// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // This test creates a fake safebrowsing service, where we can inject known- // threat urls. It then uses a real browser to go to these urls, and sends // "goback" or "proceed" commands and verifies they work. #include "components/safe_browsing/content/browser/safe_browsing_blocking_page.h" #include <algorithm> #include <map> #include <memory> #include <optional> #include <string_view> #include <utility> #include "base/command_line.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/functional/callback_helpers.h" #include "base/memory/ptr_util.h" #include "base/memory/raw_ptr.h" #include "base/run_loop.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "base/test/simple_test_clock.h" #include "base/test/test_future.h" #include "base/values.h" #include "build/build_config.h" #include "chrome/app/chrome_command_ids.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/history/history_service_factory.h" #include "chrome/browser/interstitials/security_interstitial_idn_test.h" #include "chrome/browser/password_manager/password_manager_test_base.h" #include "chrome/browser/password_manager/passwords_navigation_observer.h" #include "chrome/browser/policy/dm_token_utils.h" #include "chrome/browser/policy/policy_test_utils.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/renderer_context_menu/render_view_context_menu_test_util.h" #include "chrome/browser/safe_browsing/chrome_safe_browsing_blocking_page_factory.h" #include "chrome/browser/safe_browsing/safe_browsing_metrics_collector_factory.h" #include "chrome/browser/safe_browsing/safe_browsing_navigation_observer_manager_factory.h" #include "chrome/browser/safe_browsing/test_safe_browsing_service.h" #include "chrome/browser/safe_browsing/url_lookup_service_factory.h" #include "chrome/browser/safe_browsing/user_interaction_observer.h" #include "chrome/browser/safe_browsing/verdict_cache_manager_factory.h" #include "chrome/browser/ssl/cert_verifier_browser_test.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/browser_commands.h" #include "chrome/browser/ui/browser_tabstrip.h" #include "chrome/browser/ui/hats/mock_trust_safety_sentiment_service.h" #include "chrome/browser/ui/hats/trust_safety_sentiment_service_factory.h" #include "chrome/browser/ui/safety_hub/safety_hub_util.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/browser/ui/views/frame/browser_view.h" #include "chrome/browser/ui/views/location_bar/location_icon_view.h" #include "chrome/browser/ui/views/page_info/page_info_bubble_view.h" #include "chrome/browser/ui/views/page_info/page_info_bubble_view_base.h" #include "chrome/browser/ui/views/page_info/page_info_view_factory.h" #include "chrome/browser/ui/views/toolbar/toolbar_view.h" #include "chrome/common/chrome_features.h" #include "chrome/common/pref_names.h" #include "chrome/common/url_constants.h" #include "chrome/test/base/in_process_browser_test.h" #include "chrome/test/base/ui_test_utils.h" #include "components/enterprise/connectors/core/common.h" #include "components/enterprise/connectors/core/connectors_prefs.h" #include "components/google/core/common/google_util.h" #include "components/grit/components_resources.h" #include "components/omnibox/browser/omnibox_prefs.h" #include "components/page_info/core/features.h" #include "components/permissions/permission_util.h" #include "components/policy/core/common/policy_map.h" #include "components/policy/core/common/policy_types.h" #include "components/policy/policy_constants.h" #include "components/prefs/pref_service.h" #include "components/safe_browsing/content/browser/async_check_tracker.h" #include "components/safe_browsing/content/browser/safe_browsing_blocking_page_factory.h" #include "components/safe_browsing/content/browser/threat_details.h" #include "components/safe_browsing/content/browser/ui_manager.h" #include "components/safe_browsing/content/browser/unsafe_resource_util.h" #include "components/safe_browsing/content/common/safe_browsing.mojom.h" #include "components/safe_browsing/core/browser/db/database_manager.h" #include "components/safe_browsing/core/browser/db/fake_database_manager.h" #include "components/safe_browsing/core/browser/db/util.h" #include "components/safe_browsing/core/browser/db/v4_protocol_manager_util.h" #include "components/safe_browsing/core/browser/safe_browsing_metrics_collector.h" #include "components/safe_browsing/core/browser/verdict_cache_manager.h" #include "components/safe_browsing/core/common/features.h" #include "components/safe_browsing/core/common/hashprefix_realtime/hash_realtime_utils.h" #include "components/safe_browsing/core/common/safe_browsing_prefs.h" #include "components/safe_browsing/core/common/web_ui_constants.h" #include "components/security_interstitials/content/security_interstitial_controller_client.h" #include "components/security_interstitials/content/security_interstitial_tab_helper.h" #include "components/security_interstitials/content/ssl_blocking_page.h" #include "components/security_interstitials/core/controller_client.h" #include "components/security_interstitials/core/metrics_helper.h" #include "components/security_interstitials/core/unsafe_resource.h" #include "components/security_interstitials/core/urls.h" #include "components/security_state/content/security_state_tab_helper.h" #include "components/security_state/core/security_state.h" #include "components/strings/grit/components_strings.h" #include "components/ukm/test_ukm_recorder.h" #include "components/unified_consent/pref_names.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/disallow_activation_reason.h" #include "content/public/browser/navigation_controller.h" #include "content/public/browser/navigation_entry.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_process_host.h" #include "content/public/browser/render_view_host.h" #include "content/public/browser/web_contents.h" #include "content/public/common/isolated_world_ids.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/fenced_frame_test_util.h" #include "content/public/test/prerender_test_util.h" #include "content/public/test/render_view_test.h" #include "content/public/test/test_frame_navigation_observer.h" #include "content/public/test/test_navigation_observer.h" #include "content/public/test/test_utils.h" #include "net/cert/cert_verify_result.h" #include "net/cert/mock_cert_verifier.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "net/test/url_request/url_request_mock_http_job.h" #include "services/network/public/cpp/shared_url_loader_factory.h" #include "services/network/public/mojom/fetch_api.mojom.h" #include "testing/gmock/include/gmock/gmock-matchers.h" #include "third_party/blink/public/common/features.h" #include "ui/base/l10n/l10n_util.h" #include "ui/base/window_open_disposition.h" #include "ui/events/test/test_event.h" #include "ui/views/controls/styled_label.h" #if BUILDFLAG(IS_CHROMEOS_ASH) #include "chrome/browser/metrics/desktop_session_duration/desktop_session_duration_tracker.h" #endif SecurityInterstitialIDNTest; BrowserThread; NavigationController; RenderFrameHost; WebContents; BaseSafeBrowsingErrorUI; namespace safe_browsing { namespace { const char kEmptyPage[] = …; const char kHTTPSPage[] = …; const char kMaliciousPage[] = …; const char kCrossSiteMaliciousPage[] = …; const char kMaliciousIframe[] = …; const char kRedirectToMalware[] = …; const char kUnrelatedUrl[] = …; const char kEnhancedProtectionUrl[] = …; const char kMaliciousJsPage[] = …; const char kMaliciousJs[] = …; const char kInterstitialCloseHistogram[] = …; const char kInterstitialPreCommitPageHistogramSuffix[] = …; std::string GetHistogramPrefix(const SBThreatType& threat_type) { … } } // namespace enum Visibility { … }; bool IsShowingInterstitial(WebContents* contents) { … } content::RenderFrameHost* GetRenderFrameHost(Browser* browser) { … } views::BubbleDialogDelegateView* OpenPageInfo(Browser* browser) { … } bool WaitForReady(Browser* browser) { … } Visibility GetVisibility(Browser* browser, const std::string& node_id) { … } bool Click(Browser* browser, const std::string& node_id) { … } bool ClickAndWaitForDetach(Browser* browser, const std::string& node_id) { … } void ExpectSecurityIndicatorDowngrade(content::WebContents* tab, net::CertStatus cert_status) { … } void ExpectNoSecurityIndicatorDowngrade(content::WebContents* tab) { … } // A SafeBrowsingUIManager class that allows intercepting malware details. class FakeSafeBrowsingUIManager : public TestSafeBrowsingUIManager { … }; class TestThreatDetailsFactory : public ThreatDetailsFactory { … }; // A