Google Git
Sign in
chromium / chromium / src / 1ca09ca22c714b67a7d2be4070686065f47fd9d7 / . / chrome / browser / safe_browsing / ui_manager_unittest.cc
blob: 9d08f6bfddc4d5a9db0b3bd07d6d822358d8e550 [file] [log] [blame]
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]1// Copyright 2015 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
dcheng7bacc0e2016-04-11 20:10:54[diff] [blame]5#include "chrome/browser/safe_browsing/ui_manager.h"
6
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]7#include "base/run_loop.h"
dalecurtis6c58ed02016-10-28 23:02:37[diff] [blame]8#include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]9#include "chrome/browser/safe_browsing/safe_browsing_service.h"
scottmg22e4f25a2016-08-15 21:09:03[diff] [blame]10#include "chrome/browser/safe_browsing/ui_manager.h"
feltfb118572015-08-18 05:22:01[diff] [blame]11#include "chrome/test/base/chrome_render_view_host_test_harness.h"
12#include "chrome/test/base/testing_profile.h"
dalecurtis6c58ed02016-10-28 23:02:37[diff] [blame]13#include "components/safe_browsing_db/safe_browsing_prefs.h"
vakhfa183fa2016-03-29 17:33:37[diff] [blame]14#include "components/safe_browsing_db/util.h"
estark1ca09ca2016-11-01 04:04:12[diff] [blame^]15#include "content/public/browser/navigation_entry.h"
feltfb118572015-08-18 05:22:01[diff] [blame]16#include "content/public/browser/render_process_host.h"
17#include "content/public/browser/render_view_host.h"
18#include "content/public/browser/web_contents.h"
dalecurtis6c58ed02016-10-28 23:02:37[diff] [blame]19#include "content/public/browser/web_contents_delegate.h"
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]20#include "content/public/test/test_browser_thread_bundle.h"
feltfb118572015-08-18 05:22:01[diff] [blame]21#include "content/public/test/web_contents_tester.h"
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]22#include "testing/gtest/include/gtest/gtest.h"
23#include "url/gurl.h"
24
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]25using content::BrowserThread;
26
feltfb118572015-08-18 05:22:01[diff] [blame]27static const char* kGoodURL = "https://www.good.com";
28static const char* kBadURL = "https://www.malware.com";
29static const char* kBadURLWithPath = "https://www.malware.com/index.html";
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]30static const char* kAnotherBadURL = "https://www.badware.com";
31static const char* kLandingURL = "https://www.landing.com";
feltfb118572015-08-18 05:22:01[diff] [blame]32
vakh9a474d832015-11-13 01:43:09[diff] [blame]33namespace safe_browsing {
34
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]35class SafeBrowsingCallbackWaiter {
36 public:
37 SafeBrowsingCallbackWaiter() {}
38
39 bool callback_called() const { return callback_called_; }
40 bool proceed() const { return proceed_; }
41
42 void OnBlockingPageDone(bool proceed) {
43 DCHECK_CURRENTLY_ON(BrowserThread::UI);
44 callback_called_ = true;
45 proceed_ = proceed;
46 loop_.Quit();
47 }
48
49 void OnBlockingPageDoneOnIO(bool proceed) {
50 DCHECK_CURRENTLY_ON(BrowserThread::IO);
51 BrowserThread::PostTask(
52 BrowserThread::UI, FROM_HERE,
53 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDone,
54 base::Unretained(this), proceed));
55 }
56
57 void WaitForCallback() {
58 DCHECK_CURRENTLY_ON(BrowserThread::UI);
59 loop_.Run();
60 }
61
62 private:
63 bool callback_called_ = false;
64 bool proceed_ = false;
65 base::RunLoop loop_;
66};
67
feltfb118572015-08-18 05:22:01[diff] [blame]68class SafeBrowsingUIManagerTest : public ChromeRenderViewHostTestHarness {
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]69 public:
70 SafeBrowsingUIManagerTest() : ui_manager_(new SafeBrowsingUIManager(NULL)) {}
feltfb118572015-08-18 05:22:01[diff] [blame]71
