search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_blocking_page_test.cc
blobec71d0a13af7dce0e0ff95808da74facfc426cfb
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // This test creates a fake safebrowsing service, where we can inject
6 // malware and phishing urls. It then uses a real browser to go to
7 // these urls, and sends "goback" or "proceed" commands and verifies
8 // they work.
9
10 #include "base/bind.h"
11 #include "base/command_line.h"
12 #include "base/prefs/pref_service.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "base/values.h"
15 #include "chrome/browser/browser_process.h"
16 #include "chrome/browser/profiles/profile.h"
17 #include "chrome/browser/safe_browsing/database_manager.h"
18 #include "chrome/browser/safe_browsing/malware_details.h"
19 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
20 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
21 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
22 #include "chrome/browser/safe_browsing/ui_manager.h"
23 #include "chrome/browser/ui/browser.h"
24 #include "chrome/browser/ui/browser_tabstrip.h"
25 #include "chrome/browser/ui/tabs/tab_strip_model.h"
26 #include "chrome/common/pref_names.h"
27 #include "chrome/common/url_constants.h"
28 #include "chrome/test/base/in_process_browser_test.h"
29 #include "chrome/test/base/test_switches.h"
30 #include "chrome/test/base/ui_test_utils.h"
31 #include "content/public/browser/interstitial_page.h"
32 #include "content/public/browser/navigation_controller.h"
33 #include "content/public/browser/notification_types.h"
34 #include "content/public/browser/render_view_host.h"
35 #include "content/public/browser/web_contents.h"
36 #include "content/public/browser/web_contents_view.h"
37 #include "content/public/test/test_browser_thread.h"
38 #include "content/public/test/test_utils.h"
39
40 using content::BrowserThread;
41 using content::InterstitialPage;
42 using content::NavigationController;
43 using content::WebContents;
44
45 namespace {
46
47 const char kEmptyPage[] = "files/empty.html";
48 const char kMalwarePage[] = "files/safe_browsing/malware.html";
49 const char kMalwareIframe[] = "files/safe_browsing/malware_iframe.html";
50
51 class InterstitialObserver : public content::WebContentsObserver {
52 public:
53 InterstitialObserver(content::WebContents* web_contents,
54 const base::Closure& attach_callback,
55 const base::Closure& detach_callback)
56 : WebContentsObserver(web_contents),
57 attach_callback_(attach_callback),
58 detach_callback_(detach_callback) {
59 }
60
61 virtual void DidAttachInterstitialPage() OVERRIDE {
62 attach_callback_.Run();
63 }
64
65 virtual void DidDetachInterstitialPage() OVERRIDE {
66 detach_callback_.Run();
67 }
68
69 private:
70 base::Closure attach_callback_;
71 base::Closure detach_callback_;
72
73 DISALLOW_COPY_AND_ASSIGN(InterstitialObserver);
74 };
75
76 // A SafeBrowsingDatabaseManager class that allows us to inject the malicious
77 // URLs.
78 class FakeSafeBrowsingDatabaseManager : public SafeBrowsingDatabaseManager {
79 public:
80 explicit FakeSafeBrowsingDatabaseManager(SafeBrowsingService* service)
81 : SafeBrowsingDatabaseManager(service) { }
82
83 // Called on the IO thread to check if the given url is safe or not. If we
84 // can synchronously determine that the url is safe, CheckUrl returns true.
85 // Otherwise it returns false, and "client" is called asynchronously with the
86 // result when it is ready.
87 // Overrides SafeBrowsingDatabaseManager::CheckBrowseUrl.
88 virtual bool CheckBrowseUrl(const GURL& gurl, Client* client) OVERRIDE {
89 if (badurls[gurl.spec()] == SB_THREAT_TYPE_SAFE)
90 return true;
91
92 BrowserThread::PostTask(
93 BrowserThread::IO, FROM_HERE,
94 base::Bind(&FakeSafeBrowsingDatabaseManager::OnCheckBrowseURLDone,
95 this, gurl, client));
96 return false;
97 }
98
99 void OnCheckBrowseURLDone(const GURL& gurl, Client* client) {
100 std::vector<SBThreatType> expected_threats;
101 expected_threats.push_back(SB_THREAT_TYPE_URL_MALWARE);
102 expected_threats.push_back(SB_THREAT_TYPE_URL_PHISHING);
103 SafeBrowsingDatabaseManager::SafeBrowsingCheck sb_check(
104 std::vector<GURL>(1, gurl),
105 std::vector<SBFullHash>(),
106 client,
107 safe_browsing_util::MALWARE,
108 expected_threats);
109 sb_check.url_results[0] = badurls[gurl.spec()];
110 client->OnSafeBrowsingResult(sb_check);
111 }
112
113 void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
114 badurls[url.spec()] = threat_type;
115 }
116
117 private:
118 virtual ~FakeSafeBrowsingDatabaseManager() {}
119
120 base::hash_map<std::string, SBThreatType> badurls;
121 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingDatabaseManager);
122 };
123
124 // A SafeBrowingUIManager class that allows intercepting malware details.
