// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/security_state/core/security_state.h" #include <stdint.h> #include <memory> #include <utility> #include "base/command_line.h" #include "base/functional/bind.h" #include "base/test/metrics/histogram_tester.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_connection_status_flags.h" #include "net/test/cert_test_util.h" #include "net/test/test_certificate_data.h" #include "net/test/test_data_directory.h" #include "testing/gtest/include/gtest/gtest.h" namespace security_state { namespace { const char kHttpsUrl[] = …; const char kHttpUrl[] = …; const char kLocalhostUrl[] = …; const char kFileOrigin[] = …; const char kWssUrl[] = …; const char kDataUrl[] = …; // This list doesn't include data: URL, as data: URLs will be explicitly marked // as not secure. const char* const kPseudoUrls[] = …; class TestSecurityStateHelper { … }; } // namespace // Tests that SHA1-signed certificates, when not allowed by policy, downgrade // the security state of the page to DANGEROUS. TEST(SecurityStateTest, SHA1Blocked) { … } // Tests that SHA1-signed certificates, when allowed by policy, downgrade the // security state of the page to NONE. TEST(SecurityStateTest, SHA1Warning) { … } // Tests that SHA1-signed certificates, when allowed by policy, don't interfere // with the handling of mixed content. TEST(SecurityStateTest, SHA1WarningMixedContent) { … } // Tests that SHA1-signed certificates, when allowed by policy, // don't interfere with the handling of major cert errors. TEST(SecurityStateTest, SHA1WarningBrokenHTTPS) { … } // Tests that the malware/phishing status overrides valid HTTPS. TEST(SecurityStateTest, MalwareOverride) { … } // Tests that the malware/phishing status is set, even if other connection info // is not available. TEST(SecurityStateTest, MalwareWithoutConnectionState) { … } // Tests that pseudo URLs always cause an WARNING to be shown. TEST(SecurityStateTest, AlwaysWarnOnDataUrls) { … } // Tests that the security level is downgraded to WARNING on // pseudo URLs. TEST(SecurityStateTest, WarningOnPseudoUrls) { … } // Tests that if |is_view_source| is set, NONE is returned for a secure site. TEST(SecurityStateTest, ViewSourceRemovesSecure) { … } // Tests that if |is_view_source| is set, DANGEROUS is still returned for a site // flagged by SafeBrowsing. TEST(SecurityStateTest, ViewSourceKeepsWarning) { … } // Tests that a mixed form is reflected in the security level. TEST(SecurityStateTest, MixedForm) { … } // Tests that policy-installed-certificates do not interfere with mixed content // notifications. TEST(SecurityStateTest, MixedContentWithPolicyCertificate) { … } // Tests that HTTP URLs cause a WARNING security level. TEST(SecurityStateTest, WarningOnHttp) { … } // Tests that |safety_tip_status| effects security level appropriately. TEST(SecurityStateTest, SafetyTipSometimesRemovesSecure) { … } // Tests IsSchemeCryptographic function. TEST(SecurityStateTest, CryptographicSchemeUrl) { … } // Tests IsOriginLocalhostOrFile function. TEST(SecurityStateTest, LocalhostOrFileUrl) { … } // Tests IsSslCertificateValid function. TEST(SecurityStateTest, SslCertificateValid) { … } // Tests that WARNING is not set for error pages. TEST(SecurityStateTest, ErrorPage) { … } // Tests that the billing status is set, and it overrides valid HTTPS. TEST(SecurityStateTest, BillingOverridesValidHTTPS) { … } // Tests that the billing status overrides HTTP warnings. TEST(SecurityStateTest, BillingOverridesHTTPWarning) { … } // Tests that non-cryptographic schemes are handled as having no certificate // errors. TEST(SecurityStateTest, NonCryptoHasNoCertificateErrors) { … } // Tests that cryptographic schemes without certificate errors are acceptable. TEST(SecurityStateTest, CryptoWithNoCertificateErrors) { … } // Tests that major certificate errors are detected. TEST(SecurityStateTest, MajorCertificateErrors) { … } // Tests that if a page was upgraded by HTTPS-Only Mode it takes precedence // over net errors where connection info is not set. TEST(SecurityStateTest, HttpsOnlyModeOverridesNetError) { … } // Tests that if a page was upgraded by HTTPS-Only Mode it takes precedence // over the page having certificate errors. TEST(SecurityStateTest, HttpsOnlyModeOverridesCertificateError) { … } // Tests that malicious content status takes precedence over HTTPS-Only Mode. TEST(SecurityStateTest, MaliciousContentOverridesHttpsOnlyMode) { … } } // namespace security_state
Codebase Browser
chromium