components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc - Issue 338483002: Chrome Participated Tamper Detect

Unified Diff: components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc

Issue 338483002: Chrome Participated Tamper Detect (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc

diff --git a/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc

new file mode 100644

index 0000000000000000000000000000000000000000..5ed77ae890a846c2d9bf7f8c9ee8965c7d865563

--- /dev/null

+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect_unittest.cc

@@ -0,0 +1,814 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.h"

+#include <string.h>

+#include <algorithm>

+#include <map>

+#include <vector>

+#include "base/base64.h"

+#include "base/md5.h"

+#include "base/strings/string_number_conversions.h"

+#include "base/strings/string_split.h"

+#include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h"

+#include "net/android/network_library.h"

+#include "net/http/http_response_headers.h"

+#include "net/http/http_util.h"

+#include "testing/gtest/include/gtest/gtest.h"

+namespace {

+void HeadersToRaw(std::string* headers) {

+ std::replace(headers->begin(), headers->end(), '\n', '\0');

+ if (!headers->empty())

+ *headers += '\0';

+// Calcuates MD5 hash value for a string and then base64 encode it.

+std::string GetEncoded(const std::string& input) {

+ base::MD5Digest digest;

+ base::MD5Sum(input.c_str(), input.size(), &digest);

+ std::string base64encoded;

+ base::Base64Encode(std::string((char*)digest.a,

+ ARRAYSIZE_UNSAFE(digest.a)), &base64encoded);

+ return base64encoded;

+// Replaces all contents within "[]" by corresponding base64 encoded MD5 value.

+// It can handle nested case like: [[abc]def].

+void ReplaceWithEncodedString(std::string* input) {

+ size_t start, end, temp;

+ while (true) {

+ start = input->find("[");

+ if (start == std::string::npos) break;

+ while (true) {

+ temp = input->find("[", start + 1);

+ end = input->find("]", start + 1);

+ if (end >= 0 && end < temp)

+ break;

+ else

+ start = temp;

+ }

+ std::string need_to_encode = input->substr(start + 1, end - start - 1);

+ *input = input->substr(0, start) + GetEncoded(need_to_encode) +

+ input->substr(end + 1);

+ }

+const int kMaxVectorSize = 10;

+// Put a list of strings into a vector.

+std::vector<std::string> StringsToVector(std::string* input) {

+ std::vector<std::string> vector;

+ for (size_t i=0; i<kMaxVectorSize; ++i) {

+ if (input[i].size()) {

+ if (input[i] == " ")

+ vector.push_back("");

+ else

+ vector.push_back(input[i]);

+ }

+ return vector;

+// Testcase for fingerprint checking functions. |received_fingerprint| is

+// fingerprint received from the data reduction proxy. |expected_tampered| is

+// expected tampered or not result.

+struct TamperDetectionTestCase {

+ std::string label;

+ std::string raw_header;

+ std::string received_fingerprint;

+ bool expected_tampered;

+ bool expected_has_chrome_proxy_via_header;

+};

+} // namespace

+namespace data_reduction_proxy {

+class DataReductionProxyTamperDetectionTest : public testing::Test {

+ public:

+ static void TestFingerprintCommon(const TamperDetectionTestCase& test,

+ DataReductionProxyTamperDetection::FingerprintCode fingerprint);

+};

+// Common function for testing fingerprint checking functions. For a given

+// header string |test.raw_header|, generates HttpResponseHeaders |headers| and

+// checks specified fingerprint checking function returns expected result or

+// not.

+void DataReductionProxyTamperDetectionTest::TestFingerprintCommon(

+ const TamperDetectionTestCase& test,

+ DataReductionProxyTamperDetection::FingerprintCode fingerprint_code) {

+ std::string raw_headers(test.raw_header);

+ HeadersToRaw(&raw_headers);

+ net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(raw_headers);

+ // Removes Chrome-Proxy header's fingerprint from Chrome-Proxy header.

