1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <map> 6 #include <queue> 7 #include <string> 8 9 #include "base/bind.h" 10 #include "base/callback.h" 11 #include "base/logging.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/message_loop/message_loop.h" 14 #include "base/time/time.h" 15 #include "chrome/browser/safe_browsing/client_side_detection_service.h" 16 #include "chrome/common/safe_browsing/client_model.pb.h" 17 #include "chrome/common/safe_browsing/csd.pb.h" 18 #include "content/public/test/test_browser_thread.h" 19 #include "crypto/sha2.h" 20 #include "net/http/http_status_code.h" 21 #include "net/url_request/test_url_fetcher_factory.h" 22 #include "net/url_request/url_request_status.h" 23 #include "testing/gmock/include/gmock/gmock.h" 24 #include "testing/gtest/include/gtest/gtest.h" 25 #include "url/gurl.h" 26 27 using ::testing::Invoke; 28 using ::testing::Mock; 29 using ::testing::StrictMock; 30 using ::testing::_; 31 using content::BrowserThread; 32 33 namespace safe_browsing { 34 namespace { 35 class MockClientSideDetectionService : public ClientSideDetectionService { 36 public: 37 MockClientSideDetectionService() : ClientSideDetectionService(NULL) {} 38 virtual ~MockClientSideDetectionService() {} 39 40 MOCK_METHOD1(EndFetchModel, void(ClientModelStatus)); 41 MOCK_METHOD1(ScheduleFetchModel, void(int64)); 42 43 void Schedule(int64) { 44 // Ignore the delay when testing. 45 StartFetchModel(); 46 } 47 48 void Disable(int) { 49 // Ignore the status. 50 SetEnabledAndRefreshState(false); 51 } 52 53 private: 54 DISALLOW_COPY_AND_ASSIGN(MockClientSideDetectionService); 55 }; 56 57 ACTION(QuitCurrentMessageLoop) { 58 base::MessageLoop::current()->Quit(); 59 } 60 61 } // namespace 62 63 class ClientSideDetectionServiceTest : public testing::Test { 64 protected: 65 virtual void SetUp() { 66 file_thread_.reset(new content::TestBrowserThread(BrowserThread::FILE, 67 &msg_loop_)); 68 69 factory_.reset(new net::FakeURLFetcherFactory(NULL)); 70 71 browser_thread_.reset(new content::TestBrowserThread(BrowserThread::UI, 72 &msg_loop_)); 73 } 74 75 virtual void TearDown() { 76 msg_loop_.RunUntilIdle(); 77 csd_service_.reset(); 78 file_thread_.reset(); 79 browser_thread_.reset(); 80 } 81 82 bool SendClientReportPhishingRequest(const GURL& phishing_url, 83 float score) { 84 ClientPhishingRequest* request = new ClientPhishingRequest(); 85 request->set_url(phishing_url.spec()); 86 request->set_client_score(score); 87 request->set_is_phishing(true); // client thinks the URL is phishing. 88 csd_service_->SendClientReportPhishingRequest( 89 request, 90 base::Bind(&ClientSideDetectionServiceTest::SendRequestDone, 91 base::Unretained(this))); 92 phishing_url_ = phishing_url; 93 msg_loop_.Run(); // Waits until callback is called. 94 return is_phishing_; 95 } 96 97 bool SendClientReportMalwareRequest(const GURL& url) { 98 scoped_ptr<ClientMalwareRequest> request(new ClientMalwareRequest()); 99 request->set_url(url.spec()); 100 csd_service_->SendClientReportMalwareRequest( 101 request.release(), 102 base::Bind(&ClientSideDetectionServiceTest::SendMalwareRequestDone, 103 base::Unretained(this))); 104 phishing_url_ = url; 105 msg_loop_.Run(); // Waits until callback is called. 