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]72 ~SafeBrowsingUIManagerTest() override{};
73
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]74 void SetUp() override {
75 SetThreadBundleOptions(content::TestBrowserThreadBundle::REAL_IO_THREAD);
76 ChromeRenderViewHostTestHarness::SetUp();
estark1ca09ca2016-11-01 04:04:12[diff] [blame^]77 SafeBrowsingUIManager::CreateWhitelistForTesting(web_contents());
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]78 }
feltfb118572015-08-18 05:22:01[diff] [blame]79
80 void TearDown() override { ChromeRenderViewHostTestHarness::TearDown(); }
81
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]82 bool IsWhitelisted(SafeBrowsingUIManager::UnsafeResource resource) {
83 return ui_manager_->IsWhitelisted(resource);
84 }
85
86 void AddToWhitelist(SafeBrowsingUIManager::UnsafeResource resource) {
estark1ca09ca2016-11-01 04:04:12[diff] [blame^]87 ui_manager_->AddToWhitelistUrlSet(
88 SafeBrowsingUIManager::GetMainFrameWhitelistUrlForResourceForTesting(
89 resource),
90 web_contents(), false);
feltfb118572015-08-18 05:22:01[diff] [blame]91 }
92
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]93 SafeBrowsingUIManager::UnsafeResource MakeUnsafeResource(
94 const char* url,
95 bool is_subresource) {
feltfb118572015-08-18 05:22:01[diff] [blame]96 SafeBrowsingUIManager::UnsafeResource resource;
97 resource.url = GURL(url);
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]98 resource.is_subresource = is_subresource;
scottmg22e4f25a2016-08-15 21:09:03[diff] [blame]99 resource.web_contents_getter =
100 SafeBrowsingUIManager::UnsafeResource::GetWebContentsGetter(
101 web_contents()->GetRenderProcessHost()->GetID(),
102 web_contents()->GetMainFrame()->GetRoutingID());
feltfb118572015-08-18 05:22:01[diff] [blame]103 resource.threat_type = SB_THREAT_TYPE_URL_MALWARE;
104 return resource;
105 }
106
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]107 SafeBrowsingUIManager::UnsafeResource MakeUnsafeResourceAndStartNavigation(
feltfb118572015-08-18 05:22:01[diff] [blame]108 const char* url) {
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]109 SafeBrowsingUIManager::UnsafeResource resource =
110 MakeUnsafeResource(url, false /* is_subresource */);
feltfb118572015-08-18 05:22:01[diff] [blame]111
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]112 // The WC doesn't have a URL without a navigation. A main-frame malware
113 // unsafe resource must be a pending navigation.
114 content::WebContentsTester::For(web_contents())->StartNavigation(GURL(url));
feltfb118572015-08-18 05:22:01[diff] [blame]115 return resource;
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]116 }
117
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]118 void SimulateBlockingPageDone(
119 const std::vector<SafeBrowsingUIManager::UnsafeResource>& resources,
120 bool proceed) {
estark1ca09ca2016-11-01 04:04:12[diff] [blame^]121 GURL main_frame_url;
122 content::NavigationEntry* entry =
123 web_contents()->GetController().GetVisibleEntry();
124 if (entry)
125 main_frame_url = entry->GetURL();
126
127 ui_manager_->OnBlockingPageDone(resources, proceed, web_contents(),
128 main_frame_url);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]129 }
130
dalecurtis6c58ed02016-10-28 23:02:37[diff] [blame]131 protected:
132 SafeBrowsingUIManager* ui_manager() { return ui_manager_.get(); }
133
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]134 private:
135 scoped_refptr<SafeBrowsingUIManager> ui_manager_;
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]136};
137
138TEST_F(SafeBrowsingUIManagerTest, Whitelist) {
feltfb118572015-08-18 05:22:01[diff] [blame]139 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]140 MakeUnsafeResourceAndStartNavigation(kBadURL);
