File indexing completed on 2025-03-09 04:54:37 

0001 /*
0002    SPDX-FileCopyrightText: 2016-2024 Laurent Montel <montel@kde.org>
0003 
0004    SPDX-License-Identifier: LGPL-2.0-or-later
0005 */
0006 
0007 #include "scamdetectionwebenginetest.h"
0008 #include "../scamdetectionwebengine.h"
0009 #include <QHBoxLayout>
0010 #include <QSignalSpy>
0011 #include <QTest>
0012 #include <QWebEngineView>
0013 
0014 TestWebEngineScamDetection::TestWebEngineScamDetection(QWidget *parent)
0015     : QWidget(parent)
0016     , mEngineView(new QWebEngineView(this))
0017     , mScamDetectionWebEngine(new MessageViewer::ScamDetectionWebEngine(this))
0018 {
0019     auto hbox = new QHBoxLayout(this);
0020     connect(mScamDetectionWebEngine, &MessageViewer::ScamDetectionWebEngine::resultScanDetection, this, &TestWebEngineScamDetection::resultScanDetection);
0021     connect(mEngineView, &QWebEngineView::loadFinished, this, &TestWebEngineScamDetection::loadFinished);
0022     hbox->addWidget(mEngineView);
0023 }
0024 
0025 TestWebEngineScamDetection::~TestWebEngineScamDetection() = default;
0026 
0027 void TestWebEngineScamDetection::setHtml(const QString &html)
0028 {
0029     mEngineView->setHtml(html);
0030 }
0031 
0032 void TestWebEngineScamDetection::loadFinished(bool b)
0033 {
0034     Q_UNUSED(b)
0035     mScamDetectionWebEngine->scanPage(mEngineView->page());
0036 }
0037 
0038 ScamDetectionWebEngineTest::ScamDetectionWebEngineTest(QObject *parent)
0039     : QObject(parent)
0040 {
0041 }
0042 
0043 ScamDetectionWebEngineTest::~ScamDetectionWebEngineTest() = default;
0044 
0045 void ScamDetectionWebEngineTest::scamtest_data()
0046 {
0047     QTest::addColumn<QString>("html");
0048     QTest::addColumn<bool>("result");
0049 
0050     // No Scam
0051     QTest::newRow("noscam1") << QStringLiteral("<html><body><a href=\"www.kde.org\">kde</a></body></html>") << false;
0052     QTest::newRow("noscam2") << QStringLiteral("<html><body><a href=\"http://www.kde.org\" title=\"http://www.kde.org\">kde</a></body></html>") << false;
0053     QTest::newRow("noscam3") << QStringLiteral("<html><body><a href=\"https://www.kde.org\" title=\"https://www.kde.org\">kde</a></body></html>") << false;
0054 
0055     // Hexa value
0056     QTest::newRow("hexavalue") << QStringLiteral("<html><body><a href=\"http://125.15.55.88/\" title=\"http://0x12.0x1e.0x0A.0x00\">test</a></body></html>")
0057                                << true;
0058 
0059     // Ip
0060     QTest::newRow("Ip value") << QStringLiteral("<html><body><a href=\"http://127.0.0.1/\">test</a></body></html>") << false;
0061     QTest::newRow("Ip scam1") << QStringLiteral("<html><body><a href=\"http://125.15.55.88/\" title=\"http://www.kde.org\">test</a></body></html>") << true;
0062     QTest::newRow("Ip scam2") << QStringLiteral("<html><body><a href=\"http://125.15.55.88/\" title=\"http://125.15.55.88/\">test</a></body></html>") << true;
0063 
0064     // Href no scam
0065     QTest::newRow("Href no scam") << QStringLiteral("<html><body><a href=\"http://www.kde.org/\" title=\"http://www.kde.org\">test</a></body></html>") << false;
0066 
0067     // Redirect href
0068     QTest::newRow("Redirect scam") << QStringLiteral("<html><body><a href=\"http://www.google.fr/url?q=http://www.yahoo.com\">test</a></body></html>") << true;
0069     QTest::newRow("Redirect no scam") << QStringLiteral(
