普通文本  |  349行  |  9.78 KB

// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <algorithm>

#include "base/string_util.h"
#include "crypto/sha2.h"
#include "chrome/browser/safe_browsing/safe_browsing_util.h"
#include "googleurl/src/gurl.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace {

bool VectorContains(const std::vector<std::string>& data,
                    const std::string& str) {
  return std::find(data.begin(), data.end(), str) != data.end();
}

}

// Tests that we generate the required host/path combinations for testing
// according to the Safe Browsing spec.
// See section 6.2 in
// http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
TEST(SafeBrowsingUtilTest, UrlParsing) {
  std::vector<std::string> hosts, paths;

  GURL url("http://a.b.c/1/2.html?param=1");
  safe_browsing_util::GenerateHostsToCheck(url, &hosts);
  safe_browsing_util::GeneratePathsToCheck(url, &paths);
  EXPECT_EQ(hosts.size(), static_cast<size_t>(2));
  EXPECT_EQ(paths.size(), static_cast<size_t>(4));
  EXPECT_EQ(hosts[0], "b.c");
  EXPECT_EQ(hosts[1], "a.b.c");

  EXPECT_TRUE(VectorContains(paths, "/1/2.html?param=1"));
  EXPECT_TRUE(VectorContains(paths, "/1/2.html"));
  EXPECT_TRUE(VectorContains(paths, "/1/"));
  EXPECT_TRUE(VectorContains(paths, "/"));

  url = GURL("http://a.b.c.d.e.f.g/1.html");
  safe_browsing_util::GenerateHostsToCheck(url, &hosts);
  safe_browsing_util::GeneratePathsToCheck(url, &paths);
  EXPECT_EQ(hosts.size(), static_cast<size_t>(5));
  EXPECT_EQ(paths.size(), static_cast<size_t>(2));
  EXPECT_EQ(hosts[0], "f.g");
  EXPECT_EQ(hosts[1], "e.f.g");
  EXPECT_EQ(hosts[2], "d.e.f.g");
  EXPECT_EQ(hosts[3], "c.d.e.f.g");
  EXPECT_EQ(hosts[4], "a.b.c.d.e.f.g");
  EXPECT_TRUE(VectorContains(paths, "/1.html"));
  EXPECT_TRUE(VectorContains(paths, "/"));

  url = GURL("http://a.b/saw-cgi/eBayISAPI.dll/");
  safe_browsing_util::GeneratePathsToCheck(url, &paths);
  EXPECT_EQ(paths.size(), static_cast<size_t>(3));
  EXPECT_TRUE(VectorContains(paths, "/saw-cgi/eBayISAPI.dll/"));
  EXPECT_TRUE(VectorContains(paths, "/saw-cgi/"));
  EXPECT_TRUE(VectorContains(paths, "/"));
}

