search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add ENABLE_MEDIA_ROUTER define to builds other than Android and iOS.
[chromium-blink-merge.git] / chrome / browser / policy / url_blacklist_manager_unittest.cc
blob193f6648a53c9104073eeaddd29e630388509612
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/policy/core/browser/url_blacklist_manager.h"
6
7 #include <ostream>
8
9 #include "base/basictypes.h"
10 #include "base/callback.h"
11 #include "base/message_loop/message_loop.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/prefs/pref_registry_simple.h"
14 #include "base/prefs/testing_pref_service.h"
15 #include "chrome/browser/policy/policy_helpers.h"
16 #include "components/policy/core/common/policy_pref_names.h"
17 #include "components/url_fixer/url_fixer.h"
18 #include "google_apis/gaia/gaia_urls.h"
19 #include "net/base/load_flags.h"
20 #include "net/base/net_errors.h"
21 #include "net/base/request_priority.h"
22 #include "net/url_request/url_request.h"
23 #include "net/url_request/url_request_context.h"
24 #include "net/url_request/url_request_test_util.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26 #include "url/gurl.h"
27
28 // TODO(joaodasilva): this file should be moved next to
29 // components/policy/core/browser/url_blacklist_manager.(cc|h).
30 // However, url_fixer_upper.h can't be included from the component. Rather
31 // than having it mocked out, the actual url_fixer::SegmentURL call is used
32 // to make sure that the parsing of URL filters is correct.
33
34 namespace policy {
35
36 namespace {
37
38 // Helper to get the disambiguated SegmentURL() function.
39 URLBlacklist::SegmentURLCallback GetSegmentURLCallback() {
40 return url_fixer::SegmentURL;
41 }
42
43 class TestingURLBlacklistManager : public URLBlacklistManager {
44 public:
45 explicit TestingURLBlacklistManager(PrefService* pref_service)
46 : URLBlacklistManager(pref_service,
47 base::MessageLoopProxy::current(),
48 base::MessageLoopProxy::current(),
49 GetSegmentURLCallback(),
50 base::Bind(OverrideBlacklistForURL)),
51 update_called_(0),
52 set_blacklist_called_(false) {}
53
54 ~TestingURLBlacklistManager() override {}
55
56 // Make this method public for testing.
57 using URLBlacklistManager::ScheduleUpdate;
58
59 // Makes a direct call to UpdateOnIO during tests.
60 void UpdateOnIOForTesting() {
61 scoped_ptr<base::ListValue> block(new base::ListValue);
62 block->Append(new base::StringValue("example.com"));
63 scoped_ptr<base::ListValue> allow(new base::ListValue);
64 URLBlacklistManager::UpdateOnIO(block.Pass(), allow.Pass());
65 }
66
67 // URLBlacklistManager overrides:
68 void SetBlacklist(scoped_ptr<URLBlacklist> blacklist) override {
69 set_blacklist_called_ = true;
70 URLBlacklistManager::SetBlacklist(blacklist.Pass());
71 }
72
73 void Update() override {
74 update_called_++;
75 URLBlacklistManager::Update();
76 }
77
78 int update_called() const { return update_called_; }
79 bool set_blacklist_called() const { return set_blacklist_called_; }
80
81 private:
82 int update_called_;
83 bool set_blacklist_called_;
84
85 DISALLOW_COPY_AND_ASSIGN(TestingURLBlacklistManager);
86 };
87
88 class URLBlacklistManagerTest : public testing::Test {
89 protected:
90 URLBlacklistManagerTest() {}
91
92 void SetUp() override {
93 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlBlacklist);
94 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlWhitelist);
95 blacklist_manager_.reset(new TestingURLBlacklistManager(&pref_service_));
96 loop_.RunUntilIdle();
97 }
98
99 void TearDown() override {
100 if (blacklist_manager_.get())
101 blacklist_manager_->ShutdownOnUIThread();
102 loop_.RunUntilIdle();
103 // Delete |blacklist_manager_| while |io_thread_| is mapping IO to
104 // |loop_|.
105 blacklist_manager_.reset();
106 }
107
108 base::MessageLoopForIO loop_;
109 TestingPrefServiceSimple pref_service_;
110 scoped_ptr<TestingURLBlacklistManager> blacklist_manager_;
111 };
112
113 // Parameters for the FilterToComponents test.