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]141 AddToWhitelist(resource);
142 EXPECT_TRUE(IsWhitelisted(resource));
143}
144
feltfb118572015-08-18 05:22:01[diff] [blame]145TEST_F(SafeBrowsingUIManagerTest, WhitelistIgnoresSitesNotAdded) {
146 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]147 MakeUnsafeResourceAndStartNavigation(kGoodURL);
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]148 EXPECT_FALSE(IsWhitelisted(resource));
feltfb118572015-08-18 05:22:01[diff] [blame]149}
150
151TEST_F(SafeBrowsingUIManagerTest, WhitelistIgnoresPath) {
152 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]153 MakeUnsafeResourceAndStartNavigation(kBadURL);
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]154 AddToWhitelist(resource);
155 EXPECT_TRUE(IsWhitelisted(resource));
feltfb118572015-08-18 05:22:01[diff] [blame]156
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]157 content::WebContentsTester::For(web_contents())->CommitPendingNavigation();
158
feltfb118572015-08-18 05:22:01[diff] [blame]159 SafeBrowsingUIManager::UnsafeResource resource_path =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]160 MakeUnsafeResourceAndStartNavigation(kBadURLWithPath);
feltfb118572015-08-18 05:22:01[diff] [blame]161 EXPECT_TRUE(IsWhitelisted(resource_path));
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]162}
163
feltfb118572015-08-18 05:22:01[diff] [blame]164TEST_F(SafeBrowsingUIManagerTest, WhitelistIgnoresThreatType) {
165 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]166 MakeUnsafeResourceAndStartNavigation(kBadURL);
feltfb118572015-08-18 05:22:01[diff] [blame]167 AddToWhitelist(resource);
168 EXPECT_TRUE(IsWhitelisted(resource));
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]169
feltfb118572015-08-18 05:22:01[diff] [blame]170 SafeBrowsingUIManager::UnsafeResource resource_phishing =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]171 MakeUnsafeResource(kBadURL, false /* is_subresource */);
feltfb118572015-08-18 05:22:01[diff] [blame]172 resource_phishing.threat_type = SB_THREAT_TYPE_URL_PHISHING;
173 EXPECT_TRUE(IsWhitelisted(resource_phishing));
feltbc2eda2d2015-06-23 02:06:03[diff] [blame]174}
175
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]176TEST_F(SafeBrowsingUIManagerTest, WhitelistWithUnrelatedPendingLoad) {
177 // Commit load of landing page.
178 NavigateAndCommit(GURL(kLandingURL));
179 {
180 // Simulate subresource malware hit on the landing page.
181 SafeBrowsingUIManager::UnsafeResource resource =
182 MakeUnsafeResource(kBadURL, true /* is_subresource */);
183
184 // Start pending load to unrelated site.
185 content::WebContentsTester::For(web_contents())
186 ->StartNavigation(GURL(kGoodURL));
187
188 // Whitelist the resource on the landing page.
189 AddToWhitelist(resource);
190 EXPECT_TRUE(IsWhitelisted(resource));
191 }
192
193 // Commit the pending load of unrelated site.
194 content::WebContentsTester::For(web_contents())->CommitPendingNavigation();
195 {
196 // The unrelated site is not on the whitelist, even if the same subresource
197 // was on it.
198 SafeBrowsingUIManager::UnsafeResource resource =
199 MakeUnsafeResource(kBadURL, true /* is_subresource */);
200 EXPECT_FALSE(IsWhitelisted(resource));
201 }
202
203 // Navigate back to the original landing url.
204 NavigateAndCommit(GURL(kLandingURL));
205 {
206 SafeBrowsingUIManager::UnsafeResource resource =
207 MakeUnsafeResource(kBadURL, true /* is_subresource */);
208 // Original resource url is whitelisted.
209 EXPECT_TRUE(IsWhitelisted(resource));
210 }
211 {
212 // A different malware subresource on the same page is also whitelisted.
213 // (The whitelist is by the page url, not the resource url.)
