1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 // Unit tests for the SafeBrowsing storage system. 6 7 #include "base/file_util.h" 8 #include "base/files/scoped_temp_dir.h" 9 #include "base/logging.h" 10 #include "base/message_loop/message_loop.h" 11 #include "base/sha1.h" 12 #include "base/time/time.h" 13 #include "chrome/browser/safe_browsing/safe_browsing_database.h" 14 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h" 15 #include "chrome/browser/safe_browsing/safe_browsing_store_unittest_helper.h" 16 #include "content/public/test/test_browser_thread_bundle.h" 17 #include "crypto/sha2.h" 18 #include "net/base/net_util.h" 19 #include "sql/connection.h" 20 #include "sql/statement.h" 21 #include "testing/gtest/include/gtest/gtest.h" 22 #include "testing/platform_test.h" 23 #include "url/gurl.h" 24 25 using base::Time; 26 27 namespace { 28 29 SBPrefix Sha256Prefix(const std::string& str) { 30 SBPrefix prefix; 31 crypto::SHA256HashString(str, &prefix, sizeof(prefix)); 32 return prefix; 33 } 34 35 SBFullHash Sha256Hash(const std::string& str) { 36 SBFullHash hash; 37 crypto::SHA256HashString(str, &hash, sizeof(hash)); 38 return hash; 39 } 40 41 std::string HashedIpPrefix(const std::string& ip_prefix, size_t prefix_size) { 42 net::IPAddressNumber ip_number; 43 EXPECT_TRUE(net::ParseIPLiteralToNumber(ip_prefix, &ip_number)); 44 EXPECT_EQ(net::kIPv6AddressSize, ip_number.size()); 45 const std::string hashed_ip_prefix = base::SHA1HashString( 46 net::IPAddressToPackedString(ip_number)); 47 std::string hash(crypto::kSHA256Length, '\0'); 48 hash.replace(0, hashed_ip_prefix.size(), hashed_ip_prefix); 49 hash[base::kSHA1Length] = static_cast<char>(prefix_size); 50 return hash; 51 } 52 53 // Same as InsertAddChunkHostPrefixUrl, but with pre-computed 54 // prefix values. 55 void InsertAddChunkHostPrefixValue(SBChunk* chunk, 56 int chunk_number, 57 const SBPrefix& host_prefix, 58 const SBPrefix& url_prefix) { 59 chunk->chunk_number = chunk_number; 60 chunk->is_add = true; 61 SBChunkHost host; 62 host.host = host_prefix; 63 host.entry = SBEntry::Create(SBEntry::ADD_PREFIX, 1); 64 host.entry->set_chunk_id(chunk->chunk_number); 65 host.entry->SetPrefixAt(0, url_prefix); 66 chunk->hosts.push_back(host); 67 } 68 69 // A helper function that appends one AddChunkHost to chunk with 70 // one url for prefix. 71 void InsertAddChunkHostPrefixUrl(SBChunk* chunk, 72 int chunk_number, 73 const std::string& host_name, 74 const std::string& url) { 75 InsertAddChunkHostPrefixValue(chunk, chunk_number, 76 Sha256Prefix(host_name), 77 Sha256Prefix(url)); 78 } 79 80 // Same as InsertAddChunkHostPrefixUrl, but with full hashes. 81 void InsertAddChunkHostFullHashes(SBChunk* chunk, 82 int chunk_number, 83 const std::string& host_name, 84 const std::string& url) { 85 chunk->chunk_number = chunk_number; 86 chunk->is_add = true; 87 SBChunkHost host; 88 host.host = Sha256Prefix(host_name); 89 host.entry = SBEntry::Create(SBEntry::ADD_FULL_HASH, 1); 90 host.entry->set_chunk_id(chunk->chunk_number); 91 host.entry->SetFullHashAt(0, Sha256Hash(url)); 92 chunk->hosts.push_back(host); 93 } 94 95 void InsertAddChunkFullHash(SBChunk* chunk, 96 int chunk_number, 97 const std::string& ip_str, 98 size_t prefix_size) { 99 const std::string full_hash_str = HashedIpPrefix(ip_str, prefix_size); 100 EXPECT_EQ(sizeof(SBFullHash), full_hash_str.size()); 101 SBFullHash full_hash; 102 std::memcpy(&(full_hash.full_hash), full_hash_str.data(), sizeof(SBFullHash)); 103 104 chunk->chunk_number = chunk_number; 105 chunk->is_add = true; 106 SBChunkHost host; 107 host.host = full_hash.prefix; 108 host.entry = SBEntry::Create(SBEntry::ADD_FULL_HASH, 1); 109 host.entry->set_chunk_id(chunk->chunk_number); 110 host.entry->SetFullHashAt(0, full_hash); 111 chunk->hosts.push_back(host); 112 } 113 114 // Same as InsertAddChunkHostPrefixUrl, but with two urls for prefixes. 115 void InsertAddChunkHost2PrefixUrls(SBChunk* chunk, 116 int chunk_number, 117 const std::string& host_name, 118 const std::string& url1, 119 const std::string& url2) { 120 chunk->chunk_number = chunk_number; 121 chunk->is_add = true; 122 SBChunkHost host; 123 host.host = Sha256Prefix(host_name); 124 host.entry = SBEntry::Create(SBEntry::ADD_PREFIX, 2); 125 host.entry->set_chunk_id(chunk->chunk_number); 126 host.entry->SetPrefixAt(0, Sha256Prefix(url1)); 127 host.entry->SetPrefixAt(1, Sha256Prefix(url2)); 128 chunk->hosts.push_back(host); 129 } 130 131 // Same as InsertAddChunkHost2PrefixUrls, but with full hashes. 132 void InsertAddChunkHost2FullHashes(SBChunk* chunk, 133 int chunk_number, 134 const std::string& host_name, 135 const std::string& url1, 136 const std::string& url2) { 137 chunk->chunk_number = chunk_number; 138 chunk->is_add = true; 139 SBChunkHost host; 140 host.host = Sha256Prefix(host_name); 141 host.entry = SBEntry::Create(SBEntry::ADD_FULL_HASH, 2); 142 host.entry->set_chunk_id(chunk->chunk_number); 143 host.entry->SetFullHashAt(0, Sha256Hash(url1)); 144 host.entry->SetFullHashAt(1, Sha256Hash(url2)); 145 chunk->hosts.push_back(host); 146 } 147 148 // Same as InsertSubChunkHostPrefixUrl, but with pre-computed 149 // prefix values. 150 void InsertSubChunkHostPrefixValue(SBChunk* chunk, 151 int chunk_number, 152 int chunk_id_to_sub, 153 const SBPrefix& host_prefix, 154 const SBPrefix& url_prefix) { 155 chunk->chunk_number = chunk_number; 156 chunk->is_add = false; 157 SBChunkHost host; 158 host.host = host_prefix; 159 host.entry = SBEntry::Create(SBEntry::SUB_PREFIX, 1); 160 host.entry->set_chunk_id(chunk->chunk_number); 161 host.entry->SetChunkIdAtPrefix(0, chunk_id_to_sub); 162 host.entry->SetPrefixAt(0, url_prefix); 163 chunk->hosts.push_back(host); 164 } 165 166 // A helper function that adds one SubChunkHost to chunk with 167 // one url for prefix. 168 void InsertSubChunkHostPrefixUrl(SBChunk* chunk, 169 int chunk_number, 170 int chunk_id_to_sub, 171 const std::string& host_name, 172 const std::string& url) { 173 InsertSubChunkHostPrefixValue(chunk, chunk_number, 174 chunk_id_to_sub, 175 Sha256Prefix(host_name), 176 Sha256Prefix(url)); 177 } 178 179 // Same as InsertSubChunkHostPrefixUrl, but with two urls for prefixes. 180 void InsertSubChunkHost2PrefixUrls(SBChunk* chunk, 181 int chunk_number, 182 int chunk_id_to_sub, 183 const std::string& host_name, 184 const std::string& url1, 185 const std::string& url2) { 186 chunk->chunk_number = chunk_number; 187 chunk->is_add = false; 188 SBChunkHost host; 189 host.host = Sha256Prefix(host_name); 190 host.entry = SBEntry::Create(SBEntry::SUB_PREFIX, 2); 191 host.entry->set_chunk_id(chunk->chunk_number); 192 host.entry->SetPrefixAt(0, Sha256Prefix(url1)); 193 host.entry->SetChunkIdAtPrefix(0, chunk_id_to_sub); 194 host.entry->SetPrefixAt(1, Sha256Prefix(url2)); 195 host.entry->SetChunkIdAtPrefix(1, chunk_id_to_sub); 196 chunk->hosts.push_back(host); 197 } 198 199 // Same as InsertSubChunkHost2PrefixUrls, but with full hashes. 200 void InsertSubChunkHostFullHash(SBChunk* chunk, 201 int chunk_number, 202 int chunk_id_to_sub, 203 const std::string& host_name, 204 const std::string& url) { 205 chunk->chunk_number = chunk_number; 206 chunk->is_add = false; 207 SBChunkHost host; 208 host.host = Sha256Prefix(host_name); 209 host.entry = SBEntry::Create(SBEntry::SUB_FULL_HASH, 2); 210 host.entry->set_chunk_id(chunk->chunk_number); 211 host.entry->SetFullHashAt(0, Sha256Hash(url)); 212 host.entry->SetChunkIdAtPrefix(0, chunk_id_to_sub); 213 chunk->hosts.push_back(host); 214 } 215 216 // Prevent DCHECK from killing tests. 217 // TODO(shess): Pawel disputes the use of this, so the test which uses 218 // it is DISABLED. http://crbug.com/56448 219 class ScopedLogMessageIgnorer { 220 public: 221 ScopedLogMessageIgnorer() { 222 logging::SetLogMessageHandler(&LogMessageIgnorer); 223 } 224 ~ScopedLogMessageIgnorer() { 225 // TODO(shess): Would be better to verify whether anyone else 226 // changed it, and then restore it to the previous value. 227 logging::SetLogMessageHandler(NULL); 228 } 229 230 private: 231 static bool LogMessageIgnorer(int severity, const char* file, int line, 232 size_t message_start, const std::string& str) { 233 // Intercept FATAL, strip the stack backtrace, and log it without 234 // the crash part. 235 if (severity == logging::LOG_FATAL) { 236 size_t newline = str.find('\n'); 237 if (newline != std::string::npos) { 238 const std::string msg = str.substr(0, newline + 1); 239 fprintf(stderr, "%s", msg.c_str()); 240 fflush(stderr); 241 } 242 return true; 243 } 244 245 return false; 246 } 247 }; 248 249 } // namespace 250 251 class SafeBrowsingDatabaseTest : public PlatformTest { 252 public: 253 virtual void SetUp() { 254 PlatformTest::SetUp(); 255 256 // Setup a database in a temporary directory. 