1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "base/strings/stringprintf.h"
6#include "chrome/common/safe_browsing/safebrowsing_messages.h"
7#include "chrome/renderer/safe_browsing/malware_dom_details.h"
8#include "chrome/test/base/chrome_render_view_test.h"
9#include "net/base/escape.h"
10
11typedef ChromeRenderViewTest MalwareDOMDetailsTest;
12
13
14TEST_F(MalwareDOMDetailsTest, Everything) {
15  scoped_ptr<safe_browsing::MalwareDOMDetails> details(
16      safe_browsing::MalwareDOMDetails::Create(view_));
17  // Lower kMaxNodes for the test. Loading 500 subframes in a
18  // debug build takes a while.
19  details->kMaxNodes = 50;
20
21  const char* urlprefix = "data:text/html;charset=utf-8,";
22
23  { // An page with an internal script
24    std::string html = "<html><head><script></script></head></html>";
25    LoadHTML(html.c_str());
26    std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node> params;
27    details->ExtractResources(&params);
28    ASSERT_EQ(1u, params.size());
29    EXPECT_EQ(GURL(urlprefix + html), params[0].url);
30  }
31
32  { // A page with 2 external scripts.
33    // Note: This part of the test causes 2 leaks: LEAK: 5 WebCoreNode
34    // LEAK: 2 CachedResource.
35    GURL script1_url("data:text/javascript;charset=utf-8,var a=1;");
36    GURL script2_url("data:text/javascript;charset=utf-8,var b=2;");
37    std::string html = "<html><head><script src=\"" + script1_url.spec() +
38        "\"></script><script src=\"" + script2_url.spec() +
39        "\"></script></head></html>";
40    GURL url(urlprefix + html);
41
42    LoadHTML(html.c_str());
43    std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node> params;
44    details->ExtractResources(&params);
45    ASSERT_EQ(3u, params.size());
46    EXPECT_EQ(script1_url, params[0].url);
47    EXPECT_EQ("SCRIPT", params[0].tag_name);
48    EXPECT_EQ(script2_url, params[1].url);
49    EXPECT_EQ("SCRIPT", params[0].tag_name);
50    EXPECT_EQ(url, params[2].url);
51  }
52
53  { // A page with an iframe which in turn contains an iframe.
54    //  html
55    //   \ iframe1
56    //    \ iframe2
57    std::string iframe2_html = "<html><body>iframe2</body></html>";
58    GURL iframe2_url(urlprefix + iframe2_html);
59    std::string iframe1_html = "<iframe src=\"" + net::EscapeForHTML(
60        iframe2_url.spec()) + "\"></iframe>";
61    GURL iframe1_url(urlprefix + iframe1_html);
62    std::string html = "<html><head><iframe src=\"" + net::EscapeForHTML(
63        iframe1_url.spec()) + "\"></iframe></head></html>";
64    GURL url(urlprefix + html);
65
66    LoadHTML(html.c_str());
67    std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node> params;
68    details->ExtractResources(&params);
69    ASSERT_EQ(5u, params.size());
70
71    EXPECT_EQ(iframe1_url, params[0].url);
72    EXPECT_EQ(url, params[0].parent);
73    EXPECT_EQ(0u, params[0].children.size());
74    EXPECT_EQ("IFRAME", params[0].tag_name);
75
76    EXPECT_EQ(url, params[1].url);
77    EXPECT_EQ(GURL(), params[1].parent);
78    EXPECT_EQ(1u, params[1].children.size());
79    EXPECT_EQ(iframe1_url, params[1].children[0]);
80
81    EXPECT_EQ(iframe2_url, params[2].url);
82    EXPECT_EQ(iframe1_url, params[2].parent);
83    EXPECT_EQ(0u, params[2].children.size());
84    EXPECT_EQ("IFRAME", params[2].tag_name);
85
86    // The frames are added twice, once with the correct parent and tagname
87    // and once with the correct children. The caller in the browser
88    // is responsible for merging.
89    EXPECT_EQ(iframe1_url, params[3].url);
90    EXPECT_EQ(GURL(), params[3].parent);
91    EXPECT_EQ(1u, params[3].children.size());
92    EXPECT_EQ(iframe2_url, params[3].children[0]);
93
94    EXPECT_EQ(iframe2_url, params[4].url);
95    EXPECT_EQ(GURL(), params[4].parent);
96    EXPECT_EQ(0u, params[4].children.size());
97  }
98
99  { // >50 subframes, to verify kMaxNodes.
100    std::string html;
101    for (int i = 0; i < 55; ++i) {
102      // The iframe contents is just a number.
103      GURL iframe_url(base::StringPrintf("%s%d", urlprefix, i));
104      html += "<iframe src=\"" + net::EscapeForHTML(iframe_url.spec()) +
105          "\"></iframe>";
106    }
107    GURL url(urlprefix + html);
108
109    LoadHTML(html.c_str());
110    std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node> params;
111    details->ExtractResources(&params);
112    ASSERT_EQ(51u, params.size());
113  }
114
115  { // A page with >50 scripts, to verify kMaxNodes.
116    std::string html;
117    for (int i = 0; i < 55; ++i) {
118      // The iframe contents is just a number.
119      GURL script_url(base::StringPrintf("%s%d", urlprefix, i));
120      html += "<script src=\"" + net::EscapeForHTML(script_url.spec()) +
121          "\"></script>";
122    }
123    GURL url(urlprefix + html);
124
125    LoadHTML(html.c_str());
126    std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node> params;
127    details->ExtractResources(&params);
128    ASSERT_EQ(51u, params.size());
129  }
130
131}
132