Finch experiments on SSL, malware, and phishing interstitials

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/i18n/rtl.h"
+#include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_piece.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/ssl_status.h"
+#include "grit/app_locale_settings.h"
 #include "grit/browser_resources.h"
 #include "grit/generated_resources.h"
 #include "net/base/net_errors.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/webui/jstemplate_builder.h"
 
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
 using base::TimeDelta;
 using base::TimeTicks;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 
 #define HISTOGRAM_INTERSTITIAL_SMALL_TIME(name, sample) \
     UMA_HISTOGRAM_CUSTOM_TIMES( \
         name, \
         sample, \
         base::TimeDelta::FromMilliseconds(400), \
         base::TimeDelta::FromMinutes(15), 75);
 
 #define HISTOGRAM_INTERSTITIAL_LARGE_TIME(name, sample) \
     UMA_HISTOGRAM_CUSTOM_TIMES( \
         name, \
         sample, \
         base::TimeDelta::FromMilliseconds(400), \
         base::TimeDelta::FromMinutes(20), 50);
 
 namespace {
 
 // These represent the commands sent by ssl_roadblock.html.
 enum SSLBlockingPageCommands {
   CMD_DONT_PROCEED,
   CMD_PROCEED,
   CMD_FOCUS,
   CMD_MORE,
+  CMD_SHOW_UNDERSTAND,   // Used by the Finch trial.
 };
 
 // Events for UMA.
 enum SSLBlockingPageEvent {
   SHOW_ALL,
   SHOW_OVERRIDABLE,
   PROCEED_OVERRIDABLE,
   PROCEED_NAME,
   PROCEED_DATE,
   PROCEED_AUTHORITY,
   DONT_PROCEED_OVERRIDABLE,
   DONT_PROCEED_NAME,
   DONT_PROCEED_DATE,
   DONT_PROCEED_AUTHORITY,
   MORE,
+  SHOW_UNDERSTAND,
   UNUSED_BLOCKING_PAGE_EVENT,
 };
 
 void RecordSSLBlockingPageEventStats(SSLBlockingPageEvent event) {
   UMA_HISTOGRAM_ENUMERATION("interstitial.ssl",
                             event,
                             UNUSED_BLOCKING_PAGE_EVENT);
 }
 
 void RecordSSLBlockingPageTimeStats(
@@ skipping 50 matching lines @@
       else
         RecordSSLBlockingPageEventStats(DONT_PROCEED_AUTHORITY);
       break;
     }
     default: {
       break;
     }
   }
 }
 
+// These are the conditions for the Finch experiment.
+static const char kCondition15Control[] = "Condition15SSLControl";

[James Hawkins, 2013/05/01 23:21:45]

static is unnecessary (and should not be used) in an unnamed namespace.

+static const char kCondition16Firefox[] = "Condition16SSLFirefox";
+static const char kCondition17FancyFirefox[] = "Condition17SSLFancyFirefox";
+static const char kCondition18NoImages[] = "Condition18SSLNoImages";
+static const char kCondition19Policeman[] = "Condition19SSLPoliceman";
+static const char kCondition20Stoplight[] = "Condition20SSLStoplight";
+static const char kCondition21BadGuy[] = "Condition21SSLBadGuy";
+
 }  // namespace
 
 // Note that we always create a navigation entry with SSL errors.
 // No error happening loading a sub-resource triggers an interstitial so far.
 SSLBlockingPage::SSLBlockingPage(
     content::WebContents* web_contents,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
     bool overridable,
     bool strict_enforcement,
     const base::Callback<void(bool)>& callback)
     : callback_(callback),
       web_contents_(web_contents),
       cert_error_(cert_error),
       ssl_info_(ssl_info),
       request_url_(request_url),
       overridable_(overridable),
       strict_enforcement_(strict_enforcement) {
+
+  // Only assign to a group if the warning can be clicked through.
+  if (overridable_ && !strict_enforcement_)
+    trial_ = base::FieldTrialList::FindFullName("InterstitialSSL");
+
   RecordSSLBlockingPageEventStats(SHOW_ALL);
   if (overridable_ && !strict_enforcement_)
     RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE);
 
   interstitial_page_ = InterstitialPage::Create(
       web_contents_, true, request_url, this);
   display_start_time_ = TimeTicks();
   interstitial_page_->Show();
 }
 
 SSLBlockingPage::~SSLBlockingPage() {
   if (!callback_.is_null()) {
+    RecordSSLBlockingPageTimeStats(false, cert_error_,
+      overridable_ && !strict_enforcement_, display_start_time_,
+      base::TimeTicks::Now());
     // The page is closed without the user having chosen what to do, default to
     // deny.
     NotifyDenyCertificate();
   }
 }
 
 std::string SSLBlockingPage::GetHTMLContents() {
   // Let's build the html error page.
   DictionaryValue strings;
   SSLErrorInfo error_info = SSLErrorInfo::CreateError(
       SSLErrorInfo::NetErrorToErrorType(cert_error_), ssl_info_.cert,
       request_url_);
 
