Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2696)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/download_protection_service_unittest.cc

Issue 2934373002: Record Code Signature of Downloaded DMG files (Closed)
Patch Set: simplifying data structures in download_protection_service.cc Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/safe_browsing/download_protection_service.cc ('K') | « chrome/browser/safe_browsing/download_protection_service.cc ('k') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('j') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/download_protection_service_unittest.cc
diff --git a/chrome/browser/safe_browsing/download_protection_service_unittest.cc b/chrome/browser/safe_browsing/download_protection_service_unittest.cc
index b4d7c76cc14b730919fb7e03e9d9d741ea453af3..04937bab676c2ac0999f6d0c9713273fb812bd9f 100644
--- a/chrome/browser/safe_browsing/download_protection_service_unittest.cc
+++ b/chrome/browser/safe_browsing/download_protection_service_unittest.cc
@@ -1447,6 +1447,95 @@ TEST_F(DownloadProtectionServiceTest,
CheckClientDownloadReportCorruptArchive(DMG);
}
+// Tests that signatures get recorded and uploaded for signed DMGs.
+TEST_F(DownloadProtectionServiceTest,
+ CheckClientDownloadReportDmgWithSignature) {
+ net::FakeURLFetcherFactory factory(NULL);
+ PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK,
+ net::URLRequestStatus::SUCCESS);
+
+ base::FilePath signed_dmg;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg));
+ signed_dmg = signed_dmg.AppendASCII("safe_browsing")
+ .AppendASCII("download_protection")
+ .AppendASCII("googlechrome.dmg");
+
+ NiceMockDownloadItem item;
+ PrepareBasicDownloadItemWithFullPaths(
+ &item, {"http://www.evil.com/a.dmg"}, // url_chain
+ "http://www.google.com/", // referrer
+ signed_dmg, // tmp_path
+ temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path
+
+ RunLoop run_loop;
+ download_service_->CheckClientDownload(
+ &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
+ base::Unretained(this), run_loop.QuitClosure()));
+ run_loop.Run();
+
+ ASSERT_TRUE(HasClientDownloadRequest());
+ EXPECT_TRUE(GetClientDownloadRequest()->has_udif_code_signature());
+ EXPECT_EQ(GetClientDownloadRequest()->udif_code_signature().length(),
Jialiu Lin 2017/06/28 00:23:34 EXPECT_EQ(expected_value, actual_value);
mortonm 2017/06/28 16:24:41 Done.
+ (uint64_t)9454);
+
+ base::FilePath signed_dmg_signature;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg_signature));
+ signed_dmg_signature = signed_dmg_signature.AppendASCII("safe_browsing")
+ .AppendASCII("download_protection")
+ .AppendASCII("googlechrome_signature.data");
+
+ std::string signature;
+ base::ReadFileToString(signed_dmg_signature, &signature);
+ EXPECT_EQ(signature.length(), (uint64_t)9454);
Jialiu Lin 2017/06/28 00:23:35 EXPECT_EQ(expected_value, actual_value);
mortonm 2017/06/28 16:24:41 Done.
+
+ EXPECT_EQ(
Jialiu Lin 2017/06/28 00:23:34 nit: how about EXPECT_EQ(signature, GetClientDownl
mortonm 2017/06/28 16:24:41 Done.
+ GetClientDownloadRequest()->udif_code_signature().compare(signature), 0);
+
+ base::File file;
+ file = base::File(signed_dmg, base::File::FLAG_OPEN | base::File::FLAG_READ);
+ ASSERT_TRUE(file.IsValid());
+
+ ClearClientDownloadRequest();
+
+ Mock::VerifyAndClearExpectations(sb_service_.get());
+ Mock::VerifyAndClearExpectations(binary_feature_extractor_.get());
+}
+
+// Tests that no signature gets recorded and uploaded for unsigned DMGs.
+TEST_F(DownloadProtectionServiceTest,
+ CheckClientDownloadReportDmgWithoutSignature) {
+ net::FakeURLFetcherFactory factory(NULL);
+ PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK,
+ net::URLRequestStatus::SUCCESS);
+
+ base::FilePath unsigned_dmg;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_GEN_TEST_DATA, &unsigned_dmg));
+ unsigned_dmg = unsigned_dmg.AppendASCII("chrome")
+ .AppendASCII("safe_browsing_dmg")
+ .AppendASCII("mach_o_in_dmg.dmg");
+
+ NiceMockDownloadItem item;
+ PrepareBasicDownloadItemWithFullPaths(
+ &item, {"http://www.evil.com/a.dmg"}, // url_chain
+ "http://www.google.com/", // referrer
+ unsigned_dmg, // tmp_path
+ temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path
+
+ RunLoop run_loop;
+ download_service_->CheckClientDownload(
+ &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
+ base::Unretained(this), run_loop.QuitClosure()));
+ run_loop.Run();
+
+ ASSERT_TRUE(HasClientDownloadRequest());
+ EXPECT_FALSE(GetClientDownloadRequest()->has_udif_code_signature());
+
+ ClearClientDownloadRequest();
+
+ Mock::VerifyAndClearExpectations(sb_service_.get());
+ Mock::VerifyAndClearExpectations(binary_feature_extractor_.get());
+}
+
// Test that downloaded files with no disk image extension that have a 'koly'
// trailer are treated as disk images and processed accordingly.
TEST_F(DownloadProtectionServiceTest,
« chrome/browser/safe_browsing/download_protection_service.cc ('K') | « chrome/browser/safe_browsing/download_protection_service.cc ('k') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('j') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698