Mostly integrate new malware IP blacklist with the csd client. When

chrome/browser/safe_browsing/client_side_detection_host_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
 #include "base/synchronization/waitable_event.h"
@@ skipping 121 matching lines @@
  private:
   DISALLOW_COPY_AND_ASSIGN(MockSafeBrowsingUIManager);
 };
 
 class MockSafeBrowsingDatabaseManager : public SafeBrowsingDatabaseManager {
  public:
   explicit MockSafeBrowsingDatabaseManager(SafeBrowsingService* service)
       : SafeBrowsingDatabaseManager(service) { }
 
   MOCK_METHOD1(MatchCsdWhitelistUrl, bool(const GURL&));
+  MOCK_METHOD1(MatchMalwareIP, bool(const std::string& ip_address));
 
  protected:
   virtual ~MockSafeBrowsingDatabaseManager() {}
 
  private:
   DISALLOW_COPY_AND_ASSIGN(MockSafeBrowsingDatabaseManager);
 };
 
 class MockTestingProfile : public TestingProfile {
  public:
   MockTestingProfile() {}
   virtual ~MockTestingProfile() {}
 
   MOCK_CONST_METHOD0(IsOffTheRecord, bool());
 };
 
 class MockBrowserFeatureExtractor : public BrowserFeatureExtractor {
  public:
   explicit MockBrowserFeatureExtractor(
       WebContents* tab,
-      ClientSideDetectionService* service)
-      : BrowserFeatureExtractor(tab, service) {}
+      ClientSideDetectionHost* host)
+      : BrowserFeatureExtractor(tab, host) {}
   virtual ~MockBrowserFeatureExtractor() {}
 
   MOCK_METHOD3(ExtractFeatures,
-               void(const BrowseInfo* info,
+               void(const BrowseInfo*,
                     ClientPhishingRequest*,
                     const BrowserFeatureExtractor::DoneCallback&));
 
-  MOCK_METHOD2(ExtractMalwareFeatures,
-               void(const BrowseInfo* info,
-                    ClientMalwareRequest*));
+  MOCK_METHOD3(ExtractMalwareFeatures,
+               void(const BrowseInfo&,
+                    ClientMalwareRequest*,
+                    const BrowserFeatureExtractor::MalwareDoneCallback&));
 };
 
 }  // namespace
 
 class ClientSideDetectionHostTest : public ChromeRenderViewHostTestHarness {
  public:
   typedef SafeBrowsingUIManager::UnsafeResource UnsafeResource;
 
   virtual void SetUp() {
     ChromeRenderViewHostTestHarness::SetUp();
@@ skipping 141 matching lines @@
 // Crashes on Blink canary bots: http://crbug.com/299149
 TEST_F(ClientSideDetectionHostTest,
        DISABLED_OnPhishingDetectionDoneInvalidVerdict) {
 #else
 TEST_F(ClientSideDetectionHostTest, OnPhishingDetectionDoneInvalidVerdict) {
 #endif
   // Case 0: renderer sends an invalid verdict string that we're unable to
   // parse.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _)).Times(0);
   OnPhishingDetectionDone("Invalid Protocol Buffer");
   EXPECT_TRUE(Mock::VerifyAndClear(mock_extractor));
 }
 
 TEST_F(ClientSideDetectionHostTest, OnPhishingDetectionDoneNotPhishing) {
   // Case 1: client thinks the page is phishing.  The server does not agree.
   // No interstitial is shown.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb;
   ClientPhishingRequest verdict;
   verdict.set_url("http://phishingurl.com/");
   verdict.set_client_score(1.0f);
   verdict.set_is_phishing(true);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _))
       .WillOnce(DoAll(DeleteArg<1>(),
                       InvokeCallbackArgument<2>(true, &verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
-  EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   ASSERT_FALSE(cb.is_null());
 
   // Make sure DoDisplayBlockingPage is not going to be called.
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_)).Times(0);
   cb.Run(GURL(verdict.url()), false);
   base::RunLoop().RunUntilIdle();
   EXPECT_TRUE(Mock::VerifyAndClear(ui_manager_.get()));
 }
 
 TEST_F(ClientSideDetectionHostTest, OnPhishingDetectionDoneDisabled) {
   // Case 2: client thinks the page is phishing and so does the server but
   // showing the interstitial is disabled => no interstitial is shown.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb;
   ClientPhishingRequest verdict;
   verdict.set_url("http://phishingurl.com/");
   verdict.set_client_score(1.0f);
   verdict.set_is_phishing(true);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _))
       .WillOnce(DoAll(DeleteArg<1>(),
                       InvokeCallbackArgument<2>(true, &verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
-  EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   ASSERT_FALSE(cb.is_null());
 
