Collect threat details for phishing and UwS

chrome/browser/safe_browsing/threat_details.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
-// Implementation of the MalwareDetails class.
+// Implementation of the ThreatDetails class.
 
 #include "chrome/browser/safe_browsing/threat_details.h"
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/report.pb.h"
 #include "chrome/browser/safe_browsing/threat_details_cache.h"
 #include "chrome/browser/safe_browsing/threat_details_history.h"
 #include "chrome/common/safe_browsing/safebrowsing_messages.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "net/url_request/url_request_context_getter.h"
 
 using content::BrowserThread;
 using content::NavigationEntry;
 using content::WebContents;
-using safe_browsing::ClientMalwareReportRequest;
+using safe_browsing::ClientSafeBrowsingReportRequest;
 
-// Keep in sync with KMaxNodes in renderer/safe_browsing/malware_dom_details
+// Keep in sync with KMaxNodes in renderer/safe_browsing/threat_dom_details
 static const uint32 kMaxDomNodes = 500;
 
 // static
 ThreatDetailsFactory* ThreatDetails::factory_ = NULL;
 
+namespace {
+
+// Helper function that converts SBThreatType to
+// ClientSafeBrowsingReportRequest::ReportType.
+ClientSafeBrowsingReportRequest::ReportType GetReportTypeFromSBThreatType(
+    SBThreatType threat_type) {
+  switch (threat_type) {
+    case SB_THREAT_TYPE_URL_PHISHING:
+      return ClientSafeBrowsingReportRequest::URL_PHISHING;
+    case SB_THREAT_TYPE_URL_MALWARE:
+      return ClientSafeBrowsingReportRequest::URL_MALWARE;
+    case SB_THREAT_TYPE_URL_UNWANTED:
+      return ClientSafeBrowsingReportRequest::URL_UNWANTED;
+    case SB_THREAT_TYPE_BINARY_MALWARE_URL:
+      return ClientSafeBrowsingReportRequest::BINARY_MALWARE_URL;
+    case SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL:
+      return ClientSafeBrowsingReportRequest::CLIENT_SIDE_PHISHING_URL;
+    case SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL:
+      return ClientSafeBrowsingReportRequest::CLIENT_SIDE_MALWARE_URL;
+    default:  // Gated by SafeBrowsingBlockingPage::ShouldReportThreatDetails.
+      NOTREACHED() << "We should not send report for threat type "
+                   << threat_type;
+      return ClientSafeBrowsingReportRequest::UNKNOWN;
+  }
+}
+
+}  // namespace
+
 // The default ThreatDetailsFactory.  Global, made a singleton so we
 // don't leak it.
 class ThreatDetailsFactoryImpl : public ThreatDetailsFactory {
  public:
   ThreatDetails* CreateThreatDetails(
       SafeBrowsingUIManager* ui_manager,
       WebContents* web_contents,
       const SafeBrowsingUIManager::UnsafeResource& unsafe_resource) override {
     return new ThreatDetails(ui_manager, web_contents, unsafe_resource);
   }
 
  private:
   friend struct base::DefaultLazyInstanceTraits<ThreatDetailsFactoryImpl>;
 
   ThreatDetailsFactoryImpl() {}
 
   DISALLOW_COPY_AND_ASSIGN(ThreatDetailsFactoryImpl);
 };
 
 static base::LazyInstance<ThreatDetailsFactoryImpl>
-    g_malware_details_factory_impl = LAZY_INSTANCE_INITIALIZER;
+    g_threat_details_factory_impl = LAZY_INSTANCE_INITIALIZER;
 
 // Create a ThreatDetails for the given tab.
 /* static */
 ThreatDetails* ThreatDetails::NewThreatDetails(
     SafeBrowsingUIManager* ui_manager,
     WebContents* web_contents,
     const UnsafeResource& resource) {
   // Set up the factory if this has not been done already (tests do that
   // before this method is called).
   if (!factory_)
-    factory_ = g_malware_details_factory_impl.Pointer();
+    factory_ = g_threat_details_factory_impl.Pointer();
   return factory_->CreateThreatDetails(ui_manager, web_contents, resource);
 }
 
 // Create a ThreatDetails for the given tab. Runs in the UI thread.
 ThreatDetails::ThreatDetails(SafeBrowsingUIManager* ui_manager,
                              content::WebContents* web_contents,
                              const UnsafeResource& resource)
     : content::WebContentsObserver(web_contents),
       profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),
       request_context_getter_(profile_->GetRequestContext()),
       ui_manager_(ui_manager),
       resource_(resource),
       cache_result_(false),
       cache_collector_(new ThreatDetailsCacheCollector),
       redirects_collector_(new ThreatDetailsRedirectsCollector(profile_)) {
   StartCollection();
 }
 