// Tests the url canonicalization according to the Safe Browsing spec.
// See section 6.1 in
// http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
TEST(SafeBrowsingUtilTest, CanonicalizeUrl) {
  struct {
    const char* input_url;
    const char* expected_canonicalized_hostname;
    const char* expected_canonicalized_path;
    const char* expected_canonicalized_query;
  } tests[] = {
    {
      "http://host/%25%32%35",
      "host",
      "/%25",
      ""
    }, {
      "http://host/%25%32%35%25%32%35",
      "host",
      "/%25%25",
      ""
    }, {
      "http://host/%2525252525252525",
      "host",
      "/%25",
      ""
    }, {
      "http://host/asdf%25%32%35asd",
      "host",
      "/asdf%25asd",
      ""
    }, {
      "http://host/%%%25%32%35asd%%",
      "host",
      "/%25%25%25asd%25%25",
      ""
    }, {
      "http://host/%%%25%32%35asd%%",
      "host",
      "/%25%25%25asd%25%25",
      ""
    }, {
      "http://www.google.com/",
      "www.google.com",
      "/",
      ""
    }, {
      "http://%31%36%38%2e%31%38%38%2e%39%39%2e%32%36/%2E%73%65%63%75%72%65/%77"
          "%77%77%2E%65%62%61%79%2E%63%6F%6D/",
      "168.188.99.26",
      "/.secure/www.ebay.com/",
      ""
    }, {
      "http://195.127.0.11/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserd"
          "ataxplimnbqmn-xplmvalidateinfoswqpcmlx=hgplmcx/",
      "195.127.0.11",
      "/uploads/%20%20%20%20/.verify/.eBaysecure=updateuserdataxplimnbqmn-xplmv"
          "alidateinfoswqpcmlx=hgplmcx/",
      ""
    }, {
      "http://host.com/%257Ea%2521b%2540c%2523d%2524e%25f%255E00%252611%252A"
          "22%252833%252944_55%252B",
      "host.com",
      "/~a!b@c%23d$e%25f^00&11*22(33)44_55+",
      ""
    }, {
      "http://3279880203/blah",
      "195.127.0.11",
      "/blah",
      ""
    }, {
      "http://www.google.com/blah/..",
      "www.google.com",
      "/",
      ""
    }, {
      "http://www.google.com/blah#fraq",
      "www.google.com",
      "/blah",
      ""
    }, {
      "http://www.GOOgle.com/",
      "www.google.com",
      "/",
      ""
    }, {
      "http://www.google.com.../",
      "www.google.com",
      "/",
      ""
    }, {
      "http://www.google.com/q?",
      "www.google.com",
      "/q",
      ""
    }, {
      "http://www.google.com/q?r?",
      "www.google.com",
      "/q",
      "r?"
    }, {
      "http://www.google.com/q?r?s",
      "www.google.com",
      "/q",
      "r?s"
    }, {
      "http://evil.com/foo#bar#baz",
      "evil.com",
      "/foo",
      ""
    }, {
      "http://evil.com/foo;",
      "evil.com",
      "/foo;",
      ""
    }, {
      "http://evil.com/foo?bar;",
      "evil.com",
      "/foo",
      "bar;"
    }, {
      "http://notrailingslash.com",
      "notrailingslash.com",
      "/",
      ""
    }, {
      "http://www.gotaport.com:1234/",
      "www.gotaport.com",
      "/",
      ""
    }, {
      "  http://www.google.com/  ",
      "www.google.com",
      "/",
      ""
    }, {
      "http:// leadingspace.com/",
      "%20leadingspace.com",
      "/",
      ""
    }, {
      "http://%20leadingspace.com/",
      "%20leadingspace.com",
      "/",
      ""
    }, {
      "https://www.securesite.com/",
      "www.securesite.com",
      "/",
      ""
    }, {
      "http://host.com/ab%23cd",
      "host.com",
      "/ab%23cd",
      ""
    }, {
      "http://host%3e.com//twoslashes?more//slashes",
      "host>.com",
      "/twoslashes",
      "more//slashes"
    }, {
      "http://host.com/abc?val=xyz#anything",
      "host.com",
      "/abc",
      "val=xyz"
    }, {
      "http://abc:def@host.com/xyz",
      "host.com",
      "/xyz",
      ""
    }, {
      "http://host%3e.com/abc/%2e%2e%2fdef",
      "host>.com",
      "/def",
      ""
    }, {
      "http://.......host...com.....//abc/////def%2F%2F%2Fxyz",
      "host.com",
      "/abc/def/xyz",
      ""
    }, {
      "ftp://host.com/foo?bar",
      "host.com",
      "/foo",
      "bar"
    }, {
      "data:text/html;charset=utf-8,%0D%0A",
      "",
      "",
      ""
    }, {
      "javascript:alert()",
      "",
      "",
      ""
    }, {
      "mailto:abc@example.com",
      "",
      "",
      ""
    },
  };
  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
    SCOPED_TRACE(StringPrintf("Test: %s", tests[i].input_url));
    GURL url(tests[i].input_url);

    std::string canonicalized_hostname;
    std::string canonicalized_path;
    std::string canonicalized_query;
    safe_browsing_util::CanonicalizeUrl(url, &canonicalized_hostname,
        &canonicalized_path, &canonicalized_query);