125 class FakeSafeBrowsingUIManager : public SafeBrowsingUIManager {
126 public:
127 explicit FakeSafeBrowsingUIManager(SafeBrowsingService* service) :
128 SafeBrowsingUIManager(service) { }
129
130 // Overrides SafeBrowsingUIManager
131 virtual void SendSerializedMalwareDetails(
132 const std::string& serialized) OVERRIDE {
133 reports_.push_back(serialized);
134 // Notify the UI thread that we got a report.
135 BrowserThread::PostTask(
136 BrowserThread::UI, FROM_HERE,
137 base::Bind(&FakeSafeBrowsingUIManager::OnMalwareDetailsDone, this));
138 }
139
140 void OnMalwareDetailsDone() {
141 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::UI));
142 base::MessageLoopForUI::current()->Quit();
143 }
144
145 std::string GetReport() {
146 EXPECT_TRUE(reports_.size() == 1);
147 return reports_[0];
148 }
149
150 protected:
151 virtual ~FakeSafeBrowsingUIManager() { }
152
153 private:
154 std::vector<std::string> reports_;
155
156 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingUIManager);
157 };
158
159 class FakeSafeBrowsingService : public SafeBrowsingService {
160 public:
161 FakeSafeBrowsingService()
162 : fake_database_manager_(),
163 fake_ui_manager_() { }
164
165 // Returned pointer has the same lifespan as the database_manager_ refcounted
166 // object.
167 FakeSafeBrowsingDatabaseManager* fake_database_manager() {
168 return fake_database_manager_;
169 }
170 // Returned pointer has the same lifespan as the ui_manager_ refcounted
171 // object.
172 FakeSafeBrowsingUIManager* fake_ui_manager() {
173 return fake_ui_manager_;
174 }
175
176 protected:
177 virtual ~FakeSafeBrowsingService() { }
178
179 virtual SafeBrowsingDatabaseManager* CreateDatabaseManager() OVERRIDE {
180 fake_database_manager_ = new FakeSafeBrowsingDatabaseManager(this);
181 return fake_database_manager_;
182 }
183
184 virtual SafeBrowsingUIManager* CreateUIManager() OVERRIDE {
185 fake_ui_manager_ = new FakeSafeBrowsingUIManager(this);
186 return fake_ui_manager_;
187 }
188
189 private:
190 FakeSafeBrowsingDatabaseManager* fake_database_manager_;
191 FakeSafeBrowsingUIManager* fake_ui_manager_;
192
193 DISALLOW_COPY_AND_ASSIGN(FakeSafeBrowsingService);
194 };
195
196 // Factory that creates FakeSafeBrowsingService instances.
197 class TestSafeBrowsingServiceFactory : public SafeBrowsingServiceFactory {
198 public:
199 TestSafeBrowsingServiceFactory() :
200 most_recent_service_(NULL) { }
201 virtual ~TestSafeBrowsingServiceFactory() { }
202
203 virtual SafeBrowsingService* CreateSafeBrowsingService() OVERRIDE {
204 most_recent_service_ = new FakeSafeBrowsingService();
205 return most_recent_service_;
206 }
207
208 FakeSafeBrowsingService* most_recent_service() const {
209 return most_recent_service_;
210 }
211
212 private:
213 FakeSafeBrowsingService* most_recent_service_;
214 };
215
216 // A MalwareDetails class lets us intercept calls from the renderer.
217 class FakeMalwareDetails : public MalwareDetails {
218 public:
219 FakeMalwareDetails(
220 SafeBrowsingUIManager* delegate,
221 WebContents* web_contents,
222 const SafeBrowsingUIManager::UnsafeResource& unsafe_resource)
223 : MalwareDetails(delegate, web_contents, unsafe_resource),
224 got_dom_(false),
225 waiting_(false) { }
226
227 virtual void AddDOMDetails(
228 const std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node>& params)
229 OVERRIDE {
230 EXPECT_TRUE(BrowserThread::CurrentlyOn(BrowserThread::IO));
231 MalwareDetails::AddDOMDetails(params);
232
233 // Notify the UI thread that we got the dom details.
