OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "components/safe_browsing/password_protection/password_protection_servi
ce.h" | 4 #include "components/safe_browsing/password_protection/password_protection_servi
ce.h" |
5 | 5 |
6 #include "base/memory/ptr_util.h" | 6 #include "base/memory/ptr_util.h" |
7 #include "base/run_loop.h" | 7 #include "base/run_loop.h" |
8 #include "base/single_thread_task_runner.h" | 8 #include "base/single_thread_task_runner.h" |
9 #include "base/strings/string_number_conversions.h" | 9 #include "base/strings/string_number_conversions.h" |
10 #include "base/test/histogram_tester.h" | 10 #include "base/test/histogram_tester.h" |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 void TearDown() override { content_setting_map_->ShutdownOnUIThread(); } | 158 void TearDown() override { content_setting_map_->ShutdownOnUIThread(); } |
159 | 159 |
160 // Sets up |database_manager_| and |requests_| as needed. | 160 // Sets up |database_manager_| and |requests_| as needed. |
161 void InitializeAndStartPasswordOnFocusRequest(bool match_whitelist, | 161 void InitializeAndStartPasswordOnFocusRequest(bool match_whitelist, |
162 int timeout_in_ms) { | 162 int timeout_in_ms) { |
163 GURL target_url(kTargetUrl); | 163 GURL target_url(kTargetUrl); |
164 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) | 164 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) |
165 .WillRepeatedly(testing::Return(match_whitelist)); | 165 .WillRepeatedly(testing::Return(match_whitelist)); |
166 | 166 |
167 request_ = new PasswordProtectionRequest( | 167 request_ = new PasswordProtectionRequest( |
168 target_url, GURL(kFormActionUrl), GURL(kPasswordFrameUrl), | 168 nullptr, target_url, GURL(kFormActionUrl), GURL(kPasswordFrameUrl), |
169 std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE, | 169 std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE, |
170 password_protection_service_.get(), timeout_in_ms); | 170 password_protection_service_.get(), timeout_in_ms); |
171 request_->Start(); | 171 request_->Start(); |
172 } | 172 } |
173 | 173 |
174 void InitializeAndStartPasswordEntryRequest(bool match_whitelist, | 174 void InitializeAndStartPasswordEntryRequest(bool match_whitelist, |
175 int timeout_in_ms) { | 175 int timeout_in_ms) { |
176 GURL target_url(kTargetUrl); | 176 GURL target_url(kTargetUrl); |
177 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) | 177 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) |
178 .WillRepeatedly(testing::Return(match_whitelist)); | 178 .WillRepeatedly(testing::Return(match_whitelist)); |
179 | 179 |
180 request_ = new PasswordProtectionRequest( | 180 request_ = new PasswordProtectionRequest( |
181 target_url, GURL(), GURL(), std::string(kSavedDomain), | 181 nullptr, target_url, GURL(), GURL(), std::string(kSavedDomain), |
182 LoginReputationClientRequest::PASSWORD_REUSE_EVENT, | 182 LoginReputationClientRequest::PASSWORD_REUSE_EVENT, |
183 password_protection_service_.get(), timeout_in_ms); | 183 password_protection_service_.get(), timeout_in_ms); |
184 request_->Start(); | 184 request_->Start(); |
185 } | 185 } |
186 | 186 |
187 bool PathVariantsMatchCacheExpression(const GURL& url, | 187 bool PathVariantsMatchCacheExpression(const GURL& url, |
188 const std::string& cache_expression) { | 188 const std::string& cache_expression) { |
189 std::vector<std::string> paths; | 189 std::vector<std::string> paths; |
190 PasswordProtectionService::GeneratePathVariantsWithoutQuery(url, &paths); | 190 PasswordProtectionService::GeneratePathVariantsWithoutQuery(url, &paths); |
191 return PasswordProtectionService::PathVariantsMatchCacheExpression( | 191 return PasswordProtectionService::PathVariantsMatchCacheExpression( |
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
389 password_protection_service_->GetCachedVerdict( | 389 password_protection_service_->GetCachedVerdict( |
390 GURL("http://bar.com"), &actual_verdict)); | 390 GURL("http://bar.com"), &actual_verdict)); |
391 | 391 |
392 // If delete all history. All password protection content settings should be | 392 // If delete all history. All password protection content settings should be |
393 // gone. | 393 // gone. |
394 password_protection_service_->RemoveContentSettingsOnURLsDeleted( | 394 password_protection_service_->RemoveContentSettingsOnURLsDeleted( |
395 true /* all_history */, history::URLRows()); | 395 true /* all_history */, history::URLRows()); |
396 EXPECT_EQ(0U, GetStoredVerdictCount()); | 396 EXPECT_EQ(0U, GetStoredVerdictCount()); |
397 } | 397 } |
398 | 398 |
399 TEST_F(PasswordProtectionServiceTest, | 399 TEST_F(PasswordProtectionServiceTest, VerifyCanGetReputationOfURL) { |
400 TestNoRequestCreatedIfMainFrameURLIsNotValid) { | 400 // Invalid main frame URL. |
401 ASSERT_EQ(0u, password_protection_service_->GetPendingRequestsCount()); | 401 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(GURL())); |
402 password_protection_service_->MaybeStartPasswordFieldOnFocusRequest( | |
403 GURL(), GURL("http://foo.com/submit"), GURL("http://foo.com/frame")); | |
404 EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount()); | |
405 } | |
406 | 402 |
407 TEST_F(PasswordProtectionServiceTest, | 403 // Main frame URL scheme is not HTTP or HTTPS. |
408 TestNoRequestCreatedIfMainFrameURLIsNotHttpOrHttps) { | 404 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
409 ASSERT_EQ(0u, password_protection_service_->GetPendingRequestsCount()); | 405 GURL("data:text/html, <p>hellow"))); |
410 // If main frame url is data url, don't create request. | |
411 password_protection_service_->MaybeStartPasswordFieldOnFocusRequest( | |
