Google Git
Sign in
android / platform / external / chromium_org / 5b6dcb9 / . / chrome / browser / policy / url_blacklist_manager_unittest.cc
blob: cb29ae7a0217760c9b153fdb28b53783aaccbf84 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/policy/core/browser/url_blacklist_manager.h"
#include <ostream>
#include "base/basictypes.h"
#include "base/callback.h"
#include "base/message_loop/message_loop.h"
#include "base/message_loop/message_loop_proxy.h"
#include "base/prefs/pref_registry_simple.h"
#include "base/prefs/testing_pref_service.h"
#include "chrome/browser/policy/policy_helpers.h"
#include "components/policy/core/common/policy_pref_names.h"
#include "components/url_fixer/url_fixer.h"
#include "google_apis/gaia/gaia_urls.h"
#include "net/base/load_flags.h"
#include "net/base/net_errors.h"
#include "net/base/request_priority.h"
#include "net/url_request/url_request.h"
#include "net/url_request/url_request_test_util.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
// TODO(joaodasilva): this file should be moved next to
// components/policy/core/browser/url_blacklist_manager.(cc|h).
// However, url_fixer_upper.h can't be included from the component. Rather
// than having it mocked out, the actual url_fixer::SegmentURL call is used
// to make sure that the parsing of URL filters is correct.
namespace policy {
namespace {
// Helper to get the disambiguated SegmentURL() function.
URLBlacklist::SegmentURLCallback GetSegmentURLCallback() {
return url_fixer::SegmentURL;
}
class TestingURLBlacklistManager : public URLBlacklistManager {
public:
explicit TestingURLBlacklistManager(PrefService* pref_service)
: URLBlacklistManager(pref_service,
base::MessageLoopProxy::current(),
base::MessageLoopProxy::current(),
GetSegmentURLCallback(),
base::Bind(OverrideBlacklistForURL)),
update_called_(0),
set_blacklist_called_(false) {}
virtual ~TestingURLBlacklistManager() {
}
// Make this method public for testing.
using URLBlacklistManager::ScheduleUpdate;
// Makes a direct call to UpdateOnIO during tests.
void UpdateOnIOForTesting() {
scoped_ptr<base::ListValue> block(new base::ListValue);
block->Append(new base::StringValue("example.com"));
scoped_ptr<base::ListValue> allow(new base::ListValue);
URLBlacklistManager::UpdateOnIO(block.Pass(), allow.Pass());
}
// URLBlacklistManager overrides:
virtual void SetBlacklist(scoped_ptr<URLBlacklist> blacklist) OVERRIDE {
set_blacklist_called_ = true;
URLBlacklistManager::SetBlacklist(blacklist.Pass());
}
virtual void Update() OVERRIDE {
update_called_++;
URLBlacklistManager::Update();
}
int update_called() const { return update_called_; }
bool set_blacklist_called() const { return set_blacklist_called_; }
private:
int update_called_;
bool set_blacklist_called_;
DISALLOW_COPY_AND_ASSIGN(TestingURLBlacklistManager);
};
class URLBlacklistManagerTest : public testing::Test {
protected:
URLBlacklistManagerTest() {}
virtual void SetUp() OVERRIDE {
pref_service_.registry()->RegisterListPref(policy_prefs::kUrlBlacklist);
pref_service_.registry()->RegisterListPref(policy_prefs::kUrlWhitelist);
blacklist_manager_.reset(new TestingURLBlacklistManager(&pref_service_));
loop_.RunUntilIdle();
}
virtual void TearDown() OVERRIDE {
if (blacklist_manager_.get())
blacklist_manager_->ShutdownOnUIThread();
loop_.RunUntilIdle();
// Delete |blacklist_manager_| while |io_thread_| is mapping IO to
// |loop_|.
blacklist_manager_.reset();
}
base::MessageLoopForIO loop_;
TestingPrefServiceSimple pref_service_;
scoped_ptr<TestingURLBlacklistManager> blacklist_manager_;
};
// Parameters for the FilterToComponents test.