234 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
235 base::Bind(&FakeMalwareDetails::OnDOMDetailsDone,
236 this));
237 }
238
239 void WaitForDOM() {
240 if (got_dom_) {
241 LOG(INFO) << "Already got the dom details.";
242 return;
243 }
244 // This condition might not trigger normally, but if you add a
245 // sleep(1) in malware_dom_details it triggers :).
246 waiting_ = true;
247 LOG(INFO) << "Waiting for dom details.";
248 content::RunMessageLoop();
249 EXPECT_TRUE(got_dom_);
250 }
251
252 private:
253 virtual ~FakeMalwareDetails() {}
254
255 void OnDOMDetailsDone() {
256 got_dom_ = true;
257 if (waiting_) {
258 base::MessageLoopForUI::current()->Quit();
259 }
260 }
261
262 // Some logic to figure out if we should wait for the dom details or not.
263 // These variables should only be accessed in the UI thread.
264 bool got_dom_;
265 bool waiting_;
266 };
267
268 class TestMalwareDetailsFactory : public MalwareDetailsFactory {
269 public:
270 TestMalwareDetailsFactory() : details_() { }
271 virtual ~TestMalwareDetailsFactory() { }
272
273 virtual MalwareDetails* CreateMalwareDetails(
274 SafeBrowsingUIManager* delegate,
275 WebContents* web_contents,
276 const SafeBrowsingUIManager::UnsafeResource& unsafe_resource) OVERRIDE {
277 details_ = new FakeMalwareDetails(delegate, web_contents,
278 unsafe_resource);
279 return details_;
280 }
281
282 FakeMalwareDetails* get_details() {
283 return details_;
284 }
285
286 private:
287 FakeMalwareDetails* details_;
288 };
289
290 // A SafeBrowingBlockingPage class that lets us wait until it's hidden.
291 class TestSafeBrowsingBlockingPage : public SafeBrowsingBlockingPageV2 {
292 public:
293 TestSafeBrowsingBlockingPage(SafeBrowsingUIManager* manager,
294 WebContents* web_contents,
295 const UnsafeResourceList& unsafe_resources)
296 : SafeBrowsingBlockingPageV2(manager, web_contents, unsafe_resources),
297 wait_for_delete_(false) {
298 // Don't wait the whole 3 seconds for the browser test.
299 malware_details_proceed_delay_ms_ = 100;
300 }
301
302 virtual ~TestSafeBrowsingBlockingPage() {
303 if (!wait_for_delete_)
304 return;
305
306 // Notify that we are gone
307 base::MessageLoopForUI::current()->Quit();
308 wait_for_delete_ = false;
309 }
310
311 void WaitForDelete() {
312 wait_for_delete_ = true;
313 content::RunMessageLoop();
314 }
315
316 private:
317 bool wait_for_delete_;
318 };
319
320 class TestSafeBrowsingBlockingPageFactory
321 : public SafeBrowsingBlockingPageFactory {
322 public:
323 TestSafeBrowsingBlockingPageFactory() { }
324 virtual ~TestSafeBrowsingBlockingPageFactory() { }
325
326 virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
327 SafeBrowsingUIManager* delegate,
328 WebContents* web_contents,
329 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources)
330 OVERRIDE {
331 return new TestSafeBrowsingBlockingPage(delegate, web_contents,
332 unsafe_resources);
333 }
334 };
335
336 } // namespace
337
338 // Tests the safe browsing blocking page in a browser.
