Finch experiments on SSL, malware, and phishing interstitials

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/i18n/rtl.h"
+#include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_piece.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/ssl_status.h"
+#include "grit/app_locale_settings.h"
 #include "grit/browser_resources.h"
 #include "grit/generated_resources.h"
 #include "net/base/net_errors.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/webui/jstemplate_builder.h"
 
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
 using base::TimeDelta;
 using base::TimeTicks;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 
 #define HISTOGRAM_INTERSTITIAL_SMALL_TIME(name, sample) \
     UMA_HISTOGRAM_CUSTOM_TIMES( \
         name, \
         sample, \
         base::TimeDelta::FromMilliseconds(400), \
         base::TimeDelta::FromMinutes(15), 75);
 
 #define HISTOGRAM_INTERSTITIAL_LARGE_TIME(name, sample) \
     UMA_HISTOGRAM_CUSTOM_TIMES( \
         name, \
         sample, \
         base::TimeDelta::FromMilliseconds(400), \
         base::TimeDelta::FromMinutes(20), 50);
 
 namespace {
 
 // These represent the commands sent by ssl_roadblock.html.
 enum SSLBlockingPageCommands {
   CMD_DONT_PROCEED,
   CMD_PROCEED,
   CMD_FOCUS,
   CMD_MORE,
+  CMD_SHOW_UNDERSTAND,   // Used by the Finch trial.
 };
 
 // Events for UMA.
 enum SSLBlockingPageEvent {
   SHOW_ALL,
   SHOW_OVERRIDABLE,
   PROCEED_OVERRIDABLE,
   PROCEED_NAME,
   PROCEED_DATE,
   PROCEED_AUTHORITY,
   DONT_PROCEED_OVERRIDABLE,
   DONT_PROCEED_NAME,
   DONT_PROCEED_DATE,
   DONT_PROCEED_AUTHORITY,
   MORE,
+  SHOW_UNDERSTAND,
   UNUSED_BLOCKING_PAGE_EVENT,
 };
 
 void RecordSSLBlockingPageEventStats(SSLBlockingPageEvent event) {
   UMA_HISTOGRAM_ENUMERATION("interstitial.ssl",
                             event,
                             UNUSED_BLOCKING_PAGE_EVENT);
 }
 
 void RecordSSLBlockingPageTimeStats(
@@ skipping 50 matching lines @@
       else
         RecordSSLBlockingPageEventStats(DONT_PROCEED_AUTHORITY);
       break;
     }
     default: {
       break;
     }
   }
 }
 
+// These are the conditions for the Finch experiment.
+static const char kCondition15Control[] = "Condition15SSLControl";
+static const char kCondition16Firefox[] = "Condition16SSLFirefox";
+static const char kCondition17FancyFirefox[] = "Condition17SSLFancyFirefox";
+static const char kCondition18NoImages[] = "Condition18SSLNoImages";
+static const char kCondition19Policeman[] = "Condition19SSLPoliceman";
+static const char kCondition20Stoplight[] = "Condition20SSLStoplight";
+static const char kCondition21BadGuy[] = "Condition21SSLBadGuy";
+
 }  // namespace
 
 // Note that we always create a navigation entry with SSL errors.
 // No error happening loading a sub-resource triggers an interstitial so far.
 SSLBlockingPage::SSLBlockingPage(
     content::WebContents* web_contents,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
     bool overridable,
     bool strict_enforcement,
     const base::Callback<void(bool)>& callback)
     : callback_(callback),
       web_contents_(web_contents),
       cert_error_(cert_error),
       ssl_info_(ssl_info),
       request_url_(request_url),
       overridable_(overridable),
       strict_enforcement_(strict_enforcement) {
+
+  // Only assign to a group if the warning can be clicked through.
+  if (overridable_ && !strict_enforcement_)
+    trialCondition_ = base::FieldTrialList::FindFullName("InterstitialSSL");

[jwd, 2013/05/02 19:58:35]

I want to make sure you're aware that one the group is assigned, the client will
be tagging UMA uploads with that same group until chrome is restarted.

Is there any logging on pages that can't be clicked through that could pollute
data if UMA reports being in this trial?

[felt, 2013/05/02 22:15:20]

I designed the histogram to differentiate between the overridable and
non-overridable warnings, so it's not a problem -- we can tell which is which.
The if-statement was just there to avoid "wasting" sample size, but I guess it
would be confusing to people if they visited both, so I've removed it.