114 struct FilterTestParams {
115 public:
116 FilterTestParams(const std::string& filter, const std::string& scheme,
117 const std::string& host, bool match_subdomains, uint16 port,
118 const std::string& path)
119 : filter_(filter), scheme_(scheme), host_(host),
120 match_subdomains_(match_subdomains), port_(port), path_(path) {}
121
122 FilterTestParams(const FilterTestParams& params)
123 : filter_(params.filter_), scheme_(params.scheme_), host_(params.host_),
124 match_subdomains_(params.match_subdomains_), port_(params.port_),
125 path_(params.path_) {}
126
127 const FilterTestParams& operator=(const FilterTestParams& params) {
128 filter_ = params.filter_;
129 scheme_ = params.scheme_;
130 host_ = params.host_;
131 match_subdomains_ = params.match_subdomains_;
132 port_ = params.port_;
133 path_ = params.path_;
134 return *this;
135 }
136
137 const std::string& filter() const { return filter_; }
138 const std::string& scheme() const { return scheme_; }
139 const std::string& host() const { return host_; }
140 bool match_subdomains() const { return match_subdomains_; }
141 uint16 port() const { return port_; }
142 const std::string& path() const { return path_; }
143
144 private:
145 std::string filter_;
146 std::string scheme_;
147 std::string host_;
148 bool match_subdomains_;
149 uint16 port_;
150 std::string path_;
151 };
152
153 // Make Valgrind happy. Without this function, a generic one will print the
154 // raw bytes in FilterTestParams, which due to some likely padding will access
155 // uninitialized memory.
156 void PrintTo(const FilterTestParams& params, std::ostream* os) {
157 *os << params.filter();
158 }
159
160 class URLBlacklistFilterToComponentsTest
161 : public testing::TestWithParam<FilterTestParams> {
162 public:
163 URLBlacklistFilterToComponentsTest() {}
164
165 private:
166 DISALLOW_COPY_AND_ASSIGN(URLBlacklistFilterToComponentsTest);
167 };
168
169 } // namespace
170
171 TEST_P(URLBlacklistFilterToComponentsTest, FilterToComponents) {
172 std::string scheme;
173 std::string host;
174 bool match_subdomains = true;
175 uint16 port = 42;
176 std::string path;
177
178 URLBlacklist::FilterToComponents(GetSegmentURLCallback(),
179 GetParam().filter(),
180 &scheme,
181 &host,
182 &match_subdomains,
183 &port,
184 &path,
185 NULL);
186 EXPECT_EQ(GetParam().scheme(), scheme);
187 EXPECT_EQ(GetParam().host(), host);
188 EXPECT_EQ(GetParam().match_subdomains(), match_subdomains);
189 EXPECT_EQ(GetParam().port(), port);
190 EXPECT_EQ(GetParam().path(), path);
191 }
192
193 TEST_F(URLBlacklistManagerTest, SingleUpdateForTwoPrefChanges) {
194 base::ListValue* blacklist = new base::ListValue;
195 blacklist->Append(new base::StringValue("*.google.com"));
196 base::ListValue* whitelist = new base::ListValue;
197 whitelist->Append(new base::StringValue("mail.google.com"));
198 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, blacklist);
199 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, whitelist);
200 loop_.RunUntilIdle();
201
202 EXPECT_EQ(1, blacklist_manager_->update_called());
203 }
204
205 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask0) {
206 // Post an update task to the UI thread.
207 blacklist_manager_->ScheduleUpdate();
208 // Shutdown comes before the task is executed.
209 blacklist_manager_->ShutdownOnUIThread();
210 blacklist_manager_.reset();
211 // Run the task after shutdown and deletion.
212 loop_.RunUntilIdle();
213 }
214
215 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask1) {
216 // Post an update task.
217 blacklist_manager_->ScheduleUpdate();
218 // Shutdown comes before the task is executed.
219 blacklist_manager_->ShutdownOnUIThread();
220 // Run the task after shutdown, but before deletion.
221 loop_.RunUntilIdle();
222
223 EXPECT_EQ(0, blacklist_manager_->update_called());
224 blacklist_manager_.reset();
225 loop_.RunUntilIdle();
226 }
227
228 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask2) {
229 // This posts a task to the FILE thread.
