net/base/transport_security_state.h - Issue 8364023: Report second-level domains for UMA on pin failure.

Side by Side Diff: net/base/transport_security_state.h

Issue 8364023: Report second-level domains for UMA on pin failure. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_	5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_

6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_	6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_

7 #pragma once	7 #pragma once

8	8

9 #include <map>	9 #include <map>

10 #include <string>	10 #include <string>

(...skipping 110 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
121 // Note that like HasMetadata, if \|host\| matches both an exact entry and is a	121 // Note that like HasMetadata, if \|host\| matches both an exact entry and is a

122 // subdomain of another entry, the exact match determines the return value.	122 // subdomain of another entry, the exact match determines the return value.

123 //	123 //

124 // This function is used by ChromeFraudulentCertificateReporter to determine	124 // This function is used by ChromeFraudulentCertificateReporter to determine

125 // whether or not we can automatically post fraudulent certificate reports to	125 // whether or not we can automatically post fraudulent certificate reports to

126 // Google; we only do so automatically in cases when the user was trying to	126 // Google; we only do so automatically in cases when the user was trying to

127 // connect to Google in the first place.	127 // connect to Google in the first place.

128 static bool IsGooglePinnedProperty(const std::string& host,	128 static bool IsGooglePinnedProperty(const std::string& host,

129 bool sni_available);	129 bool sni_available);

130	130

	131 // Report UMA statistics upon pin failure. Reports only down to the

	132 // second-level domain of \|host\| (e.g. google.com), and only if \|host\| is
	wtc 2011/10/25 00:49:57 The example should say something like "google.com The example should say something like "google.com if \|host\| is mail.google.com".
	133 // an IsPreloadedSTS host (or, if \|sni_available\|, an SNI preloaded STS
	wtc 2011/10/25 00:49:57 Nit: IsPreloadedSTS is a private method, so it pro Nit: IsPreloadedSTS is a private method, so it probably shouldn't be used in the comment for a public method.
	134 // host).

	135 static void ReportUMAPinFailure(const std::string& host, bool sni_available);
	wtc 2011/10/25 00:49:57 "PinFailure" needs to be more specific, such as "C "PinFailure" needs to be more specific, such as "CertPinFailure" or "PublicKeyPinFailure". The comment on line 131 ("pin failure") needs a similar change. Also, "ReportUMAPinFailure" sounds like we want to report "UMA pin" failure. I think we need to add "On": ReportUMAOnPinFailure or remove "UMA": ReportPinFailure
	136

131 // Deletes all records created since a given time.	137 // Deletes all records created since a given time.

132 void DeleteSince(const base::Time& time);	138 void DeleteSince(const base::Time& time);

133	139

134 // Returns \|true\| if \|value\| parses as a valid *-Transport-Security	140 // Returns \|true\| if \|value\| parses as a valid *-Transport-Security

135 // header value. The values of max-age and and includeSubDomains are	141 // header value. The values of max-age and and includeSubDomains are

136 // returned in \|max_age\| and \|include_subdomains\|, respectively. The out	142 // returned in \|max_age\| and \|include_subdomains\|, respectively. The out

137 // parameters are not modified if the function returns \|false\|.	143 // parameters are not modified if the function returns \|false\|.

138 static bool ParseHeader(const std::string& value,	144 static bool ParseHeader(const std::string& value,

139 int* max_age,	145 int* max_age,

140 bool* include_subdomains);	146 bool* include_subdomains);

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
182	188

183 // Our delegate who gets notified when we are dirtied, or NULL.	189 // Our delegate who gets notified when we are dirtied, or NULL.

184 Delegate* delegate_;	190 Delegate* delegate_;

185	191

186 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);	192 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);

187 };	193 };

188	194

189 } // namespace net	195 } // namespace net

190	196

191 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_	197 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_

OLD	NEW

« no previous file with comments | « no previous file | net/base/transport_security_state.cc » ('j') | net/base/transport_security_state.cc » ('J')