search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Safe browsing] Clean up code to scan hash results for threats.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_util_unittest.cc
blob8de290dcefe5fbf37a8c83b9ba364d013f58d987
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <algorithm>
6
7 #include "base/strings/stringprintf.h"
8 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
9 #include "testing/gtest/include/gtest/gtest.h"
10 #include "url/gurl.h"
11
12 namespace {
13
14 bool VectorContains(const std::vector<std::string>& data,
15 const std::string& str) {
16 return std::find(data.begin(), data.end(), str) != data.end();
17 }
18
19 // Tests that we generate the required host/path combinations for testing
20 // according to the Safe Browsing spec.
21 // See section 6.2 in
22 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
23 TEST(SafeBrowsingUtilTest, UrlParsing) {
24 std::vector<std::string> hosts, paths;
25
26 GURL url("http://a.b.c/1/2.html?param=1");
27 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
28 safe_browsing_util::GeneratePathsToCheck(url, &paths);
29 EXPECT_EQ(hosts.size(), static_cast<size_t>(2));
30 EXPECT_EQ(paths.size(), static_cast<size_t>(4));
31 EXPECT_EQ(hosts[0], "b.c");
32 EXPECT_EQ(hosts[1], "a.b.c");
33
34 EXPECT_TRUE(VectorContains(paths, "/1/2.html?param=1"));
35 EXPECT_TRUE(VectorContains(paths, "/1/2.html"));
36 EXPECT_TRUE(VectorContains(paths, "/1/"));
37 EXPECT_TRUE(VectorContains(paths, "/"));
38
39 url = GURL("http://a.b.c.d.e.f.g/1.html");
40 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
41 safe_browsing_util::GeneratePathsToCheck(url, &paths);
42 EXPECT_EQ(hosts.size(), static_cast<size_t>(5));
43 EXPECT_EQ(paths.size(), static_cast<size_t>(2));
44 EXPECT_EQ(hosts[0], "f.g");
45 EXPECT_EQ(hosts[1], "e.f.g");
46 EXPECT_EQ(hosts[2], "d.e.f.g");
47 EXPECT_EQ(hosts[3], "c.d.e.f.g");
48 EXPECT_EQ(hosts[4], "a.b.c.d.e.f.g");
49 EXPECT_TRUE(VectorContains(paths, "/1.html"));
50 EXPECT_TRUE(VectorContains(paths, "/"));
51
52 url = GURL("http://a.b/saw-cgi/eBayISAPI.dll/");
53 safe_browsing_util::GeneratePathsToCheck(url, &paths);
54 EXPECT_EQ(paths.size(), static_cast<size_t>(3));
55 EXPECT_TRUE(VectorContains(paths, "/saw-cgi/eBayISAPI.dll/"));
56 EXPECT_TRUE(VectorContains(paths, "/saw-cgi/"));
57 EXPECT_TRUE(VectorContains(paths, "/"));
58 }
59
60 // Tests the url canonicalization according to the Safe Browsing spec.