230 blacklist_manager_->UpdateOnIOForTesting();
231 // But shutdown happens before it is done.
232 blacklist_manager_->ShutdownOnUIThread();
233
234 EXPECT_FALSE(blacklist_manager_->set_blacklist_called());
235 blacklist_manager_.reset();
236 loop_.RunUntilIdle();
237 }
238
239 INSTANTIATE_TEST_CASE_P(
240 URLBlacklistFilterToComponentsTestInstance,
241 URLBlacklistFilterToComponentsTest,
242 testing::Values(
243 FilterTestParams("google.com",
244 std::string(),
245 ".google.com",
246 true,
247 0u,
248 std::string()),
249 FilterTestParams(".google.com",
250 std::string(),
251 "google.com",
252 false,
253 0u,
254 std::string()),
255 FilterTestParams("http://google.com",
256 "http",
257 ".google.com",
258 true,
259 0u,
260 std::string()),
261 FilterTestParams("google.com/",
262 std::string(),
263 ".google.com",
264 true,
265 0u,
266 "/"),
267 FilterTestParams("http://google.com:8080/whatever",
268 "http",
269 ".google.com",
270 true,
271 8080u,
272 "/whatever"),
273 FilterTestParams("http://user:pass@google.com:8080/whatever",
274 "http",
275 ".google.com",
276 true,
277 8080u,
278 "/whatever"),
279 FilterTestParams("123.123.123.123",
280 std::string(),
281 "123.123.123.123",
282 false,
283 0u,
284 std::string()),
285 FilterTestParams("https://123.123.123.123",
286 "https",
287 "123.123.123.123",
288 false,
289 0u,
290 std::string()),
291 FilterTestParams("123.123.123.123/",
292 std::string(),
293 "123.123.123.123",
294 false,
295 0u,
296 "/"),
297 FilterTestParams("http://123.123.123.123:123/whatever",
298 "http",
299 "123.123.123.123",
300 false,
301 123u,
302 "/whatever"),
303 FilterTestParams("*",
304 std::string(),
305 std::string(),
306 true,
307 0u,
308 std::string()),
309 FilterTestParams("ftp://*",
310 "ftp",
311 std::string(),
312 true,
313 0u,
314 std::string()),
315 FilterTestParams("http://*/whatever",
316 "http",
317 std::string(),
318 true,
319 0u,
320 "/whatever")));
321
322 TEST_F(URLBlacklistManagerTest, Filtering) {
323 URLBlacklist blacklist(GetSegmentURLCallback());
324
325 // Block domain and all subdomains, for any filtered scheme.
326 scoped_ptr<base::ListValue> blocked(new base::ListValue);
327 blocked->Append(new base::StringValue("google.com"));
328 blacklist.Block(blocked.get());
329 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
330 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
331 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/whatever")));
332 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
333 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("bogus://google.com/")));
334 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://notgoogle.com/")));
335 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
336 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.mail.google.com")));
337 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://x.mail.google.com/")));
338 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
339 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
340
341 // Filter only http, ftp and ws schemes.
342 blocked.reset(new base::ListValue);
343 blocked->Append(new base::StringValue("http://secure.com"));
344 blocked->Append(new base::StringValue("ftp://secure.com"));
345 blocked->Append(new base::StringValue("ws://secure.com"));
346 blacklist.Block(blocked.get());
347 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
348 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
349 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
350 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://secure.com")));
351 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
352 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://secure.com")));
353 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
354 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
355 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://www.secure.com")));
356
357 // Filter only a certain path prefix.
358 blocked.reset(new base::ListValue);
359 blocked->Append(new base::StringValue("path.to/ruin"));
360 blacklist.Block(blocked.get());
361 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin")));
362 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://path.to/ruin")));
363 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruins")));
364 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin/signup")));
365 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.path.to/ruin")));
366 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://path.to/fortune")));
367
368 // Filter only a certain path prefix and scheme.
369 blocked.reset(new base::ListValue);
370 blocked->Append(new base::StringValue("https://s.aaa.com/path"));
371 blacklist.Block(blocked.get());
372 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path")));
373 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path/bbb")));
374 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.aaa.com/path")));
375 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://aaa.com/path")));
376 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://x.aaa.com/path")));
377 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
378 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
379
380 // Filter only ws and wss schemes.
