Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2446)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc

Issue 338483002: Chrome Participated Tamper Detect (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.cc ('K') | « components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
diff --git a/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..24739a313573e01e802dd2a5cc99f3e7806018c6
--- /dev/null
+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc
@@ -0,0 +1,1195 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.h"
+
+#include <string.h>
+#include <algorithm>
+#include <map>
+#include <vector>
+
+#include "base/base64.h"
+#include "base/md5.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_split.h"
+#include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h"
+#include "net/android/network_library.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+void HeadersToRaw(std::string* headers) {
+ std::replace(headers->begin(), headers->end(), '\n', '\0');
+ if (!headers->empty())
+ *headers += '\0';
+}
+
+// Calcuates MD5 hash value for a string and then base64 encode it.
+static std::string GetEncoded(const std::string& input) {
bolian 2014/07/21 23:43:05 s/static//
xingx 2014/07/23 19:00:29 Done.
+ base::MD5Digest digest;
+ base::MD5Sum(input.c_str(), input.size(), &digest);
+ std::string base64encoded;
+ base::Base64Encode(std::string((char*)digest.a,
+ ARRAYSIZE_UNSAFE(digest.a)), &base64encoded);
+ return base64encoded;
+}
+
+// Replaces all contents within "[]" by corresponding base64 encoded MD5 value.
+void ReplaceWithEncodedString(std::string* input)
+{
+ size_t start, end;
+ while (true) {
+ start = input->find("[");
+ if (start == std::string::npos) break;
+ end = input->find("]", start);
+ std::string need_to_encode = input->substr(start + 1, end - start - 1);
+ *input = input->substr(0, start) + GetEncoded(need_to_encode) +
+ input->substr(end + 1);
+ }
+}
+
+// Testcase for fingerprint checking functions. |received_fingerprint| is
+// fingerprint received from the data reduction proxy. |expected_tampered| is
+// expected tampered or not result.
+struct TestCaseCheckingFingerprint {
bolian 2014/07/21 23:43:05 rename it to TamperDetectionTestCase?
xingx 2014/07/23 19:00:29 Done.
+ std::string raw_header;
+ std::string received_fingerprint;
+ bool expected_tampered;
+ bool expected_has_chrome_proxy_via_header;
+};
+
+} // namespace
+
+namespace data_reduction_proxy {
+
+class DataReductionProxyTamperDetectionTest : public testing::Test {
+ public:
+ static void TestFingerprintCommon(const TestCaseCheckingFingerprint& test,
+ DataReductionProxyTamperDetection::FingerprintCode fingerprint);
+};
+
+// Common function for testing fingerprint checking functions. For a given
+// header string |test.raw_header|, generates HttpResponseHeaders |headers| and
+// checks specified fingerprint checking function returns expected result or
+// not.
+void DataReductionProxyTamperDetectionTest::TestFingerprintCommon(
+ const TestCaseCheckingFingerprint& test,
+ DataReductionProxyTamperDetection::FingerprintCode fingerprint) {
bolian 2014/07/21 23:43:05 s/fingerprint/fingerprint_code/
xingx 2014/07/23 19:00:29 Done.
+ std::string raw_headers(test.raw_header);
+ HeadersToRaw(&raw_headers);
+ scoped_refptr<net::HttpResponseHeaders> headers(
bolian 2014/07/21 23:43:05 why scoped_refptr? Will a stack var of net::HttpR
xingx 2014/07/23 19:00:29 Done.
bolian 2014/07/23 23:22:57 You are leaking memory. Just net::HttpResponseHead
+ new net::HttpResponseHeaders(raw_headers));
+
+ // Removes Chrome-Proxy header's fingerprint from Chrome-Proxy header.
+ std::vector<std::string> chrome_proxy_header_values =
+ DataReductionProxyTamperDetection::
+ GetHeaderValues(headers, "Chrome-Proxy");
+
+ DataReductionProxyTamperDetection::RemoveChromeProxyFingerprint(
+ &chrome_proxy_header_values);
+
+ DataReductionProxyTamperDetection tamper_detection(
+ headers, true, 0, &chrome_proxy_header_values);
+
+ bool tampered;
bolian 2014/07/21 23:43:05 set a default value.
xingx 2014/07/23 19:00:29 Done.
