search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Convert remoting_unittests to run exclusively on Swarming
[chromium-blink-merge.git] / chrome / browser / policy / url_blacklist_manager_unittest.cc
bloba21df066ef5e5c75f17321259d03b9206fb1c4b3
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/policy/core/browser/url_blacklist_manager.h"
6
7 #include <ostream>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/callback.h"
12 #include "base/message_loop/message_loop.h"
13 #include "base/prefs/pref_registry_simple.h"
14 #include "base/prefs/testing_pref_service.h"
15 #include "base/thread_task_runner_handle.h"
16 #include "chrome/browser/policy/policy_helpers.h"
17 #include "components/policy/core/common/policy_pref_names.h"
18 #include "components/url_fixer/url_fixer.h"
19 #include "google_apis/gaia/gaia_urls.h"
20 #include "net/base/load_flags.h"
21 #include "net/base/net_errors.h"
22 #include "testing/gtest/include/gtest/gtest.h"
23 #include "url/gurl.h"
24
25 // TODO(joaodasilva): this file should be moved next to
26 // components/policy/core/browser/url_blacklist_manager.(cc|h).
27 // However, url_fixer_upper.h can't be included from the component. Rather
28 // than having it mocked out, the actual url_fixer::SegmentURL call is used
29 // to make sure that the parsing of URL filters is correct.
30
31 namespace policy {
32
33 namespace {
34
35 // Helper to get the disambiguated SegmentURL() function.
36 URLBlacklist::SegmentURLCallback GetSegmentURLCallback() {
37 return url_fixer::SegmentURL;
38 }
39
40 class TestingURLBlacklistManager : public URLBlacklistManager {
41 public:
42 explicit TestingURLBlacklistManager(PrefService* pref_service)
43 : URLBlacklistManager(pref_service,
44 base::ThreadTaskRunnerHandle::Get(),
45 base::ThreadTaskRunnerHandle::Get(),
46 GetSegmentURLCallback(),
47 base::Bind(OverrideBlacklistForURL)),
48 update_called_(0),
49 set_blacklist_called_(false) {}
50
51 ~TestingURLBlacklistManager() override {}
52
53 // Make this method public for testing.
54 using URLBlacklistManager::ScheduleUpdate;
55
56 // Makes a direct call to UpdateOnIO during tests.
57 void UpdateOnIOForTesting() {
58 scoped_ptr<base::ListValue> block(new base::ListValue);
59 block->Append(new base::StringValue("example.com"));
60 scoped_ptr<base::ListValue> allow(new base::ListValue);
61 URLBlacklistManager::UpdateOnIO(block.Pass(), allow.Pass());
62 }
63
64 // URLBlacklistManager overrides:
65 void SetBlacklist(scoped_ptr<URLBlacklist> blacklist) override {
66 set_blacklist_called_ = true;
67 URLBlacklistManager::SetBlacklist(blacklist.Pass());
68 }
69
70 void Update() override {
71 update_called_++;
72 URLBlacklistManager::Update();
73 }
74
75 int update_called() const { return update_called_; }
76 bool set_blacklist_called() const { return set_blacklist_called_; }
77
78 private:
79 int update_called_;
80 bool set_blacklist_called_;
81
82 DISALLOW_COPY_AND_ASSIGN(TestingURLBlacklistManager);
83 };
84
85 class URLBlacklistManagerTest : public testing::Test {
86 protected:
87 URLBlacklistManagerTest() {}
88
89 void SetUp() override {
90 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlBlacklist);
91 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlWhitelist);
92 blacklist_manager_.reset(new TestingURLBlacklistManager(&pref_service_));
93 loop_.RunUntilIdle();
94 }
95
96 void TearDown() override {
97 if (blacklist_manager_.get())
98 blacklist_manager_->ShutdownOnUIThread();
99 loop_.RunUntilIdle();
100 // Delete |blacklist_manager_| while |io_thread_| is mapping IO to
101 // |loop_|.
102 blacklist_manager_.reset();
103 }
104
105 base::MessageLoopForIO loop_;
106 TestingPrefServiceSimple pref_service_;
107 scoped_ptr<TestingURLBlacklistManager> blacklist_manager_;
108 };
109
110 // Parameters for the FilterToComponents test.