381 blocked.reset(new base::ListValue);
382 blocked->Append(new base::StringValue("ws://ws.aaa.com"));
383 blocked->Append(new base::StringValue("wss://ws.aaa.com"));
384 blacklist.Block(blocked.get());
385 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://ws.aaa.com")));
386 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("wss://ws.aaa.com")));
387 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://ws.aaa.com")));
388 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://ws.aaa.com")));
389 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("ftp://ws.aaa.com")));
390
391 // Test exceptions to path prefixes, and most specific matches.
392 blocked.reset(new base::ListValue);
393 scoped_ptr<base::ListValue> allowed(new base::ListValue);
394 blocked->Append(new base::StringValue("s.xxx.com/a"));
395 allowed->Append(new base::StringValue("s.xxx.com/a/b"));
396 blocked->Append(new base::StringValue("https://s.xxx.com/a/b/c"));
397 allowed->Append(new base::StringValue("https://s.xxx.com/a/b/c/d"));
398 blacklist.Block(blocked.get());
399 blacklist.Allow(allowed.get());
400 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a")));
401 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/x")));
402 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/x")));
403 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b")));
404 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b")));
405 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/x")));
406 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c")));
407 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c")));
408 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/x")));
409 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d")));
410 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d")));
411 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d/x")));
412 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d/x")));
413 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a")));
414 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a/b")));
415
416 // Block an ip address.
417 blocked.reset(new base::ListValue);
418 blocked->Append(new base::StringValue("123.123.123.123"));
419 blacklist.Block(blocked.get());
420 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://123.123.123.123/")));
421 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://123.123.123.124/")));
422
423 // Open an exception.
424 allowed.reset(new base::ListValue);
425 allowed->Append(new base::StringValue("plus.google.com"));
426 blacklist.Allow(allowed.get());
427 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
428 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
429 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com/")));
430
431 // Open an exception only when using https for mail.
432 allowed.reset(new base::ListValue);
433 allowed->Append(new base::StringValue("https://mail.google.com"));
434 blacklist.Allow(allowed.get());
435 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
436 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com/")));
437 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
438 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://www.google.com/")));
439 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com/")));
440
441 // Match exactly "google.com", only for http. Subdomains without exceptions
442 // are still blocked.
443 allowed.reset(new base::ListValue);
444 allowed->Append(new base::StringValue("http://.google.com"));
445 blacklist.Allow(allowed.get());
446 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://google.com/")));
447 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
448 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
449
450 // A smaller path match in an exact host overrides a longer path for hosts
451 // that also match subdomains.
452 blocked.reset(new base::ListValue);
453 blocked->Append(new base::StringValue("yyy.com/aaa"));
454 blacklist.Block(blocked.get());
455 allowed.reset(new base::ListValue);
456 allowed->Append(new base::StringValue(".yyy.com/a"));
457 blacklist.Allow(allowed.get());
458 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com")));
459 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa")));
460 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa2")));
461 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.yyy.com")));
462 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa")));
463 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa2")));
464
465 // If the exact entry is both allowed and blocked, allowing takes precedence.
466 blocked.reset(new base::ListValue);
467 blocked->Append(new base::StringValue("example.com"));
468 blacklist.Block(blocked.get());
469 allowed.reset(new base::ListValue);
470 allowed->Append(new base::StringValue("example.com"));
471 blacklist.Allow(allowed.get());
472 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://example.com")));
473 }
474
475 TEST_F(URLBlacklistManagerTest, QueryParameters) {
476 URLBlacklist blacklist(GetSegmentURLCallback());
477 scoped_ptr<base::ListValue> blocked(new base::ListValue);
478 scoped_ptr<base::ListValue> allowed(new base::ListValue);
479
480 // Block domain and all subdomains, for any filtered scheme.
