search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Enable Enterprise enrollment on desktop builds.
[chromium-blink-merge.git] / chrome / browser / policy / url_blacklist_manager_unittest.cc
blobb4a4232ba6d7e79c917a71c56876de29d610b218
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/policy/core/browser/url_blacklist_manager.h"
6
7 #include <ostream>
8
9 #include "base/basictypes.h"
10 #include "base/callback.h"
11 #include "base/message_loop/message_loop.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/prefs/pref_registry_simple.h"
14 #include "base/prefs/testing_pref_service.h"
15 #include "chrome/browser/policy/policy_helpers.h"
16 #include "chrome/common/net/url_fixer_upper.h"
17 #include "components/policy/core/common/policy_pref_names.h"
18 #include "google_apis/gaia/gaia_urls.h"
19 #include "net/base/net_errors.h"
20 #include "net/base/request_priority.h"
21 #include "net/url_request/url_request.h"
22 #include "net/url_request/url_request_test_util.h"
23 #include "testing/gtest/include/gtest/gtest.h"
24 #include "url/gurl.h"
25
26 // TODO(joaodasilva): this file should be moved next to
27 // components/policy/core/browser/url_blacklist_manager.(cc|h).
28 // However, url_fixer_upper.h can't be included from the component. Rather
29 // than having it mocked out, the actual URLFixerUpper::SegmentURL call is used
30 // to make sure that the parsing of URL filters is correct.
31
32 namespace policy {
33
34 namespace {
35
36 // Helper to get the disambiguated SegmentURL() function.
37 URLBlacklist::SegmentURLCallback GetSegmentURLCallback() {
38 return URLFixerUpper::SegmentURL;
39 }
40
41 class TestingURLBlacklistManager : public URLBlacklistManager {
42 public:
43 explicit TestingURLBlacklistManager(PrefService* pref_service)
44 : URLBlacklistManager(pref_service,
45 base::MessageLoopProxy::current(),
46 base::MessageLoopProxy::current(),
47 GetSegmentURLCallback(),
48 base::Bind(OverrideBlacklistForURL)),
49 update_called_(0),
50 set_blacklist_called_(false) {}
51
52 virtual ~TestingURLBlacklistManager() {
53 }
54
55 // Make this method public for testing.
56 using URLBlacklistManager::ScheduleUpdate;
57
58 // Makes a direct call to UpdateOnIO during tests.
59 void UpdateOnIOForTesting() {
60 scoped_ptr<base::ListValue> block(new base::ListValue);
61 block->Append(new base::StringValue("example.com"));
62 scoped_ptr<base::ListValue> allow(new base::ListValue);
63 URLBlacklistManager::UpdateOnIO(block.Pass(), allow.Pass());
64 }
65
66 // URLBlacklistManager overrides:
67 virtual void SetBlacklist(scoped_ptr<URLBlacklist> blacklist) OVERRIDE {
68 set_blacklist_called_ = true;
69 URLBlacklistManager::SetBlacklist(blacklist.Pass());
70 }
71
72 virtual void Update() OVERRIDE {
73 update_called_++;
74 URLBlacklistManager::Update();
75 }
76
77 int update_called() const { return update_called_; }
78 bool set_blacklist_called() const { return set_blacklist_called_; }
79
80 private:
81 int update_called_;
82 bool set_blacklist_called_;
83
84 DISALLOW_COPY_AND_ASSIGN(TestingURLBlacklistManager);
85 };
86
87 class URLBlacklistManagerTest : public testing::Test {
88 protected:
89 URLBlacklistManagerTest() {}
90
91 virtual void SetUp() OVERRIDE {
92 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlBlacklist);
93 pref_service_.registry()->RegisterListPref(policy_prefs::kUrlWhitelist);
94 blacklist_manager_.reset(new TestingURLBlacklistManager(&pref_service_));
95 loop_.RunUntilIdle();
96 }
97
98 virtual void TearDown() OVERRIDE {
99 if (blacklist_manager_.get())
100 blacklist_manager_->ShutdownOnUIThread();
101 loop_.RunUntilIdle();
102 // Delete |blacklist_manager_| while |io_thread_| is mapping IO to
103 // |loop_|.
