| Index: components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
|
| diff --git a/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..f5613728de08793378b523b09977ffc5be6ffb93
|
| --- /dev/null
|
| +++ b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
|
| @@ -0,0 +1,1219 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <string.h>
|
| +#include <algorithm>
|
| +#include <map>
|
| +#include <vector>
|
| +
|
| +#include "base/base64.h"
|
| +#include "base/md5.h"
|
| +#include "base/strings/string_number_conversions.h"
|
| +#include "base/strings/string_split.h"
|
| +#include "components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.h"
|
| +#include "net/android/network_library.h"
|
| +#include "net/http/http_request_headers.h"
|
| +#include "net/http/http_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +
|
| +namespace {
|
| +
|
| +const char kTamperDetectFingerprints[] = "fp=";
|
| +const char kTamperDetectFingerprintChromeProxy[] = "cp=";
|
| +const char kTamperDetectFingerprintVia[] = "via";
|
| +const char kTamperDetectFingerprintOther[] = "oh";
|
| +const char kTamperDetectFingerprintContengLength[] = "cl";
|
| +
|
| +void HeadersToRaw(std::string* headers) {
|
| + std::replace(headers->begin(), headers->end(), '\n', '\0');
|
| + if (!headers->empty())
|
| + *headers += '\0';
|
| +}
|
| +
|
| +// Utility function. Calcuate MD5 hash value for a string and base64 encode it.
|
| +static std::string GetEncoded(const std::string& input) {
|
| + base::MD5Digest digest;
|
| + base::MD5Sum(input.c_str(), input.size(), &digest);
|
| + std::string base64encoded;
|
| + base::Base64Encode(std::string((char*)digest.a,
|
| + ARRAYSIZE_UNSAFE(digest.a)), &base64encoded);
|
| + return base64encoded;
|
| +}
|
| +
|
| +// Utility function. Replace all contents within "[]" by corresponding base64
|
| +// encoded MD5 value.
|
| +void ReplaceWithEncodedString(std::string* input)
|
| +{
|
| + size_t start, end;
|
| + while (true) {
|
| + start = input->find("[");
|
| + if (start == std::string::npos) break;
|
| + end = input->find("]", start);
|
| + std::string need_to_encode = input->substr(start + 1, end - start - 1);
|
| + *input = input->substr(0, start) + GetEncoded(need_to_encode) +
|
| + input->substr(end + 1);
|
| + }
|
| +}
|
| +
|
| +// Testcase for fingerprint checking functions. |received_fingerprint| is
|
| +// fingerprint received from data reduction proxy. |expected_tampered| is
|
| +// expected tampered or not result.
|
| +struct TestCaseCheckingFingerprint {
|
| + std::string raw_header;
|
| + std::string received_fingerprint;
|
| + bool expected_tampered;
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| +namespace data_reduction_proxy {
|
| +
|
| +class DataReductionProxyTamperDetectTest : public testing::Test {
|
| + public:
|
| + static void TestFingerprintCommon(const TestCaseCheckingFingerprint& test,
|
| + DataReductionProxyTamperDetect::FingerprintCode fingerprint);
|
| +};
|
| +
|
| +// Common function for testing fingerprint checking functions. For a given
|
| +// header string |test.raw_header|, generate HttpResponseHeaders |headers| and
|
| +// then check corresponding fingerprint checking function matches expected
|
| +// result or not.
