[iOS] Add EG tests for real-time Safe Browsing

This adds integration tests for real-time Safe Browsing checks. In order to test real-time lookups without making network requests to Safe Browsing servers, this adds a "--mark_as_real_time_phishing" command-line flag for treating a given URL as unsafe. This works by adding an unsafe verdict for this URL to VerdictCacheManager. This also adds a "--mark_as_allowed" command-line flag for treating a URL as safe according to the allowlist used by real-time lookups. Bug: 1111414 Change-Id: Id72c6a4f4ffe2186a71e680b34df9a1c4d0a7a59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357553 Commit-Queue: Ali Juma <ajuma@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#800733}

[iOS] Add EG tests for real-time Safe Browsing
This adds integration tests for real-time Safe Browsing checks. In order to test real-time lookups without making network requests to Safe Browsing servers, this adds a "--mark_as_real_time_phishing" command-line flag for treating a given URL as unsafe. This works by adding an unsafe verdict for this URL to VerdictCacheManager. This also adds a "--mark_as_allowed" command-line flag for treating a URL as safe according to the allowlist used by real-time lookups. Bug: 1111414 Change-Id: Id72c6a4f4ffe2186a71e680b34df9a1c4d0a7a59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357553 Commit-Queue: Ali Juma <ajuma@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#800733}
a1d1eb4f · Ali Juma · Commit Bot · c0b5c43d · a1d1eb4f · a1d1eb4f
Commit a1d1eb4f authored Aug 21, 2020 by Ali Juma Committed by Commit Bot Aug 21, 2020
10 changed files
--- a/components/safe_browsing/core/db/v4_local_database_manager.cc
+++ b/components/safe_browsing/core/db/v4_local_database_manager.cc
@@ -15,6 +15,7 @@
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/stl_util.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/task/post_task.h"
 #include "base/task/thread_pool.h"
@@ -104,6 +105,7 @@ ListInfos GetListInfos() {
 std::vector<CommandLineSwitchAndThreatType> GetSwitchAndThreatTypes() {
  static const std::vector<CommandLineSwitchAndThreatType>
      command_line_switch_and_threat_type = {
+          {"mark_as_allowlisted_for_real_time", HIGH_CONFIDENCE_ALLOWLIST},
          {"mark_as_phishing", SOCIAL_ENGINEERING},
          {"mark_as_malware", MALWARE_THREAT},
          {"mark_as_uws", UNWANTED_SOFTWARE}};
@@ -416,11 +418,14 @@ AsyncMatch V4LocalDatabaseManager::CheckUrlForHighConfidenceAllowlist(
  bool all_stores_available = AreAllStoresAvailableNow(stores_to_check);
  UMA_HISTOGRAM_BOOLEAN("SafeBrowsing.RT.AllStoresAvailable",
                        all_stores_available);
-  if (!enabled_ || !CanCheckUrl(url) || !all_stores_available) {
+  if (!enabled_ || !CanCheckUrl(url) ||
+      (!all_stores_available &&
+       artificially_marked_store_and_hash_prefixes_.empty())) {
    // NOTE(vakh): If Safe Browsing isn't enabled yet, or if the URL isn't a
    // navigation URL, or if the allowlist isn't ready yet, return MATCH.
    // The full URL check won't be performed, but hash-based check will still
-    // be done.
+    // be done. If any artificial matches are present, consider the allowlist
+    // as ready.
    return AsyncMatch::MATCH;
  }
@@ -639,7 +644,9 @@ void V4LocalDatabaseManager::GetArtificialPrefixMatches(
      FullHash artificial_full_hash =
          artificial_store_and_hash_prefix.hash_prefix;
      DCHECK_EQ(crypto::kSHA256Length, artificial_full_hash.size());
-      if (artificial_full_hash == full_hash) {
+      if (artificial_full_hash == full_hash &&
+          base::Contains(check->stores_to_check,
+                         artificial_store_and_hash_prefix.list_id)) {
        (check->artificial_full_hash_to_store_and_hash_prefixes)[full_hash] = {
            artificial_store_and_hash_prefix};
      }
@@ -726,7 +733,10 @@ AsyncMatch V4LocalDatabaseManager::HandleWhitelistCheck(
  // The caller should have already checked that the DB is ready.
  DCHECK(v4_database_);
-  if (!GetPrefixMatches(check)) {
+  GetPrefixMatches(check);
+  GetArtificialPrefixMatches(check);
+  if (check->full_hash_to_store_and_hash_prefixes.empty() &&
+      check->artificial_full_hash_to_store_and_hash_prefixes.empty()) {
    return AsyncMatch::NO_MATCH;
  }