struct FilterTestParams {
public:
FilterTestParams(const std::string& filter, const std::string& scheme,
const std::string& host, bool match_subdomains, uint16 port,
const std::string& path)
: filter_(filter), scheme_(scheme), host_(host),
match_subdomains_(match_subdomains), port_(port), path_(path) {}
FilterTestParams(const FilterTestParams& params)
: filter_(params.filter_), scheme_(params.scheme_), host_(params.host_),
match_subdomains_(params.match_subdomains_), port_(params.port_),
path_(params.path_) {}
const FilterTestParams& operator=(const FilterTestParams& params) {
filter_ = params.filter_;
scheme_ = params.scheme_;
host_ = params.host_;
match_subdomains_ = params.match_subdomains_;
port_ = params.port_;
path_ = params.path_;
return *this;
}
const std::string& filter() const { return filter_; }
const std::string& scheme() const { return scheme_; }
const std::string& host() const { return host_; }
bool match_subdomains() const { return match_subdomains_; }
uint16 port() const { return port_; }
const std::string& path() const { return path_; }
private:
std::string filter_;
std::string scheme_;
std::string host_;
bool match_subdomains_;
uint16 port_;
std::string path_;
};
// Make Valgrind happy. Without this function, a generic one will print the
// raw bytes in FilterTestParams, which due to some likely padding will access
// uninitialized memory.
void PrintTo(const FilterTestParams& params, std::ostream* os) {
*os << params.filter();
}
class URLBlacklistFilterToComponentsTest
: public testing::TestWithParam<FilterTestParams> {
public:
URLBlacklistFilterToComponentsTest() {}
private:
DISALLOW_COPY_AND_ASSIGN(URLBlacklistFilterToComponentsTest);
};
} // namespace
TEST_P(URLBlacklistFilterToComponentsTest, FilterToComponents) {
std::string scheme;
std::string host;
bool match_subdomains = true;
uint16 port = 42;
std::string path;
URLBlacklist::FilterToComponents(GetSegmentURLCallback(),
GetParam().filter(),
&scheme,
&host,
&match_subdomains,
&port,
&path,
NULL);
EXPECT_EQ(GetParam().scheme(), scheme);
EXPECT_EQ(GetParam().host(), host);
EXPECT_EQ(GetParam().match_subdomains(), match_subdomains);
EXPECT_EQ(GetParam().port(), port);
EXPECT_EQ(GetParam().path(), path);
}
TEST_F(URLBlacklistManagerTest, SingleUpdateForTwoPrefChanges) {
base::ListValue* blacklist = new base::ListValue;
blacklist->Append(new base::StringValue("*.google.com"));
base::ListValue* whitelist = new base::ListValue;
whitelist->Append(new base::StringValue("mail.google.com"));
pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, blacklist);
pref_service_.SetManagedPref(policy_prefs::kUrlBlacklist, whitelist);
loop_.RunUntilIdle();
EXPECT_EQ(1, blacklist_manager_->update_called());
}
TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask0) {
// Post an update task to the UI thread.
blacklist_manager_->ScheduleUpdate();
// Shutdown comes before the task is executed.
blacklist_manager_->ShutdownOnUIThread();
blacklist_manager_.reset();
// Run the task after shutdown and deletion.
loop_.RunUntilIdle();
}
TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask1) {
// Post an update task.
blacklist_manager_->ScheduleUpdate();
// Shutdown comes before the task is executed.
blacklist_manager_->ShutdownOnUIThread();
// Run the task after shutdown, but before deletion.
loop_.RunUntilIdle();
EXPECT_EQ(0, blacklist_manager_->update_called());
blacklist_manager_.reset();
loop_.RunUntilIdle();
}
TEST_F(URLBlacklistManagerTest, ShutdownWithPendingTask2) {
// This posts a task to the FILE thread.
