Chromium Code Reviews Chromium Code Reviews
Issue 2934373002:
Record Code Signature of Downloaded DMG files (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/download_protection_service.h" | 5 #include "chrome/browser/safe_browsing/download_protection_service.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 1429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1440 CheckClientDownloadReportCorruptZip) { | 1440 CheckClientDownloadReportCorruptZip) { |
| 1441 CheckClientDownloadReportCorruptArchive(ZIP); | 1441 CheckClientDownloadReportCorruptArchive(ZIP); |
| 1442 } | 1442 } |
| 1443 | 1443 |
| 1444 #if defined(OS_MACOSX) | 1444 #if defined(OS_MACOSX) |
| 1445 TEST_F(DownloadProtectionServiceTest, | 1445 TEST_F(DownloadProtectionServiceTest, |
| 1446 CheckClientDownloadReportCorruptDmg) { | 1446 CheckClientDownloadReportCorruptDmg) { |
| 1447 CheckClientDownloadReportCorruptArchive(DMG); | 1447 CheckClientDownloadReportCorruptArchive(DMG); |
| 1448 } | 1448 } |
| 1449 | 1449 |
| 1450 // Tests that signatures get recorded and uploaded for signed DMGs. | |
| 1451 TEST_F(DownloadProtectionServiceTest, | |
| 1452 CheckClientDownloadReportDmgWithSignature) { | |
| 1453 net::FakeURLFetcherFactory factory(NULL); | |
| 1454 PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK, | |
| 1455 net::URLRequestStatus::SUCCESS); | |
| 1456 | |
| 1457 base::FilePath signed_dmg; | |
| 1458 EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg)); | |
| 1459 signed_dmg = signed_dmg.AppendASCII("safe_browsing") | |
| 1460 .AppendASCII("download_protection") | |
| 1461 .AppendASCII("googlechrome.dmg"); | |
| 1462 | |
| 1463 NiceMockDownloadItem item; | |
| 1464 PrepareBasicDownloadItemWithFullPaths( | |
| 1465 &item, {"http://www.evil.com/a.dmg"}, // url_chain | |
| 1466 "http://www.google.com/", // referrer | |
| 1467 signed_dmg, // tmp_path | |
| 1468 temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path | |
| 1469 | |
| 1470 RunLoop run_loop; | |
| 1471 download_service_->CheckClientDownload( | |
| 1472 &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | |
| 1473 base::Unretained(this), run_loop.QuitClosure())); | |
| 1474 run_loop.Run(); | |
| 1475 | |
| 1476 ASSERT_TRUE(HasClientDownloadRequest()); | |
| 1477 EXPECT_TRUE(GetClientDownloadRequest()->has_udif_code_signature()); | |
| 1478 EXPECT_EQ(GetClientDownloadRequest()->udif_code_signature().length(), | |
|
Jialiu Lin
2017/06/28 00:23:34
EXPECT_EQ(expected_value, actual_value);
mortonm
2017/06/28 16:24:41
Done.
| |
| 1479 (uint64_t)9454); | |
| 1480 | |
| 1481 base::FilePath signed_dmg_signature; | |
| 1482 EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg_signature)); | |
| 1483 signed_dmg_signature = signed_dmg_signature.AppendASCII("safe_browsing") | |
| 1484 .AppendASCII("download_protection") | |
| 1485 .AppendASCII("googlechrome_signature.data"); | |
| 1486 | |
| 1487 std::string signature; | |
| 1488 base::ReadFileToString(signed_dmg_signature, &signature); | |
| 1489 EXPECT_EQ(signature.length(), (uint64_t)9454); | |
|
Jialiu Lin
2017/06/28 00:23:35
EXPECT_EQ(expected_value, actual_value);
mortonm
2017/06/28 16:24:41
Done.
| |
| 1490 | |
| 1491 EXPECT_EQ( | |
|
Jialiu Lin
2017/06/28 00:23:34
nit: how about
EXPECT_EQ(signature, GetClientDownl
mortonm
2017/06/28 16:24:41
Done.