257 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); 258 database_.reset(new SafeBrowsingDatabaseNew); 259 database_filename_ = 260 temp_dir_.path().AppendASCII("SafeBrowsingTestDatabase"); 261 database_->Init(database_filename_); 262 } 263 264 virtual void TearDown() { 265 database_.reset(); 266 267 PlatformTest::TearDown(); 268 } 269 270 void GetListsInfo(std::vector<SBListChunkRanges>* lists) { 271 lists->clear(); 272 EXPECT_TRUE(database_->UpdateStarted(lists)); 273 database_->UpdateFinished(true); 274 } 275 276 // Helper function to do an AddDel or SubDel command. 277 void DelChunk(const std::string& list, 278 int chunk_id, 279 bool is_sub_del) { 280 std::vector<SBChunkDelete> deletes; 281 SBChunkDelete chunk_delete; 282 chunk_delete.list_name = list; 283 chunk_delete.is_sub_del = is_sub_del; 284 chunk_delete.chunk_del.push_back(ChunkRange(chunk_id)); 285 deletes.push_back(chunk_delete); 286 database_->DeleteChunks(deletes); 287 } 288 289 void AddDelChunk(const std::string& list, int chunk_id) { 290 DelChunk(list, chunk_id, false); 291 } 292 293 void SubDelChunk(const std::string& list, int chunk_id) { 294 DelChunk(list, chunk_id, true); 295 } 296 297 // Utility function for setting up the database for the caching test. 298 void PopulateDatabaseForCacheTest(); 299 300 scoped_ptr<SafeBrowsingDatabaseNew> database_; 301 base::FilePath database_filename_; 302 base::ScopedTempDir temp_dir_; 303 }; 304 305 // Tests retrieving list name information. 306 TEST_F(SafeBrowsingDatabaseTest, ListNameForBrowse) { 307 SBChunkList chunks; 308 SBChunk chunk; 309 310 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 311 "www.evil.com/malware.html"); 312 chunks.clear(); 313 chunks.push_back(chunk); 314 std::vector<SBListChunkRanges> lists; 315 EXPECT_TRUE(database_->UpdateStarted(&lists)); 316 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 317 318 chunk.hosts.clear(); 319 InsertAddChunkHostPrefixUrl(&chunk, 2, "www.foo.com/", 320 "www.foo.com/malware.html"); 321 chunks.clear(); 322 chunks.push_back(chunk); 323 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 324 325 chunk.hosts.clear(); 326 InsertAddChunkHostPrefixUrl(&chunk, 3, "www.whatever.com/", 327 "www.whatever.com/malware.html"); 328 chunks.clear(); 329 chunks.push_back(chunk); 330 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 331 database_->UpdateFinished(true); 332 333 GetListsInfo(&lists); 334 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 335 EXPECT_EQ(lists[0].adds, "1-3"); 336 EXPECT_TRUE(lists[0].subs.empty()); 337 338 // Insert a malware sub chunk. 339 chunk.hosts.clear(); 340 InsertSubChunkHostPrefixUrl(&chunk, 7, 19, "www.subbed.com/", 341 "www.subbed.com/noteveil1.html"); 342 chunks.clear(); 343 chunks.push_back(chunk); 344 345 EXPECT_TRUE(database_->UpdateStarted(&lists)); 346 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 347 database_->UpdateFinished(true); 348 349 GetListsInfo(&lists); 350 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 351 EXPECT_EQ(lists[0].adds, "1-3"); 352 EXPECT_EQ(lists[0].subs, "7"); 353 if (lists.size() == 2) { 354 // Old style database won't have the second entry since it creates the lists 355 // when it receives an update containing that list. The filter-based 356 // database has these values hard coded. 357 EXPECT_TRUE(lists[1].name == safe_browsing_util::kPhishingList); 358 EXPECT_TRUE(lists[1].adds.empty()); 359 EXPECT_TRUE(lists[1].subs.empty()); 360 } 361 362 // Add a phishing add chunk. 363 chunk.hosts.clear(); 364 InsertAddChunkHostPrefixUrl(&chunk, 47, "www.evil.com/", 365 "www.evil.com/phishing.html"); 366 chunks.clear(); 367 chunks.push_back(chunk); 368 EXPECT_TRUE(database_->UpdateStarted(&lists)); 369 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 370 371 // Insert some phishing sub chunks. 372 chunk.hosts.clear(); 373 InsertSubChunkHostPrefixUrl(&chunk, 200, 1999, "www.phishy.com/", 374 "www.phishy.com/notevil1.html"); 375 chunks.clear(); 376 chunks.push_back(chunk); 377 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 378 379 chunk.hosts.clear(); 380 InsertSubChunkHostPrefixUrl(&chunk, 201, 1999, "www.phishy2.com/", 381 "www.phishy2.com/notevil1.html"); 382 chunks.clear(); 383 chunks.push_back(chunk); 384 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 385 database_->UpdateFinished(true); 386 387 GetListsInfo(&lists); 388 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 389 EXPECT_EQ(lists[0].adds, "1-3"); 390 EXPECT_EQ(lists[0].subs, "7"); 391 EXPECT_TRUE(lists[1].name == safe_browsing_util::kPhishingList); 392 EXPECT_EQ(lists[1].adds, "47"); 393 EXPECT_EQ(lists[1].subs, "200-201"); 394 } 395 396 TEST_F(SafeBrowsingDatabaseTest, ListNameForBrowseAndDownload) { 397 database_.reset(); 398 base::MessageLoop loop(base::MessageLoop::TYPE_DEFAULT); 399 SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile(); 400 SafeBrowsingStoreFile* download_store = new SafeBrowsingStoreFile(); 401 SafeBrowsingStoreFile* csd_whitelist_store = new SafeBrowsingStoreFile(); 402 SafeBrowsingStoreFile* download_whitelist_store = new SafeBrowsingStoreFile(); 403 SafeBrowsingStoreFile* extension_blacklist_store = 404 new SafeBrowsingStoreFile(); 405 SafeBrowsingStoreFile* ip_blacklist_store = new SafeBrowsingStoreFile(); 406 database_.reset(new SafeBrowsingDatabaseNew(browse_store, 407 download_store, 408 csd_whitelist_store, 409 download_whitelist_store, 410 extension_blacklist_store, 411 NULL, 412 ip_blacklist_store)); 413 database_->Init(database_filename_); 414 415 SBChunkList chunks; 416 SBChunk chunk; 417 418 // Insert malware, phish, binurl and bindownload add chunks. 419 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 420 "www.evil.com/malware.html"); 421 chunks.push_back(chunk); 422 std::vector<SBListChunkRanges> lists; 423 EXPECT_TRUE(database_->UpdateStarted(&lists)); 424 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 425 426 chunk.hosts.clear(); 427 InsertAddChunkHostPrefixUrl(&chunk, 2, "www.foo.com/", 428 "www.foo.com/malware.html"); 429 chunks.clear(); 430 chunks.push_back(chunk); 431 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 432 433 chunk.hosts.clear(); 434 InsertAddChunkHostPrefixUrl(&chunk, 3, "www.whatever.com/", 435 "www.whatever.com/download.html"); 436 chunks.clear(); 437 chunks.push_back(chunk); 438 database_->InsertChunks(safe_browsing_util::kBinUrlList, chunks); 439 440 chunk.hosts.clear(); 441 InsertAddChunkHostPrefixUrl(&chunk, 4, "www.forhash.com/", 442 "www.forhash.com/download.html"); 443 chunks.clear(); 444 chunks.push_back(chunk); 445 database_->InsertChunks(safe_browsing_util::kBinHashList, chunks); 446 447 chunk.hosts.clear(); 448 InsertAddChunkHostFullHashes(&chunk, 5, "www.forwhitelist.com/", 449 "www.forwhitelist.com/a.html"); 450 chunks.clear(); 451 chunks.push_back(chunk); 452 database_->InsertChunks(safe_browsing_util::kCsdWhiteList, chunks); 453 454 chunk.hosts.clear(); 455 InsertAddChunkHostFullHashes(&chunk, 6, "www.download.com/", 456 "www.download.com/"); 457 458 chunks.clear(); 459 chunks.push_back(chunk); 460 database_->InsertChunks(safe_browsing_util::kDownloadWhiteList, chunks); 461 462 chunk.hosts.clear(); 463 InsertAddChunkHostFullHashes(&chunk, 8, 464 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 465 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); 466 467 chunks.clear(); 468 chunks.push_back(chunk); 469 database_->InsertChunks(safe_browsing_util::kExtensionBlacklist, chunks); 470 471 chunk.hosts.clear(); 472 InsertAddChunkFullHash(&chunk, 9, "::ffff:192.168.1.0", 120); 473 474 chunks.clear(); 475 chunks.push_back(chunk); 476 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 477 478 database_->UpdateFinished(true); 479 480 GetListsInfo(&lists); 481 ASSERT_EQ(7U, lists.size()); 482 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 483 EXPECT_EQ(lists[0].adds, "1"); 484 EXPECT_TRUE(lists[0].subs.empty()); 485 EXPECT_TRUE(lists[1].name == safe_browsing_util::kPhishingList); 486 EXPECT_EQ(lists[1].adds, "2"); 487 EXPECT_TRUE(lists[1].subs.empty()); 488 EXPECT_TRUE(lists[2].name == safe_browsing_util::kBinUrlList); 489 EXPECT_EQ(lists[2].adds, "3"); 490 EXPECT_TRUE(lists[2].subs.empty()); 491 // kBinHashList is ignored. (http://crbug.com/108130) 492 EXPECT_TRUE(lists[3].name == safe_browsing_util::kCsdWhiteList); 493 EXPECT_EQ(lists[3].adds, "5"); 494 EXPECT_TRUE(lists[3].subs.empty()); 495 EXPECT_TRUE(lists[4].name == safe_browsing_util::kDownloadWhiteList); 496 EXPECT_EQ(lists[4].adds, "6"); 497 EXPECT_TRUE(lists[4].subs.empty()); 498 EXPECT_TRUE(lists[5].name == safe_browsing_util::kExtensionBlacklist); 499 EXPECT_EQ(lists[5].adds, "8"); 500 EXPECT_TRUE(lists[5].subs.empty()); 501 EXPECT_TRUE(lists[6].name == safe_browsing_util::kIPBlacklist); 502 EXPECT_EQ(lists[6].adds, "9"); 503 EXPECT_TRUE(lists[6].subs.empty()); 504 505 database_.reset(); 506 } 507 508 // Checks database reading and writing for browse. 