--- a/components/safe_browsing/core/realtime/url_lookup_service_base.cc
+++ b/components/safe_browsing/core/realtime/url_lookup_service_base.cc
@@ -137,14 +137,16 @@ bool RealTimeUrlLookupServiceBase::CanCheckUrl(const GURL& url) {
    return false;
  }
-  if (net::IsLocalhost(url)) {
+  if (net::IsLocalhost(url) &&
+      !VerdictCacheManager::has_artificial_unsafe_url()) {
    // Includes: "//localhost/", "//localhost.localdomain/", "//127.0.0.1/"
    return false;
  }
  net::IPAddress ip_address;
  if (url.HostIsIPAddress() && ip_address.AssignFromIPLiteral(url.host()) &&
-      !ip_address.IsPubliclyRoutable()) {
+      !ip_address.IsPubliclyRoutable() &&
+      !VerdictCacheManager::has_artificial_unsafe_url()) {
    // Includes: "//192.168.1.1/", "//172.16.2.2/", "//10.1.1.1/"
    return false;
  }

--- a/components/safe_browsing/core/verdict_cache_manager.cc
+++ b/components/safe_browsing/core/verdict_cache_manager.cc
@@ -5,6 +5,7 @@
 #include "components/safe_browsing/core/verdict_cache_manager.h"
 #include "base/base64.h"
+#include "base/command_line.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/optional.h"
 #include "base/strings/string_number_conversions.h"
@@ -26,6 +27,9 @@ const char kRealTimeThreatInfoProto[] = "rt_threat_info_proto";
 const char kPasswordOnFocusCacheKey[] = "password_on_focus_cache_key";
 const char kRealTimeUrlCacheKey[] = "real_time_url_cache_key";
+// Command-line flag for caching an artificial unsafe verdict.
+const char kUnsafeUrlFlag[] = "mark_as_real_time_phishing";
 // A helper class to include all match params. It is used as a centralized
 // place to determine if the current cache entry should be considered as a
 // match.
@@ -365,6 +369,7 @@ VerdictCacheManager::VerdictCacheManager(
      content_settings_(content_settings) {
  if (history_service)
    history_service_observer_.Add(history_service);
+  CacheArtificialVerdict();
 }
 void VerdictCacheManager::Shutdown() {
@@ -809,4 +814,41 @@ size_t VerdictCacheManager::GetRealTimeUrlCheckVerdictCountForURL(
  return verdict_dictionary ? verdict_dictionary->DictSize() : 0;
 }
+void VerdictCacheManager::CacheArtificialVerdict() {
+  std::string phishing_url_string =
+      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          kUnsafeUrlFlag);
+  if (phishing_url_string.empty())
+    return;
+  GURL artificial_unsafe_url(phishing_url_string);
+  if (!artificial_unsafe_url.is_valid())
+    return;
+  has_artificial_unsafe_url_ = true;
+  RTLookupResponse response;
+  RTLookupResponse::ThreatInfo* threat_info = response.add_threat_info();
+  threat_info->set_verdict_type(RTLookupResponse::ThreatInfo::DANGEROUS);
+  threat_info->set_threat_type(
+      RTLookupResponse::ThreatInfo::SOCIAL_ENGINEERING);
+  threat_info->set_cache_duration_sec(3000);
+  threat_info->set_cache_expression_using_match_type(
+      artificial_unsafe_url.GetContent());
+  threat_info->set_cache_expression_match_type(
+      RTLookupResponse::ThreatInfo::EXACT_MATCH);
+  RemoveContentSettingsOnURLsDeleted(/*all_history=*/false,
+                                     {history::URLRow(artificial_unsafe_url)});
+  CacheRealTimeUrlVerdict(artificial_unsafe_url, response, base::Time::Now(),
+                          /*store_old_cache=*/false);
+}
+// static
+bool VerdictCacheManager::has_artificial_unsafe_url_ = false;
+// static
+bool VerdictCacheManager::has_artificial_unsafe_url() {
+  return has_artificial_unsafe_url_;
+}
 }  // namespace safe_browsing
--- a/components/safe_browsing/core/verdict_cache_manager.h
+++ b/components/safe_browsing/core/verdict_cache_manager.h
@@ -96,6 +96,10 @@ class VerdictCacheManager : public history::HistoryServiceObserver,
  void HistoryServiceBeingDeleted(
      history::HistoryService* history_service) override;
+  // Returns true if an artificial unsafe URL has been provided using the
+  // command-line flag "mark_as_real_time_phishing".
+  static bool has_artificial_unsafe_url();
 private:
  FRIEND_TEST_ALL_PREFIXES(VerdictCacheManagerTest, TestCleanUpExpiredVerdict);
  FRIEND_TEST_ALL_PREFIXES(VerdictCacheManagerTest,
@@ -133,6 +137,10 @@ class VerdictCacheManager : public history::HistoryServiceObserver,
    return stored_verdict_count_real_time_url_check_;
  }
+  // This adds a cached verdict for a URL that has artificially been marked as
+  // unsafe using the command line flag "mark_as_real_time_phishing".
+  void CacheArtificialVerdict();
  // Number of verdict stored for this profile for password on focus pings.
  base::Optional<size_t> stored_verdict_count_password_on_focus_;
@@ -151,6 +159,8 @@ class VerdictCacheManager : public history::HistoryServiceObserver,
  scoped_refptr<HostContentSettingsMap> content_settings_;
  base::WeakPtrFactory<VerdictCacheManager> weak_factory_{this};
+  static bool has_artificial_unsafe_url_;
 };
 }  // namespace safe_browsing

