// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/342213636): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "base/base_paths.h" #include "base/command_line.h" #include "base/feature_list.h" #include "base/files/file.h" #include "base/files/file_enumerator.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/json/values_util.h" #include "base/memory/ref_counted_memory.h" #include "base/strings/string_number_conversions.h" #include "base/test/bind.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "base/test/test_timeouts.h" #include "base/threading/platform_thread.h" #include "base/time/time.h" #include "build/build_config.h" #include "components/os_crypt/async/browser/key_provider.h" #include "components/os_crypt/async/browser/os_crypt_async.h" #include "components/os_crypt/async/browser/test_utils.h" #include "components/os_crypt/async/common/encryptor.h" #include "components/os_crypt/async/common/encryptor_features.h" #include "content/browser/storage_partition_impl.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/network_service_instance.h" #include "content/public/browser/network_service_util.h" #include "content/public/browser/url_data_source.h" #include "content/public/browser/web_contents.h" #include "content/public/browser/web_contents_observer.h" #include "content/public/browser/web_ui_controller.h" #include "content/public/browser/web_ui_controller_factory.h" #include "content/public/common/bindings_policy.h" #include "content/public/common/content_features.h" #include "content/public/common/content_switches.h" #include "content/public/common/url_utils.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/simple_url_loader_test_helper.h" #include "content/public/test/test_utils.h" #include "content/shell/browser/shell.h" #include "content/test/content_browser_test_utils_internal.h" #include "mojo/public/cpp/bindings/remote.h" #include "mojo/public/cpp/bindings/sync_call_restrictions.h" #include "net/base/features.h" #include "net/cookies/cookie_util.h" #include "net/disk_cache/disk_cache.h" #include "net/dns/mock_host_resolver.h" #include "net/http/http_response_headers.h" #include "net/test/embedded_test_server/default_handlers.h" #include "net/test/embedded_test_server/http_request.h" #include "net/test/gtest_util.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "sandbox/policy/features.h" #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom.h" #include "services/network/public/cpp/features.h" #include "services/network/public/cpp/network_switches.h" #include "services/network/public/cpp/resource_request.h" #include "services/network/public/cpp/simple_url_loader.h" #include "services/network/public/mojom/cookie_encryption_provider.mojom.h" #include "services/network/public/mojom/cookie_manager.mojom.h" #include "services/network/public/mojom/network_context.mojom.h" #include "services/network/public/mojom/network_service.mojom.h" #include "services/network/public/mojom/network_service_test.mojom.h" #include "services/network/test/udp_socket_test_util.h" #include "sql/database.h" #include "sql/sql_features.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #if BUILDFLAG(IS_ANDROID) #include "base/android/application_status_listener.h" #endif #if BUILDFLAG(IS_WIN) #include <windows.h> #include <dbghelp.h> #include <algorithm> #include "base/files/memory_mapped_file.h" #include "base/files/scoped_temp_file.h" #include "base/rand_util.h" #include "content/browser/network/network_service_process_tracker_win.h" #include "sandbox/policy/features.h" #endif namespace content { namespace { class WebUITestWebUIControllerFactory : public WebUIControllerFactory { … }; class TestWebUIDataSource : public URLDataSource { … }; class NetworkServiceBrowserTest : public ContentBrowserTest { … }; #if BUILDFLAG(IS_ANDROID) #define MAYBE_WebUIBindingsNoHttp … #else #define MAYBE_WebUIBindingsNoHttp … #endif // Verifies that WebUI pages with WebUI bindings can't make network requests. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, MAYBE_WebUIBindingsNoHttp) { … } // Verifies that WebUI pages without WebUI bindings can make network requests. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, NoWebUIBindingsHttp) { … } // Verifies the filesystem URLLoaderFactory's check, using // ChildProcessSecurityPolicyImpl::CanRequestURL is properly rejected. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, FileSystemBindingsCorrectOrigin) { … } IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, SimpleUrlLoader_NoAuthWhenNoWebContents) { … } #if BUILDFLAG(IS_ANDROID) IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, HttpCacheWrittenToDiskOnApplicationStateChange) { base::ScopedAllowBlockingForTesting allow_blocking; // Create network context with cache pointing to the temp cache dir. mojo::Remote<network::mojom::NetworkContext> network_context; network::mojom::NetworkContextParamsPtr context_params = network::mojom::NetworkContextParams::New(); context_params->cert_verifier_params = GetCertVerifierParams( cert_verifier::mojom::CertVerifierCreationParams::New()); context_params->file_paths = network::mojom::NetworkContextFilePaths::New(); context_params->file_paths->http_cache_directory = GetCacheDirectory(); CreateNetworkContextInNetworkService( network_context.BindNewPipeAndPassReceiver(), std::move(context_params)); network::mojom::URLLoaderFactoryParamsPtr params = network::mojom::URLLoaderFactoryParams::New(); params->process_id = network::mojom::kBrowserProcessId; params->automatically_assign_isolation_info = true; params->is_orb_enabled = false; params->is_trusted = true; mojo::Remote<network::mojom::URLLoaderFactory> loader_factory; network_context->CreateURLLoaderFactory( loader_factory.BindNewPipeAndPassReceiver(), std::move(params)); // Load a URL and check the cache index size. LoadURL(embedded_test_server()->GetURL("/cachetime"), loader_factory.get()); int64_t directory_size = base::ComputeDirectorySize(GetCacheIndexDirectory()); // Load another URL, cache index should not be written to disk yet. LoadURL(embedded_test_server()->GetURL("/cachetime?foo"), loader_factory.get()); EXPECT_EQ(directory_size, base::ComputeDirectorySize(GetCacheIndexDirectory())); // After application state changes, cache index should be written to disk. base::android::ApplicationStatusListener::NotifyApplicationStateChange( base::android::APPLICATION_STATE_HAS_STOPPED_ACTIVITIES); base::RunLoop().RunUntilIdle(); FlushNetworkServiceInstanceForTesting(); disk_cache::FlushCacheThreadForTesting(); EXPECT_GT(base::ComputeDirectorySize(GetCacheIndexDirectory()), directory_size); } #endif // BUILDFLAG(IS_ANDROID) #if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) class NetworkConnectionObserver : public network::NetworkConnectionTracker::NetworkConnectionObserver { … }; class NetworkServiceConnectionTypeSyncedBrowserTest : public NetworkServiceBrowserTest { … }; IN_PROC_BROWSER_TEST_F(NetworkServiceConnectionTypeSyncedBrowserTest, ConnectionTypeChangeSyncedToNetworkProcess) { … } #endif // BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) class NetworkServiceOutOfProcessBrowserTest : public NetworkServiceBrowserTest { … }; IN_PROC_BROWSER_TEST_F(NetworkServiceOutOfProcessBrowserTest, MemoryPressureSentToNetworkProcess) { … } // Verifies that sync XHRs don't hang if the network service crashes. IN_PROC_BROWSER_TEST_F(NetworkServiceOutOfProcessBrowserTest, SyncXHROnCrash) { … } // Verifies that sync cookie calls don't hang if the network service crashes. IN_PROC_BROWSER_TEST_F(NetworkServiceOutOfProcessBrowserTest, SyncCookieGetOnCrash) { … } // Tests that CORS is performed by the network service when |factory_override| // is used. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserTest, FactoryOverride) { … } // Android doesn't support PRE_ tests. // TODO(wfh): Enable this test when https://crbug.com/1257820 is fixed. #if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_FUCHSIA) class NetworkServiceBrowserCacheResetTest : public NetworkServiceBrowserTest { … }; // Create a network context and make an HTTP request which causes cache entry to // be created. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserCacheResetTest, PRE_PRE_CacheResetTest) { … } // Using the same network context, make an HTTP request and verify that the // cache entry is correctly used. