Add support for goog-csdinclusionwhite-sha256 in SafeBrowsingDatabase.

chrome/browser/safe_browsing/safe_browsing_database_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Unit tests for the SafeBrowsing storage system.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
@@ skipping 260 matching lines @@
   }
 
   // Reloads the |database_| in a new SafeBrowsingDatabaseNew object with all
   // stores enabled.
   void ResetAndReloadFullDatabase() {
     SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* download_store = new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* csd_whitelist_store = new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* download_whitelist_store =
         new SafeBrowsingStoreFile();
+    SafeBrowsingStoreFile* inclusion_whitelist_store =
+        new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* extension_blacklist_store =
         new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* side_effect_free_whitelist_store =
         new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* ip_blacklist_store = new SafeBrowsingStoreFile();
     SafeBrowsingStoreFile* unwanted_software_store =
         new SafeBrowsingStoreFile();
     database_.reset(
         new SafeBrowsingDatabaseNew(browse_store,
                                     download_store,
                                     csd_whitelist_store,
                                     download_whitelist_store,
+                                    inclusion_whitelist_store,
                                     extension_blacklist_store,
                                     side_effect_free_whitelist_store,
                                     ip_blacklist_store,
                                     unwanted_software_store));
     database_->Init(database_filename_);
   }
 
   void GetListsInfo(std::vector<SBListChunkRanges>* lists) {
     lists->clear();
     ASSERT_TRUE(database_->UpdateStarted(lists));
@@ skipping 23 matching lines @@
 
   // Utility function for setting up the database for the caching test.
   void PopulateDatabaseForCacheTest();
 
   scoped_ptr<SafeBrowsingDatabaseNew> database_;
   base::FilePath database_filename_;
   base::ScopedTempDir temp_dir_;
 };
 
 // Tests retrieving list name information.
-TEST_F(SafeBrowsingDatabaseTest, ListNameForBrowse) {
+TEST_F(SafeBrowsingDatabaseTest, BrowseListsInfo) {
   std::vector<SBListChunkRanges> lists;
   ScopedVector<SBChunkData> chunks;
 
   chunks.push_back(AddChunkPrefixValue(1, "www.evil.com/malware.html"));
   chunks.push_back(AddChunkPrefixValue(2, "www.foo.com/malware.html"));
   chunks.push_back(AddChunkPrefixValue(3, "www.whatever.com/malware.html"));
 
   ASSERT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks.get());
   database_->UpdateFinished(true);
@@ skipping 41 matching lines @@
   GetListsInfo(&lists);
   ASSERT_LE(2U, lists.size());
   EXPECT_EQ(safe_browsing_util::kMalwareList, lists[0].name);
   EXPECT_EQ("1-3", lists[0].adds);
   EXPECT_EQ("7", lists[0].subs);
   EXPECT_EQ(safe_browsing_util::kPhishingList, lists[1].name);
   EXPECT_EQ("47", lists[1].adds);
   EXPECT_EQ("200-201", lists[1].subs);
 }
 
-TEST_F(SafeBrowsingDatabaseTest, ListNameForBrowseAndDownload) {
+TEST_F(SafeBrowsingDatabaseTest, ListNames) {
   ScopedVector<SBChunkData> chunks;
 
   std::vector<SBListChunkRanges> lists;
   ASSERT_TRUE(database_->UpdateStarted(&lists));
 
   // Insert malware, phish, binurl and bindownload add chunks.
   chunks.push_back(AddChunkPrefixValue(1, "www.evil.com/malware.html"));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks.get());
 
   chunks.clear();
   chunks.push_back(AddChunkPrefixValue(2, "www.foo.com/malware.html"));
   database_->InsertChunks(safe_browsing_util::kPhishingList, chunks.get());
 
   chunks.clear();
   chunks.push_back(AddChunkPrefixValue(3, "www.whatever.com/download.html"));
   database_->InsertChunks(safe_browsing_util::kBinUrlList, chunks.get());
 
   chunks.clear();
   chunks.push_back(AddChunkFullHashValue(5, "www.forwhitelist.com/a.html"));
   database_->InsertChunks(safe_browsing_util::kCsdWhiteList, chunks.get());
 
   chunks.clear();
   chunks.push_back(AddChunkFullHashValue(6, "www.download.com/"));
   database_->InsertChunks(safe_browsing_util::kDownloadWhiteList, chunks.get());
 
