New issue
Advanced search Search tips

Issue 737820 link

Starred by 1 user
Status: Assigned
Owner:
ntfschr@chromium.org
Cc:
changwan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

Back to safety does not create a network error for subresources

Project Member Reported by ntfschr@chromium.org, Jun 29 2017 
As far as I can tell, we never actually had this implemented (not sure how we missed it).

It looks like we don't actually call InterstitialPage::DontProceed() for subresources.

I'm keeping priority low. This is because L devices will never get the network error anyway, and other devices won't get it unless they're compiled with the new OnReceivedError (the old API doesn't handle subresources).

This also means we should probably disable testSafeBrowsingDontProceedCausesNetworkErrorForSubresource, since it's cheating by invoking DontProceed() directly.

Comment 1 by ntfschr@chromium.org, Jun 29 2017

Summary: Back to safety does not create a network error for subresources (was: Back to safety no longer creates a network error for subresources)
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5fdb7e978ede05e7236a04b7295194d864e499f6

commit 5fdb7e978ede05e7236a04b7295194d864e499f6
Author: Nate Fischer <ntfschr@chromium.org>
Date: Sat Jul 01 01:08:01 2017

AW: change SafeBrowsing tests to use JavaScript

No change in production logic.

This changes WebView Safe Browsing instrumentation tests to use
JavaScript on interstitial pages instead of calling underlying methods.
This lets us test more of the underlying logic, since we can verify the
interstitial HTML/JavaScript and the logic in SafeBrowsing*ErrorUI.

This adds EvaluateJavaScriptOnInterstitialForTesting(), based off
WebContentsAndroid::EvaluateJavaScriptForTests(), but using the
InterstitialPage's RenderFrameHost.

This replaces proceedThroughInterstitial() and
dontProceedThroughInterstitial() with clickVisitUnsafePage() and
clickBackToSafety(). Quiet interstitials use
clickVisitUnsafePageQuietInterstitial() because they use a #details-link
instead of #details-button.

This adds one test (DontProceedNavigatesBackForSubResource) and disables
another (DontProceedCausesNetworkErrorForSubresource). This is because
clicking back to safety has different behavior than calling
InterstitialPage::DontProceed(). "Back to safety" causes a backwards
navigation for malicious subresources, skipping our mechanism for the
network error (see crbug/737820).

Bug:  733815 , 737820
Test: run_webview_instrumentation_test_apk -f SafeBrowsingTest#*
Change-Id: I4829f3cc5d9863ddd2a1fc51050f583ac9758bcf
Reviewed-on: https://chromium-review.googlesource.com/557918
Commit-Queue: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Bo Liu <boliu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#483883}
[modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/browser/aw_contents.cc
[modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/browser/aw_contents.h
[modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/java/src/org/chromium/android_webview/AwContents.java
[modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java

Comment 3 by ntfschr@chromium.org, Oct 11 2017

Labels: WebView-SafeBrowsing

Comment 4 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 5 by ntfschr@chromium.org, Nov 29 2017

Cc: changwan@chromium.org

Comment 6 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment