Remove obsolete histogram values from SSL.InsecureContent

chrome/renderer/content_settings_observer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/content_settings_observer.h"
 
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
 #include "components/content_settings/content/common/content_settings_messages.h"
 #include "content/public/common/url_constants.h"
@@ skipping 25 matching lines @@
 using blink::WebFrame;
 using blink::WebSecurityOrigin;
 using blink::WebString;
 using blink::WebURL;
 using blink::WebView;
 using content::DocumentState;
 using content::NavigationState;
 
 namespace {
 
+// This enum is histogrammed, so do not add, reorder, or remove values.
 enum {
   INSECURE_CONTENT_DISPLAY = 0,
   INSECURE_CONTENT_DISPLAY_HOST_GOOGLE,
   INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE,
   INSECURE_CONTENT_DISPLAY_HTML,
   INSECURE_CONTENT_RUN,
   INSECURE_CONTENT_RUN_HOST_GOOGLE,
   INSECURE_CONTENT_RUN_HOST_WWW_GOOGLE,
   INSECURE_CONTENT_RUN_TARGET_YOUTUBE,
   INSECURE_CONTENT_RUN_JS,
@@ skipping 21 matching lines @@
   INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE,
   INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE,
   INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT,
   INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT,
   INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL,
   INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL,
   INSECURE_CONTENT_NUM_EVENTS
 };
 
 // Constants for UMA statistic collection.
-static const char kWWWDotGoogleDotCom[] = "www.google.com";
-static const char kMailDotGoogleDotCom[] = "mail.google.com";
-static const char kPlusDotGoogleDotCom[] = "plus.google.com";
-static const char kDocsDotGoogleDotCom[] = "docs.google.com";
-static const char kSitesDotGoogleDotCom[] = "sites.google.com";
-static const char kPicasawebDotGoogleDotCom[] = "picasaweb.google.com";
-static const char kCodeDotGoogleDotCom[] = "code.google.com";
-static const char kGroupsDotGoogleDotCom[] = "groups.google.com";
-static const char kMapsDotGoogleDotCom[] = "maps.google.com";
-static const char kWWWDotYoutubeDotCom[] = "www.youtube.com";
-static const char kDotGoogleUserContentDotCom[] = ".googleusercontent.com";
-static const char kGoogleReaderPathPrefix[] = "/reader/";
-static const char kGoogleSupportPathPrefix[] = "/support/";
-static const char kGoogleIntlPathPrefix[] = "/intl/";
 static const char kDotJS[] = ".js";
 static const char kDotCSS[] = ".css";
 static const char kDotSWF[] = ".swf";
 static const char kDotHTML[] = ".html";
 
-// Constants for mixed-content blocking.
-static const char kGoogleDotCom[] = "google.com";
-
-static bool IsHostInDomain(const std::string& host, const std::string& domain) {
-  return (base::EndsWith(host, domain, base::CompareCase::INSENSITIVE_ASCII) &&
-          (host.length() == domain.length() ||
-           (host.length() > domain.length() &&
-            host[host.length() - domain.length() - 1] == '.')));
-}
-
 GURL GetOriginOrURL(const WebFrame* frame) {
   WebString top_origin = frame->top()->securityOrigin().toString();
   // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the
   // document URL as the primary URL in those cases.
   // TODO(alexmos): This is broken for --site-per-process, since top() can be a
   // WebRemoteFrame which does not have a document(), and the WebRemoteFrame's
   // URL is not replicated.
   if (top_origin == "null")
     return frame->top()->document().url();
   return GURL(top_origin);
@@ skipping 333 matching lines @@
   return IsPlatformApp() ? false : default_value;
 }
 
 static void SendInsecureContentSignal(int signal) {
   UMA_HISTOGRAM_ENUMERATION("SSL.InsecureContent", signal,
                             INSECURE_CONTENT_NUM_EVENTS);
 }
 
 bool ContentSettingsObserver::allowDisplayingInsecureContent(
     bool allowed_per_settings,
-    const blink::WebSecurityOrigin& origin,
     const blink::WebURL& resource_url) {
   SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY);
 