   chunks.clear();
+  chunks.push_back(AddChunkFullHashValue(7, "www.inclusion.com/"));
+  database_->InsertChunks(safe_browsing_util::kInclusionWhitelist,
+                          chunks.get());
+
+  chunks.clear();
   chunks.push_back(AddChunkFullHashValue(8,
                                          "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
                                          "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
   database_->InsertChunks(safe_browsing_util::kExtensionBlacklist,
                           chunks.get());
 
   chunks.clear();
-  chunks.push_back(AddChunkHashedIpValue(9, "::ffff:192.168.1.0", 120));
+  chunks.push_back(AddChunkFullHashValue(9, "www.sideeffectfree.com"));
+  database_->InsertChunks(safe_browsing_util::kSideEffectFreeWhitelist,
+                          chunks.get());
+
+  chunks.clear();
+  chunks.push_back(AddChunkHashedIpValue(10, "::ffff:192.168.1.0", 120));
   database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks.get());
 
   chunks.clear();
-  chunks.push_back(AddChunkPrefixValue(10, "www.unwanted.com/software.html"));
+  chunks.push_back(AddChunkPrefixValue(11, "www.unwanted.com/software.html"));
   database_->InsertChunks(safe_browsing_util::kUnwantedUrlList, chunks.get());
 
   database_->UpdateFinished(true);
 
   GetListsInfo(&lists);
-  ASSERT_EQ(9U, lists.size());
+  ASSERT_EQ(10U, lists.size());
   EXPECT_EQ(safe_browsing_util::kMalwareList, lists[0].name);
   EXPECT_EQ("1", lists[0].adds);
   EXPECT_TRUE(lists[0].subs.empty());
   EXPECT_EQ(safe_browsing_util::kPhishingList, lists[1].name);
   EXPECT_EQ("2", lists[1].adds);
   EXPECT_TRUE(lists[1].subs.empty());
   EXPECT_EQ(safe_browsing_util::kBinUrlList, lists[2].name);
   EXPECT_EQ("3", lists[2].adds);
   EXPECT_TRUE(lists[2].subs.empty());
   EXPECT_EQ(safe_browsing_util::kCsdWhiteList, lists[3].name);
   EXPECT_EQ("5", lists[3].adds);
   EXPECT_TRUE(lists[3].subs.empty());
   EXPECT_EQ(safe_browsing_util::kDownloadWhiteList, lists[4].name);
   EXPECT_EQ("6", lists[4].adds);
   EXPECT_TRUE(lists[4].subs.empty());
-  EXPECT_EQ(safe_browsing_util::kExtensionBlacklist, lists[5].name);
-  EXPECT_EQ("8", lists[5].adds);
+  EXPECT_EQ(safe_browsing_util::kInclusionWhitelist, lists[5].name);
+  EXPECT_EQ("7", lists[5].adds);
   EXPECT_TRUE(lists[5].subs.empty());
-  EXPECT_EQ(safe_browsing_util::kIPBlacklist, lists[7].name);
+  EXPECT_EQ(safe_browsing_util::kExtensionBlacklist, lists[6].name);
+  EXPECT_EQ("8", lists[6].adds);
+  EXPECT_TRUE(lists[6].subs.empty());
+  EXPECT_EQ(safe_browsing_util::kSideEffectFreeWhitelist, lists[7].name);
   EXPECT_EQ("9", lists[7].adds);
   EXPECT_TRUE(lists[7].subs.empty());
-  EXPECT_EQ(safe_browsing_util::kUnwantedUrlList, lists[8].name);
+  EXPECT_EQ(safe_browsing_util::kIPBlacklist, lists[8].name);
   EXPECT_EQ("10", lists[8].adds);
   EXPECT_TRUE(lists[8].subs.empty());
+  EXPECT_EQ(safe_browsing_util::kUnwantedUrlList, lists[9].name);
+  EXPECT_EQ("11", lists[9].adds);
+  EXPECT_TRUE(lists[9].subs.empty());
 
   database_.reset();
 }
 
 // Checks database reading and writing for browse and unwanted PrefixSets.
 TEST_F(SafeBrowsingDatabaseTest, BrowseAndUnwantedDatabasesAndPrefixSets) {
   struct TestCase {
     using TestListContainsBadUrl = bool (SafeBrowsingDatabase::*)(
         const GURL& url,
         std::vector<SBPrefix>* prefix_hits,
         std::vector<SBFullHashResult>* cache_hits);
 