106 return is_malware_; 107 } 108 109 void SetModelFetchResponse(std::string response_data, 110 net::HttpStatusCode response_code, 111 net::URLRequestStatus::Status status) { 112 factory_->SetFakeResponse(GURL(ClientSideDetectionService::kClientModelUrl), 113 response_data, response_code, status); 114 } 115 116 void SetClientReportPhishingResponse(std::string response_data, 117 net::HttpStatusCode response_code, 118 net::URLRequestStatus::Status status) { 119 factory_->SetFakeResponse( 120 ClientSideDetectionService::GetClientReportUrl( 121 ClientSideDetectionService::kClientReportPhishingUrl), 122 response_data, response_code, status); 123 } 124 125 void SetClientReportMalwareResponse(std::string response_data, 126 net::HttpStatusCode response_code, 127 net::URLRequestStatus::Status status) { 128 factory_->SetFakeResponse( 129 ClientSideDetectionService::GetClientReportUrl( 130 ClientSideDetectionService::kClientReportMalwareUrl), 131 response_data, response_code, status); 132 } 133 134 int GetNumReports(std::queue<base::Time>* report_times) { 135 return csd_service_->GetNumReports(report_times); 136 } 137 138 std::queue<base::Time>& GetPhishingReportTimes() { 139 return csd_service_->phishing_report_times_; 140 } 141 142 std::queue<base::Time>& GetMalwareReportTimes() { 143 return csd_service_->malware_report_times_; 144 } 145 146 void SetCache(const GURL& gurl, bool is_phishing, base::Time time) { 147 csd_service_->cache_[gurl] = 148 make_linked_ptr(new ClientSideDetectionService::CacheState(is_phishing, 149 time)); 150 } 151 152 void TestCache() { 153 ClientSideDetectionService::PhishingCache& cache = csd_service_->cache_; 154 base::Time now = base::Time::Now(); 155 base::Time time = 156 now - base::TimeDelta::FromDays( 157 ClientSideDetectionService::kNegativeCacheIntervalDays) + 158 base::TimeDelta::FromMinutes(5); 159 cache[GURL("http://first.url.com/")] = 160 make_linked_ptr(new ClientSideDetectionService::CacheState(false, 161 time)); 162 163 time = 164 now - base::TimeDelta::FromDays( 165 ClientSideDetectionService::kNegativeCacheIntervalDays) - 166 base::TimeDelta::FromHours(1); 167 cache[GURL("http://second.url.com/")] = 168 make_linked_ptr(new ClientSideDetectionService::CacheState(false, 169 time)); 170 171 time = 172 now - base::TimeDelta::FromMinutes( 173 ClientSideDetectionService::kPositiveCacheIntervalMinutes) - 174 base::TimeDelta::FromMinutes(5); 175 cache[GURL("http://third.url.com/")] = 176 make_linked_ptr(new ClientSideDetectionService::CacheState(true, time)); 177 178 time = 179 now - base::TimeDelta::FromMinutes( 180 ClientSideDetectionService::kPositiveCacheIntervalMinutes) + 181 base::TimeDelta::FromMinutes(5); 182 cache[GURL("http://fourth.url.com/")] = 183 make_linked_ptr(new ClientSideDetectionService::CacheState(true, time)); 184 185 csd_service_->UpdateCache(); 186 187 // 3 elements should be in the cache, the first, third, and fourth. 188 EXPECT_EQ(3U, cache.size()); 189 EXPECT_TRUE(cache.find(GURL("http://first.url.com/")) != cache.end()); 190 EXPECT_TRUE(cache.find(GURL("http://third.url.com/")) != cache.end()); 191 EXPECT_TRUE(cache.find(GURL("http://fourth.url.com/")) != cache.end()); 192 193 // While 3 elements remain, only the first and the fourth are actually 194 // valid. 