1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/safe_browsing/binary_feature_extractor.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/base_paths.h" 11 #include "base/files/file_path.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/path_service.h" 14 #include "chrome/common/chrome_paths.h" 15 #include "chrome/common/safe_browsing/csd.pb.h" 16 #include "net/cert/x509_cert_types.h" 17 #include "net/cert/x509_certificate.h" 18 #include "testing/gtest/include/gtest/gtest.h" 19 20 namespace safe_browsing { 21 22 class BinaryFeatureExtractorWinTest : public testing::Test { 23 protected: 24 virtual void SetUp() OVERRIDE { 25 base::FilePath source_path; 26 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &source_path)); 27 testdata_path_ = source_path 28 .AppendASCII("safe_browsing") 29 .AppendASCII("download_protection"); 30 31 binary_feature_extractor_ = new BinaryFeatureExtractor(); 32 } 33 34 // Given a certificate chain protobuf, parse it into X509Certificates. 35 void ParseCertificateChain( 36 const ClientDownloadRequest_CertificateChain& chain, 37 std::vector<scoped_refptr<net::X509Certificate> >* certs) { 38 for (int i = 0; i < chain.element_size(); ++i) { 39 certs->push_back( 40 net::X509Certificate::CreateFromBytes( 41 chain.element(i).certificate().data(), 42 chain.element(i).certificate().size())); 43 } 44 } 45 46 base::FilePath testdata_path_; 47 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_; 48 }; 49 50 TEST_F(BinaryFeatureExtractorWinTest, UntrustedSignedBinary) { 51 // signed.exe is signed by an untrusted root CA. 52 ClientDownloadRequest_SignatureInfo signature_info; 53 binary_feature_extractor_->CheckSignature( 54 testdata_path_.Append(L"signed.exe"), 55 &signature_info); 56 ASSERT_EQ(1, signature_info.certificate_chain_size()); 57 std::vector<scoped_refptr<net::X509Certificate> > certs; 58 ParseCertificateChain(signature_info.certificate_chain(0), &certs); 59 ASSERT_EQ(2, certs.size()); 60 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name); 61 EXPECT_EQ("Root Agency", certs[1]->subject().common_name); 62 63 EXPECT_TRUE(signature_info.has_trusted()); 64 EXPECT_FALSE(signature_info.trusted()); 65 } 66 67 TEST_F(BinaryFeatureExtractorWinTest, TrustedBinary) { 68 // wow_helper.exe is signed using Google's signing certifiacte. 69 ClientDownloadRequest_SignatureInfo signature_info; 70 binary_feature_extractor_->CheckSignature( 71 testdata_path_.Append(L"wow_helper.exe"), 72 &signature_info); 73 ASSERT_EQ(1, signature_info.certificate_chain_size()); 74 std::vector<scoped_refptr<net::X509Certificate> > certs; 75 ParseCertificateChain(signature_info.certificate_chain(0), &certs); 76 ASSERT_EQ(3, certs.size()); 77 78 EXPECT_EQ("Google Inc", certs[0]->subject().common_name); 79 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA", 80 certs[1]->subject().common_name); 81 EXPECT_EQ("Class 3 Public Primary Certification Authority", 82 certs[2]->subject().organization_unit_names[0]); 83 84 EXPECT_TRUE(signature_info.trusted()); 85 } 86 87 TEST_F(BinaryFeatureExtractorWinTest, UnsignedBinary) { 88 // unsigned.exe has no signature information. 89 ClientDownloadRequest_SignatureInfo signature_info; 90 binary_feature_extractor_->CheckSignature( 91 testdata_path_.Append(L"unsigned.exe"), 92 &signature_info); 93 EXPECT_EQ(0, signature_info.certificate_chain_size()); 94 EXPECT_FALSE(signature_info.has_trusted()); 95 } 96 97 TEST_F(BinaryFeatureExtractorWinTest, NonExistentBinary) { 98 // Test a file that doesn't exist. 99 ClientDownloadRequest_SignatureInfo signature_info; 100 binary_feature_extractor_->CheckSignature( 101 testdata_path_.Append(L"doesnotexist.exe"), 102 &signature_info); 103 EXPECT_EQ(0, signature_info.certificate_chain_size()); 104 EXPECT_FALSE(signature_info.has_trusted()); 105 } 106 107 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersNoFile) { 108 // Test extracting headers from a file that doesn't exist. 109 ClientDownloadRequest_ImageHeaders image_headers; 110 binary_feature_extractor_->ExtractImageHeaders( 111 testdata_path_.AppendASCII("this_file_does_not_exist"), 112 &image_headers); 113 EXPECT_FALSE(image_headers.has_pe_headers()); 114 } 115 116 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersNonImage) { 117 // Test extracting headers from something that is not a PE image. 118 ClientDownloadRequest_ImageHeaders image_headers; 119 binary_feature_extractor_->ExtractImageHeaders( 120 testdata_path_.AppendASCII("simple_exe.cc"), 121 &image_headers); 122 EXPECT_FALSE(image_headers.has_pe_headers()); 123 } 124 125 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeaders) { 126 // Test extracting headers from something that is a PE image. 127 ClientDownloadRequest_ImageHeaders image_headers; 128 binary_feature_extractor_->ExtractImageHeaders( 129 testdata_path_.AppendASCII("unsigned.exe"), 130 &image_headers); 131 EXPECT_TRUE(image_headers.has_pe_headers()); 132 const ClientDownloadRequest_PEImageHeaders& pe_headers = 133 image_headers.pe_headers(); 134 EXPECT_TRUE(pe_headers.has_dos_header()); 135 EXPECT_TRUE(pe_headers.has_file_header()); 136 EXPECT_TRUE(pe_headers.has_optional_headers32()); 137 EXPECT_FALSE(pe_headers.has_optional_headers64()); 138 EXPECT_NE(0, pe_headers.section_header_size()); 139 EXPECT_FALSE(pe_headers.has_export_section_data()); 140 EXPECT_EQ(0, pe_headers.debug_data_size()); 141 } 142 143 TEST_F(BinaryFeatureExtractorWinTest, ExtractImageHeadersWithDebugData) { 144 // Test extracting headers from something that is a PE image with debug data. 145 ClientDownloadRequest_ImageHeaders image_headers; 146 binary_feature_extractor_->ExtractImageHeaders( 147 testdata_path_.DirName().AppendASCII("module_with_exports_x86.dll"), 148 &image_headers); 149 EXPECT_TRUE(image_headers.has_pe_headers()); 150 const ClientDownloadRequest_PEImageHeaders& pe_headers = 151 image_headers.pe_headers(); 152 EXPECT_TRUE(pe_headers.has_dos_header()); 153 EXPECT_TRUE(pe_headers.has_file_header()); 154 EXPECT_TRUE(pe_headers.has_optional_headers32()); 155 EXPECT_FALSE(pe_headers.has_optional_headers64()); 156 EXPECT_NE(0, pe_headers.section_header_size()); 157 EXPECT_TRUE(pe_headers.has_export_section_data()); 158 EXPECT_EQ(1U, pe_headers.debug_data_size()); 159 } 160 161 } // namespace safe_browsing 162