src/chrome/browser/safe_browsing/safe_browsing_util_unittest.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <algorithm>
   6
   7 #include "base/strings/stringprintf.h"
   8 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
   9 #include "testing/gtest/include/gtest/gtest.h"
  10 #include "url/gurl.h"
  11
  12 namespace {
  13
  14 bool VectorContains(const std::vector<std::string>& data,
  15                     const std::string& str) {
  16   return std::find(data.begin(), data.end(), str) != data.end();
  17 }
  18
  19 // Tests that we generate the required host/path combinations for testing
  20 // according to the Safe Browsing spec.
  21 // See section 6.2 in
  22 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
  23 TEST(SafeBrowsingUtilTest, UrlParsing) {
  24   std::vector<std::string> hosts, paths;
  25
  26   GURL url("http://a.b.c/1/2.html?param=1");
  27   safe_browsing_util::GenerateHostsToCheck(url, &hosts);
  28   safe_browsing_util::GeneratePathsToCheck(url, &paths);
  29   EXPECT_EQ(hosts.size(), static_cast<size_t>(2));
  30   EXPECT_EQ(paths.size(), static_cast<size_t>(4));
  31   EXPECT_EQ(hosts[0], "b.c");
  32   EXPECT_EQ(hosts[1], "a.b.c");
  33
  34   EXPECT_TRUE(VectorContains(paths, "/1/2.html?param=1"));
  35   EXPECT_TRUE(VectorContains(paths, "/1/2.html"));
  36   EXPECT_TRUE(VectorContains(paths, "/1/"));
  37   EXPECT_TRUE(VectorContains(paths, "/"));
  38
  39   url = GURL("http://a.b.c.d.e.f.g/1.html");
  40   safe_browsing_util::GenerateHostsToCheck(url, &hosts);
  41   safe_browsing_util::GeneratePathsToCheck(url, &paths);
  42   EXPECT_EQ(hosts.size(), static_cast<size_t>(5));
  43   EXPECT_EQ(paths.size(), static_cast<size_t>(2));
  44   EXPECT_EQ(hosts[0], "f.g");
  45   EXPECT_EQ(hosts[1], "e.f.g");
  46   EXPECT_EQ(hosts[2], "d.e.f.g");
  47   EXPECT_EQ(hosts[3], "c.d.e.f.g");
  48   EXPECT_EQ(hosts[4], "a.b.c.d.e.f.g");
  49   EXPECT_TRUE(VectorContains(paths, "/1.html"));
  50   EXPECT_TRUE(VectorContains(paths, "/"));
  51
  52   url = GURL("http://a.b/saw-cgi/eBayISAPI.dll/");
  53   safe_browsing_util::GeneratePathsToCheck(url, &paths);
  54   EXPECT_EQ(paths.size(), static_cast<size_t>(3));
  55   EXPECT_TRUE(VectorContains(paths, "/saw-cgi/eBayISAPI.dll/"));
  56   EXPECT_TRUE(VectorContains(paths, "/saw-cgi/"));
  57   EXPECT_TRUE(VectorContains(paths, "/"));
  58 }
  59
  60 // Tests the url canonicalization according to the Safe Browsing spec.
  61 // See section 6.1 in
  62 // http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
  63 TEST(SafeBrowsingUtilTest, CanonicalizeUrl) {
  64   struct {
  65     const char* input_url;
  66     const char* expected_canonicalized_hostname;
  67     const char* expected_canonicalized_path;
  68     const char* expected_canonicalized_query;
  69   } tests[] = {
  70     {
  71       "http://host/%25%32%35",
  72       "host",
  73       "/%25",
  74       ""
  75     }, {
  76       "http://host/%25%32%35%25%32%35",
  77       "host",
  78       "/%25%25",
  79       ""
  80     }, {
  81       "http://host/%2525252525252525",
  82       "host",
  83       "/%25",
  84       ""
  85     }, {
  86       "http://host/asdf%25%32%35asd",
  87       "host",
  88       "/asdf%25asd",
  89       ""
  90     }, {
  91       "http://host/%%%25%32%35asd%%",
  92       "host",
  93       "/%25%25%25asd%25%25",
  94       ""
  95     }, {
  96       "http://host/%%%25%32%35asd%%",
  97       "host",
  98       "/%25%25%25asd%25%25",
  99       ""
 100     }, {
 101       "http://www.google.com/",
 102       "www.google.com",
 103       "/",
 104       ""
 105     }, {
 106       "http://%31%36%38%2e%31%38%38%2e%39%39%2e%32%36/%2E%73%65%63%75%72%65/%77"
 107           "%77%77%2E%65%62%61%79%2E%63%6F%6D/",
 108       "168.188.99.26",
 109       "/.secure/www.ebay.com/",
 110       ""
 111     }, {