+ std::vector<std::string> chrome_proxy_header_values =

+ DataReductionProxyTamperDetection::

+ GetHeaderValues(headers, "Chrome-Proxy");

+ DataReductionProxyTamperDetection::RemoveChromeProxyFingerprint(

+ &chrome_proxy_header_values);

+ DataReductionProxyTamperDetection tamper_detection(

+ headers, true, 0, &chrome_proxy_header_values);

+ bool tampered, has_chrome_proxy_via_header = false;

+ switch (fingerprint_code) {

+ case DataReductionProxyTamperDetection::CHROMEPROXY:

+ tampered = tamper_detection.IsChromeProxyHeaderTampered(

+ test.received_fingerprint);

+ break;

+ case DataReductionProxyTamperDetection::VIA:

+ tampered = tamper_detection.IsViaHeaderTampered(

+ test.received_fingerprint, &has_chrome_proxy_via_header);

+ EXPECT_EQ(test.expected_has_chrome_proxy_via_header,

+ has_chrome_proxy_via_header) << test.label;

+ break;

+ case DataReductionProxyTamperDetection::OTHERHEADERS:

+ tampered = tamper_detection.AreOtherHeadersTampered(

+ test.received_fingerprint);

+ break;

+ case DataReductionProxyTamperDetection::CONTENTLENGTH:

+ tampered = tamper_detection.IsContentLengthHeaderTampered(

+ test.received_fingerprint);

+ break;

+ case DataReductionProxyTamperDetection::NONEXIST:

+ default:

+ NOTREACHED();

+ break;

+ }

+ EXPECT_EQ(test.expected_tampered, tampered) << test.label;

+// Checks function IsChromeProxyHeaderTampered.

+TEST_F(DataReductionProxyTamperDetectionTest, ChromeProxy) {

+ // |received_fingerprint| is not the actual fingerprint from data reduction

+ // proxy, instead, the base64 encoded field is in plain text (within "[]")

+ // and needs to be encoded first.

+ TamperDetectionTestCase test[] = {

+ {

+ "Checks sorting.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: c,b,a,3,2,1,fcp=f\n",

+ "[1,2,3,a,b,c,]",

+ false,

+ },

+ {

+ "Checks Chrome-Proxy's fingerprint removing.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a,b,c,d,e,3,2,1,fcp=f\n",

+ "[1,2,3,a,b,c,d,e,]",

+ false,

+ },

+ {

+ "Checks no Chrome-Proxy header case (should not happen).",

+ "HTTP/1.1 200 OK\n",

+ "[]",

+ false,

+ },

+ {

+ "Checks empty Chrome-Proxy header case (should not happen).",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: \n",

+ "[,]",

+ false,

+ },

+ {

+ "Checks Chrome-Proxy header with its fingerprint only case.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: fcp=f\n",

+ "[]",

+ false,

+ },

+ {

+ "Checks empty Chrome-Proxy header case, with extra ',' and ' '",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: fcp=f , \n",

+ "[]",

+ false,

+ },

+ {

+ "Changed no value to empty value.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: fcp=f\n",

+ "[,]",

+ true,

+ },

+ {

+ "Changed header values.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a,b=2,c,d=1,fcp=f\n",

+ "[a,b=3,c,d=1,]",

+ true,

+ },

+ {

+ "Changed order of header values.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: c,b,a,fcp=1\n",

+ "[c,b,a,]",

+ true,

+ },

+ {

+ "Checks Chrome-Proxy header with extra ' '.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a , b , c, d, fcp=f\n",

+ "[a,b,c,d,]",

+ false

+ },

+ {

+ "Check Chrome-Proxy header with multiple lines and ' '.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a , c , d, fcp=f \n"

+ "Chrome-Proxy: b \n",

+ "[a,b,c,d,]",

+ false

+ },

+ {

+ "Checks Chrome-Proxy header with multiple lines, at different positions",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a \n"

+ "Chrome-Proxy: c \n"

+ "Content-Type: 1\n"

+ "Cache-Control: 2\n"

+ "ETag: 3\n"

+ "Chrome-Proxy: b \n"

+ "Connection: 4\n"

+ "Expires: 5\n"

+ "Chrome-Proxy: fcp=f \n"

+ "Via: \n"