104 blacklist_manager_.reset();
105 }
106
107 base::MessageLoopForIO loop_;
108 TestingPrefServiceSimple pref_service_;
109 scoped_ptr<TestingURLBlacklistManager> blacklist_manager_;
110 };
111
112 // Parameters for the FilterToComponents test.
113 struct FilterTestParams {
114 public:
115 FilterTestParams(const std::string& filter, const std::string& scheme,
116 const std::string& host, bool match_subdomains, uint16 port,
117 const std::string& path)
118 : filter_(filter), scheme_(scheme), host_(host),
119 match_subdomains_(match_subdomains), port_(port), path_(path) {}
120
121 FilterTestParams(const FilterTestParams& params)
122 : filter_(params.filter_), scheme_(params.scheme_), host_(params.host_),
123 match_subdomains_(params.match_subdomains_), port_(params.port_),
124 path_(params.path_) {}
125
126 const FilterTestParams& operator=(const FilterTestParams& params) {
127 filter_ = params.filter_;
128 scheme_ = params.scheme_;
129 host_ = params.host_;
130 match_subdomains_ = params.match_subdomains_;
131 port_ = params.port_;
132 path_ = params.path_;
133 return *this;
134 }
135
136 const std::string& filter() const { return filter_; }
137 const std::string& scheme() const { return scheme_; }
138 const std::string& host() const { return host_; }
139 bool match_subdomains() const { return match_subdomains_; }
140 uint16 port() const { return port_; }
141 const std::string& path() const { return path_; }
142
143 private:
144 std::string filter_;
145 std::string scheme_;
146 std::string host_;
147 bool match_subdomains_;
148 uint16 port_;
149 std::string path_;
150 };
151
152 // Make Valgrind happy. Without this function, a generic one will print the
153 // raw bytes in FilterTestParams, which due to some likely padding will access
154 // uninitialized memory.
155 void PrintTo(const FilterTestParams& params, std::ostream* os) {
156 *os << params.filter();
157 }
158
159 class URLBlacklistFilterToComponentsTest
160 : public testing::TestWithParam<FilterTestParams> {
161 public:
162 URLBlacklistFilterToComponentsTest() {}
163
164 private:
165 DISALLOW_COPY_AND_ASSIGN(URLBlacklistFilterToComponentsTest);
166 };
167
168 } // namespace
169
170 TEST_P(URLBlacklistFilterToComponentsTest, FilterToComponents) {
171 std::string scheme;
172 std::string host;
173 bool match_subdomains = true;
174 uint16 port = 42;
175 std::string path;
176
177 URLBlacklist::FilterToComponents(GetSegmentURLCallback(),
178 GetParam().filter(),
179 &scheme,
180 &host,
181 &match_subdomains,
182 &port,
183 &path,
184 NULL);
185 EXPECT_EQ(GetParam().scheme(), scheme);
186 EXPECT_EQ(GetParam().host(), host);
187 EXPECT_EQ(GetParam().match_subdomains(), match_subdomains);
188 EXPECT_EQ(GetParam().port(), port);
189 EXPECT_EQ(GetParam().path(), path);
190 }
191
192 TEST_F(URLBlacklistManagerTest, SingleUpdateForTwoPrefChanges) {
193 base::ListValue* blacklist = new base::ListValue;
194 blacklist->Append(new base::StringValue("*.google.com"));
195 base::ListValue* whitelist = new base::ListValue;
196 whitelist->Append(new base::StringValue("mail.google.com"));
197 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, blacklist);
198 pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, whitelist);
199 loop_.RunUntilIdle();
200
201 EXPECT_EQ(1, blacklist_manager_->update_called());
202 }
203
204 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask0) {
205 // Post an update task to the UI thread.
206 blacklist_manager_->ScheduleUpdate();
207 // Shutdown comes before the task is executed.
208 blacklist_manager_->ShutdownOnUIThread();
209 blacklist_manager_.reset();
210 // Run the task after shutdown and deletion.
211 loop_.RunUntilIdle();
212 }
213
214 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask1) {
215 // Post an update task.
216 blacklist_manager_->ScheduleUpdate();
217 // Shutdown comes before the task is executed.