509 TEST_F(SafeBrowsingDatabaseTest, BrowseDatabase) { 510 SBChunkList chunks; 511 SBChunk chunk; 512 513 // Add a simple chunk with one hostkey. 514 InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.evil.com/", 515 "www.evil.com/phishing.html", 516 "www.evil.com/malware.html"); 517 chunks.push_back(chunk); 518 std::vector<SBListChunkRanges> lists; 519 EXPECT_TRUE(database_->UpdateStarted(&lists)); 520 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 521 522 chunk.hosts.clear(); 523 InsertAddChunkHost2PrefixUrls(&chunk, 2, "www.evil.com/", 524 "www.evil.com/notevil1.html", 525 "www.evil.com/notevil2.html"); 526 InsertAddChunkHost2PrefixUrls(&chunk, 2, "www.good.com/", 527 "www.good.com/good1.html", 528 "www.good.com/good2.html"); 529 chunks.clear(); 530 chunks.push_back(chunk); 531 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 532 533 // and a chunk with an IP-based host 534 chunk.hosts.clear(); 535 InsertAddChunkHostPrefixUrl(&chunk, 3, "192.168.0.1/", 536 "192.168.0.1/malware.html"); 537 chunks.clear(); 538 chunks.push_back(chunk); 539 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 540 database_->UpdateFinished(true); 541 542 // Make sure they were added correctly. 543 GetListsInfo(&lists); 544 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 545 EXPECT_EQ(lists[0].adds, "1-3"); 546 EXPECT_TRUE(lists[0].subs.empty()); 547 548 const Time now = Time::Now(); 549 std::vector<SBFullHashResult> full_hashes; 550 std::vector<SBPrefix> prefix_hits; 551 std::string matching_list; 552 EXPECT_TRUE(database_->ContainsBrowseUrl( 553 GURL("http://www.evil.com/phishing.html"), 554 &matching_list, &prefix_hits, 555 &full_hashes, now)); 556 EXPECT_EQ(prefix_hits[0], Sha256Prefix("www.evil.com/phishing.html")); 557 EXPECT_EQ(prefix_hits.size(), 1U); 558 559 EXPECT_TRUE(database_->ContainsBrowseUrl( 560 GURL("http://www.evil.com/malware.html"), 561 &matching_list, &prefix_hits, 562 &full_hashes, now)); 563 564 EXPECT_TRUE(database_->ContainsBrowseUrl( 565 GURL("http://www.evil.com/notevil1.html"), 566 &matching_list, &prefix_hits, 567 &full_hashes, now)); 568 569 EXPECT_TRUE(database_->ContainsBrowseUrl( 570 GURL("http://www.evil.com/notevil2.html"), 571 &matching_list, &prefix_hits, 572 &full_hashes, now)); 573 574 EXPECT_TRUE(database_->ContainsBrowseUrl( 575 GURL("http://www.good.com/good1.html"), 576 &matching_list, &prefix_hits, 577 &full_hashes, now)); 578 579 EXPECT_TRUE(database_->ContainsBrowseUrl( 580 GURL("http://www.good.com/good2.html"), 581 &matching_list, &prefix_hits, 582 &full_hashes, now)); 583 584 EXPECT_TRUE(database_->ContainsBrowseUrl( 585 GURL("http://192.168.0.1/malware.html"), 586 &matching_list, &prefix_hits, 587 &full_hashes, now)); 588 589 EXPECT_FALSE(database_->ContainsBrowseUrl( 590 GURL("http://www.evil.com/"), 591 &matching_list, &prefix_hits, 592 &full_hashes, now)); 593 EXPECT_TRUE(prefix_hits.empty()); 594 595 EXPECT_FALSE(database_->ContainsBrowseUrl( 596 GURL("http://www.evil.com/robots.txt"), 597 &matching_list, &prefix_hits, 598 &full_hashes, now)); 599 600 // Attempt to re-add the first chunk (should be a no-op). 601 // see bug: http://code.google.com/p/chromium/issues/detail?id=4522 602 chunk.hosts.clear(); 603 InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.evil.com/", 604 "www.evil.com/phishing.html", 605 "www.evil.com/malware.html"); 606 chunks.clear(); 607 chunks.push_back(chunk); 608 EXPECT_TRUE(database_->UpdateStarted(&lists)); 609 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 610 database_->UpdateFinished(true); 611 612 GetListsInfo(&lists); 613 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 614 EXPECT_EQ(lists[0].adds, "1-3"); 615 EXPECT_TRUE(lists[0].subs.empty()); 616 617 // Test removing a single prefix from the add chunk. 618 chunk.hosts.clear(); 619 InsertSubChunkHostPrefixUrl(&chunk, 4, 2, "www.evil.com/", 620 "www.evil.com/notevil1.html"); 621 chunks.clear(); 622 chunks.push_back(chunk); 623 EXPECT_TRUE(database_->UpdateStarted(&lists)); 624 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 625 626 database_->UpdateFinished(true); 627 628 EXPECT_TRUE(database_->ContainsBrowseUrl( 629 GURL("http://www.evil.com/phishing.html"), 630 &matching_list, &prefix_hits, 631 &full_hashes, now)); 632 EXPECT_EQ(prefix_hits[0], Sha256Prefix("www.evil.com/phishing.html")); 633 EXPECT_EQ(prefix_hits.size(), 1U); 634 635 EXPECT_FALSE(database_->ContainsBrowseUrl( 636 GURL("http://www.evil.com/notevil1.html"), 637 &matching_list, &prefix_hits, 638 &full_hashes, now)); 639 EXPECT_TRUE(prefix_hits.empty()); 640 641 EXPECT_TRUE(database_->ContainsBrowseUrl( 642 GURL("http://www.evil.com/notevil2.html"), 643 &matching_list, &prefix_hits, 644 &full_hashes, now)); 645 646 EXPECT_TRUE(database_->ContainsBrowseUrl( 647 GURL("http://www.good.com/good1.html"), 648 &matching_list, &prefix_hits, 649 &full_hashes, now)); 650 651 EXPECT_TRUE(database_->ContainsBrowseUrl( 652 GURL("http://www.good.com/good2.html"), 653 &matching_list, &prefix_hits, 654 &full_hashes, now)); 655 656 GetListsInfo(&lists); 657 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 658 EXPECT_EQ(lists[0].subs, "4"); 659 660 // Test the same sub chunk again. This should be a no-op. 661 // see bug: http://code.google.com/p/chromium/issues/detail?id=4522 662 chunk.hosts.clear(); 663 InsertSubChunkHostPrefixUrl(&chunk, 4, 2, "www.evil.com/", 664 "www.evil.com/notevil1.html"); 665 chunks.clear(); 666 chunks.push_back(chunk); 667 668 EXPECT_TRUE(database_->UpdateStarted(&lists)); 669 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 670 database_->UpdateFinished(true); 671 672 GetListsInfo(&lists); 673 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 674 EXPECT_EQ(lists[0].subs, "4"); 675 676 // Test removing all the prefixes from an add chunk. 677 EXPECT_TRUE(database_->UpdateStarted(&lists)); 678 AddDelChunk(safe_browsing_util::kMalwareList, 2); 679 database_->UpdateFinished(true); 680 681 EXPECT_FALSE(database_->ContainsBrowseUrl( 682 GURL("http://www.evil.com/notevil2.html"), 683 &matching_list, &prefix_hits, 684 &full_hashes, now)); 685 686 EXPECT_FALSE(database_->ContainsBrowseUrl( 687 GURL("http://www.good.com/good1.html"), 688 &matching_list, &prefix_hits, 689 &full_hashes, now)); 690 691 EXPECT_FALSE(database_->ContainsBrowseUrl( 692 GURL("http://www.good.com/good2.html"), 693 &matching_list, &prefix_hits, 694 &full_hashes, now)); 695 696 GetListsInfo(&lists); 697 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 698 EXPECT_EQ(lists[0].adds, "1,3"); 699 EXPECT_EQ(lists[0].subs, "4"); 700 701 // The adddel command exposed a bug in the transaction code where any 702 // transaction after it would fail. Add a dummy entry and remove it to 703 // make sure the transcation works fine. 704 chunk.hosts.clear(); 705 InsertAddChunkHostPrefixUrl(&chunk, 44, "www.redherring.com/", 706 "www.redherring.com/index.html"); 707 chunks.clear(); 708 chunks.push_back(chunk); 709 EXPECT_TRUE(database_->UpdateStarted(&lists)); 710 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 711 712 // Now remove the dummy entry. If there are any problems with the 713 // transactions, asserts will fire. 714 AddDelChunk(safe_browsing_util::kMalwareList, 44); 715 716 // Test the subdel command. 717 SubDelChunk(safe_browsing_util::kMalwareList, 4); 718 database_->UpdateFinished(true); 719 720 GetListsInfo(&lists); 721 EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList); 722 EXPECT_EQ(lists[0].adds, "1,3"); 723 EXPECT_EQ(lists[0].subs, ""); 724 725 // Test a sub command coming in before the add. 726 chunk.hosts.clear(); 727 InsertSubChunkHost2PrefixUrls(&chunk, 5, 10, 728 "www.notevilanymore.com/", 729 "www.notevilanymore.com/index.html", 730 "www.notevilanymore.com/good.html"); 731 chunks.clear(); 732 chunks.push_back(chunk); 733 EXPECT_TRUE(database_->UpdateStarted(&lists)); 734 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 735 database_->UpdateFinished(true); 736 737 EXPECT_FALSE(database_->ContainsBrowseUrl( 738 GURL("http://www.notevilanymore.com/index.html"), 739 &matching_list, &prefix_hits, &full_hashes, now)); 740 741 // Now insert the tardy add chunk and we don't expect them to appear 742 // in database because of the previous sub chunk. 