Add UMAs for checking header values against RFC 7230 in //net

net/url_request/url_request_http_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_http_job.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
@@ skipping 465 matching lines @@
 
 void URLRequestHttpJob::StartTransactionInternal() {
   // This should only be called while the request's status is IO_PENDING.
   DCHECK_EQ(URLRequestStatus::IO_PENDING, request_->status().status());
 
   // NOTE: This method assumes that request_info_ is already setup properly.
 
   // If we already have a transaction, then we should restart the transaction
   // with auth provided by auth_credentials_.
 
+  bool invalid_header_values_in_RFC7230 = false;

[davidben, 2015/12/17 20:00:41]

Nit: I would lowercase RFC.

[hiroshige, 2015/12/22 06:33:50]

Done.

+  for (HttpRequestHeaders::Iterator it(request_info_.extra_headers);
+       it.GetNext();) {
+    if (!HttpUtil::IsValidHeaderValueRFC7230(it.value())) {
+      invalid_header_values_in_RFC7230 = true;
+      break;
+    }
+  }
+  UMA_HISTOGRAM_BOOLEAN("Net.HttpRequestContainsInvalidHeaderValuesInRFC7230",
+                        invalid_header_values_in_RFC7230);
+
   int rv;
 
   if (network_delegate()) {
     network_delegate()->NotifySendHeaders(
         request_, request_info_.extra_headers);
   }
 
   if (transaction_.get()) {
     rv = transaction_->RestartWithAuth(auth_credentials_, start_callback_);
     auth_credentials_ = AuthCredentials();
@@ skipping 429 matching lines @@
   // Clear the IO_PENDING status
   SetStatus(URLRequestStatus());
 
   const URLRequestContext* context = request_->context();
 
   if (result == OK) {
     if (transaction_ && transaction_->GetResponseInfo()) {
       SetProxyServer(transaction_->GetResponseInfo()->proxy_server);
     }
     scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders();
+
+    if (headers) {
+      void* iter = NULL;
+      std::string name;
+      std::string value;
+      bool invalid_header_values_in_RFC7230 = false;
+      while (headers->EnumerateHeaderLines(&iter, &name, &value)) {
+        if (!HttpUtil::IsValidHeaderValueRFC7230(value)) {
+          invalid_header_values_in_RFC7230 = true;
+          break;
+        }
+      }
+      UMA_HISTOGRAM_BOOLEAN(
+          "Net.HttpResponseContainsInvalidHeaderValuesInRFC7230",
+          invalid_header_values_in_RFC7230);
+    }
+
     if (network_delegate()) {
       // Note that |this| may not be deleted until
       // |on_headers_received_callback_| or
       // |NetworkDelegate::URLRequestDestroyed()| has been called.
       OnCallToDelegate();
       allowed_unsafe_redirect_url_ = GURL();
       int error = network_delegate()->NotifyHeadersReceived(
           request_,
           on_headers_received_callback_,
           headers.get(),
@@ skipping 633 matching lines @@
   return override_response_headers_.get() ?
              override_response_headers_.get() :
              transaction_->GetResponseInfo()->headers.get();
 }
 
 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
   awaiting_callback_ = false;
 }
 
 }  // namespace net