339 class SafeBrowsingBlockingPageTest : public InProcessBrowserTest {
340 public:
341 enum Visibility {
342 VISIBILITY_ERROR = -1,
343 HIDDEN = 0,
344 VISIBLE = 1,
345 };
346
347 SafeBrowsingBlockingPageTest() {
348 }
349
350 virtual void SetUp() OVERRIDE {
351 SafeBrowsingService::RegisterFactory(&factory_);
352 SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_);
353 MalwareDetails::RegisterFactory(&details_factory_);
354 InProcessBrowserTest::SetUp();
355 }
356
357 virtual void TearDown() OVERRIDE {
358 InProcessBrowserTest::TearDown();
359 SafeBrowsingBlockingPage::RegisterFactory(NULL);
360 SafeBrowsingService::RegisterFactory(NULL);
361 MalwareDetails::RegisterFactory(NULL);
362 }
363
364 virtual void SetUpInProcessBrowserTestFixture() OVERRIDE {
365 ASSERT_TRUE(test_server()->Start());
366 }
367
368 void SetURLThreatType(const GURL& url, SBThreatType threat_type) {
369 FakeSafeBrowsingService* service =
370 static_cast<FakeSafeBrowsingService*>(
371 g_browser_process->safe_browsing_service());
372
373 ASSERT_TRUE(service);
374 service->fake_database_manager()->SetURLThreatType(url, threat_type);
375 }
376
377 // Adds a safebrowsing result of type |threat_type| to the fake safebrowsing
378 // service, navigates to that page, and returns the url.
379 GURL SetupWarningAndNavigate(SBThreatType threat_type) {
380 GURL url = test_server()->GetURL(kEmptyPage);
381 SetURLThreatType(url, threat_type);
382
383 ui_test_utils::NavigateToURL(browser(), url);
384 EXPECT_TRUE(WaitForReady());
385 return url;
386 }
387
388 // Adds a safebrowsing malware result to the fake safebrowsing service,
389 // navigates to a page with an iframe containing the malware site, and
390 // returns the url of the parent page.
391 GURL SetupMalwareIframeWarningAndNavigate() {
392 GURL url = test_server()->GetURL(kMalwarePage);
393 GURL iframe_url = test_server()->GetURL(kMalwareIframe);
394 SetURLThreatType(iframe_url, SB_THREAT_TYPE_URL_MALWARE);
395
396 ui_test_utils::NavigateToURL(browser(), url);
397 EXPECT_TRUE(WaitForReady());
398 return url;
399 }
400
401 void SendCommand(const std::string& command) {
402 WebContents* contents =
403 browser()->tab_strip_model()->GetActiveWebContents();
404 // We use InterstitialPage::GetInterstitialPage(tab) instead of
405 // tab->GetInterstitialPage() because the tab doesn't have a pointer
406 // to its interstital page until it gets a command from the renderer
407 // that it has indeed displayed it -- and this sometimes happens after
408 // NavigateToURL returns.
409 SafeBrowsingBlockingPage* interstitial_page =
410 static_cast<SafeBrowsingBlockingPage*>(
411 InterstitialPage::GetInterstitialPage(contents)->
412 GetDelegateForTesting());
413 ASSERT_TRUE(interstitial_page);
414 interstitial_page->CommandReceived(command);
415 }
416
417 void DontProceedThroughInterstitial() {
418 WebContents* contents =
419 browser()->tab_strip_model()->GetActiveWebContents();
420 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
421 contents);
422 ASSERT_TRUE(interstitial_page);
423 interstitial_page->DontProceed();
424 }
425
426 void ProceedThroughInterstitial() {
427 WebContents* contents =
428 browser()->tab_strip_model()->GetActiveWebContents();
429 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
430 contents);
431 ASSERT_TRUE(interstitial_page);
432 interstitial_page->Proceed();
433 }
434
435 void AssertNoInterstitial(bool wait_for_delete) {
436 WebContents* contents =
437 browser()->tab_strip_model()->GetActiveWebContents();
438
439 if (contents->ShowingInterstitialPage() && wait_for_delete) {
440 // We'll get notified when the interstitial is deleted.
441 TestSafeBrowsingBlockingPage* page =
442 static_cast<TestSafeBrowsingBlockingPage*>(
443 contents->GetInterstitialPage()->GetDelegateForTesting());
444 page->WaitForDelete();
445 }
446
447 // Can't use InterstitialPage::GetInterstitialPage() because that
448 // gets updated after the TestSafeBrowsingBlockingPage destructor
449 ASSERT_FALSE(contents->ShowingInterstitialPage());
450 }
451
452 bool YesInterstitial() {
453 WebContents* contents =
454 browser()->tab_strip_model()->GetActiveWebContents();
455 InterstitialPage* interstitial_page = InterstitialPage::GetInterstitialPage(
456 contents);
457 return interstitial_page != NULL;
458 }
459
460 void WaitForInterstitial() {
461 WebContents* contents =
462 browser()->tab_strip_model()->GetActiveWebContents();
463 scoped_refptr<content::MessageLoopRunner> loop_runner(
464 new content::MessageLoopRunner);
465 InterstitialObserver observer(contents,
466 loop_runner->QuitClosure(),
467 base::Closure());
468 if (!InterstitialPage::GetInterstitialPage(contents))
469 loop_runner->Run();
470 }
471
472 void AssertReportSent() {
473 // When a report is scheduled in the IO thread we should get notified.
