ios/chrome/browser/ssl/ios_security_state_tab_helper_unittest.mm - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #import "ios/chrome/browser/ssl/ios_security_state_tab_helper.h"

 #include "components/security_state/core/security_state.h"
 #include "ios/chrome/browser/browser_state/test_chrome_browser_state.h"
 #import "ios/chrome/browser/ssl/insecure_input_tab_helper.h"
 #import "ios/chrome/browser/web/chrome_web_test.h"
 #import "ios/web/public/navigation_item.h"
 #import "ios/web/public/navigation_manager.h"
 #include "ios/web/public/ssl_status.h"
 #import "ios/web/public/test/web_test_with_web_state.h"

 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
 #endif

 // This test fixture enables Incognito mode and creates an
 // IOSSecurityStateTabHelper for the WebState.
 class IOSSecurityStateTabHelperIncognitoTest : public ChromeWebTest {
  protected:
   void SetUp() override {
     ChromeWebTest::SetUp();
     ASSERT_TRUE(web_state()->GetBrowserState()->IsOffTheRecord());
     IOSSecurityStateTabHelper::CreateForWebState(web_state());
   }

   // Returns the SecurityInfo for current WebState().
   void GetSecurityInfo(security_state::SecurityInfo* result) const {
     IOSSecurityStateTabHelper::FromWebState(web_state())
         ->GetSecurityInfo(result);
   }

   // WebTest
   web::BrowserState* GetBrowserState() override {
     return chrome_browser_state_->GetOffTheRecordChromeBrowserState();
   }
 };

 // Ensures that the security level of an HTTPS page loaded in Incognito mode
 // is not downgraded.
 TEST_F(IOSSecurityStateTabHelperIncognitoTest,
        SecurityInfoNotDowngradedForHTTPS) {
   LoadHtml(@"<html><body></body></html>", GURL("https://chromium.test"));
   security_state::SecurityInfo security_info;
   GetSecurityInfo(&security_info);
   EXPECT_FALSE(security_info.incognito_downgraded_security_level);
 }

 // Ensures that the security level of an HTTP page loaded in Incognito mode
 // is downgraded.
 TEST_F(IOSSecurityStateTabHelperIncognitoTest, SecurityInfoDowngradedForHTTP) {
   LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
   security_state::SecurityInfo security_info;
   GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
 }

 // This test fixture creates an IOSSecurityStateTabHelper and an
 // InsecureInputTabHelper for the WebState, then loads a non-secure
 // HTML document.
 class IOSSecurityStateTabHelperTest : public web::WebTestWithWebState {
  protected:
   void SetUp() override {
     web::WebTestWithWebState::SetUp();
     InsecureInputTabHelper::CreateForWebState(web_state());
     insecure_input_ = InsecureInputTabHelper::FromWebState(web_state());
     ASSERT_TRUE(insecure_input_);

     IOSSecurityStateTabHelper::CreateForWebState(web_state());
     LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
   }

   // Returns the InsecureInputEventData for current WebState().
   security_state::InsecureInputEventData GetInsecureInputEventData() const {
     security_state::SecurityInfo info;
     IOSSecurityStateTabHelper::FromWebState(web_state())
         ->GetSecurityInfo(&info);
     return info.insecure_input_events;
   }

   InsecureInputTabHelper* insecure_input() { return insecure_input_; }

  private:
   InsecureInputTabHelper* insecure_input_;
 };

 // Ensures that an HTTP page in non-Incognito mode does not downgrade to
 // non-secure.
 TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoNotDowngradedInNonIncognito) {
   LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
   security_state::SecurityInfo security_info;
   IOSSecurityStateTabHelper::FromWebState(web_state())
       ->GetSecurityInfo(&security_info);
   EXPECT_FALSE(security_info.incognito_downgraded_security_level);
 }

 // Ensures that |insecure_field_edited| is set only when an editing event has
 // been reported.
 TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoAfterEditing) {
   // Verify |insecure_field_edited| is not set prematurely.
   security_state::InsecureInputEventData events = GetInsecureInputEventData();
   EXPECT_FALSE(events.insecure_field_edited);