SafeBrowingBlockingPage class that lets us wait until it's hidden. class TestSafeBrowsingBlockingPage : public SafeBrowsingBlockingPage { … }; void AssertNoInterstitial(Browser* browser) { … } class TestSafeBrowsingBlockingPageFactory : public SafeBrowsingBlockingPageFactory { … }; class SafeBrowsingBlockingPageTestHelper { … }; // Tests the safe browsing blocking page in a browser. class SafeBrowsingBlockingPageBrowserTest : public CertVerifierBrowserTest, public testing::WithParamInterface<testing::tuple<SBThreatType, bool>> { … }; class SafeBrowsingHatsSurveyBrowserTest : public SafeBrowsingBlockingPageBrowserTest { … }; IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, HardcodedUrls) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, DontProceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, DontProceed_RTL) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Proceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Proceed_RTL) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, IframeNoWarning) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, JsNoWarning) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, MainFrameBlockedShouldHaveNoDOMDetailsWhenDontProceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, MainFrameBlockedShouldHaveNoDOMDetailsWhenProceeding) { … } // Verifies that the "proceed anyway" link isn't available when it is disabled // by the corresponding policy. Also verifies that sending the "proceed" // command anyway doesn't advance to the unsafe site. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, ProceedDisabled) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, NoBackToSafety) { … } // Verifies that the reporting checkbox is hidden when opt-in is // disabled by policy. However, reports can still be sent if extended // reporting is enabled (eg: by its own policy). // Note: this combination will be deprecated along with the OptInAllowed // policy, to be replaced by a policy on the SBER setting itself. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, ReportingDisabledByPolicy) { … } // Verifies that the enhanced protection message is still shown if the page is // reloaded while the interstitial is showing. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, ReloadWhileInterstitialShowing) { … } #if (BUILDFLAG(IS_MAC) && !defined(NDEBUG)) || defined(MEMORY_SANITIZER) // TODO(crbug.com/40721886): Address flaky timeout. #define MAYBE_LearnMore … #else #define MAYBE_LearnMore … #endif IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, MAYBE_LearnMore) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Histograms_DontProceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Histograms_Proceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, Histograms_UserMadeNoDecision) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, AllowlistRevisit) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, AllowlistUnsaved) { … } #if (BUILDFLAG(IS_MAC) && !defined(NDEBUG)) || defined(MEMORY_SANITIZER) // TODO(crbug.com/40721886): Address flay failure. #define MAYBE_VerifyHitReportSentOnSBERAndNotIncognito … #else #define MAYBE_VerifyHitReportSentOnSBERAndNotIncognito … #endif IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, MAYBE_VerifyHitReportSentOnSBERAndNotIncognito) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, VerifyHitReportNotSentOnIncognito) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, VerifyHitReportNotSentWithoutSBER) { … } namespace { class SecurityStyleTestObserver : public content::WebContentsObserver { … }; } // namespace // Test that the security indicator does not stay downgraded after // clicking back from a Safe Browsing interstitial. Regression test for // https://crbug.com/659709. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, SecurityStateGoBack) { … } // Test that the security indicator is downgraded after clicking through a // Safe Browsing interstitial. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, SecurityState_HTTP) { … } // Test that the security indicator is downgraded even if the website has valid // HTTPS (meaning that the SB state overrides the HTTPS state). IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, SecurityState_ValidHTTPS) { … } // Test that the security indicator is still downgraded after two interstitials // are shown in a row (one for Safe Browsing, one for invalid HTTPS). IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, SecurityState_InvalidHTTPS) { … } // Test that no safe browsing interstitial will be shown, if URL matches // enterprise safe browsing allowlist domains. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, VerifyEnterpriseAllowlist) { … } INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. // Check back and forward work correctly after clicking through an interstitial. #if (BUILDFLAG(IS_MAC) && !defined(NDEBUG)) || defined(MEMORY_SANITIZER) // TODO(crbug.com/40721886): Address flay failure. #define MAYBE_NavigatingBackAndForth … #else #define MAYBE_NavigatingBackAndForth … #endif IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, MAYBE_NavigatingBackAndForth) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, TimestampInCSBRRClickedThroughBlockingPage) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, FallbackCSBRRSentWithExpectedFieldsPopulated) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, IgnoreFutureAutoRevocation) { … } class AntiPhishingTelemetryBrowserTest : public SafeBrowsingBlockingPageBrowserTest { … }; INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. IN_PROC_BROWSER_TEST_P(AntiPhishingTelemetryBrowserTest, CheckReportListsInteractions) { … } IN_PROC_BROWSER_TEST_P(AntiPhishingTelemetryBrowserTest, CheckReportCloseTabOnInterstitial) { … } IN_PROC_BROWSER_TEST_P( AntiPhishingTelemetryBrowserTest, CheckReportListsInteractionsNoExplicitInterstitialDecision) { … } INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(SafeBrowsingHatsSurveyBrowserTest, ReportNotSentToSbButAttachedForHats) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingHatsSurveyBrowserTest, ReportSentToSbAndAttachedForHats) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingHatsSurveyBrowserTest, NoHatsSurveyWhenProceedDisabled) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingHatsSurveyBrowserTest, NoHatsSurveyWhenSafeBrowsingSurveysDisabled) { … } class TrustSafetySentimentSurveyV2BrowserTest : public SafeBrowsingBlockingPageBrowserTest { … }; INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. IN_PROC_BROWSER_TEST_P(TrustSafetySentimentSurveyV2BrowserTest, TrustSafetySentimentTriggerredOnProceed) { … } IN_PROC_BROWSER_TEST_P(TrustSafetySentimentSurveyV2BrowserTest, TrustSafetySentimentTriggerredOnPrimaryButtonClick) { … } IN_PROC_BROWSER_TEST_P(TrustSafetySentimentSurveyV2BrowserTest, TrustSafetySentimentTriggeredOnCloseInterstitialTab) { … } RedInterstitialUIBrowserTest; INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. IN_PROC_BROWSER_TEST_P(RedInterstitialUIBrowserTest, TestInterstitialPageStringsEnhancedEnabled) { … } IN_PROC_BROWSER_TEST_P(RedInterstitialUIBrowserTest, TestInterstitialPageStringsStandardEnabled) { … } class SafeBrowsingBlockingPageDelayedWarningBrowserTest : public InProcessBrowserTest, public testing::WithParamInterface< testing::tuple<bool /* IsolateAllSitesForTesting */, bool /* Show warning on mouse click */>> { … }; IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, NoInteraction_WarningNotShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, NotPhishing_WarningNotDelayed) { … } // Close the tab while a user interaction observer is attached to the tab. It // shouldn't crash. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, CloseTab_ShouldNotCrash) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, KeyPress_WarningShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, KeyPress_ESC_WarningNotShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, KeyPress_ModifierKey_WarningNotShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, KeyPress_CtrlC_WarningShown) { … } // Similar to KeyPress_ESC_WarningNotShown, but a character key is pressed after // ESC. The warning should be shown. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, KeyPress_ESCAndCharacterKey_WarningShown) { … } // Disabled due to flakiness. https://crbug.com/332097746. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, DISABLED_Fullscreen_WarningShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, PermissionRequest_WarningShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, JavaScriptDialog_WarningShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, DesktopCaptureRequest_WarningShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, Paste_WarningShown) { … } // The user clicks on the page. Feature isn't configured to show a warning on // mouse clicks. We should record that the user interacted with the page, but // shouldn't shown an interstitial. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, MouseClick_WarningNotShown) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, MouseClick_WarningShown) { … } // This test initiates a download when a warning is delayed. The download should // be cancelled and the interstitial should not be shown. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, Download_CancelledWithNoInterstitial) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, InteractionAfterNonCommittingNavigation_Interstitial) { … } // This test navigates to a page with password form and submits a password. The // warning should be delayed, the "Save Password" bubble should not be shown, // and a histogram entry for the password save should be recorded. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageDelayedWarningBrowserTest, PasswordSaveDisabled) { … } INSTANTIATE_TEST_SUITE_P(…); // Test that SafeBrowsingBlockingPage properly decodes IDN URLs that are // displayed. class SafeBrowsingBlockingPageIDNTest : public SecurityInterstitialIDNTest, public testing::WithParamInterface<SBThreatType> { … }; // TODO(crbug.com/40666794): VerifyIDNDecoded does not work with committed // interstitials, this test should be re-enabled once it is adapted. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageIDNTest, DISABLED_SafeBrowsingBlockingPageDecodesIDN) { … } INSTANTIATE_TEST_SUITE_P(…); class SafeBrowsingBlockingPageEnhancedProtectionMessageTest : public policy::PolicyTest { … }; IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest, VerifyEnhancedProtectionMessageShownAndClicked) { … } IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest, VerifyEnhancedProtectionMessageNotShownAlreadyInEp) { … } IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest, VerifyEnhancedProtectionMessageNotShownManaged) { … } class SafeBrowsingBlockingPageAsyncChecksTestBase : public InProcessBrowserTest { … }; class SafeBrowsingBlockingPageAsyncChecksTest : public SafeBrowsingBlockingPageAsyncChecksTestBase, public testing::WithParamInterface<bool> { … }; INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTest, EnterpriseRealTimeUrlCheck) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTest, ConsumerRealTimeUrlCheck) { … } class SafeBrowsingBlockingPageAsyncChecksTimingTestBase : public SafeBrowsingBlockingPageAsyncChecksTestBase { … }; class SafeBrowsingBlockingPageAsyncChecksTimingTest : public SafeBrowsingBlockingPageAsyncChecksTimingTestBase, public testing::WithParamInterface<bool> { … }; class SafeBrowsingBlockingPageAsyncChecksPrerenderingTest : public SafeBrowsingBlockingPageAsyncChecksTimingTestBase { … }; // Test that prerendering doesn't affect the primary frame's threat report. IN_PROC_BROWSER_TEST_F( SafeBrowsingBlockingPageAsyncChecksPrerenderingTest, PostCommitInterstitialReportThreatDetails_DontContainPrerenderingInfo) { … } INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, VerifyHistogramsAndHitReport) { … } // Confirm that duplicate hit reports aren't sent in the case where URT falls // back to HPD due to a high-confidence allowlist match. IN_PROC_BROWSER_TEST_P( SafeBrowsingBlockingPageAsyncChecksTimingTest, NoDuplicateHitReports_FallbackFromHighConfidenceAllowlistMatch) { … } // Confirm that duplicate hit reports aren't sent in the case where URT is // not eligible and HPD is used instead for the async check. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, NoDuplicateHitReports_UrlRealTimeUncheckable) { … } // Confirm that duplicate hit reports aren't sent for web UI URLs. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, NoDuplicateHitReports_WebUiUrl) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialDontProceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialProceed) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialServerRedirect_OriginIsUnsafe) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialServerRedirect_RedirectIsUnsafe) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialReportThreatDetails) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, PostCommitInterstitialAllowlistRevisit) { … } // Test that the security indicator gets updated on a Safe Browsing // interstitial triggered post commit. Regression test for // https://crbug.com/659713. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, SecurityStateDowngradedForPostCommitInterstitial) { … } // Test that the security indicator does not stay downgraded after // clicking back from a Safe Browsing interstitial triggered post commit. // Regression test for https://crbug.com/659709. IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, SecurityStateGoBackOnPostCommitInterstitial) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageAsyncChecksTimingTest, SecurityStateGoBackFlaggedByBothChecks) { … } // Tests that commands work in a post commit interstitial if a pre commit // interstitial has been shown previously on the same webcontents. Regression // test for crbug.com/1021334 #if BUILDFLAG(IS_LINUX) && defined(MEMORY_SANITIZER) // TODO(crbug.com/325491320): re-enable test #define MAYBE_PostCommitInterstitialProceedAfterPreCommitInterstitial … #else #define MAYBE_PostCommitInterstitialProceedAfterPreCommitInterstitial … #endif IN_PROC_BROWSER_TEST_P( SafeBrowsingBlockingPageAsyncChecksTimingTest, MAYBE_PostCommitInterstitialProceedAfterPreCommitInterstitial) { … } // Tests for real time URL check. To test it without making network requests to // Safe Browsing servers, store an unsafe verdict in cache for the URL. class SafeBrowsingBlockingPageRealTimeUrlCheckTest : public InProcessBrowserTest, public testing::WithParamInterface<bool> { … }; INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageRealTimeUrlCheckTest, WarningShown_EnhancedProtectionEnabled) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageRealTimeUrlCheckTest, WarningShown_MbbEnabled) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageRealTimeUrlCheckTest, WarningNotShown_MbbDisabled) { … } // Tests for hash-prefix real-time check. To avoid redundant testing of the // HashRealTimeService, this populates the local cache instead of mocking // network requests. class SafeBrowsingBlockingPageHashRealTimeCheckTest : public InProcessBrowserTest, public testing::WithParamInterface<bool> { … }; class SafeBrowsingBlockingPageHashRealTimeCheckFeatureOffTest : public SafeBrowsingBlockingPageHashRealTimeCheckTest { … }; INSTANTIATE_TEST_SUITE_P(…); INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageHashRealTimeCheckTest, ShowWarning) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageHashRealTimeCheckTest, DontShowWarning_PageIsSafe) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageHashRealTimeCheckFeatureOffTest, DontShowWarning_FeatureIsOff) { … } IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageHashRealTimeCheckTest, TriggerHitReportAndClientSafeBrowsingReportRequest) { … } class SafeBrowsingPrerenderBrowserTest : public SafeBrowsingBlockingPageBrowserTest { … }; INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. // Attempt to prerender an unsafe page. The prerender navigation should be // cancelled and should not affect the security state of the primary page. IN_PROC_BROWSER_TEST_P(SafeBrowsingPrerenderBrowserTest, UnsafePrerender) { … } class SafeBrowsingBlockingPageDelayedWarningPrerenderingBrowserTest : public SafeBrowsingBlockingPageDelayedWarningBrowserTest { … }; INSTANTIATE_TEST_SUITE_P(…); // This test loads a page in the prerender to ensure that the prerendering // navigation is skipped at DidFinishNavigation() from // SafeBrowsingUserInteractionObserver. IN_PROC_BROWSER_TEST_P( SafeBrowsingBlockingPageDelayedWarningPrerenderingBrowserTest, DoNotRecordMetricsInPrerendering) { … } class WarningShownTimestampCSBRRDisabledBrowserTest : public SafeBrowsingBlockingPageBrowserTest { … }; INSTANTIATE_TEST_SUITE_P(…); // If isolate all sites for testing. IN_PROC_BROWSER_TEST_P(WarningShownTimestampCSBRRDisabledBrowserTest, TimestampNotInCSBRRClickedThroughBlockingPage) { … } IN_PROC_BROWSER_TEST_P(WarningShownTimestampCSBRRDisabledBrowserTest, TimestampNotInFallbackCSBRRSent) { … } } // namespace safe_browsing
Codebase Browser
chromium