195 bool is_phishing; 196 EXPECT_TRUE(csd_service_->GetValidCachedResult( 197 GURL("http://first.url.com"), &is_phishing)); 198 EXPECT_FALSE(is_phishing); 199 EXPECT_FALSE(csd_service_->GetValidCachedResult( 200 GURL("http://third.url.com"), &is_phishing)); 201 EXPECT_TRUE(csd_service_->GetValidCachedResult( 202 GURL("http://fourth.url.com"), &is_phishing)); 203 EXPECT_TRUE(is_phishing); 204 } 205 206 void AddFeature(const std::string& name, double value, 207 ClientPhishingRequest* request) { 208 ClientPhishingRequest_Feature* feature = request->add_feature_map(); 209 feature->set_name(name); 210 feature->set_value(value); 211 } 212 213 void AddNonModelFeature(const std::string& name, double value, 214 ClientPhishingRequest* request) { 215 ClientPhishingRequest_Feature* feature = 216 request->add_non_model_feature_map(); 217 feature->set_name(name); 218 feature->set_value(value); 219 } 220 221 void CheckConfirmedMalwareUrl(GURL url) { 222 ASSERT_EQ(confirmed_malware_url_, url); 223 } 224 225 protected: 226 scoped_ptr<ClientSideDetectionService> csd_service_; 227 scoped_ptr<net::FakeURLFetcherFactory> factory_; 228 base::MessageLoop msg_loop_; 229 230 private: 231 void SendRequestDone(GURL phishing_url, bool is_phishing) { 232 ASSERT_EQ(phishing_url, phishing_url_); 233 is_phishing_ = is_phishing; 234 msg_loop_.Quit(); 235 } 236 237 void SendMalwareRequestDone(GURL original_url, GURL malware_url, 238 bool is_malware) { 239 ASSERT_EQ(phishing_url_, original_url); 240 confirmed_malware_url_ = malware_url; 241 is_malware_ = is_malware; 242 msg_loop_.Quit(); 243 } 244 245 scoped_ptr<content::TestBrowserThread> browser_thread_; 246 scoped_ptr<content::TestBrowserThread> file_thread_; 247 248 GURL phishing_url_; 249 GURL confirmed_malware_url_; 250 bool is_phishing_; 251 bool is_malware_; 252 }; 253 254 TEST_F(ClientSideDetectionServiceTest, FetchModelTest) { 255 // We don't want to use a real service class here because we can't call 256 // the real EndFetchModel. It would reschedule a reload which might 257 // make the test flaky. 258 MockClientSideDetectionService service; 259 EXPECT_CALL(service, ScheduleFetchModel(_)).Times(1); 260 service.SetEnabledAndRefreshState(true); 261 262 // The model fetch failed. 263 SetModelFetchResponse("blamodel", net::HTTP_INTERNAL_SERVER_ERROR, 264 net::URLRequestStatus::FAILED); 265 EXPECT_CALL(service, EndFetchModel( 266 ClientSideDetectionService::MODEL_FETCH_FAILED)) 267 .WillOnce(QuitCurrentMessageLoop()); 268 service.StartFetchModel(); 269 msg_loop_.Run(); // EndFetchModel will quit the message loop. 270 Mock::VerifyAndClearExpectations(&service); 271 272 // Empty model file. 273 SetModelFetchResponse(std::string(), net::HTTP_OK, 274 net::URLRequestStatus::SUCCESS); 275 EXPECT_CALL(service, EndFetchModel(ClientSideDetectionService::MODEL_EMPTY)) 276 .WillOnce(QuitCurrentMessageLoop()); 277 service.StartFetchModel(); 278 msg_loop_.Run(); // EndFetchModel will quit the message loop. 279 Mock::VerifyAndClearExpectations(&service); 280 281 // Model is too large. 282 SetModelFetchResponse( 283 std::string(ClientSideDetectionService::kMaxModelSizeBytes + 1, 'x'), 284 net::HTTP_OK, net::URLRequestStatus::SUCCESS); 285 EXPECT_CALL(service, EndFetchModel( 286 ClientSideDetectionService::MODEL_TOO_LARGE)) 287 .WillOnce(QuitCurrentMessageLoop()); 288 service.StartFetchModel(); 289 msg_loop_.Run(); // EndFetchModel will quit the message loop. 290 Mock::VerifyAndClearExpectations(&service); 291 292 // Unable to parse the model file. 293 SetModelFetchResponse("Invalid model file", net::HTTP_OK, 294 net::URLRequestStatus::SUCCESS); 295 EXPECT_CALL(service, EndFetchModel( 296 ClientSideDetectionService::MODEL_PARSE_ERROR)) 297 .WillOnce(QuitCurrentMessageLoop()); 298 service.StartFetchModel(); 299 msg_loop_.Run(); // EndFetchModel will quit the message loop. 300 Mock::VerifyAndClearExpectations(&service); 301 302 // Model that is missing some required fields (missing the version field). 