218 blacklist_manager_->ShutdownOnUIThread();
219 // Run the task after shutdown, but before deletion.
220 loop_.RunUntilIdle();
221
222 EXPECT_EQ(0, blacklist_manager_->update_called());
223 blacklist_manager_.reset();
224 loop_.RunUntilIdle();
225 }
226
227 TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask2) {
228 // This posts a task to the FILE thread.
229 blacklist_manager_->UpdateOnIOForTesting();
230 // But shutdown happens before it is done.
231 blacklist_manager_->ShutdownOnUIThread();
232
233 EXPECT_FALSE(blacklist_manager_->set_blacklist_called());
234 blacklist_manager_.reset();
235 loop_.RunUntilIdle();
236 }
237
238 INSTANTIATE_TEST_CASE_P(
239 URLBlacklistFilterToComponentsTestInstance,
240 URLBlacklistFilterToComponentsTest,
241 testing::Values(
242 FilterTestParams("google.com",
243 std::string(),
244 ".google.com",
245 true,
246 0u,
247 std::string()),
248 FilterTestParams(".google.com",
249 std::string(),
250 "google.com",
251 false,
252 0u,
253 std::string()),
254 FilterTestParams("http://google.com",
255 "http",
256 ".google.com",
257 true,
258 0u,
259 std::string()),
260 FilterTestParams("google.com/",
261 std::string(),
262 ".google.com",
263 true,
264 0u,
265 "/"),
266 FilterTestParams("http://google.com:8080/whatever",
267 "http",
268 ".google.com",
269 true,
270 8080u,
271 "/whatever"),
272 FilterTestParams("http://user:pass@google.com:8080/whatever",
273 "http",
274 ".google.com",
275 true,
276 8080u,
277 "/whatever"),
278 FilterTestParams("123.123.123.123",
279 std::string(),
280 "123.123.123.123",
281 false,
282 0u,
283 std::string()),
284 FilterTestParams("https://123.123.123.123",
285 "https",
286 "123.123.123.123",
287 false,
288 0u,
289 std::string()),
290 FilterTestParams("123.123.123.123/",
291 std::string(),
292 "123.123.123.123",
293 false,
294 0u,
295 "/"),
296 FilterTestParams("http://123.123.123.123:123/whatever",
297 "http",
298 "123.123.123.123",
299 false,
300 123u,
301 "/whatever"),
302 FilterTestParams("*",
303 std::string(),
304 std::string(),
305 true,
306 0u,
307 std::string()),
308 FilterTestParams("ftp://*",
309 "ftp",
310 std::string(),
311 true,
312 0u,
313 std::string()),
314 FilterTestParams("http://*/whatever",
315 "http",
316 std::string(),
317 true,
318 0u,
319 "/whatever")));
320
321 TEST_F(URLBlacklistManagerTest, Filtering) {
322 URLBlacklist blacklist(GetSegmentURLCallback());
323
324 // Block domain and all subdomains, for any filtered scheme.
325 scoped_ptr<base::ListValue> blocked(new base::ListValue);
326 blocked->Append(new base::StringValue("google.com"));
327 blacklist.Block(blocked.get());
328 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
329 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
330 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/whatever")));
331 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
332 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("bogus://google.com/")));
333 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://notgoogle.com/")));
334 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
335 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.mail.google.com")));
336 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://x.mail.google.com/")));
337 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
338 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
339
340 // Filter only http, ftp and ws schemes.
341 blocked.reset(new base::ListValue);
342 blocked->Append(new base::StringValue("http://secure.com"));
343 blocked->Append(new base::StringValue("ftp://secure.com"));
344 blocked->Append(new base::StringValue("ws://secure.com"));
345 blacklist.Block(blocked.get());
346 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
347 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
348 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
349 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://secure.com")));
350 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
351 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://secure.com")));
352 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
353 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
354 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://www.secure.com")));
355
356 // Filter only a certain path prefix.
357 blocked.reset(new base::ListValue);
358 blocked->Append(new base::StringValue("path.to/ruin"));
359 blacklist.Block(blocked.get());
360 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin")));
361 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://path.to/ruin")));
362 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruins")));
363 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin/signup")));
364 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.path.to/ruin")));
365 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://path.to/fortune")));
366
367 // Filter only a certain path prefix and scheme.
