Chromium Code Reviews Chromium Code Reviews
Issue 1227173006:
New SSL metric added: Likely From Same Domain (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "chrome/browser/ssl/ssl_error_classification.h" | 7 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 8 | 8 |
| 9 #include "base/build_time.h" | 9 #include "base/build_time.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 48 SUBDOMAIN_MATCH, | 48 SUBDOMAIN_MATCH, |
| 49 SUBDOMAIN_INVERSE_MATCH, | 49 SUBDOMAIN_INVERSE_MATCH, |
| 50 SUBDOMAIN_OUTSIDE_WILDCARD, | 50 SUBDOMAIN_OUTSIDE_WILDCARD, |
| 51 HOST_NAME_NOT_KNOWN_TLD, | 51 HOST_NAME_NOT_KNOWN_TLD, |
| 52 LIKELY_MULTI_TENANT_HOSTING, | 52 LIKELY_MULTI_TENANT_HOSTING, |
| 53 LOCALHOST, | 53 LOCALHOST, |
| 54 PRIVATE_URL, | 54 PRIVATE_URL, |
| 55 AUTHORITY_ERROR_CAPTIVE_PORTAL, | 55 AUTHORITY_ERROR_CAPTIVE_PORTAL, |
| 56 SELF_SIGNED, | 56 SELF_SIGNED, |
| 57 EXPIRED_RECENTLY, | 57 EXPIRED_RECENTLY, |
| 58 LIKELY_SAME_DOMAIN, | |
| 58 UNUSED_INTERSTITIAL_CAUSE_ENTRY, | 59 UNUSED_INTERSTITIAL_CAUSE_ENTRY, |
| 59 }; | 60 }; |
| 60 | 61 |
| 61 // Events for UMA. Do not reorder or change! | 62 // Events for UMA. Do not reorder or change! |
| 62 enum SSLInterstitialCauseCaptivePortal { | 63 enum SSLInterstitialCauseCaptivePortal { |
| 63 CAPTIVE_PORTAL_ALL, | 64 CAPTIVE_PORTAL_ALL, |
| 64 CAPTIVE_PORTAL_DETECTION_ENABLED, | 65 CAPTIVE_PORTAL_DETECTION_ENABLED, |
| 65 CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE, | 66 CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE, |
| 66 CAPTIVE_PORTAL_PROBE_COMPLETED, | 67 CAPTIVE_PORTAL_PROBE_COMPLETED, |
| 67 CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE, | 68 CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE, |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 201 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD); | 202 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD); |
| 202 std::vector<std::string> dns_names; | 203 std::vector<std::string> dns_names; |
| 203 cert_.GetDNSNames(&dns_names); | 204 cert_.GetDNSNames(&dns_names); |
| 204 std::vector<Tokens> dns_name_tokens = GetTokenizedDNSNames(dns_names); | 205 std::vector<Tokens> dns_name_tokens = GetTokenizedDNSNames(dns_names); |
| 205 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens)) | 206 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens)) |
| 206 RecordSSLInterstitialCause(overridable, SUBDOMAIN_MATCH); | 207 RecordSSLInterstitialCause(overridable, SUBDOMAIN_MATCH); |
| 207 if (AnyNamesUnderName(dns_name_tokens, host_name_tokens)) | 208 if (AnyNamesUnderName(dns_name_tokens, host_name_tokens)) |
| 208 RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH); | 209 RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH); |
| 209 if (IsCertLikelyFromMultiTenantHosting()) | 210 if (IsCertLikelyFromMultiTenantHosting()) |
| 210 RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING); | 211 RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING); |
| 212 if (IsCertLikelyFromSameDomain()) | |
| 213 RecordSSLInterstitialCause(overridable, LIKELY_SAME_DOMAIN); | |
| 211 } else { | 214 } else { |
| 212 RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD); | 215 RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD); |
| 213 } | 216 } |
| 214 break; | 217 break; |
| 215 } | 218 } |
| 216 case SSLErrorInfo::CERT_AUTHORITY_INVALID: { | 219 case SSLErrorInfo::CERT_AUTHORITY_INVALID: { |
| 217 const std::string& hostname = request_url_.HostNoBrackets(); | 220 const std::string& hostname = request_url_.HostNoBrackets(); |
| 218 if (net::IsLocalhost(hostname)) | 221 if (net::IsLocalhost(hostname)) |
| 219 RecordSSLInterstitialCause(overridable, LOCALHOST); | 222 RecordSSLInterstitialCause(overridable, LOCALHOST); |