--- a/ios/chrome/browser/safe_browsing/safe_browsing_egtest.mm
+++ b/ios/chrome/browser/safe_browsing/safe_browsing_egtest.mm
@@ -4,6 +4,7 @@
 #include <string>
+#include "base/strings/string_util.h"
 #include "base/strings/sys_string_conversions.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
 #include "components/safe_browsing/core/features.h"
@@ -17,6 +18,8 @@
 #import "ios/web/common/features.h"
 #include "ios/web/public/test/element_selector.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
+#include "net/test/embedded_test_server/http_request.h"
+#include "net/test/embedded_test_server/http_response.h"
 #include "ui/base/l10n/l10n_util.h"
 #if !defined(__has_feature) || !__has_feature(objc_arc)
@@ -36,6 +39,21 @@ const char kPhishingWarningDetails[] =
 const char kMalwareWarningDetails[] =
    "Google Safe Browsing recently detected malware";
+// Request handler for net::EmbeddedTestServer that returns the request URL's
+// path as the body of the response if the request URL's path starts with
+// "/echo". Otherwise, returns nulltpr to allow other handlers to handle the
+// request.
+std::unique_ptr<net::test_server::HttpResponse> HandleRequest(
+    const net::test_server::HttpRequest& request) {
+  if (!base::StartsWith(request.relative_url, "/echo",
+                        base::CompareCase::SENSITIVE)) {
+    return nullptr;
+  }
+  auto http_response = std::make_unique<net::test_server::BasicHttpResponse>();
+  http_response->set_content(request.relative_url);
+  http_response->set_content_type("text/html");
+  return http_response;
+}
 }
 // Tests Safe Browsing URL blocking.
@@ -44,6 +62,10 @@ const char kMalwareWarningDetails[] =
  GURL _phishingURL;
  // Text that is found on the phishing page.
  std::string _phishingContent;
+  // A URL that is treated as an unsafe phishing page by real-time lookups.
+  GURL _realTimePhishingURL;
+  // Text that is found on the real-time phishing page.
+  std::string _realTimePhishingContent;
  // A URL that is treated as an unsafe malware page.
  GURL _malwareURL;
  // Text that is found on the malware page.
@@ -72,6 +94,8 @@ const char kMalwareWarningDetails[] =
 - (AppLaunchConfiguration)appConfigurationForTestCase {
  AppLaunchConfiguration config;
  config.features_enabled.push_back(safe_browsing::kSafeBrowsingAvailableOnIOS);
+  config.features_enabled.push_back(safe_browsing::kRealTimeUrlLookupEnabled);
+  config.features_enabled.push_back(web::features::kSSLCommittedInterstitials);
  // Use commandline args to insert fake unsafe URLs into the Safe Browsing
  // database.
@@ -79,27 +103,36 @@ const char kMalwareWarningDetails[] =
                                   _phishingURL.spec());
  config.additional_args.push_back(std::string("--mark_as_malware=") +
                                   _malwareURL.spec());
+  config.additional_args.push_back(
+      std::string("--mark_as_real_time_phishing=") +
+      _realTimePhishingURL.spec());
+  config.additional_args.push_back(
+      std::string("--mark_as_allowlisted_for_real_time=") + _safeURL1.spec());
  config.relaunch_policy = NoForceRelaunchAndResetState;
  return config;
 }
 - (void)setUp {
+  self.testServer->RegisterRequestHandler(base::BindRepeating(&HandleRequest));
  bool started = self.testServer->Start();
-  _phishingURL = self.testServer->GetURL("/set-invalid-cookie");
+  _phishingURL = self.testServer->GetURL("/echo_phishing_page");
-  _phishingContent = "TEST";
+  _phishingContent = "phishing_page";
+  _realTimePhishingURL = self.testServer->GetURL("/echo_realtime_page");
+  _realTimePhishingContent = "realtime_page";