111 struct FilterTestParams {
112 public:
113 FilterTestParams(const std::string& filter, const std::string& scheme,
114 const std::string& host, bool match_subdomains, uint16 port,
115 const std::string& path)
116 : filter_(filter), scheme_(scheme), host_(host),
117 match_subdomains_(match_subdomains), port_(port), path_(path) {}
118
119 FilterTestParams(const FilterTestParams& params)
120 : filter_(params.filter_), scheme_(params.scheme_), host_(params.host_),
121 match_subdomains_(params.match_subdomains_), port_(params.port_),
122 path_(params.path_) {}
123
124 const FilterTestParams& operator=(const FilterTestParams& params) {
125 filter_ = params.filter_;
126 scheme_ = params.scheme_;
127 host_ = params.host_;
128 match_subdomains_ = params.match_subdomains_;
129 port_ = params.port_;
130 path_ = params.path_;
131 return *this;
132 }
133
134 const std::string& filter() const { return filter_; }
135 const std::string& scheme() const { return scheme_; }
136 const std::string& host() const { return host_; }
137 bool match_subdomains() const { return match_subdomains_; }
138 uint16 port() const { return port_; }
139 const std::string& path() const { return path_; }
140
141 private:
142 std::string filter_;
143 std::string scheme_;
144 std::string host_;
145 bool match_subdomains_;
146 uint16 port_;
147 std::string path_;
148 };
149
150 // Make Valgrind happy. Without this function, a generic one will print the
151 // raw bytes in FilterTestParams, which due to some likely padding will access
152 // uninitialized memory.
153 void PrintTo(const FilterTestParams& params, std::ostream* os) {
154 *os << params.filter();
155 }
156
157 class URLBlacklistFilterToComponentsTest
158 : public testing::TestWithParam<FilterTestParams> {
159 public:
160 URLBlacklistFilterToComponentsTest() {}
161
162 private:
163 DISALLOW_COPY_AND_ASSIGN(URLBlacklistFilterToComponentsTest);
164 };
165
166 } // namespace
167
168 TEST_P(URLBlacklistFilterToComponentsTest, FilterToComponents) {
169 std::string scheme;
170 std::string host;
171 bool match_subdomains = true;
172 uint16 port = 42;
173 std::string path;
174
175 URLBlacklist::FilterToComponents(GetSegmentURLCallback(),
176 GetParam().filter(),
177 &scheme,
178 &host,
179 &match_subdomains,
180 &port,
181 &path,
182 NULL);
183 EXPECT_EQ(GetParam().scheme(), scheme);
184 EXPECT_EQ(GetParam().host(), host);
185 EXPECT_EQ(GetParam().match_subdomains(), match_subdomains);
186 EXPECT_EQ(GetParam().port(), port);
187 EXPECT_EQ(GetParam().path(), path);
188 }
189
190 TEST_F(URLBlacklistManagerTest, SingleUpdateForTwoPrefChanges) {
191 base::ListValue* blacklist = new base::ListValue;
192 blacklist->Append(new base::StringValue("*.google.com"));
193 base::ListValue* whitelist = new base::ListValue;
194 whitelist->Append(new base::StringValue("mail.google.com"));
195 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, blacklist);
196 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, whitelist);
197 loop_.RunUntilIdle();
198
199 EXPECT_EQ(1, blacklist_manager_->update_called());
200 }
201
202 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask0) {
203 // Post an update task to the UI thread.
204 blacklist_manager_->ScheduleUpdate();
205 // Shutdown comes before the task is executed.
206 blacklist_manager_->ShutdownOnUIThread();
207 blacklist_manager_.reset();
208 // Run the task after shutdown and deletion.
209 loop_.RunUntilIdle();
210 }
211
212 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask1) {
213 // Post an update task.
214 blacklist_manager_->ScheduleUpdate();
215 // Shutdown comes before the task is executed.
216 blacklist_manager_->ShutdownOnUIThread();
217 // Run the task after shutdown, but before deletion.