    EXPECT_EQ(tests[i].expected_canonicalized_hostname,
              canonicalized_hostname);
    EXPECT_EQ(tests[i].expected_canonicalized_path,
              canonicalized_path);
    EXPECT_EQ(tests[i].expected_canonicalized_query,
              canonicalized_query);
  }
}

TEST(SafeBrowsingUtilTest, GetUrlHashIndex) {
  GURL url("http://www.evil.com/phish.html");
  SBFullHashResult full_hash;
  crypto::SHA256HashString(url.host() + url.path(),
                         &full_hash.hash,
                         sizeof(SBFullHash));
  std::vector<SBFullHashResult> full_hashes;
  full_hashes.push_back(full_hash);

  EXPECT_EQ(safe_browsing_util::GetUrlHashIndex(url, full_hashes), 0);

  url = GURL("http://www.evil.com/okay_path.html");
  EXPECT_EQ(safe_browsing_util::GetUrlHashIndex(url, full_hashes), -1);
}

TEST(SafeBrowsingUtilTest, ListIdListNameConversion) {
  std::string list_name;
  EXPECT_FALSE(safe_browsing_util::GetListName(safe_browsing_util::INVALID,
                                               &list_name));
  EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::MALWARE,
                                              &list_name));
  EXPECT_EQ(list_name, std::string(safe_browsing_util::kMalwareList));
  EXPECT_EQ(safe_browsing_util::MALWARE,
            safe_browsing_util::GetListId(list_name));

  EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::PHISH,
                                              &list_name));
  EXPECT_EQ(list_name, std::string(safe_browsing_util::kPhishingList));
  EXPECT_EQ(safe_browsing_util::PHISH,
            safe_browsing_util::GetListId(list_name));

  EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::BINURL,
                                              &list_name));
  EXPECT_EQ(list_name, std::string(safe_browsing_util::kBinUrlList));
  EXPECT_EQ(safe_browsing_util::BINURL,
            safe_browsing_util::GetListId(list_name));


  EXPECT_TRUE(safe_browsing_util::GetListName(safe_browsing_util::BINHASH,
                                              &list_name));
  EXPECT_EQ(list_name, std::string(safe_browsing_util::kBinHashList));
  EXPECT_EQ(safe_browsing_util::BINHASH,
            safe_browsing_util::GetListId(list_name));
}

// Since the ids are saved in file, we need to make sure they don't change.
// Since only the last bit of each id is saved in file together with
// chunkids, this checks only last bit.
TEST(SafeBrowsingUtilTest, ListIdVerification) {
  EXPECT_EQ(0, safe_browsing_util::MALWARE % 2);
  EXPECT_EQ(1, safe_browsing_util::PHISH % 2);
  EXPECT_EQ(0, safe_browsing_util::BINURL %2);
  EXPECT_EQ(1, safe_browsing_util::BINHASH % 2);
}

TEST(SafeBrowsingUtilTest, StringToSBFullHashAndSBFullHashToString) {
  // 31 chars plus the last \0 as full_hash.
  const std::string hash_in = "12345678902234567890323456789012";
  SBFullHash hash_out;
  safe_browsing_util::StringToSBFullHash(hash_in, &hash_out);
  EXPECT_EQ(0x34333231, hash_out.prefix);
  EXPECT_EQ(0, memcmp(hash_in.data(), hash_out.full_hash, sizeof(SBFullHash)));

  std::string hash_final = safe_browsing_util::SBFullHashToString(hash_out);
  EXPECT_EQ(hash_in, hash_final);
}