-  _malwareURL = self.testServer->GetURL("/defaultresponse");
+  _malwareURL = self.testServer->GetURL("/echo_malware_page");
-  _malwareContent = "Default";
+  _malwareContent = "malware_page";
  _iframeWithMalwareURL =
      self.testServer->GetURL("/iframe?" + _malwareURL.spec());
  _iframeWithMalwareContent = _malwareContent;
-  _safeURL1 = self.testServer->GetURL("/echo");
+  _safeURL1 = self.testServer->GetURL("/echo_safe_page");
-  _safeContent1 = "Echo";
+  _safeContent1 = "safe_page";
-  _safeURL2 = self.testServer->GetURL("/echoall");
+  _safeURL2 = self.testServer->GetURL("/echo_also_safe");
-  _safeContent2 = "Request Body";
+  _safeContent2 = "also_safe";
  // |appConfigurationForTestCase| is called during [super setUp], and
  // depends on the URLs initialized above.
@@ -120,6 +153,10 @@ const char kMalwareWarningDetails[] =
  // Ensure that Proceed link is shown by default in the safe browsing warning.
  [ChromeEarlGrey setBoolValue:NO
                   forUserPref:prefs::kSafeBrowsingProceedAnywayDisabled];
+  // Ensure that the real-time Safe Browsing opt-in starts in the default
+  // (opted-out) state.
+  [ChromeEarlGrey setURLKeyedAnonymizedDataCollectionEnabled:false];
 }
 - (void)tearDown {
@@ -130,6 +167,11 @@ const char kMalwareWarningDetails[] =
  // Ensure that Proceed link is reset to its original value.
  [ChromeEarlGrey setBoolValue:_proceedAnywayDisabledPrefDefault
                   forUserPref:prefs::kSafeBrowsingProceedAnywayDisabled];
+  // Ensure that the real-time Safe Browsing opt-in is reset to its original
+  // value.
+  [ChromeEarlGrey setURLKeyedAnonymizedDataCollectionEnabled:false];
  [super tearDown];
 }
@@ -601,4 +643,35 @@ const char kMalwareWarningDetails[] =
                                                    IDS_MALWARE_V3_HEADING)];
 }
+// Tests that real-time lookups are not performed when opted-out of real-time
+// lookups.
+- (void)testRealTimeLookupsWhileOptedOut {
+  // Load the real-time phishing page and verify that no warning is shown.
+  [ChromeEarlGrey loadURL:_realTimePhishingURL];
+  [ChromeEarlGrey waitForWebStateContainingText:_realTimePhishingContent];
+}
+// Tests that a page identified as unsafe by real-time Safe Browsing is blocked
+// when opted-in to real-time lookups.
+- (void)testRealTimeLookupsWhileOptedIn {
+  // Opt-in to real-time checks.
+  [ChromeEarlGrey setURLKeyedAnonymizedDataCollectionEnabled:true];
+  // Load the real-time phishing page and verify that a warning page is shown.
+  [ChromeEarlGrey loadURL:_realTimePhishingURL];
+  [ChromeEarlGrey waitForWebStateContainingText:l10n_util::GetStringUTF8(
+                                                    IDS_PHISHING_V4_HEADING)];
+}
+// Tests that real-time lookups are not performed in incognito mode.
+- (void)testRealTimeLookupsInIncognito {
+  // Opt-in to real-time checks.
+  [ChromeEarlGrey setURLKeyedAnonymizedDataCollectionEnabled:true];
+  // Load the real-time phishing page and verify that no warning is shown.
+  [ChromeEarlGrey openNewIncognitoTab];
+  [ChromeEarlGrey loadURL:_realTimePhishingURL];
+  [ChromeEarlGrey waitForWebStateContainingText:_realTimePhishingContent];
+}
 @end
--- a/ios/chrome/test/earl_grey/BUILD.gn
+++ b/ios/chrome/test/earl_grey/BUILD.gn
@@ -147,6 +147,7 @@ source_set("eg_app_support+eg2") {
    "//ios/chrome/browser/ui/toolbar/public:feature_flags",
    "//ios/chrome/browser/ui/util",
    "//ios/chrome/browser/ui/util:eg_app_support+eg2",
+    "//ios/chrome/browser/unified_consent",
    "//ios/chrome/browser/web:eg_app_support+eg2",
    "//ios/chrome/browser/web:tab_id_tab_helper",
    "//ios/chrome/test/app:test_support",

