Report HTTPS links in MalwareDetails

chrome/browser/safe_browsing/malware_details_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 
 #include "base/bind.h"
 #include "base/pickle.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
@@ skipping 16 matching lines @@
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/disk_cache/disk_cache.h"
 #include "net/http/http_cache.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 
-static const char* kOriginalLandingURL = "http://www.originallandingpage.com/";
-static const char* kHttpsURL = "https://www.url.com/";
-static const char* kDOMChildURL = "http://www.domparent.com/";
-static const char* kDOMParentURL = "http://www.domchild.com/";
-static const char* kFirstRedirectURL = "http://redirectone.com/";
-static const char* kSecondRedirectURL = "http://redirecttwo.com/";
+// Mixture of HTTP and HTTPS.  No special treatment for HTTPS.
+static const char* kOriginalLandingURL =
+    "http://www.originallandingpage.com/with/path";
+static const char* kDOMChildURL = "https://www.domparent.com/with/path";
+static const char* kDOMParentURL = "https://www.domchild.com/with/path";
+static const char* kFirstRedirectURL = "http://redirectone.com/with/path";
+static const char* kSecondRedirectURL = "https://redirecttwo.com/with/path";
+static const char* kReferrerURL = "http://www.referrer.com/with/path";
 
-static const char* kMalwareURL = "http://www.malware.com/";
+static const char* kMalwareURL = "http://www.malware.com/with/path";
 static const char* kMalwareHeaders =
     "HTTP/1.1 200 OK\n"
     "Content-Type: image/jpeg\n";
 static const char* kMalwareData = "exploit();";
 
-static const char* kLandingURL = "http://www.landingpage.com/";
+static const char* kLandingURL = "http://www.landingpage.com/with/path";
 static const char* kLandingHeaders =
     "HTTP/1.1 200 OK\n"
     "Content-Type: text/html\n"
     "Content-Length: 1024\n"
     "Set-Cookie: tastycookie\n";  // This header is stripped.
-static const char* kLandingData = "<iframe src='http://www.malware.com'>";
+static const char* kLandingData =
+    "<iframe src='http://www.malware.com/with/path'>";
+
 
 using content::BrowserThread;
 using content::WebContents;
 using safe_browsing::ClientMalwareReportRequest;
 
 namespace {
 
 void WriteHeaders(disk_cache::Entry* entry, const std::string& headers) {
   net::HttpResponseInfo responseinfo;
   std::string raw_headers = net::HttpUtil::AssembleRawHeaders(
@@ skipping 57 matching lines @@
 // Lets us provide a MockURLRequestContext with an HTTP Cache we pre-populate.
 // Also exposes the constructor.
 class MalwareDetailsWrap : public MalwareDetails {
  public:
   MalwareDetailsWrap(
       SafeBrowsingUIManager* ui_manager,
       WebContents* web_contents,
       const SafeBrowsingUIManager::UnsafeResource& unsafe_resource,
       net::URLRequestContextGetter* request_context_getter)
       : MalwareDetails(ui_manager, web_contents, unsafe_resource) {
-
     request_context_getter_ = request_context_getter;
   }
 
  private:
   ~MalwareDetailsWrap() override {}
 };
 
 class MockSafeBrowsingUIManager : public SafeBrowsingUIManager {
  public:
   base::RunLoop* run_loop_;
@@ skipping 169 matching lines @@
         GURL(), *redirects, ui::PAGE_TRANSITION_TYPED,
         history::SOURCE_BROWSED, false);
   }
 
   scoped_refptr<MockSafeBrowsingUIManager> ui_manager_;
 };
 
 // Tests creating a simple malware report.
 TEST_F(MalwareDetailsTest, MalwareSubResource) {
   // Start a load.
-  controller().LoadURL(GURL(kLandingURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
+  controller().LoadURL(
+      GURL(kLandingURL),
+      content::Referrer(GURL(kReferrerURL), blink::WebReferrerPolicyDefault),
+      ui::PAGE_TRANSITION_TYPED, std::string());
 
   UnsafeResource resource;
   InitResource(&resource, true, GURL(kMalwareURL));
 
   scoped_refptr<MalwareDetailsWrap> report =
       new MalwareDetailsWrap(ui_manager_.get(), web_contents(), resource, NULL);
 
   std::string serialized = WaitForSerializedReport(report.get());
 
   ClientMalwareReportRequest actual;
   actual.ParseFromString(serialized);
 
   ClientMalwareReportRequest expected;
   expected.set_malware_url(kMalwareURL);
   expected.set_page_url(kLandingURL);
-  expected.set_referrer_url("");
+  // Note that the referrer policy is not actually enacted here, since that's
+  // done in Blink.
+  expected.set_referrer_url(kReferrerURL);
 