303 ClientSideModel model; 304 model.set_max_words_per_term(4); 305 SetModelFetchResponse(model.SerializePartialAsString(), net::HTTP_OK, 306 net::URLRequestStatus::SUCCESS); 307 EXPECT_CALL(service, EndFetchModel( 308 ClientSideDetectionService::MODEL_MISSING_FIELDS)) 309 .WillOnce(QuitCurrentMessageLoop()); 310 service.StartFetchModel(); 311 msg_loop_.Run(); // EndFetchModel will quit the message loop. 312 Mock::VerifyAndClearExpectations(&service); 313 314 // Model that points to hashes that don't exist. 315 model.set_version(10); 316 model.add_hashes("bla"); 317 model.add_page_term(1); // Should be 0 instead of 1. 318 SetModelFetchResponse(model.SerializePartialAsString(), net::HTTP_OK, 319 net::URLRequestStatus::SUCCESS); 320 EXPECT_CALL(service, EndFetchModel( 321 ClientSideDetectionService::MODEL_BAD_HASH_IDS)) 322 .WillOnce(QuitCurrentMessageLoop()); 323 service.StartFetchModel(); 324 msg_loop_.Run(); // EndFetchModel will quit the message loop. 325 Mock::VerifyAndClearExpectations(&service); 326 model.set_page_term(0, 0); 327 328 // Model version number is wrong. 329 model.set_version(-1); 330 SetModelFetchResponse(model.SerializeAsString(), net::HTTP_OK, 331 net::URLRequestStatus::SUCCESS); 332 EXPECT_CALL(service, EndFetchModel( 333 ClientSideDetectionService::MODEL_INVALID_VERSION_NUMBER)) 334 .WillOnce(QuitCurrentMessageLoop()); 335 service.StartFetchModel(); 336 msg_loop_.Run(); // EndFetchModel will quit the message loop. 337 Mock::VerifyAndClearExpectations(&service); 338 339 // Normal model. 340 model.set_version(10); 341 SetModelFetchResponse(model.SerializeAsString(), net::HTTP_OK, 342 net::URLRequestStatus::SUCCESS); 343 EXPECT_CALL(service, EndFetchModel( 344 ClientSideDetectionService::MODEL_SUCCESS)) 345 .WillOnce(QuitCurrentMessageLoop()); 346 service.StartFetchModel(); 347 msg_loop_.Run(); // EndFetchModel will quit the message loop. 348 Mock::VerifyAndClearExpectations(&service); 349 350 // Model version number is decreasing. Set the model version number of the 351 // model that is currently loaded in the service object to 11. 352 service.model_.reset(new ClientSideModel(model)); 353 service.model_->set_version(11); 354 SetModelFetchResponse(model.SerializeAsString(), net::HTTP_OK, 355 net::URLRequestStatus::SUCCESS); 356 EXPECT_CALL(service, EndFetchModel( 357 ClientSideDetectionService::MODEL_INVALID_VERSION_NUMBER)) 358 .WillOnce(QuitCurrentMessageLoop()); 359 service.StartFetchModel(); 360 msg_loop_.Run(); // EndFetchModel will quit the message loop. 361 Mock::VerifyAndClearExpectations(&service); 362 363 // Model version hasn't changed since the last reload. 364 service.model_->set_version(10); 365 SetModelFetchResponse(model.SerializeAsString(), net::HTTP_OK, 366 net::URLRequestStatus::SUCCESS); 367 EXPECT_CALL(service, EndFetchModel( 368 ClientSideDetectionService::MODEL_NOT_CHANGED)) 369 .WillOnce(QuitCurrentMessageLoop()); 370 service.StartFetchModel(); 371 msg_loop_.Run(); // EndFetchModel will quit the message loop. 372 Mock::VerifyAndClearExpectations(&service); 373 } 374 375 TEST_F(ClientSideDetectionServiceTest, ServiceObjectDeletedBeforeCallbackDone) { 376 