Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chrome / common / safe_browsing / binary_feature_extractor_win_unittest.cc
blobf050c0d5dbd35d46998d2b20f3bb7bd184960555
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
7 #include <string>
8 #include <vector>
10 #include "base/base_paths.h"
11 #include "base/files/file_path.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/path_service.h"
14 #include "chrome/common/chrome_paths.h"
15 #include "chrome/common/safe_browsing/csd.pb.h"
16 #include "net/cert/x509_cert_types.h"
17 #include "net/cert/x509_certificate.h"
18 #include "testing/gtest/include/gtest/gtest.h"
20 namespace safe_browsing {
22 class BinaryFeatureExtractorWinTest : public testing::Test {
23 protected:
24 void SetUp() override {
25 base::FilePath source_path;
26 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &source_path));
27 testdata_path_ = source_path
28 .AppendASCII("safe_browsing")
29 .AppendASCII("download_protection");
31 binary_feature_extractor_ = new BinaryFeatureExtractor();
34 // Given a certificate chain protobuf, parse it into X509Certificates.
35 void ParseCertificateChain(
36 const ClientDownloadRequest_CertificateChain& chain,
37 std::vector<scoped_refptr<net::X509Certificate> >* certs) {
38 for (int i = 0; i < chain.element_size(); ++i) {
39 certs->push_back(
40 net::X509Certificate::CreateFromBytes(
41 chain.element(i).certificate().data(),
42 chain.element(i).certificate().size()));
46 base::FilePath testdata_path_;
47 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_;
50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) {
51 // signed.exe is signed by an untrusted root CA.
52 ClientDownloadRequest_SignatureInfo signature_info;
53 binary_feature_extractor_->CheckSignature(
54 testdata_path_.Append(L"signed.exe"),
55 &signature_info);
56 ASSERT_EQ(1, signature_info.certificate_chain_size());
57 std::vector<scoped_refptr<net::X509Certificate> > certs;
58 ParseCertificateChain(signature_info.certificate_chain(0), &certs);
59 ASSERT_EQ(2, certs.size());
60 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name);
61 EXPECT_EQ("Root Agency", certs[1]->subject().common_name);
63 EXPECT_TRUE(signature_info.has_trusted());
64 EXPECT_FALSE(signature_info.trusted());
67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) {
68 // wow_helper.exe is signed using Google's signing certifiacte.
69 ClientDownloadRequest_SignatureInfo signature_info;
70 binary_feature_extractor_->CheckSignature(
71 testdata_path_.Append(L"wow_helper.exe"),
72 &signature_info);
73 ASSERT_EQ(1, signature_info.certificate_chain_size());
74 std::vector<scoped_refptr<net::X509Certificate> > certs;
75 ParseCertificateChain(signature_info.certificate_chain(0), &certs);
76 ASSERT_EQ(3, certs.size());
78 EXPECT_EQ("Google Inc", certs[0]->subject().common_name);
79 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA",
80 certs[1]->subject().common_name);
81 EXPECT_EQ("Class 3 Public Primary Certification Authority",
82 certs[2]->subject().organization_unit_names[0]);
84 EXPECT_TRUE(signature_info.trusted());
87 TEST_F(BinaryFeatureExtractorWinTest, UnsignedBinary) {
88 // unsigned.exe has no signature information.
89 ClientDownloadRequest_SignatureInfo signature_info;
90 binary_feature_extractor_->CheckSignature(
91 testdata_path_.Append(L"unsigned.exe"),
92 &signature_info);
93 EXPECT_EQ(0, signature_info.certificate_chain_size());
94 EXPECT_FALSE(signature_info.has_trusted());
97 TEST_F(BinaryFeatureExtractorWinTest, NonExistentBinary) {
98 // Test a file that doesn't exist.
99 ClientDownloadRequest_SignatureInfo signature_info;
100 binary_feature_extractor_->CheckSignature(
101 testdata_path_.Append(L"doesnotexist.exe"),
102 &signature_info);
103 EXPECT_EQ(0, signature_info.certificate_chain_size());
104 EXPECT_FALSE(signature_info.has_trusted());
107 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesNoFile) {
108 // Test extracting headers from a file that doesn't exist.
109 ClientDownloadRequest_ImageHeaders image_headers;
110 ASSERT_FALSE(binary_feature_extractor_->ExtractImageFeatures(
111 testdata_path_.AppendASCII("this_file_does_not_exist"),
112 BinaryFeatureExtractor::kDefaultOptions, &image_headers,
113 nullptr /* signed_data */));
114 EXPECT_FALSE(image_headers.has_pe_headers());
117 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesNonImage) {
118 // Test extracting headers from something that is not a PE image.