   // Make sure DoDisplayBlockingPage is not going to be called.
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_)).Times(0);
   cb.Run(GURL(verdict.url()), false);
   base::RunLoop().RunUntilIdle();
   EXPECT_TRUE(Mock::VerifyAndClear(ui_manager_.get()));
 }
 
 TEST_F(ClientSideDetectionHostTest, OnPhishingDetectionDoneShowInterstitial) {
   // Case 3: client thinks the page is phishing and so does the server.
   // We show an interstitial.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb;
   GURL phishing_url("http://phishingurl.com/");
   ClientPhishingRequest verdict;
   verdict.set_url(phishing_url.spec());
   verdict.set_client_score(1.0f);
   verdict.set_is_phishing(true);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _))
       .WillOnce(DoAll(DeleteArg<1>(),
                       InvokeCallbackArgument<2>(true, &verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
   ASSERT_FALSE(cb.is_null());
 
   UnsafeResource resource;
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_))
       .WillOnce(SaveArg<0>(&resource));
   cb.Run(phishing_url, true);
 
   base::RunLoop().RunUntilIdle();
   EXPECT_TRUE(Mock::VerifyAndClear(ui_manager_.get()));
@@ skipping 15 matching lines @@
 }
 
 TEST_F(ClientSideDetectionHostTest, OnPhishingDetectionDoneMultiplePings) {
   // Case 4 & 5: client thinks a page is phishing then navigates to
   // another page which is also considered phishing by the client
   // before the server responds with a verdict.  After a while the
   // server responds for both requests with a phishing verdict.  Only
   // a single interstitial is shown for the second URL.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb;
   GURL phishing_url("http://phishingurl.com/");
   ClientPhishingRequest verdict;
   verdict.set_url(phishing_url.spec());
   verdict.set_client_score(1.0f);
   verdict.set_is_phishing(true);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _))
       .WillOnce(DoAll(DeleteArg<1>(),
                       InvokeCallbackArgument<2>(true, &verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
   ASSERT_FALSE(cb.is_null());
 
   // Set this back to a normal browser feature extractor since we're using
   // NavigateAndCommit() and it's easier to use the real thing than setting up
   // mock expectations.
   SetFeatureExtractor(new BrowserFeatureExtractor(web_contents(),
-                                                  csd_service_.get()));
+                                                  csd_host_.get()));
   GURL other_phishing_url("http://other_phishing_url.com/bla");
   ExpectPreClassificationChecks(other_phishing_url, &kFalse, &kFalse, &kFalse,
                                 &kFalse, &kFalse, &kFalse);
   // We navigate away.  The callback cb should be revoked.
   NavigateAndCommit(other_phishing_url);
   // Wait for the pre-classification checks to finish for other_phishing_url.
   WaitAndCheckPreClassificationChecks();
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb_other;
   verdict.set_url(other_phishing_url.spec());
   verdict.set_client_score(0.8f);
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(DoAll(DeleteArg<0>(),
                       SaveArg<1>(&cb_other),
                       QuitUIMessageLoop()));
   std::vector<GURL> redirect_chain;
   redirect_chain.push_back(other_phishing_url);
   SetRedirectChain(redirect_chain);
   OnPhishingDetectionDone(verdict.SerializeAsString());
   base::MessageLoop::current()->Run();
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
   ASSERT_FALSE(cb_other.is_null());
 
   // We expect that the interstitial is shown for the second phishing URL and
   // not for the first phishing URL.
   UnsafeResource resource;
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_))
       .WillOnce(SaveArg<0>(&resource));
 
   cb.Run(phishing_url, true);  // Should have no effect.
@@ skipping 16 matching lines @@
       FROM_HERE,
       base::Bind(&MockSafeBrowsingUIManager::InvokeOnBlockingPageComplete,
                  ui_manager_, resource.callback));
 }
 
 TEST_F(ClientSideDetectionHostTest,
        OnPhishingDetectionDoneVerdictNotPhishing) {
   // Case 6: renderer sends a verdict string that isn't phishing.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientPhishingRequest verdict;
   verdict.set_url("http://not-phishing.com/");
   verdict.set_client_score(0.1f);
   verdict.set_is_phishing(false);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _)).Times(0);
   OnPhishingDetectionDone(verdict.SerializeAsString());
   EXPECT_TRUE(Mock::VerifyAndClear(mock_extractor));
@@ skipping 18 matching lines @@
 
