Adding a new delayed analysis that verify binaries signature.

chrome/browser/safe_browsing/binary_integrity_analyzer_win_unittest.cc

Index: chrome/browser/safe_browsing/binary_integrity_analyzer_win_unittest.cc
diff --git a/chrome/browser/safe_browsing/binary_integrity_analyzer_win_unittest.cc b/chrome/browser/safe_browsing/binary_integrity_analyzer_win_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d8537defc80ce6a6aca1b1bfd5ee8cd709f9fcd7
--- /dev/null
+++ b/chrome/browser/safe_browsing/binary_integrity_analyzer_win_unittest.cc
@@ -0,0 +1,114 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/safe_browsing/binary_integrity_analyzer.h"
+
+#include "base/bind.h"
+#include "base/file_util.h"
+#include "base/files/scoped_temp_dir.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/path_service.h"
+#include "base/test/scoped_path_override.h"
+#include "chrome/common/chrome_paths.h"
+#include "chrome/common/safe_browsing/csd.pb.h"
+#include "testing/gmock/include/gmock/gmock.h"

[grt (UTC plus 2), 2014/08/08 02:23:05]

unused

[pmonette_google.com, 2014/08/08 15:05:42]

I'm actually using it for the ASSERT_THAT macro to compare the 2 vectors in the
GetCriticalBinariesPath test.

+#include "testing/gtest/include/gtest/gtest.h"
+#include "version.h"  // NOLINT
+
+namespace safe_browsing {
+
+namespace {
+
+const wchar_t kChromeDll[] = L"chrome.dll";
+const wchar_t kChromeElfDll[] = L"chrome_elf.dll";
+const wchar_t kChromeExe[] = L"chrome.exe";
+const wchar_t kSignedBinaryDll[] = L"signed_binary.dll";
+
+// Indicate if the AddIncidentCallback has been called.
+bool g_callback_called = false;

[grt (UTC plus 2), 2014/08/08 02:23:05]

please avoid the global:
- make this an instance variable of BinaryIntegrityAnalyzerWinTest (e.g.,
callback_called_)
- make MockAddIncidentCallback a member of that class (i prefer OnAddIncident,
but that's just my thing)
- bind the method with
base::Bind(&BinaryIntegrityAnalyzerWinTest::OnAddIncident,
base::Unretained(this))

[pmonette_google.com, 2014/08/08 15:05:42]

Done.

+
+// Helper function to erase the content of a binary to make sure the signature
+// verification will fail.
+bool EraseFileContent(const base::FilePath& file_path) {
+  FILE* file = base::OpenFile(file_path, "w");
+
+  if (file == NULL)
+    return false;
+
+  bool success = base::TruncateFile(file);
+  return base::CloseFile(file) && success;
+}
+
+// Mock the AddIncidentCallback so we can test that VerifyBinaryIntegrity
+// adds an incident callback when a signature verification fails.
+void MockAddIncidentCallback(scoped_ptr<ClientIncidentReport_IncidentData>) {
+  g_callback_called = true;
+}
+
+}  // namespace
+
+class BinaryIntegrityAnalyzerWinTest : public ::testing::Test {
+ protected:
+  BinaryIntegrityAnalyzerWinTest();
+
+  base::FilePath test_data_dir_;
+  base::ScopedTempDir temp_dir_;
+  scoped_ptr<base::ScopedPathOverride> exe_dir_override_;
+};
+
+BinaryIntegrityAnalyzerWinTest::BinaryIntegrityAnalyzerWinTest() {
+  temp_dir_.CreateUniqueTempDir();
+  base::CreateDirectory(temp_dir_.path().Append(TEXT(CHROME_VERSION_STRING)));
+
+  // We retrieve DIR_TEST_DATA here because it is based on DIR_EXE and we are
+  // about to override the path to the latter.
+  if (!PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir_))
+    NOTREACHED();
+
+  exe_dir_override_.reset(
+      new base::ScopedPathOverride(base::DIR_EXE, temp_dir_.path()));
+}
+
+TEST_F(BinaryIntegrityAnalyzerWinTest, GetCriticalBinariesPath) {
+  // Expected paths.
+  std::vector<base::FilePath> critical_binaries_path_expected;
+  critical_binaries_path_expected.push_back(
+      temp_dir_.path().Append(kChromeExe));
+  critical_binaries_path_expected.push_back(
+      temp_dir_.path().Append(TEXT(CHROME_VERSION_STRING)).Append(kChromeDll));
+  critical_binaries_path_expected.push_back(
+      temp_dir_.path().Append(TEXT(CHROME_VERSION_STRING)).Append(
+          kChromeElfDll));
+
+  std::vector<base::FilePath> critical_binaries_path =
+      GetCriticalBinariesPath();
+
+  ASSERT_THAT(critical_binaries_path,
+              ::testing::ContainerEq(critical_binaries_path_expected));
+}
+
+TEST_F(BinaryIntegrityAnalyzerWinTest, VerifyBinaryIntegrity) {
+  // Copy the signed dll to the temp exe directory.
+  base::FilePath signed_binary_path(test_data_dir_);
+  signed_binary_path =
+      signed_binary_path.Append(L"safe_browsing").Append(kSignedBinaryDll);
+
+  base::FilePath chrome_elf_path(temp_dir_.path());
+  chrome_elf_path =
+      chrome_elf_path.Append(TEXT(CHROME_VERSION_STRING)).Append(kChromeElfDll);
+
+  ASSERT_TRUE(base::CopyFile(signed_binary_path, chrome_elf_path));
+
+  AddIncidentCallback callback = base::Bind(&MockAddIncidentCallback);
+
+  VerifyBinaryIntegrity(callback);
+  ASSERT_FALSE(g_callback_called);
+
+  ASSERT_TRUE(EraseFileContent(chrome_elf_path));
+
+  VerifyBinaryIntegrity(callback);
+  ASSERT_TRUE(g_callback_called);

[grt (UTC plus 2), 2014/08/08 02:23:05]

could you test that the data made it into the proto? OnAddIncident could take
ownership of the incident into the test fixture, and then you could verify the
paths, or that the signature info is present or something (no need to delve into
the signature info itself since that is tested elsewhere.

[pmonette_google.com, 2014/08/08 15:05:42]

Done.

+}
+
+}  // namespace safe_browsing