+ switch (fingerprint) {
+ case DataReductionProxyTamperDetection::CHROMEPROXY:
+ tampered = tamper_detection.IsChromeProxyHeaderTampered(
+ test.received_fingerprint);
+ break;
+ case DataReductionProxyTamperDetection::VIA:
+ bool has_chrome_proxy_via_header;
+ tampered = tamper_detection.IsViaHeaderTampered(
+ test.received_fingerprint, &has_chrome_proxy_via_header);
+ EXPECT_EQ(test.expected_has_chrome_proxy_via_header,
+ has_chrome_proxy_via_header);
+ break;
+ case DataReductionProxyTamperDetection::OTHERHEADERS:
+ tampered = tamper_detection.AreOtherHeadersTampered(
+ test.received_fingerprint);
+ break;
+ case DataReductionProxyTamperDetection::CONTENTLENGTH:
+ tampered = tamper_detection.IsContentLengthHeaderTampered(
+ test.received_fingerprint);
+ break;
+ case DataReductionProxyTamperDetection::NONEXIST:
+ break;
bolian 2014/07/21 23:43:04 not setting tampered in this case?
xingx 2014/07/23 19:00:29 It should not reach here.
+ }
+
+ EXPECT_EQ(test.expected_tampered, tampered);
+}
+
+// Checks function IsChromeProxyHeaderTampered.
+TEST_F(DataReductionProxyTamperDetectionTest, ChromeProxy) {
+ TestCaseCheckingFingerprint test[] = {
+ // Checks sorting values and decoding.
bolian 2014/07/21 23:43:05 This is the case that server does not ask for dete
xingx 2014/07/23 19:00:29 No, this is the case we check ChromeProxy's finger
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,"
+ "fp=123,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,fp=123,",
+ false,
+ },
+
+ // Checks Chrome-Proxy's fingerprint removing.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: a,b,c,d,e,3,2,1," +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "=1231\n",
+ "1,2,3,a,b,c,d,e,",
+ false,
+ },
+
+ // Checks no Chrome-Proxy header case (should not happen).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Length: 12345\n",
+ "",
+ false,
+ },
+
+ // Checks empty Chrome-Proxy header case (should not happen).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: \n",
+ ",",
+ false,
+ },
+
+ // Checks Chrome-Proxy header with its fingerprint only case.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: " +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "=xyz\n",
+ "",
+ false,
+ },
+
+ // Checks empty Chrome-Proxy header case, with extra ","
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: " +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "=abcde , \n",
+ "",
+ false,
+ },
+
+ // Checks empty Chrome-Proxy header, different to fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: " +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "=xyz\n",
+ ",",
+ true,
+ },
+
+ // Chrome-Proxy header different to its fingerprint.
bolian 2014/07/21 23:43:05 This comment does not make sense. Do you mean // M
xingx 2014/07/23 19:00:29 Done.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=2,aaxxx=xxx,bbbloc=1\n",
bolian 2014/07/21 23:43:04 can you minimize you headers to test exact this ca
xingx 2014/07/23 19:00:29 Done.
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ true,
+ },
+
+ // Chrome-Proxy header different to its fingerprint.
bolian 2014/07/21 23:43:05 How is this different than above (your comment is
xingx 2014/07/23 19:00:29 Done.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: a,aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ true,
+ },
+
+ // Chrome-Proxy header different to its fingerprint in order.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n",
+ "aaxxx=xxx,aut=aauutthh,bbbypas=0,bbbloc=1,",
+ true,
+ },
+
+ // Checks Chrome-Proxy header with extra " ".
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh , bbbypas=0 , aaxxx=xxx"
+ " ,bbbloc=1 \n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ false
+ },
+
+ // Check Chrome-Proxy header, with extra lines and " ".
