1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/strings/stringprintf.h"
8 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
9 #include "testing/gtest/include/gtest/gtest.h"
14 bool VectorContains(const std::vector
<std::string
>& data
,
15 const std::string
& str
) {
16 return std::find(data
.begin(), data
.end(), str
) != data
.end();
19 // Tests that we generate the required host/path combinations for testing
20 // according to the Safe Browsing spec.
22 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
23 TEST(SafeBrowsingUtilTest
, UrlParsing
) {
24 std::vector
<std::string
> hosts
, paths
;
26 GURL
url("http://a.b.c/1/2.html?param=1");
27 safe_browsing_util::GenerateHostsToCheck(url
, &hosts
);
28 safe_browsing_util::GeneratePathsToCheck(url
, &paths
);
29 EXPECT_EQ(hosts
.size(), static_cast<size_t>(2));
30 EXPECT_EQ(paths
.size(), static_cast<size_t>(4));
31 EXPECT_EQ(hosts
[0], "b.c");
32 EXPECT_EQ(hosts
[1], "a.b.c");
34 EXPECT_TRUE(VectorContains(paths
, "/1/2.html?param=1"));
35 EXPECT_TRUE(VectorContains(paths
, "/1/2.html"));
36 EXPECT_TRUE(VectorContains(paths
, "/1/"));
37 EXPECT_TRUE(VectorContains(paths
, "/"));
39 url
= GURL("http://a.b.c.d.e.f.g/1.html");
40 safe_browsing_util::GenerateHostsToCheck(url
, &hosts
);
41 safe_browsing_util::GeneratePathsToCheck(url
, &paths
);
42 EXPECT_EQ(hosts
.size(), static_cast<size_t>(5));
43 EXPECT_EQ(paths
.size(), static_cast<size_t>(2));
44 EXPECT_EQ(hosts
[0], "f.g");
45 EXPECT_EQ(hosts
[1], "e.f.g");
46 EXPECT_EQ(hosts
[2], "d.e.f.g");
47 EXPECT_EQ(hosts
[3], "c.d.e.f.g");
48 EXPECT_EQ(hosts
[4], "a.b.c.d.e.f.g");
49 EXPECT_TRUE(VectorContains(paths
, "/1.html"));
50 EXPECT_TRUE(VectorContains(paths
, "/"));
52 url
= GURL("http://a.b/saw-cgi/eBayISAPI.dll/");
53 safe_browsing_util::GeneratePathsToCheck(url
, &paths
);
54 EXPECT_EQ(paths
.size(), static_cast<size_t>(3));
55 EXPECT_TRUE(VectorContains(paths
, "/saw-cgi/eBayISAPI.dll/"));
56 EXPECT_TRUE(VectorContains(paths
, "/saw-cgi/"));
57 EXPECT_TRUE(VectorContains(paths
, "/"));
60 // Tests the url canonicalization according to the Safe Browsing spec.
62 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
63 TEST(SafeBrowsingUtilTest
, CanonicalizeUrl
) {
65 const char* input_url
;
66 const char* expected_canonicalized_hostname
;
67 const char* expected_canonicalized_path
;
68 const char* expected_canonicalized_query
;
71 "http://host/%25%32%35",
76 "http://host/%25%32%35%25%32%35",
81 "http://host/%2525252525252525",
86 "http://host/asdf%25%32%35asd",
91 "http://host/%%%25%32%35asd%%",
93 "/%25%25%25asd%25%25",
96 "http://host/%%%25%32%35asd%%",
98 "/%25%25%25asd%25%25",
101 "http://www.google.com/",
106 "http://%31%36%38%2e%31%38%38%2e%39%39%2e%32%36/%2E%73%65%63%75%72%65/%77"
107 "%77%77%2E%65%62%61%79%2E%63%6F%6D/",
109 "/.secure/www.ebay.com/",
112 "http://195.127.0.11/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserd"
113 "ataxplimnbqmn-xplmvalidateinfoswqpcmlx=hgplmcx/",
115 "/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserdataxplimnbqmn-xplmv"
116 "alidateinfoswqpcmlx=hgplmcx/",
119 "http://host.com/%257Ea%2521b%2540c%2523d%2524e%25f%255E00%252611%252A"
120 "22%252833%252944_55%252B",
122 "/~a!b@c%23d$e%25f^00&11*22(33)44_55+",
125 "http://3279880203/blah",
130 "http://www.google.com/blah/..",
135 "http://www.google.com/blah#fraq",
140 "http://www.GOOgle.com/",
145 "http://www.google.com.../",
150 "http://www.google.com/q?",
155 "http://www.google.com/q?r?",
160 "http://www.google.com/q?r?s",
165 "http://evil.com/foo#bar#baz",
170 "http://evil.com/foo;",
175 "http://evil.com/foo?bar;",
180 "http://notrailingslash.com",
181 "notrailingslash.com",