SetModelFetchResponse("bogus model", net::HTTP_OK, 377 net::URLRequestStatus::SUCCESS); 378 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 379 csd_service_->SetEnabledAndRefreshState(true); 380 EXPECT_TRUE(csd_service_.get() != NULL); 381 // We delete the client-side detection service class even though the callbacks 382 // haven't run yet. 383 csd_service_.reset(); 384 // Waiting for the callbacks to run should not crash even if the service 385 // object is gone. 386 msg_loop_.RunUntilIdle(); 387 } 388 389 TEST_F(ClientSideDetectionServiceTest, SendClientReportPhishingRequest) { 390 SetModelFetchResponse("bogus model", net::HTTP_OK, 391 net::URLRequestStatus::SUCCESS); 392 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 393 csd_service_->SetEnabledAndRefreshState(true); 394 395 GURL url("http://a.com/"); 396 float score = 0.4f; // Some random client score. 397 398 base::Time before = base::Time::Now(); 399 400 // Invalid response body from the server. 401 SetClientReportPhishingResponse("invalid proto response", net::HTTP_OK, 402 net::URLRequestStatus::SUCCESS); 403 EXPECT_FALSE(SendClientReportPhishingRequest(url, score)); 404 405 // Normal behavior. 406 ClientPhishingResponse response; 407 response.set_phishy(true); 408 SetClientReportPhishingResponse(response.SerializeAsString(), net::HTTP_OK, 409 net::URLRequestStatus::SUCCESS); 410 EXPECT_TRUE(SendClientReportPhishingRequest(url, score)); 411 412 // This request will fail 413 GURL second_url("http://b.com/"); 414 response.set_phishy(false); 415 SetClientReportPhishingResponse(response.SerializeAsString(), 416 net::HTTP_INTERNAL_SERVER_ERROR, 417 net::URLRequestStatus::FAILED); 418 EXPECT_FALSE(SendClientReportPhishingRequest(second_url, score)); 419 420 base::Time after = base::Time::Now(); 421 422 // Check that we have recorded all 3 requests within the correct time range. 423 std::queue<base::Time>& report_times = GetPhishingReportTimes(); 424 EXPECT_EQ(3U, report_times.size()); 425 while (!report_times.empty()) { 426 base::Time time = report_times.back(); 427 report_times.pop(); 428 EXPECT_LE(before, time); 429 EXPECT_GE(after, time); 430 } 431 432 // Only the first url should be in the cache. 433 bool is_phishing; 434 EXPECT_TRUE(csd_service_->IsInCache(url)); 435 EXPECT_TRUE(csd_service_->GetValidCachedResult(url, &is_phishing)); 436 EXPECT_TRUE(is_phishing); 437 EXPECT_FALSE(csd_service_->IsInCache(second_url)); 438 } 439 440 TEST_F(ClientSideDetectionServiceTest, SendClientReportMalwareRequest) { 441 SetModelFetchResponse("bogus model", net::HTTP_OK, 442 net::URLRequestStatus::SUCCESS); 443 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 444 csd_service_->SetEnabledAndRefreshState(true); 445 GURL url("http://a.com/"); 446 447 base::Time before = base::Time::Now(); 448 // Invalid response body from the server. 449 SetClientReportMalwareResponse("invalid proto response", net::HTTP_OK, 450 net::URLRequestStatus::SUCCESS); 451 EXPECT_FALSE(SendClientReportMalwareRequest(url)); 452 453 // Missing bad_url. 454 ClientMalwareResponse response; 455 response.set_blacklist(true); 456 SetClientReportMalwareResponse(response.SerializeAsString(), net::HTTP_OK, 457 net::URLRequestStatus::SUCCESS); 458 EXPECT_FALSE(SendClientReportMalwareRequest(url)); 459 460 // Normal behavior. 