Google Git
Sign in
chromium / chromium / src / d03e48a67c3f509078e1c237f8ff2285e3fe6b8c / . / android_webview / browser / safe_browsing / aw_safe_browsing_allowlist_manager_unittest.cc
blob: a9daea8ac8aa448e80b811125c8af2a24c2d190b [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "android_webview/browser/safe_browsing/aw_safe_browsing_allowlist_manager.h"
#include <memory>
#include <utility>
#include "base/bind.h"
#include "base/callback.h"
#include "base/run_loop.h"
#include "base/test/task_environment.h"
#include "base/threading/thread_task_runner_handle.h"
#include "base/values.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
namespace android_webview {
class AwSafeBrowsingAllowlistManagerTest : public testing::Test {
protected:
AwSafeBrowsingAllowlistManagerTest() {}
void SetUp() override {
wm_ = std::make_unique<AwSafeBrowsingAllowlistManager>(
base::ThreadTaskRunnerHandle::Get(),
base::ThreadTaskRunnerHandle::Get());
}
void TearDown() override { wm_.reset(); }
void SetAllowlist(std::vector<std::string>&& allowlist, bool expected);
base::test::SingleThreadTaskEnvironment task_environment_{
base::test::SingleThreadTaskEnvironment::MainThreadType::IO};
std::unique_ptr<AwSafeBrowsingAllowlistManager> wm_;
};
void VerifyAllowlistCallback(bool expected, bool success) {
EXPECT_EQ(expected, success);
}
void AwSafeBrowsingAllowlistManagerTest::SetAllowlist(
std::vector<std::string>&& allowlist,
bool expected) {
wm_->SetAllowlistOnUIThread(
std::move(allowlist), base::BindOnce(&VerifyAllowlistCallback, expected));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, WsSchemeCanBeAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("wss://google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, HttpSchemeCanBeAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("https://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com:80")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com:123")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com:443")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, WsSchemeCanBeAllowlistedExactMatch) {
std::vector<std::string> allowlist;
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("wss://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com:80")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com:123")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com:443")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, ExactMatchWorks) {
std::vector<std::string> allowlist;
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("https://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("wss://google.com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("ws://a.google.com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("wss://a.google.com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("ws://com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("wss://oogle.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, SchemeInAllowlistIsInvalid) {
std::vector<std::string> allowlist;
allowlist.push_back("http://google.com");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
NonStandardSchemeInAllowlistIsInvalid) {
std::vector<std::string> allowlist;
allowlist.push_back("data:google.com");
allowlist.push_back("mailto:google.com");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, PortInAllowlistIsInvalid) {
std::vector<std::string> allowlist;
allowlist.push_back("www.google.com:123");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://www.google.com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://www.google.com:123")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, PathInAllowlistIsInvalid) {
std::vector<std::string> allowlist;
allowlist.push_back("www.google.com/123");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://www.google.com/123")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://www.google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, PathQueryAndReferenceWorks) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a/b")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com?test=1")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a#a100")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, TrailingDotInRuleWorks) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com.");
allowlist.push_back("example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com.")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, DomainNameEmbeddedInPathIsIgnored) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://example.com/google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, URLsWithEmbeddedUserNamePassword) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://user1:pass@google.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, AllowlistsWithPunycodeWorks) {
std::vector<std::string> allowlist;
allowlist.push_back("㯙㯜㯙㯟.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://xn--domain.com")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
PathQueryAndReferenceWorksWithLeadingDot) {
std::vector<std::string> allowlist;
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a/b")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com?test=1")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/a#a100")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
SubdomainsAreAllowedWhenNoLeadingDots) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.a.google.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
SubdomainsAreNotAllowedWhenLeadingDots) {
std::vector<std::string> allowlist;
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://b.a.google.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
MatchSubdomainsInMultipleAllowlists) {
std::vector<std::string> allowlist;
allowlist.push_back("a.google.com");
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://b.google.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, TestLeadingDotInGURL) {
std::vector<std::string> allowlist;
allowlist.push_back("a.google.com");
allowlist.push_back(".google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://.a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://.b.a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://.google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://.b.google.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyTLDsAreNotSpecial) {
std::vector<std::string> allowlist;
allowlist.push_back(".com");
allowlist.push_back("co");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.a.google.co/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://com/")));
}
// It seems GURL is happy to accept "*" in hostname literal. Since we rely
// on GURL host validation, just be consistent on that but make sure
// that does not wildcard all the domains.