     const char* test_list_name;
     size_t expected_list_index;
     TestListContainsBadUrl test_list_contains_bad_url;
   } const kTestCases[] {
     { safe_browsing_util::kMalwareList, 0U,
       &SafeBrowsingDatabase::ContainsBrowseUrl },
     { safe_browsing_util::kPhishingList, 1U,
       &SafeBrowsingDatabase::ContainsBrowseUrl },
-    { safe_browsing_util::kUnwantedUrlList, 8U,
+    { safe_browsing_util::kUnwantedUrlList, 9U,
       &SafeBrowsingDatabase::ContainsUnwantedSoftwareUrl },
   };
 
   for (const auto& test_case : kTestCases) {
     SCOPED_TRACE(std::string("Tested list at fault => ") +
                  test_case.test_list_name);
 
     std::vector<SBListChunkRanges> lists;
     ScopedVector<SBChunkData> chunks;
 
@@ skipping 593 matching lines @@
 // TODO(shess): Disabled until ScopedLogMessageIgnorer resolved.
 // http://crbug.com/56448
 TEST_F(SafeBrowsingDatabaseTest, DISABLED_FileCorruptionHandling) {
   // Re-create the database in a captive message loop so that we can
   // influence task-posting.  Database specifically needs to the
   // file-backed.
   database_.reset();
   base::MessageLoop loop;
   SafeBrowsingStoreFile* store = new SafeBrowsingStoreFile();
   database_.reset(new SafeBrowsingDatabaseNew(store, NULL, NULL, NULL, NULL,
-                                              NULL, NULL, NULL));
+                                              NULL, NULL, NULL, NULL));
   database_->Init(database_filename_);
 
   // This will cause an empty database to be created.
   std::vector<SBListChunkRanges> lists;
   ASSERT_TRUE(database_->UpdateStarted(&lists));
   database_->UpdateFinished(true);
 
   // Create a sub chunk to insert.
   ScopedVector<SBChunkData> chunks;
   chunks.push_back(SubChunkPrefixValue(7,
@@ skipping 122 matching lines @@
   urls.push_back(GURL(std::string("https://") + kEvil1Url2));
   EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits));
   ASSERT_EQ(2U, prefix_hits.size());
   EXPECT_EQ(SBPrefixForString(kEvil1Url1), prefix_hits[0]);
   EXPECT_EQ(SBPrefixForString(kEvil1Url2), prefix_hits[1]);
   database_.reset();
 }
 
 // Checks that the whitelists are handled properly.
 TEST_F(SafeBrowsingDatabaseTest, Whitelists) {
+  struct TestCase {
+    using TestListContainsWhitelistedUrl =
+        bool (SafeBrowsingDatabase::*)(const GURL& url);
+    using TestListContainsWhitelistedString =
+        bool (SafeBrowsingDatabase::*)(const std::string& str);
+
+    // Returns true if strings should be tested in this test case (i.e.
+    // |test_list_contains_whitelisted_string| is not null).
+    bool TestStrings() const {
+      return test_list_contains_whitelisted_string != nullptr;
+    }
+
+    const char* test_list_name;
+    TestListContainsWhitelistedUrl test_list_contains_whitelisted_url;
+    // Optional test case field, if set the tested whitelist will also be tested
+    // for strings.
+    TestListContainsWhitelistedString test_list_contains_whitelisted_string;
+  } const kTestCases[]{
+      {safe_browsing_util::kCsdWhiteList,
+       &SafeBrowsingDatabase::ContainsCsdWhitelistedUrl,
+       nullptr},
+      {safe_browsing_util::kDownloadWhiteList,
+       &SafeBrowsingDatabase::ContainsDownloadWhitelistedUrl,
+       &SafeBrowsingDatabase::ContainsDownloadWhitelistedString},
+      {safe_browsing_util::kInclusionWhitelist,
+       &SafeBrowsingDatabase::ContainsInclusionWhitelistedUrl,
+       nullptr},
+  };
+
   // If the whitelist is disabled everything should match the whitelist.
-  database_.reset(new SafeBrowsingDatabaseNew(new SafeBrowsingStoreFile(),
+  database_.reset(new SafeBrowsingDatabaseNew(new SafeBrowsingStoreFile(), NULL,
                                               NULL, NULL, NULL, NULL, NULL,
                                               NULL, NULL));
   database_->Init(database_filename_);
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.phishing.com/"))));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.phishing.com/"))));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedString("asdf"));
-
+  for (const auto& test_case : kTestCases) {
+    SCOPED_TRACE(std::string("Tested list at fault => ") +
+                 test_case.test_list_name);
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.phishing.com/"))));
+    if (test_case.TestStrings()) {
+      EXPECT_TRUE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              "asdf"));
+    }
+  }
   ResetAndReloadFullDatabase();
 