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), CallbackIsNull()))
       .WillOnce(DoAll(DeleteArg<0>(), QuitUIMessageLoop()));
   std::vector<GURL> redirect_chain;
   redirect_chain.push_back(url);
   SetRedirectChain(redirect_chain);
   OnPhishingDetectionDone(verdict.SerializeAsString());
   base::MessageLoop::current()->Run();
-  EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
 }
 
 TEST_F(ClientSideDetectionHostTest, UpdateIPUrlMap) {
   BrowseInfo* browse_info = GetBrowseInfo();
 
   // Empty IP or host are skipped
   UpdateIPUrlMap("250.10.10.10", std::string());
   ASSERT_EQ(0U, browse_info->ips.size());
   UpdateIPUrlMap(std::string(), "http://google.com/a");
   ASSERT_EQ(0U, browse_info->ips.size());
@@ skipping 41 matching lines @@
   expected_urls.insert("more.com/");
   EXPECT_EQ(expected_urls, browse_info->ips["100.100.100.256"]);
 }
 
 TEST_F(ClientSideDetectionHostTest,
        OnPhishingDetectionDoneVerdictNotPhishingNotMalwareIP) {
   // Case 7: renderer sends a verdict string that isn't phishing and not matches
   // malware bad IP list
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientPhishingRequest verdict;
   verdict.set_url("http://not-phishing.com/");
   verdict.set_client_score(0.1f);
   verdict.set_is_phishing(false);
 
   ClientMalwareRequest malware_verdict;
   malware_verdict.set_url("http://not-phishing.com/");
 
-  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _))
-      .WillOnce(SetArgumentPointee<1>(malware_verdict));
+  // That is a special case.  If there were no IP matches or if feature
+  // extraction failed the callback will delete the malware_verdict.
+  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _, _))
+      .WillOnce(DoAll(
+          DeleteArg<1>(),
+          InvokeCallbackArgument<2>(
+              true,
+              new ClientMalwareRequest(malware_verdict))));
   EXPECT_CALL(*csd_service_,
               SendClientReportMalwareRequest(_, _)).Times(0);
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _)).Times(0);
 
   OnPhishingDetectionDone(verdict.SerializeAsString());
   EXPECT_TRUE(Mock::VerifyAndClear(mock_extractor));
 }
 
 TEST_F(ClientSideDetectionHostTest,
        OnPhishingDetectionDoneVerdictNotPhishingButMalwareIP) {
   // Case 8: renderer sends a verdict string that isn't phishing but matches
   // malware bad IP list
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientPhishingRequest verdict;
   verdict.set_url("http://not-phishing.com/");
   verdict.set_client_score(0.1f);
   verdict.set_is_phishing(false);
 
   ClientMalwareRequest malware_verdict;
   malware_verdict.set_url("http://not-phishing.com/");
   ClientMalwareRequest::Feature* feature = malware_verdict.add_feature_map();
   feature->set_name("malwareip1.2.3.4");
   feature->set_value(1.0);
   feature->add_metainfo("badip.com");
 
-  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _))
-      .WillOnce(SetArgumentPointee<1>(malware_verdict));
+  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _, _))
+      .WillOnce(DoAll(DeleteArg<1>(),
+                      InvokeCallbackArgument<2>(true, &malware_verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportMalwareRequest(
                   Pointee(PartiallyEqualMalwareVerdict(malware_verdict)), _))
-      .WillOnce(DeleteArg<0>());
+      .Times(1);
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _)).Times(0);
 
   OnPhishingDetectionDone(verdict.SerializeAsString());
   EXPECT_TRUE(Mock::VerifyAndClear(mock_extractor));
 }
 
 TEST_F(ClientSideDetectionHostTest,
        OnPhishingDetectionDoneVerdictPhishingAndMalwareIP) {
   // Case 9: renderer sends a verdict string that is phishing and matches
   // malware bad IP list
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientSideDetectionService::ClientReportPhishingRequestCallback cb;
   ClientPhishingRequest verdict;
   verdict.set_url("http://not-phishing.com/");
   verdict.set_client_score(0.1f);
   verdict.set_is_phishing(true);
 
   ClientMalwareRequest malware_verdict;
   malware_verdict.set_url("http://not-phishing.com/");
   ClientMalwareRequest::Feature* feature = malware_verdict.add_feature_map();
   feature->set_name("malwareip1.2.3.4");
   feature->set_value(1.0);
   feature->add_metainfo("badip.com");
 
-  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _))
-      .WillOnce(SetArgumentPointee<1>(malware_verdict));
+  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _, _))
+      .WillOnce(DoAll(DeleteArg<1>(),
+                      InvokeCallbackArgument<2>(true, &malware_verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportMalwareRequest(
                   Pointee(PartiallyEqualMalwareVerdict(malware_verdict)), _))
-      .WillOnce(DeleteArg<0>());
+      .Times(1);
 