|
| +void DataReductionProxyTamperDetectTest::TestFingerprintCommon(
|
| + const TestCaseCheckingFingerprint& test,
|
| + DataReductionProxyTamperDetect::FingerprintCode fingerprint) {
|
| + std::string raw_headers(test.raw_header);
|
| + HeadersToRaw(&raw_headers);
|
| + scoped_refptr<net::HttpResponseHeaders> headers(
|
| + new net::HttpResponseHeaders(raw_headers));
|
| +
|
| + std::vector<std::string> values = DataReductionProxyTamperDetect::
|
| + GetHeaderValues(headers, "Chrome-Proxy");
|
| + std::string chrome_proxy_fingerprint, other_fingerprints;
|
| +
|
| + DataReductionProxyTamperDetect::GetTamperDetectFingerprints(
|
| + &values, &chrome_proxy_fingerprint, &other_fingerprints);
|
| +
|
| + DataReductionProxyTamperDetect tamper_detect(headers, true, 0, &values);
|
| +
|
| + bool tampered;
|
| + switch (fingerprint) {
|
| + case DataReductionProxyTamperDetect::CHROMEPROXY:
|
| + tampered = tamper_detect.IsChromeProxyHeaderTampered(
|
| + test.received_fingerprint);
|
| + break;
|
| + case DataReductionProxyTamperDetect::VIA:
|
| + tampered = tamper_detect.IsViaHeaderTampered(
|
| + test.received_fingerprint);
|
| + break;
|
| + case DataReductionProxyTamperDetect::OTHERHEADERS:
|
| + tampered = tamper_detect.AreOtherHeadersTampered(
|
| + test.received_fingerprint);
|
| + break;
|
| + case DataReductionProxyTamperDetect::CONTENTLENGTH:
|
| + tampered = tamper_detect.IsContentLengthHeaderTampered(
|
| + test.received_fingerprint);
|
| + break;
|
| + case DataReductionProxyTamperDetect::NONEXIST:
|
| + break;
|
| + }
|
| +
|
| + EXPECT_EQ(test.expected_tampered, tampered);
|
| +}
|
| +
|
| +// Check function IsChromeProxyHeaderTampered.
|
| +TEST_F(DataReductionProxyTamperDetectTest, ChromeProxy) {
|
| + TestCaseCheckingFingerprint test[] = {
|
| + // check sorting values and decoding
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh," +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "123,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0," +
|
| + std::string(kTamperDetectFingerprints) + "123,",
|
| + false,
|
| + },
|
| +
|
| + // check sorting
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: a,b,c,d,e,3,2,1," +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "1231\n",
|
| + "1,2,3,a,b,c,d,e,",
|
| + false,
|
| + },
|
| +
|
| + // check no Chrome-Proxy header case (should not happen)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Length: 12345\n",
|
| + "",
|
| + false,
|
| + },
|
| +
|
| + // check empty Chrome-Proxy header case (should not happen)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: \n",
|
| + ",",
|
| + false,
|
| + },
|
| +
|
| + // check empty Chrome-Proxy header case (should not happen)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "xyz\n",
|
| + "",
|
| + false,
|
| + },
|
| +
|
| + // check empty Chrome-Proxy header case, with extra ","
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "abcde , \n",
|
| + "",
|
| + false,
|
| + },
|
| +
|
| + // check empty Chrome-Proxy header, different fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "xyz\n",
|
| + ",",
|
| + true,
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, different fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=2,aaxxx=xxx,bbbloc=1\n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + true,
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, different fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: a,aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + true,
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, different fingerprint (order)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbypas=0,bbbloc=1,",
|
| + true,
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, with extra " "
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh , bbbypas=0 , aaxxx=xxx"
|
| + " ,bbbloc=1 \n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + false
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, with extra lines and " "
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh , bbbypas=0 , bbbloc=1 \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + false
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple lines
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Chrome-Proxy:bbbloc=1 \n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + false
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple lines, at different position
|
| + // of the entire header
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "123 \n",
|
| + "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + false
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple same values
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1, " +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "123 \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0," +
|
| + std::string(kTamperDetectFingerprints) + "123,",
|
| + false
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple same values, with Chrome-Proxy
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1, " +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "123 \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "xyn \n" +
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0," +
|
| + std::string(kTamperDetectFingerprints) + "123,",
|
| + false
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple same values,
|
| + // but different fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1\n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + true,
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple same values,
|
| + // but different fingerprint, with Chrome-Proxy
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "xyn \n" +
|
| + "Chrome-Proxy: bbbloc=1\n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + true,
|
| + },
|
| +
|
| + // check Chrome-Proxy header with multiple lines,
|
| + // but different fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1\n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
|
| + true,
|
| + },
|
| +
|
| + // check regular Chrome-Proxy header, but received fingerprint is empty
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Chrome-Proxy: aut=aauutthh\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Chrome-Proxy: bbbypas=0\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Chrome-Proxy: bbbloc=1\n"
|
| + "Chrome-Proxy: aaxxx=xxx \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "",
|
| + true,
|
| + },
|
| +
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + test[i].received_fingerprint =
|
| + GetEncoded(test[i].received_fingerprint);
|
| +
|
| + DataReductionProxyTamperDetectTest::TestFingerprintCommon(test[i],
|
| + DataReductionProxyTamperDetect::CHROMEPROXY);
|
| + }
|
| +}
|
| +
|
| +// Check function IsViaHeaderTampered.
