IPC: a way for browsertests to simulate the appearance of a malicious IPC.

content/browser/security_exploit_browsertest.cc

Index: content/browser/security_exploit_browsertest.cc
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc
index 2a1be07b9a9a34189f0747fcc329d36c1bd19ec9..006a52ea1045fd58bed244ef003097ff779d5b1d 100644
--- a/content/browser/security_exploit_browsertest.cc
+++ b/content/browser/security_exploit_browsertest.cc
@@ -10,8 +10,11 @@
 #include "content/browser/renderer_host/render_view_host_factory.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/web_contents/web_contents_impl.h"
+#include "content/common/frame_messages.h"
 #include "content/common/view_messages.h"
 #include "content/public/browser/browser_context.h"
+#include "content/public/browser/interstitial_page.h"
+#include "content/public/browser/interstitial_page_delegate.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
@@ -19,6 +22,9 @@
 #include "content/public/test/content_browser_test_utils.h"
 #include "content/public/test/test_utils.h"
 #include "content/shell/browser/shell.h"
+#include "ipc/ipc_security_test_util.h"
+
+using IPC::IpcSecurityTestUtil;
 
 namespace content {
 
@@ -166,4 +172,57 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
   // If the above operation doesn't crash, the test has succeeded!
 }
 
+class SecurityExploitTestInterstitialPage : public InterstitialPageDelegate {
+ public:
+  explicit SecurityExploitTestInterstitialPage(WebContents* contents) {
+    InterstitialPage* interstitial = InterstitialPage::Create(
+        contents, false, contents->GetLastCommittedURL(), this);
+    interstitial->Show();
+  }
+
+  // InterstitialPageDelegate implementation.
+  void CommandReceived(const std::string& command) override {
+    last_command_ = command;
+  }
+
+  std::string GetHTMLContents() override {
+    return "<html><head><script>"
+           "window.domAutomationController.send(\"okay\");"
+           "</script></head>"
+           "<body>like a body wholly body</body></html>";
+  }
+
+  std::string last_command() { return last_command_; }
+
+ private:
+  std::string last_command_;
+  DISALLOW_COPY_AND_ASSIGN(SecurityExploitTestInterstitialPage);
+};
+
+// The interstitial should not be controllable by the underlying content.
+IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
+                       InterstitialCommandFromContentRenderer) {
+
+  // Start off with initial navigation, to allocate the process.
+  GURL foo("http://foo.com/files/simple_page.html");
+  NavigateToURL(shell(), foo);
+
+  // Install and show an interstitial page.
+  SecurityExploitTestInterstitialPage* interstitial =
+      new SecurityExploitTestInterstitialPage(shell()->web_contents());
+  ASSERT_EQ("", interstitial->last_command());
+
+  // Send an automation message from the current renderer. It should not
+  // be received by the interstitial.
+  content::RenderFrameHost* compromised_renderer =
+      shell()->web_contents()->GetMainFrame();
+  FrameHostMsg_DomOperationResponse evil(compromised_renderer->GetRoutingID(),
+                                         "evil", MSG_ROUTING_NONE);
+  IpcSecurityTestUtil::PwnMessageReceived(
+      compromised_renderer->GetProcess()->GetChannel(), evil);
+
+  ASSERT_EQ("", interstitial->last_command())
+      << "Interstitial should not be affected";
+}
+
 }  // namespace content