743 chunk.hosts.clear(); 744 InsertAddChunkHost2PrefixUrls(&chunk, 10, "www.notevilanymore.com/", 745 "www.notevilanymore.com/index.html", 746 "www.notevilanymore.com/good.html"); 747 chunks.clear(); 748 chunks.push_back(chunk); 749 EXPECT_TRUE(database_->UpdateStarted(&lists)); 750 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 751 database_->UpdateFinished(true); 752 753 EXPECT_FALSE(database_->ContainsBrowseUrl( 754 GURL("http://www.notevilanymore.com/index.html"), 755 &matching_list, &prefix_hits, &full_hashes, now)); 756 757 EXPECT_FALSE(database_->ContainsBrowseUrl( 758 GURL("http://www.notevilanymore.com/good.html"), 759 &matching_list, &prefix_hits, &full_hashes, now)); 760 } 761 762 763 // Test adding zero length chunks to the database. 764 TEST_F(SafeBrowsingDatabaseTest, ZeroSizeChunk) { 765 SBChunkList chunks; 766 SBChunk chunk; 767 768 // Populate with a couple of normal chunks. 769 InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.test.com/", 770 "www.test.com/test1.html", 771 "www.test.com/test2.html"); 772 chunks.clear(); 773 chunks.push_back(chunk); 774 775 chunk.hosts.clear(); 776 InsertAddChunkHost2PrefixUrls(&chunk, 10, "www.random.com/", 777 "www.random.com/random1.html", 778 "www.random.com/random2.html"); 779 chunks.push_back(chunk); 780 781 std::vector<SBListChunkRanges> lists; 782 EXPECT_TRUE(database_->UpdateStarted(&lists)); 783 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 784 database_->UpdateFinished(true); 785 786 // Add an empty ADD and SUB chunk. 787 GetListsInfo(&lists); 788 EXPECT_EQ(lists[0].adds, "1,10"); 789 790 SBChunk empty_chunk; 791 empty_chunk.chunk_number = 19; 792 empty_chunk.is_add = true; 793 chunks.clear(); 794 chunks.push_back(empty_chunk); 795 EXPECT_TRUE(database_->UpdateStarted(&lists)); 796 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 797 chunks.clear(); 798 empty_chunk.chunk_number = 7; 799 empty_chunk.is_add = false; 800 chunks.push_back(empty_chunk); 801 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 802 database_->UpdateFinished(true); 803 804 GetListsInfo(&lists); 805 EXPECT_EQ(lists[0].adds, "1,10,19"); 806 EXPECT_EQ(lists[0].subs, "7"); 807 808 // Add an empty chunk along with a couple that contain data. This should 809 // result in the chunk range being reduced in size. 810 empty_chunk.hosts.clear(); 811 InsertAddChunkHostPrefixUrl(&empty_chunk, 20, "www.notempy.com/", 812 "www.notempty.com/full1.html"); 813 chunks.clear(); 814 chunks.push_back(empty_chunk); 815 816 empty_chunk.chunk_number = 21; 817 empty_chunk.is_add = true; 818 empty_chunk.hosts.clear(); 819 chunks.push_back(empty_chunk); 820 821 empty_chunk.hosts.clear(); 822 InsertAddChunkHostPrefixUrl(&empty_chunk, 22, "www.notempy.com/", 823 "www.notempty.com/full2.html"); 824 chunks.push_back(empty_chunk); 825 826 EXPECT_TRUE(database_->UpdateStarted(&lists)); 827 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 828 database_->UpdateFinished(true); 829 830 const Time now = Time::Now(); 831 std::vector<SBFullHashResult> full_hashes; 832 std::vector<SBPrefix> prefix_hits; 833 std::string matching_list; 834 EXPECT_TRUE(database_->ContainsBrowseUrl( 835 GURL("http://www.notempty.com/full1.html"), 836 &matching_list, &prefix_hits, 837 &full_hashes, now)); 838 EXPECT_TRUE(database_->ContainsBrowseUrl( 839 GURL("http://www.notempty.com/full2.html"), 840 &matching_list, &prefix_hits, 841 &full_hashes, now)); 842 843 GetListsInfo(&lists); 844 EXPECT_EQ(lists[0].adds, "1,10,19-22"); 845 EXPECT_EQ(lists[0].subs, "7"); 846 847 // Handle AddDel and SubDel commands for empty chunks. 848 EXPECT_TRUE(database_->UpdateStarted(&lists)); 849 AddDelChunk(safe_browsing_util::kMalwareList, 21); 850 database_->UpdateFinished(true); 851 852 GetListsInfo(&lists); 853 EXPECT_EQ(lists[0].adds, "1,10,19-20,22"); 854 EXPECT_EQ(lists[0].subs, "7"); 855 856 EXPECT_TRUE(database_->UpdateStarted(&lists)); 857 SubDelChunk(safe_browsing_util::kMalwareList, 7); 858 database_->UpdateFinished(true); 859 860 GetListsInfo(&lists); 861 EXPECT_EQ(lists[0].adds, "1,10,19-20,22"); 862 EXPECT_EQ(lists[0].subs, ""); 863 } 864 865 // Utility function for setting up the database for the caching test. 866 void SafeBrowsingDatabaseTest::PopulateDatabaseForCacheTest() { 867 SBChunkList chunks; 868 SBChunk chunk; 869 // Add a simple chunk with one hostkey and cache it. 870 InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.evil.com/", 871 "www.evil.com/phishing.html", 872 "www.evil.com/malware.html"); 873 chunks.push_back(chunk); 874 875 std::vector<SBListChunkRanges> lists; 876 EXPECT_TRUE(database_->UpdateStarted(&lists)); 877 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 878 database_->UpdateFinished(true); 879 880 // Add the GetHash results to the cache. 881 SBFullHashResult full_hash; 882 full_hash.hash = Sha256Hash("www.evil.com/phishing.html"); 883 full_hash.list_name = safe_browsing_util::kMalwareList; 884 full_hash.add_chunk_id = 1; 885 886 std::vector<SBFullHashResult> results; 887 results.push_back(full_hash); 888 889 full_hash.hash = Sha256Hash("www.evil.com/malware.html"); 890 results.push_back(full_hash); 891 892 std::vector<SBPrefix> prefixes; 893 database_->CacheHashResults(prefixes, results); 894 } 895 896 TEST_F(SafeBrowsingDatabaseTest, HashCaching) { 897 PopulateDatabaseForCacheTest(); 898 899 // We should have both full hashes in the cache. 900 EXPECT_EQ(database_->pending_browse_hashes_.size(), 2U); 901 902 // Test the cache lookup for the first prefix. 903 std::string listname; 904 std::vector<SBPrefix> prefixes; 905 std::vector<SBFullHashResult> full_hashes; 906 database_->ContainsBrowseUrl( 907 GURL("http://www.evil.com/phishing.html"), 908 &listname, &prefixes, &full_hashes, Time::Now()); 909 EXPECT_EQ(full_hashes.size(), 1U); 910 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 911 Sha256Hash("www.evil.com/phishing.html"))); 912 913 prefixes.clear(); 914 full_hashes.clear(); 915 916 // Test the cache lookup for the second prefix. 917 database_->ContainsBrowseUrl( 918 GURL("http://www.evil.com/malware.html"), 919 &listname, &prefixes, &full_hashes, Time::Now()); 920 EXPECT_EQ(full_hashes.size(), 1U); 921 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 922 Sha256Hash("www.evil.com/malware.html"))); 923 924 prefixes.clear(); 925 full_hashes.clear(); 926 927 // Test removing a prefix via a sub chunk. 928 SBChunk chunk; 929 SBChunkList chunks; 930 InsertSubChunkHostPrefixUrl(&chunk, 2, 1, "www.evil.com/", 931 "www.evil.com/phishing.html"); 932 chunks.push_back(chunk); 933 934 std::vector<SBListChunkRanges> lists; 935 EXPECT_TRUE(database_->UpdateStarted(&lists)); 936 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 937 database_->UpdateFinished(true); 938 939 // This prefix should still be there. 940 database_->ContainsBrowseUrl( 941 GURL("http://www.evil.com/malware.html"), 942 &listname, &prefixes, &full_hashes, Time::Now()); 943 EXPECT_EQ(full_hashes.size(), 1U); 944 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 945 Sha256Hash("www.evil.com/malware.html"))); 946 prefixes.clear(); 947 full_hashes.clear(); 948 949 // This prefix should be gone. 950 database_->ContainsBrowseUrl( 951 GURL("http://www.evil.com/phishing.html"), 952 &listname, &prefixes, &full_hashes, Time::Now()); 953 EXPECT_TRUE(full_hashes.empty()); 954 955 prefixes.clear(); 956 full_hashes.clear(); 957 958 // Test that an AddDel for the original chunk removes the last cached entry. 959 EXPECT_TRUE(database_->UpdateStarted(&lists)); 960 AddDelChunk(safe_browsing_util::kMalwareList, 1); 961 database_->UpdateFinished(true); 962 database_->ContainsBrowseUrl( 963 GURL("http://www.evil.com/malware.html"), 964 &listname, &prefixes, &full_hashes, Time::Now()); 965 EXPECT_TRUE(full_hashes.empty()); 966 EXPECT_TRUE(database_->full_browse_hashes_.empty()); 967 EXPECT_TRUE(database_->pending_browse_hashes_.empty()); 968 969 prefixes.clear(); 970 full_hashes.clear(); 971 972 // Test that the cache won't return expired values. First we have to adjust 973 // the cached entries' received time to make them older, since the database 974 // cache insert uses Time::Now(). First, store some entries. 975 PopulateDatabaseForCacheTest(); 976 977 std::vector<SBAddFullHash>* hash_cache = &database_->pending_browse_hashes_; 978 EXPECT_EQ(hash_cache->size(), 2U); 979 980 // Now adjust one of the entries times to be in the past. 981 base::Time expired = base::Time::Now() - base::TimeDelta::FromMinutes(60); 982 const SBPrefix key = Sha256Prefix("www.evil.com/malware.html"); 983 std::vector<SBAddFullHash>::iterator iter; 984 for (iter = hash_cache->begin(); iter != hash_cache->end(); ++iter) { 985 if (iter->full_hash.prefix == key) { 986 iter->received = static_cast<int32>(expired.ToTimeT()); 987 break; 988 } 989 } 990 EXPECT_TRUE(iter != hash_cache->end()); 991 992 database_->ContainsBrowseUrl( 993 GURL("http://www.evil.com/malware.html"), 994 &listname, &prefixes, &full_hashes, expired); 995 EXPECT_TRUE(full_hashes.empty()); 996 997 // This entry should still exist. 