Send the referral URL with the client-side phishing detection request.

chrome/browser/safe_browsing/client_side_detection_host.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/client_side_detection_host.h"
 
 #include <vector>
 
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
@@ skipping 272 matching lines @@
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void ClientSideDetectionHost::DidNavigateMainFramePostCommit(
     const content::LoadCommittedDetails& details,
     const ViewHostMsg_FrameNavigate_Params& params) {
   // TODO(noelutz): move this DCHECK to TabContents and fix all the unit tests
   // that don't call this method on the UI thread.
   // DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-
   if (details.is_in_page) {
     // If the navigation is within the same page, the user isn't really
     // navigating away.  We don't need to cancel a pending callback or
     // begin a new classification.
     return;
   }
-
   // If we navigate away and there currently is a pending phishing
   // report request we have to cancel it to make sure we don't display
   // an interstitial for the wrong page.  Note that this won't cancel
   // the server ping back but only cancel the showing of the
   // interstial.
   cb_factory_.RevokeAll();
 
-  if (csd_service_) {
-    // Cancel any pending classification request.
-    if (classification_request_.get()) {
-      classification_request_->Cancel();
-    }
+  if (!csd_service_) {
+    return;
+  }
 
-    // Notify the renderer if it should classify this URL.
-    classification_request_ = new ShouldClassifyUrlRequest(params,
-                                                           tab_contents(),
-                                                           csd_service_,
-                                                           sb_service_,
-                                                           this);
-    classification_request_->Start();
+  // Cancel any pending classification request.
+  if (classification_request_.get()) {
+    classification_request_->Cancel();
   }
+  browse_info_.reset(new BrowseInfo);
+  browse_info_->url = params.url;
+  browse_info_->referrer = params.referrer;
+  browse_info_->transition = params.transition;
+
+  // Notify the renderer if it should classify this URL.
+  classification_request_ = new ShouldClassifyUrlRequest(params,
+                                                         tab_contents(),
+                                                         csd_service_,
+                                                         sb_service_,
+                                                         this);
+  classification_request_->Start();
 }
 
 void ClientSideDetectionHost::TabContentsDestroyed(TabContents* tab) {
   DCHECK(tab);
   // Tell any pending classification request that it is being canceled.
   if (classification_request_.get()) {
     classification_request_->Cancel();
   }
   // Cancel all pending feature extractions.
   feature_extractor_.reset();
 }
 
 void ClientSideDetectionHost::OnDetectedPhishingSite(
     const std::string& verdict_str) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   // There is something seriously wrong if there is no service class but
   // this method is called.  The renderer should not start phishing detection
   // if there isn't any service class in the browser.
   DCHECK(csd_service_);
+  // There shouldn't be any pending requests because we revoke them everytime
+  // we navigate away.
+  DCHECK(!cb_factory_.HasPendingCallbacks());
+  DCHECK(browse_info_.get());
+
   // We parse the protocol buffer here.  If we're unable to parse it we won't
   // send the verdict further.
   scoped_ptr<ClientPhishingRequest> verdict(new ClientPhishingRequest);
   if (csd_service_ &&
+      browse_info_.get() &&
       verdict->ParseFromString(verdict_str) &&
       verdict->IsInitialized()) {
     // There shouldn't be any pending requests because we revoke them everytime
     // we navigate away.
     DCHECK(!cb_factory_.HasPendingCallbacks());
-
+    if (browse_info_->url.spec() != verdict->url()) {
+      // I'm not sure we can DCHECK on this one so we keep stats around to see
+      // whether this actually happens in practice.
+      UMA_HISTOGRAM_COUNTS("SBClientPhishing.BrowserRendererUrlMismatch", 1);
+      VLOG(2) << "Browser and renderer URL do not match: "
+              << browse_info_->url.spec() << " vs. " << verdict->url();

[mattm, 2011/06/20 22:33:06]

should it return or have the ExtractFeatures in an else block instead of falling
through?

[noelutz, 2011/06/20 22:58:12]

I would like to fall through for now (which is why I added the UMA stat).  I'm
not sure if this ever happens or if there is a legitimate use case when this
happens.  Do you?  I'm wondering whether there could be differences in URL
encoding or something like that between WebKit and the browser.  Thoughts?

[mattm, 2011/06/21 00:06:06]

Hm, I don't think there should be, dunno.  Just having the stat to verify seems
fine then.

+    }
     // Start browser-side feature extraction.  Once we're done it will send
     // the client verdict request.
     feature_extractor_->ExtractFeatures(
+        *browse_info_,
         verdict.release(),
         NewCallback(this, &ClientSideDetectionHost::FeatureExtractionDone));
   }
+  browse_info_.reset();
 }
 
 void ClientSideDetectionHost::MaybeShowPhishingWarning(GURL phishing_url,
                                                        bool is_phishing) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   VLOG(2) << "Received server phishing verdict for URL:" << phishing_url
           << " is_phishing:" << is_phishing;
   if (is_phishing) {
     DCHECK(tab_contents());
     if (sb_service_) {
@@ skipping 37 matching lines @@
     ClientSideDetectionService* service) {
   csd_service_ = service;
 }
 
 void ClientSideDetectionHost::set_safe_browsing_service(
     SafeBrowsingService* service) {
   sb_service_ = service;
 }
 
 }  // namespace safe_browsing