Async Safe Browsing check, on mobile

chrome/browser/renderer_host/safe_browsing_resource_throttle.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
 #define CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
 
 #include <string>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chrome/browser/safe_browsing/database_manager.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "content/public/browser/resource_throttle.h"
 #include "content/public/common/resource_type.h"
 
 class ResourceDispatcherHost;
 
 namespace net {
 class URLRequest;
 }
 
-// SafeBrowsingResourceThrottle checks that URLs are "safe" before navigating
-// to them. To be considered "safe", a URL must not appear in the
+// SafeBrowsingResourceThrottle checks that URLs are "safe" before
+// navigating to them. To be considered "safe", a URL must not appear in the
 // malware/phishing blacklists (see SafeBrowsingService for details).
 //
+// On desktop (ifdef SAFE_BROWSING_DB_LOCAL)
+// -----------------------------------------
 // This check is done before requesting the original URL, and additionally
-// before following any subsequent redirect.
+// before following any subsequent redirect.  In the common case the check
+// completes synchronously (no match in the bloom filter), so the request's

[mattm, 2015/07/24 23:24:11]

since we don't actually use a bloom filter these days, might as well s/bloom
filter/prefix set/

[Scott Hess - ex-Googler, 2015/07/24 23:55:18]

Or "in-memory filter", since the implementation isn't relevant here.

[Nathan Parker, 2015/07/28 17:42:12]

Done.

+// flow is un-interrupted.  However if the URL fails this quick check, it
+// has the possibility of being on the blacklist. Now the request is
+// deferred (prevented from starting), and a more expensive safe browsing
+// check is begun (fetches the full hashes).
 //
-// In the common case, the check completes synchronously (no match in the bloom
-// filter), so the request's flow is un-interrupted.
+// On mobile (ifdef SAFE_BROWSING_DB_REMOTE):
+// -----------------------------------------
+// The check is started and runs in parallel with the resource load.  If the
+// check is not complete by the time the headers are loaded, the request is
+// suspended until the URL is classified.  We let the headers load on mobile
+// since the RemoteSafeBrowsingDatabase checks always have some non-zero
+// latency -- there no synchronous pass.  This parallelism helps
+// performance.  Redirects are handled the same way as desktop so they
+// always defer.
 //
-// However if the URL fails this quick check, it has the possibility of being
-// on the blacklist. Now the request is suspended (prevented from starting),
-// and a more expensive safe browsing check is begun (fetches the full hashes).
 //
 // Note that the safe browsing check takes at most kCheckUrlTimeoutMs
 // milliseconds. If it takes longer than this, then the system defaults to
 // treating the URL as safe.
 //
-// Once the safe browsing check has completed, if the URL was decided to be
-// dangerous, a warning page is thrown up and the request remains suspended.
-// If on the other hand the URL was decided to be safe, the request is
-// resumed.
+// If the URL is classified as dangerous, a warning page is thrown up and
+// the request remains suspended.  If the user clicks "proceed" on warning
+// page, we resume the request.
+//
+// Note: The ResourceThrottle interface is called in this order:
+// WillStartRequest once, WillRedirectRequest zero or more times, and then
+// WillProcessReponse once.
 class SafeBrowsingResourceThrottle
     : public content::ResourceThrottle,
       public SafeBrowsingDatabaseManager::Client,
       public base::SupportsWeakPtr<SafeBrowsingResourceThrottle> {
  public:
   SafeBrowsingResourceThrottle(const net::URLRequest* request,
                                content::ResourceType resource_type,
-                               SafeBrowsingService* safe_browsing);
+                               SafeBrowsingService* safe_browsing,
+                               bool defer_at_start);
 
   // content::ResourceThrottle implementation (called on IO thread):
   void WillStartRequest(bool* defer) override;
   void WillRedirectRequest(const net::RedirectInfo& redirect_info,
                            bool* defer) override;
+  void WillProcessResponse(bool* defer) override;
+
   const char* GetNameForLogging() const override;
 
   // SafeBrowsingDabaseManager::Client implementation (called on IO thread):
   void OnCheckBrowseUrlResult(const GURL& url,
                               SBThreatType result,
                               const std::string& metadata) override;
 
  private:
   // Describes what phase of the check a throttle is in.
   enum State {
+    // Haven't started checking or checking is complete. Not deferred.
     STATE_NONE,
+    // We have one outstanding URL-check. Could be deferred.
     STATE_CHECKING_URL,
+    // We're displaying a blocking page. Could be deferred.
     STATE_DISPLAYING_BLOCKING_PAGE,
   };
 
   // Describes what stage of the request got paused by the check.
   enum DeferState {
     DEFERRED_NONE,
     DEFERRED_START,
     DEFERRED_REDIRECT,
+    DEFERRED_UNCHECKED_REDIRECT,  // unchecked_redirect_url_ is populated.
+    DEFERRED_PROCESSING,
   };
 
   ~SafeBrowsingResourceThrottle() override;
 
   // SafeBrowsingService::UrlCheckCallback implementation.
   void OnBlockingPageComplete(bool proceed);
 
   // Starts running |url| through the safe browsing check. Returns true if the
   // URL is safe to visit. Otherwise returns false and will call
   // OnBrowseUrlResult() when the check has completed.
@@ skipping 11 matching lines @@
       const SafeBrowsingUIManager::UnsafeResource& resource);
 
   // Called on the IO thread if the request turned out to be for a prerendered
   // page.
   void Cancel();
 
   // Resumes the request, by continuing the deferred action (either starting the
   // request, or following a redirect).
   void ResumeRequest();
 
+  // True if we want to block the starting of requests until they're
+  // deemed safe.  Otherwise we let the resource partially load.
+  const bool defer_at_start_;
+
   State state_;
   DeferState defer_state_;
 
   // The result of the most recent safe browsing check. Only valid to read this
   // when state_ != STATE_CHECKING_URL.
   SBThreatType threat_type_;
 
-  // The time when the outstanding safe browsing check was started.
-  base::TimeTicks url_check_start_time_;
+  // The time when we started deferring the request.
+  base::TimeTicks defer_start_time_;
 
   // Timer to abort the safe browsing check if it takes too long.
   base::OneShotTimer<SafeBrowsingResourceThrottle> timer_;
 
   // The redirect chain for this resource
   std::vector<GURL> redirect_urls_;
 
+  // If in DEFERRED_UNCHECKED_REDIRECT state, this is the
+  // URL we still need to check before resuming.
+  GURL unchecked_redirect_url_;
   GURL url_being_checked_;
 
   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
   scoped_refptr<SafeBrowsingUIManager> ui_manager_;
   const net::URLRequest* request_;
   const bool is_subresource_;
   const bool is_subframe_;
 
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingResourceThrottle);
 };
-
-
 #endif  // CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_