|
| +TEST_F(DataReductionProxyTamperDetectTest, Via) {
|
| + TestCaseCheckingFingerprint test[] = {
|
| + // check regular case, where Chrome-Compression-Proxy occurs at the last
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: a, b, c, Chrome-Compression-Proxy\n",
|
| + "0",
|
| + false
|
| + },
|
| +
|
| + // check when there is extra middlebox
|
| + // between data-reduction-proxy and phone
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: a, b, c, Chrome-Compression-Proxy, xyz\n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + // emtpy Via header, even no Chrome-Compression-Proxy tag
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: \n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + // only Chrome-Compression-Proxy tag occurs in Via header
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: Chrome-Compression-Proxy \n",
|
| + "0",
|
| + false
|
| + },
|
| +
|
| + // there are " ", i.e., empty value after Chrome-Compression-Proxy tag
|
| + // should not count as extra middleboxes
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: Chrome-Compression-Proxy , , \n",
|
| + "0",
|
| + false
|
| + },
|
| +
|
| + // special case when there is no Via header
|
| + {
|
| + "HTTP/1.1 200 OK \n",
|
| + "0",
|
| + true
|
| + },
|
| +
|
| + // same to above test cases, but with deprecated data reduciton proxy tag.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: a, b, c, Chrome Compression Proxy\n",
|
| + "0",
|
| + false
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: a, b, c, Chrome Compression Proxy, xyz\n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: Chrome Compression Proxy \n",
|
| + "0",
|
| + false
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: Chrome Compression Proxy , , \n",
|
| + "0",
|
| + false
|
| + },
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + DataReductionProxyTamperDetectTest::TestFingerprintCommon(test[i],
|
| + DataReductionProxyTamperDetect::VIA);
|
| + }
|
| +}
|
| +
|
| +// Check function AreOtherHeadersTampered.
|
| +TEST_F(DataReductionProxyTamperDetectTest, OtherHeaders) {
|
| + // For following testcases, |received_fingerprint| is not the actual
|
| + // fingerprint from data reduction proxy, instead, the base64 encoded field
|
| + // is in plain text (within "[]") and needs to be encoded first. For example,
|
| + // "[12345;]:content-length" needs to be encoded to
|
| + // "Base64Encoded(MD5(12345;)):content-length" before calling the checking
|
| + // function.
|
| + TestCaseCheckingFingerprint test[] = {
|
| + // regular case, with correct fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Via: \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Content-Length: 12345\n",
|
| + "[1,;2,;3,;4,;5,;]:content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, with correct fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1\n"
|
| + "Cache-Control: aaa2\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "ETag: aaa3\n"
|
| + "Connection: aaa4\n"
|
| + "Expires: aaa5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,;aaa2,;aaa3,;aaa4,;aaa5,;]:content-type:cache-control:"
|
| + "etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, one header is with multiple values
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Content-Type: aaa1, bbb1, ccc1\n"
|
| + "Cache-Control: aaa2\n"
|
| + "ETag: aaa3\n"
|
| + "Connection: aaa4\n"
|
| + "Expires: aaa5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,bbb1,ccc1,;aaa2,;aaa3,;aaa4,;aaa5,;]:"
|
| + "content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, one header has multiple lines
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1, ccc1\n"
|
| + "Content-Type: xxx1, bbb1, ccc1\n"
|
| + "Cache-Control: aaa2\n"
|
| + "ETag: aaa3\n"
|
| + "Connection: aaa4\n"
|
| + "Expires: aaa5\n"
|
| + "Via: \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,;aaa3,;aaa4,;aaa5,;]:"
|
| + "content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, one header has multiple lines,
|
| + // and such multiple lines occur at different positions
|
| + {
|
| + "HTTP/1.1 200 OK \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1, ccc1\n"
|
| + "Cache-Control: aaa2\n"
|
| + "ETag: aaa3\n"
|
| + "Content-Type: xxx1, bbb1, ccc1\n"
|
| + "Connection: aaa4\n"
|
| + "Expires: aaa5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,;aaa3,;aaa4,;aaa5,;]"
|
| + ":content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, more than one header have multiple lines,
|
| + // and such multiple lines occur at different positions
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1, ccc1\n"
|
| + "Cache-Control: ccc2 , bbb2\n"
|
| + "ETag: aaa3\n"
|
| + "Content-Type: xxx1, bbb1, ccc1\n"
|
