Intergration of the client-side phishing detection.

chrome/browser/safe_browsing/client_side_detection_service.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/client_side_detection_service.h"
 
 #include "base/command_line.h"
 #include "base/file_path.h"
 #include "base/file_util_proxy.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
+#include "base/metrics/histogram.h"
 #include "base/platform_file.h"
 #include "base/scoped_ptr.h"
 #include "base/stl_util-inl.h"
 #include "base/task.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_thread.h"
+#include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 #include "chrome/browser/safe_browsing/csd.pb.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "chrome/browser/tab_contents/tab_contents.h"
+#include "chrome/browser/tab_contents/tab_util.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/http_return.h"
 #include "chrome/common/net/url_fetcher.h"
 #include "chrome/common/net/url_request_context_getter.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/load_flags.h"
 #include "net/url_request/url_request_status.h"
+#include "webkit/glue/resource_type.h"
 
 namespace safe_browsing {
 
 const char ClientSideDetectionService::kClientReportPhishingUrl[] =
     "https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
 const char ClientSideDetectionService::kClientModelUrl[] =
     "https://ssl.gstatic.com/safebrowsing/csd/client_model_v0.pb";
 
+CsdClient::CsdClient(int render_process_id, int render_view_id)
+    : render_process_id_(render_process_id),
+      render_view_id_(render_view_id),
+      navigated_away_(false) {}
+
+CsdClient::~CsdClient() {}
+
+void CsdClient::OnUrlCheckResult(const GURL& url,

[lzheng, 2011/01/25 00:43:43]

I don't think this is actually used? The interface for SafeBrowsing::Client
client is changed and if you don't actually call safebrowsing service to check
url, you don't need to implement this. 

[noelutz, 2011/02/10 01:16:23]

Removed.

+                                 SafeBrowsingService::UrlCheckResult result) {
+  delete this;

[Brian Ryner, 2011/01/20 23:36:40]

This looks a little odd at first glance, can you add a comment?

[noelutz, 2011/02/10 01:16:23]

Done.

+}
+
+void CsdClient::OnBlockingPageComplete(bool proceed) {
+  delete this;
+}
+
+void CsdClient::MaybeShowPhishingInterstitial(GURL phishing_url,
+                                              bool is_phishing) {
+  if (navigated_away_) {
+    // The user already navigated away from the phishing page.  The server was
+    // too slow.
+    UMA_HISTOGRAM_COUNTS("SBClientPhishing.ServerVerdictTooLate", 1);
+  }
+  TabContents* tab = tab_util::GetTabContentsByID(render_process_id_,
+                                                  render_view_id_);
+  if (tab) {
+    // No matter what we need to remove ourselves as a navigation observer if
+    // the tab still exists.
+    tab->RemoveNavigationObserver(this);
+
+    if (is_phishing &&
+        CommandLine::ForCurrentProcess()->HasSwitch(
+            switches::kEnableClientSidePhishingInterstitial)) {
+      // While we are on the UI thread we make sure that the user did not
+      // navigate away from the phishing page while we were busy checking
+      // whether or not the page is phishing.
+      // TODO(noelutz): this is not perfect.  It's still possible that the
+      // user browses away before the interstitial is shown.  Maybe we should
+      // stop all pending navigations?
+      ResourceDispatcherHost* resource =
+          g_browser_process->resource_dispatcher_host();
+      if (!navigated_away_ && resource && resource->safe_browsing_service()) {
+        // TODO(noelutz): refactor this code so that we don't need to use
+        // the SafeBrowsing service class.
+        BrowserThread::PostTask(
+            BrowserThread::IO,
+            FROM_HERE,
+            NewRunnableMethod(resource->safe_browsing_service(),
+                              &SafeBrowsingService::DisplayBlockingPage,
+                              phishing_url, phishing_url,
+                              // We only classify the main frame URL.
+                              ResourceType::MAIN_FRAME,
+                              // TODO(noelutz): create a separate threat type
+                              // for client-side phishing detection.
+                              SafeBrowsingService::URL_PHISHING,
+                              this,
+                              render_process_id_,
+                              render_view_id_));
+        return;  // don't delete this object yet.
+      }
+    }
+  }
+  delete this;
+}
+
+void CsdClient::DidNavigateMainFramePostCommit(
+    const NavigationController::LoadCommittedDetails& details,
+    const ViewHostMsg_FrameNavigate_Params& params) {
+  // If a sub-frame navigation happens we still consider the main-frame as
+  // phishing if both the client and the server agree that the main-frame
+  // is phishing.
+  navigated_away_ = details.is_main_frame;
+}
+
 struct ClientSideDetectionService::ClientReportInfo {
   scoped_ptr<ClientReportPhishingRequestCallback> callback;
   GURL phishing_url;
 };
 
 ClientSideDetectionService::ClientSideDetectionService(
     const FilePath& model_path,
     URLRequestContextGetter* request_context_getter)
     : model_path_(model_path),
       model_status_(UNKNOWN_STATUS),
@@ skipping 204 matching lines @@
   // Remember which callback and URL correspond to the current fetcher object.
   ClientReportInfo* info = new ClientReportInfo;
   info->callback.swap(cb);  // takes ownership of the callback.
   info->phishing_url = phishing_url;
   client_phishing_reports_[fetcher] = info;
 
   fetcher->set_load_flags(net::LOAD_DISABLE_CACHE);
   fetcher->set_request_context(request_context_getter_.get());
   fetcher->set_upload_data("application/octet-stream", request_data);
   fetcher->Start();
+  LOG(INFO) << "Start sending csd request";

[Brian Ryner, 2011/01/20 23:36:40]

Make this a VLOG?

[noelutz, 2011/02/10 01:16:23]

Removed.  Needed only for debugging.

 }
 
 void ClientSideDetectionService::HandleModelResponse(
     const URLFetcher* source,
     const GURL& url,
     const net::URLRequestStatus& status,
     int response_code,
     const ResponseCookies& cookies,
     const std::string& data) {
   if (status.is_success() && RC_REQUEST_OK == response_code) {
@@ skipping 20 matching lines @@
   }
 }
 
 void ClientSideDetectionService::HandlePhishingVerdict(
     const URLFetcher* source,
     const GURL& url,
     const net::URLRequestStatus& status,
     int response_code,
     const ResponseCookies& cookies,
     const std::string& data) {
+  LOG(INFO) << "Stop sending csd request";

[Brian Ryner, 2011/01/20 23:36:40]

Same here.

[noelutz, 2011/02/10 01:16:23]

Removed.  Needed only for debugging.

   ClientPhishingResponse response;
   scoped_ptr<ClientReportInfo> info(client_phishing_reports_[source]);
   if (status.is_success() && RC_REQUEST_OK == response_code  &&
       response.ParseFromString(data)) {
     info->callback->Run(info->phishing_url, response.phishy());
   } else {
     DLOG(ERROR) << "Unable to get the server verdict for URL: "
-                << info->phishing_url;
+                << info->phishing_url << " status: " << status.status() << " "
+                << "response_code:" << response_code;
     info->callback->Run(info->phishing_url, false);
   }
   client_phishing_reports_.erase(source);
 }
 
 }  // namespace safe_browsing