chrome/browser/ssl/ssl_error_classification.cc - Issue 1227173006: New SSL metric added: Likely From Same Domain

Side by Side Diff: chrome/browser/ssl/ssl_error_classification.cc

Issue 1227173006: New SSL metric added: Likely From Same Domain (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Resolving Comments Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/ssl/ssl_error_classification.h ('k') | chrome/browser/ssl/ssl_error_classification_unittest.cc » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <vector>	5 #include <vector>

6	6

7 #include "chrome/browser/ssl/ssl_error_classification.h"	7 #include "chrome/browser/ssl/ssl_error_classification.h"

8	8

9 #include "base/build_time.h"	9 #include "base/build_time.h"

10 #include "base/metrics/field_trial.h"	10 #include "base/metrics/field_trial.h"

(...skipping 37 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
48 SUBDOMAIN_MATCH,	48 SUBDOMAIN_MATCH,

49 SUBDOMAIN_INVERSE_MATCH,	49 SUBDOMAIN_INVERSE_MATCH,

50 SUBDOMAIN_OUTSIDE_WILDCARD,	50 SUBDOMAIN_OUTSIDE_WILDCARD,

51 HOST_NAME_NOT_KNOWN_TLD,	51 HOST_NAME_NOT_KNOWN_TLD,

52 LIKELY_MULTI_TENANT_HOSTING,	52 LIKELY_MULTI_TENANT_HOSTING,

53 LOCALHOST,	53 LOCALHOST,

54 PRIVATE_URL,	54 PRIVATE_URL,

55 AUTHORITY_ERROR_CAPTIVE_PORTAL,	55 AUTHORITY_ERROR_CAPTIVE_PORTAL,

56 SELF_SIGNED,	56 SELF_SIGNED,

57 EXPIRED_RECENTLY,	57 EXPIRED_RECENTLY,

	58 LIKELY_SAME_DOMAIN,

58 UNUSED_INTERSTITIAL_CAUSE_ENTRY,	59 UNUSED_INTERSTITIAL_CAUSE_ENTRY,

59 };	60 };

60	61

61 // Events for UMA. Do not reorder or change!	62 // Events for UMA. Do not reorder or change!

62 enum SSLInterstitialCauseCaptivePortal {	63 enum SSLInterstitialCauseCaptivePortal {

63 CAPTIVE_PORTAL_ALL,	64 CAPTIVE_PORTAL_ALL,

64 CAPTIVE_PORTAL_DETECTION_ENABLED,	65 CAPTIVE_PORTAL_DETECTION_ENABLED,

65 CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE,	66 CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE,

66 CAPTIVE_PORTAL_PROBE_COMPLETED,	67 CAPTIVE_PORTAL_PROBE_COMPLETED,

67 CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE,	68 CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE,

(...skipping 133 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
201 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD);	202 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD);

202 std::vector<std::string> dns_names;	203 std::vector<std::string> dns_names;

203 cert_.GetDNSNames(&dns_names);	204 cert_.GetDNSNames(&dns_names);

204 std::vector<Tokens> dns_name_tokens = GetTokenizedDNSNames(dns_names);	205 std::vector<Tokens> dns_name_tokens = GetTokenizedDNSNames(dns_names);

205 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens))	206 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens))

206 RecordSSLInterstitialCause(overridable, SUBDOMAIN_MATCH);	207 RecordSSLInterstitialCause(overridable, SUBDOMAIN_MATCH);

207 if (AnyNamesUnderName(dns_name_tokens, host_name_tokens))	208 if (AnyNamesUnderName(dns_name_tokens, host_name_tokens))

208 RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH);	209 RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH);

209 if (IsCertLikelyFromMultiTenantHosting())	210 if (IsCertLikelyFromMultiTenantHosting())

210 RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING);	211 RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING);

	212 if (IsCertLikelyFromSameDomain())

	213 RecordSSLInterstitialCause(overridable, LIKELY_SAME_DOMAIN);

211 } else {	214 } else {

212 RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD);	215 RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD);

213 }	216 }

214 break;	217 break;

215 }	218 }

216 case SSLErrorInfo::CERT_AUTHORITY_INVALID: {	219 case SSLErrorInfo::CERT_AUTHORITY_INVALID: {

217 const std::string& hostname = request_url_.HostNoBrackets();	220 const std::string& hostname = request_url_.HostNoBrackets();

218 if (net::IsLocalhost(hostname))	221 if (net::IsLocalhost(hostname))

219 RecordSSLInterstitialCause(overridable, LOCALHOST);	222 RecordSSLInterstitialCause(overridable, LOCALHOST);

220 if (IsHostnameNonUniqueOrDotless(hostname))	223 if (IsHostnameNonUniqueOrDotless(hostname))