| + "Connection: aaa4\n"
|
| + "Cache-Control: aaa2 \n"
|
| + "Expires: aaa5\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;aaa5,;]:"
|
| + "content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, response header does not have one header we need
|
| + // for fingerprint (expires)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1, ccc1\n"
|
| + "Cache-Control: ccc2 , bbb2\n"
|
| + "ETag: aaa3\n"
|
| + "Content-Type: xxx1, bbb1, ccc1\n"
|
| + "Connection: aaa4\n"
|
| + "Cache-Control: aaa2 \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n",
|
| + "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]:"
|
| + "content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, response header does not have more than one header
|
| + // we need for fingerprint (content-type, expires)
|
| + {
|
| + "HTTP/1.1 200 OK \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Cache-Control: ccc2 , bbb2\n"
|
| + "ETag: aaa3\n"
|
| + "Connection: aaa4\n"
|
| + "Cache-Control: aaa2 \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]:content-type:cache-control:"
|
| + "etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, all the headers we need for fingerprint are missing
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n",
|
| + "[;;;;;]:content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // regular case, with only one header required.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n",
|
| + "[12345,;]:content-length",
|
| + false
|
| + },
|
| +
|
| + // regular case, but differ to received fingerprint
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: aaa1, ccc1\n"
|
| + "Cache-Control: ccc2 , bbb2\n"
|
| + "ETag: etag\n"
|
| + "Content-Type: xxx1, bbb1, ccc1\n"
|
| + "Connection: aaa4\n"
|
| + "Cache-Control: aaa2 \n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]:"
|
| + "content-type:cache-control:etag:connection:expires",
|
| + true,
|
| + },
|
| +
|
| + // special case, headers are not missing but some of them are empty
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: \n"
|
| + "Cache-Control: \n"
|
| + "ETag: \n"
|
| + "Connection: \n"
|
| + "Expires: 5\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[,;,;,;,;5,;]:content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // special case, some headers do not exist, some are of empty value.
|
| + // check delimiter "," and ";" work correctly.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Cache-Control: \n"
|
| + "Connection: \n"
|
| + "Expires: 5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n",
|
| + "[;,;;,;5,;]:content-type:cache-control:etag:connection:expires",
|
| + false
|
| + },
|
| +
|
| + // special case, check if we don't check any header, i.e.,
|
| + // header list is empty
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Connection: 4\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Expires: 5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "[]",
|
| + false
|
| + },
|
| +
|
| + // special case, we only want to check one header, which does not
|
| + // exist in received header
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
|
| + "Content-Type: 1\n"
|
| + "Cache-Control: 2\n"
|
| + "ETag: 3\n"
|
| + "Connection: 4\n"
|
| + "Expires: 5\n"
|
| + "Via: \n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n" +
|
| + "Content-Length: 12345\n",
|
| + "[;]:non_exist_header",
|
| + false
|
| + },
|
| +
|
| + // there is only one header in our header list
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Cache-Control: \n"
|
| + "Connection: \n"
|
| + "Expires: 5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n" +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + "abcde \n" +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "abcde \n",
|
| + "[;]:content-type",
|
| + false
|
| + },
|
| +
|
| + /* Lead to NOTREACHED() */
|
| + /*
|
| + // special case, if base64 decoding fails
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Cache-Control: \n"
|
| + "Connection: \n"
|
| + "Expires: 5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + ";:content-type",
|
| + true
|
| + },
|
| +
|
| + // special case, if base64 decoding fails
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Cache-Control: \n"
|
| + "Connection: \n"
|
| + "Expires: 5\n"
|
| + "Via: \n"
|
| + "Content-Length: 12345\n",
|
| + "abcde:content-type:cache-control:etag:connection:expires",
|
| + true
|
| + },
|
| + */
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + ReplaceWithEncodedString(&(test[i].received_fingerprint));
|
| + DataReductionProxyTamperDetectTest::TestFingerprintCommon(test[i],
|
| + DataReductionProxyTamperDetect::OTHERHEADERS);
|
| + }
|
| +}
|
| +
|
| +// Check function IsContentLengthTampered.
