. |
| +// You should make sure the DatabaseManager is created _after_ this. |
| class ScopedFakeGetHashProtocolManagerFactory { |
| public: |
| ScopedFakeGetHashProtocolManagerFactory( |
| @@ -113,6 +114,8 @@ class FakeV4Database : public V4Database { |
| StoreAndHashPrefixes* store_and_hash_prefixes) override { |
| store_and_hash_prefixes->clear(); |
| for (const StoreAndHashPrefix& stored_sahp : store_and_hash_prefixes_) { |
| + if (stores_to_check.count(stored_sahp.list_id) == 0) |
| + continue; |
| const PrefixSize& prefix_size = stored_sahp.hash_prefix.size(); |
| if (!full_hash.compare(0, prefix_size, stored_sahp.hash_prefix)) { |
| store_and_hash_prefixes->push_back(stored_sahp); |
| @@ -159,6 +162,8 @@ class FakeV4Database : public V4Database { |
| const bool stores_available_; |
| }; |
| +// TODO(nparker): This might be simpler with a mock and EXPECT calls. |
|
vakh (use Gerrit instead)
2017/06/01 00:54:36
Feel free to assign it to me.
|
| +// That would also catch unexpected calls. |
| class TestClient : public SafeBrowsingDatabaseManager::Client { |
| public: |
| TestClient(SBThreatType sb_threat_type, |
| @@ -166,17 +171,10 @@ class TestClient : public SafeBrowsingDatabaseManager::Client { |
| V4LocalDatabaseManager* manager_to_cancel = nullptr) |
| : expected_sb_threat_type(sb_threat_type), |
| expected_urls(1, url), |
| - on_check_browse_url_result_called_(false), |
| - on_check_download_urls_result_called_(false), |
| - on_check_resource_url_result_called_(false), |
| manager_to_cancel_(manager_to_cancel) {} |
| TestClient(SBThreatType sb_threat_type, const std::vector<GURL>& url_chain) |
| - : expected_sb_threat_type(sb_threat_type), |
| - expected_urls(url_chain), |
| - on_check_browse_url_result_called_(false), |
| - on_check_download_urls_result_called_(false), |
| - on_check_resource_url_result_called_(false) {} |
| + : expected_sb_threat_type(sb_threat_type), expected_urls(url_chain) {} |
| void OnCheckBrowseUrlResult(const GURL& url, |
| SBThreatType threat_type, |
| @@ -197,6 +195,7 @@ class TestClient : public SafeBrowsingDatabaseManager::Client { |
| ASSERT_EQ(threat_type == SB_THREAT_TYPE_SAFE, threat_hash.empty()); |
| on_check_resource_url_result_called_ = true; |
| } |
| + |
| void OnCheckDownloadUrlResult(const std::vector<GURL>& url_chain, |
| SBThreatType threat_type) override { |
| ASSERT_EQ(expected_urls, url_chain); |
| @@ -206,12 +205,26 @@ class TestClient : public SafeBrowsingDatabaseManager::Client { |
| SBThreatType expected_sb_threat_type; |
| std::vector<GURL> expected_urls; |
| - bool on_check_browse_url_result_called_; |
| - bool on_check_download_urls_result_called_; |
| - bool on_check_resource_url_result_called_; |
| + bool on_check_browse_url_result_called_ = false; |
| + bool on_check_download_urls_result_called_ = false; |
| + bool on_check_resource_url_result_called_ = false; |
| V4LocalDatabaseManager* manager_to_cancel_; |
| }; |
| +class TestWhitelistClient : public SafeBrowsingDatabaseManager::Client { |
| + public: |
| + explicit TestWhitelistClient(bool whitelist_expected) |
| + : whitelist_expected_(whitelist_expected) {} |
| + |
| + void OnCheckWhitelistUrlResult(bool is_whitelisted) override { |
| + EXPECT_EQ(whitelist_expected_, is_whitelisted); |
| + callback_called_ = true; |
| + } |
| + |
| + const bool whitelist_expected_; |
| + bool callback_called_ = false; |
| +}; |
| + |
| class TestExtensionClient : public SafeBrowsingDatabaseManager::Client { |
| public: |
| TestExtensionClient(const std::set<FullHash>& expected_bad_crxs) |