+ "Content-Length: 12345\n",

+ "[a,b,c,]",

+ false

+ },

+ {

+ "Checks Chrome-Proxy header with multiple same values.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a \n"

+ "Chrome-Proxy: b\n"

+ "Chrome-Proxy: c\n"

+ "Chrome-Proxy: d, fcp=f \n"

+ "Chrome-Proxy: a \n",

+ "[a,a,b,c,d,]",

+ false

+ },

+ {

+ "Changed Chrome-Proxy header with multiple lines..",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a\n"

+ "Chrome-Proxy: b\n"

+ "Chrome-Proxy: c,fcp=f\n",

+ "[a,b,c,]",

+ true,

+ },

+ {

+ "Checks case whose received fingerprint is empty.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a,b,c,fcp=1\n",

+ "[]",

+ true,

+ },

+ {

+ "Checks case whose received fingerprint cannot be base64 decoded.",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: a,b,c,fcp=1\n",

+ "not_base64_encoded",

+ true,

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ ReplaceWithEncodedString(&test[i].received_fingerprint);

+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],

+ DataReductionProxyTamperDetection::CHROMEPROXY);

+ }

+// Check function IsViaHeaderTampered.

+TEST_F(DataReductionProxyTamperDetectionTest, Via) {

+ TamperDetectionTestCase test[] = {

+ {

+ "Checks the case that Chrome-Compression-Proxy occurs at the last.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a, b, c, 1.1 Chrome-Compression-Proxy\n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks when there is intermediary.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a, b, c, 1.1 Chrome-Compression-Proxy, xyz\n",

+ "",

+ true,

+ },

+ {

+ "Checks the case of empty Via header.",

+ "HTTP/1.1 200 OK\n"

+ "Via: \n",

+ "",

+ false,

+ },

+ {

+ "Checks the case that only the data reduction proxy's Via header occurs.",

+ "HTTP/1.1 200 OK\n"

+ "Via: 1.1 Chrome-Compression-Proxy \n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks the case that there are ' ', i.e., empty value after the data"

+ " reduction proxy's Via header.",

+ "HTTP/1.1 200 OK\n"

+ "Via: 1.1 Chrome-Compression-Proxy , , \n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks the case when there is no Via header",

+ "HTTP/1.1 200 OK\n",

+ "",

+ false,

+ },

+ // Same to above test cases, but with deprecated data reduciton proxy Via

+ // header.

+ {

+ "Checks the case that Chrome Compression Proxy occurs at the last.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a, b, c, 1.1 Chrome Compression Proxy\n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks when there is intermediary.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a, b, c, 1.1 Chrome Compression Proxy, xyz\n",

+ "",

+ true,

+ },

+ {

+ "Checks the case of empty Via header.",

+ "HTTP/1.1 200 OK\n"

+ "Via: \n",

+ "",

+ false,

+ },

+ {

+ "Checks the case that only the data reduction proxy's Via header occurs.",

+ "HTTP/1.1 200 OK\n"

+ "Via: 1.1 Chrome Compression Proxy \n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks the case that there are ' ', i.e., empty value after the data"

+ "reduction proxy's Via header.",

+ "HTTP/1.1 200 OK\n"

+ "Via: 1.1 Chrome Compression Proxy , , \n",

+ "",

+ false,

+ true,

+ },

+ {

+ "Checks the case when there is no Via header",

+ "HTTP/1.1 200 OK\n",

+ "",

+ false,

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],

+ DataReductionProxyTamperDetection::VIA);

+ }

+// Checks function AreOtherHeadersTampered.

+TEST_F(DataReductionProxyTamperDetectionTest, OtherHeaders) {

+ // For following testcases, |received_fingerprint| is not the actual

+ // fingerprint from data reduction proxy, instead, the base64 encoded field

+ // is in plain text (within "[]") and needs to be encoded first. For example,

+ // "[12345;]|content-length" needs to be encoded to

+ // "Base64Encoded(MD5(12345;))|content-length" before calling the checking

+ // function.