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh , bbbypas=0 , bbbloc=1 \n"
+ "Chrome-Proxy: aaxxx=xxx \n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ false
+ },
+
+ // Checks Chrome-Proxy header with multiple lines.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Chrome-Proxy:bbbloc=1 \n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ false
+ },
+
+ // Checks Chrome-Proxy header with multiple lines, at different positions
+ // of the entire header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1\n"
+ "Via: \n"
+ "Content-Length: 12345\n"
+ "fp=123 \n",
+ "aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ false
+ },
+
+ // Checks Chrome-Proxy header with multiple same values.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1, fp=123 \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,fp=123,",
+ false
+ },
+
+ // Checks Chrome-Proxy header with multiple same values.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1, fp=123 \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "xyn \n" +
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,fp=123,",
+ false
+ },
+
+ // Checks Chrome-Proxy header with multiple same values, but different to
+ // fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1\n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ true,
+ },
+
+ // Check Chrome-Proxy header with multiple same values, but different to
+ // fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "xyn \n" +
+ "Chrome-Proxy: bbbloc=1\n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ true,
+ },
+
+ // Check Chrome-Proxy header with multiple lines, but different to
+ // fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1\n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "aaxxx=xxx,aaxxx=xxx,aut=aauutthh,bbbloc=1,bbbypas=0,",
+ true,
+ },
+
+ // Checks case whose received fingerprint is empty.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Chrome-Proxy: aut=aauutthh\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Chrome-Proxy: bbbypas=0\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Chrome-Proxy: bbbloc=1\n"
+ "Chrome-Proxy: aaxxx=xxx \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "",
+ true,
+ },
+
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ test[i].received_fingerprint =
bolian 2014/07/21 23:43:05 You need to test the case that fcp value encoding
xingx 2014/07/23 19:00:29 Done.
+ GetEncoded(test[i].received_fingerprint);
+
+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],
bolian 2014/07/21 23:43:04 If you one case fails, can you easily tell which o
xingx 2014/07/23 19:00:29 Done.
+ DataReductionProxyTamperDetection::CHROMEPROXY);
+ }
+}
+
+// Check function IsViaHeaderTampered.
+TEST_F(DataReductionProxyTamperDetectionTest, Via) {
+ TestCaseCheckingFingerprint test[] = {
+ // Checks the case that Chrome-Compression-Proxy occurs at the last.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: a, b, c, 1.1 Chrome-Compression-Proxy\n",
+ "0",
+ false,
+ true,
+ },
+
+ // Checks when there is intermediary between the data reduction proxy and
+ // the Chromium client.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: a, b, c, 1.1 Chrome-Compression-Proxy, xyz\n",
+ "0",
+ true,
+ true,
+ },
+
+ // Checks the case of empty Via header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: \n",
+ "0",
+ false,
+ false,
+ },
+
+ // Checks the case that only the data reduction proxy's Via header occurs.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: 1.1 Chrome-Compression-Proxy \n",
+ "0",
+ false,
+ true,
+ },
+
+ // Checks the case that there are " ", i.e., empty value after the data
+ // reduction proxy's Via header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: 1.1 Chrome-Compression-Proxy , , \n",
+ "0",
+ false,
+ true,
+ },
+
+ // Checks the case when there is no Via header
+ {
+ "HTTP/1.1 200 OK \n",
+ "0",
+ false,
+ false,
+ },
+
+ // Same to above test cases, but with deprecated data reduciton proxy Via
+ // header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: a, b, c, 1.1 Chrome Compression Proxy\n",
+ "0",
+ false,
+ true,
+ },
+
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: a, b, c, 1.1 Chrome Compression Proxy, xyz\n",
+ "0",
+ true,
+ true,
+ },
+
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: \n",
+ "0",
+ false,
+ false,
+ },
+
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: 1.1 Chrome Compression Proxy \n",
+ "0",
+ false,
+ true,
+ },
+
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: 1.1 Chrome Compression Proxy , , \n",
+ "0",
+ false,
+ true,
+ },
+
+ {
+ "HTTP/1.1 200 OK \n",
+ "0",
+ false,
+ false,
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],
+ DataReductionProxyTamperDetection::VIA);
+ }
+}
+
+// Checks function AreOtherHeadersTampered.
+TEST_F(DataReductionProxyTamperDetectionTest, OtherHeaders) {
+ // For following testcases, |received_fingerprint| is not the actual
+ // fingerprint from data reduction proxy, instead, the base64 encoded field
+ // is in plain text (within "[]") and needs to be encoded first. For example,
+ // "[12345;]:content-length" needs to be encoded to
+ // "Base64Encoded(MD5(12345;))|content-length" before calling the checking
+ // function.