|
| +TEST_F(DataReductionProxyTamperDetectTest, ContentLength) {
|
| + TestCaseCheckingFingerprint test[] = {
|
| + // regular case, content-length is the same
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: 1\n"
|
| + "Content-Length: 12345\n",
|
| + "12345",
|
| + false,
|
| + },
|
| +
|
| + // regular case, content-length is not the same
|
| + // also check if retrieved content-type is correct
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/html; charset=ISO-8859-4\n"
|
| + "Content-Length: 12345\n",
|
| + "125",
|
| + true,
|
| + },
|
| +
|
| + // special case, data reduction proxy does not sent content-length
|
| + // i.e., content-length at data reduction proxy side is missing
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/javascript\n"
|
| + "Content-Length: 12345\n",
|
| + "",
|
| + false,
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/javascript\n"
|
| + "Content-Length: 12345\n",
|
| + "aaa",
|
| + false,
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/javascript\n"
|
| + "Content-Length: aaa\n",
|
| + "aaa",
|
| + false,
|
| + },
|
| +
|
| + // special case, content-length are missing at both end
|
| + // i.e., both data reduction proxy and chrome
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: 1\n",
|
| + "",
|
| + false,
|
| + },
|
| +
|
| + // special case, check when content-length is 0
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: application/x-javascript\n"
|
| + "Content-Length: 0\n",
|
| + "0",
|
| + false,
|
| + },
|
| +
|
| + // special case, check when data reduction proxy side's
|
| + // content-length is empty (header exist, but value is empty)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: application/x-javascript\n"
|
| + "Content-Length: 123\n",
|
| + ",",
|
| + false,
|
| + },
|
| +
|
| + // when content-length is different, check whether it recognizes image.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: image/gif \n"
|
| + "Content-Length: 123\n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + // when content-length is different, check whether it recognizes JS
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: application/x-javascript \n"
|
| + "Content-Length: 0\n",
|
| + "120",
|
| + true,
|
| + },
|
| +
|
| + // when content-length is different, check whether it recognizes JS
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/javascript \n"
|
| + "Content-Length: 123\n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + // when content-length is different, check whether it recognizes CSS
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: text/css\n"
|
| + "Content-Length: 111\n",
|
| + "0",
|
| + true,
|
| + },
|
| +
|
| + // when content-length is different (chrome side is missing),
|
| + // check whether it recognizes JS.
|
| + // (if phone side's content-length has been removed, shall we report?
|
| + // current implementation: not reporting.)
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Content-Type: application/javascript \n",
|
| + "123",
|
| + false,
|
| + },
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + DataReductionProxyTamperDetectTest::TestFingerprintCommon(test[i],
|
| + DataReductionProxyTamperDetect::CONTENTLENGTH);
|
| + }
|
| +}
|
| +
|
| +// Testcase for ContainsTamperDetectFingerprints function.
|
| +TEST_F(DataReductionProxyTamperDetectTest, Parsing) {
|
| + struct {
|
| + std::string raw_header;
|
| + std::string expected_chrome_proxy_fingerprint;
|
| + std::string expected_other_fingerprints;
|
| + bool expected_contain_tamper_detect_fingerprints;
|
| + } test[] = {
|
| + // Check normal case, Chrome-Proxy fingerprint doesn't exist
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1:f1&f2:f2&f3:f3&f4:f4\n",
|
| + "",
|
| + "",
|
| + false
|
| + },
|
| + // Check normal case, Chrome-Proxy fingerprint exist,
|
| + // but other headers' fingerprint is not there.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "abc \n",
|
| + "abc",
|
| + "",
|
| + true
|
| + },
|
| +
|
| + // Check normal case, both Chrome-Proxy fingerprint
|
| + // and other headers' fingerprint exist,
|
| + // but with different values and occur at different position.