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserCacheResetTest, PRE_CacheResetTest) { … } // Using the same network context, reset the cache backend and verify that cache // miss is correctly reported. IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserCacheResetTest, CacheResetTest) { … } #if BUILDFLAG(IS_POSIX) IN_PROC_BROWSER_TEST_F(NetworkServiceBrowserCacheResetTest, CacheResetFailure) { … } #endif // BUILDFLAG(IS_POSIX) #endif // BUILDFLAG(IS_ANDROID) // Cache data migration is not used for Fuchsia. #if !BUILDFLAG(IS_FUCHSIA) const base::FilePath::CharType kCheckpointFileName[] = …); constexpr char kCookieName[] = …; constexpr char kCookieValue[] = …; net::CookieList GetCookies( const mojo::Remote<network::mojom::CookieManager>& cookie_manager) { … } void SetCookie( const mojo::Remote<network::mojom::CookieManager>& cookie_manager) { … } void FlushCookies( const mojo::Remote<network::mojom::CookieManager>& cookie_manager) { … } mojo::PendingRemote<network::mojom::NetworkContext> CreateNetworkContextForPaths(network::mojom::NetworkContextFilePathsPtr paths, const base::FilePath& cache_path) { … } enum class FailureType { … }; static const FailureType kFailureTypes[] = …; static const base::FilePath::CharType kCookieDatabaseName[] = …); static const base::FilePath::CharType kNetworkSubpath[] = …); // Disable the following data migration tests on Android because the data // migration logic is disabled and compiled out on this platform. #if BUILDFLAG(IS_ANDROID) #define MAYBE_NetworkServiceDataMigrationBrowserTest … #define MAYBE_NetworkServiceDataMigrationBrowserTestWithFailures … #else #define MAYBE_NetworkServiceDataMigrationBrowserTest … #define MAYBE_NetworkServiceDataMigrationBrowserTestWithFailures … #endif // BUILDFLAG(IS_ANDROID) // A class to test various behavior of network context data migration. class MAYBE_NetworkServiceDataMigrationBrowserTest : public ContentBrowserTest { … }; // A parameterized test fixture that can simulate various failures in the // migration step, and can also be run with either in-process or out-of-process // network service. class MAYBE_NetworkServiceDataMigrationBrowserTestWithFailures : public MAYBE_NetworkServiceDataMigrationBrowserTest, public ::testing::WithParamInterface<std::tuple<bool, FailureType>> { … }; // A function to verify that data files move during migration to sandboxed data // dir. This function uses three directories to verify the behavior. It uses the // cookies file to verify the migration occurs correctly. // // Testing takes place under the browser context path. First, a network context // is created in temp dir 'one' and then a cookie is written and flushed to // disk. This results in cookie files(s) being created on disk. // // BrowserContext/ // |- tempdir 'one'/ (`tempdir_one` FilePath) // | |- Cookies // | |- Cookies-journal // // The entire 'one' dir is then copied into a new 'two' temp folder to create // the directory structure used for migration. This is so a second network // context can be created in the same network service. // // BrowserContext/ // |- tempdir 'one'/ // | |- Cookies // | |- Cookies-journal // |- tempdir 'two'/ (`tempdir_two` FilePath) // | |- Cookies (copied from above) // | |- Cookies-journal (copied from above) // // A new network context is then created with `unsandboxed_data_path` set to // root of tempdir 'two' and `data_directory` set to a directory underneath // tempdir 'two' called 'Network' to initiate the migration. After a successful // migration, the structure should look like this: // // BrowserContext/ // |- tempdir 'one'/ // | |- Cookies // | |- Cookies-journal // |- tempdir 'two'/ // | |- Network/ // | | |- Cookies (migrated from tempdir 'two') // | | |- Cookies-journal (migrated from tempdir 'two') // // This test injects various failures in the migration process to ensure that // the network context still functions correctly if the Cookies file cannot be // migrated. void MigrationTestInternal(const base::FilePath& tempdir_one, const base::FilePath& tempdir_two_parent, FailureType failure_type) { … } IN_PROC_BROWSER_TEST_P(MAYBE_NetworkServiceDataMigrationBrowserTestWithFailures, MigrateDataTest) { … } // This test is similar to the test above that uses two directories, but it uses // a third directory to verify that if a migration is triggered and then later // not triggered, then the data is still read from the new directory and not the // old one. IN_PROC_BROWSER_TEST_F(MAYBE_NetworkServiceDataMigrationBrowserTest, MigrateThenNoMigrate) { … } // This test verifies that a new un-used data path will be initialized correctly // if `unsandboxed_data_path` is set. The Cookie file should be placed into the // `data_directory` and not `unsandboxed_data_path`. IN_PROC_BROWSER_TEST_F(MAYBE_NetworkServiceDataMigrationBrowserTest, NewDataDirWithMigrationTest) { … } // A test where a caller specifies both `data_directory` and // `unsandboxed_data_path` but does not wish migration to occur. The