Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2560)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/download_protection_service_unittest.cc

Issue 2934373002: Record Code Signature of Downloaded DMG files (Closed)
Patch Set: addressing comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/safe_browsing/download_protection_service.cc ('k') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('j') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/download_protection_service_unittest.cc
diff --git a/chrome/browser/safe_browsing/download_protection_service_unittest.cc b/chrome/browser/safe_browsing/download_protection_service_unittest.cc
index b4d7c76cc14b730919fb7e03e9d9d741ea453af3..b1137d9fdef90e573b6d0c09a09b89a709b37666 100644
--- a/chrome/browser/safe_browsing/download_protection_service_unittest.cc
+++ b/chrome/browser/safe_browsing/download_protection_service_unittest.cc
@@ -1447,6 +1447,96 @@ TEST_F(DownloadProtectionServiceTest,
CheckClientDownloadReportCorruptArchive(DMG);
}
+// Tests that signatures get recorded and uploaded for signed DMGs.
+TEST_F(DownloadProtectionServiceTest,
+ CheckClientDownloadReportDmgWithSignature) {
+ net::FakeURLFetcherFactory factory(NULL);
+ PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK,
+ net::URLRequestStatus::SUCCESS);
+
+ base::FilePath signed_dmg;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg));
+ signed_dmg = signed_dmg.AppendASCII("safe_browsing")
+ .AppendASCII("download_protection")
+ .AppendASCII("googlechrome.dmg");
+
+ NiceMockDownloadItem item;
+ PrepareBasicDownloadItemWithFullPaths(
+ &item, {"http://www.evil.com/a.dmg"}, // url_chain
+ "http://www.google.com/", // referrer
+ signed_dmg, // tmp_path
+ temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path
+
+ RunLoop run_loop;
+ download_service_->CheckClientDownload(
+ &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
+ base::Unretained(this), run_loop.QuitClosure()));
+ run_loop.Run();
+
+ ASSERT_TRUE(HasClientDownloadRequest());
+ EXPECT_TRUE(GetClientDownloadRequest()->has_udif_code_signature());
+ EXPECT_EQ((uint64_t)9454,
Robert Sesek 2017/06/28 18:21:06 Remove the cast and just use |9454u|.
mortonm 2017/06/28 23:07:08 Done.
+ GetClientDownloadRequest()->udif_code_signature().length());
+
+ base::FilePath signed_dmg_signature;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &signed_dmg_signature));
+ signed_dmg_signature = signed_dmg_signature.AppendASCII("safe_browsing")
+ .AppendASCII("download_protection")
+ .AppendASCII("googlechrome_signature.data");
+
+ std::string signature;
+ base::ReadFileToString(signed_dmg_signature, &signature);
+ EXPECT_EQ((uint64_t)9454, signature.length());
Robert Sesek 2017/06/28 18:21:06 Same.
mortonm 2017/06/28 23:07:08 Done.
+
+ // EXPECT_EQ(0,
+ // GetClientDownloadRequest()->udif_code_signature().compare(signature));
+ EXPECT_EQ(signature, GetClientDownloadRequest()->udif_code_signature());
+
+ base::File file;
+ file = base::File(signed_dmg, base::File::FLAG_OPEN | base::File::FLAG_READ);
+ ASSERT_TRUE(file.IsValid());
+
+ ClearClientDownloadRequest();
+
+ Mock::VerifyAndClearExpectations(sb_service_.get());
+ Mock::VerifyAndClearExpectations(binary_feature_extractor_.get());
+}
+
+// Tests that no signature gets recorded and uploaded for unsigned DMGs.
+TEST_F(DownloadProtectionServiceTest,
+ CheckClientDownloadReportDmgWithoutSignature) {
+ net::FakeURLFetcherFactory factory(NULL);
+ PrepareResponse(&factory, ClientDownloadResponse::SAFE, net::HTTP_OK,
+ net::URLRequestStatus::SUCCESS);
+
+ base::FilePath unsigned_dmg;
+ EXPECT_TRUE(PathService::Get(chrome::DIR_GEN_TEST_DATA, &unsigned_dmg));
+ unsigned_dmg = unsigned_dmg.AppendASCII("chrome")
+ .AppendASCII("safe_browsing_dmg")
+ .AppendASCII("mach_o_in_dmg.dmg");
+
+ NiceMockDownloadItem item;
+ PrepareBasicDownloadItemWithFullPaths(
+ &item, {"http://www.evil.com/a.dmg"}, // url_chain
+ "http://www.google.com/", // referrer
+ unsigned_dmg, // tmp_path
+ temp_dir_.GetPath().Append(FILE_PATH_LITERAL("a.dmg"))); // final_path
+
+ RunLoop run_loop;
+ download_service_->CheckClientDownload(
+ &item, base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback,
+ base::Unretained(this), run_loop.QuitClosure()));
+ run_loop.Run();
+
+ ASSERT_TRUE(HasClientDownloadRequest());
+ EXPECT_FALSE(GetClientDownloadRequest()->has_udif_code_signature());
+
+ ClearClientDownloadRequest();
+
+ Mock::VerifyAndClearExpectations(sb_service_.get());
+ Mock::VerifyAndClearExpectations(binary_feature_extractor_.get());
+}
+
// Test that downloaded files with no disk image extension that have a 'koly'
// trailer are treated as disk images and processed accordingly.
TEST_F(DownloadProtectionServiceTest,
« no previous file with comments | « chrome/browser/safe_browsing/download_protection_service.cc ('k') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('j') | chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698