474 content::RunMessageLoop();
475
476 std::string serialized = factory_.most_recent_service()->
477 fake_ui_manager()->GetReport();
478
479 safe_browsing::ClientMalwareReportRequest report;
480 ASSERT_TRUE(report.ParseFromString(serialized));
481
482 // Verify the report is complete.
483 EXPECT_TRUE(report.complete());
484 }
485
486 void MalwareRedirectCancelAndProceed(const std::string& open_function) {
487 GURL load_url = test_server()->GetURL(
488 "files/safe_browsing/interstitial_cancel.html");
489 GURL malware_url("http://localhost/files/safe_browsing/malware.html");
490 SetURLThreatType(malware_url, SB_THREAT_TYPE_URL_MALWARE);
491
492 // Load the test page.
493 ui_test_utils::NavigateToURL(browser(), load_url);
494 // Trigger the safe browsing interstitial page via a redirect in
495 // "openWin()".
496 ui_test_utils::NavigateToURLWithDisposition(
497 browser(),
498 GURL("javascript:" + open_function + "()"),
499 CURRENT_TAB,
500 ui_test_utils::BROWSER_TEST_WAIT_FOR_TAB);
501 WaitForInterstitial();
502 // Cancel the redirect request while interstitial page is open.
503 browser()->tab_strip_model()->ActivateTabAt(0, true);
504 ui_test_utils::NavigateToURLWithDisposition(
505 browser(),
506 GURL("javascript:stopWin()"),
507 CURRENT_TAB,
508 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
509 browser()->tab_strip_model()->ActivateTabAt(1, true);
510 // Simulate the user clicking "proceed", there should be no crash. Since
511 // clicking proceed may do nothing (see comment in MalwareRedirectCanceled
512 // below, and crbug.com/76460), we use SendCommand to trigger the callback
513 // directly rather than using ClickAndWaitForDetach since there might not
514 // be a notification to wait for.
515 SendCommand("\"proceed\"");
516 }
517
518 content::RenderViewHost* GetRenderViewHost() {
519 InterstitialPage* interstitial = InterstitialPage::GetInterstitialPage(
520 browser()->tab_strip_model()->GetActiveWebContents());
521 if (!interstitial)
522 return NULL;
523 return interstitial->GetRenderViewHostForTesting();
524 }
525
526 bool WaitForReady() {
527 content::RenderViewHost* rvh = GetRenderViewHost();
528 if (!rvh)
529 return false;
530 // Wait until all <script> tags have executed, including jstemplate.
531 // TODO(joaodasilva): it would be nice to avoid the busy loop, though in
532 // practice it spins at most once or twice.
533 std::string ready_state;
534 do {
535 scoped_ptr<base::Value> value = content::ExecuteScriptAndGetValue(
536 rvh, "document.readyState");
537 if (!value.get() || !value->GetAsString(&ready_state))
538 return false;
539 } while (ready_state != "complete");
540 return true;
541 }
542
543 Visibility GetVisibility(const std::string& node_id) {
544 content::RenderViewHost* rvh = GetRenderViewHost();
545 if (!rvh)
546 return VISIBILITY_ERROR;
547 scoped_ptr<base::Value> value = content::ExecuteScriptAndGetValue(
548 rvh,
549 "var node = document.getElementById('" + node_id + "');\n"
550 "if (node)\n"
551 " node.offsetWidth > 0 && node.offsetHeight > 0;"
552 "else\n"
553 " 'node not found';\n");
554 if (!value.get())
555 return VISIBILITY_ERROR;
556 bool result = false;
557 if (!value->GetAsBoolean(&result))
558 return VISIBILITY_ERROR;
559 return result ? VISIBLE : HIDDEN;
560 }
561
562 bool Click(const std::string& node_id) {
563 content::RenderViewHost* rvh = GetRenderViewHost();
564 if (!rvh)
565 return false;
566 // We don't use ExecuteScriptAndGetValue for this one, since clicking
567 // the button/link may navigate away before the injected javascript can
568 // reply, hanging the test.