119 ClientDownloadRequest_ImageHeaders image_headers;
120 ASSERT_FALSE(binary_feature_extractor_->ExtractImageFeatures(
121 testdata_path_.AppendASCII("simple_exe.cc"),
122 BinaryFeatureExtractor::kDefaultOptions, &image_headers,
123 nullptr /* signed_data */));
124 EXPECT_FALSE(image_headers.has_pe_headers());
127 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeatures) {
128 // Test extracting features from something that is a PE image.
129 ClientDownloadRequest_ImageHeaders image_headers;
130 google::protobuf::RepeatedPtrField<std::string> signed_data;
131 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
132 testdata_path_.AppendASCII("unsigned.exe"),
133 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
134 EXPECT_TRUE(image_headers.has_pe_headers());
135 const ClientDownloadRequest_PEImageHeaders& pe_headers =
136 image_headers.pe_headers();
137 EXPECT_TRUE(pe_headers.has_dos_header());
138 EXPECT_TRUE(pe_headers.has_file_header());
139 EXPECT_TRUE(pe_headers.has_optional_headers32());
140 EXPECT_FALSE(pe_headers.has_optional_headers64());
141 EXPECT_NE(0, pe_headers.section_header_size());
142 EXPECT_FALSE(pe_headers.has_export_section_data());
143 EXPECT_EQ(0, pe_headers.debug_data_size());
144 EXPECT_EQ(0, signed_data.size());
147 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithDebugData) {
148 // Test extracting headers from something that is a PE image with debug data.
149 ClientDownloadRequest_ImageHeaders image_headers;
150 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
151 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"),
152 BinaryFeatureExtractor::kDefaultOptions, &image_headers,
153 nullptr /* signed_data */));
154 EXPECT_TRUE(image_headers.has_pe_headers());
155 const ClientDownloadRequest_PEImageHeaders& pe_headers =
156 image_headers.pe_headers();
157 EXPECT_TRUE(pe_headers.has_dos_header());
158 EXPECT_TRUE(pe_headers.has_file_header());
159 EXPECT_TRUE(pe_headers.has_optional_headers32());
160 EXPECT_FALSE(pe_headers.has_optional_headers64());
161 EXPECT_NE(0, pe_headers.section_header_size());
162 EXPECT_TRUE(pe_headers.has_export_section_data());
163 EXPECT_EQ(1U, pe_headers.debug_data_size());
166 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithoutExports) {
167 // Test extracting headers from something that is a PE image with debug data.
168 ClientDownloadRequest_ImageHeaders image_headers;
169 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
170 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"),
171 BinaryFeatureExtractor::kOmitExports, &image_headers,
172 nullptr /* signed_data */));
173 EXPECT_TRUE(image_headers.has_pe_headers());
174 const ClientDownloadRequest_PEImageHeaders& pe_headers =
175 image_headers.pe_headers();
176 EXPECT_TRUE(pe_headers.has_dos_header());
177 EXPECT_TRUE(pe_headers.has_file_header());
178 EXPECT_TRUE(pe_headers.has_optional_headers32());
179 EXPECT_FALSE(pe_headers.has_optional_headers64());
180 EXPECT_NE(0, pe_headers.section_header_size());
181 EXPECT_FALSE(pe_headers.has_export_section_data());
182 EXPECT_EQ(1U, pe_headers.debug_data_size());
185 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesUntrustedSigned) {
186 // Test extracting features from a signed PE image.
187 ClientDownloadRequest_ImageHeaders image_headers;
188 google::protobuf::RepeatedPtrField<std::string> signed_data;
189 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
190 testdata_path_.AppendASCII("signed.exe"),
191 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
192 ASSERT_EQ(1, signed_data.size());
193 ASSERT_LT(0U, signed_data.Get(0).size());
196 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesTrustedSigned) {
197 // Test extracting features from a signed PE image from a trusted root.
198 ClientDownloadRequest_ImageHeaders image_headers;
199 google::protobuf::RepeatedPtrField<std::string> signed_data;
200 ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
201 testdata_path_.AppendASCII("wow_helper.exe"),
202 BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
203 ASSERT_EQ(1, signed_data.size());
204 ASSERT_LT(0U, signed_data.Get(0).size());
207 } // namespace safe_browsing