+ TestCaseCheckingFingerprint test[] = {
+ // Checks the case of correct fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Via: \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n"
+ "Content-Length: 12345\n",
+ "[1,;2,;3,;4,;5,;]|content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case of correct fingerprint.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1\n"
+ "Cache-Control: aaa2\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "ETag: aaa3\n"
+ "Connection: aaa4\n"
+ "Expires: aaa5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[aaa1,;aaa2,;aaa3,;aaa4,;aaa5,;]|content-type|cache-control|"
+ "etag|connection|expires",
+ false
+ },
+
+ // Checks the case that one header has multiple values.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Content-Type: aaa1, bbb1, ccc1\n"
+ "Cache-Control: aaa2\n"
+ "ETag: aaa3\n"
+ "Connection: aaa4\n"
+ "Expires: aaa5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[aaa1,bbb1,ccc1,;aaa2,;aaa3,;aaa4,;aaa5,;]|"
+ "content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that one header has multiple lines.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1, ccc1\n"
+ "Content-Type: xxx1, bbb1, ccc1\n"
+ "Cache-Control: aaa2\n"
+ "ETag: aaa3\n"
+ "Connection: aaa4\n"
+ "Expires: aaa5\n"
+ "Via: \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Content-Length: 12345\n",
+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,;aaa3,;aaa4,;aaa5,;]|"
+ "content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that one header has multiple values, and such multiple
+ // lines occur at different positions.
+ {
+ "HTTP/1.1 200 OK \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1, ccc1\n"
+ "Cache-Control: aaa2\n"
+ "ETag: aaa3\n"
+ "Content-Type: xxx1, bbb1, ccc1\n"
+ "Connection: aaa4\n"
+ "Expires: aaa5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,;aaa3,;aaa4,;aaa5,;]"
+ "|content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that more than one headers have multiple values.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1, ccc1\n"
+ "Cache-Control: ccc2 , bbb2\n"
+ "ETag: aaa3\n"
+ "Content-Type: xxx1, bbb1, ccc1\n"
+ "Connection: aaa4\n"
+ "Cache-Control: aaa2 \n"
+ "Expires: aaa5\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;aaa5,;]|"
+ "content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that one of the requested headers is missing (Expires).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1, ccc1\n"
+ "Cache-Control: ccc2 , bbb2\n"
+ "ETag: aaa3\n"
+ "Content-Type: xxx1, bbb1, ccc1\n"
+ "Connection: aaa4\n"
+ "Cache-Control: aaa2 \n"
+ "Via: \n"
+ "Content-Length: 12345\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n",
+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]|"
+ "content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that more than one of the requested headers are missing.
+ // (Content-Type, Expires).
+ {
+ "HTTP/1.1 200 OK \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Cache-Control: ccc2 , bbb2\n"
+ "ETag: aaa3\n"
+ "Connection: aaa4\n"
+ "Cache-Control: aaa2 \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]|content-type|cache-control|"
+ "etag|connection|expires",
+ false
+ },
+
+ // Checks the case that all the requested headers are missing.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Via: \n"
+ "Content-Length: 12345\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n",
+ "[;;;;;]|content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that only one header is requested.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Via: \n"
+ "Content-Length: 12345\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n",
+ "[12345,;]|content-length",
+ false
+ },
+
+ // Checks the case that fingerprint is different to received one.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: aaa1, ccc1\n"
+ "Cache-Control: ccc2 , bbb2\n"
+ "ETag: etag\n"
+ "Content-Type: xxx1, bbb1, ccc1\n"
+ "Connection: aaa4\n"
+ "Cache-Control: aaa2 \n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,bbb2,ccc2,;aaa3,;aaa4,;;]|"
+ "content-type|cache-control|etag|connection|expires",
+ true
+ },
+
+ // Checks the case that some of the requested headers have empty value
+ // (different to above header-missing case).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: \n"
+ "Cache-Control: \n"
+ "ETag: \n"
+ "Connection: \n"
+ "Expires: 5\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[,;,;,;,;5,;]|content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case that some headers are missing, some of them are of
+ // empty values (whether delimiter "," and ";" work correctly).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Cache-Control: \n"
+ "Connection: \n"
+ "Expires: 5\n"
+ "Via: \n"
+ "Content-Length: 12345\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n",
+ "[;,;;,;5,;]|content-type|cache-control|etag|connection|expires",
+ false
+ },
+
+ // Checks the case there is no requested header (header list is empty).