218 loop_.RunUntilIdle();
219
220 EXPECT_EQ(0, blacklist_manager_->update_called());
221 blacklist_manager_.reset();
222 loop_.RunUntilIdle();
223 }
224
225 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask2) {
226 // This posts a task to the FILE thread.
227 blacklist_manager_->UpdateOnIOForTesting();
228 // But shutdown happens before it is done.
229 blacklist_manager_->ShutdownOnUIThread();
230
231 EXPECT_FALSE(blacklist_manager_->set_blacklist_called());
232 blacklist_manager_.reset();
233 loop_.RunUntilIdle();
234 }
235
236 INSTANTIATE_TEST_CASE_P(
237 URLBlacklistFilterToComponentsTestInstance,
238 URLBlacklistFilterToComponentsTest,
239 testing::Values(
240 FilterTestParams("google.com",
241 std::string(),
242 ".google.com",
243 true,
244 0u,
245 std::string()),
246 FilterTestParams(".google.com",
247 std::string(),
248 "google.com",
249 false,
250 0u,
251 std::string()),
252 FilterTestParams("http://google.com",
253 "http",
254 ".google.com",
255 true,
256 0u,
257 std::string()),
258 FilterTestParams("google.com/",
259 std::string(),
260 ".google.com",
261 true,
262 0u,
263 "/"),
264 FilterTestParams("http://google.com:8080/whatever",
265 "http",
266 ".google.com",
267 true,
268 8080u,
269 "/whatever"),
270 FilterTestParams("http://user:pass@google.com:8080/whatever",
271 "http",
272 ".google.com",
273 true,
274 8080u,
275 "/whatever"),
276 FilterTestParams("123.123.123.123",
277 std::string(),
278 "123.123.123.123",
279 false,
280 0u,
281 std::string()),
282 FilterTestParams("https://123.123.123.123",
283 "https",
284 "123.123.123.123",
285 false,
286 0u,
287 std::string()),
288 FilterTestParams("123.123.123.123/",
289 std::string(),
290 "123.123.123.123",
291 false,
292 0u,
293 "/"),
294 FilterTestParams("http://123.123.123.123:123/whatever",
295 "http",
296 "123.123.123.123",
297 false,
298 123u,
299 "/whatever"),
300 FilterTestParams("*",
301 std::string(),
302 std::string(),
303 true,
304 0u,
305 std::string()),
306 FilterTestParams("ftp://*",
307 "ftp",
308 std::string(),
309 true,
310 0u,
311 std::string()),
312 FilterTestParams("http://*/whatever",
313 "http",
314 std::string(),
315 true,
316 0u,
317 "/whatever")));
318
319 TEST_F(URLBlacklistManagerTest, Filtering) {
320 URLBlacklist blacklist(GetSegmentURLCallback());
321
322 // Block domain and all subdomains, for any filtered scheme.
323 scoped_ptr<base::ListValue> blocked(new base::ListValue);
324 blocked->Append(new base::StringValue("google.com"));
325 blacklist.Block(blocked.get());
326 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
327 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
328 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/whatever")));
329 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
330 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("bogus://google.com/")));
331 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://notgoogle.com/")));
332 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
333 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.mail.google.com")));
334 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://x.mail.google.com/")));
335 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
336 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
337
338 // Filter only http, ftp and ws schemes.
339 blocked.reset(new base::ListValue);
340 blocked->Append(new base::StringValue("http://secure.com"));
341 blocked->Append(new base::StringValue("ftp://secure.com"));
342 blocked->Append(new base::StringValue("ws://secure.com"));
343 blacklist.Block(blocked.get());
344 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
345 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
346 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
347 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://secure.com")));
348 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
349 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://secure.com")));
350 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
351 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
352 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://www.secure.com")));
353
354 // Filter only a certain path prefix.
355 blocked.reset(new base::ListValue);
356 blocked->Append(new base::StringValue("path.to/ruin"));
357 blacklist.Block(blocked.get());
358 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin")));
359 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://path.to/ruin")));
360 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruins")));
361 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin/signup")));
362 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.path.to/ruin")));
363 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://path.to/fortune")));
364
365 // Filter only a certain path prefix and scheme.