   EXPECT_CALL(*mock_extractor, ExtractFeatures(_, _, _))
       .WillOnce(DoAll(DeleteArg<1>(),
                       InvokeCallbackArgument<2>(true, &verdict)));
 
   EXPECT_CALL(*csd_service_,
               SendClientReportPhishingRequest(
                   Pointee(PartiallyEqualVerdict(verdict)), _))
       .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
   EXPECT_TRUE(Mock::VerifyAndClear(mock_extractor));
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
   ASSERT_FALSE(cb.is_null());
 }
 
 TEST_F(ClientSideDetectionHostTest,
        OnPhishingDetectionDoneShowMalwareInterstitial) {
   // Case 10: client thinks the page match malware IP and so does the server.
   // We show an sub-resource malware interstitial.
   MockBrowserFeatureExtractor* mock_extractor = new MockBrowserFeatureExtractor(
       web_contents(),
-      csd_service_.get());
+      csd_host_.get());
   SetFeatureExtractor(mock_extractor);  // The host class takes ownership.
 
   ClientPhishingRequest verdict;
   verdict.set_url("http://not-phishing.com/");
   verdict.set_client_score(0.1f);
   verdict.set_is_phishing(false);
 
   ClientSideDetectionService::ClientReportMalwareRequestCallback cb;
   GURL malware_landing_url("http://malware.com/");
   GURL malware_ip_url("http://badip.com");
   ClientMalwareRequest malware_verdict;
   malware_verdict.set_url("http://malware.com/");
   ClientMalwareRequest::Feature* feature = malware_verdict.add_feature_map();
   feature->set_name("malwareip1.2.3.4");
   feature->set_value(1.0);
   feature->add_metainfo("http://badip.com");
 
-  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _))
-      .WillOnce(SetArgumentPointee<1>(malware_verdict));
+  EXPECT_CALL(*mock_extractor, ExtractMalwareFeatures(_, _, _))
+      .WillOnce(DoAll(DeleteArg<1>(),
+                      InvokeCallbackArgument<2>(true, &malware_verdict)));
   EXPECT_CALL(*csd_service_,
               SendClientReportMalwareRequest(
                   Pointee(PartiallyEqualMalwareVerdict(malware_verdict)), _))
-      .WillOnce(DoAll(DeleteArg<0>(),
-                      SaveArg<1>(&cb)));
+      .WillOnce(SaveArg<1>(&cb));
   OnPhishingDetectionDone(verdict.SerializeAsString());
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
   ASSERT_FALSE(cb.is_null());
 
   UnsafeResource resource;
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_))
       .WillOnce(SaveArg<0>(&resource));
   cb.Run(malware_landing_url, malware_ip_url, true);
 
   base::RunLoop().RunUntilIdle();
   EXPECT_TRUE(Mock::VerifyAndClear(ui_manager_.get()));
@@ skipping 175 matching lines @@
 
   UnsafeResource resource;
   EXPECT_CALL(*ui_manager_.get(), DoDisplayBlockingPage(_))
       .WillOnce(SaveArg<0>(&resource));
 
   NavigateAndCommit(url);
   // Wait for CheckCsdWhitelist and CheckCache() to be called.
   base::RunLoop().RunUntilIdle();
   // Now we check that all expected functions were indeed called on the two
   // service objects.
-  EXPECT_TRUE(Mock::VerifyAndClear(csd_service_.get()));
+  EXPECT_TRUE(Mock::VerifyAndClear(csd_host_.get()));
   EXPECT_TRUE(Mock::VerifyAndClear(ui_manager_.get()));
   EXPECT_EQ(url, resource.url);
   EXPECT_EQ(url, resource.original_url);
   resource.callback.Reset();
   msg = process()->sink().GetFirstMessageMatching(
       SafeBrowsingMsg_StartPhishingDetection::ID);
   ASSERT_FALSE(msg);
 }
 
+TEST_F(ClientSideDetectionHostTest, IsBadIpAddress) {
+  EXPECT_CALL(*database_manager_.get(), MatchMalwareIP("1.2.3.4"))
+      .WillOnce(Return(false));
+  EXPECT_FALSE(csd_host_->IsBadIpAddress("1.2.3.4"));
+  EXPECT_CALL(*database_manager_.get(), MatchMalwareIP("2.3.4.5"))
+      .WillOnce(Return(true));
+  EXPECT_TRUE(csd_host_->IsBadIpAddress("2.3.4.5"));
+}
+
 }  // namespace safe_browsing