569 rvh->ExecuteJavascriptInWebFrame(
570 base::string16(),
571 base::ASCIIToUTF16(
572 "document.getElementById('" + node_id + "').click();\n"));
573 return true;
574 }
575
576 bool ClickAndWaitForDetach(const std::string& node_id) {
577 // We wait for interstitial_detached rather than nav_entry_committed, as
578 // going back from a main-frame malware interstitial page will not cause a
579 // nav entry committed event.
580 scoped_refptr<content::MessageLoopRunner> loop_runner(
581 new content::MessageLoopRunner);
582 InterstitialObserver observer(
583 browser()->tab_strip_model()->GetActiveWebContents(),
584 base::Closure(),
585 loop_runner->QuitClosure());
586 if (!Click(node_id))
587 return false;
588 loop_runner->Run();
589 return true;
590 }
591
592 protected:
593 TestMalwareDetailsFactory details_factory_;
594
595 private:
596 TestSafeBrowsingServiceFactory factory_;
597 TestSafeBrowsingBlockingPageFactory blocking_page_factory_;
598
599 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageTest);
600 };
601
602 // TODO(linux_aura) http://crbug.com/163931
603 // TODO(win_aura) http://crbug.com/154081
604 #if defined(USE_AURA) && !defined(OS_CHROMEOS)
605 #define MAYBE_MalwareRedirectInIFrameCanceled DISABLED_MalwareRedirectInIFrameCanceled
606 #else
607 #define MAYBE_MalwareRedirectInIFrameCanceled MalwareRedirectInIFrameCanceled
608 #endif
609 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest,
610 MAYBE_MalwareRedirectInIFrameCanceled) {
611 // 1. Test the case that redirect is a subresource.
612 MalwareRedirectCancelAndProceed("openWinIFrame");
613 // If the redirect was from subresource but canceled, "proceed" will continue
614 // with the rest of resources.
615 AssertNoInterstitial(true);
616 }
617
618 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest,
619 MalwareRedirectCanceled) {
620 // 2. Test the case that redirect is the only resource.
621 MalwareRedirectCancelAndProceed("openWin");
622 // Clicking proceed won't do anything if the main request is cancelled
623 // already. See crbug.com/76460.
624 EXPECT_TRUE(YesInterstitial());
625 }
626
627 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, MalwareDontProceed) {
628 #if defined(OS_WIN) && defined(USE_ASH)
629 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
630 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests))
631 return;
632 #endif
633
634 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_MALWARE);
635
636 EXPECT_EQ(VISIBLE, GetVisibility("malware-icon"));
637 EXPECT_EQ(HIDDEN, GetVisibility("subresource-icon"));
638 EXPECT_EQ(HIDDEN, GetVisibility("phishing-icon"));
639 EXPECT_EQ(VISIBLE, GetVisibility("check-report"));
640 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
641 EXPECT_EQ(HIDDEN, GetVisibility("report-error-link"));
642 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
643 EXPECT_TRUE(Click("see-more-link"));
644 EXPECT_EQ(VISIBLE, GetVisibility("show-diagnostic-link"));
645 EXPECT_EQ(HIDDEN, GetVisibility("report-error-link"));
646 EXPECT_EQ(VISIBLE, GetVisibility("proceed"));
647
648 EXPECT_TRUE(ClickAndWaitForDetach("back"));
649 AssertNoInterstitial(false); // Assert the interstitial is gone
650 EXPECT_EQ(
651 GURL(content::kAboutBlankURL), // Back to "about:blank"
652 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
653 }
654
655 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, MalwareProceed) {
656 GURL url = SetupWarningAndNavigate(SB_THREAT_TYPE_URL_MALWARE);
657
658 EXPECT_TRUE(ClickAndWaitForDetach("proceed"));
659 AssertNoInterstitial(true); // Assert the interstitial is gone.
660 EXPECT_EQ(url,
661 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
662 }
663
664 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest,
665 MalwareLearnMore) {
666 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_MALWARE);
667
668 EXPECT_TRUE(ClickAndWaitForDetach("learn-more-link"));
669 AssertNoInterstitial(false); // Assert the interstitial is gone
670
671 // We are in the help page.