| @@ -229,18 +242,19 @@ class TestExtensionClient : public SafeBrowsingDatabaseManager::Client { |
| class FakeV4LocalDatabaseManager : public V4LocalDatabaseManager { |
| public: |
| - void PerformFullHashCheck(std::unique_ptr<PendingCheck> check, |
| - const FullHashToStoreAndHashPrefixesMap& |
| - full_hash_to_store_and_hash_prefixes) override { |
| - perform_full_hash_check_called_ = true; |
| - } |
| - |
| FakeV4LocalDatabaseManager( |
| const base::FilePath& base_path, |
| ExtendedReportingLevelCallback extended_reporting_level_callback) |
| : V4LocalDatabaseManager(base_path, extended_reporting_level_callback), |
| perform_full_hash_check_called_(false) {} |
| + // V4LocalDatabaseManager impl: |
| + void PerformFullHashCheck(std::unique_ptr<PendingCheck> check, |
| + const FullHashToStoreAndHashPrefixesMap& |
| + full_hash_to_store_and_hash_prefixes) override { |
| + perform_full_hash_check_called_ = true; |
| + } |
| + |
| static bool PerformFullHashCheckCalled( |
| scoped_refptr<safe_browsing::V4LocalDatabaseManager>& v4_ldbm) { |
| FakeV4LocalDatabaseManager* fake = |
| @@ -426,6 +440,127 @@ TEST_F(V4LocalDatabaseManagerTest, TestCheckBrowseUrlWithFakeDbReturnsMatch) { |
| WaitForTasksOnTaskRunner(); |
| } |
| +TEST_F(V4LocalDatabaseManagerTest, TestCheckCsdWhitelistWithPrefixMatch) { |
| + // Setup to receive full-hash misses. We won't make URL requests. |
| + ScopedFakeGetHashProtocolManagerFactory pin(FullHashInfos({})); |
| + ResetLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + std::string url_white_no_scheme("example.com/white/"); |
| + FullHash white_full_hash(crypto::SHA256HashString(url_white_no_scheme)); |
| + const HashPrefix white_hash_prefix(white_full_hash.substr(0, 5)); |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + store_and_hash_prefixes.emplace_back(GetUrlCsdWhitelistId(), |
| + white_hash_prefix); |
| + ReplaceV4Database(store_and_hash_prefixes, true /* stores_available */); |
| + |
| + TestWhitelistClient client(false /* whitelist_expected */); |
| + const GURL url_check("https://" + url_white_no_scheme); |
| + EXPECT_EQ(AsyncMatch::ASYNC, v4_local_database_manager_->CheckCsdWhitelistUrl( |
| + url_check, &client)); |
| + |
| + EXPECT_FALSE(client.callback_called_); |
| + |
| + // Wait for PerformFullHashCheck to complete. |
| + WaitForTasksOnTaskRunner(); |
| + EXPECT_TRUE(client.callback_called_); |
| +} |
| + |
| +// This is like CsdWhitelistWithPrefixMatch, but we also verify the |
| +// full-hash-match results in an appropriate callback value. |
| +TEST_F(V4LocalDatabaseManagerTest, |
| + TestCheckCsdWhitelistWithPrefixTheFullMatch) { |
| + std::string url_white_no_scheme("example.com/white/"); |
| + FullHash white_full_hash(crypto::SHA256HashString(url_white_no_scheme)); |
| + |
| + // Setup to receive full-hash hit. We won't make URL requests. |
| + FullHashInfos infos( |
| + {{white_full_hash, GetUrlCsdWhitelistId(), base::Time::Now()}}); |
| + ScopedFakeGetHashProtocolManagerFactory pin(infos); |
| + ResetLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + const HashPrefix white_hash_prefix(white_full_hash.substr(0, 5)); |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + store_and_hash_prefixes.emplace_back(GetUrlCsdWhitelistId(), |
| + white_hash_prefix); |
| + ReplaceV4Database(store_and_hash_prefixes, true /* stores_available */); |
| + |
| + TestWhitelistClient client(true /* whitelist_expected */); |
| + const GURL url_check("https://" + url_white_no_scheme); |
| + EXPECT_EQ(AsyncMatch::ASYNC, v4_local_database_manager_->CheckCsdWhitelistUrl( |