| 220 if (IsHostnameNonUniqueOrDotless(hostname)) | 223 if (IsHostnameNonUniqueOrDotless(hostname)) |
| (...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 456 for (size_t i = 0; i < dns_names_size; ++i) { | 459 for (size_t i = 0; i < dns_names_size; ++i) { |
| 457 for (size_t j = i + 1; j < dns_names_size; ++j) { | 460 for (size_t j = i + 1; j < dns_names_size; ++j) { |
| 458 int edit_distance = GetLevensteinDistance(dns_names[i], dns_names[j]); | 461 int edit_distance = GetLevensteinDistance(dns_names[i], dns_names[j]); |
| 459 if (edit_distance < kMinimumEditDsitance) | 462 if (edit_distance < kMinimumEditDsitance) |
| 460 return false; | 463 return false; |
| 461 } | 464 } |
| 462 } | 465 } |
| 463 return true; | 466 return true; |
| 464 } | 467 } |
| 465 | 468 |
| 469 bool SSLErrorClassification::IsCertLikelyFromSameDomain() const { | |
| 470 std::string host_name = request_url_.host(); | |
| 471 std::vector<std::string> dns_names; | |
| 472 cert_.GetDNSNames(&dns_names); | |
| 473 | |
| 474 dns_names.push_back(host_name); | |
| 475 std::vector<std::string> dns_names_domain; | |
| 476 | |
| 477 for (const std::string& dns_name : dns_names) { | |
| 478 dns_names_domain.push_back( | |
| 479 net::registry_controlled_domains::GetDomainAndRegistry( | |
| 480 dns_name, | |
| 481 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)); | |
| 482 } | |
| 483 | |
| 484 DCHECK(!dns_names_domain.empty()); | |
| 485 std::string host_name_domain = dns_names_domain[dns_names_domain.size() - 1]; | |
|
palmer
2015/07/16 19:08:21
const std::string& host_name_domain = dns_names_do
Bhanu Dev
2015/07/20 21:59:41
Done.
| |
| 486 | |
| 487 // Last element is the original domain. So, excluding it. | |
| 488 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1, | |
|
palmer
2015/07/16 19:08:21
I'm not sure if that kind of pointer arithmetic is
Bhanu Dev
2015/07/20 21:59:41
http://www.cplusplus.com/reference/iterator/ says
| |
| 489 host_name_domain) != dns_names_domain.end() - 1; | |
| 490 } | |
| 491 | |
| 466 // static | 492 // static |
| 467 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless( | 493 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless( |
| 468 const std::string& hostname) { | 494 const std::string& hostname) { |
| 469 return net::IsHostnameNonUnique(hostname) || | 495 return net::IsHostnameNonUnique(hostname) || |
| 470 hostname.find('.') == std::string::npos; | 496 hostname.find('.') == std::string::npos; |
| 471 } | 497 } |
| 472 | 498 |
| 473 void SSLErrorClassification::Observe( | 499 void SSLErrorClassification::Observe( |
| 474 int type, | 500 int type, |
| 475 const content::NotificationSource& source, | 501 const content::NotificationSource& source, |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 493 // sure we don't clear the captive protal flag, since the interstitial was | 519 // sure we don't clear the captive protal flag, since the interstitial was |
| 494 // potentially caused by the captive portal. | 520 // potentially caused by the captive portal. |
| 495 captive_portal_detected_ = captive_portal_detected_ || | 521 captive_portal_detected_ = captive_portal_detected_ || |
| 496 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL); | 522 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL); |
| 497 // Also keep track of non-HTTP portals and error cases. | 523 // Also keep track of non-HTTP portals and error cases. |
| 498 captive_portal_no_response_ = captive_portal_no_response_ || | 524 captive_portal_no_response_ = captive_portal_no_response_ || |
| 499 (results->result == captive_portal::RESULT_NO_RESPONSE); | 525 (results->result == captive_portal::RESULT_NO_RESPONSE); |
| 500 } | 526 } |
| 501 #endif | 527 #endif |
| 502 } | 528 } |
| OLD | NEW |