366 blocked.reset(new base::ListValue);
367 blocked->Append(new base::StringValue("https://s.aaa.com/path"));
368 blacklist.Block(blocked.get());
369 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path")));
370 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path/bbb")));
371 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.aaa.com/path")));
372 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://aaa.com/path")));
373 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://x.aaa.com/path")));
374 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
375 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
376
377 // Filter only ws and wss schemes.
378 blocked.reset(new base::ListValue);
379 blocked->Append(new base::StringValue("ws://ws.aaa.com"));
380 blocked->Append(new base::StringValue("wss://ws.aaa.com"));
381 blacklist.Block(blocked.get());
382 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://ws.aaa.com")));
383 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("wss://ws.aaa.com")));
384 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://ws.aaa.com")));
385 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://ws.aaa.com")));
386 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("ftp://ws.aaa.com")));
387
388 // Test exceptions to path prefixes, and most specific matches.
389 blocked.reset(new base::ListValue);
390 scoped_ptr<base::ListValue> allowed(new base::ListValue);
391 blocked->Append(new base::StringValue("s.xxx.com/a"));
392 allowed->Append(new base::StringValue("s.xxx.com/a/b"));
393 blocked->Append(new base::StringValue("https://s.xxx.com/a/b/c"));
394 allowed->Append(new base::StringValue("https://s.xxx.com/a/b/c/d"));
395 blacklist.Block(blocked.get());
396 blacklist.Allow(allowed.get());
397 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a")));
398 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/x")));
399 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/x")));
400 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b")));
401 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b")));
402 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/x")));
403 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c")));
404 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c")));
405 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/x")));
406 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d")));
407 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d")));
408 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d/x")));
409 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d/x")));
410 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a")));
411 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a/b")));
412
413 // Block an ip address.
414 blocked.reset(new base::ListValue);
415 blocked->Append(new base::StringValue("123.123.123.123"));
416 blacklist.Block(blocked.get());
417 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://123.123.123.123/")));
418 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://123.123.123.124/")));
419
420 // Open an exception.
421 allowed.reset(new base::ListValue);
422 allowed->Append(new base::StringValue("plus.google.com"));
423 blacklist.Allow(allowed.get());
424 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
425 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
426 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com/")));
427
428 // Open an exception only when using https for mail.
429 allowed.reset(new base::ListValue);
430 allowed->Append(new base::StringValue("https://mail.google.com"));
431 blacklist.Allow(allowed.get());
432 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
433 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com/")));
434 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
435 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://www.google.com/")));
436 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com/")));
437
438 // Match exactly "google.com", only for http. Subdomains without exceptions
439 // are still blocked.
440 allowed.reset(new base::ListValue);
441 allowed->Append(new base::StringValue("http://.google.com"));
442 blacklist.Allow(allowed.get());
443 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://google.com/")));
444 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
445 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
446
447 // A smaller path match in an exact host overrides a longer path for hosts
448 // that also match subdomains.
449 blocked.reset(new base::ListValue);
450 blocked->Append(new base::StringValue("yyy.com/aaa"));
451 blacklist.Block(blocked.get());
452 allowed.reset(new base::ListValue);
453 allowed->Append(new base::StringValue(".yyy.com/a"));
454 blacklist.Allow(allowed.get());
455 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com")));
456 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa")));
457 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa2")));
458 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.yyy.com")));
459 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa")));
460 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa2")));
461
462 // If the exact entry is both allowed and blocked, allowing takes precedence.
463 blocked.reset(new base::ListValue);
464 blocked->Append(new base::StringValue("example.com"));
465 blacklist.Block(blocked.get());
466 allowed.reset(new base::ListValue);
467 allowed->Append(new base::StringValue("example.com"));
468 blacklist.Allow(allowed.get());
469 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://example.com")));
470 }
471
472 TEST_F(URLBlacklistManagerTest, QueryParameters) {
473 URLBlacklist blacklist(GetSegmentURLCallback());
474 scoped_ptr<base::ListValue> blocked(new base::ListValue);
475 scoped_ptr<base::ListValue> allowed(new base::ListValue);
476
477 // Block domain and all subdomains, for any filtered scheme.
