Implement 'Not secure' warning for non-secure pages in Incognito mode

components/security_state/core/security_state_unittest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/security_state/core/security_state.h"
 
 #include <stdint.h>
+#include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/ptr_util.h"
 #include "base/test/histogram_tester.h"
+#include "base/test/scoped_command_line.h"
+#include "components/security_state/core/switches.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/test_certificate_data.h"
 #include "net/test/test_data_directory.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace security_state {
 
@@ skipping 19 matching lines @@
         cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(),
                                       "sha1_2016.pem")),
         connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2
                            << net::SSL_CONNECTION_VERSION_SHIFT),
         cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT),
         displayed_mixed_content_(false),
         contained_mixed_form_(false),
         ran_mixed_content_(false),
         malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE),
         displayed_password_field_on_http_(false),
-        displayed_credit_card_field_on_http_(false) {}
+        displayed_credit_card_field_on_http_(false),
+        is_incognito_(false) {}
   virtual ~TestSecurityStateHelper() {}
 
   void SetCertificate(scoped_refptr<net::X509Certificate> cert) {
     cert_ = std::move(cert);
   }
   void set_connection_status(int connection_status) {
     connection_status_ = connection_status;
   }
   void SetCipherSuite(uint16_t ciphersuite) {
     net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_);
@@ skipping 15 matching lines @@
     malicious_content_status_ = malicious_content_status;
   }
   void set_displayed_password_field_on_http(
       bool displayed_password_field_on_http) {
     displayed_password_field_on_http_ = displayed_password_field_on_http;
   }
   void set_displayed_credit_card_field_on_http(
       bool displayed_credit_card_field_on_http) {
     displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http;
   }
+  void set_is_incognito(bool is_incognito) { is_incognito_ = is_incognito; }
 
   void SetUrl(const GURL& url) { url_ = url; }
 
   std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const {
     auto state = base::MakeUnique<VisibleSecurityState>();
     state->connection_info_initialized = true;
     state->url = url_;
     state->certificate = cert_;
     state->cert_status = cert_status_;
     state->connection_status = connection_status_;
     state->security_bits = 256;
     state->displayed_mixed_content = displayed_mixed_content_;
     state->contained_mixed_form = contained_mixed_form_;
     state->ran_mixed_content = ran_mixed_content_;
     state->malicious_content_status = malicious_content_status_;
     state->displayed_password_field_on_http = displayed_password_field_on_http_;
     state->displayed_credit_card_field_on_http =
         displayed_credit_card_field_on_http_;
+    state->is_incognito = is_incognito_;
     return state;
   }
 
   void GetSecurityInfo(SecurityInfo* security_info) const {
     security_state::GetSecurityInfo(
         GetVisibleSecurityState(),
         false /* used policy installed certificate */,
         base::Bind(&IsOriginSecure), security_info);
   }
 
  private:
   GURL url_;
   scoped_refptr<net::X509Certificate> cert_;
   int connection_status_;
   net::CertStatus cert_status_;
   bool displayed_mixed_content_;
   bool contained_mixed_form_;
   bool ran_mixed_content_;
   MaliciousContentStatus malicious_content_status_;
   bool displayed_password_field_on_http_;
   bool displayed_credit_card_field_on_http_;
+  bool is_incognito_;
 };
 
 }  // namespace
 
 // Tests that SHA1-signed certificates, when not allowed by policy, downgrade
 // the security state of the page to DANGEROUS.
 TEST(SecurityStateTest, SHA1Blocked) {
   TestSecurityStateHelper helper;
   helper.AddCertStatus(net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM);
   helper.AddCertStatus(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT);
@@ skipping 209 matching lines @@
     TestSecurityStateHelper helper;
     helper.SetUrl(GURL(url));
     SecurityInfo security_info;
     helper.GetSecurityInfo(&security_info);
     EXPECT_FALSE(security_info.displayed_password_field_on_http);
     EXPECT_FALSE(security_info.displayed_credit_card_field_on_http);
     EXPECT_EQ(NONE, security_info.security_level);
   }
 }
 
+// Tests that |is_incognito| is set only when the corresponding
+// VisibleSecurityState flag is set.
+TEST(SecurityStateTest, IncognitoFlagPropagates) {
+  TestSecurityStateHelper helper;
+  helper.SetUrl(GURL(kHttpUrl));
+  SecurityInfo security_info;
+  helper.GetSecurityInfo(&security_info);
+  EXPECT_FALSE(security_info.is_incognito);
+
+  helper.set_is_incognito(true);
+  helper.GetSecurityInfo(&security_info);
+  EXPECT_TRUE(security_info.is_incognito);
+}
+
 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is
 // computed for a page.
 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) {
   const char* kHistogramName = "SSL.MarkHttpAsStatus";
   base::HistogramTester histograms;
   TestSecurityStateHelper helper;
   helper.SetUrl(GURL(kHttpUrl));
 
