search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
base::Time multiplicative operator overloading
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_blocking_page_test.cc
blobbd22f4b5a682c77a79bba079832adc5460c3d825
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // This test creates a fake safebrowsing service, where we can inject known-
6 // threat urls. It then uses a real browser to go to these urls, and sends
7 // "goback" or "proceed" commands and verifies they work.
8
9 #include "base/bind.h"
10 #include "base/command_line.h"
11 #include "base/prefs/pref_service.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "base/values.h"
14 #include "chrome/browser/browser_process.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/safe_browsing/database_manager.h"
17 #include "chrome/browser/safe_browsing/malware_details.h"
18 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
19 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
20 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
21 #include "chrome/browser/safe_browsing/ui_manager.h"
22 #include "chrome/browser/ui/browser.h"
23 #include "chrome/browser/ui/browser_tabstrip.h"
24 #include "chrome/browser/ui/tabs/tab_strip_model.h"
25 #include "chrome/common/chrome_switches.h"
26 #include "chrome/common/pref_names.h"
27 #include "chrome/common/url_constants.h"
28 #include "chrome/test/base/in_process_browser_test.h"
29 #include "chrome/test/base/test_switches.h"
30 #include "chrome/test/base/ui_test_utils.h"
31 #include "content/public/browser/interstitial_page.h"
32 #include "content/public/browser/navigation_controller.h"
33 #include "content/public/browser/notification_types.h"
34 #include "content/public/browser/render_frame_host.h"
35 #include "content/public/browser/render_view_host.h"
36 #include "content/public/browser/web_contents.h"
37 #include "content/public/test/browser_test_utils.h"
38 #include "content/public/test/test_browser_thread.h"
39 #include "content/public/test/test_utils.h"
40
41 using content::BrowserThread;
42 using content::InterstitialPage;
43 using content::NavigationController;
44 using content::WebContents;
45
46 namespace {
47
48 const char kEmptyPage[] = "files/empty.html";
49 const char kMalwarePage[] = "files/safe_browsing/malware.html";
50 const char kMalwareIframe[] = "files/safe_browsing/malware_iframe.html";
51
52 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious
53 // URLs.
54 class FakeSafeBrowsingDatabaseManager : public SafeBrowsingDatabaseManager {
55 public:
56 explicit FakeSafeBrowsingDatabaseManager(SafeBrowsingService* service)
57 : SafeBrowsingDatabaseManager(service) { }
58
59 // Called on the IO thread to check if the given url is safe or not. If we
60 // can synchronously determine that the url is safe, CheckUrl returns true.
61 // Otherwise it returns false, and "client" is called asynchronously with the
62 // result when it is ready.
63 // Overrides SafeBrowsingDatabaseManager::CheckBrowseUrl.
64 bool CheckBrowseUrl(const GURL& gurl, Client* client) override {
65 if (badurls[gurl.spec()] == SB_THREAT_TYPE_SAFE)
66 return true;
67
68 BrowserThread::PostTask(
69 BrowserThread::IO, FROM_HERE,
70 base::Bind(&FakeSafeBrowsingDatabaseManager::OnCheckBrowseURLDone,
71 this, gurl, client));
72 return false;
73 }
74
75 void OnCheckBrowseURLDone(const GURL& gurl, Client* client) {
76 std::vector<SBThreatType> expected_threats;
77 expected_threats.push_back(SB_THREAT_TYPE_URL_MALWARE);
78 expected_threats.push_back(SB_THREAT_TYPE_URL_PHISHING);
79 expected_threats.push_back(SB_THREAT_TYPE_URL_UNWANTED);
80 SafeBrowsingDatabaseManager::SafeBrowsingCheck sb_check(
81 std::vector<GURL>(1, gurl),
82 std::vector<SBFullHash>(),
83 client,
84 safe_browsing_util::MALWARE,
85 expected_threats);
86 sb_check.url_results[0] = badurls[gurl.spec()];
87 client->OnSafeBrowsingResult(sb_check);
88 }
89
90 void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
91 badurls[url.spec()] = threat_type;
92 }
93
94 private:
95 ~FakeSafeBrowsingDatabaseManager() override {}
96
97 base::hash_map<std::string, SBThreatType> badurls;
98 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingDatabaseManager);
99 };
100
101 // A SafeBrowingUIManager class that allows intercepting malware details.