481 blocked->AppendString("youtube.com");
482 allowed->AppendString("youtube.com/watch?v=XYZ");
483 blacklist.Block(blocked.get());
484 blacklist.Allow(allowed.get());
485
486 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
487 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123")));
488 EXPECT_TRUE(
489 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123&v=XYZ")));
490 EXPECT_TRUE(
491 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&v=123")));
492 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ")));
493 EXPECT_FALSE(
494 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&foo=bar")));
495 EXPECT_FALSE(
496 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar&v=XYZ")));
497
498 allowed.reset(new base::ListValue);
499 allowed->AppendString("youtube.com/watch?av=XYZ&ag=123");
500 blacklist.Allow(allowed.get());
501 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
502 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123")));
503 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ")));
504 EXPECT_TRUE(
505 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123&ag=XYZ")));
506 EXPECT_TRUE(
507 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=XYZ&av=123")));
508 EXPECT_FALSE(
509 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ&ag=123")));
510 EXPECT_FALSE(
511 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=123&av=XYZ")));
512 EXPECT_TRUE(blacklist.IsURLBlocked(
513 GURL("http://youtube.com/watch?av=XYZ&ag=123&av=123")));
514 EXPECT_TRUE(blacklist.IsURLBlocked(
515 GURL("http://youtube.com/watch?av=XYZ&ag=123&ag=1234")));
516
517 allowed.reset(new base::ListValue);
518 allowed->AppendString("youtube.com/watch?foo=bar*&vid=2*");
519 blacklist.Allow(allowed.get());
520 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
521 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2")));
522 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar")));
523 EXPECT_FALSE(
524 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar")));
525 EXPECT_FALSE(
526 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar1")));
527 EXPECT_FALSE(
528 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=234&foo=bar")));
529 EXPECT_FALSE(blacklist.IsURLBlocked(
530 GURL("http://youtube.com/watch?vid=234&foo=bar23")));
531
532 blocked.reset(new base::ListValue);
533 blocked->AppendString("youtube1.com/disallow?v=44678");
534 blacklist.Block(blocked.get());
535 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
536 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=123")));
537 // Path does not match
538 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=44678")));
539 EXPECT_TRUE(
540 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=44678")));
541 EXPECT_FALSE(
542 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=4467")));
543 EXPECT_FALSE(blacklist.IsURLBlocked(
544 GURL("http://youtube1.com/disallow?v=4467&v=123")));
545 EXPECT_TRUE(blacklist.IsURLBlocked(
546 GURL("http://youtube1.com/disallow?v=4467&v=123&v=44678")));
547
548 blocked.reset(new base::ListValue);
549 blocked->AppendString("youtube1.com/disallow?g=*");
550 blacklist.Block(blocked.get());
551 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
552 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?ag=123")));
553 EXPECT_TRUE(
554 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?g=123")));
555 EXPECT_TRUE(
556 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?ag=13&g=123")));
557
558 blocked.reset(new base::ListValue);
559 blocked->AppendString("youtube2.com/disallow?a*");
560 blacklist.Block(blocked.get());
561 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube2.com")));
562 EXPECT_TRUE(blacklist.IsURLBlocked(
563 GURL("http://youtube2.com/disallow?b=123&a21=467")));
564 EXPECT_TRUE(
565 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?abba=true")));
566 EXPECT_FALSE(
567 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?baba=true")));
568
569 allowed.reset(new base::ListValue);
570 blocked.reset(new base::ListValue);
571 blocked->AppendString("youtube3.com");
572 allowed->AppendString("youtube3.com/watch?fo*");
573 blacklist.Block(blocked.get());
574 blacklist.Allow(allowed.get());
575 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube3.com")));
576 EXPECT_TRUE(
577 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?b=123&a21=467")));
578 EXPECT_FALSE(blacklist.IsURLBlocked(
579 GURL("http://youtube3.com/watch?b=123&a21=467&foo1")));
580 EXPECT_FALSE(blacklist.IsURLBlocked(
581 GURL("http://youtube3.com/watch?b=123&a21=467&foo=bar")));
582 EXPECT_FALSE(blacklist.IsURLBlocked(
583 GURL("http://youtube3.com/watch?b=123&a21=467&fo=ba")));
584 EXPECT_FALSE(
585 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?foriegn=true")));
586 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?fold")));
587
588 allowed.reset(new base::ListValue);
589 blocked.reset(new base::ListValue);
590 blocked->AppendString("youtube4.com");
591 allowed->AppendString("youtube4.com?*");
592 blacklist.Block(blocked.get());
593 blacklist.Allow(allowed.get());
594 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube4.com")));
595 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?hello")));
596 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?foo")));
597
598 allowed.reset(new base::ListValue);
599 blocked.reset(new base::ListValue);
600 blocked->AppendString("youtube5.com?foo=bar");
601 allowed->AppendString("youtube5.com?foo1=bar1&foo2=bar2&");
602 blacklist.Block(blocked.get());
603 blacklist.Allow(allowed.get());
604 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube5.com")));
605 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube5.com/?foo=bar&a=b")));
606 // More specific filter is given precedence.