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "abc \n"
|
| + "Chrome-Proxy: " +
|
| + std::string(kTamperDetectFingerprints) + "def\n",
|
| + "abc",
|
| + "def",
|
| + true
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "abc," +
|
| + std::string(kTamperDetectFingerprints) + "def \n",
|
| + "abc",
|
| + "def",
|
| + true
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprintChromeProxy)
|
| + + "def," +
|
| + std::string(kTamperDetectFingerprints) + "abc \n",
|
| + "def",
|
| + "abc",
|
| + true
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprints) + "abc," +
|
| + std::string(kTamperDetectFingerprintChromeProxy) + "def \n",
|
| + "def",
|
| + "abc",
|
| + true
|
| + },
|
| +
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Chrome-Proxy: f1, " +
|
| + std::string(kTamperDetectFingerprints) + "def," +
|
| + std::string(kTamperDetectFingerprintChromeProxy) + "abc \n",
|
| + "abc",
|
| + "def",
|
| + true
|
| + },
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + std::string raw_headers(test[i].raw_header);
|
| + HeadersToRaw(&raw_headers);
|
| + scoped_refptr<net::HttpResponseHeaders> headers(
|
| + new net::HttpResponseHeaders(raw_headers));
|
| +
|
| + std::vector<std::string> values = DataReductionProxyTamperDetect::
|
| + GetHeaderValues(headers, "Chrome-Proxy");
|
| +
|
| + std::string chrome_proxy_fingerprint, other_fingerprints;
|
| + bool contain_tamper_detect_fingerprints = DataReductionProxyTamperDetect::
|
| + GetTamperDetectFingerprints(&values,
|
| + &chrome_proxy_fingerprint,
|
| + &other_fingerprints);
|
| +
|
| + EXPECT_EQ(test[i].expected_contain_tamper_detect_fingerprints,
|
| + contain_tamper_detect_fingerprints);
|
| +
|
| + if (contain_tamper_detect_fingerprints) {
|
| + EXPECT_EQ(test[i].expected_chrome_proxy_fingerprint,
|
| + chrome_proxy_fingerprint);
|
| +
|
| + EXPECT_EQ(test[i].expected_other_fingerprints,
|
| + other_fingerprints);
|
| + }
|
| + }
|
| +}
|
| +
|
| +// Testcase for main function CheckResponseFingerprint. First generate
|
| +// simulated response from data reduction proxy, by replacing fingerprint with
|
| +// its base64 encoded MD5 value and appending it to Chrome-Proxy header. Then
|
| +// run through function CheckResponseFingerprint. Individual functions have been
|
| +// tested above, here focuses on the correctness of parsing (separating)
|
| +// fingerprints and the entire process.
|
| +TEST_F(DataReductionProxyTamperDetectTest, Completed) {
|
| + struct {
|
| + std::string raw_header;
|
| + std::string chrome_header;
|
| + bool expected_contain_tamper_detect_fingerprints;
|
| + bool expected_tampered_chrome_proxy;
|
| + bool expected_tampered_via;
|
| + bool expected_tampered_other_headers;
|
| + bool expected_tampered_content_length;
|
| + std::string expected_fingerprint_tags;
|
| + std::string expected_fingerprints;
|
| + } test[] = {
|
| + // Check normal case, Chrome-Proxy fingerprint doesn't exist
|
| + {
|
| + "HTTP/1.1 200 OK \n"
|
| + "Via: a1, b2, Chrome-Compression-Proxy\n"
|
| + "Content-Length: 12345\n"
|
| + "header1: header_1\n"
|
| + "header2: header_2\n"
|
| + "header3: header_3\n",
|
| + "a,b,c,d,e," +
|
| + std::string(kTamperDetectFingerprints) +
|
| + "via=0|oh=[header_1,;header_2,;header_3,;]:header1:header2:header3|"
|
| + "cl=12345,",
|
| + true,
|
| + false,
|
| + false,
|
| + false,
|
| + false,
|
| + "via|cl|oh",
|
| + "0|12345|[header_1,;header_2,;header_3,;]:header1:header2:header3"
|
| + },
|
| + };
|
| +
|
| + for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
|
| + // Replace fingerprint with base64 encoded MD5 value.
|
| + ReplaceWithEncodedString(&(test[i].chrome_header));
|
| + // Generate fingerprint for Chrome-Proxy header.
|
| + std::string chrome_header_fingerprint = GetEncoded(test[i].chrome_header);
|
| + // Append Chrome-Proxy header to response headers.