102 class FakeSafeBrowsingUIManager : public SafeBrowsingUIManager {
103 public:
104 explicit FakeSafeBrowsingUIManager(SafeBrowsingService* service) :
105 SafeBrowsingUIManager(service) { }
106
107 // Overrides SafeBrowsingUIManager
108 void SendSerializedMalwareDetails(const std::string& serialized) override {
109 // Notify the UI thread that we got a report.
110 BrowserThread::PostTask(
111 BrowserThread::UI,
112 FROM_HERE,
113 base::Bind(&FakeSafeBrowsingUIManager::OnMalwareDetailsDone,
114 this,
115 serialized));
116 }
117
118 void OnMalwareDetailsDone(const std::string& serialized) {
119 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::UI));
120 report_ = serialized;
121
122 EXPECT_FALSE(malware_details_done_callback_.is_null());
123 if (!malware_details_done_callback_.is_null()) {
124 malware_details_done_callback_.Run();
125 malware_details_done_callback_ = base::Closure();
126 }
127 }
128
129 void set_malware_details_done_callback(const base::Closure& callback) {
130 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::UI));
131 EXPECT_TRUE(malware_details_done_callback_.is_null());
132 malware_details_done_callback_ = callback;
133 }
134
135 std::string GetReport() {
136 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::UI));
137 return report_;
138 }
139
140 protected:
141 ~FakeSafeBrowsingUIManager() override {}
142
143 private:
144 std::string report_;
145 base::Closure malware_details_done_callback_;
146
147 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingUIManager);
148 };
149
150 class FakeSafeBrowsingService : public SafeBrowsingService {
151 public:
152 FakeSafeBrowsingService()
153 : fake_database_manager_(),
154 fake_ui_manager_() { }
155
156 // Returned pointer has the same lifespan as the database_manager_ refcounted
157 // object.
158 FakeSafeBrowsingDatabaseManager* fake_database_manager() {
159 return fake_database_manager_;
160 }
161 // Returned pointer has the same lifespan as the ui_manager_ refcounted
162 // object.
163 FakeSafeBrowsingUIManager* fake_ui_manager() {
164 return fake_ui_manager_;
165 }
166
167 protected:
168 ~FakeSafeBrowsingService() override {}
169
170 SafeBrowsingDatabaseManager* CreateDatabaseManager() override {
171 fake_database_manager_ = new FakeSafeBrowsingDatabaseManager(this);
172 return fake_database_manager_;
173 }
174
175 SafeBrowsingUIManager* CreateUIManager() override {
176 fake_ui_manager_ = new FakeSafeBrowsingUIManager(this);
177 return fake_ui_manager_;
178 }
179
180 private:
181 FakeSafeBrowsingDatabaseManager* fake_database_manager_;
182 FakeSafeBrowsingUIManager* fake_ui_manager_;
183
184 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingService);
185 };
186
187 // Factory that creates FakeSafeBrowsingService instances.
188 class TestSafeBrowsingServiceFactory : public SafeBrowsingServiceFactory {
189 public:
190 TestSafeBrowsingServiceFactory() :
191 most_recent_service_(NULL) { }
192 ~TestSafeBrowsingServiceFactory() override {}
193
194 SafeBrowsingService* CreateSafeBrowsingService() override {
195 most_recent_service_ = new FakeSafeBrowsingService();
196 return most_recent_service_;
197 }
198
199 FakeSafeBrowsingService* most_recent_service() const {
200 return most_recent_service_;
201 }
202
203 private:
204 FakeSafeBrowsingService* most_recent_service_;
205 };
206
207 // A MalwareDetails class lets us intercept calls from the renderer.
208 class FakeMalwareDetails : public MalwareDetails {
209 public:
210 FakeMalwareDetails(
211 SafeBrowsingUIManager* delegate,
212 WebContents* web_contents,
213 const SafeBrowsingUIManager::UnsafeResource& unsafe_resource)
214 : MalwareDetails(delegate, web_contents, unsafe_resource),
215 got_dom_(false),
216 waiting_(false) { }
217
218 void AddDOMDetails(
219 const std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node>& params)
220 override {
221 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::IO));
222 MalwareDetails::AddDOMDetails(params);
223
224 // Notify the UI thread that we got the dom details.
225 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
226 base::Bind(&FakeMalwareDetails::OnDOMDetailsDone,
227 this));
228 }
229
230 void WaitForDOM() {
231 if (got_dom_) {
232 return;
233 }
234 // This condition might not trigger normally, but if you add a
235 // sleep(1) in malware_dom_details it triggers :).