607 EXPECT_FALSE(blacklist.IsURLBlocked(
608 GURL("http://youtube5.com/?a=b&foo=bar&foo1=bar1&foo2=bar2")));
609 }
610
611 TEST_F(URLBlacklistManagerTest, BlockAllWithExceptions) {
612 URLBlacklist blacklist(GetSegmentURLCallback());
613
614 scoped_ptr<base::ListValue> blocked(new base::ListValue);
615 scoped_ptr<base::ListValue> allowed(new base::ListValue);
616 blocked->Append(new base::StringValue("*"));
617 allowed->Append(new base::StringValue(".www.google.com"));
618 allowed->Append(new base::StringValue("plus.google.com"));
619 allowed->Append(new base::StringValue("https://mail.google.com"));
620 allowed->Append(new base::StringValue("https://very.safe/path"));
621 blacklist.Block(blocked.get());
622 blacklist.Allow(allowed.get());
623 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://random.com")));
624 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
625 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.www.google.com")));
626 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
627 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com")));
628 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.plus.google.com")));
629 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
630 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com")));
631 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.mail.google.com")));
632 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://very.safe/")));
633 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://very.safe/path")));
634 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://very.safe/path")));
635 }
636
637 TEST_F(URLBlacklistManagerTest, DontBlockResources) {
638 scoped_ptr<URLBlacklist> blacklist(new URLBlacklist(GetSegmentURLCallback()));
639 scoped_ptr<base::ListValue> blocked(new base::ListValue);
640 blocked->Append(new base::StringValue("google.com"));
641 blacklist->Block(blocked.get());
642 blacklist_manager_->SetBlacklist(blacklist.Pass());
643 EXPECT_TRUE(blacklist_manager_->IsURLBlocked(GURL("http://google.com")));
644
645 net::TestURLRequestContext context;
646 scoped_ptr<net::URLRequest> request(context.CreateRequest(
647 GURL("http://google.com"), net::DEFAULT_PRIORITY, NULL));
648
649 int reason = net::ERR_UNEXPECTED;
650 // Background requests aren't filtered.
651 EXPECT_FALSE(blacklist_manager_->IsRequestBlocked(*request.get(), &reason));
652
653 // Main frames are filtered.
654 request->SetLoadFlags(net::LOAD_MAIN_FRAME);
655 EXPECT_TRUE(blacklist_manager_->IsRequestBlocked(*request.get(), &reason));
656 EXPECT_EQ(net::ERR_BLOCKED_BY_ADMINISTRATOR, reason);
657 }
658
659 TEST_F(URLBlacklistManagerTest, DefaultBlacklistExceptions) {
660 URLBlacklist blacklist(GetSegmentURLCallback());
661 scoped_ptr<base::ListValue> blocked(new base::ListValue);
662
663 // Blacklist everything:
664 blocked->Append(new base::StringValue("*"));
665 blacklist.Block(blocked.get());
666
667 // Internal NTP and extension URLs are not blocked by the "*":
668 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
669 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-extension://xyz"))));
670 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-search://local-ntp"))));
671 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-native://ntp"))));
672
673 // Unless they are explicitly blacklisted:
674 blocked->Append(new base::StringValue("chrome-extension://*"));
675 scoped_ptr<base::ListValue> allowed(new base::ListValue);
676 allowed->Append(new base::StringValue("chrome-extension://abc"));
677 blacklist.Block(blocked.get());
678 blacklist.Allow(allowed.get());
679
680 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
681 EXPECT_TRUE((blacklist.IsURLBlocked(GURL("chrome-extension://xyz"))));
682 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-extension://abc"))));
683 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-search://local-ntp"))));
684 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-native://ntp"))));
685 }
686
687 } // namespace policy