0070         "<html><body><a href=\"kmail:showAuditLog?log=http://www.foo.com%3http://www.bla.com\">test</a></body></html>")
0071                                       << false;
0072 
0073     // Numeric value
0074     QTest::newRow("numeric no scam") << QStringLiteral(
0075         "<html><body><a href=\"http://baseball2.2ndhalfplays.com/nested/attribs/\">http://baseball2.2ndhalfplays.com/nested/attribs</html>")
0076                                      << false;
0077     QTest::newRow("numeric scam1") << QStringLiteral("<html><body><a href=\"http://25.15.55.88/\">test</a></body></html>") << true;
0078     QTest::newRow("numeric scam2") << QStringLiteral("<html><body><a href=\"http://255.0.1.1/\">test</a></body></html>") << true;
0079     QTest::newRow("numeric scam3") << QStringLiteral("<html><body><a href=\"http://1.0.1.1/\">test</a></body></html>") << true;
0080     QTest::newRow("numeric scam4") << QStringLiteral("<html><body><a href=\"http://255.500.1.1/\">test</a></body></html>") << true;
0081     QTest::newRow("numeric scam5") << QStringLiteral(
0082         "<html><body><a href=\"http://baseball.2ndhalfplays.com/nested/attribs/\">http://baseball2.2ndhalfplays.com/nested/attribs</html>")
0083                                    << true;
0084 
0085     QTest::newRow("scam") << QStringLiteral(
0086         "<html><body><a href=\"http://dfgdgsfdgsfdgsfd.foo.com/#contact@bla.org\">https://www.bli.com/manager/dedicated/index.html#/billing/mean</a></html>")
0087                           << true;
0088 
0089     QTest::newRow("scam-amp") << QStringLiteral(
0090         "<a "
0091         "href=\"https://bugs.kde.org/enter_bug.cgi?format=guided&amp;product=gcompris\">https://bugs.kde.org/"
0092         "enter_bug.cgi?format=guided&amp;amp;product=gcompris</a></div>")
0093                               << false;
0094 
0095     QTest::newRow("scam-encoded-url1") << QStringLiteral(
0096         "<a href=\"https://github.com/KDAB/KDStateMachineEditor.git|1.2\">https://github.com/KDAB/KDStateMachineEditor.git|1.2</a>")
0097                                        << false;
0098 
0099     QTest::newRow("scam-lowercase") << QStringLiteral("<a href=\"http://www.Kde.org\">http://www.Kde.org</a>") << false;
0100     QTest::newRow("scam-lowercase-2") << QStringLiteral("<a href=\"http://www.Kde.org/KDE/bla\">http://www.Kde.org/KDE/bla</a>") << false;
0101     QTest::newRow("scam-lowercase-3") << QStringLiteral(
0102         "<a href=\"http://code.qt.io/cgit/%7bnon-gerrit%7d/qt-labs/opencl.git\">http://code.qt.io/cgit/%7bnon-gerrit%7d/qt-labs/opencl.git</a>")
0103                                       << false;
0104 
0105     QTest::newRow("toplevelrepo") << QStringLiteral(
0106         "<a "
0107         "href=\"https://www.amazon.fr/gp/goldbox/ref=pe_btn/?nocache=1510065600354\">https://www.amazon.fr/gp/../gp/goldbox/ref=pe_btn/?nocache=1510065600354</"
0108         "a>") << false;
0109 
0110     QTest::newRow("toplevelrepo2") << QStringLiteral(
0111         "<a "
0112         "href=\"https://www.amazon.fr/gp/../gp/goldbox/ref=pe_btn/?nocache=1510065600354\">https://www.amazon.fr/gp/goldbox/ref=pe_btn/?nocache=1510065600354</"
0113         "a>") << false;
0114 
0115     QTest::newRow("toplevelrepo3") << QStringLiteral(
0116         "<a href=\"https://www.amazon.fr/gp/../gp/goldbox/ref=pe_d//\">https://www.amazon.fr/gp/../gp/goldbox/ref=pe_d//</a>")