214 SafeBrowsingUIManager::UnsafeResource resource2 =
215 MakeUnsafeResource(kAnotherBadURL, true /* is_subresource */);
216 EXPECT_TRUE(IsWhitelisted(resource2));
217 }
218}
219
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]220TEST_F(SafeBrowsingUIManagerTest, UICallbackProceed) {
221 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]222 MakeUnsafeResourceAndStartNavigation(kBadURL);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]223 SafeBrowsingCallbackWaiter waiter;
224 resource.callback =
225 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDone,
226 base::Unretained(&waiter));
227 resource.callback_thread =
thestig529ad8a2016-07-08 20:30:12[diff] [blame]228 BrowserThread::GetTaskRunnerForThread(BrowserThread::UI);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]229 std::vector<SafeBrowsingUIManager::UnsafeResource> resources;
230 resources.push_back(resource);
231 SimulateBlockingPageDone(resources, true);
232 EXPECT_TRUE(IsWhitelisted(resource));
233 waiter.WaitForCallback();
234 EXPECT_TRUE(waiter.callback_called());
235 EXPECT_TRUE(waiter.proceed());
236}
237
238TEST_F(SafeBrowsingUIManagerTest, UICallbackDontProceed) {
239 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]240 MakeUnsafeResourceAndStartNavigation(kBadURL);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]241 SafeBrowsingCallbackWaiter waiter;
242 resource.callback =
243 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDone,
244 base::Unretained(&waiter));
245 resource.callback_thread =
thestig529ad8a2016-07-08 20:30:12[diff] [blame]246 BrowserThread::GetTaskRunnerForThread(BrowserThread::UI);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]247 std::vector<SafeBrowsingUIManager::UnsafeResource> resources;
248 resources.push_back(resource);
249 SimulateBlockingPageDone(resources, false);
250 EXPECT_FALSE(IsWhitelisted(resource));
251 waiter.WaitForCallback();
252 EXPECT_TRUE(waiter.callback_called());
253 EXPECT_FALSE(waiter.proceed());
254}
255
256TEST_F(SafeBrowsingUIManagerTest, IOCallbackProceed) {
257 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]258 MakeUnsafeResourceAndStartNavigation(kBadURL);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]259 SafeBrowsingCallbackWaiter waiter;
260 resource.callback =
261 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDoneOnIO,
262 base::Unretained(&waiter));
263 resource.callback_thread =
thestig529ad8a2016-07-08 20:30:12[diff] [blame]264 BrowserThread::GetTaskRunnerForThread(BrowserThread::IO);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]265 std::vector<SafeBrowsingUIManager::UnsafeResource> resources;
266 resources.push_back(resource);
267 SimulateBlockingPageDone(resources, true);
268 EXPECT_TRUE(IsWhitelisted(resource));
269 waiter.WaitForCallback();
270 EXPECT_TRUE(waiter.callback_called());
271 EXPECT_TRUE(waiter.proceed());
272}
273
274TEST_F(SafeBrowsingUIManagerTest, IOCallbackDontProceed) {
275 SafeBrowsingUIManager::UnsafeResource resource =
mattmbfc4060d2015-12-18 23:11:38[diff] [blame]276 MakeUnsafeResourceAndStartNavigation(kBadURL);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]277 SafeBrowsingCallbackWaiter waiter;
278 resource.callback =
279 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDoneOnIO,
280 base::Unretained(&waiter));
281 resource.callback_thread =
thestig529ad8a2016-07-08 20:30:12[diff] [blame]282 BrowserThread::GetTaskRunnerForThread(BrowserThread::IO);
clamy4edbf0e2015-12-02 13:35:41[diff] [blame]283 std::vector<SafeBrowsingUIManager::UnsafeResource> resources;
284 resources.push_back(resource);
285 SimulateBlockingPageDone(resources, false);
286 EXPECT_FALSE(IsWhitelisted(resource));
287 waiter.WaitForCallback();
288 EXPECT_TRUE(waiter.callback_called());
289 EXPECT_FALSE(waiter.proceed());
290}
291
dalecurtis6c58ed02016-10-28 23:02:37[diff] [blame]292namespace {
293
294// A WebContentsDelegate that records whether
295// VisibleSecurityStateChanged() was called.