-  const char kGood1Host[] = "www.good1.com/";
-  const char kGood1Url1[] = "www.good1.com/a/b.html";
-  const char kGood1Url2[] = "www.good1.com/b/";
-
-  const char kGood2Url1[] = "www.good2.com/c";  // Should match '/c/bla'.
-
-  // good3.com/a/b/c/d/e/f/g/ should match because it's a whitelist.
-  const char kGood3Url1[] = "good3.com/";
-
-  const char kGoodString[] = "good_string";
-
-  ScopedVector<SBChunkData> csd_chunks;
-  ScopedVector<SBChunkData> download_chunks;
-
-  // Add two simple chunks to the csd whitelist.
-  csd_chunks.push_back(AddChunkFullHash2Value(1, kGood1Url1, kGood1Url2));
-  csd_chunks.push_back(AddChunkFullHashValue(2, kGood2Url1));
-  download_chunks.push_back(AddChunkFullHashValue(2, kGood2Url1));
-  download_chunks.push_back(AddChunkFullHashValue(3, kGoodString));
-  download_chunks.push_back(AddChunkFullHashValue(4, kGood3Url1));
-
-  std::vector<SBListChunkRanges> lists;
-  ASSERT_TRUE(database_->UpdateStarted(&lists));
-  database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks.get());
-  database_->InsertChunks(safe_browsing_util::kDownloadWhiteList,
-                          download_chunks.get());
-  database_->UpdateFinished(true);
-
-  EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood1Host)));
-
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood1Url1)));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood1Url1 + "?a=b")));
-
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood1Url2)));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood1Url2 + "/c.html")));
-
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("https://") + kGood1Url2 + "/c.html")));
-
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c")));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c?bla")));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c/bla")));
-
-  EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c")));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c?bla")));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://") + kGood2Url1 + "/c/bla")));
-
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://good3.com/a/b/c/d/e/f/g/"))));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://a.b.good3.com/"))));
-
-  EXPECT_FALSE(database_->ContainsDownloadWhitelistedString("asdf"));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString));
-
-  EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-
-  // The CSD whitelist killswitch is not present.
-  EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
-
-  // Test only add the malware IP killswitch
-  csd_chunks.clear();
-  csd_chunks.push_back(AddChunkFullHashValue(
-      15, "sb-ssl.google.com/safebrowsing/csd/killswitch_malware"));
-
-  ASSERT_TRUE(database_->UpdateStarted(&lists));
-  database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks.get());
-  database_->UpdateFinished(true);
-
-  EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn());
-  // The CSD whitelist killswitch is not present.
-  EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
-
-  // Test that the kill-switch works as intended.
-  csd_chunks.clear();
-  download_chunks.clear();
-  lists.clear();
-  csd_chunks.push_back(AddChunkFullHashValue(
-      5, "sb-ssl.google.com/safebrowsing/csd/killswitch"));
-  download_chunks.push_back(AddChunkFullHashValue(
-      5, "sb-ssl.google.com/safebrowsing/csd/killswitch"));
-
-  ASSERT_TRUE(database_->UpdateStarted(&lists));
-  database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks.get());
-  database_->InsertChunks(safe_browsing_util::kDownloadWhiteList,
-                          download_chunks.get());
-  database_->UpdateFinished(true);
-
-  // The CSD whitelist killswitch is present.