 112       "http://195.127.0.11/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserd"
 113           "ataxplimnbqmn-xplmvalidateinfoswqpcmlx=hgplmcx/",
 114       "195.127.0.11",
 115       "/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserdataxplimnbqmn-xplmv"
 116           "alidateinfoswqpcmlx=hgplmcx/",
 117       ""
 118     }, {
 119       "http://host.com/%257Ea%2521b%2540c%2523d%2524e%25f%255E00%252611%252A"
 120           "22%252833%252944_55%252B",
 121       "host.com",
 122       "/~a!b@c%23d$e%25f^00&11*22(33)44_55+",
 123       ""
 124     }, {
 125       "http://3279880203/blah",
 126       "195.127.0.11",
 127       "/blah",
 128       ""
 129     }, {
 130       "http://www.google.com/blah/..",
 131       "www.google.com",
 132       "/",
 133       ""
 134     }, {
 135       "http://www.google.com/blah#fraq",
 136       "www.google.com",
 137       "/blah",
 138       ""
 139     }, {
 140       "http://www.GOOgle.com/",
 141       "www.google.com",
 142       "/",
 143       ""
 144     }, {
 145       "http://www.google.com.../",
 146       "www.google.com",
 147       "/",
 148       ""
 149     }, {
 150       "http://www.google.com/q?",
 151       "www.google.com",
 152       "/q",
 153       ""
 154     }, {
 155       "http://www.google.com/q?r?",
 156       "www.google.com",
 157       "/q",
 158       "r?"
 159     }, {
 160       "http://www.google.com/q?r?s",
 161       "www.google.com",
 162       "/q",
 163       "r?s"
 164     }, {
 165       "http://evil.com/foo#bar#baz",
 166       "evil.com",
 167       "/foo",
 168       ""
 169     }, {
 170       "http://evil.com/foo;",
 171       "evil.com",
 172       "/foo;",
 173       ""
 174     }, {
 175       "http://evil.com/foo?bar;",
 176       "evil.com",
 177       "/foo",
 178       "bar;"
 179     }, {
 180       "http://notrailingslash.com",
 181       "notrailingslash.com",
 182       "/",
 183       ""
 184     }, {
 185       "http://www.gotaport.com:1234/",
 186       "www.gotaport.com",
 187       "/",
 188       ""
 189     }, {
 190       "  http://www.google.com/  ",
 191       "www.google.com",
 192       "/",
 193       ""
 194     }, {
 195       "http:// leadingspace.com/",
 196       "%20leadingspace.com",
 197       "/",
 198       ""
 199     }, {
 200       "http://%20leadingspace.com/",
 201       "%20leadingspace.com",
 202       "/",
 203       ""
 204     }, {
 205       "https://www.securesite.com/",
 206       "www.securesite.com",
 207       "/",
 208       ""
 209     }, {
 210       "http://host.com/ab%23cd",
 211       "host.com",
 212       "/ab%23cd",
 213       ""
 214     }, {
 215       "http://host%3e.com//twoslashes?more//slashes",
 216       "host>.com",
 217       "/twoslashes",
 218       "more//slashes"
 219     }, {
 220       "http://host.com/abc?val=xyz#anything",
 221       "host.com",
 222       "/abc",
 223       "val=xyz"
 224     }, {
 225       "http://abc:def@host.com/xyz",
 226       "host.com",
 227       "/xyz",
 228       ""
 229     }, {
 230       "http://host%3e.com/abc/%2e%2e%2fdef",
 231       "host>.com",
 232       "/def",
 233       ""
 234     }, {
 235       "http://.......host...com.....//abc/////def%2F%2F%2Fxyz",
 236       "host.com",
 237       "/abc/def/xyz",
 238       ""
 239     }, {
 240       "ftp://host.com/foo?bar",
 241       "host.com",
 242       "/foo",
 243       "bar"
 244     }, {
 245       "data:text/html;charset=utf-8,%0D%0A",
 246       "",
 247       "",
 248       ""
 249     }, {
 250       "javascript:alert()",
 251       "",
 252       "",
 253       ""
 254     }, {
 255       "mailto:abc@example.com",
 256       "",
 257       "",
 258       ""
 259     },
 260   };
 261   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
 262     SCOPED_TRACE(base::StringPrintf("Test: %s", tests[i].input_url));
 263     GURL url(tests[i].input_url);
 264
 265     std::string canonicalized_hostname;