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Connection: 4\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Expires: 5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "[]",
+ false
+ },
+
+ // Checks the case that there is only one requested header and it does not
+ // exist.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"
+ "Content-Type: 1\n"
+ "Cache-Control: 2\n"
+ "ETag: 3\n"
+ "Connection: 4\n"
+ "Expires: 5\n"
+ "Via: \n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n" +
+ "Content-Length: 12345\n",
+ "[;]|non_exist_header",
+ false
+ },
+
+ // Checks the case that there is only one requested header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Cache-Control: \n"
+ "Connection: \n"
+ "Expires: 5\n"
+ "Via: \n"
+ "Content-Length: 12345\n" +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "abcde \n",
+ "[;]|content-type",
+ false
+ },
+
+ /* Lead to NOTREACHED() */
+ /*
+ // special case, if base64 decoding fails
+ {
+ "HTTP/1.1 200 OK \n"
+ "Cache-Control: \n"
+ "Connection: \n"
+ "Expires: 5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ ";|content-type",
+ true
+ },
+
+ // special case, if base64 decoding fails
+ {
+ "HTTP/1.1 200 OK \n"
+ "Cache-Control: \n"
+ "Connection: \n"
+ "Expires: 5\n"
+ "Via: \n"
+ "Content-Length: 12345\n",
+ "abcde|content-type|cache-control|etag|connection|expires",
+ true
+ },
+ */
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ ReplaceWithEncodedString(&(test[i].received_fingerprint));
+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],
+ DataReductionProxyTamperDetection::OTHERHEADERS);
+ }
+}
+
+// Checks function IsContentLengthTampered.
+TEST_F(DataReductionProxyTamperDetectionTest, ContentLength) {
+ TestCaseCheckingFingerprint test[] = {
+ // Checks the case fingerprint matches received response.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: 1\n"
+ "Content-Length: 12345\n",
+ "12345",
+ false,
+ },
+
+ // Checks the case that fingerprint does not match received response.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: text/html; charset=ISO-8859-4\n"
+ "Content-Length: 12345\n",
+ "125",
+ true,
+ },
+
+ // Checks the case that the data reduction proxy has not sent
+ // Content-Length header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: text/javascript\n"
+ "Content-Length: 12345\n",
+ "",
+ false,
+ },
+
+ // Checks the case that the data reduction proxy sends invalid
+ // Content-Length header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: text/javascript\n"
+ "Content-Length: 12345\n",
+ "aaa",
+ false,
+ },
+
+ // Checks the case that the data reduction proxy sends invalid
+ // Content-Length header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: text/javascript\n"
+ "Content-Length: aaa\n",
+ "aaa",
+ false,
+ },
+
+ // Checks the case that Content-Length header are missing at both end.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: 1\n",
+ "",
+ false,
+ },
+
+ // Checks the case that Content-Length is 0.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: application/x-javascript\n"
+ "Content-Length: 0\n",
+ "0",
+ false,
+ },
+
+ // Checks the case that Content-Length is empty at the data reduction proxy
+ // side.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: application/x-javascript\n"
+ "Content-Length: 123\n",
+ ",",
+ false,
+ },
+
+ // Checks the case that Content-Length header is missing at the Chromium
+ // client side.
+ {
+ "HTTP/1.1 200 OK \n"
+ "Content-Type: application/javascript \n",
+ "123",
+ false,
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],
+ DataReductionProxyTamperDetection::CONTENTLENGTH);
+ }
+}
+
+// Testcase for RemoveChromeProxyFingerprint function.
+TEST_F(DataReductionProxyTamperDetectionTest, HeaderRemoving) {
+ struct {
+ std::string input_values[10];
+ std::string expected_output_values[10];
+ } test[] = {
+ // Checks the case that there is no Chrome-Proxy header's fingerprint.
+ {
+ {"1", "2", "3", "5",},
+ {"1", "2", "3", "5",},
+ },
+ // Checks the case that there is Chrome-Proxy header's fingerprint.
+ {
+ {"1", "2", "3",
+ std::string(kChromeProxyActionFingerprintChromeProxy) + "=4", "5",},
+ {"1", "2", "3", "5",},
+ },
+ // Checks the case that there is Chrome-Proxy header's fingerprint, and it
+ // occurs at the end.
+ {
+ {"1", "2", "3",
+ std::string(kChromeProxyActionFingerprintChromeProxy) + "=4",},
+ {"1", "2", "3",},
+ },
+ // Checks the case that there is Chrome-Proxy header's fingerprint, and it
+ // occurs at the beginning.