61 // See section 6.1 in
62 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
63 TEST(SafeBrowsingUtilTest, CanonicalizeUrl) {
64 struct {
65 const char* input_url;
66 const char* expected_canonicalized_hostname;
67 const char* expected_canonicalized_path;
68 const char* expected_canonicalized_query;
69 } tests[] = {
70 {
71 "http://host/%25%32%35",
72 "host",
73 "/%25",
74 ""
75 }, {
76 "http://host/%25%32%35%25%32%35",
77 "host",
78 "/%25%25",
79 ""
80 }, {
81 "http://host/%2525252525252525",
82 "host",
83 "/%25",
84 ""
85 }, {
86 "http://host/asdf%25%32%35asd",
87 "host",
88 "/asdf%25asd",
89 ""
90 }, {
91 "http://host/%%%25%32%35asd%%",
92 "host",
93 "/%25%25%25asd%25%25",
94 ""
95 }, {
96 "http://host/%%%25%32%35asd%%",
97 "host",
98 "/%25%25%25asd%25%25",
99 ""
100 }, {
101 "http://www.google.com/",
102 "www.google.com",
103 "/",
104 ""
105 }, {
106 "http://%31%36%38%2e%31%38%38%2e%39%39%2e%32%36/%2E%73%65%63%75%72%65/%77"
107 "%77%77%2E%65%62%61%79%2E%63%6F%6D/",
108 "168.188.99.26",
109 "/.secure/www.ebay.com/",
110 ""
111 }, {
112 "http://195.127.0.11/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserd"
113 "ataxplimnbqmn-xplmvalidateinfoswqpcmlx=hgplmcx/",
114 "195.127.0.11",
115 "/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserdataxplimnbqmn-xplmv"
116 "alidateinfoswqpcmlx=hgplmcx/",
117 ""
118 }, {
119 "http://host.com/%257Ea%2521b%2540c%2523d%2524e%25f%255E00%252611%252A"
120 "22%252833%252944_55%252B",
121 "host.com",
122 "/~a!b@c%23d$e%25f^00&11*22(33)44_55+",
123 ""
124 }, {
125 "http://3279880203/blah",
126 "195.127.0.11",
127 "/blah",
128 ""
129 }, {
130 "http://www.google.com/blah/..",
131 "www.google.com",
132 "/",
133 ""
134 }, {
135 "http://www.google.com/blah#fraq",
136 "www.google.com",
137 "/blah",
138 ""
139 }, {
140 "http://www.GOOgle.com/",
141 "www.google.com",
142 "/",
143 ""
144 }, {
145 "http://www.google.com.../",
146 "www.google.com",
147 "/",
148 ""
149 }, {
150 "http://www.google.com/q?",
151 "www.google.com",
152 "/q",
153 ""
154 }, {
155 "http://www.google.com/q?r?",
156 "www.google.com",
157 "/q",
158 "r?"
159 }, {
160 "http://www.google.com/q?r?s",
161 "www.google.com",
162 "/q",
163 "r?s"
164 }, {
165 "http://evil.com/foo#bar#baz",
166 "evil.com",
167 "/foo",
168 ""
169 }, {
170 "http://evil.com/foo;",
171 "evil.com",
172 "/foo;",
173 ""
174 }, {
175 "http://evil.com/foo?bar;",
176 "evil.com",
177 "/foo",
178 "bar;"
179 }, {
180 "http://notrailingslash.com",
181 "notrailingslash.com",
182 "/",
183 ""
184 }, {
185 "http://www.gotaport.com:1234/",
186 "www.gotaport.com",
187 "/",
188 ""
189 }, {
190 " http://www.google.com/ ",
191 "www.google.com",
192 "/",
193 ""
194 }, {
195 "http:// leadingspace.com/",
196 "%20leadingspace.com",
197 "/",
198 ""
199 }, {
200 "http://%20leadingspace.com/",
201 "%20leadingspace.com",
202 "/",
203 ""
204 }, {
205 "https://www.securesite.com/",
206 "www.securesite.com",
207 "/",
208 ""
209 }, {
210 "http://host.com/ab%23cd",
211 "host.com",
212 "/ab%23cd",
213 ""
214 }, {
215 "http://host%3e.com//twoslashes?more//slashes",
216 "host>.com",
217 "/twoslashes",
218 "more//slashes"
219 }, {
220 "http://host.com/abc?val=xyz#anything",
221 "host.com",
222 "/abc",
223 "val=xyz"
224 }, {
225 "http://abc:def@host.com/xyz",
226 "host.com",
227 "/xyz",
228 ""
229 }, {
230 "http://host%3e.com/abc/%2e%2e%2fdef",
231 "host>.com",
232 "/def",
233 ""
234 }, {
235 "http://.......host...com.....//abc/////def%2F%2F%2Fxyz",