   ClientMalwareReportRequest::Resource* pb_resource = expected.add_resources();
   pb_resource->set_id(0);
   pb_resource->set_url(kLandingURL);
   pb_resource = expected.add_resources();
   pb_resource->set_id(1);
   pb_resource->set_url(kMalwareURL);
+  pb_resource = expected.add_resources();
+  pb_resource->set_id(2);
+  pb_resource->set_url(kReferrerURL);
 
   VerifyResults(actual, expected);
 }
 
 // Tests creating a simple malware report where the subresource has a
 // different original_url.
 TEST_F(MalwareDetailsTest, MalwareSubResourceWithOriginalUrl) {
   controller().LoadURL(GURL(kLandingURL), content::Referrer(),
                        ui::PAGE_TRANSITION_TYPED, std::string());
 
@@ skipping 18 matching lines @@
   pb_resource->set_id(0);
   pb_resource->set_url(kLandingURL);
 
   pb_resource = expected.add_resources();
   pb_resource->set_id(1);
   pb_resource->set_url(kOriginalLandingURL);
 
   pb_resource = expected.add_resources();
   pb_resource->set_id(2);
   pb_resource->set_url(kMalwareURL);
-  // The Resource for kMmalwareUrl should have the Resource for
+  // The Resource for kMalwareUrl should have the Resource for
   // kOriginalLandingURL (with id 1) as parent.
   pb_resource->set_parent_id(1);
 
   VerifyResults(actual, expected);
 }
 
 // Tests creating a malware report with data from the renderer.
 TEST_F(MalwareDetailsTest, MalwareDOMDetails) {
   controller().LoadURL(GURL(kLandingURL), content::Referrer(),
                        ui::PAGE_TRANSITION_TYPED, std::string());
@@ skipping 41 matching lines @@
 
   pb_resource = expected.add_resources();
   pb_resource->set_id(3);
   pb_resource->set_url(kDOMParentURL);
   pb_resource->add_child_ids(2);
   expected.set_complete(false);  // Since the cache was missing.
 
   VerifyResults(actual, expected);
 }
 
-// Verify that https:// urls are dropped.
-TEST_F(MalwareDetailsTest, NotPublicUrl) {
-  controller().LoadURL(GURL(kHttpsURL), content::Referrer(),
-                       ui::PAGE_TRANSITION_TYPED, std::string());
-  UnsafeResource resource;
-  InitResource(&resource, true, GURL(kMalwareURL));
-  scoped_refptr<MalwareDetailsWrap> report = new MalwareDetailsWrap(
-      ui_manager_.get(), web_contents(), resource, NULL);
-
-  std::string serialized = WaitForSerializedReport(report.get());
-  ClientMalwareReportRequest actual;
-  actual.ParseFromString(serialized);
-
-  ClientMalwareReportRequest expected;
-  expected.set_malware_url(kMalwareURL);  // No page_url
-  expected.set_referrer_url("");
-
-  ClientMalwareReportRequest::Resource* pb_resource = expected.add_resources();
-  pb_resource->set_url(kMalwareURL);  // Only one resource
-
-  VerifyResults(actual, expected);
-}
-
 // Tests creating a malware report where there are redirect urls to an unsafe
 // resource url
 TEST_F(MalwareDetailsTest, MalwareWithRedirectUrl) {
   controller().LoadURL(GURL(kLandingURL), content::Referrer(),
                        ui::PAGE_TRANSITION_TYPED, std::string());
 
   UnsafeResource resource;
   InitResource(&resource, true, GURL(kMalwareURL));
   resource.original_url = GURL(kOriginalLandingURL);
 
@@ skipping 84 matching lines @@
       pb_response->add_headers();
   pb_header->set_name("Content-Type");
   pb_header->set_value("text/html");
   pb_header = pb_response->add_headers();
   pb_header->set_name("Content-Length");
   pb_header->set_value("1024");
   pb_header = pb_response->add_headers();
   pb_header->set_name("Set-Cookie");
   pb_header->set_value("");  // The cookie is dropped.
   pb_response->set_body(kLandingData);
-  pb_response->set_bodylength(37);
-  pb_response->set_bodydigest("9ca97475598a79bc1e8fc9bd6c72cd35");
+  pb_response->set_bodylength(47);
+  pb_response->set_bodydigest("5abb4e63d806ec2c16a40b2699700554");
   pb_response->set_remote_ip("1.2.3.4:80");
 
   pb_resource = expected.add_resources();
   pb_resource->set_id(1);
   pb_resource->set_url(kMalwareURL);
   pb_response = pb_resource->mutable_response();
   pb_response->mutable_firstline()->set_code(200);
   pb_header = pb_response->add_headers();
   pb_header->set_name("Content-Type");
   pb_header->set_value("image/jpeg");
@@ skipping 95 matching lines @@
   pb_resource = expected.add_resources();
   pb_resource->set_id(2);
   pb_resource->set_parent_id(3);
   pb_resource->set_url(kSecondRedirectURL);
   pb_resource = expected.add_resources();
   pb_resource->set_id(3);
   pb_resource->set_url(kFirstRedirectURL);
 
   VerifyResults(actual, expected);
 }