672 EXPECT_EQ(
673 "/goodtoknow/online-safety/malware/",
674 browser()->tab_strip_model()->GetActiveWebContents()->GetURL().path());
675 }
676
677 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest,
678 MalwareIframeDontProceed) {
679 #if defined(OS_WIN) && defined(USE_ASH)
680 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
681 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests))
682 return;
683 #endif
684
685 SetupMalwareIframeWarningAndNavigate();
686
687 EXPECT_EQ(HIDDEN, GetVisibility("malware-icon"));
688 EXPECT_EQ(VISIBLE, GetVisibility("subresource-icon"));
689 EXPECT_EQ(HIDDEN, GetVisibility("phishing-icon"));
690 EXPECT_EQ(VISIBLE, GetVisibility("check-report"));
691 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
692 EXPECT_EQ(HIDDEN, GetVisibility("report-error-link"));
693 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
694 EXPECT_TRUE(Click("see-more-link"));
695 EXPECT_EQ(VISIBLE, GetVisibility("show-diagnostic-link"));
696 EXPECT_EQ(HIDDEN, GetVisibility("report-error-link"));
697 EXPECT_EQ(VISIBLE, GetVisibility("proceed"));
698
699 EXPECT_TRUE(ClickAndWaitForDetach("back"));
700 AssertNoInterstitial(false); // Assert the interstitial is gone
701
702 EXPECT_EQ(
703 GURL(content::kAboutBlankURL), // Back to "about:blank"
704 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
705 }
706
707 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, MalwareIframeProceed) {
708 GURL url = SetupMalwareIframeWarningAndNavigate();
709
710 EXPECT_TRUE(ClickAndWaitForDetach("proceed"));
711 AssertNoInterstitial(true); // Assert the interstitial is gone
712
713 EXPECT_EQ(url,
714 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
715 }
716
717 // http://crbug.com/273302
718 #if defined(OS_WIN)
719 #define MAYBE_MalwareIframeReportDetails DISABLED_MalwareIframeReportDetails
720 #else
721 #define MAYBE_MalwareIframeReportDetails MalwareIframeReportDetails
722 #endif
723 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest,
724 MAYBE_MalwareIframeReportDetails) {
725 GURL url = SetupMalwareIframeWarningAndNavigate();
726
727 // If the DOM details from renderer did not already return, wait for them.
728 details_factory_.get_details()->WaitForDOM();
729
730 EXPECT_TRUE(Click("check-report"));
731
732 EXPECT_TRUE(ClickAndWaitForDetach("proceed"));
733 AssertNoInterstitial(true); // Assert the interstitial is gone
734
735 EXPECT_TRUE(browser()->profile()->GetPrefs()->GetBoolean(
736 prefs::kSafeBrowsingReportingEnabled));
737
738 EXPECT_EQ(url,
739 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
740 AssertReportSent();
741 }
742
743 // Verifies that the "proceed anyway" link isn't available when it is disabled
744 // by the corresponding policy. Also verifies that sending the "proceed"
745 // command anyway doesn't advance to the malware site.
746 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, ProceedDisabled) {
747 #if defined(OS_WIN) && defined(USE_ASH)
748 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
749 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests))
750 return;
751 #endif
752
753 // Simulate a policy disabling the "proceed anyway" link.
754 browser()->profile()->GetPrefs()->SetBoolean(
755 prefs::kSafeBrowsingProceedAnywayDisabled, true);
756
757 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_MALWARE);
758
759 EXPECT_EQ(VISIBLE, GetVisibility("check-report"));
760 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
761 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
762 EXPECT_EQ(HIDDEN, GetVisibility("proceed-span"));
763 EXPECT_TRUE(Click("see-more-link"));
764 EXPECT_EQ(VISIBLE, GetVisibility("show-diagnostic-link"));
765 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
766 EXPECT_EQ(HIDDEN, GetVisibility("proceed-span"));
767
768 // The "proceed" command should go back instead, if proceeding is disabled.
769 EXPECT_TRUE(ClickAndWaitForDetach("proceed"));
770 AssertNoInterstitial(true);
771 EXPECT_EQ(
772 GURL(content::kAboutBlankURL), // Back to "about:blank"
773 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
774 }
775
776 // Verifies that the reporting checkbox is hidden on non-HTTP pages.
777 // TODO(mattm): Should also verify that no report is sent, but there isn't a
778 // good way to do that in the current design.