   // Simulate an edit and verify |insecure_field_edited| is noted in the
   // insecure_input_events.
   insecure_input()->DidEditFieldInInsecureContext();
   events = GetInsecureInputEventData();
   EXPECT_TRUE(events.insecure_field_edited);
 }

 // Ensures that |password_field_shown| is set only when a password field has
 // been reported.
 TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoWithInsecurePasswordField) {
   // Verify |password_field_shown| is not set prematurely.
   security_state::InsecureInputEventData events = GetInsecureInputEventData();
   EXPECT_FALSE(events.password_field_shown);

   // Simulate a password field display and verify |password_field_shown|
   // is noted in the insecure_input_events.
   insecure_input()->DidShowPasswordFieldInInsecureContext();
   events = GetInsecureInputEventData();
   EXPECT_TRUE(events.password_field_shown);
 }

 // Ensures that |credit_card_field_edited| is set only when a credit card field
 // interaction has been reported.
 TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoWithInsecureCreditCardField) {
   // Verify |credit_card_field_edited| is not set prematurely.
   security_state::InsecureInputEventData events = GetInsecureInputEventData();
   EXPECT_FALSE(events.credit_card_field_edited);

   // Simulate a credit card field display and verify |credit_card_field_edited|
   // is noted in the insecure_input_events.
   insecure_input()->DidInteractWithNonsecureCreditCardInput();
   events = GetInsecureInputEventData();
   EXPECT_TRUE(events.credit_card_field_edited);
 }

 // Ensures that re-navigating to the same page does not keep
 // |insecure_field_set| set.
 TEST_F(IOSSecurityStateTabHelperTest, InsecureInputClearedOnRenavigation) {
   // Simulate an edit and verify |insecure_field_edited| is noted in the
   // insecure_input_events.
   insecure_input()->DidEditFieldInInsecureContext();
   security_state::InsecureInputEventData events = GetInsecureInputEventData();
   EXPECT_TRUE(events.insecure_field_edited);

   // Navigate to the same page again.
   LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
   events = GetInsecureInputEventData();
   EXPECT_FALSE(events.insecure_field_edited);
 }
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#import "ios/chrome/browser/ssl/ios_security_state_tab_helper.h"

	#include "components/security_state/core/security_state.h"
	#include "ios/chrome/browser/browser_state/test_chrome_browser_state.h"
	#import "ios/chrome/browser/ssl/insecure_input_tab_helper.h"
	#import "ios/chrome/browser/web/chrome_web_test.h"
	#import "ios/web/public/navigation_item.h"
	#import "ios/web/public/navigation_manager.h"
	#include "ios/web/public/ssl_status.h"
	#import "ios/web/public/test/web_test_with_web_state.h"

	#if !defined(__has_feature) \|\| !__has_feature(objc_arc)
	#error "This file requires ARC support."
	#endif

	// This test fixture enables Incognito mode and creates an
	// IOSSecurityStateTabHelper for the WebState.
	class IOSSecurityStateTabHelperIncognitoTest : public ChromeWebTest {
	protected:
	void SetUp() override {
	ChromeWebTest::SetUp();
	ASSERT_TRUE(web_state()->GetBrowserState()->IsOffTheRecord());
	IOSSecurityStateTabHelper::CreateForWebState(web_state());
	}

	// Returns the SecurityInfo for current WebState().
	void GetSecurityInfo(security_state::SecurityInfo* result) const {
	IOSSecurityStateTabHelper::FromWebState(web_state())
	->GetSecurityInfo(result);
	}

	// WebTest
	web::BrowserState* GetBrowserState() override {
	return chrome_browser_state_->GetOffTheRecordChromeBrowserState();
	}
	};

	// Ensures that the security level of an HTTPS page loaded in Incognito mode
	// is not downgraded.
	TEST_F(IOSSecurityStateTabHelperIncognitoTest,
	SecurityInfoNotDowngradedForHTTPS) {
	LoadHtml(@"<html><body></body></html>", GURL("https://chromium.test"));
	security_state::SecurityInfo security_info;
	GetSecurityInfo(&security_info);
	EXPECT_FALSE(security_info.incognito_downgraded_security_level);
	}