236 waiting_ = true;
237 content::RunMessageLoop();
238 EXPECT_TRUE(got_dom_);
239 }
240
241 private:
242 ~FakeMalwareDetails() override {}
243
244 void OnDOMDetailsDone() {
245 got_dom_ = true;
246 if (waiting_) {
247 base::MessageLoopForUI::current()->Quit();
248 }
249 }
250
251 // Some logic to figure out if we should wait for the dom details or not.
252 // These variables should only be accessed in the UI thread.
253 bool got_dom_;
254 bool waiting_;
255 };
256
257 class TestMalwareDetailsFactory : public MalwareDetailsFactory {
258 public:
259 TestMalwareDetailsFactory() : details_() { }
260 ~TestMalwareDetailsFactory() override {}
261
262 MalwareDetails* CreateMalwareDetails(
263 SafeBrowsingUIManager* delegate,
264 WebContents* web_contents,
265 const SafeBrowsingUIManager::UnsafeResource& unsafe_resource) override {
266 details_ = new FakeMalwareDetails(delegate, web_contents,
267 unsafe_resource);
268 return details_;
269 }
270
271 FakeMalwareDetails* get_details() {
272 return details_;
273 }
274
275 private:
276 FakeMalwareDetails* details_;
277 };
278
279 // A SafeBrowingBlockingPage class that lets us wait until it's hidden.
280 class TestSafeBrowsingBlockingPage : public SafeBrowsingBlockingPage {
281 public:
282 TestSafeBrowsingBlockingPage(SafeBrowsingUIManager* manager,
283 WebContents* web_contents,
284 const UnsafeResourceList& unsafe_resources)
285 : SafeBrowsingBlockingPage(manager, web_contents, unsafe_resources),
286 wait_for_delete_(false) {
287 // Don't wait the whole 3 seconds for the browser test.
288 malware_details_proceed_delay_ms_ = 100;
289 }
290
291 ~TestSafeBrowsingBlockingPage() override {
292 if (!wait_for_delete_)
293 return;
294
295 // Notify that we are gone
296 base::MessageLoopForUI::current()->Quit();
297 wait_for_delete_ = false;
298 }
299
300 void WaitForDelete() {
301 wait_for_delete_ = true;
302 content::RunMessageLoop();
303 }
304
305 // InterstitialPageDelegate methods:
306 void CommandReceived(const std::string& command) override {
307 SafeBrowsingBlockingPage::CommandReceived(command);
308 }
309 void OnProceed() override { SafeBrowsingBlockingPage::OnProceed(); }
310 void OnDontProceed() override { SafeBrowsingBlockingPage::OnDontProceed(); }
311
312 private:
313 bool wait_for_delete_;
314 };
315
316 class TestSafeBrowsingBlockingPageFactory
317 : public SafeBrowsingBlockingPageFactory {
318 public:
319 TestSafeBrowsingBlockingPageFactory() { }
320 ~TestSafeBrowsingBlockingPageFactory() override {}
321
322 SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
323 SafeBrowsingUIManager* delegate,
324 WebContents* web_contents,
325 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources)
326 override {
327 return new TestSafeBrowsingBlockingPage(delegate, web_contents,
328 unsafe_resources);
329 }
330 };
331
332 } // namespace
333
334 // Tests the safe browsing blocking page in a browser.
335 class SafeBrowsingBlockingPageBrowserTest
336 : public InProcessBrowserTest,
337 public testing::WithParamInterface<SBThreatType> {
338 public:
339 enum Visibility {
340 VISIBILITY_ERROR = -1,
341 HIDDEN = 0,
342 VISIBLE = 1
343 };
344
345 SafeBrowsingBlockingPageBrowserTest() {}
346
347 void SetUp() override {
348 SafeBrowsingService::RegisterFactory(&factory_);
349 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_);
350 MalwareDetails::RegisterFactory(&details_factory_);
351 InProcessBrowserTest::SetUp();
352 }
353
354 void SetUpCommandLine(base::CommandLine* command_line) override {
355 command_line->AppendSwitchASCII(
356 switches::kForceFieldTrials, "UwSInterstitialStatus/On/");
357 }
358
359 void TearDown() override {
360 InProcessBrowserTest::TearDown();
361 SafeBrowsingBlockingPage::RegisterFactory(NULL);
362 SafeBrowsingService::RegisterFactory(NULL);
363 MalwareDetails::RegisterFactory(NULL);
364 }
365
366 void SetUpInProcessBrowserTestFixture() override {
367 ASSERT_TRUE(test_server()->Start());
368 }
369
370 void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
371 FakeSafeBrowsingService* service =
372 static_cast<FakeSafeBrowsingService*>(
373 g_browser_process->safe_browsing_service());
374
375 ASSERT_TRUE(service);
376 service->fake_database_manager()->SetURLThreatType(url, threat_type);
377 }
378
379 // Adds a safebrowsing result of the current test threat to the fake
380 // safebrowsing service, navigates to that page, and returns the url.