779 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, ReportingDisabled) {
780 #if defined(OS_WIN) && defined(USE_ASH)
781 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
782 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests))
783 return;
784 #endif
785
786 browser()->profile()->GetPrefs()->SetBoolean(
787 prefs::kSafeBrowsingReportingEnabled, true);
788
789 net::SpawnedTestServer https_server(
790 net::SpawnedTestServer::TYPE_HTTPS, net::SpawnedTestServer::kLocalhost,
791 base::FilePath(FILE_PATH_LITERAL("chrome/test/data")));
792 ASSERT_TRUE(https_server.Start());
793 GURL url = https_server.GetURL(kEmptyPage);
794 SetURLThreatType(url, SB_THREAT_TYPE_URL_MALWARE);
795 ui_test_utils::NavigateToURL(browser(), url);
796 ASSERT_TRUE(WaitForReady());
797
798 EXPECT_EQ(HIDDEN, GetVisibility("check-report"));
799 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
800 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
801 EXPECT_TRUE(Click("see-more-link"));
802 EXPECT_EQ(VISIBLE, GetVisibility("show-diagnostic-link"));
803 EXPECT_EQ(VISIBLE, GetVisibility("proceed"));
804
805 EXPECT_TRUE(ClickAndWaitForDetach("back"));
806 AssertNoInterstitial(false); // Assert the interstitial is gone
807 EXPECT_EQ(
808 GURL(content::kAboutBlankURL), // Back to "about:blank"
809 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
810 }
811
812 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, PhishingDontProceed) {
813 #if defined(OS_WIN) && defined(USE_ASH)
814 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
815 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests))
816 return;
817 #endif
818
819 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_PHISHING);
820
821 EXPECT_EQ(HIDDEN, GetVisibility("malware-icon"));
822 EXPECT_EQ(HIDDEN, GetVisibility("subresource-icon"));
823 EXPECT_EQ(VISIBLE, GetVisibility("phishing-icon"));
824 EXPECT_EQ(HIDDEN, GetVisibility("check-report"));
825 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
826 EXPECT_EQ(HIDDEN, GetVisibility("report-error-link"));
827 EXPECT_EQ(HIDDEN, GetVisibility("proceed"));
828 EXPECT_TRUE(Click("see-more-link"));
829 EXPECT_EQ(HIDDEN, GetVisibility("show-diagnostic-link"));
830 EXPECT_EQ(VISIBLE, GetVisibility("report-error-link"));
831 EXPECT_EQ(VISIBLE, GetVisibility("proceed"));
832
833 EXPECT_TRUE(ClickAndWaitForDetach("back"));
834 AssertNoInterstitial(false); // Assert the interstitial is gone
835 EXPECT_EQ(
836 GURL(content::kAboutBlankURL), // We are back to "about:blank".
837 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
838 }
839
840 // http://crbug.com/247763
841 #if defined(OS_WIN)
842 #define MAYBE_PhishingProceed DISABLED_PhishingProceed
843 #else
844 #define MAYBE_PhishingProceed PhishingProceed
845 #endif
846
847 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, MAYBE_PhishingProceed) {
848 GURL url = SetupWarningAndNavigate(SB_THREAT_TYPE_URL_PHISHING);
849
850 EXPECT_TRUE(ClickAndWaitForDetach("proceed"));
851 AssertNoInterstitial(true); // Assert the interstitial is gone
852 EXPECT_EQ(url,
853 browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
854 }
855
856 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, PhishingReportError) {
857 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_PHISHING);
858
859 EXPECT_TRUE(ClickAndWaitForDetach("report-error-link"));
860 AssertNoInterstitial(false); // Assert the interstitial is gone
861
862 // We are in the error reporting page.
863 EXPECT_EQ(
864 "/safebrowsing/report_error/",
865 browser()->tab_strip_model()->GetActiveWebContents()->GetURL().path());
866 }
867
868 // See crbug.com/248447
869 #if defined(OS_WIN)
870 #define MAYBE_PhishingLearnMore DISABLED_PhishingLearnMore
871 #else
872 #define MAYBE_PhishingLearnMore PhishingLearnMore
873 #endif
874
875 IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageTest, MAYBE_PhishingLearnMore) {
876 SetupWarningAndNavigate(SB_THREAT_TYPE_URL_PHISHING);
877
878 EXPECT_TRUE(ClickAndWaitForDetach("learn-more-link"));
879 AssertNoInterstitial(false); // Assert the interstitial is gone
880
881 // We are in the help page.
882 EXPECT_EQ(
883 "/goodtoknow/online-safety/phishing/",
884 browser()->tab_strip_model()->GetActiveWebContents()->GetURL().path());
885 }