   // Ensure histogram recorded correctly when a non-secure password input is
   // found on the page.
   helper.set_displayed_password_field_on_http(true);
   SecurityInfo security_info;
   histograms.ExpectTotalCount(kHistogramName, 0);
   helper.GetSecurityInfo(&security_info);
-  histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1);
+  histograms.ExpectUniqueSample(
+      kHistogramName, 2 /* HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS */, 1);
 
   // Ensure histogram recorded correctly even without a password input.
   helper.set_displayed_password_field_on_http(false);
   helper.GetSecurityInfo(&security_info);
-  histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2);
+  histograms.ExpectUniqueSample(
+      kHistogramName, 2 /* HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS */, 2);
+
+  {
+    // Test the "non-secure-while-incognito" configuration.
+    base::test::ScopedCommandLine scoped_command_line;
+    scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII(
+        security_state::switches::kMarkHttpAs,
+        security_state::switches::kMarkHttpAsNonSecureWhileIncognito);
+
+    base::HistogramTester histograms;
+    TestSecurityStateHelper helper;
+    helper.SetUrl(GURL(kHttpUrl));
+
+    // Ensure histogram recorded correctly when the Incognito flag is present.
+    helper.set_is_incognito(true);
+    SecurityInfo security_info;
+    histograms.ExpectTotalCount(kHistogramName, 0);
+    helper.GetSecurityInfo(&security_info);
+    histograms.ExpectUniqueSample(kHistogramName,
+                                  4 /* NON_SECURE_WHILE_INCOGNITO */, 1);
+
+    // Ensure histogram recorded correctly even without the Incognito flag.
+    helper.set_displayed_password_field_on_http(false);

[estark, 2017/06/09 05:09:38]

set_is_incognito?

[elawrence, 2017/06/13 15:31:36]

Gah, fixed.

+    helper.GetSecurityInfo(&security_info);
+    histograms.ExpectUniqueSample(kHistogramName,
+                                  4 /* NON_SECURE_WHILE_INCOGNITO */, 2);
+  }
+
+  {
+    // Test the "non-secure-while-incognito-or-editing" configuration.
+    base::test::ScopedCommandLine scoped_command_line;
+    scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII(
+        security_state::switches::kMarkHttpAs,
+        security_state::switches::kMarkHttpAsNonSecureWhileIncognitoOrEditing);
+
+    base::HistogramTester histograms;
+    TestSecurityStateHelper helper;
+    helper.SetUrl(GURL(kHttpUrl));
+
+    // Ensure histogram recorded correctly when the Incognito flag is present.
+    helper.set_is_incognito(true);
+    SecurityInfo security_info;
+    histograms.ExpectTotalCount(kHistogramName, 0);
+    helper.GetSecurityInfo(&security_info);
+    histograms.ExpectUniqueSample(
+        kHistogramName, 5 /* NON_SECURE_WHILE_INCOGNITO_OR_EDITING */, 1);
+
+    // Ensure histogram recorded correctly even without the Incognito flag.
+    helper.set_displayed_password_field_on_http(false);

[estark, 2017/06/09 05:09:38]

ditto

[elawrence, 2017/06/13 15:31:36]

Gah, fixed.

+    helper.GetSecurityInfo(&security_info);
+    histograms.ExpectUniqueSample(
+        kHistogramName, 5 /* NON_SECURE_WHILE_INCOGNITO_OR_EDITING */, 2);
+  }
 }
 
 TEST(SecurityStateTest, DetectSubjectAltName) {
   TestSecurityStateHelper helper;
 
   // Ensure subjectAltName is detected as present when the cert includes it.
   SecurityInfo san_security_info;
   helper.GetSecurityInfo(&san_security_info);
   EXPECT_FALSE(san_security_info.cert_missing_subject_alt_name);
 
@@ skipping 28 matching lines @@
   helper.set_ran_mixed_content(true);
   SecurityInfo mixed_form_and_active_security_info;
   helper.GetSecurityInfo(&mixed_form_and_active_security_info);
   EXPECT_TRUE(mixed_form_and_active_security_info.contained_mixed_form);
   EXPECT_EQ(CONTENT_STATUS_RAN,
             mixed_form_and_active_security_info.mixed_content_status);
   EXPECT_EQ(DANGEROUS, mixed_form_and_active_security_info.security_level);
 }
 
 }  // namespace security_state