|
| + test[i].raw_header += "Chrome-Proxy: " + test[i].chrome_header +
|
| + std::string(kTamperDetectFingerprintChromeProxy) +
|
| + chrome_header_fingerprint + "\n";
|
| +
|
| + std::string raw_headers(test[i].raw_header);
|
| + HeadersToRaw(&raw_headers);
|
| + scoped_refptr<net::HttpResponseHeaders> headers =
|
| + new net::HttpResponseHeaders(raw_headers);
|
| +
|
| + std::vector<std::string> expected_fingerprint_tags;
|
| + std::vector<std::string> expected_fingerprints;
|
| + base::SplitString(test[i].expected_fingerprint_tags, '|',
|
| + &expected_fingerprint_tags);
|
| + base::SplitString(test[i].expected_fingerprints, '|',
|
| + &expected_fingerprints);
|
| +
|
| + // Below copying codes from CheckResponseFingerprint, with checking point
|
| + // added.
|
| + std::vector<std::string> values = DataReductionProxyTamperDetect::
|
| + GetHeaderValues(headers, "Chrome-Proxy");
|
| +
|
| + std::string chrome_proxy_fingerprint, other_fingerprints;
|
| +
|
| + bool contain_tamper_detect_fingerprints = DataReductionProxyTamperDetect::
|
| + GetTamperDetectFingerprints(&values,
|
| + &chrome_proxy_fingerprint,
|
| + &other_fingerprints);
|
| +
|
| + EXPECT_EQ(test[i].expected_contain_tamper_detect_fingerprints,
|
| + contain_tamper_detect_fingerprints);
|
| + if (!contain_tamper_detect_fingerprints)
|
| + return;
|
| +
|
| + DataReductionProxyTamperDetect tamper_detect(headers, true, 0, &values);
|
| +
|
| + bool tampered_chrome_proxy =
|
| + tamper_detect.IsChromeProxyHeaderTampered(chrome_proxy_fingerprint);
|
| + EXPECT_EQ(test[i].expected_tampered_chrome_proxy, tampered_chrome_proxy);
|
| + if (tampered_chrome_proxy)
|
| + return;
|
| +
|
| + net::HttpUtil::ValuesIterator it(other_fingerprints.begin(),
|
| + other_fingerprints.end(), '|');
|
| +
|
| + size_t delimiter_pos = std::string::npos;
|
| + while (it.GetNext()) {
|
| +
|
| + delimiter_pos = it.value().find("=");
|
| + if (delimiter_pos == std::string::npos)
|
| + continue;
|
| + std::string key = it.value().substr(0, delimiter_pos);
|
| + std::string value = it.value().substr(delimiter_pos + 1);
|
| +
|
| + for (size_t j = 0; j < expected_fingerprint_tags.size(); ++j) {
|
| + if (expected_fingerprint_tags[j] == key) {
|
| + std::string expected_value = expected_fingerprints[j];
|
| + ReplaceWithEncodedString(&expected_value);
|
| + EXPECT_EQ(expected_value, value);
|
| + break;
|
| + }
|
| + }
|
| +
|
| + DataReductionProxyTamperDetect::FingerprintCode fingerprint_code =
|
| + tamper_detect.GetFingerprintCode(key);
|
| + bool tampered = false;
|
| + switch (fingerprint_code) {
|
| + case DataReductionProxyTamperDetect::VIA:
|
| + tampered = tamper_detect.IsViaHeaderTampered(value);
|
| + EXPECT_EQ(test[i].expected_tampered_via, tampered);
|
| + break;
|
| + case DataReductionProxyTamperDetect::OTHERHEADERS:
|
| + tampered = tamper_detect.AreOtherHeadersTampered(value);
|
| + EXPECT_EQ(test[i].expected_tampered_other_headers, tampered);
|
| + break;
|
| + case DataReductionProxyTamperDetect::CONTENTLENGTH:
|
| + tampered = tamper_detect.IsContentLengthHeaderTampered(value);
|
| + EXPECT_EQ(test[i].expected_tampered_content_length, tampered);
|
| + break;
|
| + case DataReductionProxyTamperDetect::CHROMEPROXY:
|
| + case DataReductionProxyTamperDetect::NONEXIST:
|
| + break;
|
| + }
|
| + }
|
| + }
|
| +}
|
| +
|
| +} // namespace
|
|
|
Chromium Code Reviews
Issue 338483002:
Chrome Participated Tamper Detect (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master