| |
| 1492 GetClientDownloadRequest()->udif_code_signature().compare(signature), 0); | |
| 1493 | |
| 1494 base::File file; | |
| 1495 file = base::File(signed_dmg, base::File::FLAG_OPEN | base::File::FLAG_READ); | |
| 1496 ASSERT_TRUE(file.IsValid()); | |
| 1497 | |
| 1498 ClearClientDownloadRequest(); | |
| 1499 | |
| 1500 Mock::VerifyAndClearExpectations(sb_service_.get()); | |
| 1501 Mock::VerifyAndClearExpectations(binary_feature_extractor_.get()); | |
| 1502 } | |
| 1503 | |
| 1504 // Tests that no signature gets recorded and uploaded for unsigned DMGs. | |
| 1505 TEST_F(DownloadProtectionServiceTest, | |
| 1506 CheckClientDownloadReportDmgWithoutSignature) { | |
| 1507 net::FakeURLFetcherFactory factory(NULL); | |
| 1508 PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK, | |
| 1509 net::URLRequestStatus::SUCCESS); | |
| 1510 | |
| 1511 base::FilePath unsigned_dmg; | |
| 1512 EXPECT_TRUE(PathService::Get(chrome::DIR_GEN_TEST_DATA, &unsigned_dmg)); | |
| 1513 unsigned_dmg = unsigned_dmg.AppendASCII("chrome") | |
| 1514 .AppendASCII("safe_browsing_dmg") | |
| 1515 .AppendASCII("mach_o_in_dmg.dmg"); | |
| 1516 | |
| 1517 NiceMockDownloadItem item; | |
| 1518 PrepareBasicDownloadItemWithFullPaths( | |
| 1519 &item, {"http://www.evil.com/a.dmg"}, // url_chain | |
| 1520 "http://www.google.com/", // referrer | |
| 1521 unsigned_dmg, // tmp_path | |
| 1522 temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path | |
| 1523 | |
| 1524 RunLoop run_loop; | |
| 1525 download_service_->CheckClientDownload( | |
| 1526 &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | |
| 1527 base::Unretained(this), run_loop.QuitClosure())); | |
| 1528 run_loop.Run(); | |
| 1529 | |
| 1530 ASSERT_TRUE(HasClientDownloadRequest()); | |
| 1531 EXPECT_FALSE(GetClientDownloadRequest()->has_udif_code_signature()); | |
| 1532 | |
| 1533 ClearClientDownloadRequest(); | |
| 1534 | |
| 1535 Mock::VerifyAndClearExpectations(sb_service_.get()); | |
| 1536 Mock::VerifyAndClearExpectations(binary_feature_extractor_.get()); | |
| 1537 } | |
| 1538 | |
| 1450 // Test that downloaded files with no disk image extension that have a 'koly' | 1539 // Test that downloaded files with no disk image extension that have a 'koly' |
| 1451 // trailer are treated as disk images and processed accordingly. | 1540 // trailer are treated as disk images and processed accordingly. |
| 1452 TEST_F(DownloadProtectionServiceTest, | 1541 TEST_F(DownloadProtectionServiceTest, |
| 1453 CheckClientDownloadReportDmgWithoutExtension) { | 1542 CheckClientDownloadReportDmgWithoutExtension) { |
| 1454 net::FakeURLFetcherFactory factory(NULL); | 1543 net::FakeURLFetcherFactory factory(NULL); |
| 1455 PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK, | 1544 PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK, |
| 1456 net::URLRequestStatus::SUCCESS); | 1545 net::URLRequestStatus::SUCCESS); |
| 1457 | 1546 |
| 1458 base::FilePath test_data; | 1547 base::FilePath test_data; |
| 1459 EXPECT_TRUE(PathService::Get(chrome::DIR_GEN_TEST_DATA, &test_data)); | 1548 EXPECT_TRUE(PathService::Get(chrome::DIR_GEN_TEST_DATA, &test_data)); |
| (...skipping 1002 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2462 &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 2551 &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 2463 base::Unretained(this), run_loop.QuitClosure())); | 2552 base::Unretained(this), run_loop.QuitClosure())); |
| 2464 run_loop.Run(); | 2553 run_loop.Run(); |
| 2465 | 2554 |
| 2466 EXPECT_FALSE(HasClientDownloadRequest()); | 2555 EXPECT_FALSE(HasClientDownloadRequest()); |
| 2467 // Overriden by flag: | 2556 // Overriden by flag: |
| 2468 EXPECT_TRUE(IsResult(DownloadProtectionService::DANGEROUS)); | 2557 EXPECT_TRUE(IsResult(DownloadProtectionService::DANGEROUS)); |
| 2469 } | 2558 } |
| 2470 | 2559 |
| 2471 } // namespace safe_browsing | 2560 } // namespace safe_browsing |
| OLD | NEW |