368 blocked.reset(new base::ListValue);
369 blocked->Append(new base::StringValue("https://s.aaa.com/path"));
370 blacklist.Block(blocked.get());
371 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path")));
372 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path/bbb")));
373 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.aaa.com/path")));
374 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://aaa.com/path")));
375 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://x.aaa.com/path")));
376 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
377 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
378
379 // Filter only ws and wss schemes.
380 blocked.reset(new base::ListValue);
381 blocked->Append(new base::StringValue("ws://ws.aaa.com"));
382 blocked->Append(new base::StringValue("wss://ws.aaa.com"));
383 blacklist.Block(blocked.get());
384 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://ws.aaa.com")));
385 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("wss://ws.aaa.com")));
386 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://ws.aaa.com")));
387 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://ws.aaa.com")));
388 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("ftp://ws.aaa.com")));
389
390 // Test exceptions to path prefixes, and most specific matches.
391 blocked.reset(new base::ListValue);
392 scoped_ptr<base::ListValue> allowed(new base::ListValue);
393 blocked->Append(new base::StringValue("s.xxx.com/a"));
394 allowed->Append(new base::StringValue("s.xxx.com/a/b"));
395 blocked->Append(new base::StringValue("https://s.xxx.com/a/b/c"));
396 allowed->Append(new base::StringValue("https://s.xxx.com/a/b/c/d"));
397 blacklist.Block(blocked.get());
398 blacklist.Allow(allowed.get());
399 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a")));
400 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/x")));
401 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/x")));
402 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b")));
403 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b")));
404 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/x")));
405 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c")));
406 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c")));
407 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/x")));
408 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d")));
409 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d")));
410 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d/x")));
411 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d/x")));
412 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a")));
413 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a/b")));
414
415 // Block an ip address.
416 blocked.reset(new base::ListValue);
417 blocked->Append(new base::StringValue("123.123.123.123"));
418 blacklist.Block(blocked.get());
419 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://123.123.123.123/")));
420 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://123.123.123.124/")));
421
422 // Open an exception.
423 allowed.reset(new base::ListValue);
424 allowed->Append(new base::StringValue("plus.google.com"));
425 blacklist.Allow(allowed.get());
426 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
427 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
428 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com/")));
429
430 // Open an exception only when using https for mail.
431 allowed.reset(new base::ListValue);
432 allowed->Append(new base::StringValue("https://mail.google.com"));
433 blacklist.Allow(allowed.get());
434 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
435 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com/")));
436 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
437 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://www.google.com/")));
438 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com/")));
439
440 // Match exactly "google.com", only for http. Subdomains without exceptions
441 // are still blocked.
442 allowed.reset(new base::ListValue);
443 allowed->Append(new base::StringValue("http://.google.com"));
444 blacklist.Allow(allowed.get());
445 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://google.com/")));
446 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
447 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
448
449 // A smaller path match in an exact host overrides a longer path for hosts
450 // that also match subdomains.
451 blocked.reset(new base::ListValue);
452 blocked->Append(new base::StringValue("yyy.com/aaa"));
453 blacklist.Block(blocked.get());
454 allowed.reset(new base::ListValue);
455 allowed->Append(new base::StringValue(".yyy.com/a"));
456 blacklist.Allow(allowed.get());
457 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com")));
458 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa")));
459 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa2")));
460 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.yyy.com")));
461 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa")));
462 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa2")));
463
464 // If the exact entry is both allowed and blocked, allowing takes precedence.
465 blocked.reset(new base::ListValue);
466 blocked->Append(new base::StringValue("example.com"));
467 blacklist.Block(blocked.get());
468 allowed.reset(new base::ListValue);
469 allowed->Append(new base::StringValue("example.com"));
470 blacklist.Allow(allowed.get());
471 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://example.com")));
472 }
473
474 TEST_F(URLBlacklistManagerTest, QueryParameters) {
475 URLBlacklist blacklist(GetSegmentURLCallback());
476 scoped_ptr<base::ListValue> blocked(new base::ListValue);
477 scoped_ptr<base::ListValue> allowed(new base::ListValue);
478
479 // Block domain and all subdomains, for any filtered scheme.