+  int resource_id = IDR_SSL_ROAD_BLOCK_HTML;

[James Hawkins, 2013/05/01 23:21:45]

static const int

[felt, 2013/05/02 16:07:12]

I assign to this int later.

   strings.SetString("headLine", error_info.title());
   strings.SetString("description", error_info.details());
   strings.SetString("moreInfoTitle",
       l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
   SetExtraInfo(&strings, error_info.extra_information());
 
   strings.SetString("exit",
                     l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT));
 
-  int resource_id = IDR_SSL_ROAD_BLOCK_HTML;
   if (overridable_ && !strict_enforcement_) {
     strings.SetString("title",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
     strings.SetString("proceed",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED));
     strings.SetString("reasonForNotProceeding",
                       l10n_util::GetStringUTF16(
                           IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED));
     // The value of errorType doesn't matter; we actually just check if it's
     // empty or not in ssl_roadblock.
     strings.SetString("errorType",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
   } else {
     strings.SetString("title",
                       l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE));
     if (strict_enforcement_) {
       strings.SetString("reasonForNotProceeding",
                         l10n_util::GetStringUTF16(
                             IDS_SSL_ERROR_PAGE_CANNOT_PROCEED));
     } else {
       strings.SetString("reasonForNotProceeding", std::string());
     }
     strings.SetString("errorType", std::string());
   }
 
   strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr");
 
+  // Set up the Finch trial layouts.
+  strings.SetString("trialType", trial_);
+  if (trial_ == kCondition16Firefox || trial_ == kCondition17FancyFirefox) {
+    strings.SetString("domain", request_url_.host());
+    std::string font_family = l10n_util::GetStringUTF8(IDS_WEB_FONT_FAMILY);
+#if defined(OS_WIN)
+    if (base::win::GetVersion() < base::win::VERSION_VISTA) {
+      font_family = l10n_util::GetStringUTF8(IDS_WEB_FONT_FAMILY_XP);
+    }
+#endif
+#if defined(TOOLKIT_GTK)
+    font_family = ui::ResourceBundle::GetSharedInstance().GetFont(
+        ui::ResourceBundle::BaseFont).GetFontName() + ", " + font_family;
+#endif
+    strings.SetString("fontfamily", font_family);
+    if (trial_ == kCondition16Firefox) {
+      resource_id = IDR_SSL_FIREFOX_HTML;
+    } else if (trial_ == kCondition17FancyFirefox) {
+      resource_id = IDR_SSL_FANCY_FIREFOX_HTML;
+    }
+  }
+
   base::StringPiece html(
       ResourceBundle::GetSharedInstance().GetRawDataResource(
           resource_id));
 
   return webui::GetI18nTemplateHtml(html, &strings);
 }
 
 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
   int cert_id = content::CertStore::GetInstance()->StoreCert(
       ssl_info_.cert, web_contents_->GetRenderProcessHost()->GetID());
@@ skipping 15 matching lines @@
   int cmd = atoi(command.c_str());
   if (cmd == CMD_DONT_PROCEED) {
     interstitial_page_->DontProceed();
   } else if (cmd == CMD_PROCEED) {
     interstitial_page_->Proceed();
   } else if (cmd == CMD_FOCUS) {
     // Start recording the time when the page is first in focus
     display_start_time_ = base::TimeTicks::Now();
   } else if (cmd == CMD_MORE) {
     RecordSSLBlockingPageEventStats(MORE);
+  } else if (cmd == CMD_SHOW_UNDERSTAND) {
+    // Used in the Finch experiment.
+    RecordSSLBlockingPageEventStats(SHOW_UNDERSTAND);
   }
 }
 
 void SSLBlockingPage::OverrideRendererPrefs(
       content::RendererPreferences* prefs) {
   Profile* profile = Profile::FromBrowserContext(
       web_contents_->GetBrowserContext());
   renderer_preferences_util::UpdateFromSystemSettings(prefs, profile);
 }
 
@@ skipping 41 matching lines @@
       "moreInfo1", "moreInfo2", "moreInfo3", "moreInfo4", "moreInfo5"
   };
   int i;
   for (i = 0; i < static_cast<int>(extra_info.size()); i++) {
     strings->SetString(keys[i], extra_info[i]);
   }
   for (; i < 5; i++) {
     strings->SetString(keys[i], std::string());
   }
 }