+ {
+ {std::string(kChromeProxyActionFingerprintChromeProxy)
+ + "=1", "2", "3",},
+ {"2", "3",},
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ std::vector<std::string> input_values, output_values;
+ for (size_t j=0; j<ARRAYSIZE_UNSAFE(test[i].input_values); ++j) {
+ if (test[i].input_values[j].size())
+ input_values.push_back(test[i].input_values[j]);
+ }
+ for (size_t j=0; j<ARRAYSIZE_UNSAFE(test[i].expected_output_values); ++j) {
+ if (test[i].expected_output_values[j].size())
+ output_values.push_back(test[i].expected_output_values[j]);
+ }
+
+ DataReductionProxyTamperDetection::RemoveChromeProxyFingerprint(
+ &input_values);
+
+ EXPECT_EQ(input_values, output_values);
+ }
+}
+
+// Testcase for ValuesToSortedString function.
+TEST_F(DataReductionProxyTamperDetectionTest, ValuesToSortedString) {
+ struct {
+ std::string input_values[10];
+ std::string expected_output_string;
+ } test[] = {
+ // Checks the correctness of sorting.
+ {
+ {"1", "2", "3",},
+ "1,2,3,",
+ },
+ // Checks the case that there is an empty input vector.
+ {
+ {},
+ "",
+ },
+ // Checks the case that there is an empty string in the input vector.
+ {
+ {" ",},
+ ",",
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ std::vector<std::string> input_values;
+ for (size_t j=0; j<ARRAYSIZE_UNSAFE(test[i].input_values); ++j) {
+ if (test[i].input_values[j].size()) {
+ if (test[i].input_values[j] == " ")
+ input_values.push_back("");
+ else
+ input_values.push_back(test[i].input_values[j]);
+ }
+ }
+
+ std::string output_string = DataReductionProxyTamperDetection::
+ ValuesToSortedString(&input_values);
+
+ EXPECT_EQ(output_string, test[i].expected_output_string);
+ }
+}
+
+// Testcase for GetHeaderValues function.
+TEST_F(DataReductionProxyTamperDetectionTest, GetHeaderValues) {
+ struct {
+ std::string raw_header;
+ std::string header_name;
+ std::string expected_output_values[10];
+ } test[] = {
+ // Checks the correctness of getting single line header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "test: 1, 2, 3\n",
+ "test",
+ {"1", "2", "3"},
+ },
+ // Checks the correctness of getting multiple lines header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "test: 1, 2, 3\n"
+ "test: 4, 5, 6\n"
+ "test: 7, 8, 9\n",
+ "test",
+ {"1", "2", "3", "4", "5", "6", "7", "8", "9"},
+ },
+ // Checks the correctness of getting missing header.
+ {
+ "HTTP/1.1 200 OK \n",
+ "test",
+ {},
+ },
+ // Checks the correctness of getting empty header.
+ {
+ "HTTP/1.1 200 OK \n"
+ "test: \n",
+ "test",
+ {" "},
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ std::string raw_headers(test[i].raw_header);
+ HeadersToRaw(&raw_headers);
+ scoped_refptr<net::HttpResponseHeaders> headers =
+ new net::HttpResponseHeaders(raw_headers);
+
+ std::vector<std::string> expected_output_values;
+ for (size_t j=0; j<ARRAYSIZE_UNSAFE(test[i].expected_output_values); ++j) {
+ if ((test[i].expected_output_values[j]).size()) {
+ if (test[i].expected_output_values[j] == " ")
+ expected_output_values.push_back("");
+ else
+ expected_output_values.push_back(test[i].expected_output_values[j]);
+ }
+ }
+
+ std::vector<std::string> output_values =
+ DataReductionProxyTamperDetection::GetHeaderValues(
+ headers, test[i].header_name);
+ EXPECT_EQ(expected_output_values, output_values);
+ }
+}
+
+// Testcase for main function CheckResponseFingerprint. First generate
+// simulated response from the data reduction proxy, by replacing fingerprint
+// with its base64 encoded MD5 value and appending it to Chrome-Proxy header.
+// Then runs through function CheckResponseFingerprint.
