| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/safe_browsing/client_side_detection_host.h" |
| 6 |
| 7 #include <vector> |
| 8 |
| 9 #include "base/command_line.h" |
| 10 #include "base/logging.h" |
| 11 #include "base/metrics/histogram.h" |
| 12 #include "base/task.h" |
| 13 #include "chrome/browser/browser_process.h" |
| 14 #include "chrome/browser/browser_thread.h" |
| 15 #include "chrome/browser/renderer_host/render_process_host.h" |
| 16 #include "chrome/browser/renderer_host/render_view_host.h" |
| 17 #include "chrome/browser/renderer_host/resource_dispatcher_host.h" |
| 18 #include "chrome/browser/safe_browsing/client_side_detection_service.h" |
| 19 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 20 #include "chrome/browser/tab_contents/navigation_controller.h" |
| 21 #include "chrome/browser/tab_contents/tab_contents.h" |
| 22 #include "chrome/common/safebrowsing_messages.h" |
| 23 #include "chrome/common/chrome_switches.h" |
| 24 #include "chrome/common/render_messages_params.h" |
| 25 #include "googleurl/src/gurl.h" |
| 26 #include "ipc/ipc_message.h" |
| 27 #include "ipc/ipc_message_macros.h" |
| 28 |
| 29 namespace safe_browsing { |
| 30 |
| 31 // This class is used to display the phishing interstitial. |
| 32 class CsdClient : public SafeBrowsingService::Client { |
| 33 public: |
| 34 CsdClient() {} |
| 35 |
| 36 // Method from SafeBrowsingService::Client. This method is called on the |
| 37 // IO thread once the interstitial is going away. This method simply deletes |
| 38 // the CsdClient object. |
| 39 virtual void OnBlockingPageComplete(bool proceed) { |
| 40 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 41 // Delete this on the UI thread since it was created there. |
| 42 BrowserThread::PostTask(BrowserThread::UI, |
| 43 FROM_HERE, |
| 44 new DeleteTask<CsdClient>(this)); |
| 45 } |
| 46 |
| 47 private: |
| 48 friend class DeleteTask<CsdClient>; // Calls the private destructor. |
| 49 |
| 50 // We're taking care of deleting this object. No-one else should delete |
| 51 // this object. |
| 52 virtual ~CsdClient() {} |
| 53 |
| 54 DISALLOW_COPY_AND_ASSIGN(CsdClient); |
| 55 }; |
| 56 |
| 57 ClientSideDetectionHost::ClientSideDetectionHost(TabContents* tab) |
| 58 : tab_(tab), |
| 59 service_(g_browser_process->safe_browsing_detection_service()), |
| 60 cb_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) { |
| 61 DCHECK(tab); |
| 62 // Note: service_ and sb_service_ might be NULL. |
| 63 ResourceDispatcherHost* resource = |
| 64 g_browser_process->resource_dispatcher_host(); |
| 65 if (resource) { |
| 66 sb_service_ = resource->safe_browsing_service(); |
| 67 } |
| 68 } |
| 69 |
| 70 ClientSideDetectionHost::~ClientSideDetectionHost() { |
| 71 } |
| 72 |
| 73 bool ClientSideDetectionHost::OnMessageReceived(const IPC::Message& message) { |
| 74 bool handled = true; |
| 75 IPC_BEGIN_MESSAGE_MAP(ClientSideDetectionHost, message) |
| 76 IPC_MESSAGE_HANDLER(SafeBrowsingDetectionHostMsg_DetectedPhishingSite, |
| 77 OnDetectedPhishingSite) |
| 78 IPC_MESSAGE_UNHANDLED(handled = false) |
| 79 IPC_END_MESSAGE_MAP() |
| 80 return handled; |
| 81 } |
| 82 |
| 83 void ClientSideDetectionHost::DidNavigateMainFramePostCommit( |
| 84 const NavigationController::LoadCommittedDetails& details, |
| 85 const ViewHostMsg_FrameNavigate_Params& params) { |
| 86 // TODO(noelutz): move this DCHECK to TabContents and fix all the unit tests |
| 87 // that don't call this method on the UI thread. |
| 88 // DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 89 |
| 90 // If we navigate away and there currently is a pending phishing |
| 91 // report request we have to cancel it to make sure we don't display |
| 92 // an interstitial for the wrong page. Note that this won't cancel |
| 93 // the server ping back but only cancel the showing of the |
| 94 // interstial. |
| 95 cb_factory_.RevokeAll(); |
| 96 } |
| 97 |
| 98 void ClientSideDetectionHost::OnDetectedPhishingSite(const GURL& phishing_url, |
| 99 double phishing_score) { |
| 100 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 101 // There is something seriously wrong if there is no service class but |
| 102 // this method is called. The renderer should not start phishing detection |
| 103 // if there isn't any service class in the browser. |
| 104 DCHECK(service_); |
| 105 if (service_ && tab_) { |
| 106 // There shouldn't be any pending requests because we revoke them everytime |
| 107 // we navigate away. |
| 108 DCHECK(!cb_factory_.HasPendingCallbacks()); |
| 109 service_->SendClientReportPhishingRequest( |
| 110 phishing_url, |
| 111 phishing_score, |
| 112 cb_factory_.NewCallback( |
| 113 &ClientSideDetectionHost::MaybeShowPhishingWarning)); |
| 114 } |
| 115 } |
| 116 |
| 117 void ClientSideDetectionHost::MaybeShowPhishingWarning(GURL phishing_url, |
| 118 bool is_phishing) { |
| 119 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 120 if (is_phishing && |
| 121 CommandLine::ForCurrentProcess()->HasSwitch( |
| 122 switches::kEnableClientSidePhishingInterstitial)) { |
| 123 DCHECK(tab_); |
| 124 // TODO(noelutz): this is not perfect. It's still possible that the |
| 125 // user browses away before the interstitial is shown. Maybe we should |
| 126 // stop all pending navigations? |
| 127 if (sb_service_) { |
| 128 // TODO(noelutz): refactor this code so that we don't need to use |
| 129 // the SafeBrowsing service class. |
| 130 std::vector<GURL> redirect_urls; |
| 131 BrowserThread::PostTask( |
| 132 BrowserThread::IO, |
| 133 FROM_HERE, |
| 134 NewRunnableMethod(sb_service_.get(), |
| 135 &SafeBrowsingService::DisplayBlockingPage, |
| 136 phishing_url, phishing_url, |
| 137 redirect_urls, |
| 138 // We only classify the main frame URL. |
| 139 ResourceType::MAIN_FRAME, |
| 140 // TODO(noelutz): create a separate threat type |
| 141 // for client-side phishing detection. |
| 142 SafeBrowsingService::URL_PHISHING, |
| 143 new CsdClient() /* will delete itself */, |
| 144 tab_->GetRenderProcessHost()->id(), |
| 145 tab_->render_view_host()->routing_id())); |
| 146 } |
| 147 } |
| 148 } |
| 149 |
| 150 void ClientSideDetectionHost::set_client_side_detection_service( |
| 151 ClientSideDetectionService* service) { |
| 152 service_ = service; |
| 153 } |
| 154 |
| 155 void ClientSideDetectionHost::set_safe_browsing_service( |
| 156 SafeBrowsingService* service) { |
| 157 sb_service_ = service; |
| 158 } |
| 159 |
| 160 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6014003:
Intergration of the client-side phishing detection. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src