blacklist_manager_->UpdateOnIOForTesting();
// But shutdown happens before it is done.
blacklist_manager_->ShutdownOnUIThread();
EXPECT_FALSE(blacklist_manager_->set_blacklist_called());
blacklist_manager_.reset();
loop_.RunUntilIdle();
}
INSTANTIATE_TEST_CASE_P(
URLBlacklistFilterToComponentsTestInstance,
URLBlacklistFilterToComponentsTest,
testing::Values(
FilterTestParams("google.com",
std::string(),
".google.com",
true,
0u,
std::string()),
FilterTestParams(".google.com",
std::string(),
"google.com",
false,
0u,
std::string()),
FilterTestParams("http://google.com",
"http",
".google.com",
true,
0u,
std::string()),
FilterTestParams("google.com/",
std::string(),
".google.com",
true,
0u,
"/"),
FilterTestParams("http://google.com:8080/whatever",
"http",
".google.com",
true,
8080u,
"/whatever"),
FilterTestParams("http://user:pass@google.com:8080/whatever",
"http",
".google.com",
true,
8080u,
"/whatever"),
FilterTestParams("123.123.123.123",
std::string(),
"123.123.123.123",
false,
0u,
std::string()),
FilterTestParams("https://123.123.123.123",
"https",
"123.123.123.123",
false,
0u,
std::string()),
FilterTestParams("123.123.123.123/",
std::string(),
"123.123.123.123",
false,
0u,
"/"),
FilterTestParams("http://123.123.123.123:123/whatever",
"http",
"123.123.123.123",
false,
123u,
"/whatever"),
FilterTestParams("*",
std::string(),
std::string(),
true,
0u,
std::string()),
FilterTestParams("ftp://*",
"ftp",
std::string(),
true,
0u,
std::string()),
FilterTestParams("http://*/whatever",
"http",
std::string(),
true,
0u,
"/whatever")));
TEST_F(URLBlacklistManagerTest, Filtering) {
URLBlacklist blacklist(GetSegmentURLCallback());
// Block domain and all subdomains, for any filtered scheme.
scoped_ptr<base::ListValue> blocked(new base::ListValue);
blocked->Append(new base::StringValue("google.com"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/whatever")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("bogus://google.com/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://notgoogle.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.mail.google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://x.mail.google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
// Filter only http, ftp and ws schemes.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("http://secure.com"));
blocked->Append(new base::StringValue("ftp://secure.com"));
blocked->Append(new base::StringValue("ws://secure.com"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://secure.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://secure.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://www.secure.com")));
// Filter only a certain path prefix.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("path.to/ruin"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://path.to/ruin")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruins")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://path.to/ruin/signup")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.path.to/ruin")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://path.to/fortune")));
// Filter only a certain path prefix and scheme.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("https://s.aaa.com/path"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/path/bbb")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.aaa.com/path")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://aaa.com/path")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://x.aaa.com/path")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
// Filter only ws and wss schemes.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("ws://ws.aaa.com"));
blocked->Append(new base::StringValue("wss://ws.aaa.com"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://ws.aaa.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("wss://ws.aaa.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://ws.aaa.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://ws.aaa.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("ftp://ws.aaa.com")));
// Test exceptions to path prefixes, and most specific matches.
blocked.reset(new base::ListValue);
scoped_ptr<base::ListValue> allowed(new base::ListValue);
blocked->Append(new base::StringValue("s.xxx.com/a"));
allowed->Append(new base::StringValue("s.xxx.com/a/b"));
blocked->Append(new base::StringValue("https://s.xxx.com/a/b/c"));
allowed->Append(new base::StringValue("https://s.xxx.com/a/b/c/d"));
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/x")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/x")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/x")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/x")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.xxx.com/a/b/c/d/x")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.xxx.com/a/b/c/d/x")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://xxx.com/a/b")));
// Block an ip address.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("123.123.123.123"));
blacklist.Block(blocked.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://123.123.123.123/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://123.123.123.124/")));
// Open an exception.