--- a/ios/chrome/test/earl_grey/chrome_earl_grey.h
+++ b/ios/chrome/test/earl_grey/chrome_earl_grey.h
@@ -565,6 +565,11 @@ id ExecuteJavaScript(NSString* javascript, NSError* __autoreleasing* out_error);
 // clearing Browsing data.
 - (void)resetBrowsingDataPrefs;
+#pragma mark - Unified Consent utilities
+// Enables or disables URL-keyed anonymized data collection.
+- (void)setURLKeyedAnonymizedDataCollectionEnabled:(BOOL)enabled;
 @end
 // Helpers that only compile under EarlGrey 1 are included in this "EG1"

--- a/ios/chrome/test/earl_grey/chrome_earl_grey.mm
+++ b/ios/chrome/test/earl_grey/chrome_earl_grey.mm
@@ -1038,6 +1038,13 @@ GREY_STUB_CLASS_IN_APP_MAIN_QUEUE(ChromeEarlGreyAppInterface)
  return [ChromeEarlGreyAppInterface resetBrowsingDataPrefs];
 }
+#pragma mark - Unified consent utilities
+- (void)setURLKeyedAnonymizedDataCollectionEnabled:(BOOL)enabled {
+  return [ChromeEarlGreyAppInterface
+      setURLKeyedAnonymizedDataCollectionEnabled:enabled];
+}
 @end
 // The helpers below only compile under EarlGrey1.

--- a/ios/chrome/test/earl_grey/chrome_earl_grey_app_interface.h
+++ b/ios/chrome/test/earl_grey/chrome_earl_grey_app_interface.h
@@ -462,6 +462,11 @@
 // clearing Browsing data.
 + (void)resetBrowsingDataPrefs;
+#pragma mark - Unified Consent utilities
+// Enables or disables URL-keyed anonymized data collection.
+ (void)setURLKeyedAnonymizedDataCollectionEnabled:(BOOL)enabled;
 #pragma mark - Keyboard Command utilities
 // The count of key commands registered with the currently active BVC.

--- a/ios/chrome/test/earl_grey/chrome_earl_grey_app_interface.mm
+++ b/ios/chrome/test/earl_grey/chrome_earl_grey_app_interface.mm
@@ -16,6 +16,7 @@
 #include "components/metrics/demographic_metrics_provider.h"
 #include "components/prefs/pref_service.h"
 #import "components/ukm/ios/features.h"
+#include "components/unified_consent/unified_consent_service.h"
 #include "components/variations/variations_associated_data.h"
 #include "components/variations/variations_ids_provider.h"
 #import "ios/chrome/app/main_controller.h"
@@ -30,6 +31,7 @@
 #import "ios/chrome/browser/ui/toolbar/public/features.h"
 #import "ios/chrome/browser/ui/ui_feature_flags.h"
 #import "ios/chrome/browser/ui/util/named_guide.h"
+#import "ios/chrome/browser/unified_consent/unified_consent_service_factory.h"
 #import "ios/chrome/browser/web/tab_id_tab_helper.h"
 #import "ios/chrome/test/app/bookmarks_test_util.h"
 #import "ios/chrome/test/app/browsing_data_test_util.h"
@@ -813,6 +815,14 @@ NSString* SerializedPref(const PrefService::Preference* pref) {
  prefs->ClearPref(browsing_data::prefs::kDeleteFormData);
 }
+#pragma mark - Unified Consent utilities
+ (void)setURLKeyedAnonymizedDataCollectionEnabled:(BOOL)enabled {
+  UnifiedConsentServiceFactory::GetForBrowserState(
+      chrome_test_util::GetOriginalBrowserState())
+      ->SetUrlKeyedAnonymizedDataCollectionEnabled(enabled);
+}
 #pragma mark - Keyboard Command Utilities
 + (NSInteger)registeredKeyCommandCount {