381 GURL SetupWarningAndNavigate() {
382 GURL url = test_server()->GetURL(kEmptyPage);
383 SetURLThreatType(url, GetParam());
384
385 ui_test_utils::NavigateToURL(browser(), url);
386 EXPECT_TRUE(WaitForReady());
387 return url;
388 }
389
390 // Adds a safebrowsing threat result to the fake safebrowsing service,
391 // navigates to a page with an iframe containing the threat site, and returns
392 // the url of the parent page.
393 GURL SetupThreatIframeWarningAndNavigate() {
394 GURL url = test_server()->GetURL(kMalwarePage);
395 GURL iframe_url = test_server()->GetURL(kMalwareIframe);
396 SetURLThreatType(iframe_url, GetParam());
397
398 ui_test_utils::NavigateToURL(browser(), url);
399 EXPECT_TRUE(WaitForReady());
400 return url;
401 }
402
403 void SendCommand(const std::string& command) {
404 WebContents* contents =
405 browser()->tab_strip_model()->GetActiveWebContents();
406 // We use InterstitialPage::GetInterstitialPage(tab) instead of
407 // tab->GetInterstitialPage() because the tab doesn't have a pointer
408 // to its interstital page until it gets a command from the renderer
409 // that it has indeed displayed it -- and this sometimes happens after
410 // NavigateToURL returns.
411 SafeBrowsingBlockingPage* interstitial_page =
412 static_cast<SafeBrowsingBlockingPage*>(
413 InterstitialPage::GetInterstitialPage(contents)->
414 GetDelegateForTesting());
415 ASSERT_TRUE(interstitial_page);
416 ASSERT_EQ(SafeBrowsingBlockingPage::kTypeForTesting,
417 interstitial_page->GetTypeForTesting());
418 interstitial_page->CommandReceived(command);
419 }
420
421 void DontProceedThroughInterstitial() {
422 WebContents* contents =
423 browser()->tab_strip_model()->GetActiveWebContents();
424 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
425 contents);
426 ASSERT_TRUE(interstitial_page);
427 interstitial_page->DontProceed();
428 }
429
430 void ProceedThroughInterstitial() {
431 WebContents* contents =
432 browser()->tab_strip_model()->GetActiveWebContents();
433 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
434 contents);
435 ASSERT_TRUE(interstitial_page);
436 interstitial_page->Proceed();
437 }
438
439 void AssertNoInterstitial(bool wait_for_delete) {
440 WebContents* contents =
441 browser()->tab_strip_model()->GetActiveWebContents();
442
443 if (contents->ShowingInterstitialPage() && wait_for_delete) {
444 // We'll get notified when the interstitial is deleted.
445 TestSafeBrowsingBlockingPage* page =
446 static_cast<TestSafeBrowsingBlockingPage*>(
447 contents->GetInterstitialPage()->GetDelegateForTesting());
448 ASSERT_EQ(SafeBrowsingBlockingPage::kTypeForTesting,
449 page->GetTypeForTesting());
450 page->WaitForDelete();
451 }
452
453 // Can't use InterstitialPage::GetInterstitialPage() because that
454 // gets updated after the TestSafeBrowsingBlockingPage destructor
455 ASSERT_FALSE(contents->ShowingInterstitialPage());
456 }
457
458 bool YesInterstitial() {
459 WebContents* contents =
460 browser()->tab_strip_model()->GetActiveWebContents();
461 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
462 contents);
463 return interstitial_page != NULL;
464 }
465
466 void SetReportSentCallback(const base::Closure& callback) {
467 factory_.most_recent_service()
468 ->fake_ui_manager()
469 ->set_malware_details_done_callback(callback);
470 }
471
472 std::string GetReportSent() {
473 return factory_.most_recent_service()->fake_ui_manager()->GetReport();
474 }
475
476 void MalwareRedirectCancelAndProceed(const std::string& open_function) {
477 GURL load_url = test_server()->GetURL(
478 "files/safe_browsing/interstitial_cancel.html");
479 GURL malware_url("http://localhost/files/safe_browsing/malware.html");
480 SetURLThreatType(malware_url, GetParam());
481
482 // Load the test page.