998 database_->ContainsBrowseUrl( 999 GURL("http://www.evil.com/phishing.html"), 1000 &listname, &prefixes, &full_hashes, expired); 1001 EXPECT_EQ(full_hashes.size(), 1U); 1002 1003 1004 // Testing prefix miss caching. First, we clear out the existing database, 1005 // Since PopulateDatabaseForCacheTest() doesn't handle adding duplicate 1006 // chunks. 1007 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1008 AddDelChunk(safe_browsing_util::kMalwareList, 1); 1009 database_->UpdateFinished(true); 1010 1011 std::vector<SBPrefix> prefix_misses; 1012 std::vector<SBFullHashResult> empty_full_hash; 1013 prefix_misses.push_back(Sha256Prefix("http://www.bad.com/malware.html")); 1014 prefix_misses.push_back(Sha256Prefix("http://www.bad.com/phishing.html")); 1015 database_->CacheHashResults(prefix_misses, empty_full_hash); 1016 1017 // Prefixes with no full results are misses. 1018 EXPECT_EQ(database_->prefix_miss_cache_.size(), 2U); 1019 1020 // Update the database. 1021 PopulateDatabaseForCacheTest(); 1022 1023 // Prefix miss cache should be cleared. 1024 EXPECT_TRUE(database_->prefix_miss_cache_.empty()); 1025 1026 // Cache a GetHash miss for a particular prefix, and even though the prefix is 1027 // in the database, it is flagged as a miss so looking up the associated URL 1028 // will not succeed. 1029 prefixes.clear(); 1030 full_hashes.clear(); 1031 prefix_misses.clear(); 1032 empty_full_hash.clear(); 1033 prefix_misses.push_back(Sha256Prefix("www.evil.com/phishing.html")); 1034 database_->CacheHashResults(prefix_misses, empty_full_hash); 1035 EXPECT_FALSE(database_->ContainsBrowseUrl( 1036 GURL("http://www.evil.com/phishing.html"), 1037 &listname, &prefixes, 1038 &full_hashes, Time::Now())); 1039 1040 prefixes.clear(); 1041 full_hashes.clear(); 1042 1043 // Test receiving a full add chunk. 1044 chunk.hosts.clear(); 1045 InsertAddChunkHost2FullHashes(&chunk, 20, "www.fullevil.com/", 1046 "www.fullevil.com/bad1.html", 1047 "www.fullevil.com/bad2.html"); 1048 chunks.clear(); 1049 chunks.push_back(chunk); 1050 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1051 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1052 database_->UpdateFinished(true); 1053 1054 EXPECT_TRUE(database_->ContainsBrowseUrl( 1055 GURL("http://www.fullevil.com/bad1.html"), 1056 &listname, &prefixes, &full_hashes, 1057 Time::Now())); 1058 EXPECT_EQ(full_hashes.size(), 1U); 1059 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 1060 Sha256Hash("www.fullevil.com/bad1.html"))); 1061 prefixes.clear(); 1062 full_hashes.clear(); 1063 1064 EXPECT_TRUE(database_->ContainsBrowseUrl( 1065 GURL("http://www.fullevil.com/bad2.html"), 1066 &listname, &prefixes, &full_hashes, 1067 Time::Now())); 1068 EXPECT_EQ(full_hashes.size(), 1U); 1069 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 1070 Sha256Hash("www.fullevil.com/bad2.html"))); 1071 prefixes.clear(); 1072 full_hashes.clear(); 1073 1074 // Test receiving a full sub chunk, which will remove one of the full adds. 1075 chunk.hosts.clear(); 1076 InsertSubChunkHostFullHash(&chunk, 200, 20, 1077 "www.fullevil.com/", 1078 "www.fullevil.com/bad1.html"); 1079 chunks.clear(); 1080 chunks.push_back(chunk); 1081 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1082 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1083 database_->UpdateFinished(true); 1084 1085 EXPECT_FALSE(database_->ContainsBrowseUrl( 1086 GURL("http://www.fullevil.com/bad1.html"), 1087 &listname, &prefixes, &full_hashes, 1088 Time::Now())); 1089 EXPECT_TRUE(full_hashes.empty()); 1090 1091 // There should be one remaining full add. 1092 EXPECT_TRUE(database_->ContainsBrowseUrl( 1093 GURL("http://www.fullevil.com/bad2.html"), 1094 &listname, &prefixes, &full_hashes, 1095 Time::Now())); 1096 EXPECT_EQ(full_hashes.size(), 1U); 1097 EXPECT_TRUE(SBFullHashEq(full_hashes[0].hash, 1098 Sha256Hash("www.fullevil.com/bad2.html"))); 1099 prefixes.clear(); 1100 full_hashes.clear(); 1101 1102 // Now test an AddDel for the remaining full add. 1103 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1104 AddDelChunk(safe_browsing_util::kMalwareList, 20); 1105 database_->UpdateFinished(true); 1106 1107 EXPECT_FALSE(database_->ContainsBrowseUrl( 1108 GURL("http://www.fullevil.com/bad1.html"), 1109 &listname, &prefixes, &full_hashes, 1110 Time::Now())); 1111 EXPECT_FALSE(database_->ContainsBrowseUrl( 1112 GURL("http://www.fullevil.com/bad2.html"), 1113 &listname, &prefixes, &full_hashes, 1114 Time::Now())); 1115 } 1116 1117 // Test that corrupt databases are appropriately handled, even if the 1118 // corruption is detected in the midst of the update. 1119 // TODO(shess): Disabled until ScopedLogMessageIgnorer resolved. 1120 // http://crbug.com/56448 1121 TEST_F(SafeBrowsingDatabaseTest, DISABLED_FileCorruptionHandling) { 1122 // Re-create the database in a captive message loop so that we can 1123 // influence task-posting. Database specifically needs to the 1124 // file-backed. 1125 database_.reset(); 1126 base::MessageLoop loop(base::MessageLoop::TYPE_DEFAULT); 1127 SafeBrowsingStoreFile* store = new SafeBrowsingStoreFile(); 1128 database_.reset(new SafeBrowsingDatabaseNew(store, NULL, NULL, NULL, NULL, 1129 NULL, NULL)); 1130 database_->Init(database_filename_); 1131 1132 // This will cause an empty database to be created. 1133 std::vector<SBListChunkRanges> lists; 1134 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1135 database_->UpdateFinished(true); 1136 1137 // Create a sub chunk to insert. 1138 SBChunkList chunks; 1139 SBChunk chunk; 1140 SBChunkHost host; 1141 host.host = Sha256Prefix("www.subbed.com/"); 1142 host.entry = SBEntry::Create(SBEntry::SUB_PREFIX, 1); 1143 host.entry->set_chunk_id(7); 1144 host.entry->SetChunkIdAtPrefix(0, 19); 1145 host.entry->SetPrefixAt(0, Sha256Prefix("www.subbed.com/notevil1.html")); 1146 chunk.chunk_number = 7; 1147 chunk.is_add = false; 1148 chunk.hosts.clear(); 1149 chunk.hosts.push_back(host); 1150 chunks.clear(); 1151 chunks.push_back(chunk); 1152 1153 // Corrupt the file by corrupting the checksum, which is not checked 1154 // until the entire table is read in |UpdateFinished()|. 1155 FILE* fp = base::OpenFile(database_filename_, "r+"); 1156 ASSERT_TRUE(fp); 1157 ASSERT_NE(-1, fseek(fp, -8, SEEK_END)); 1158 for (size_t i = 0; i < 8; ++i) { 1159 fputc('!', fp); 1160 } 1161 fclose(fp); 1162 1163 { 1164 // The following code will cause DCHECKs, so suppress the crashes. 1165 ScopedLogMessageIgnorer ignorer; 1166 1167 // Start an update. The insert will fail due to corruption. 1168 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1169 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1170 database_->UpdateFinished(true); 1171 1172 // Database file still exists until the corruption handler has run. 1173 EXPECT_TRUE(base::PathExists(database_filename_)); 1174 1175 // Flush through the corruption-handler task. 1176 VLOG(1) << "Expect failed check on: SafeBrowsing database reset"; 1177 base::MessageLoop::current()->RunUntilIdle(); 1178 } 1179 1180 // Database file should not exist. 1181 EXPECT_FALSE(base::PathExists(database_filename_)); 1182 1183 // Run the update again successfully. 1184 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1185 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1186 database_->UpdateFinished(true); 1187 EXPECT_TRUE(base::PathExists(database_filename_)); 1188 1189 database_.reset(); 1190 } 1191 1192 // Checks database reading and writing. 1193 TEST_F(SafeBrowsingDatabaseTest, ContainsDownloadUrl) { 1194 database_.reset(); 1195 base::MessageLoop loop(base::MessageLoop::TYPE_DEFAULT); 1196 SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile(); 1197 SafeBrowsingStoreFile* download_store = new SafeBrowsingStoreFile(); 1198 SafeBrowsingStoreFile* csd_whitelist_store = new SafeBrowsingStoreFile(); 1199 database_.reset(new SafeBrowsingDatabaseNew(browse_store, 1200 download_store, 1201 csd_whitelist_store, 1202 NULL, 1203 NULL, 1204 NULL, 1205 NULL)); 1206 database_->Init(database_filename_); 1207 1208 const char kEvil1Host[] = "www.evil1.com/"; 1209 const char kEvil1Url1[] = "www.evil1.com/download1/"; 1210 const char kEvil1Url2[] = "www.evil1.com/download2.html"; 1211 1212 SBChunkList chunks; 1213 SBChunk chunk; 1214 // Add a simple chunk with one hostkey for download url list. 1215 InsertAddChunkHost2PrefixUrls(&chunk, 1, kEvil1Host, 1216 kEvil1Url1, kEvil1Url2); 1217 chunks.push_back(chunk); 1218 std::vector<SBListChunkRanges> lists; 1219 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1220 database_->InsertChunks(safe_browsing_util::kBinUrlList, chunks); 1221 database_->UpdateFinished(true); 1222 1223 std::vector<SBPrefix> prefix_hits; 1224 std::vector<GURL> urls(1); 1225 1226 urls[0] = GURL(std::string("http://") + kEvil1Url1); 1227 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1228 ASSERT_EQ(prefix_hits.size(), 1U); 1229 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1230 1231 urls[0] = GURL(std::string("http://") + kEvil1Url2); 1232 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1233 ASSERT_EQ(prefix_hits.size(), 1U); 1234 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url2)); 1235 1236 urls[0] = GURL(std::string("https://") + kEvil1Url2); 1237 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1238 ASSERT_EQ(prefix_hits.size(), 1U); 1239 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url2)); 1240 1241 urls[0] = GURL(std::string("ftp://") + kEvil1Url2); 1242 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1243 ASSERT_EQ(prefix_hits.size(), 1U); 1244 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url2)); 1245 1246 urls[0] = GURL("http://www.randomevil.com"); 1247 EXPECT_FALSE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1248 1249 // Should match with query args stripped. 