+
   RecordSSLBlockingPageEventStats(SHOW_ALL);
   if (overridable_ && !strict_enforcement_)
     RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE);
 
   interstitial_page_ = InterstitialPage::Create(
       web_contents_, true, request_url, this);
   display_start_time_ = TimeTicks();
   interstitial_page_->Show();
 }
 
 SSLBlockingPage::~SSLBlockingPage() {
   if (!callback_.is_null()) {
+    RecordSSLBlockingPageTimeStats(false, cert_error_,
+      overridable_ && !strict_enforcement_, display_start_time_,
+      base::TimeTicks::Now());
     // The page is closed without the user having chosen what to do, default to
     // deny.
     NotifyDenyCertificate();
   }
 }
 
 std::string SSLBlockingPage::GetHTMLContents() {
   // Let's build the html error page.
   DictionaryValue strings;
   SSLErrorInfo error_info = SSLErrorInfo::CreateError(
       SSLErrorInfo::NetErrorToErrorType(cert_error_), ssl_info_.cert,
       request_url_);
 
+  int resource_id = IDR_SSL_ROAD_BLOCK_HTML;
   strings.SetString("headLine", error_info.title());
   strings.SetString("description", error_info.details());
   strings.SetString("moreInfoTitle",
       l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
   SetExtraInfo(&strings, error_info.extra_information());
 
   strings.SetString("exit",
                     l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT));
 
-  int resource_id = IDR_SSL_ROAD_BLOCK_HTML;
   if (overridable_ && !strict_enforcement_) {
     strings.SetString("title",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
     strings.SetString("proceed",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED));
     strings.SetString("reasonForNotProceeding",
                       l10n_util::GetStringUTF16(
                           IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED));
     // The value of errorType doesn't matter; we actually just check if it's
     // empty or not in ssl_roadblock.
     strings.SetString("errorType",
                       l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
   } else {
     strings.SetString("title",
                       l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE));
     if (strict_enforcement_) {
       strings.SetString("reasonForNotProceeding",
                         l10n_util::GetStringUTF16(
                             IDS_SSL_ERROR_PAGE_CANNOT_PROCEED));
     } else {
       strings.SetString("reasonForNotProceeding", std::string());
     }
     strings.SetString("errorType", std::string());
   }
 
   strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr");
 
+  // Set up the Finch trial layouts.
+  strings.SetString("trialType", trialCondition_);
+  if (trialCondition_ == kCondition16Firefox ||
+      trialCondition_ == kCondition17FancyFirefox) {
+    strings.SetString("domain", request_url_.host());
+    std::string font_family = l10n_util::GetStringUTF8(IDS_WEB_FONT_FAMILY);
+#if defined(OS_WIN)
+    if (base::win::GetVersion() < base::win::VERSION_VISTA) {
+      font_family = l10n_util::GetStringUTF8(IDS_WEB_FONT_FAMILY_XP);
+    }
+#endif
+#if defined(TOOLKIT_GTK)
+    font_family = ui::ResourceBundle::GetSharedInstance().GetFont(
+        ui::ResourceBundle::BaseFont).GetFontName() + ", " + font_family;
+#endif
+    strings.SetString("fontfamily", font_family);
+    if (trialCondition_ == kCondition16Firefox) {
+      resource_id = IDR_SSL_FIREFOX_HTML;
+    } else if (trialCondition_ == kCondition17FancyFirefox) {
+      resource_id = IDR_SSL_FANCY_FIREFOX_HTML;
+    }
+  }
+
   base::StringPiece html(
       ResourceBundle::GetSharedInstance().GetRawDataResource(
           resource_id));
 
   return webui::GetI18nTemplateHtml(html, &strings);
 }
 
 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
   int cert_id = content::CertStore::GetInstance()->StoreCert(
       ssl_info_.cert, web_contents_->GetRenderProcessHost()->GetID());
@@ skipping 15 matching lines @@
   int cmd = atoi(command.c_str());
   if (cmd == CMD_DONT_PROCEED) {
     interstitial_page_->DontProceed();
   } else if (cmd == CMD_PROCEED) {
     interstitial_page_->Proceed();
   } else if (cmd == CMD_FOCUS) {
     // Start recording the time when the page is first in focus
     display_start_time_ = base::TimeTicks::Now();
   } else if (cmd == CMD_MORE) {
     RecordSSLBlockingPageEventStats(MORE);
+  } else if (cmd == CMD_SHOW_UNDERSTAND) {
+    // Used in the Finch experiment.
+    RecordSSLBlockingPageEventStats(SHOW_UNDERSTAND);
   }
 }
 
 void SSLBlockingPage::OverrideRendererPrefs(
       content::RendererPreferences* prefs) {
   Profile* profile = Profile::FromBrowserContext(
       web_contents_->GetBrowserContext());
   renderer_preferences_util::UpdateFromSystemSettings(prefs, profile);
 }
 
@@ skipping 41 matching lines @@
       "moreInfo1", "moreInfo2", "moreInfo3", "moreInfo4", "moreInfo5"
   };
   int i;
   for (i = 0; i < static_cast<int>(extra_info.size()); i++) {
     strings->SetString(keys[i], extra_info[i]);
   }
   for (; i < 5; i++) {
     strings->SetString(keys[i], std::string());
   }
 }