483 ui_test_utils::NavigateToURL(browser(), load_url);
484 // Trigger the safe browsing interstitial page via a redirect in
485 // "openWin()".
486 ui_test_utils::NavigateToURLWithDisposition(
487 browser(),
488 GURL("javascript:" + open_function + "()"),
489 CURRENT_TAB,
490 ui_test_utils::BROWSER_TEST_WAIT_FOR_TAB);
491 WebContents* contents =
492 browser()->tab_strip_model()->GetActiveWebContents();
493 content::WaitForInterstitialAttach(contents);
494 // Cancel the redirect request while interstitial page is open.
495 browser()->tab_strip_model()->ActivateTabAt(0, true);
496 ui_test_utils::NavigateToURL(browser(), GURL("javascript:stopWin()"));
497 browser()->tab_strip_model()->ActivateTabAt(1, true);
498 // Simulate the user clicking "proceed", there should be no crash. Since
499 // clicking proceed may do nothing (see comment in RedirectCanceled
500 // below, and crbug.com/76460), we use SendCommand to trigger the callback
501 // directly rather than using ClickAndWaitForDetach since there might not
502 // be a notification to wait for.
503 SendCommand("\"proceed\"");
504 }
505
506 content::RenderViewHost* GetRenderViewHost() {
507 InterstitialPage* interstitial = InterstitialPage::GetInterstitialPage(
508 browser()->tab_strip_model()->GetActiveWebContents());
509 if (!interstitial)
510 return NULL;
511 return interstitial->GetMainFrame()->GetRenderViewHost();
512 }
513
514 bool WaitForReady() {
515 InterstitialPage* interstitial = InterstitialPage::GetInterstitialPage(
516 browser()->tab_strip_model()->GetActiveWebContents());
517 if (!interstitial)
518 return false;
519 return content::WaitForRenderFrameReady(interstitial->GetMainFrame());
520 }
521
522 Visibility GetVisibility(const std::string& node_id) {
523 content::RenderViewHost* rvh = GetRenderViewHost();
524 if (!rvh)
525 return VISIBILITY_ERROR;
526 scoped_ptr<base::Value> value = content::ExecuteScriptAndGetValue(
527 rvh->GetMainFrame(),
528 "var node = document.getElementById('" + node_id + "');\n"
529 "if (node)\n"
530 " node.offsetWidth > 0 && node.offsetHeight > 0;"
531 "else\n"
532 " 'node not found';\n");
533 if (!value.get())
534 return VISIBILITY_ERROR;
535 bool result = false;
536 if (!value->GetAsBoolean(&result))
537 return VISIBILITY_ERROR;
538 return result ? VISIBLE : HIDDEN;
539 }
540
541 bool Click(const std::string& node_id) {
542 content::RenderViewHost* rvh = GetRenderViewHost();
543 if (!rvh)
544 return false;
545 // We don't use ExecuteScriptAndGetValue for this one, since clicking
546 // the button/link may navigate away before the injected javascript can
547 // reply, hanging the test.
548 rvh->GetMainFrame()->ExecuteJavaScript(
549 base::ASCIIToUTF16(
550 "document.getElementById('" + node_id + "').click();\n"));
551 return true;
552 }
553
554 bool ClickAndWaitForDetach(const std::string& node_id) {
555 // We wait for interstitial_detached rather than nav_entry_committed, as
556 // going back from a main-frame malware interstitial page will not cause a
557 // nav entry committed event.