1250 urls[0] = GURL(std::string("http://") + kEvil1Url2 + "?blah"); 1251 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1252 ASSERT_EQ(prefix_hits.size(), 1U); 1253 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url2)); 1254 1255 // Should match with extra path stuff and query args stripped. 1256 urls[0] = GURL(std::string("http://") + kEvil1Url1 + "foo/bar?blah"); 1257 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1258 ASSERT_EQ(prefix_hits.size(), 1U); 1259 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1260 1261 // First hit in redirect chain is malware. 1262 urls.clear(); 1263 urls.push_back(GURL(std::string("http://") + kEvil1Url1)); 1264 urls.push_back(GURL("http://www.randomevil.com")); 1265 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1266 ASSERT_EQ(prefix_hits.size(), 1U); 1267 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1268 1269 // Middle hit in redirect chain is malware. 1270 urls.clear(); 1271 urls.push_back(GURL("http://www.randomevil.com")); 1272 urls.push_back(GURL(std::string("http://") + kEvil1Url1)); 1273 urls.push_back(GURL("http://www.randomevil2.com")); 1274 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1275 ASSERT_EQ(prefix_hits.size(), 1U); 1276 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1277 1278 // Final hit in redirect chain is malware. 1279 urls.clear(); 1280 urls.push_back(GURL("http://www.randomevil.com")); 1281 urls.push_back(GURL(std::string("http://") + kEvil1Url1)); 1282 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1283 ASSERT_EQ(prefix_hits.size(), 1U); 1284 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1285 1286 // Multiple hits in redirect chain are in malware list. 1287 urls.clear(); 1288 urls.push_back(GURL(std::string("http://") + kEvil1Url1)); 1289 urls.push_back(GURL(std::string("https://") + kEvil1Url2)); 1290 EXPECT_TRUE(database_->ContainsDownloadUrl(urls, &prefix_hits)); 1291 ASSERT_EQ(prefix_hits.size(), 2U); 1292 EXPECT_EQ(prefix_hits[0], Sha256Prefix(kEvil1Url1)); 1293 EXPECT_EQ(prefix_hits[1], Sha256Prefix(kEvil1Url2)); 1294 database_.reset(); 1295 } 1296 1297 // Checks that the whitelists are handled properly. 1298 TEST_F(SafeBrowsingDatabaseTest, Whitelists) { 1299 database_.reset(); 1300 // We expect all calls to ContainsCsdWhitelistedUrl in particular to be made 1301 // from the IO thread. In general the whitelist lookups are thread-safe. 1302 content::TestBrowserThreadBundle thread_bundle_; 1303 1304 // If the whitelist is disabled everything should match the whitelist. 1305 database_.reset(new SafeBrowsingDatabaseNew(new SafeBrowsingStoreFile(), 1306 NULL, NULL, NULL, NULL, NULL, 1307 NULL)); 1308 database_->Init(database_filename_); 1309 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1310 GURL(std::string("http://www.phishing.com/")))); 1311 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1312 GURL(std::string("http://www.phishing.com/")))); 1313 EXPECT_TRUE(database_->ContainsDownloadWhitelistedString("asdf")); 1314 1315 SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile(); 1316 SafeBrowsingStoreFile* csd_whitelist_store = new SafeBrowsingStoreFile(); 1317 SafeBrowsingStoreFile* download_whitelist_store = new SafeBrowsingStoreFile(); 1318 SafeBrowsingStoreFile* extension_blacklist_store = 1319 new SafeBrowsingStoreFile(); 1320 database_.reset(new SafeBrowsingDatabaseNew(browse_store, NULL, 1321 csd_whitelist_store, 1322 download_whitelist_store, 1323 extension_blacklist_store, 1324 NULL, NULL)); 1325 database_->Init(database_filename_); 1326 1327 const char kGood1Host[] = "www.good1.com/"; 1328 const char kGood1Url1[] = "www.good1.com/a/b.html"; 1329 const char kGood1Url2[] = "www.good1.com/b/"; 1330 1331 const char kGood2Host[] = "www.good2.com/"; 1332 const char kGood2Url1[] = "www.good2.com/c"; // Should match '/c/bla'. 1333 1334 // good3.com/a/b/c/d/e/f/g/ should match because it's a whitelist. 1335 const char kGood3Host[] = "good3.com/"; 1336 const char kGood3Url1[] = "good3.com/"; 1337 1338 const char kGoodString[] = "good_string"; 1339 1340 SBChunkList download_chunks, csd_chunks; 1341 SBChunk chunk; 1342 // Add two simple chunks to the csd whitelist. 1343 InsertAddChunkHost2FullHashes(&chunk, 1, kGood1Host, 1344 kGood1Url1, kGood1Url2); 1345 csd_chunks.push_back(chunk); 1346 1347 chunk.hosts.clear(); 1348 InsertAddChunkHostFullHashes(&chunk, 2, kGood2Host, kGood2Url1); 1349 csd_chunks.push_back(chunk); 1350 1351 chunk.hosts.clear(); 1352 InsertAddChunkHostFullHashes(&chunk, 2, kGood2Host, kGood2Url1); 1353 download_chunks.push_back(chunk); 1354 1355 chunk.hosts.clear(); 1356 InsertAddChunkHostFullHashes(&chunk, 3, kGoodString, kGoodString); 1357 download_chunks.push_back(chunk); 1358 1359 chunk.hosts.clear(); 1360 InsertAddChunkHostFullHashes(&chunk, 4, kGood3Host, kGood3Url1); 1361 download_chunks.push_back(chunk); 1362 1363 std::vector<SBListChunkRanges> lists; 1364 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1365 database_->InsertChunks(safe_browsing_util::kCsdWhiteList, 1366 csd_chunks); 1367 database_->InsertChunks(safe_browsing_util::kDownloadWhiteList, 1368 download_chunks); 1369 database_->UpdateFinished(true); 1370 1371 EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl( 1372 GURL(std::string("http://") + kGood1Host))); 1373 1374 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1375 GURL(std::string("http://") + kGood1Url1))); 1376 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1377 GURL(std::string("http://") + kGood1Url1 + "?a=b"))); 1378 1379 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1380 GURL(std::string("http://") + kGood1Url2))); 1381 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1382 GURL(std::string("http://") + kGood1Url2 + "/c.html"))); 1383 1384 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1385 GURL(std::string("https://") + kGood1Url2 + "/c.html"))); 1386 1387 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1388 GURL(std::string("http://") + kGood2Url1 + "/c"))); 1389 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1390 GURL(std::string("http://") + kGood2Url1 + "/c?bla"))); 1391 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1392 GURL(std::string("http://") + kGood2Url1 + "/c/bla"))); 1393 1394 EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl( 1395 GURL(std::string("http://www.google.com/")))); 1396 1397 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1398 GURL(std::string("http://") + kGood2Url1 + "/c"))); 1399 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1400 GURL(std::string("http://") + kGood2Url1 + "/c?bla"))); 1401 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1402 GURL(std::string("http://") + kGood2Url1 + "/c/bla"))); 1403 1404 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1405 GURL(std::string("http://good3.com/a/b/c/d/e/f/g/")))); 1406 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1407 GURL(std::string("http://a.b.good3.com/")))); 1408 1409 EXPECT_FALSE(database_->ContainsDownloadWhitelistedString("asdf")); 1410 EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString)); 1411 1412 EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl( 1413 GURL(std::string("http://www.google.com/")))); 1414 1415 // Test only add the malware IP killswitch 1416 csd_chunks.clear(); 1417 chunk.hosts.clear(); 1418 InsertAddChunkHostFullHashes( 1419 &chunk, 15, "sb-ssl.google.com/", 1420 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware"); 1421 csd_chunks.push_back(chunk); 1422 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1423 database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks); 1424 database_->UpdateFinished(true); 1425 1426 EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn()); 1427 1428 // Test that the kill-switch works as intended. 