461 response.set_blacklist(true); 462 response.set_bad_url("http://response-bad.com/"); 463 SetClientReportMalwareResponse(response.SerializeAsString(), net::HTTP_OK, 464 net::URLRequestStatus::SUCCESS); 465 EXPECT_TRUE(SendClientReportMalwareRequest(url)); 466 CheckConfirmedMalwareUrl(GURL("http://response-bad.com/")); 467 468 // This request will fail 469 response.set_blacklist(false); 470 SetClientReportMalwareResponse(response.SerializeAsString(), 471 net::HTTP_INTERNAL_SERVER_ERROR, 472 net::URLRequestStatus::FAILED); 473 EXPECT_FALSE(SendClientReportMalwareRequest(url)); 474 475 // server blacklist decision is false, and response is succesful 476 response.set_blacklist(false); 477 SetClientReportMalwareResponse(response.SerializeAsString(), net::HTTP_OK, 478 net::URLRequestStatus::SUCCESS); 479 EXPECT_FALSE(SendClientReportMalwareRequest(url)); 480 481 // Check that we have recorded all 4 requests within the correct time range. 482 base::Time after = base::Time::Now(); 483 std::queue<base::Time>& report_times = GetMalwareReportTimes(); 484 EXPECT_EQ(4U, report_times.size()); 485 486 // Another normal behavior will fail because of the limit is hit 487 response.set_blacklist(true); 488 SetClientReportMalwareResponse(response.SerializeAsString(), net::HTTP_OK, 489 net::URLRequestStatus::SUCCESS); 490 EXPECT_FALSE(SendClientReportMalwareRequest(url)); 491 492 report_times = GetMalwareReportTimes(); 493 EXPECT_EQ(4U, report_times.size()); 494 while (!report_times.empty()) { 495 base::Time time = report_times.back(); 496 report_times.pop(); 497 EXPECT_LE(before, time); 498 EXPECT_GE(after, time); 499 } 500 } 501 502 TEST_F(ClientSideDetectionServiceTest, GetNumReportTest) { 503 SetModelFetchResponse("bogus model", net::HTTP_OK, 504 net::URLRequestStatus::SUCCESS); 505 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 506 507 std::queue<base::Time>& report_times = GetPhishingReportTimes(); 508 base::Time now = base::Time::Now(); 509 base::TimeDelta twenty_five_hours = base::TimeDelta::FromHours(25); 510 report_times.push(now - twenty_five_hours); 511 report_times.push(now - twenty_five_hours); 512 report_times.push(now); 513 report_times.push(now); 514 515 EXPECT_EQ(2, GetNumReports(&report_times)); 516 } 517 518 TEST_F(ClientSideDetectionServiceTest, CacheTest) { 519 SetModelFetchResponse("bogus model", net::HTTP_OK, 520 net::URLRequestStatus::SUCCESS); 521 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 522 523 TestCache(); 524 } 525 526 TEST_F(ClientSideDetectionServiceTest, IsPrivateIPAddress) { 527 SetModelFetchResponse("bogus model", net::HTTP_OK, 528 net::URLRequestStatus::SUCCESS); 529 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 530 531 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("10.1.2.3")); 532 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("127.0.0.1")); 533 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("172.24.3.4")); 534 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("192.168.1.1")); 535 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("fc00::")); 536 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("fec0::")); 537 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("fec0:1:2::3")); 538 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("::1")); 539 540 EXPECT_FALSE(csd_service_->IsPrivateIPAddress("1.2.3.4")); 541 EXPECT_FALSE(csd_service_->IsPrivateIPAddress("200.1.1.1")); 542 EXPECT_FALSE(csd_service_->IsPrivateIPAddress("2001:0db8:ac10:fe01::")); 543 544 // If the address can't be parsed, the default is true. 545 EXPECT_TRUE(csd_service_->IsPrivateIPAddress("blah")); 546 } 547 548 TEST_F(ClientSideDetectionServiceTest, SetBadSubnets) { 549 ClientSideModel model; 550 ClientSideDetectionService::BadSubnetMap bad_subnets; 551 ClientSideDetectionService::SetBadSubnets(model, &bad_subnets); 552 EXPECT_EQ(0U, bad_subnets.size()); 553 554 // Bad subnets are skipped. 