480 blocked->AppendString("youtube.com");
481 allowed->AppendString("youtube.com/watch?v=XYZ");
482 blacklist.Block(blocked.get());
483 blacklist.Allow(allowed.get());
484
485 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
486 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123")));
487 EXPECT_TRUE(
488 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123&v=XYZ")));
489 EXPECT_TRUE(
490 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&v=123")));
491 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ")));
492 EXPECT_FALSE(
493 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&foo=bar")));
494 EXPECT_FALSE(
495 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar&v=XYZ")));
496
497 allowed.reset(new base::ListValue);
498 allowed->AppendString("youtube.com/watch?av=XYZ&ag=123");
499 blacklist.Allow(allowed.get());
500 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
501 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123")));
502 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ")));
503 EXPECT_TRUE(
504 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123&ag=XYZ")));
505 EXPECT_TRUE(
506 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=XYZ&av=123")));
507 EXPECT_FALSE(
508 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ&ag=123")));
509 EXPECT_FALSE(
510 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=123&av=XYZ")));
511 EXPECT_TRUE(blacklist.IsURLBlocked(
512 GURL("http://youtube.com/watch?av=XYZ&ag=123&av=123")));
513 EXPECT_TRUE(blacklist.IsURLBlocked(
514 GURL("http://youtube.com/watch?av=XYZ&ag=123&ag=1234")));
515
516 allowed.reset(new base::ListValue);
517 allowed->AppendString("youtube.com/watch?foo=bar*&vid=2*");
518 blacklist.Allow(allowed.get());
519 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
520 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2")));
521 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar")));
522 EXPECT_FALSE(
523 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar")));
524 EXPECT_FALSE(
525 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar1")));
526 EXPECT_FALSE(
527 blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=234&foo=bar")));
528 EXPECT_FALSE(blacklist.IsURLBlocked(
529 GURL("http://youtube.com/watch?vid=234&foo=bar23")));
530
531 blocked.reset(new base::ListValue);
532 blocked->AppendString("youtube1.com/disallow?v=44678");
533 blacklist.Block(blocked.get());
534 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
535 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=123")));
536 // Path does not match
537 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=44678")));
538 EXPECT_TRUE(
539 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=44678")));
540 EXPECT_FALSE(
541 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=4467")));
542 EXPECT_FALSE(blacklist.IsURLBlocked(
543 GURL("http://youtube1.com/disallow?v=4467&v=123")));
544 EXPECT_TRUE(blacklist.IsURLBlocked(
545 GURL("http://youtube1.com/disallow?v=4467&v=123&v=44678")));
546
547 blocked.reset(new base::ListValue);
548 blocked->AppendString("youtube1.com/disallow?g=*");
549 blacklist.Block(blocked.get());
550 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
551 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?ag=123")));
552 EXPECT_TRUE(
553 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?g=123")));
554 EXPECT_TRUE(
555 blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?ag=13&g=123")));
556
557 blocked.reset(new base::ListValue);
558 blocked->AppendString("youtube2.com/disallow?a*");
559 blacklist.Block(blocked.get());
560 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube2.com")));
561 EXPECT_TRUE(blacklist.IsURLBlocked(
562 GURL("http://youtube2.com/disallow?b=123&a21=467")));
563 EXPECT_TRUE(
564 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?abba=true")));
565 EXPECT_FALSE(
566 blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?baba=true")));
567
568 allowed.reset(new base::ListValue);
569 blocked.reset(new base::ListValue);
570 blocked->AppendString("youtube3.com");
571 allowed->AppendString("youtube3.com/watch?fo*");
572 blacklist.Block(blocked.get());
573 blacklist.Allow(allowed.get());
574 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube3.com")));
575 EXPECT_TRUE(
576 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?b=123&a21=467")));
577 EXPECT_FALSE(blacklist.IsURLBlocked(
578 GURL("http://youtube3.com/watch?b=123&a21=467&foo1")));
579 EXPECT_FALSE(blacklist.IsURLBlocked(
580 GURL("http://youtube3.com/watch?b=123&a21=467&foo=bar")));
581 EXPECT_FALSE(blacklist.IsURLBlocked(
582 GURL("http://youtube3.com/watch?b=123&a21=467&fo=ba")));
583 EXPECT_FALSE(
584 blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?foriegn=true")));
585 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?fold")));
586
587 allowed.reset(new base::ListValue);
588 blocked.reset(new base::ListValue);
589 blocked->AppendString("youtube4.com");
590 allowed->AppendString("youtube4.com?*");
591 blacklist.Block(blocked.get());
592 blacklist.Allow(allowed.get());
593 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube4.com")));
594 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?hello")));
595 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?foo")));
596
597 allowed.reset(new base::ListValue);
598 blocked.reset(new base::ListValue);
599 blocked->AppendString("youtube5.com?foo=bar");
600 allowed->AppendString("youtube5.com?foo1=bar1&foo2=bar2&");
601 blacklist.Block(blocked.get());
602 blacklist.Allow(allowed.get());
603 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube5.com")));
604 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube5.com/?foo=bar&a=b")));
605 // More specific filter is given precedence.