 ThreatDetails::~ThreatDetails() {}
 
 bool ThreatDetails::OnMessageReceived(const IPC::Message& message) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(ThreatDetails, message)
-    IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_MalwareDOMDetails,
+    IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_ThreatDOMDetails,
                         OnReceivedThreatDOMDetails)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 bool ThreatDetails::IsReportableUrl(const GURL& url) const {
   // TODO(panayiotis): also skip internal urls.
   return url.SchemeIs("http") || url.SchemeIs("https");
 }
 
 // Looks for a Resource for the given url in resources_.  If found, it
 // updates |resource|. Otherwise, it creates a new message, adds it to
 // resources_ and updates |resource| to point to it.
 //
-ClientMalwareReportRequest::Resource* ThreatDetails::FindOrCreateResource(
+ClientSafeBrowsingReportRequest::Resource* ThreatDetails::FindOrCreateResource(
     const GURL& url) {
   safe_browsing::ResourceMap::iterator it = resources_.find(url.spec());
   if (it != resources_.end())
     return it->second.get();
 
   // Create the resource for |url|.
   int id = resources_.size();
-  linked_ptr<ClientMalwareReportRequest::Resource> new_resource(
-      new ClientMalwareReportRequest::Resource());
+  linked_ptr<ClientSafeBrowsingReportRequest::Resource> new_resource(
+      new ClientSafeBrowsingReportRequest::Resource());
   new_resource->set_url(url.spec());
   new_resource->set_id(id);
   resources_[url.spec()] = new_resource;
   return new_resource.get();
 }
 
 void ThreatDetails::AddUrl(const GURL& url,
                            const GURL& parent,
                            const std::string& tagname,
                            const std::vector<GURL>* children) {
   if (!url.is_valid() || !IsReportableUrl(url))
     return;
 
   // Find (or create) the resource for the url.
-  ClientMalwareReportRequest::Resource* url_resource =
+  ClientSafeBrowsingReportRequest::Resource* url_resource =
       FindOrCreateResource(url);
   if (!tagname.empty())
     url_resource->set_tag_name(tagname);
   if (!parent.is_empty() && IsReportableUrl(parent)) {
     // Add the resource for the parent.
-    ClientMalwareReportRequest::Resource* parent_resource =
+    ClientSafeBrowsingReportRequest::Resource* parent_resource =
         FindOrCreateResource(parent);
     // Update the parent-child relation
     url_resource->set_parent_id(parent_resource->id());
   }
   if (children) {
     for (std::vector<GURL>::const_iterator it = children->begin();
          it != children->end(); ++it) {
-      ClientMalwareReportRequest::Resource* child_resource =
+      ClientSafeBrowsingReportRequest::Resource* child_resource =
           FindOrCreateResource(*it);
       url_resource->add_child_ids(child_resource->id());
     }
   }
 }
 
 void ThreatDetails::StartCollection() {
-  DVLOG(1) << "Starting to compute malware details.";
-  report_.reset(new ClientMalwareReportRequest());
+  DVLOG(1) << "Starting to compute threat details.";
+  report_.reset(new ClientSafeBrowsingReportRequest());
 
-  if (IsReportableUrl(resource_.url))
-    report_->set_malware_url(resource_.url.spec());
+  if (IsReportableUrl(resource_.url)) {
+    report_->set_url(resource_.url.spec());
+    report_->set_type(GetReportTypeFromSBThreatType(resource_.threat_type));
+  }
 
   GURL page_url = web_contents()->GetURL();
   if (IsReportableUrl(page_url))
     report_->set_page_url(page_url.spec());
 
   GURL referrer_url;
   NavigationEntry* nav_entry = web_contents()->GetController().GetActiveEntry();
   if (nav_entry) {
     referrer_url = nav_entry->GetReferrer().url;
     if (IsReportableUrl(referrer_url)) {
@@ skipping 26 matching lines @@
   // Set the previous redirect url as the parent of the next one
   for (size_t i = 0; i < resource_.redirect_urls.size(); ++i) {
     AddUrl(resource_.redirect_urls[i], parent_url, std::string(), NULL);
     parent_url = resource_.redirect_urls[i];
   }
 
   // Add the referrer url.
   if (nav_entry && !referrer_url.is_empty())
     AddUrl(referrer_url, GURL(), std::string(), NULL);
 
+  // TODO(jialiul): figure out if we want to distinguish different threat types.