478 blocked->AppendString("youtube.com");
479 allowed->AppendString("youtube.com/watch?v=XYZ");
480 blacklist.Block(blocked.get());
481 blacklist.Allow(allowed.get());
482
483 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
484 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123")));
485 EXPECT_TRUE(
486 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123&v=XYZ")));
487 EXPECT_TRUE(
488 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&v=123")));
489 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ")));
490 EXPECT_FALSE(
491 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&foo=bar")));
492 EXPECT_FALSE(
493 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar&v=XYZ")));
494
495 allowed.reset(new base::ListValue);
496 allowed->AppendString("youtube.com/watch?av=XYZ&ag=123");
497 blacklist.Allow(allowed.get());
498 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
499 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123")));
500 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ")));
501 EXPECT_TRUE(
502 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123&ag=XYZ")));
503 EXPECT_TRUE(
504 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=XYZ&av=123")));
505 EXPECT_FALSE(
506 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ&ag=123")));
507 EXPECT_FALSE(
508 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=123&av=XYZ")));
509 EXPECT_TRUE(blacklist.IsURLBlocked(
510 GURL("http://youtube.com/watch?av=XYZ&ag=123&av=123")));
511 EXPECT_TRUE(blacklist.IsURLBlocked(
512 GURL("http://youtube.com/watch?av=XYZ&ag=123&ag=1234")));
513
514 allowed.reset(new base::ListValue);
515 allowed->AppendString("youtube.com/watch?foo=bar*&vid=2*");
516 blacklist.Allow(allowed.get());
517 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
518 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2")));
519 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar")));
520 EXPECT_FALSE(
521 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar")));
522 EXPECT_FALSE(
523 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar1")));
524 EXPECT_FALSE(
525 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=234&foo=bar")));
526 EXPECT_FALSE(blacklist.IsURLBlocked(
527 GURL("http://youtube.com/watch?vid=234&foo=bar23")));
528
529 blocked.reset(new base::ListValue);
530 blocked->AppendString("youtube1.com/disallow?v=44678");
531 blacklist.Block(blocked.get());
532 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
533 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=123")));
534 // Path does not match
535 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=44678")));
536 EXPECT_TRUE(
537 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=44678")));
538 EXPECT_FALSE(
539 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=4467")));
540 EXPECT_FALSE(blacklist.IsURLBlocked(
541 GURL("http://youtube1.com/disallow?v=4467&v=123")));
542 EXPECT_TRUE(blacklist.IsURLBlocked(
543 GURL("http://youtube1.com/disallow?v=4467&v=123&v=44678")));
544
545 blocked.reset(new base::ListValue);
546 blocked->AppendString("youtube1.com/disallow?g=*");
547 blacklist.Block(blocked.get());
548 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
549 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?ag=123")));
550 EXPECT_TRUE(
551 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?g=123")));
552 EXPECT_TRUE(
553 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?ag=13&g=123")));
554
555 blocked.reset(new base::ListValue);
556 blocked->AppendString("youtube2.com/disallow?a*");
557 blacklist.Block(blocked.get());
558 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube2.com")));
559 EXPECT_TRUE(blacklist.IsURLBlocked(
560 GURL("http://youtube2.com/disallow?b=123&a21=467")));
561 EXPECT_TRUE(
562 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?abba=true")));
563 EXPECT_FALSE(
564 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?baba=true")));
565
566 allowed.reset(new base::ListValue);
567 blocked.reset(new base::ListValue);
568 blocked->AppendString("youtube3.com");
569 allowed->AppendString("youtube3.com/watch?fo*");
570 blacklist.Block(blocked.get());
571 blacklist.Allow(allowed.get());
572 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube3.com")));
573 EXPECT_TRUE(
574 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?b=123&a21=467")));
575 EXPECT_FALSE(blacklist.IsURLBlocked(
576 GURL("http://youtube3.com/watch?b=123&a21=467&foo1")));
577 EXPECT_FALSE(blacklist.IsURLBlocked(
578 GURL("http://youtube3.com/watch?b=123&a21=467&foo=bar")));
579 EXPECT_FALSE(blacklist.IsURLBlocked(
580 GURL("http://youtube3.com/watch?b=123&a21=467&fo=ba")));
581 EXPECT_FALSE(
582 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?foriegn=true")));
583 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?fold")));
584
585 allowed.reset(new base::ListValue);
586 blocked.reset(new base::ListValue);
587 blocked->AppendString("youtube4.com");
588 allowed->AppendString("youtube4.com?*");
589 blacklist.Block(blocked.get());
590 blacklist.Allow(allowed.get());
591 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube4.com")));
592 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?hello")));
593 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?foo")));
594
595 allowed.reset(new base::ListValue);
596 blocked.reset(new base::ListValue);
597 blocked->AppendString("youtube5.com?foo=bar");
598 allowed->AppendString("youtube5.com?foo1=bar1&foo2=bar2&");
599 blacklist.Block(blocked.get());
600 blacklist.Allow(allowed.get());
601 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube5.com")));
602 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube5.com/?foo=bar&a=b")));
603 // More specific filter is given precedence.