558 if (!Click(node_id))
559 return false;
560 content::WaitForInterstitialDetach(
561 browser()->tab_strip_model()->GetActiveWebContents());
562 return true;
563 }
564
565 protected:
566 TestMalwareDetailsFactory details_factory_;
567
568 private:
569 TestSafeBrowsingServiceFactory factory_;
570 TestSafeBrowsingBlockingPageFactory blocking_page_factory_;
571
572 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest);
573 };
574
575 // TODO(linux_aura) http://crbug.com/163931
576 // TODO(win_aura) http://crbug.com/154081
577 #if defined(USE_AURA) && !defined(OS_CHROMEOS)
578 #define MAYBE_RedirectInIFrameCanceled DISABLED_RedirectInIFrameCanceled
579 #else
580 #define MAYBE_RedirectInIFrameCanceled RedirectInIFrameCanceled
581 #endif
582 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
583 MAYBE_RedirectInIFrameCanceled) {
584 // 1. Test the case that redirect is a subresource.
585 MalwareRedirectCancelAndProceed("openWinIFrame");
586 // If the redirect was from subresource but canceled, "proceed" will continue
587 // with the rest of resources.
588 AssertNoInterstitial(true);
589 }
590
591 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, RedirectCanceled) {
592 // 2. Test the case that redirect is the only resource.
593 MalwareRedirectCancelAndProceed("openWin");
594 // Clicking proceed won't do anything if the main request is cancelled
595 // already. See crbug.com/76460.
596 EXPECT_TRUE(YesInterstitial());
597 }
598
599 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, DontProceed) {
600 #if defined(OS_WIN) && defined(USE_ASH)
601 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
602 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
603 switches::kAshBrowserTests))
604 return;
605 #endif
606
607 SetupWarningAndNavigate();
608
609 EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
610 EXPECT_EQ(HIDDEN, GetVisibility("details"));
611 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
612 EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
613 EXPECT_TRUE(Click("details-button"));
614 EXPECT_EQ(VISIBLE, GetVisibility("details"));
615 EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
616 EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
617 EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
618
619 AssertNoInterstitial(false); // Assert the interstitial is gone
620 EXPECT_EQ(GURL(url::kAboutBlankURL), // Back to "about:blank"
621 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
622 }
623
624 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Proceed) {
625 GURL url = SetupWarningAndNavigate();
626
627 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
628 AssertNoInterstitial(true); // Assert the interstitial is gone.
629 EXPECT_EQ(url,
630 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
631 }
632
633 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, IframeDontProceed) {
634 #if defined(OS_WIN) && defined(USE_ASH)
635 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
636 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
637 switches::kAshBrowserTests))
638 return;
639 #endif
640
641 SetupThreatIframeWarningAndNavigate();
642
643 EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
644 EXPECT_EQ(HIDDEN, GetVisibility("details"));
645 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
646 EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
647 EXPECT_TRUE(Click("details-button"));
648 EXPECT_EQ(VISIBLE, GetVisibility("details"));
649 EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
650 EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
651 EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
652
653 AssertNoInterstitial(false); // Assert the interstitial is gone
654
655 EXPECT_EQ(GURL(url::kAboutBlankURL), // Back to "about:blank"
656 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
657 }
658
659 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, IframeProceed) {
660 GURL url = SetupThreatIframeWarningAndNavigate();
661
662 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
663 AssertNoInterstitial(true); // Assert the interstitial is gone
664
665 EXPECT_EQ(url,
666 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
667 }
668
669 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
670 IframeOptInAndReportMalwareDetails) {
671 // The extended reporting opt-in is presented in the interstitial for malware,
672 // phishing, and UwS threats. It however only results in uploading further
673 // details about the immediate threat when facing malware threats.
674 const bool expect_malware_details = GetParam() == SB_THREAT_TYPE_URL_MALWARE;
675
676 scoped_refptr<content::MessageLoopRunner> malware_report_sent_runner(
677 new content::MessageLoopRunner);
678 if (expect_malware_details)
679 SetReportSentCallback(malware_report_sent_runner->QuitClosure());
680
681 GURL url = SetupThreatIframeWarningAndNavigate();
682
683 FakeMalwareDetails* fake_malware_details = details_factory_.get_details();
684 EXPECT_EQ(expect_malware_details, fake_malware_details != nullptr);
685
686 // If the DOM details from renderer did not already return when they are
687 // expected, wait for them.