+ TamperDetectionTestCase test[] = {

+ {

+ "Checks the case that only one header is requested.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: 12345\n",

+ "[12345,;]|content-length",

+ false

+ },

+ {

+ "Checks the case that there is only one requested header and it does not"

+ "exist.",

+ "HTTP/1.1 200 OK\n",

+ "[;]|non_exist_header",

+ false

+ },

+ {

+ "Checks the case of multiple headers are requested.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: 1\n"

+ "Cache-Control: 2\n"

+ "ETag: 3\n"

+ "Connection: 4\n"

+ "Expires: 5\n",

+ false

+ },

+ {

+ "Checks the case that one header has multiple values.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: aaa1, bbb1, ccc1\n"

+ "Cache-Control: aaa2\n",

+ "[aaa1,bbb1,ccc1,;aaa2,;]|content-type|cache-control",

+ false

+ },

+ {

+ "Checks the case that one header has multiple lines.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: aaa1, ccc1\n"

+ "Content-Type: xxx1, bbb1, ccc1\n"

+ "Cache-Control: aaa2\n",

+ "[aaa1,bbb1,ccc1,ccc1,xxx1,;aaa2,;]|content-type|cache-control",

+ false

+ },

+ {

+ "Checks the case that more than one headers have multiple values.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: aaa1, ccc1\n"

+ "Cache-Control: ccc2 , bbb2\n"

+ "Content-Type: bbb1, ccc1\n"

+ "Cache-Control: aaa2 \n",

+ "[aaa1,bbb1,ccc1,ccc1,;aaa2,bbb2,ccc2,;]|content-type|cache-control",

+ false

+ },

+ {

+ "Checks the case that one of the requested headers is missing (Expires).",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: aaa1, ccc1\n",

+ "[aaa1,ccc1,;;]|content-type|expires",

+ false

+ },

+ {

+ "Checks the case that some of the requested headers have empty value.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: \n"

+ "Cache-Control: \n",

+ "[,;,;]|content-type|cache-control",

+ false

+ },

+ {

+ "Checks the case that all the requested headers are missing.",

+ "HTTP/1.1 200 OK\n",

+ "[;;]|content-type|expires",

+ false

+ },

+ {

+ "Checks the case that some headers are missing, some of them are empty.",

+ "HTTP/1.1 200 OK\n"

+ "Cache-Control: \n",

+ "[;,;]|content-type|cache-control",

+ false

+ },

+ {

+ "Checks the case there is no requested header (header list is empty).",

+ "HTTP/1.1 200 OK\n"

+ "Chrome-Proxy: aut=aauutthh,bbbypas=0,aaxxx=xxx,bbbloc=1\n"

+ "Content-Type: 1\n"

+ "Cache-Control: 2\n",

+ "[]",

+ false

+ },

+ {

+ "Checks tampered requested header values.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Type: aaa1, ccc1\n"

+ "Cache-Control: ccc2 , bbb2\n",

+ "[aaa1,bbb1,;bbb2,ccc2,;]|content-type|cache-control",

+ true

+ },

+ /* will lead to NOTREACHED() */

+ /*

+ {

+ "Checks the case that base64 decoding fails.",

+ "HTTP/1.1 200 OK\n"

+ "Cache-Control: \n"

+ "Connection: \n"

+ "Expires: 5\n"

+ "Via: \n"

+ "Content-Length: 12345\n",

+ true

+ },

+ */

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ ReplaceWithEncodedString(&(test[i].received_fingerprint));

+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],

+ DataReductionProxyTamperDetection::OTHERHEADERS);

+ }

+// Checks function IsContentLengthTampered.

+TEST_F(DataReductionProxyTamperDetectionTest, ContentLength) {

+ TamperDetectionTestCase test[] = {

+ {

+ "Checks the case fingerprint matches received response.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: 12345\n",

+ "12345",

+ false,

+ },

+ {

+ "Checks case that response got modified.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: 12345\n",

+ "125",

+ true,

+ },

+ {

+ "Checks the case that the data reduction proxy has not sent"

+ "Content-Length header.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: 12345\n",

+ "",

+ false,

+ },

+ {

+ "Checks the case that the data reduction proxy sends invalid"

+ "Content-Length header.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: 12345\n",