606 EXPECT_FALSE(blacklist.IsURLBlocked(
607 GURL("http://youtube5.com/?a=b&foo=bar&foo1=bar1&foo2=bar2")));
608 }
609
610 TEST_F(URLBlacklistManagerTest, BlockAllWithExceptions) {
611 URLBlacklist blacklist(GetSegmentURLCallback());
612
613 scoped_ptr<base::ListValue> blocked(new base::ListValue);
614 scoped_ptr<base::ListValue> allowed(new base::ListValue);
615 blocked->Append(new base::StringValue("*"));
616 allowed->Append(new base::StringValue(".www.google.com"));
617 allowed->Append(new base::StringValue("plus.google.com"));
618 allowed->Append(new base::StringValue("https://mail.google.com"));
619 allowed->Append(new base::StringValue("https://very.safe/path"));
620 blacklist.Block(blocked.get());
621 blacklist.Allow(allowed.get());
622 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://random.com")));
623 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
624 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.www.google.com")));
625 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
626 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com")));
627 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.plus.google.com")));
628 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
629 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com")));
630 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.mail.google.com")));
631 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://very.safe/")));
632 EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://very.safe/path")));
633 EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://very.safe/path")));
634 }
635
636 TEST_F(URLBlacklistManagerTest, DontBlockResources) {
637 scoped_ptr<URLBlacklist> blacklist(new URLBlacklist(GetSegmentURLCallback()));
638 scoped_ptr<base::ListValue> blocked(new base::ListValue);
639 blocked->Append(new base::StringValue("google.com"));
640 blacklist->Block(blocked.get());
641 blacklist_manager_->SetBlacklist(blacklist.Pass());
642 EXPECT_TRUE(blacklist_manager_->IsURLBlocked(GURL("http://google.com")));
643
644 net::TestURLRequestContext context;
645 net::URLRequest request(
646 GURL("http://google.com"), net::DEFAULT_PRIORITY, NULL, &context);
647
648 int reason = net::ERR_UNEXPECTED;
649 // Background requests aren't filtered.
650 EXPECT_FALSE(blacklist_manager_->IsRequestBlocked(request, &reason));
651
652 // Main frames are filtered.
653 request.SetLoadFlags(net::LOAD_MAIN_FRAME);
654 EXPECT_TRUE(blacklist_manager_->IsRequestBlocked(request, &reason));
655 EXPECT_EQ(net::ERR_BLOCKED_BY_ADMINISTRATOR, reason);
656
657 // On most platforms, sync gets a free pass due to signin flows.
658 bool block_signin_urls = false;
659 #if defined(OS_CHROMEOS)
660 // There are no sync specific signin flows on Chrome OS, so no special
661 // treatment.
662 block_signin_urls = true;
663 #endif
664
665 GURL sync_url(GaiaUrls::GetInstance()->service_login_url().Resolve(
666 "?service=chromiumsync"));
667 net::URLRequest sync_request(sync_url, net::DEFAULT_PRIORITY, NULL, &context);
668 sync_request.SetLoadFlags(net::LOAD_MAIN_FRAME);
669 EXPECT_EQ(block_signin_urls,
670 blacklist_manager_->IsRequestBlocked(sync_request, &reason));
671 }
672
673 } // namespace policy