412 GURL("data:text/html, <p>hellow"), GURL("http://foo.com/submit"), | |
413 GURL("http://foo.com/frame")); | |
414 EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount()); | |
415 | 406 |
416 // If main frame url is ftp, don't create request. | 407 // Main frame URL is a local host. |
417 password_protection_service_->MaybeStartPasswordFieldOnFocusRequest( | 408 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
418 GURL("ftp://foo.com:21"), GURL("http://foo.com/submit"), | 409 GURL("http://localhost:80"))); |
419 GURL("http://foo.com/frame")); | 410 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
420 EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount()); | 411 GURL("http://127.0.0.1"))); |
| 412 |
| 413 // Main frame URL is a private IP address or anything in an IANA-reserved |
| 414 // range. |
| 415 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 416 GURL("http://192.168.1.0/"))); |
| 417 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 418 GURL("http://10.0.1.0/"))); |
| 419 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 420 GURL("http://FEED::BEEF"))); |
| 421 |
| 422 // Main frame URL is a no-yet-assigned y ICANN gTLD. |
| 423 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 424 GURL("http://intranet"))); |
| 425 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 426 GURL("http://host.intranet.example"))); |
| 427 |
| 428 // Main frame URL is a dotless domain. |
| 429 EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL( |
| 430 GURL("http://go/example"))); |
| 431 |
| 432 // Main frame URL is anything else. |
| 433 EXPECT_TRUE(PasswordProtectionService::CanGetReputationOfURL( |
| 434 GURL("http://www.chromium.org"))); |
421 } | 435 } |
422 | 436 |
423 TEST_F(PasswordProtectionServiceTest, TestNoRequestSentForWhitelistedURL) { | 437 TEST_F(PasswordProtectionServiceTest, TestNoRequestSentForWhitelistedURL) { |
424 histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0); | 438 histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0); |
425 InitializeAndStartPasswordOnFocusRequest(true /* match whitelist */, | 439 InitializeAndStartPasswordOnFocusRequest(true /* match whitelist */, |
426 10000 /* timeout in ms*/); | 440 10000 /* timeout in ms*/); |
427 base::RunLoop().RunUntilIdle(); | 441 base::RunLoop().RunUntilIdle(); |
428 EXPECT_EQ(nullptr, password_protection_service_->latest_response()); | 442 EXPECT_EQ(nullptr, password_protection_service_->latest_response()); |
429 EXPECT_THAT( | 443 EXPECT_THAT( |
430 histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName), | 444 histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName), |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
520 EXPECT_EQ(expected_response.cache_duration_sec(), | 534 EXPECT_EQ(expected_response.cache_duration_sec(), |
521 actual_response->cache_duration_sec()); | 535 actual_response->cache_duration_sec()); |
522 } | 536 } |
523 | 537 |
524 TEST_F(PasswordProtectionServiceTest, TestTearDownWithPendingRequests) { | 538 TEST_F(PasswordProtectionServiceTest, TestTearDownWithPendingRequests) { |
525 histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0); | 539 histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0); |
526 GURL target_url(kTargetUrl); | 540 GURL target_url(kTargetUrl); |
527 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) | 541 EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url)) |
528 .WillRepeatedly(testing::Return(false)); | 542 .WillRepeatedly(testing::Return(false)); |
529 password_protection_service_->StartRequest( | 543 password_protection_service_->StartRequest( |
530 target_url, GURL("http://foo.com/submit"), GURL("http://foo.com/frame"), | 544 nullptr, target_url, GURL("http://foo.com/submit"), |
531 std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE); | 545 GURL("http://foo.com/frame"), std::string(), |
| 546 LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE); |
532 | 547 |
533 // Destroy password_protection_service_ while there is one request pending. | 548 // Destroy password_protection_service_ while there is one request pending. |
534 password_protection_service_.reset(); | 549 password_protection_service_.reset(); |
535 base::RunLoop().RunUntilIdle(); | 550 base::RunLoop().RunUntilIdle(); |
536 | 551 |
537 EXPECT_THAT( | 552 EXPECT_THAT( |
538 histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName), | 553 histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName), |
539 testing::ElementsAre(base::Bucket(2 /* CANCELED */, 1))); | 554 testing::ElementsAre(base::Bucket(2 /* CANCELED */, 1))); |
540 } | 555 } |
541 | 556 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
631 EXPECT_EQ(1, actual_request->frames_size()); | 646 EXPECT_EQ(1, actual_request->frames_size()); |
632 EXPECT_EQ(kTargetUrl, actual_request->frames(0).url()); | 647 EXPECT_EQ(kTargetUrl, actual_request->frames(0).url()); |
633 ASSERT_TRUE(actual_request->has_password_reuse_event()); | 648 ASSERT_TRUE(actual_request->has_password_reuse_event()); |
634 ASSERT_EQ(1, actual_request->password_reuse_event() | 649 ASSERT_EQ(1, actual_request->password_reuse_event() |
635 .password_reused_original_origins_size()); | 650 .password_reused_original_origins_size()); |
636 EXPECT_EQ(kSavedDomain, actual_request->password_reuse_event() | 651 EXPECT_EQ(kSavedDomain, actual_request->password_reuse_event() |
637 .password_reused_original_origins(0)); | 652 .password_reused_original_origins(0)); |
638 } | 653 } |
639 | 654 |
640 } // namespace safe_browsing | 655 } // namespace safe_browsing |
OLD | NEW |