+ "aaa",

+ false,

+ },

+ {

+ "Checks the case that the data reduction proxy sends invalid"

+ "Content-Length header.",

+ "HTTP/1.1 200 OK\n"

+ "Content-Length: aaa\n",

+ "aaa",

+ false,

+ },

+ {

+ "Checks the case that Content-Length header is missing at the Chromium"

+ "client side.",

+ "HTTP/1.1 200 OK\n",

+ "123",

+ false,

+ },

+ {

+ "Checks the case that Content-Length header are missing at both end.",

+ "HTTP/1.1 200 OK\n",

+ "",

+ false,

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ DataReductionProxyTamperDetectionTest::TestFingerprintCommon(test[i],

+ DataReductionProxyTamperDetection::CONTENTLENGTH);

+ }

+// Testcase for RemoveChromeProxyFingerprint function.

+TEST_F(DataReductionProxyTamperDetectionTest, HeaderRemoving) {

+ struct {

+ std::string label;

+ std::string input_values[kMaxVectorSize];

+ std::string expected_output_values[kMaxVectorSize];

+ } test[] = {

+ {

+ "Checks the case that there is no Chrome-Proxy header's fingerprint.",

+ {"1", "2", "3", "5",},

+ },

+ {

+ "Checks the case that there is Chrome-Proxy header's fingerprint.",

+ {"1", "2", "3", "fcp=4", "5",},

+ {"1", "2", "3", "5",},

+ },

+ {

+ "Checks the case that there is Chrome-Proxy header's fingerprint, and it"

+ "occurs at the end.",

+ {"1", "2", "3", "fcp=4",},

+ {"1", "2", "3",},

+ },

+ {

+ "Checks the case that there is Chrome-Proxy header's fingerprint, and it"

+ "occurs at the beginning.",

+ {"fcp=1", "2", "3",},

+ {"2", "3",},

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ std::vector<std::string> input_values =

+ StringsToVector(test[i].input_values);

+ std::vector<std::string> output_values =

+ StringsToVector(test[i].expected_output_values);

+ DataReductionProxyTamperDetection::RemoveChromeProxyFingerprint(

+ &input_values);

+ EXPECT_EQ(input_values, output_values) << test[i].label;

+ }

+// Testcase for ValuesToSortedString function.

+TEST_F(DataReductionProxyTamperDetectionTest, ValuesToSortedString) {

+ struct {

+ std::string label;

+ std::string input_values[kMaxVectorSize];

+ std::string expected_output_string;

+ } test[] = {

+ {

+ "Checks the correctness of sorting.",

+ {"1", "2", "3",},

+ "1,2,3,",

+ },

+ {

+ "Checks the case that there is an empty input vector.",

+ {},

+ "",

+ },

+ {

+ "Checks the case that there is an empty string in the input vector.",

+ // Use " " to represent empty value.

+ {" ",},

+ ",",

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ std::vector<std::string> input_values =

+ StringsToVector(test[i].input_values);

+ std::string output_string = DataReductionProxyTamperDetection::

+ ValuesToSortedString(&input_values);

+ EXPECT_EQ(output_string, test[i].expected_output_string) << test[i].label;

+ }

+// Testcase for GetHeaderValues function.

+TEST_F(DataReductionProxyTamperDetectionTest, GetHeaderValues) {

+ struct {

+ std::string label;

+ std::string raw_header;

+ std::string header_name;

+ std::string expected_output_values[kMaxVectorSize];

+ } test[] = {

+ {

+ "Checks the correctness of getting single line header.",

+ "HTTP/1.1 200 OK\n"

+ "test: 1, 2, 3\n",

+ "test",

+ {"1", "2", "3"},

+ },

+ {

+ "Checks the correctness of getting multiple lines header.",

+ "HTTP/1.1 200 OK\n"

+ "test: 1, 2, 3\n"

+ "test: 4, 5, 6\n"

+ "test: 7, 8, 9\n",

+ "test",

+ {"1", "2", "3", "4", "5", "6", "7", "8", "9"},

+ },

+ {

+ "Checks the correctness of getting missing header.",

+ "HTTP/1.1 200 OK\n",

+ "test",

+ {},

+ },

+ {

+ "Checks the correctness of getting empty header.",

+ "HTTP/1.1 200 OK\n"