555 ClientSideModel::IPSubnet* subnet = model.add_bad_subnet(); 556 subnet->set_prefix(std::string(crypto::kSHA256Length, '.')); 557 subnet->set_size(130); // Invalid size. 558 559 subnet = model.add_bad_subnet(); 560 subnet->set_prefix(std::string(crypto::kSHA256Length, '.')); 561 subnet->set_size(-1); // Invalid size. 562 563 subnet = model.add_bad_subnet(); 564 subnet->set_prefix(std::string(16, '.')); // Invalid len. 565 subnet->set_size(64); 566 567 ClientSideDetectionService::SetBadSubnets(model, &bad_subnets); 568 EXPECT_EQ(0U, bad_subnets.size()); 569 570 subnet = model.add_bad_subnet(); 571 subnet->set_prefix(std::string(crypto::kSHA256Length, '.')); 572 subnet->set_size(64); 573 574 subnet = model.add_bad_subnet(); 575 subnet->set_prefix(std::string(crypto::kSHA256Length, ',')); 576 subnet->set_size(64); 577 578 subnet = model.add_bad_subnet(); 579 subnet->set_prefix(std::string(crypto::kSHA256Length, '.')); 580 subnet->set_size(128); 581 582 subnet = model.add_bad_subnet(); 583 subnet->set_prefix(std::string(crypto::kSHA256Length, '.')); 584 subnet->set_size(100); 585 586 ClientSideDetectionService::SetBadSubnets(model, &bad_subnets); 587 EXPECT_EQ(3U, bad_subnets.size()); 588 ClientSideDetectionService::BadSubnetMap::const_iterator it; 589 std::string mask = std::string(8, '\xFF') + std::string(8, '\x00'); 590 EXPECT_TRUE(bad_subnets.count(mask)); 591 EXPECT_TRUE(bad_subnets[mask].count(std::string(crypto::kSHA256Length, '.'))); 592 EXPECT_TRUE(bad_subnets[mask].count(std::string(crypto::kSHA256Length, ','))); 593 594 mask = std::string(16, '\xFF'); 595 EXPECT_TRUE(bad_subnets.count(mask)); 596 EXPECT_TRUE(bad_subnets[mask].count(std::string(crypto::kSHA256Length, '.'))); 597 598 mask = std::string(12, '\xFF') + "\xF0" + std::string(3, '\x00'); 599 EXPECT_TRUE(bad_subnets.count(mask)); 600 EXPECT_TRUE(bad_subnets[mask].count(std::string(crypto::kSHA256Length, '.'))); 601 } 602 603 TEST_F(ClientSideDetectionServiceTest, ModelHasValidHashIds) { 604 ClientSideModel model; 605 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 606 model.add_hashes("bla"); 607 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 608 model.add_page_term(0); 609 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 610 611 model.add_page_term(-1); 612 EXPECT_FALSE(ClientSideDetectionService::ModelHasValidHashIds(model)); 613 model.set_page_term(1, 1); 614 EXPECT_FALSE(ClientSideDetectionService::ModelHasValidHashIds(model)); 615 model.set_page_term(1, 0); 616 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 617 618 // Test bad rules. 619 model.add_hashes("blu"); 620 ClientSideModel::Rule* rule = model.add_rule(); 621 rule->add_feature(0); 622 rule->add_feature(1); 623 rule->set_weight(0.1f); 624 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 625 626 rule = model.add_rule(); 627 rule->add_feature(0); 628 rule->add_feature(1); 629 rule->add_feature(-1); 630 rule->set_weight(0.2f); 631 EXPECT_FALSE(ClientSideDetectionService::ModelHasValidHashIds(model)); 632 633 rule->set_feature(2, 2); 634 EXPECT_FALSE(ClientSideDetectionService::ModelHasValidHashIds(model)); 635 636 rule->set_feature(2, 1); 637 EXPECT_TRUE(ClientSideDetectionService::ModelHasValidHashIds(model)); 638 } 639 640 TEST_F(ClientSideDetectionServiceTest, SetEnabledAndRefreshState) { 641 // Check that the model isn't downloaded until the service is enabled. 