-  EXPECT_TRUE(database_->IsCsdWhitelistKillSwitchOn());
-  EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn());
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("https://") + kGood1Url2 + "/c.html")));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://www.phishing_url.com/"))));
-
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("https://") + kGood1Url2 + "/c.html")));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.phishing_url.com/"))));
-
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedString("asdf"));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString));
-
-  // Remove the kill-switch and verify that we can recover.
-  csd_chunks.clear();
-  download_chunks.clear();
-  lists.clear();
-  csd_chunks.push_back(SubChunkFullHashValue(
-      1, "sb-ssl.google.com/safebrowsing/csd/killswitch", 5));
-  csd_chunks.push_back(SubChunkFullHashValue(
-      10, "sb-ssl.google.com/safebrowsing/csd/killswitch_malware", 15));
-  download_chunks.push_back(SubChunkFullHashValue(
-      1, "sb-ssl.google.com/safebrowsing/csd/killswitch", 5));
-
-  ASSERT_TRUE(database_->UpdateStarted(&lists));
-  database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks.get());
-  database_->InsertChunks(safe_browsing_util::kDownloadWhiteList,
-                          download_chunks.get());
-  database_->UpdateFinished(true);
-
-  EXPECT_FALSE(database_->IsMalwareIPMatchKillSwitchOn());
-  EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("https://") + kGood1Url2 + "/c.html")));
-  EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("https://") + kGood2Url1 + "/c/bla")));
-  EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-  EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl(
-      GURL(std::string("http://www.phishing_url.com/"))));
-
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("https://") + kGood2Url1 + "/c/bla")));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("https://good3.com/"))));
-  EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString));
-  EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.google.com/"))));
-  EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl(
-      GURL(std::string("http://www.phishing_url.com/"))));
-  EXPECT_FALSE(database_->ContainsDownloadWhitelistedString("asdf"));
-
-  database_.reset();
+  // Now test every whitelist one-by-one; intentionally not resetting the
+  // database in-between to further stress potential inter-dependencies.
+  for (const auto& test_case : kTestCases) {
+    SCOPED_TRACE(std::string("Tested list at fault => ") +
+                 test_case.test_list_name);
+
+    const char kGood1Host[] = "www.good1.com/";
+    const char kGood1Url1[] = "www.good1.com/a/b.html";
+    const char kGood1Url2[] = "www.good1.com/b/";
+
+    const char kGood2Url1[] = "www.good2.com/c";  // Should match '/c/bla'.
+
+    // good3.com/a/b/c/d/e/f/g/ should match because it's a whitelist.
+    const char kGood3Url1[] = "good3.com/";
+
+    const char kGoodString[] = "good_string";
+
+    // Nothing should be whitelisted before the database receives the chunks.
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Host)));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url1)));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url2)));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood2Url1)));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood3Url1)));
+    if (test_case.TestStrings()) {
+      EXPECT_FALSE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              kGoodString));
+    }
+
+    ScopedVector<SBChunkData> chunks;
+
+    // Add two simple chunks to the csd whitelist.