(...skipping 235 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
456 for (size_t i = 0; i < dns_names_size; ++i) {	459 for (size_t i = 0; i < dns_names_size; ++i) {

457 for (size_t j = i + 1; j < dns_names_size; ++j) {	460 for (size_t j = i + 1; j < dns_names_size; ++j) {

458 int edit_distance = GetLevensteinDistance(dns_names[i], dns_names[j]);	461 int edit_distance = GetLevensteinDistance(dns_names[i], dns_names[j]);

459 if (edit_distance < kMinimumEditDsitance)	462 if (edit_distance < kMinimumEditDsitance)

460 return false;	463 return false;

461 }	464 }

462 }	465 }

463 return true;	466 return true;

464 }	467 }

465	468

	469 bool SSLErrorClassification::IsCertLikelyFromSameDomain() const {

	470 std::string host_name = request_url_.host();

	471 std::vector<std::string> dns_names;

	472 cert_.GetDNSNames(&dns_names);

	473

	474 dns_names.push_back(host_name);

	475 size_t dns_names_size = dns_names.size();

	476 std::vector<std::string> dns_names_domain;

	477

	478 for (size_t i = 0; i < dns_names_size; ++i) {
	meacer 2015/07/11 00:26:07 Use C++11 style loop: for (const string& dns_name Use C++11 style loop: for (const string& dns_name: dns_names) Bhanu Dev 2015/07/13 19:22:43 Done. Show quoted text On 2015/07/11 00:26:07, Mustafa Emre Acer wrote: > Use C++11 style loop: > > for (const string& dns_name: dns_names) Done.
	479 dns_names_domain.push_back(

	480 net::registry_controlled_domains::

	481 GetDomainAndRegistry(

	482 dns_names[i],

	483 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES));

	484 }

	485

	486 size_t dns_names_domain_size = dns_names_domain.size();
	meacer 2015/07/11 00:26:07 This is just used once, no need to create a separa This is just used once, no need to create a separate variable. Bhanu Dev 2015/07/13 19:22:43 Done. Show quoted text On 2015/07/11 00:26:07, Mustafa Emre Acer wrote: > This is just used once, no need to create a separate variable. Done.
	487 std::string host_name_domain = dns_names_domain[dns_names_domain_size - 1];
	meacer 2015/07/11 00:26:07 Need to check if dns_names_domain_size==0. In fact Need to check if dns_names_domain_size==0. In fact, just do an early exit after cert_.GetDNSNames in that case. Bhanu Dev 2015/07/13 19:22:43 I think dns_names_domain_size cannot be 0, since h Show quoted text On 2015/07/11 00:26:07, Mustafa Emre Acer wrote: > Need to check if dns_names_domain_size==0. In fact, just do an early exit after > cert_.GetDNSNames in that case. I think dns_names_domain_size cannot be 0, since host_name is appended to it. I added a DCHECK.
	488

	489 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1,
	meacer 2015/07/11 00:26:07 You might want to add a small comment here saying You might want to add a small comment here saying why you are excluding the last item (that it's the original domain pushed above). Bhanu Dev 2015/07/13 19:22:43 Done. Show quoted text On 2015/07/11 00:26:07, Mustafa Emre Acer wrote: > You might want to add a small comment here saying why you are excluding the last > item (that it's the original domain pushed above). Done.
	490 host_name_domain) != dns_names_domain.end() - 1;

	491 }

	492

466 // static	493 // static

467 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(	494 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(

468 const std::string& hostname) {	495 const std::string& hostname) {

469 return net::IsHostnameNonUnique(hostname) \|\|	496 return net::IsHostnameNonUnique(hostname) \|\|

470 hostname.find('.') == std::string::npos;	497 hostname.find('.') == std::string::npos;

471 }	498 }

472	499

473 void SSLErrorClassification::Observe(	500 void SSLErrorClassification::Observe(

474 int type,	501 int type,

475 const content::NotificationSource& source,	502 const content::NotificationSource& source,

(...skipping 17 matching lines...) Expand all Loading...
493 // sure we don't clear the captive protal flag, since the interstitial was	520 // sure we don't clear the captive protal flag, since the interstitial was

494 // potentially caused by the captive portal.	521 // potentially caused by the captive portal.

495 captive_portal_detected_ = captive_portal_detected_ \|\|	522 captive_portal_detected_ = captive_portal_detected_ \|\|

496 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL);	523 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL);

497 // Also keep track of non-HTTP portals and error cases.	524 // Also keep track of non-HTTP portals and error cases.

498 captive_portal_no_response_ = captive_portal_no_response_ \|\|	525 captive_portal_no_response_ = captive_portal_no_response_ \|\|

499 (results->result == captive_portal::RESULT_NO_RESPONSE);	526 (results->result == captive_portal::RESULT_NO_RESPONSE);

500 }	527 }

501 #endif	528 #endif

502 }	529 }

OLD	NEW