688 if (expect_malware_details)
689 fake_malware_details->WaitForDOM();
690
691 EXPECT_EQ(VISIBLE, GetVisibility("malware-opt-in"));
692 EXPECT_TRUE(Click("opt-in-checkbox"));
693 EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
694 AssertNoInterstitial(true); // Assert the interstitial is gone
695
696 EXPECT_TRUE(browser()->profile()->GetPrefs()->GetBoolean(
697 prefs::kSafeBrowsingExtendedReportingEnabled));
698 EXPECT_EQ(url,
699 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
700
701 if (expect_malware_details) {
702 malware_report_sent_runner->Run();
703 std::string serialized = GetReportSent();
704 safe_browsing::ClientMalwareReportRequest report;
705 ASSERT_TRUE(report.ParseFromString(serialized));
706 // Verify the report is complete.
707 EXPECT_TRUE(report.complete());
708 }
709 }
710
711 // Verifies that the "proceed anyway" link isn't available when it is disabled
712 // by the corresponding policy. Also verifies that sending the "proceed"
713 // command anyway doesn't advance to the malware site.
714 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, ProceedDisabled) {
715 #if defined(OS_WIN) && defined(USE_ASH)
716 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
717 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
718 switches::kAshBrowserTests))
719 return;
720 #endif
721
722 // Simulate a policy disabling the "proceed anyway" link.
723 browser()->profile()->GetPrefs()->SetBoolean(
724 prefs::kSafeBrowsingProceedAnywayDisabled, true);
725
726 SetupWarningAndNavigate();
727
728 EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
729 EXPECT_EQ(HIDDEN, GetVisibility("details"));
730 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
731 EXPECT_EQ(HIDDEN, GetVisibility("final-paragraph"));
732 EXPECT_TRUE(Click("details-button"));
733 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
734 EXPECT_EQ(HIDDEN, GetVisibility("final-paragraph"));
735 SendCommand("proceed");
736
737 // The "proceed" command should go back instead, if proceeding is disabled.
738 AssertNoInterstitial(true);
739 EXPECT_EQ(GURL(url::kAboutBlankURL), // Back to "about:blank"
740 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
741 }
742
743 // Verifies that the reporting checkbox is hidden on non-HTTP pages.
744 // TODO(mattm): Should also verify that no report is sent, but there isn't a
745 // good way to do that in the current design.
746 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, ReportingDisabled) {
747 #if defined(OS_WIN) && defined(USE_ASH)
748 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
749 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
750 switches::kAshBrowserTests))
751 return;
752 #endif
753
754 browser()->profile()->GetPrefs()->SetBoolean(
755 prefs::kSafeBrowsingExtendedReportingEnabled, true);
756
757 net::SpawnedTestServer https_server(
758 net::SpawnedTestServer::TYPE_HTTPS, net::SpawnedTestServer::kLocalhost,
759 base::FilePath(FILE_PATH_LITERAL("chrome/test/data")));
760 ASSERT_TRUE(https_server.Start());
761 GURL url = https_server.GetURL(kEmptyPage);
762 SetURLThreatType(url, GetParam());
763 ui_test_utils::NavigateToURL(browser(), url);
764 ASSERT_TRUE(WaitForReady());
765
766 EXPECT_EQ(HIDDEN, GetVisibility("malware-opt-in"));
767 EXPECT_EQ(HIDDEN, GetVisibility("opt-in-checkbox"));
768 EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
769 EXPECT_TRUE(Click("details-button"));
770 EXPECT_EQ(VISIBLE, GetVisibility("help-link"));
771 EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
772
773 EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
774 AssertNoInterstitial(false); // Assert the interstitial is gone
775 EXPECT_EQ(GURL(url::kAboutBlankURL), // Back to "about:blank"
776 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
777 }
778
779 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, LearnMore) {
780 SetupWarningAndNavigate();
781 EXPECT_TRUE(ClickAndWaitForDetach("help-link"));
782 AssertNoInterstitial(false); // Assert the interstitial is gone
783
784 // We are in the help page.
785 EXPECT_EQ(
786 GetParam() == SB_THREAT_TYPE_URL_PHISHING
787 ? "/transparencyreport/safebrowsing/"
788 : "/safebrowsing/diagnostic",
789 browser()->tab_strip_model()->GetActiveWebContents()->GetURL().path());
790 }
791
792 INSTANTIATE_TEST_CASE_P(SafeBrowsingBlockingPageBrowserTestWithThreatType,
793 SafeBrowsingBlockingPageBrowserTest,
794 testing::Values(SB_THREAT_TYPE_URL_MALWARE,
795 SB_THREAT_TYPE_URL_PHISHING,
796 SB_THREAT_TYPE_URL_UNWANTED));