296class SecurityStateWebContentsDelegate : public content::WebContentsDelegate {
297 public:
298 SecurityStateWebContentsDelegate() {}
299 ~SecurityStateWebContentsDelegate() override {}
300
301 bool visible_security_state_changed() const {
302 return visible_security_state_changed_;
303 }
304
305 void ClearVisibleSecurityStateChanged() {
306 visible_security_state_changed_ = false;
307 }
308
309 // WebContentsDelegate:
310 void VisibleSecurityStateChanged(content::WebContents* source) override {
311 visible_security_state_changed_ = true;
312 }
313
314 private:
315 bool visible_security_state_changed_ = false;
316 DISALLOW_COPY_AND_ASSIGN(SecurityStateWebContentsDelegate);
317};
318
319// A test blocking page that does not create windows.
320class TestSafeBrowsingBlockingPage : public SafeBrowsingBlockingPage {
321 public:
322 TestSafeBrowsingBlockingPage(SafeBrowsingUIManager* manager,
323 content::WebContents* web_contents,
324 const GURL& main_frame_url,
325 const UnsafeResourceList& unsafe_resources)
326 : SafeBrowsingBlockingPage(manager,
327 web_contents,
328 main_frame_url,
329 unsafe_resources) {
330 // Don't delay details at all for the unittest.
331 threat_details_proceed_delay_ms_ = 0;
332 DontCreateViewForTesting();
333 }
334};
335
336// A factory that creates TestSafeBrowsingBlockingPages.
337class TestSafeBrowsingBlockingPageFactory
338 : public SafeBrowsingBlockingPageFactory {
339 public:
340 TestSafeBrowsingBlockingPageFactory() {}
341 ~TestSafeBrowsingBlockingPageFactory() override {}
342
343 SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
344 SafeBrowsingUIManager* delegate,
345 content::WebContents* web_contents,
346 const GURL& main_frame_url,
347 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources)
348 override {
349 return new TestSafeBrowsingBlockingPage(delegate, web_contents,
350 main_frame_url, unsafe_resources);
351 }
352};
353
354} // namespace
355
356// Tests that the WebContentsDelegate is notified of a visible security
357// state change when a blocking page is shown for a subresource.
358TEST_F(SafeBrowsingUIManagerTest,
359 VisibleSecurityStateChangedForUnsafeSubresource) {
360 TestSafeBrowsingBlockingPageFactory factory;
361 SafeBrowsingBlockingPage::RegisterFactory(&factory);
362 SecurityStateWebContentsDelegate delegate;
363 web_contents()->SetDelegate(&delegate);
364
365 // Simulate a blocking page showing for an unsafe subresource.
366 SafeBrowsingUIManager::UnsafeResource resource =
367 MakeUnsafeResource(kBadURL, true /* is_subresource */);
368 // Needed for showing the blocking page.
369 resource.threat_source = safe_browsing::ThreatSource::REMOTE;
370 NavigateAndCommit(GURL("http://example.test"));
371
372 delegate.ClearVisibleSecurityStateChanged();
373 EXPECT_FALSE(delegate.visible_security_state_changed());
374 ui_manager()->DisplayBlockingPage(resource);
375 EXPECT_TRUE(delegate.visible_security_state_changed());
376
377 // Simulate proceeding through the blocking page.
378 SafeBrowsingCallbackWaiter waiter;
379 resource.callback =
380 base::Bind(&SafeBrowsingCallbackWaiter::OnBlockingPageDoneOnIO,
381 base::Unretained(&waiter));
382 resource.callback_thread =
383 BrowserThread::GetTaskRunnerForThread(BrowserThread::IO);
384 std::vector<SafeBrowsingUIManager::UnsafeResource> resources;
385 resources.push_back(resource);
386
387 delegate.ClearVisibleSecurityStateChanged();
388 EXPECT_FALSE(delegate.visible_security_state_changed());
389 SimulateBlockingPageDone(resources, true);
390 EXPECT_TRUE(delegate.visible_security_state_changed());
391
392 waiter.WaitForCallback();
393 EXPECT_TRUE(waiter.callback_called());
394 EXPECT_TRUE(waiter.proceed());
395 EXPECT_TRUE(IsWhitelisted(resource));
396}
397
vakh9a474d832015-11-13 01:43:09[diff] [blame]398} // namespace safe_browsing