chrome/common/safe_browsing/binary_feature_extractor_win_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
   6
   7 #include <string>
   8 #include <vector>
   9
  10 #include "base/base_paths.h"
  11 #include "base/files/file_path.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "base/path_service.h"
  14 #include "chrome/common/chrome_paths.h"
  15 #include "chrome/common/safe_browsing/csd.pb.h"
  16 #include "net/cert/x509_cert_types.h"
  17 #include "net/cert/x509_certificate.h"
  18 #include "testing/gtest/include/gtest/gtest.h"
  19
  20 namespace safe_browsing {
  21
  22 class BinaryFeatureExtractorWinTest : public testing::Test {
  23  protected:
  24   void SetUp() override {
  25     base::FilePath source_path;
  26     ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &source_path));
  27     testdata_path_ = source_path
  28         .AppendASCII("safe_browsing")
  29         .AppendASCII("download_protection");
  30
  31     binary_feature_extractor_ = new BinaryFeatureExtractor();
  32   }
  33
  34   // Given a certificate chain protobuf, parse it into X509Certificates.
  35   void ParseCertificateChain(
  36       const ClientDownloadRequest_CertificateChain& chain,
  37       std::vector<scoped_refptr<net::X509Certificate> >* certs) {
  38     for (int i = 0; i < chain.element_size(); ++i) {
  39       certs->push_back(
  40           net::X509Certificate::CreateFromBytes(
  41               chain.element(i).certificate().data(),
  42               chain.element(i).certificate().size()));
  43     }
  44   }
  45
  46   base::FilePath testdata_path_;
  47   scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_;
  48 };
  49
  50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) {
  51   // signed.exe is signed by an untrusted root CA.
  52   ClientDownloadRequest_SignatureInfo signature_info;
  53   binary_feature_extractor_->CheckSignature(
  54       testdata_path_.Append(L"signed.exe"),
  55       &signature_info);
  56   ASSERT_EQ(1, signature_info.certificate_chain_size());
  57   std::vector<scoped_refptr<net::X509Certificate> > certs;
  58   ParseCertificateChain(signature_info.certificate_chain(0), &certs);
  59   ASSERT_EQ(2, certs.size());
  60   EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name);
  61   EXPECT_EQ("Root Agency", certs[1]->subject().common_name);
  62
  63   EXPECT_TRUE(signature_info.has_trusted());
  64   EXPECT_FALSE(signature_info.trusted());
  65 }
  66
  67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) {
  68   // wow_helper.exe is signed using Google's signing certifiacte.
  69   ClientDownloadRequest_SignatureInfo signature_info;
  70   binary_feature_extractor_->CheckSignature(
  71       testdata_path_.Append(L"wow_helper.exe"),
  72       &signature_info);
  73   ASSERT_EQ(1, signature_info.certificate_chain_size());
  74   std::vector<scoped_refptr<net::X509Certificate> > certs;
  75   ParseCertificateChain(signature_info.certificate_chain(0), &certs);
  76   ASSERT_EQ(3, certs.size());
  77
  78   EXPECT_EQ("Google Inc", certs[0]->subject().common_name);
  79   EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA",
  80             certs[1]->subject().common_name);
  81   EXPECT_EQ("Class 3 Public Primary Certification Authority",
  82             certs[2]->subject().organization_unit_names[0]);
  83
  84   EXPECT_TRUE(signature_info.trusted());
  85 }
  86
  87 TEST_F(BinaryFeatureExtractorWinTest, UnsignedBinary) {
  88   // unsigned.exe has no signature information.
  89   ClientDownloadRequest_SignatureInfo signature_info;
  90   binary_feature_extractor_->CheckSignature(
  91       testdata_path_.Append(L"unsigned.exe"),
  92       &signature_info);
  93   EXPECT_EQ(0, signature_info.certificate_chain_size());
  94   EXPECT_FALSE(signature_info.has_trusted());
  95 }
  96
  97 TEST_F(BinaryFeatureExtractorWinTest, NonExistentBinary) {
  98   // Test a file that doesn't exist.
  99   ClientDownloadRequest_SignatureInfo signature_info;
 100   binary_feature_extractor_->CheckSignature(
 101       testdata_path_.Append(L"doesnotexist.exe"),
 102       &signature_info);
 103   EXPECT_EQ(0, signature_info.certificate_chain_size());
 104   EXPECT_FALSE(signature_info.has_trusted());
 105 }
 106
 107 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesNoFile) {
 108   // Test extracting headers from a file that doesn't exist.
 109   ClientDownloadRequest_ImageHeaders image_headers;
 110   ASSERT_FALSE(binary_feature_extractor_->ExtractImageFeatures(
 111       testdata_path_.AppendASCII("this_file_does_not_exist"),
 112       BinaryFeatureExtractor::kDefaultOptions, &image_headers,
 113       nullptr /* signed_data */));
 114   EXPECT_FALSE(image_headers.has_pe_headers());
 115 }
 116
 117 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesNonImage) {
 118   // Test extracting headers from something that is not a PE image.