data should // be in `unsandboxed_data_path` in this case. IN_PROC_BROWSER_TEST_F(MAYBE_NetworkServiceDataMigrationBrowserTest, NewDataDirWithNoMigrationTest) { … } // A test where a caller specifies `data_directory` but does not specify // anything else, including `unsandboxed_data_path`. This verifies that existing // behavior remains the same for call-sites that do not update anything. IN_PROC_BROWSER_TEST_F(MAYBE_NetworkServiceDataMigrationBrowserTest, LegacyDataDir) { … } // This test is similar to the tests above that use two directories, but uses a // third directory to verify that if a migration has previously occurred using // the previous code without the checkpoint file, and then later takes place // using the new code, then the data is still read from the correct directory // despite there not being a checkpoint file prior to the migration. IN_PROC_BROWSER_TEST_F(MAYBE_NetworkServiceDataMigrationBrowserTest, MigratedPreviouslyAndMigrateAgain) { … } // Disable instantiation of parametrized tests for disk access sandboxing on // Android. #if BUILDFLAG(IS_ANDROID) #define MAYBE_InProcess … #define MAYBE_OutOfProcess … #else #define MAYBE_InProcess … #define MAYBE_OutOfProcess … #endif // BUILDFLAG(IS_ANDROID) INSTANTIATE_TEST_SUITE_P(…); INSTANTIATE_TEST_SUITE_P(…); #endif // !BUILDFLAG(IS_FUCHSIA) class NetworkServiceInProcessBrowserTest : public ContentBrowserTest { … }; // Verifies that in-process network service works. IN_PROC_BROWSER_TEST_F(NetworkServiceInProcessBrowserTest, Basic) { … } class NetworkServiceInvalidLogBrowserTest : public ContentBrowserTest { … }; // Verifies that an invalid --log-net-log flag won't crash the browser. IN_PROC_BROWSER_TEST_F(NetworkServiceInvalidLogBrowserTest, Basic) { … } // Test fixture for using a NetworkService that has a non-default limit on the // number of allowed open UDP sockets. class NetworkServiceWithUDPSocketLimit : public NetworkServiceBrowserTest { … }; // Tests calling Connect() on |kMaxUDPSockets + 4| sockets. The first // kMaxUDPSockets should succeed, whereas the last 4 should fail with // ERR_INSUFFICIENT_RESOURCES due to having exceeding the global bound. IN_PROC_BROWSER_TEST_F(NetworkServiceWithUDPSocketLimit, UDPSocketBoundEnforced) { … } class NetworkServiceNetLogBrowserTest : public ContentBrowserTest { … }; // Tests that a log file is generated and is of non-zero size. IN_PROC_BROWSER_TEST_F(NetworkServiceNetLogBrowserTest, LogCreated) { … } class NetworkServiceBoundedNetLogBrowserTest : public NetworkServiceNetLogBrowserTest { … }; // This is disabled for Mac and iOS. Mac due to the crbug below, and iOS because // the test is flaky and the feature it's testing isn't usable on iOS. // // TODO(crbug.com/40276296): Try-bots use a different temp directory that the // Mac network sandbox doesn't allow and causes this test to fail. Disable the // test until this is resolved. #if BUILDFLAG(IS_APPLE) #define MAYBE_LogCreated … #else #define MAYBE_LogCreated … #endif IN_PROC_BROWSER_TEST_F(NetworkServiceBoundedNetLogBrowserTest, MAYBE_LogCreated) { … } class TestCookieEncryptionProvider : public network::mojom::CookieEncryptionProvider { … }; class NetworkServiceCookieEncryptionBrowserTest : public ContentBrowserTest, public testing::WithParamInterface</*kProtectEncryptionKey*/ bool> { … }; // This test verifies that when a cookie encryption provider is set when // creating a network context, then it results in a call to the GetEncryptor // method on the CookieEncryptionProvider. IN_PROC_BROWSER_TEST_P(NetworkServiceCookieEncryptionBrowserTest, CookieEncryptionProvider) { … } INSTANTIATE_TEST_SUITE_P(…); #if BUILDFLAG(IS_WIN) class NetworkServiceCodeIntegrityTest : public NetworkServiceBrowserTest { public: NetworkServiceCodeIntegrityTest() { scoped_feature_list_.InitWithFeatures( {sandbox::policy::features::kNetworkServiceCodeIntegrity, sandbox::policy::features::kNetworkServiceSandbox}, {}); ForceOutOfProcessNetworkService(); } private: base::test::ScopedFeatureList scoped_feature_list_; }; // This test verifies that the NetworkServiceCodeIntegrity feature works when // used in conjunction with the network service sandbox on Windows. IN_PROC_BROWSER_TEST_F(NetworkServiceCodeIntegrityTest, Enabled) { // Verify pages load. EXPECT_TRUE( NavigateToURL(shell(), embedded_test_server()->GetURL("/empty.html"))); } #endif // BUILDFLAG(IS_WIN) } // namespace } // namespace content
Codebase Browser
chromium