1429 csd_chunks.clear(); 1430 download_chunks.clear(); 1431 lists.clear(); 1432 chunk.hosts.clear(); 1433 InsertAddChunkHostFullHashes(&chunk, 5, "sb-ssl.google.com/", 1434 "sb-ssl.google.com/safebrowsing/csd/killswitch"); 1435 csd_chunks.push_back(chunk); 1436 chunk.hosts.clear(); 1437 InsertAddChunkHostFullHashes(&chunk, 5, "sb-ssl.google.com/", 1438 "sb-ssl.google.com/safebrowsing/csd/killswitch"); 1439 download_chunks.push_back(chunk); 1440 1441 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1442 database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks); 1443 database_->InsertChunks(safe_browsing_util::kDownloadWhiteList, 1444 download_chunks); 1445 database_->UpdateFinished(true); 1446 1447 EXPECT_TRUE(database_->IsMalwareIPMatchKillSwitchOn()); 1448 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1449 GURL(std::string("https://") + kGood1Url2 + "/c.html"))); 1450 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1451 GURL(std::string("http://www.google.com/")))); 1452 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1453 GURL(std::string("http://www.phishing_url.com/")))); 1454 1455 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1456 GURL(std::string("https://") + kGood1Url2 + "/c.html"))); 1457 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1458 GURL(std::string("http://www.google.com/")))); 1459 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1460 GURL(std::string("http://www.phishing_url.com/")))); 1461 1462 EXPECT_TRUE(database_->ContainsDownloadWhitelistedString("asdf")); 1463 EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString)); 1464 1465 // Remove the kill-switch and verify that we can recover. 1466 csd_chunks.clear(); 1467 download_chunks.clear(); 1468 lists.clear(); 1469 SBChunk sub_chunk; 1470 InsertSubChunkHostFullHash(&sub_chunk, 1, 5, 1471 "sb-ssl.google.com/", 1472 "sb-ssl.google.com/safebrowsing/csd/killswitch"); 1473 csd_chunks.push_back(sub_chunk); 1474 1475 sub_chunk.hosts.clear(); 1476 InsertSubChunkHostFullHash( 1477 &sub_chunk, 10, 15, "sb-ssl.google.com/", 1478 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware"); 1479 csd_chunks.push_back(sub_chunk); 1480 1481 sub_chunk.hosts.clear(); 1482 InsertSubChunkHostFullHash(&sub_chunk, 1, 5, 1483 "sb-ssl.google.com/", 1484 "sb-ssl.google.com/safebrowsing/csd/killswitch"); 1485 download_chunks.push_back(sub_chunk); 1486 1487 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1488 database_->InsertChunks(safe_browsing_util::kCsdWhiteList, csd_chunks); 1489 database_->InsertChunks(safe_browsing_util::kDownloadWhiteList, 1490 download_chunks); 1491 database_->UpdateFinished(true); 1492 1493 EXPECT_FALSE(database_->IsMalwareIPMatchKillSwitchOn()); 1494 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1495 GURL(std::string("https://") + kGood1Url2 + "/c.html"))); 1496 EXPECT_TRUE(database_->ContainsCsdWhitelistedUrl( 1497 GURL(std::string("https://") + kGood2Url1 + "/c/bla"))); 1498 EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl( 1499 GURL(std::string("http://www.google.com/")))); 1500 EXPECT_FALSE(database_->ContainsCsdWhitelistedUrl( 1501 GURL(std::string("http://www.phishing_url.com/")))); 1502 1503 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1504 GURL(std::string("https://") + kGood2Url1 + "/c/bla"))); 1505 EXPECT_TRUE(database_->ContainsDownloadWhitelistedUrl( 1506 GURL(std::string("https://good3.com/")))); 1507 EXPECT_TRUE(database_->ContainsDownloadWhitelistedString(kGoodString)); 1508 EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl( 1509 GURL(std::string("http://www.google.com/")))); 1510 EXPECT_FALSE(database_->ContainsDownloadWhitelistedUrl( 1511 GURL(std::string("http://www.phishing_url.com/")))); 1512 EXPECT_FALSE(database_->ContainsDownloadWhitelistedString("asdf")); 1513 1514 database_.reset(); 1515 } 1516 1517 // Test to make sure we could insert chunk list that 1518 // contains entries for the same host. 1519 TEST_F(SafeBrowsingDatabaseTest, SameHostEntriesOkay) { 1520 SBChunk chunk; 1521 1522 // Add a malware add chunk with two entries of the same host. 1523 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 1524 "www.evil.com/malware1.html"); 1525 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 1526 "www.evil.com/malware2.html"); 1527 SBChunkList chunks; 1528 chunks.push_back(chunk); 1529 1530 // Insert the testing chunks into database. 1531 std::vector<SBListChunkRanges> lists; 1532 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1533 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1534 database_->UpdateFinished(true); 1535 1536 GetListsInfo(&lists); 1537 EXPECT_EQ(std::string(safe_browsing_util::kMalwareList), lists[0].name); 1538 EXPECT_EQ("1", lists[0].adds); 1539 EXPECT_TRUE(lists[0].subs.empty()); 1540 1541 // Add a phishing add chunk with two entries of the same host. 1542 chunk.hosts.clear(); 1543 InsertAddChunkHostPrefixUrl(&chunk, 47, "www.evil.com/", 1544 "www.evil.com/phishing1.html"); 1545 InsertAddChunkHostPrefixUrl(&chunk, 47, "www.evil.com/", 1546 "www.evil.com/phishing2.html"); 1547 chunks.clear(); 1548 chunks.push_back(chunk); 1549 1550 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1551 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 1552 database_->UpdateFinished(true); 1553 1554 GetListsInfo(&lists); 1555 EXPECT_EQ(std::string(safe_browsing_util::kMalwareList), lists[0].name); 1556 EXPECT_EQ("1", lists[0].adds); 1557 EXPECT_EQ(std::string(safe_browsing_util::kPhishingList), lists[1].name); 1558 EXPECT_EQ("47", lists[1].adds); 1559 1560 const Time now = Time::Now(); 1561 std::vector<SBPrefix> prefixes; 1562 std::vector<SBFullHashResult> full_hashes; 1563 std::vector<SBPrefix> prefix_hits; 1564 std::string matching_list; 1565 std::string listname; 1566 1567 EXPECT_TRUE(database_->ContainsBrowseUrl( 1568 GURL("http://www.evil.com/malware1.html"), 1569 &listname, &prefixes, &full_hashes, now)); 1570 EXPECT_TRUE(database_->ContainsBrowseUrl( 1571 GURL("http://www.evil.com/malware2.html"), 1572 &listname, &prefixes, &full_hashes, now)); 1573 EXPECT_TRUE(database_->ContainsBrowseUrl( 1574 GURL("http://www.evil.com/phishing1.html"), 1575 &listname, &prefixes, &full_hashes, now)); 1576 EXPECT_TRUE(database_->ContainsBrowseUrl( 1577 GURL("http://www.evil.com/phishing2.html"), 1578 &listname, &prefixes, &full_hashes, now)); 1579 1580 // Test removing a single prefix from the add chunk. 1581 // Remove the prefix that added first. 1582 chunk.hosts.clear(); 1583 InsertSubChunkHostPrefixUrl(&chunk, 4, 1, "www.evil.com/", 1584 "www.evil.com/malware1.html"); 1585 chunks.clear(); 1586 chunks.push_back(chunk); 1587 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1588 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1589 database_->UpdateFinished(true); 1590 1591 // Remove the prefix that added last. 1592 chunk.hosts.clear(); 1593 InsertSubChunkHostPrefixUrl(&chunk, 5, 47, "www.evil.com/", 1594 "www.evil.com/phishing2.html"); 1595 chunks.clear(); 1596 chunks.push_back(chunk); 1597 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1598 database_->InsertChunks(safe_browsing_util::kPhishingList, chunks); 1599 database_->UpdateFinished(true); 1600 1601 // Verify that the database contains urls expected. 1602 EXPECT_FALSE(database_->ContainsBrowseUrl( 1603 GURL("http://www.evil.com/malware1.html"), 1604 &listname, &prefixes, &full_hashes, now)); 1605 EXPECT_TRUE(database_->ContainsBrowseUrl( 1606 GURL("http://www.evil.com/malware2.html"), 1607 &listname, &prefixes, &full_hashes, now)); 1608 EXPECT_TRUE(database_->ContainsBrowseUrl( 1609 GURL("http://www.evil.com/phishing1.html"), 1610 &listname, &prefixes, &full_hashes, now)); 1611 EXPECT_FALSE(database_->ContainsBrowseUrl( 1612 GURL("http://www.evil.com/phishing2.html"), 1613 &listname, &prefixes, &full_hashes, now)); 1614 } 1615 1616 // Test that an empty update doesn't actually update the database. 1617 // This isn't a functionality requirement, but it is a useful 1618 // optimization. 1619 TEST_F(SafeBrowsingDatabaseTest, EmptyUpdate) { 1620 SBChunkList chunks; 1621 SBChunk chunk; 1622 1623 base::FilePath filename = database_->BrowseDBFilename(database_filename_); 1624 1625 // Prime the database. 1626 std::vector<SBListChunkRanges> lists; 1627 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1628 1629 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 1630 "www.evil.com/malware.html"); 1631 chunks.clear(); 1632 chunks.push_back(chunk); 1633 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1634 database_->UpdateFinished(true); 1635 1636 // Get an older time to reset the lastmod time for detecting whether 1637 // the file has been updated. 