+TEST_F(DataReductionProxyTamperDetectionTest, Completed) {
+ struct {
+ std::string raw_header;
+ std::string chrome_header;
+ bool expected_contain_tamper_detect_fingerprints;
+ bool expected_tampered_chrome_proxy;
+ bool expected_tampered_via;
+ bool expected_tampered_other_headers;
+ bool expected_tampered_content_length;
+ bool expected_has_chrome_proxy_via_header;
+ } test[] = {
+ // Check normal case, Chrome-Proxy fingerprint doesn't exist
+ {
+ "HTTP/1.1 200 OK \n"
+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"
+ "Content-Length: 12345\n"
+ "header1: header_1\n"
+ "header2: header_2\n"
+ "header3: header_3\n",
+ "a,b,c,d,e," +
+ std::string(kChromeProxyActionFingerprintContentLength) + "=12345," +
+ std::string(kChromeProxyActionFingerprintOtherHeaders) +
+ "=[header_1,;header_2,;header_3,;]|header1|header2|header3," +
+ std::string(kChromeProxyActionFingerprintVia) + "=0,",
+ true,
+ false,
+ false,
+ false,
+ false,
+ true,
+ },
+ };
+
+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {
+ // Replace fingerprint with base64 encoded MD5 value.
+ ReplaceWithEncodedString(&(test[i].chrome_header));
+ // Generate fingerprint for Chrome-Proxy header.
+ std::string chrome_header_fingerprint = GetEncoded(test[i].chrome_header);
+ // Append Chrome-Proxy header to response headers.
+ test[i].raw_header += "Chrome-Proxy: " + test[i].chrome_header +
+ std::string(kChromeProxyActionFingerprintChromeProxy) +
+ "=" + chrome_header_fingerprint + "\n";
+
+ std::string raw_headers(test[i].raw_header);
+ HeadersToRaw(&raw_headers);
+ scoped_refptr<net::HttpResponseHeaders> headers =
+ new net::HttpResponseHeaders(raw_headers);
+
+ // Below copying codes from CheckResponseFingerprint, with checking points
+ // added.
+ std::string chrome_proxy_fingerprint;
+ bool contain_chrome_proxy_fingerprint = GetDataReductionProxyActionValue(
+ headers,
+ kChromeProxyActionFingerprintChromeProxy,
+ &chrome_proxy_fingerprint);
+
+
+ EXPECT_EQ(test[i].expected_contain_tamper_detect_fingerprints,
+ contain_chrome_proxy_fingerprint);
+ if (!contain_chrome_proxy_fingerprint)
+ return;
+ std::vector<std::string> chrome_proxy_header_values =
+ DataReductionProxyTamperDetection::
+ GetHeaderValues(headers, "Chrome-Proxy");
+
+ DataReductionProxyTamperDetection::
+ RemoveChromeProxyFingerprint(&chrome_proxy_header_values);
+
+ DataReductionProxyTamperDetection tamper_detection(
+ headers,
+ true,
+ 0,
+ &chrome_proxy_header_values);
+
+ bool tampered_chrome_proxy =
+ tamper_detection.IsChromeProxyHeaderTampered(chrome_proxy_fingerprint);
+ EXPECT_EQ(test[i].expected_tampered_chrome_proxy, tampered_chrome_proxy);
+ if (tampered_chrome_proxy)
+ return;
+
+ std::map<std::string, DataReductionProxyTamperDetection::FingerprintCode>::
+ iterator it;
+ for (it = tamper_detection.fingerprint_name_code_map_.begin();
+ it != tamper_detection.fingerprint_name_code_map_.end(); ++it) {
+ std::string fingerprint;
+ if (!GetDataReductionProxyActionValue(
+ headers, it->first, &fingerprint)) {
+ continue;
+ }
+
+ bool tampered = false;
+ switch (it->second) {
+ case DataReductionProxyTamperDetection::VIA:
+ bool has_chrome_proxy_via_header;
+ tampered = tamper_detection.IsViaHeaderTampered(
+ fingerprint, &has_chrome_proxy_via_header);
+ EXPECT_EQ(test[i].expected_tampered_via, tampered);
+ EXPECT_EQ(test[i].expected_has_chrome_proxy_via_header,
+ has_chrome_proxy_via_header);
+ break;
+ case DataReductionProxyTamperDetection::OTHERHEADERS:
+ tampered = tamper_detection.AreOtherHeadersTampered(fingerprint);
+ EXPECT_EQ(test[i].expected_tampered_other_headers, tampered);
+ break;
+ case DataReductionProxyTamperDetection::CONTENTLENGTH:
+ tampered = tamper_detection.IsContentLengthHeaderTampered(fingerprint);
+ EXPECT_EQ(test[i].expected_tampered_content_length, tampered);
+ break;
+ default:
+ NOTREACHED();
+ break;
+ }
+ }
+ }
+}
+
+} // namespace
« components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.cc ('K') | « components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698