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyStarDoesNotWildcardDomains) {
std::vector<std::string> allowlist;
allowlist.push_back("*.com");
allowlist.push_back("*co");
allowlist.push_back("b.a.*.co");
allowlist.push_back("b.*.*.co");
allowlist.push_back("b.*");
allowlist.push_back("c*");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://b.a.google.co/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://com/")));
allowlist.clear();
allowlist.push_back("*");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://*/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyPrefixOrSuffixOfDomains) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://ogle.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://agoogle.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyIPV4CanBeAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
allowlist.push_back("192.168.1.1");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://192.168.1.1/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyIPV4IsNotSegmented) {
std::vector<std::string> allowlist;
allowlist.push_back("192.168.1.1");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://192.168.1.1/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://1.192.168.1.1/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://192.168.1.0/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyLeadingDotInIPV4IsNotValid) {
std::vector<std::string> allowlist;
allowlist.push_back(".192.168.1.1");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://192.168.1.1/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://1.192.168.1.1/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyMultipleIPV4Works) {
std::vector<std::string> allowlist;
allowlist.push_back("192.168.1.1");
allowlist.push_back("192.168.1.2");
allowlist.push_back("194.168.1.1");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://192.168.1.1/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://192.168.1.2/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://194.168.1.1/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("https://194.168.1.1/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://194.168.1.1:443/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyIPV6CanBeAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("[10:20:30:40:50:60:70:80]");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://[10:20:30:40:50:60:70:80]")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyIPV6CannotBeAllowlistedIfBroken) {
std::vector<std::string> allowlist;
allowlist.push_back("[10:20:30:40:50:60:]");
SetAllowlist(std::move(allowlist), false);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://[10:20:30:40:50:60:70:80]")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyIPV6WithZerosCanBeAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("[20:0:0:0:0:0:0:0]");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://[20:0:0:0:0:0:0:0]")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyCapitalizationDoesNotMatter) {
std::vector<std::string> allowlist;
allowlist.push_back("A.goOGle.Com");
allowlist.push_back(".GOOGLE.COM");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://b.google.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyAllowlistingWorksWhenDomainSuffixesMatch1) {
std::vector<std::string> allowlist;
allowlist.push_back("com");
allowlist.push_back("example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://com/")));
}
// Same as verifyAllowlistingWorksWhenDomainSuffixesMatch1 but order reversed.
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyAllowlistingWorksWhenDomainSuffixesMatch2) {
std::vector<std::string> allowlist;
allowlist.push_back("example.com");
allowlist.push_back("com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyAllowlistingWorksWhenDomainSuffixesMatchWithLeadingDots1) {
std::vector<std::string> allowlist;
allowlist.push_back(".com");
allowlist.push_back("example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://com/")));
}
// Same as VerifyAllowlistingWorksWhenDomainSuffixesMatchWithLeadingDots2
// but order reversed.
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyAllowlistingWorksWhenDomainSuffixesMatchWithLeadingDots2) {
std::vector<std::string> allowlist;
allowlist.push_back("example.com");
allowlist.push_back(".com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://a.google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://com/")));
}
// Verify that a more general rule won't be rendered useless by a rule that
// more closely matches. For example if "com" is a rule to allowlist all com
// subdomains, a later rule for .example.com should not make a.example.com a
// no match.
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyAnExactMatchRuleCanBeOverwrittenByAMoreGeneralNonExactMatchRule) {
std::vector<std::string> allowlist;
allowlist.push_back("com");
allowlist.push_back(".example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifySubdomainMatchWinsIfRuleIsEnteredWithAndWithoutSubdomainMatch) {
std::vector<std::string> allowlist;
allowlist.push_back("example.com");
allowlist.push_back(".example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
allowlist = std::vector<std::string>();
allowlist.push_back(".example.com");
allowlist.push_back("example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyOrderOfRuleEntryDoesNotChangeExpectations) {
std::vector<std::string> allowlist;
allowlist.push_back("b.example.com");
allowlist.push_back(".example.com");
allowlist.push_back("example.com");
allowlist.push_back("a.example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://com/")));
allowlist = std::vector<std::string>();
allowlist.push_back("a.example.com");
allowlist.push_back("example.com");
allowlist.push_back(".example.com");
allowlist.push_back("b.example.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://a.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://b.example.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://example.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("http://com/")));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest, VerifyInvalidUrlsAreNotAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
GURL url = GURL("");
EXPECT_FALSE(url.is_valid());
EXPECT_FALSE(wm_->IsUrlAllowed(url));
url = GURL("http;??www.google.com");
EXPECT_FALSE(url.is_valid());
EXPECT_FALSE(wm_->IsUrlAllowed(url));
}
TEST_F(AwSafeBrowsingAllowlistManagerTest,
VerifyUrlsWithoutHostAreNotAllowlisted) {
std::vector<std::string> allowlist;
allowlist.push_back("google.com");
SetAllowlist(std::move(allowlist), true);
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("file:///google.com/test")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("mailto:google.com/")));
EXPECT_FALSE(wm_->IsUrlAllowed(GURL("data:google.com/")));
// However FTP, HTTP and WS should work
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ftp://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("http://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("ws://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("https://google.com/")));
EXPECT_TRUE(wm_->IsUrlAllowed(GURL("wss://google.com/")));
}
} // namespace android_webview