642 csd_service_.reset(ClientSideDetectionService::Create(NULL)); 643 EXPECT_FALSE(csd_service_->enabled()); 644 EXPECT_TRUE(csd_service_->model_fetcher_.get() == NULL); 645 646 // Use a MockClientSideDetectionService for the rest of the test, to avoid 647 // the scheduling delay. 648 MockClientSideDetectionService* service = 649 new StrictMock<MockClientSideDetectionService>(); 650 csd_service_.reset(service); 651 EXPECT_FALSE(csd_service_->enabled()); 652 EXPECT_TRUE(csd_service_->model_fetcher_.get() == NULL); 653 // No calls expected yet. 654 Mock::VerifyAndClearExpectations(service); 655 656 ClientSideModel model; 657 model.set_version(10); 658 model.set_max_words_per_term(4); 659 SetModelFetchResponse(model.SerializeAsString(), net::HTTP_OK, 660 net::URLRequestStatus::SUCCESS); 661 EXPECT_CALL(*service, ScheduleFetchModel(_)) 662 .WillOnce(Invoke(service, &MockClientSideDetectionService::Schedule)); 663 EXPECT_CALL(*service, EndFetchModel( 664 ClientSideDetectionService::MODEL_SUCCESS)) 665 .WillOnce(QuitCurrentMessageLoop()); 666 csd_service_->SetEnabledAndRefreshState(true); 667 EXPECT_TRUE(csd_service_->model_fetcher_.get() != NULL); 668 msg_loop_.Run(); // EndFetchModel will quit the message loop. 669 Mock::VerifyAndClearExpectations(service); 670 671 // Check that enabling again doesn't request the model. 672 csd_service_->SetEnabledAndRefreshState(true); 673 // No calls expected. 674 Mock::VerifyAndClearExpectations(service); 675 676 // Check that disabling the service cancels pending requests. 677 EXPECT_CALL(*service, ScheduleFetchModel(_)) 678 .WillOnce(Invoke(service, &MockClientSideDetectionService::Schedule)); 679 csd_service_->SetEnabledAndRefreshState(false); 680 csd_service_->SetEnabledAndRefreshState(true); 681 Mock::VerifyAndClearExpectations(service); 682 EXPECT_TRUE(csd_service_->model_fetcher_.get() != NULL); 683 csd_service_->SetEnabledAndRefreshState(false); 684 EXPECT_TRUE(csd_service_->model_fetcher_.get() == NULL); 685 msg_loop_.RunUntilIdle(); 686 // No calls expected. 687 Mock::VerifyAndClearExpectations(service); 688 689 // Requests always return false when the service is disabled. 690 ClientPhishingResponse response; 691 response.set_phishy(true); 692 SetClientReportPhishingResponse(response.SerializeAsString(), net::HTTP_OK, 693 net::URLRequestStatus::SUCCESS); 694 EXPECT_FALSE(SendClientReportPhishingRequest(GURL("http://a.com/"), 0.4f)); 695 696 // Pending requests also return false if the service is disabled before they 697 // report back. 698 EXPECT_CALL(*service, ScheduleFetchModel(_)) 699 .WillOnce(Invoke(service, &MockClientSideDetectionService::Schedule)); 700 EXPECT_CALL(*service, EndFetchModel( 701 ClientSideDetectionService::MODEL_NOT_CHANGED)) 702 .WillOnce(Invoke(service, &MockClientSideDetectionService::Disable)); 703 csd_service_->SetEnabledAndRefreshState(true); 704 EXPECT_FALSE(SendClientReportPhishingRequest(GURL("http://a.com/"), 0.4f)); 705 Mock::VerifyAndClearExpectations(service); 706 } 707 } // namespace safe_browsing 708