604 EXPECT_FALSE(blacklist.IsURLBlocked(
605 GURL("http://youtube5.com/?a=b&foo=bar&foo1=bar1&foo2=bar2")));
606 }
607
608 TEST_F(URLBlacklistManagerTest, BlockAllWithExceptions) {
609 URLBlacklist blacklist(GetSegmentURLCallback());
610
611 scoped_ptr<base::ListValue> blocked(new base::ListValue);
612 scoped_ptr<base::ListValue> allowed(new base::ListValue);
613 blocked->Append(new base::StringValue("*"));
614 allowed->Append(new base::StringValue(".www.google.com"));
615 allowed->Append(new base::StringValue("plus.google.com"));
616 allowed->Append(new base::StringValue("https://mail.google.com"));
617 allowed->Append(new base::StringValue("https://very.safe/path"));
618 blacklist.Block(blocked.get());
619 blacklist.Allow(allowed.get());
620 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://random.com")));
621 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
622 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.www.google.com")));
623 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
624 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com")));
625 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.plus.google.com")));
626 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
627 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com")));
628 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.mail.google.com")));
629 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://very.safe/")));
630 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://very.safe/path")));
631 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://very.safe/path")));
632 }
633
634 TEST_F(URLBlacklistManagerTest, DontBlockResources) {
635 scoped_ptr<URLBlacklist> blacklist(new URLBlacklist(GetSegmentURLCallback()));
636 scoped_ptr<base::ListValue> blocked(new base::ListValue);
637 blocked->Append(new base::StringValue("google.com"));
638 blacklist->Block(blocked.get());
639 blacklist_manager_->SetBlacklist(blacklist.Pass());
640 EXPECT_TRUE(blacklist_manager_->IsURLBlocked(GURL("http://google.com")));
641
642 int reason = net::ERR_UNEXPECTED;
643 EXPECT_TRUE(blacklist_manager_->ShouldBlockRequestForFrame(
644 GURL("http://google.com"), &reason));
645 EXPECT_EQ(net::ERR_BLOCKED_BY_ADMINISTRATOR, reason);
646 }
647
648 TEST_F(URLBlacklistManagerTest, DefaultBlacklistExceptions) {
649 URLBlacklist blacklist(GetSegmentURLCallback());
650 scoped_ptr<base::ListValue> blocked(new base::ListValue);
651
652 // Blacklist everything:
653 blocked->Append(new base::StringValue("*"));
654 blacklist.Block(blocked.get());
655
656 // Internal NTP and extension URLs are not blocked by the "*":
657 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
658 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-extension://xyz"))));
659 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-search://local-ntp"))));
660 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-native://ntp"))));
661
662 // Unless they are explicitly blacklisted:
663 blocked->Append(new base::StringValue("chrome-extension://*"));
664 scoped_ptr<base::ListValue> allowed(new base::ListValue);
665 allowed->Append(new base::StringValue("chrome-extension://abc"));
666 blacklist.Block(blocked.get());
667 blacklist.Allow(allowed.get());
668
669 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
670 EXPECT_TRUE((blacklist.IsURLBlocked(GURL("chrome-extension://xyz"))));
671 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-extension://abc"))));
672 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-search://local-ntp"))));
673 EXPECT_FALSE((blacklist.IsURLBlocked(GURL("chrome-native://ntp"))));
674 }
675
676 } // namespace policy