 119   ClientDownloadRequest_ImageHeaders image_headers;
 120   ASSERT_FALSE(binary_feature_extractor_->ExtractImageFeatures(
 121       testdata_path_.AppendASCII("simple_exe.cc"),
 122       BinaryFeatureExtractor::kDefaultOptions, &image_headers,
 123       nullptr /* signed_data */));
 124   EXPECT_FALSE(image_headers.has_pe_headers());
 125 }
 126
 127 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeatures) {
 128   // Test extracting features from something that is a PE image.
 129   ClientDownloadRequest_ImageHeaders image_headers;
 130   google::protobuf::RepeatedPtrField<std::string> signed_data;
 131   ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
 132       testdata_path_.AppendASCII("unsigned.exe"),
 133       BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
 134   EXPECT_TRUE(image_headers.has_pe_headers());
 135   const ClientDownloadRequest_PEImageHeaders& pe_headers =
 136       image_headers.pe_headers();
 137   EXPECT_TRUE(pe_headers.has_dos_header());
 138   EXPECT_TRUE(pe_headers.has_file_header());
 139   EXPECT_TRUE(pe_headers.has_optional_headers32());
 140   EXPECT_FALSE(pe_headers.has_optional_headers64());
 141   EXPECT_NE(0, pe_headers.section_header_size());
 142   EXPECT_FALSE(pe_headers.has_export_section_data());
 143   EXPECT_EQ(0, pe_headers.debug_data_size());
 144   EXPECT_EQ(0, signed_data.size());
 145 }
 146
 147 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithDebugData) {
 148   // Test extracting headers from something that is a PE image with debug data.
 149   ClientDownloadRequest_ImageHeaders image_headers;
 150   ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
 151       testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"),
 152       BinaryFeatureExtractor::kDefaultOptions, &image_headers,
 153       nullptr /* signed_data */));
 154   EXPECT_TRUE(image_headers.has_pe_headers());
 155   const ClientDownloadRequest_PEImageHeaders& pe_headers =
 156       image_headers.pe_headers();
 157   EXPECT_TRUE(pe_headers.has_dos_header());
 158   EXPECT_TRUE(pe_headers.has_file_header());
 159   EXPECT_TRUE(pe_headers.has_optional_headers32());
 160   EXPECT_FALSE(pe_headers.has_optional_headers64());
 161   EXPECT_NE(0, pe_headers.section_header_size());
 162   EXPECT_TRUE(pe_headers.has_export_section_data());
 163   EXPECT_EQ(1U, pe_headers.debug_data_size());
 164 }
 165
 166 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesWithoutExports) {
 167   // Test extracting headers from something that is a PE image with debug data.
 168   ClientDownloadRequest_ImageHeaders image_headers;
 169   ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
 170       testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"),
 171       BinaryFeatureExtractor::kOmitExports, &image_headers,
 172       nullptr /* signed_data */));
 173   EXPECT_TRUE(image_headers.has_pe_headers());
 174   const ClientDownloadRequest_PEImageHeaders& pe_headers =
 175       image_headers.pe_headers();
 176   EXPECT_TRUE(pe_headers.has_dos_header());
 177   EXPECT_TRUE(pe_headers.has_file_header());
 178   EXPECT_TRUE(pe_headers.has_optional_headers32());
 179   EXPECT_FALSE(pe_headers.has_optional_headers64());
 180   EXPECT_NE(0, pe_headers.section_header_size());
 181   EXPECT_FALSE(pe_headers.has_export_section_data());
 182   EXPECT_EQ(1U, pe_headers.debug_data_size());
 183 }
 184
 185 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesUntrustedSigned) {
 186   // Test extracting features from a signed PE image.
 187   ClientDownloadRequest_ImageHeaders image_headers;
 188   google::protobuf::RepeatedPtrField<std::string> signed_data;
 189   ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
 190       testdata_path_.AppendASCII("signed.exe"),
 191       BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
 192   ASSERT_EQ(1, signed_data.size());
 193   ASSERT_LT(0U, signed_data.Get(0).size());
 194 }
 195
 196 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageFeaturesTrustedSigned) {
 197   // Test extracting features from a signed PE image from a trusted root.
 198   ClientDownloadRequest_ImageHeaders image_headers;
 199   google::protobuf::RepeatedPtrField<std::string> signed_data;
 200   ASSERT_TRUE(binary_feature_extractor_->ExtractImageFeatures(
 201       testdata_path_.AppendASCII("wow_helper.exe"),
 202       BinaryFeatureExtractor::kDefaultOptions, &image_headers, &signed_data));
 203   ASSERT_EQ(1, signed_data.size());
 204   ASSERT_LT(0U, signed_data.Get(0).size());
 205 }
 206
 207 }  // namespace safe_browsing