	// Ensures that the security level of an HTTP page loaded in Incognito mode
	// is downgraded.
	TEST_F(IOSSecurityStateTabHelperIncognitoTest, SecurityInfoDowngradedForHTTP) {
	LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
	security_state::SecurityInfo security_info;
	GetSecurityInfo(&security_info);
	EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
	}

	// This test fixture creates an IOSSecurityStateTabHelper and an
	// InsecureInputTabHelper for the WebState, then loads a non-secure
	// HTML document.
	class IOSSecurityStateTabHelperTest : public web::WebTestWithWebState {
	protected:
	void SetUp() override {
	web::WebTestWithWebState::SetUp();
	InsecureInputTabHelper::CreateForWebState(web_state());
	insecure_input_ = InsecureInputTabHelper::FromWebState(web_state());
	ASSERT_TRUE(insecure_input_);

	IOSSecurityStateTabHelper::CreateForWebState(web_state());
	LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
	}

	// Returns the InsecureInputEventData for current WebState().
	security_state::InsecureInputEventData GetInsecureInputEventData() const {
	security_state::SecurityInfo info;
	IOSSecurityStateTabHelper::FromWebState(web_state())
	->GetSecurityInfo(&info);
	return info.insecure_input_events;
	}

	InsecureInputTabHelper* insecure_input() { return insecure_input_; }

	private:
	InsecureInputTabHelper* insecure_input_;
	};

	// Ensures that an HTTP page in non-Incognito mode does not downgrade to
	// non-secure.
	TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoNotDowngradedInNonIncognito) {
	LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
	security_state::SecurityInfo security_info;
	IOSSecurityStateTabHelper::FromWebState(web_state())
	->GetSecurityInfo(&security_info);
	EXPECT_FALSE(security_info.incognito_downgraded_security_level);
	}

	// Ensures that \|insecure_field_edited\| is set only when an editing event has
	// been reported.
	TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoAfterEditing) {
	// Verify \|insecure_field_edited\| is not set prematurely.
	security_state::InsecureInputEventData events = GetInsecureInputEventData();
	EXPECT_FALSE(events.insecure_field_edited);

	// Simulate an edit and verify \|insecure_field_edited\| is noted in the
	// insecure_input_events.
	insecure_input()->DidEditFieldInInsecureContext();
	events = GetInsecureInputEventData();
	EXPECT_TRUE(events.insecure_field_edited);
	}

	// Ensures that \|password_field_shown\| is set only when a password field has
	// been reported.
	TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoWithInsecurePasswordField) {
	// Verify \|password_field_shown\| is not set prematurely.
	security_state::InsecureInputEventData events = GetInsecureInputEventData();
	EXPECT_FALSE(events.password_field_shown);

	// Simulate a password field display and verify \|password_field_shown\|
	// is noted in the insecure_input_events.
	insecure_input()->DidShowPasswordFieldInInsecureContext();
	events = GetInsecureInputEventData();
	EXPECT_TRUE(events.password_field_shown);
	}

	// Ensures that \|credit_card_field_edited\| is set only when a credit card field
	// interaction has been reported.
	TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoWithInsecureCreditCardField) {
	// Verify \|credit_card_field_edited\| is not set prematurely.
	security_state::InsecureInputEventData events = GetInsecureInputEventData();
	EXPECT_FALSE(events.credit_card_field_edited);

	// Simulate a credit card field display and verify \|credit_card_field_edited\|
	// is noted in the insecure_input_events.
	insecure_input()->DidInteractWithNonsecureCreditCardInput();
	events = GetInsecureInputEventData();
	EXPECT_TRUE(events.credit_card_field_edited);
	}

	// Ensures that re-navigating to the same page does not keep
	// \|insecure_field_set\| set.
	TEST_F(IOSSecurityStateTabHelperTest, InsecureInputClearedOnRenavigation) {
	// Simulate an edit and verify \|insecure_field_edited\| is noted in the
	// insecure_input_events.
	insecure_input()->DidEditFieldInInsecureContext();
	security_state::InsecureInputEventData events = GetInsecureInputEventData();
	EXPECT_TRUE(events.insecure_field_edited);

	// Navigate to the same page again.
	LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
	events = GetInsecureInputEventData();
	EXPECT_FALSE(events.insecure_field_edited);
	}