+ "test: \n",

+ "test",

+ {" "},

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ std::string raw_headers(test[i].raw_header);

+ HeadersToRaw(&raw_headers);

+ net::HttpResponseHeaders* headers =

+ new net::HttpResponseHeaders(raw_headers);

+ std::vector<std::string> expected_output_values =

+ StringsToVector(test[i].expected_output_values);

+ std::vector<std::string> output_values =

+ DataReductionProxyTamperDetection::GetHeaderValues(

+ headers, test[i].header_name);

+ EXPECT_EQ(expected_output_values, output_values) << test[i].label;

+ }

+// Testcase for main function DetectAndReport.

+TEST_F(DataReductionProxyTamperDetectionTest, DetectAndReport) {

+ struct {

+ std::string label;

+ std::string raw_header;

+ bool expected_tampered_with;

+ } test[] = {

+ {

+ "Check no fingerprint added case.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"

+ "Content-Length: 12345\n"

+ "Chrome-Proxy: bypass=0\n",

+ false,

+ },

+ {

+ "Check the case Chrome-Proxy fingerprint doesn't match.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"

+ "Content-Length: 12345\n"

+ "header1: header_1\n"

+ "header2: header_2\n"

+ "header3: header_3\n"

+ "Chrome-Proxy: fcl=12345, "

+ "foh=[header_1,;header_2,;header_3,;]|header1|header2|header3,fvia=0,"

+ "fcp=abc\n",

+ true,

+ },

+ {

+ "Check the case response matches the fingerprint completely.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"

+ "Content-Length: 12345\n"

+ "header1: header_1\n"

+ "header2: header_2\n"

+ "header3: header_3\n"

+ "Chrome-Proxy: fcl=12345, "

+ "foh=[header_1,;header_2,;header_3,;]|header1|header2|header3,"

+ "fvia=0, fcp=[fcl=12345,foh=[header_1,;header_2,;header_3,;]"

+ "|header1|header2|header3,fvia=0,]\n",

+ false,

+ },

+ {

+ "Check the case response matches the fingerprint completely.",

bolian 2014/07/24 07:11:58 Is this the same the one above?

xingx 2014/07/24 18:35:52 Done.

+ "HTTP/1.1 200 OK\n"

+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"

+ "Content-Length: 12345\n"

+ "header1: header_1\n"

+ "header2: header_2\n"

+ "header3: header_3\n"

+ "Chrome-Proxy: fcl=12345, "

+ "foh=[header_1,;header_2,;header_3,;]|header1|header2|header3, fvia=0,"

+ "fcp=[fcl=12345,foh=[header_1,;header_2,;header_3,;]"

+ "|header1|header2|header3,fvia=0,]\n",

+ false,

+ },

+ {

+ "Check the case that Content-Length doesn't match.",

+ "HTTP/1.1 200 OK\n"

+ "Via: a1, b2, 1.1 Chrome-Compression-Proxy\n"

+ "Content-Length: 0\n"

+ "header1: header_1\n"

+ "header2: header_2\n"

+ "header3: header_3\n"

+ "Chrome-Proxy: fcl=12345, "

+ "foh=[header_1,;header_2,;header_3,;]|header1|header2|header3, fvia=0, "

+ "fcp=[fcl=12345,foh=[header_1,;header_2,;header_3,;]|"

+ "header1|header2|header3,fvia=0,]\n",

+ true,

+ },

+ };

+ for (size_t i=0; i<ARRAYSIZE_UNSAFE(test); ++i) {

+ std::string raw_headers(test[i].raw_header);

+ ReplaceWithEncodedString(&raw_headers);

+ HeadersToRaw(&raw_headers);

+ net::HttpResponseHeaders* headers =

+ new net::HttpResponseHeaders(raw_headers);

+ EXPECT_EQ(test[i].expected_tampered_with,

+ DataReductionProxyTamperDetection::DetectAndReport(headers, true))

+ << test[i].label;

+ }

+} // namespace