[Nathan Parker, 2015/11/03 20:51:57]

Which threat types are you referring to here?  Something other than
resource_.threat_type?

[Jialiu Lin, 2015/11/04 21:32:25]

Oops, forgot to remove this TODO statement. The currently implementation does
not distinguish different threat type. Thanks for catching this.

   // Get URLs of frames, scripts etc from the DOM.
   // OnReceivedThreatDOMDetails will be called when the renderer replies.
   content::RenderViewHost* view = web_contents()->GetRenderViewHost();
-  view->Send(new SafeBrowsingMsg_GetMalwareDOMDetails(view->GetRoutingID()));
+  view->Send(new SafeBrowsingMsg_GetThreatDOMDetails(view->GetRoutingID()));
 }
 
 // When the renderer is done, this is called.
 void ThreatDetails::OnReceivedThreatDOMDetails(
-    const std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node>& params) {
+    const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params) {
   // Schedule this in IO thread, so it doesn't conflict with future users
   // of our data structures (eg GetSerializedReport).
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&ThreatDetails::AddDOMDetails, this, params));
 }
 
 void ThreatDetails::AddDOMDetails(
-    const std::vector<SafeBrowsingHostMsg_MalwareDOMDetails_Node>& params) {
+    const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DVLOG(1) << "Nodes from the DOM: " << params.size();
 
   // If we have already started getting redirects from history service,
   // don't modify state, otherwise will invalidate the iterators.
   if (redirects_collector_->HasStarted())
     return;
 
   // If we have already started collecting data from the HTTP cache, don't
   // modify our state.
   if (cache_collector_->HasStarted())
     return;
 
   // Add the urls from the DOM to |resources_|.  The renderer could be
   // sending bogus messages, so limit the number of nodes we accept.
   for (size_t i = 0; i < params.size() && i < kMaxDomNodes; ++i) {
-    SafeBrowsingHostMsg_MalwareDOMDetails_Node node = params[i];
+    SafeBrowsingHostMsg_ThreatDOMDetails_Node node = params[i];
     DVLOG(1) << node.url << ", " << node.tag_name << ", " << node.parent;
     AddUrl(node.url, node.parent, node.tag_name, &(node.children));
   }
 }
 
 // Called from the SB Service on the IO thread, after the user has
 // closed the tab, or clicked proceed or goback.  Since the user needs
 // to take an action, we expect this to be called after
 // OnReceivedThreatDOMDetails in most cases. If not, we don't include
 // the DOM data in our report.
@@ skipping 30 matching lines @@
   for (size_t i = 0; i < urls.size() - 1; ++i) {
     AddUrl(urls[i], urls[i + 1], std::string(), NULL);
   }
 }
 
 void ThreatDetails::OnCacheCollectionReady() {
   DVLOG(1) << "OnCacheCollectionReady.";
   // Add all the urls in our |resources_| maps to the |report_| protocol buffer.
   for (safe_browsing::ResourceMap::const_iterator it = resources_.begin();
        it != resources_.end(); ++it) {
-    ClientMalwareReportRequest::Resource* pb_resource =
+    ClientSafeBrowsingReportRequest::Resource* pb_resource =
         report_->add_resources();
     pb_resource->CopyFrom(*(it->second));
     const GURL url(pb_resource->url());
     if (url.SchemeIs("https")) {
       // Don't report headers of HTTPS requests since they may contain private
       // cookies.  We still retain the full URL.
       DVLOG(1) << "Clearing out HTTPS resource: " << pb_resource->url();
       pb_resource->clear_request();
       pb_resource->clear_response();
       // Keep id, parent_id, child_ids, and tag_name.
     }
   }
   report_->set_did_proceed(did_proceed_);
   // Only sets repeat_visit if num_visits_ >= 0.
   if (num_visits_ >= 0) {
     report_->set_repeat_visit(num_visits_ > 0);
   }
   report_->set_complete(cache_result_);
 
   // Send the report, using the SafeBrowsingService.
   std::string serialized;
   if (!report_->SerializeToString(&serialized)) {
-    DLOG(ERROR) << "Unable to serialize the malware report.";
+    DLOG(ERROR) << "Unable to serialize the threat report.";
     return;
   }
-
   ui_manager_->SendSerializedThreatDetails(serialized);
 }