New issue
Advanced search Search tips

Issue 814081 link

Starred by 2 users
Status: Verified
Owner:
ntfschr@chromium.org
Closed: Feb 2018
Cc:
changwan@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug



Sign in to add a comment

Unable to whitelist Safe Browsing webui matches

Project Member Reported by ntfschr@chromium.org, Feb 21 2018 
WebViewTest#testSetSafeBrowsingWhitelistWithValidList doesn't actually work. It tries to whitelist the "safe-browsing" domain (for chrome://safe-browsing/* URLs added in issue 709626), but our whitelistmanager implementation treats chrome:// scheme as non-whitelisted [1] (historical context: the hardcoded URLs were developed in parallel with the whitelistmanager, so this is an implementation mistake).

We should fix the CTS test by allowing whitelisting for the "safe-browsing" domain (we need to augment this code to do something like SafeBrowsingUrlCheckerImpl::CheckWebUIUrls [2]).

We can also clean up code duplication:

 * We're currently duplicating RemoteSafeBrowsingDatabaseManager::CanCheckUrl() [3]. This logic seems redundant, and I think we can rely on the SafeBrowsingDatabaseManager's logic anyway.
 * It may make sense to factor out SafeBrowsingUrlCheckerImpl::CheckWebUIUrls [2] into something publicly callable (like `bool IsSafeBrowsingWebUiMatch(url)`)

This should block http://b/67717640.

[1] https://cs.chromium.org/chromium/src/android_webview/browser/aw_safe_browsing_whitelist_manager.cc?q=f:android_webview/browser/aw_safe_browsing_white&sq=package:chromium&l=234
[2] https://cs.chromium.org/chromium/src/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc?type=cs&q=f:components/safe_browsing+kchromeuisafebrowsing&sq=package:chromium&l=317
[3] https://cs.chromium.org/chromium/src/components/safe_browsing/android/remote_database_manager.cc?q=f:components/safe_browsing/+http+ftp&l=176&dr=C

Comment 1 by ntfschr@chromium.org, Feb 22 2018

Status: Started (was: Assigned)
Plan of attack:

 - The scheme check is redundant, let's depend on DatabaseManager::CanCheckUrl(). This is all we need to whitelist chrome:// URLs!
 - While we don't care about scheme, we do care about the host segment. We should mark hostless URLs as non-whitelisted
 - Update unittests. We have some unittests which check for "invalid" schemes, but they should instead check for hostless URLs
 - Don't cover "chrome://" URLs in unittests, because they aren't parsed correctly (see below)
 - Cover "chrome://" URLs in integration tests instead, because the URL will be parsed as expected

The only weird thing with this is that GURL parses chrome:// URLs differently depending on whether we're in unittests vs. in integration tests/actual WebView. For the example URL "chrome://safe-browsing/match?type=malware":

 - unittest: host = "" and path = "//safe-browsing/match"
 - integration test (and real WebView): host = "safe-browsing" and path = "/match"

Because of this, we can't unittest chrome:// URLs, but we can get coverage through integration tests and CTS instead.
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 22 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/35e57a96c9b495777b5ba3750327cc786cacfe15

commit 35e57a96c9b495777b5ba3750327cc786cacfe15
Author: Nate Fischer <ntfschr@chromium.org>
Date: Thu Feb 22 23:32:25 2018

AW: allow whitelisting chrome:// URLs for Safe Browsing

The WhitelistManager currently only allows whitelisting
http(s)/ws(s)/ftp URLs. This is problematic: our CTS tests depend on
whitelisting our hardcoded chrome://safe-browsing/match URLs.

In order to support our CTS tests, we need to allow the whitelist
manager to mark chrome://foo/* URLs as whitelisted when "foo" is in the
whitelist of hosts.

To achieve this, we ignore scheme in the WhitelistManager and defer to
the list of schemes defined by DatabaseManager::CanCheckUrl() (the
scheme-check in WhitelistManager was pointless). This allows us to
whitelist chrome:// URLs while having little effect on other schemes
(most "unsupported" schemes lack a host, except chrome://).

This updates tests as follows:

 * Rename a unittest case: we don't check certain schemes, we check if
   URLs have a host
 * Add a unittest to cover invalid URLs (no change to this logic, it was
   just lacking coverage)
 * No unittest for chrome:// URLs (GURL parses differently depending on
   whether we're running unittests vs. integration tests/real WebView)
 * Integration test for chrome:// URLs
 * Fix a racy integration test: wait for the whitelist to be completely
   set

Bug:  814081 
Test: run_android_webview_unittests -f=AwSafeBrowsingWhitelistManagerTest.*
Test: run_webview_instrumentation_test_apk -f SafeBrowsingTest#*
Test: cts-tradefed run cts -m CtsWebkitTestCases -t android.webkit.cts.WebViewTest#testSetSafeBrowsingWhitelistWithValidList
Change-Id: If72adadc77ed413185f33ec8943acb739532f1fa
Reviewed-on: https://chromium-review.googlesource.com/929871
Reviewed-by: Changwan Ryu <changwan@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Commit-Queue: Nate Fischer <ntfschr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538615}
[modify] https://crrev.com/35e57a96c9b495777b5ba3750327cc786cacfe15/android_webview/browser/aw_safe_browsing_whitelist_manager.cc
[modify] https://crrev.com/35e57a96c9b495777b5ba3750327cc786cacfe15/android_webview/browser/aw_safe_browsing_whitelist_manager_unittest.cc
[modify] https://crrev.com/35e57a96c9b495777b5ba3750327cc786cacfe15/android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java

Comment 3 by ntfschr@chromium.org, Feb 22 2018

Status: Fixed (was: Started)
No manual verification necessary. I'll follow-up on buganizer about when change is dropped into Android.

Comment 4 by ntfschr@chromium.org, Aug 24

Status: Verified (was: Fixed)
Bulk edit: marking stale 'fixed' bugs as 'verified' since they don't need verification at this point.

Sign in to add a comment