allowed.reset(new base::ListValue);
allowed->Append(new base::StringValue("plus.google.com"));
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com/")));
// Open an exception only when using https for mail.
allowed.reset(new base::ListValue);
allowed->Append(new base::StringValue("https://mail.google.com"));
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://www.google.com/")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com/")));
// Match exactly "google.com", only for http. Subdomains without exceptions
// are still blocked.
allowed.reset(new base::ListValue);
allowed->Append(new base::StringValue("http://.google.com"));
blacklist.Allow(allowed.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://google.com/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.google.com/")));
// A smaller path match in an exact host overrides a longer path for hosts
// that also match subdomains.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("yyy.com/aaa"));
blacklist.Block(blocked.get());
allowed.reset(new base::ListValue);
allowed->Append(new base::StringValue(".yyy.com/a"));
blacklist.Allow(allowed.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://yyy.com/aaa2")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.yyy.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.yyy.com/aaa2")));
// If the exact entry is both allowed and blocked, allowing takes precedence.
blocked.reset(new base::ListValue);
blocked->Append(new base::StringValue("example.com"));
blacklist.Block(blocked.get());
allowed.reset(new base::ListValue);
allowed->Append(new base::StringValue("example.com"));
blacklist.Allow(allowed.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://example.com")));
}
TEST_F(URLBlacklistManagerTest, QueryParameters) {
URLBlacklist blacklist(GetSegmentURLCallback());
scoped_ptr<base::ListValue> blocked(new base::ListValue);
scoped_ptr<base::ListValue> allowed(new base::ListValue);
// Block domain and all subdomains, for any filtered scheme.
blocked->AppendString("youtube.com");
allowed->AppendString("youtube.com/watch?v=XYZ");
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=123&v=XYZ")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&v=123")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?v=XYZ&foo=bar")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar&v=XYZ")));
allowed.reset(new base::ListValue);
allowed->AppendString("youtube.com/watch?av=XYZ&ag=123");
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=123&ag=XYZ")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=XYZ&av=123")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?av=XYZ&ag=123")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?ag=123&av=XYZ")));
EXPECT_TRUE(blacklist.IsURLBlocked(
GURL("http://youtube.com/watch?av=XYZ&ag=123&av=123")));
EXPECT_TRUE(blacklist.IsURLBlocked(
GURL("http://youtube.com/watch?av=XYZ&ag=123&ag=1234")));
allowed.reset(new base::ListValue);
allowed->AppendString("youtube.com/watch?foo=bar*&vid=2*");
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube.com/watch?foo=bar")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=2&foo=bar1")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube.com/watch?vid=234&foo=bar")));
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube.com/watch?vid=234&foo=bar23")));
blocked.reset(new base::ListValue);
blocked->AppendString("youtube1.com/disallow?v=44678");
blacklist.Block(blocked.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=123")));
// Path does not match
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?v=44678")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=44678")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?v=4467")));
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube1.com/disallow?v=4467&v=123")));
EXPECT_TRUE(blacklist.IsURLBlocked(
GURL("http://youtube1.com/disallow?v=4467&v=123&v=44678")));
blocked.reset(new base::ListValue);
blocked->AppendString("youtube1.com/disallow?g=*");
blacklist.Block(blocked.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube1.com?ag=123")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?g=123")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube1.com/disallow?ag=13&g=123")));
blocked.reset(new base::ListValue);
blocked->AppendString("youtube2.com/disallow?a*");
blacklist.Block(blocked.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube2.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(
GURL("http://youtube2.com/disallow?b=123&a21=467")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?abba=true")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube2.com/disallow?baba=true")));
allowed.reset(new base::ListValue);
blocked.reset(new base::ListValue);
blocked->AppendString("youtube3.com");
allowed->AppendString("youtube3.com/watch?fo*");
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube3.com")));
EXPECT_TRUE(
blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?b=123&a21=467")));
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube3.com/watch?b=123&a21=467&foo1")));
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube3.com/watch?b=123&a21=467&foo=bar")));
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube3.com/watch?b=123&a21=467&fo=ba")));
EXPECT_FALSE(
blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?foriegn=true")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube3.com/watch?fold")));
allowed.reset(new base::ListValue);
blocked.reset(new base::ListValue);
blocked->AppendString("youtube4.com");
allowed->AppendString("youtube4.com?*");
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube4.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?hello")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube4.com/?foo")));
allowed.reset(new base::ListValue);
blocked.reset(new base::ListValue);
blocked->AppendString("youtube5.com?foo=bar");
allowed->AppendString("youtube5.com?foo1=bar1&foo2=bar2&");
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube5.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://youtube5.com/?foo=bar&a=b")));
// More specific filter is given precedence.
EXPECT_FALSE(blacklist.IsURLBlocked(
GURL("http://youtube5.com/?a=b&foo=bar&foo1=bar1&foo2=bar2")));
}
TEST_F(URLBlacklistManagerTest, BlockAllWithExceptions) {
URLBlacklist blacklist(GetSegmentURLCallback());
scoped_ptr<base::ListValue> blocked(new base::ListValue);
scoped_ptr<base::ListValue> allowed(new base::ListValue);
blocked->Append(new base::StringValue("*"));
allowed->Append(new base::StringValue(".www.google.com"));
allowed->Append(new base::StringValue("plus.google.com"));
allowed->Append(new base::StringValue("https://mail.google.com"));
allowed->Append(new base::StringValue("https://very.safe/path"));
blacklist.Block(blocked.get());
blacklist.Allow(allowed.get());
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://random.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://s.www.google.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://www.google.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://plus.google.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://s.plus.google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://mail.google.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://mail.google.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.mail.google.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("https://very.safe/")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://very.safe/path")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://very.safe/path")));
}
TEST_F(URLBlacklistManagerTest, DontBlockResources) {
scoped_ptr<URLBlacklist> blacklist(new URLBlacklist(GetSegmentURLCallback()));
scoped_ptr<base::ListValue> blocked(new base::ListValue);
blocked->Append(new base::StringValue("google.com"));
blacklist->Block(blocked.get());
blacklist_manager_->SetBlacklist(blacklist.Pass());
EXPECT_TRUE(blacklist_manager_->IsURLBlocked(GURL("http://google.com")));
net::TestURLRequestContext context;
net::URLRequest request(
GURL("http://google.com"), net::DEFAULT_PRIORITY, NULL, &context);
int reason = net::ERR_UNEXPECTED;
// Background requests aren't filtered.
EXPECT_FALSE(blacklist_manager_->IsRequestBlocked(request, &reason));
// Main frames are filtered.
request.SetLoadFlags(net::LOAD_MAIN_FRAME);
EXPECT_TRUE(blacklist_manager_->IsRequestBlocked(request, &reason));
EXPECT_EQ(net::ERR_BLOCKED_BY_ADMINISTRATOR, reason);
// On most platforms, sync gets a free pass due to signin flows.
bool block_signin_urls = false;
#if defined(OS_CHROMEOS)
// There are no sync specific signin flows on Chrome OS, so no special
// treatment.
block_signin_urls = true;
#endif
GURL sync_url(GaiaUrls::GetInstance()->service_login_url().Resolve(
"?service=chromiumsync"));
net::URLRequest sync_request(sync_url, net::DEFAULT_PRIORITY, NULL, &context);
sync_request.SetLoadFlags(net::LOAD_MAIN_FRAME);
EXPECT_EQ(block_signin_urls,
blacklist_manager_->IsRequestBlocked(sync_request, &reason));
}
} // namespace policy