185 "http://www.gotaport.com:1234/",
190 " http://www.google.com/ ",
195 "http:// leadingspace.com/",
196 "%20leadingspace.com",
200 "http://%20leadingspace.com/",
201 "%20leadingspace.com",
205 "https://www.securesite.com/",
206 "www.securesite.com",
210 "http://host.com/ab%23cd",
215 "http://host%3e.com//twoslashes?more//slashes",
220 "http://host.com/abc?val=xyz#anything",
225 "http://abc:def@host.com/xyz",
230 "http://host%3e.com/abc/%2e%2e%2fdef",
235 "http://.......host...com.....//abc/////def%2F%2F%2Fxyz",
240 "ftp://host.com/foo?bar",
245 "data:text/html;charset=utf-8,%0D%0A",
250 "javascript:alert()",
255 "mailto:abc@example.com",
261 for (size_t i
= 0; i
< ARRAYSIZE_UNSAFE(tests
); ++i
) {
262 SCOPED_TRACE(base::StringPrintf("Test: %s", tests
[i
].input_url
));
263 GURL
url(tests
[i
].input_url
);
265 std::string canonicalized_hostname
;
266 std::string canonicalized_path
;
267 std::string canonicalized_query
;
268 safe_browsing_util::CanonicalizeUrl(url
, &canonicalized_hostname
,
269 &canonicalized_path
, &canonicalized_query
);
271 EXPECT_EQ(tests
[i
].expected_canonicalized_hostname
,
272 canonicalized_hostname
);
273 EXPECT_EQ(tests
[i
].expected_canonicalized_path
,
275 EXPECT_EQ(tests
[i
].expected_canonicalized_query
,
276 canonicalized_query
);
280 TEST(SafeBrowsingUtilTest
, ListIdListNameConversion
) {
281 std::string list_name
;
282 EXPECT_FALSE(safe_browsing_util::GetListName(safe_browsing_util::INVALID
,
284 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::MALWARE
,
286 EXPECT_EQ(list_name
, std::string(safe_browsing_util::kMalwareList
));
287 EXPECT_EQ(safe_browsing_util::MALWARE
,
288 safe_browsing_util::GetListId(list_name
));
290 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::PHISH
,
292 EXPECT_EQ(list_name
, std::string(safe_browsing_util::kPhishingList
));
293 EXPECT_EQ(safe_browsing_util::PHISH
,
294 safe_browsing_util::GetListId(list_name
));
296 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::BINURL
,
298 EXPECT_EQ(list_name
, std::string(safe_browsing_util::kBinUrlList
));
299 EXPECT_EQ(safe_browsing_util::BINURL
,
300 safe_browsing_util::GetListId(list_name
));
303 // Since the ids are saved in file, we need to make sure they don't change.
304 // Since only the last bit of each id is saved in file together with
305 // chunkids, this checks only last bit.
306 TEST(SafeBrowsingUtilTest
, ListIdVerification
) {
307 EXPECT_EQ(0, safe_browsing_util::MALWARE
% 2);
308 EXPECT_EQ(1, safe_browsing_util::PHISH
% 2);
309 EXPECT_EQ(0, safe_browsing_util::BINURL
%2);
312 TEST(SafeBrowsingUtilTest
, StringToSBFullHashAndSBFullHashToString
) {
313 // 31 chars plus the last \0 as full_hash.
314 const std::string hash_in
= "12345678902234567890323456789012";
315 SBFullHash hash_out
= safe_browsing_util::StringToSBFullHash(hash_in
);
316 EXPECT_EQ(0x34333231U
, hash_out
.prefix
);
317 EXPECT_EQ(0, memcmp(hash_in
.data(), hash_out
.full_hash
, sizeof(SBFullHash
)));
319 std::string hash_final
= safe_browsing_util::SBFullHashToString(hash_out
);
320 EXPECT_EQ(hash_in
, hash_final
);
323 TEST(SafeBrowsingUtilTest
, FullHashOperators
) {
324 const SBFullHash kHash1
= SBFullHashForString("one");
325 const SBFullHash kHash2
= SBFullHashForString("two");
327 EXPECT_TRUE(SBFullHashEqual(kHash1
, kHash1
));
328 EXPECT_TRUE(SBFullHashEqual(kHash2
, kHash2
));
329 EXPECT_FALSE(SBFullHashEqual(kHash1
, kHash2
));
330 EXPECT_FALSE(SBFullHashEqual(kHash2
, kHash1
));
332 EXPECT_FALSE(SBFullHashLess(kHash1
, kHash2
));
333 EXPECT_TRUE(SBFullHashLess(kHash2
, kHash1
));
335 EXPECT_FALSE(SBFullHashLess(kHash1
, kHash1
));
336 EXPECT_FALSE(SBFullHashLess(kHash2
, kHash2
));