[mattm, 2015/01/08 22:07:27]

this is more than two chunks :)

[gab, 2015/01/09 13:51:30]

:-), updated comment.

+    chunks.push_back(AddChunkFullHash2Value(1, kGood1Url1, kGood1Url2));
+    chunks.push_back(AddChunkFullHashValue(2, kGood2Url1));
+    if (test_case.TestStrings())
+      chunks.push_back(AddChunkFullHashValue(3, kGoodString));
+    chunks.push_back(AddChunkFullHashValue(4, kGood3Url1));
+
+    std::vector<SBListChunkRanges> lists;
+    ASSERT_TRUE(database_->UpdateStarted(&lists));
+    database_->InsertChunks(test_case.test_list_name, chunks.get());
+    database_->UpdateFinished(true);
+
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Host)));
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url1)));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url1 + "?a=b")));
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url2)));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood1Url2 + "/c.html")));
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("https://") + kGood1Url2 + "/c.html")));
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood2Url1 + "/c")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood2Url1 + "/c?bla")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood2Url1 + "/c/bla")));
+
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.google.com/"))));
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://") + kGood3Url1 + "a/b/c/d/e/f/g/")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://a.b.") + kGood3Url1)));
+
+    if (test_case.TestStrings()) {
+      EXPECT_FALSE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              "asdf"));
+      EXPECT_TRUE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              kGoodString));
+    }
+
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.google.com/"))));
+
+    // The malware kill switch is for the CSD whitelist only.
+    if (test_case.test_list_name == safe_browsing_util::kCsdWhiteList) {
+      // The CSD whitelist killswitch is not present.
+      EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
+
+      // Test only add the malware IP killswitch
+      chunks.clear();
+      chunks.push_back(AddChunkFullHashValue(
+          15, "sb-ssl.google.com/safebrowsing/csd/killswitch_malware"));
+
+      ASSERT_TRUE(database_->UpdateStarted(&lists));
+      database_->InsertChunks(safe_browsing_util::kCsdWhiteList, chunks.get());
+      database_->UpdateFinished(true);
+
+      EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn());
+      // The CSD whitelist killswitch is not present.
+      EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
+    }
+
+    // Test that the generic whitelist kill-switch works as intended.
+    chunks.clear();
+    lists.clear();
+    chunks.push_back(AddChunkFullHashValue(
+        5, "sb-ssl.google.com/safebrowsing/csd/killswitch"));
+
+    ASSERT_TRUE(database_->UpdateStarted(&lists));
+    database_->InsertChunks(test_case.test_list_name, chunks.get());
+    database_->UpdateFinished(true);
+
+    // Test CSD whitelist specific methods.
+    if (test_case.test_list_name == safe_browsing_util::kCsdWhiteList) {
+      // The CSD whitelist killswitch is present.
+      EXPECT_TRUE(database_->IsCsdWhitelistKillSwitchOn());
+      EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn());
+    }
+
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("https://") + kGood1Url2 + "/c.html")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.google.com/"))));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.phishing_url.com/"))));
+
+    if (test_case.TestStrings()) {
+      EXPECT_TRUE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              "asdf"));
+      EXPECT_TRUE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              kGoodString));
+    }
+
+    // Remove the kill-switch and verify that we can recover.
+    chunks.clear();
+    lists.clear();
+    chunks.push_back(SubChunkFullHashValue(
+        1, "sb-ssl.google.com/safebrowsing/csd/killswitch", 5));
+    if (test_case.test_list_name == safe_browsing_util::kCsdWhiteList) {
+      chunks.push_back(SubChunkFullHashValue(
+          10, "sb-ssl.google.com/safebrowsing/csd/killswitch_malware", 15));
+    }
+
+    ASSERT_TRUE(database_->UpdateStarted(&lists));
+    database_->InsertChunks(test_case.test_list_name, chunks.get());
+    database_->UpdateFinished(true);
+
+    if (test_case.test_list_name == safe_browsing_util::kCsdWhiteList) {
+      EXPECT_FALSE(database_->IsMalwareIPMatchKillSwitchOn());
+      EXPECT_FALSE(database_->IsCsdWhitelistKillSwitchOn());
+    }
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("https://") + kGood1Url2 + "/c.html")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("https://") + kGood2Url1 + "/c/bla")));
+    EXPECT_TRUE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("https://") + kGood3Url1)));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.google.com/"))));
+    EXPECT_FALSE(
+        (database_.get()->*test_case.test_list_contains_whitelisted_url)(
+            GURL(std::string("http://www.phishing_url.com/"))));
+    if (test_case.TestStrings()) {
+      EXPECT_TRUE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              kGoodString));
+      EXPECT_FALSE(
+          (database_.get()->*test_case.test_list_contains_whitelisted_string)(
+              "asdf"));
+    }
+  }
 }
 
 // Test to make sure we could insert chunk list that
 // contains entries for the same host.
 TEST_F(SafeBrowsingDatabaseTest, SameHostEntriesOkay) {
   ScopedVector<SBChunkData> chunks;
 
   // Add a malware add chunk with two entries of the same host.
   chunks.push_back(AddChunkPrefix2Value(1,
                                         "www.evil.com/malware1.html",
@@ skipping 705 matching lines @@
       GURL(std::string("http://") + kExampleCollision),
       &prefix_hits, &cache_hits));
   ASSERT_EQ(1U, prefix_hits.size());
   EXPECT_EQ(SBPrefixForString(kExampleCollision), prefix_hits[0]);
   EXPECT_TRUE(cache_hits.empty());
 
   // This prefix collides, but no full hash match.
   EXPECT_FALSE(database_->ContainsBrowseUrl(
       GURL(std::string("http://") + kExampleFine), &prefix_hits, &cache_hits));
 }