236 "host.com",
237 "/abc/def/xyz",
238 ""
239 }, {
240 "ftp://host.com/foo?bar",
241 "host.com",
242 "/foo",
243 "bar"
244 }, {
245 "data:text/html;charset=utf-8,%0D%0A",
246 "",
247 "",
248 ""
249 }, {
250 "javascript:alert()",
251 "",
252 "",
253 ""
254 }, {
255 "mailto:abc@example.com",
256 "",
257 "",
258 ""
259 },
260 };
261 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
262 SCOPED_TRACE(base::StringPrintf("Test: %s", tests[i].input_url));
263 GURL url(tests[i].input_url);
264
265 std::string canonicalized_hostname;
266 std::string canonicalized_path;
267 std::string canonicalized_query;
268 safe_browsing_util::CanonicalizeUrl(url, &canonicalized_hostname,
269 &canonicalized_path, &canonicalized_query);
270
271 EXPECT_EQ(tests[i].expected_canonicalized_hostname,
272 canonicalized_hostname);
273 EXPECT_EQ(tests[i].expected_canonicalized_path,
274 canonicalized_path);
275 EXPECT_EQ(tests[i].expected_canonicalized_query,
276 canonicalized_query);
277 }
278 }
279
280 TEST(SafeBrowsingUtilTest, ListIdListNameConversion) {
281 std::string list_name;
282 EXPECT_FALSE(safe_browsing_util::GetListName(safe_browsing_util::INVALID,
283 &list_name));
284 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::MALWARE,
285 &list_name));
286 EXPECT_EQ(list_name, std::string(safe_browsing_util::kMalwareList));
287 EXPECT_EQ(safe_browsing_util::MALWARE,
288 safe_browsing_util::GetListId(list_name));
289
290 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::PHISH,
291 &list_name));
292 EXPECT_EQ(list_name, std::string(safe_browsing_util::kPhishingList));
293 EXPECT_EQ(safe_browsing_util::PHISH,
294 safe_browsing_util::GetListId(list_name));
295
296 EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::BINURL,
297 &list_name));
298 EXPECT_EQ(list_name, std::string(safe_browsing_util::kBinUrlList));
299 EXPECT_EQ(safe_browsing_util::BINURL,
300 safe_browsing_util::GetListId(list_name));
301 }
302
303 // Since the ids are saved in file, we need to make sure they don't change.
304 // Since only the last bit of each id is saved in file together with
305 // chunkids, this checks only last bit.
306 TEST(SafeBrowsingUtilTest, ListIdVerification) {
307 EXPECT_EQ(0, safe_browsing_util::MALWARE % 2);
308 EXPECT_EQ(1, safe_browsing_util::PHISH % 2);
309 EXPECT_EQ(0, safe_browsing_util::BINURL %2);
310 }
311
312 TEST(SafeBrowsingUtilTest, StringToSBFullHashAndSBFullHashToString) {
313 // 31 chars plus the last \0 as full_hash.
314 const std::string hash_in = "12345678902234567890323456789012";
315 SBFullHash hash_out = safe_browsing_util::StringToSBFullHash(hash_in);
316 EXPECT_EQ(0x34333231U, hash_out.prefix);
317 EXPECT_EQ(0, memcmp(hash_in.data(), hash_out.full_hash, sizeof(SBFullHash)));
318
319 std::string hash_final = safe_browsing_util::SBFullHashToString(hash_out);
320 EXPECT_EQ(hash_in, hash_final);
321 }
322
323 TEST(SafeBrowsingUtilTest, FullHashOperators) {
324 const SBFullHash kHash1 = SBFullHashForString("one");
325 const SBFullHash kHash2 = SBFullHashForString("two");
326
327 EXPECT_TRUE(SBFullHashEqual(kHash1, kHash1));
328 EXPECT_TRUE(SBFullHashEqual(kHash2, kHash2));
329 EXPECT_FALSE(SBFullHashEqual(kHash1, kHash2));
330 EXPECT_FALSE(SBFullHashEqual(kHash2, kHash1));
331
332 EXPECT_FALSE(SBFullHashLess(kHash1, kHash2));
333 EXPECT_TRUE(SBFullHashLess(kHash2, kHash1));
334
335 EXPECT_FALSE(SBFullHashLess(kHash1, kHash1));
336 EXPECT_FALSE(SBFullHashLess(kHash2, kHash2));
337 }
338
339 } // namespace