 266     std::string canonicalized_path;
 267     std::string canonicalized_query;
 268     safe_browsing_util::CanonicalizeUrl(url, &canonicalized_hostname,
 269         &canonicalized_path, &canonicalized_query);
 270
 271     EXPECT_EQ(tests[i].expected_canonicalized_hostname,
 272               canonicalized_hostname);
 273     EXPECT_EQ(tests[i].expected_canonicalized_path,
 274               canonicalized_path);
 275     EXPECT_EQ(tests[i].expected_canonicalized_query,
 276               canonicalized_query);
 277   }
 278 }
 279
 280 TEST(SafeBrowsingUtilTest, GetUrlHashIndex) {
 281   GURL url("http://www.evil.com/phish.html");
 282   SBFullHashResult full_hash;
 283   full_hash.hash = SBFullHashForString(url.host() + url.path());
 284   std::vector<SBFullHashResult> full_hashes;
 285   full_hashes.push_back(full_hash);
 286
 287   EXPECT_EQ(safe_browsing_util::GetUrlHashIndex(url, full_hashes), 0);
 288
 289   url = GURL("http://www.evil.com/okay_path.html");
 290   EXPECT_EQ(safe_browsing_util::GetUrlHashIndex(url, full_hashes), -1);
 291 }
 292
 293 TEST(SafeBrowsingUtilTest, ListIdListNameConversion) {
 294   std::string list_name;
 295   EXPECT_FALSE(safe_browsing_util::GetListName(safe_browsing_util::INVALID,
 296                                                &list_name));
 297   EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::MALWARE,
 298                                               &list_name));
 299   EXPECT_EQ(list_name, std::string(safe_browsing_util::kMalwareList));
 300   EXPECT_EQ(safe_browsing_util::MALWARE,
 301             safe_browsing_util::GetListId(list_name));
 302
 303   EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::PHISH,
 304                                               &list_name));
 305   EXPECT_EQ(list_name, std::string(safe_browsing_util::kPhishingList));
 306   EXPECT_EQ(safe_browsing_util::PHISH,
 307             safe_browsing_util::GetListId(list_name));
 308
 309   EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::BINURL,
 310                                               &list_name));
 311   EXPECT_EQ(list_name, std::string(safe_browsing_util::kBinUrlList));
 312   EXPECT_EQ(safe_browsing_util::BINURL,
 313             safe_browsing_util::GetListId(list_name));
 314 }
 315
 316 // Since the ids are saved in file, we need to make sure they don't change.
 317 // Since only the last bit of each id is saved in file together with
 318 // chunkids, this checks only last bit.
 319 TEST(SafeBrowsingUtilTest, ListIdVerification) {
 320   EXPECT_EQ(0, safe_browsing_util::MALWARE % 2);
 321   EXPECT_EQ(1, safe_browsing_util::PHISH % 2);
 322   EXPECT_EQ(0, safe_browsing_util::BINURL %2);
 323 }
 324
 325 TEST(SafeBrowsingUtilTest, StringToSBFullHashAndSBFullHashToString) {
 326   // 31 chars plus the last \0 as full_hash.
 327   const std::string hash_in = "12345678902234567890323456789012";
 328   SBFullHash hash_out = safe_browsing_util::StringToSBFullHash(hash_in);
 329   EXPECT_EQ(0x34333231U, hash_out.prefix);
 330   EXPECT_EQ(0, memcmp(hash_in.data(), hash_out.full_hash, sizeof(SBFullHash)));
 331
 332   std::string hash_final = safe_browsing_util::SBFullHashToString(hash_out);
 333   EXPECT_EQ(hash_in, hash_final);
 334 }
 335
 336 TEST(SafeBrowsingUtilTest, FullHashOperators) {
 337   const SBFullHash kHash1 = SBFullHashForString("one");
 338   const SBFullHash kHash2 = SBFullHashForString("two");
 339
 340   EXPECT_TRUE(SBFullHashEqual(kHash1, kHash1));
 341   EXPECT_TRUE(SBFullHashEqual(kHash2, kHash2));
 342   EXPECT_FALSE(SBFullHashEqual(kHash1, kHash2));
 343   EXPECT_FALSE(SBFullHashEqual(kHash2, kHash1));
 344
 345   EXPECT_FALSE(SBFullHashLess(kHash1, kHash2));
 346   EXPECT_TRUE(SBFullHashLess(kHash2, kHash1));
 347
 348   EXPECT_FALSE(SBFullHashLess(kHash1, kHash1));
 349   EXPECT_FALSE(SBFullHashLess(kHash2, kHash2));
 350 }
 351
 352 }  // namespace