0117                                    << false;
0118     QTest::newRow("endwith%22") << QStringLiteral(
0119         "<a href=\"http://www.kde.org/standards/kcfg/1.0/kcfg.xsd\" \"=\"\">http://www.kde.org/standards/kcfg/1.0/kcfg.xsd\"</a>")
0120                                 << false;
0121     QTest::newRow("contains%5C") << QStringLiteral(
0122         "<a "
0123         "href=\"http://g-ecx.images-amazon.com/images/G/01/barcodes/blank003.jpg%5CnUse\">http://g-ecx.images-amazon.com/images/G/01/barcodes/blank003.jpg/"
0124         "nUse</a>") << false;
0125     QTest::newRow("wierd1") << QStringLiteral("<a href=\"http://www.weezevent.com?c=sys_mail\">http://www.weezevent.com?c=sys_mail</a>") << false;
0126 
0127     QTest::newRow("urlwithport-special443") << QStringLiteral("<a href=\"https://example.com:443/blablabla\">https://example.com:443/blablabla</a>") << false;
0128     QTest::newRow("urlwithport-special443-2") << QStringLiteral("<a href=\"http://example.com:443/blablabla\">http://example.com:443/blablabla</a>") << false;
0129     QTest::newRow("urlwithport") << QStringLiteral("<a href=\"https://example.com:465/blablabla\">https://example.com:465/blablabla</a>") << false;
0130     QTest::newRow("urlwithport2") << QStringLiteral("<a href=\"https://example.com:11371/blablabla\">https://example.com:11371/blablabla</a>") << false;
0131     QTest::newRow("urlwithport3") << QStringLiteral("<a href=\"smtps://example.com:465/blablabla\">smtps://example.com:465/blablabla</a>") << false;
0132     QTest::newRow("urlwithport3") << QStringLiteral("<a href=\"imaps://example.com:993/blablabla\">imaps://example.com:993/blablabla</a>") << false;
0133     // Bug:440635
0134     QTest::newRow("scam5C") << QStringLiteral(R"(<a href="https://www.google.com/search?q=%5C">https://www.google.com/search?q=%5C</a>)") << false;
0135     QTest::newRow("BUG440635") << QStringLiteral(
0136         R"(<a href="https://codereview.qt-project.org/q/topic:%22api-change-review-6.2%22+(status:open%20OR%20status:abandoned">https://codereview.qt-project.org/q/topic:%22api-change-review-6.2%22+(status:open%20OR%20status:abandoned</a>)")
0137                                << false;
0138 
0139     QTest::newRow("BUG448029") << QStringLiteral(
0140         R"(<a href="https://bugreports.qt.io/issues/?jql=text%20~%20%22gadget%20qml%22">https://bugreports.qt.io/issues/?jql=text%20~%20%22gadget%20qml%22</a>)")
0141                                << false;
0142 
0143     QTest::newRow("BUG448674") << QStringLiteral(
0144         R"(<a href="https://bugreports.qt.io/browse/QTBUG-99195" target="_blank" title="https://bugreports.qt.io/browse/qtbug-99195"> https://bugreports.qt.io/browse/QTBUG-99195</a>)")
0145                                << false;
0146 }
0147 
0148 void ScamDetectionWebEngineTest::scamtest()
0149 {
0150     QFETCH(QString, html);
0151     QFETCH(bool, result);
0152 
0153     TestWebEngineScamDetection scamDetection;
0154     QSignalSpy scamDetectionSpy(&scamDetection, &TestWebEngineScamDetection::resultScanDetection);
0155     scamDetection.setHtml(html);
0156     QVERIFY(scamDetectionSpy.wait());
0157     QCOMPARE(scamDetectionSpy.count(), 1);
0158     const bool scamResult = scamDetectionSpy.at(0).at(0).toBool();
0159     QCOMPARE(scamResult, result);
0160 }
0161 
0162 QTEST_MAIN(ScamDetectionWebEngineTest)
0163 
0164 #include "moc_scamdetectionwebenginetest.cpp"