| + url_check, &client)); |
| + |
| + EXPECT_FALSE(client.callback_called_); |
| + |
| + // Wait for PerformFullHashCheck to complete. |
| + WaitForTasksOnTaskRunner(); |
| + EXPECT_TRUE(client.callback_called_); |
| +} |
| + |
| +TEST_F(V4LocalDatabaseManagerTest, TestCheckCsdWhitelistWithFullMatch) { |
| + // Setup to receive full-hash misses. We won't make URL requests. |
| + ScopedFakeGetHashProtocolManagerFactory pin(FullHashInfos({})); |
| + ResetLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + std::string url_white_no_scheme("example.com/white/"); |
| + FullHash white_full_hash(crypto::SHA256HashString(url_white_no_scheme)); |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + store_and_hash_prefixes.emplace_back(GetUrlCsdWhitelistId(), white_full_hash); |
| + ReplaceV4Database(store_and_hash_prefixes, true /* stores_available */); |
| + |
| + TestWhitelistClient client(false /* whitelist_expected */); |
| + const GURL url_check("https://" + url_white_no_scheme); |
| + EXPECT_EQ(AsyncMatch::MATCH, v4_local_database_manager_->CheckCsdWhitelistUrl( |
| + url_check, &client)); |
| + |
| + WaitForTasksOnTaskRunner(); |
| + EXPECT_FALSE(client.callback_called_); |
| +} |
| + |
| +TEST_F(V4LocalDatabaseManagerTest, TestCheckCsdWhitelistWithNoMatch) { |
| + // Setup to receive full-hash misses. We won't make URL requests. |
| + ScopedFakeGetHashProtocolManagerFactory pin(FullHashInfos({})); |
| + ResetLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + // Add a full hash that won't match the URL we check. |
| + std::string url_white_no_scheme("example.com/white/"); |
| + FullHash white_full_hash(crypto::SHA256HashString(url_white_no_scheme)); |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), white_full_hash); |
| + ReplaceV4Database(store_and_hash_prefixes, true /* stores_available */); |
| + |
| + TestWhitelistClient client(true /* whitelist_expected */); |
| + const GURL url_check("https://other.com/"); |
| + EXPECT_EQ( |
| + AsyncMatch::NO_MATCH, |
| + v4_local_database_manager_->CheckCsdWhitelistUrl(url_check, &client)); |
| + |
| + WaitForTasksOnTaskRunner(); |
| + EXPECT_FALSE(client.callback_called_); |
| +} |
| + |
| +// When whitelist is unavailable, all URLS should be whitelisted. |
| +TEST_F(V4LocalDatabaseManagerTest, TestCheckCsdWhitelistUnavailable) { |
| + // Setup to receive full-hash misses. We won't make URL requests. |
| + ScopedFakeGetHashProtocolManagerFactory pin(FullHashInfos({})); |
| + ResetLocalDatabaseManager(); |
| + WaitForTasksOnTaskRunner(); |
| + |
| + StoreAndHashPrefixes store_and_hash_prefixes; |
| + ReplaceV4Database(store_and_hash_prefixes, false /* stores_available */); |
| + |
| + TestWhitelistClient client(false /* whitelist_expected */); |
| + const GURL url_check("https://other.com/"); |
| + EXPECT_EQ(AsyncMatch::MATCH, v4_local_database_manager_->CheckCsdWhitelistUrl( |
| + url_check, &client)); |
| + |
| + WaitForTasksOnTaskRunner(); |
| + EXPECT_FALSE(client.callback_called_); |
| +} |
| + |
| TEST_F(V4LocalDatabaseManagerTest, |
| TestCheckBrowseUrlReturnsNoMatchWhenDisabled) { |
| WaitForTasksOnTaskRunner(); |
| @@ -671,7 +806,7 @@ TEST_F(V4LocalDatabaseManagerTest, TestMatchDownloadWhitelistUrl) { |
| GURL other_url("http://iffy.com"); |
| StoreAndHashPrefixes store_and_hash_prefixes; |
| - store_and_hash_prefixes.emplace_back(GetCertCsdDownloadWhitelistId(), |
| + store_and_hash_prefixes.emplace_back(GetUrlCsdDownloadWhitelistId(), |
| HashForUrl(good_url)); |
| ReplaceV4Database(store_and_hash_prefixes, false /* not available */); |