1638 base::PlatformFileInfo before_info, after_info; 1639 ASSERT_TRUE(base::GetFileInfo(filename, &before_info)); 1640 const base::Time old_last_modified = 1641 before_info.last_modified - base::TimeDelta::FromSeconds(10); 1642 1643 // Inserting another chunk updates the database file. The sleep is 1644 // needed because otherwise the entire test can finish w/in the 1645 // resolution of the lastmod time. 1646 ASSERT_TRUE(base::TouchFile(filename, old_last_modified, old_last_modified)); 1647 ASSERT_TRUE(base::GetFileInfo(filename, &before_info)); 1648 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1649 chunk.hosts.clear(); 1650 InsertAddChunkHostPrefixUrl(&chunk, 2, "www.foo.com/", 1651 "www.foo.com/malware.html"); 1652 chunks.clear(); 1653 chunks.push_back(chunk); 1654 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1655 database_->UpdateFinished(true); 1656 ASSERT_TRUE(base::GetFileInfo(filename, &after_info)); 1657 EXPECT_LT(before_info.last_modified, after_info.last_modified); 1658 1659 // Deleting a chunk updates the database file. 1660 ASSERT_TRUE(base::TouchFile(filename, old_last_modified, old_last_modified)); 1661 ASSERT_TRUE(base::GetFileInfo(filename, &before_info)); 1662 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1663 AddDelChunk(safe_browsing_util::kMalwareList, chunk.chunk_number); 1664 database_->UpdateFinished(true); 1665 ASSERT_TRUE(base::GetFileInfo(filename, &after_info)); 1666 EXPECT_LT(before_info.last_modified, after_info.last_modified); 1667 1668 // Simply calling |UpdateStarted()| then |UpdateFinished()| does not 1669 // update the database file. 1670 ASSERT_TRUE(base::TouchFile(filename, old_last_modified, old_last_modified)); 1671 ASSERT_TRUE(base::GetFileInfo(filename, &before_info)); 1672 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1673 database_->UpdateFinished(true); 1674 ASSERT_TRUE(base::GetFileInfo(filename, &after_info)); 1675 EXPECT_EQ(before_info.last_modified, after_info.last_modified); 1676 } 1677 1678 // Test that a filter file is written out during update and read back 1679 // in during setup. 1680 TEST_F(SafeBrowsingDatabaseTest, FilterFile) { 1681 // Create a database with trivial example data and write it out. 1682 { 1683 SBChunkList chunks; 1684 SBChunk chunk; 1685 1686 // Prime the database. 1687 std::vector<SBListChunkRanges> lists; 1688 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1689 1690 InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/", 1691 "www.evil.com/malware.html"); 1692 chunks.clear(); 1693 chunks.push_back(chunk); 1694 database_->InsertChunks(safe_browsing_util::kMalwareList, chunks); 1695 database_->UpdateFinished(true); 1696 } 1697 1698 // Find the malware url in the database, don't find a good url. 1699 const Time now = Time::Now(); 1700 std::vector<SBFullHashResult> full_hashes; 1701 std::vector<SBPrefix> prefix_hits; 1702 std::string matching_list; 1703 EXPECT_TRUE(database_->ContainsBrowseUrl( 1704 GURL("http://www.evil.com/malware.html"), 1705 &matching_list, &prefix_hits, &full_hashes, now)); 1706 EXPECT_FALSE(database_->ContainsBrowseUrl( 1707 GURL("http://www.good.com/goodware.html"), 1708 &matching_list, &prefix_hits, &full_hashes, now)); 1709 1710 base::FilePath filter_file = database_->PrefixSetForFilename( 1711 database_->BrowseDBFilename(database_filename_)); 1712 1713 // After re-creating the database, it should have a filter read from 1714 // a file, so it should find the same results. 1715 ASSERT_TRUE(base::PathExists(filter_file)); 1716 database_.reset(new SafeBrowsingDatabaseNew); 1717 database_->Init(database_filename_); 1718 EXPECT_TRUE(database_->ContainsBrowseUrl( 1719 GURL("http://www.evil.com/malware.html"), 1720 &matching_list, &prefix_hits, &full_hashes, now)); 1721 EXPECT_FALSE(database_->ContainsBrowseUrl( 1722 GURL("http://www.good.com/goodware.html"), 1723 &matching_list, &prefix_hits, &full_hashes, now)); 1724 1725 // If there is no filter file, the database cannot find malware urls. 1726 base::DeleteFile(filter_file, false); 1727 ASSERT_FALSE(base::PathExists(filter_file)); 1728 database_.reset(new SafeBrowsingDatabaseNew); 1729 database_->Init(database_filename_); 1730 EXPECT_FALSE(database_->ContainsBrowseUrl( 1731 GURL("http://www.evil.com/malware.html"), 1732 &matching_list, &prefix_hits, &full_hashes, now)); 1733 EXPECT_FALSE(database_->ContainsBrowseUrl( 1734 GURL("http://www.good.com/goodware.html"), 1735 &matching_list, &prefix_hits, &full_hashes, now)); 1736 } 1737 1738 TEST_F(SafeBrowsingDatabaseTest, MalwareIpBlacklist) { 1739 database_.reset(); 1740 SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile(); 1741 SafeBrowsingStoreFile* ip_blacklist_store = new SafeBrowsingStoreFile(); 1742 database_.reset(new SafeBrowsingDatabaseNew(browse_store, 1743 NULL, 1744 NULL, 1745 NULL, 1746 NULL, 1747 NULL, 1748 ip_blacklist_store)); 1749 database_->Init(database_filename_); 1750 std::vector<SBListChunkRanges> lists; 1751 EXPECT_TRUE(database_->UpdateStarted(&lists)); 1752 1753 // IPv4 prefix match for ::ffff:192.168.1.0/120. 1754 SBChunkList chunks; 1755 SBChunk chunk; 1756 InsertAddChunkFullHash(&chunk, 1, "::ffff:192.168.1.0", 120); 1757 chunks.push_back(chunk); 1758 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1759 1760 // IPv4 exact match for ::ffff:192.1.1.1. 1761 chunks.clear(); 1762 chunk.hosts.clear(); 1763 InsertAddChunkFullHash(&chunk, 2, "::ffff:192.1.1.1", 128); 1764 chunks.push_back(chunk); 1765 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1766 1767 // IPv6 exact match for: fe80::31a:a0ff:fe10:786e/128. 1768 chunks.clear(); 1769 chunk.hosts.clear(); 1770 InsertAddChunkFullHash(&chunk, 3, "fe80::31a:a0ff:fe10:786e", 128); 1771 chunks.push_back(chunk); 1772 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1773 1774 // IPv6 prefix match for: 2620:0:1000:3103::/64. 1775 chunks.clear(); 1776 chunk.hosts.clear(); 1777 InsertAddChunkFullHash(&chunk, 4, "2620:0:1000:3103::", 64); 1778 chunks.push_back(chunk); 1779 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1780 1781 // IPv4 prefix match for ::ffff:192.1.122.0/119. 1782 chunks.clear(); 1783 chunk.hosts.clear(); 1784 InsertAddChunkFullHash(&chunk, 5, "::ffff:192.1.122.0", 119); 1785 chunks.push_back(chunk); 1786 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1787 1788 // IPv4 prefix match for ::ffff:192.1.128.0/113. 1789 chunks.clear(); 1790 chunk.hosts.clear(); 1791 InsertAddChunkFullHash(&chunk, 6, "::ffff:192.1.128.0", 113); 1792 chunks.push_back(chunk); 1793 database_->InsertChunks(safe_browsing_util::kIPBlacklist, chunks); 1794 1795 database_->UpdateFinished(true); 1796 1797 EXPECT_FALSE(database_->ContainsMalwareIP("192.168.0.255")); 1798 EXPECT_TRUE(database_->ContainsMalwareIP("192.168.1.0")); 1799 EXPECT_TRUE(database_->ContainsMalwareIP("192.168.1.255")); 1800 EXPECT_TRUE(database_->ContainsMalwareIP("192.168.1.10")); 1801 EXPECT_TRUE(database_->ContainsMalwareIP("::ffff:192.168.1.2")); 1802 EXPECT_FALSE(database_->ContainsMalwareIP("192.168.2.0")); 1803 1804 EXPECT_FALSE(database_->ContainsMalwareIP("192.1.1.0")); 1805 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.1.1")); 1806 EXPECT_FALSE(database_->ContainsMalwareIP("192.1.1.2")); 1807 1808 EXPECT_FALSE(database_->ContainsMalwareIP( 1809 "2620:0:1000:3102:ffff:ffff:ffff:ffff")); 1810 EXPECT_TRUE(database_->ContainsMalwareIP("2620:0:1000:3103::")); 1811 EXPECT_TRUE(database_->ContainsMalwareIP( 1812 "2620:0:1000:3103:ffff:ffff:ffff:ffff")); 1813 EXPECT_FALSE(database_->ContainsMalwareIP("2620:0:1000:3104::")); 1814 1815 EXPECT_FALSE(database_->ContainsMalwareIP("fe80::21a:a0ff:fe10:786d")); 1816 EXPECT_TRUE(database_->ContainsMalwareIP("fe80::31a:a0ff:fe10:786e")); 1817 EXPECT_FALSE(database_->ContainsMalwareIP("fe80::21a:a0ff:fe10:786f")); 1818 1819 EXPECT_FALSE(database_->ContainsMalwareIP("192.1.121.255")); 1820 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.122.0")); 1821 EXPECT_TRUE(database_->ContainsMalwareIP("::ffff:192.1.122.1")); 1822 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.122.255")); 1823 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.123.0")); 1824 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.123.255")); 1825 EXPECT_FALSE(database_->ContainsMalwareIP("192.1.124.0")); 1826 1827 EXPECT_FALSE(database_->ContainsMalwareIP("192.1.127.255")); 1828 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.0")); 1829 EXPECT_TRUE(database_->ContainsMalwareIP("::ffff:192.1.128.1")); 1830 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.255")); 1831 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.0")); 1832 EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.255")); 1833 EXPECT_FALSE(database_->ContainsMalwareIP("192.2.0.0")); 1834 } 1835