-  std::string origin_host(origin.host().utf8());
-  WebFrame* frame = render_frame()->GetWebFrame();
-  GURL frame_gurl(frame->document().url());
-  if (IsHostInDomain(origin_host, kGoogleDotCom)) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE);
-    if (base::StartsWith(frame_gurl.path(), kGoogleSupportPathPrefix,
-                         base::CompareCase::INSENSITIVE_ASCII)) {
-      SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT);
-    } else if (base::StartsWith(frame_gurl.path(), kGoogleIntlPathPrefix,
-                                base::CompareCase::INSENSITIVE_ASCII)) {
-      SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL);
-    }
-  }
-
-  if (origin_host == kWWWDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE);
-    if (base::StartsWith(frame_gurl.path(), kGoogleReaderPathPrefix,
-                         base::CompareCase::INSENSITIVE_ASCII))
-      SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_READER);
-  } else if (origin_host == kMailDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAIL_GOOGLE);
-  } else if (origin_host == kPlusDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PLUS_GOOGLE);
-  } else if (origin_host == kDocsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_DOCS_GOOGLE);
-  } else if (origin_host == kSitesDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_SITES_GOOGLE);
-  } else if (origin_host == kPicasawebDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PICASAWEB_GOOGLE);
-  } else if (origin_host == kCodeDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_CODE_GOOGLE);
-  } else if (origin_host == kGroupsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GROUPS_GOOGLE);
-  } else if (origin_host == kMapsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE);
-  } else if (origin_host == kWWWDotYoutubeDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_YOUTUBE);
-  }
-
   GURL resource_gurl(resource_url);
   if (base::EndsWith(resource_gurl.path(), kDotHTML,
                      base::CompareCase::INSENSITIVE_ASCII))
     SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HTML);
 
   if (allowed_per_settings || allow_displaying_insecure_content_)
     return true;
 
   Send(new ChromeViewHostMsg_DidBlockDisplayingInsecureContent(routing_id()));

[estark, 2016/01/14 20:59:41]

alexmos: in a different CL you had asked this:
I don't understand this question and so now I'm worried that I'm very confused
about something. :) I thought all the frames in a page will go to the same
WebContents, so it doesn't matter which frame this messages goes through. Does
that make any sense?

[alexmos, 2016/01/14 22:23:01]

Sorry, I didn't phrase that question correctly. :)  Your understanding is
correct; since the message was routed through a different frame on the same
page, I just wanted to double-check that the receiver didn't care about which
frame sent the message, i.e., that it was a page-level message handled somewhere
in WebContents which didn't use the receiving RenderFrameHost.  (I.e.,
WebContentsObserver has two versions of OnMessageReceived, one with the
RenderFrameHost and one without.  InfoBarService, which handles this IPC,
overrides the one without the RFH, so indeed it doesn't care about the frame
that sent it.)

 
   return false;
 }
 
 bool ContentSettingsObserver::allowRunningInsecureContent(
     bool allowed_per_settings,
     const blink::WebSecurityOrigin& origin,
     const blink::WebURL& resource_url) {
-  std::string origin_host(origin.host().utf8());
-  WebFrame* frame = render_frame()->GetWebFrame();
-  GURL frame_gurl(frame->document().url());
-  DCHECK_EQ(frame_gurl.host(), origin_host);
-
-  bool is_google = IsHostInDomain(origin_host, kGoogleDotCom);
-  if (is_google) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE);
-    if (base::StartsWith(frame_gurl.path(), kGoogleSupportPathPrefix,
-                         base::CompareCase::INSENSITIVE_ASCII)) {
-      SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT);
-    } else if (base::StartsWith(frame_gurl.path(), kGoogleIntlPathPrefix,
-                                base::CompareCase::INSENSITIVE_ASCII)) {
-      SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL);
-    }
-  }
-
-  if (origin_host == kWWWDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_WWW_GOOGLE);
-    if (base::StartsWith(frame_gurl.path(), kGoogleReaderPathPrefix,
-                         base::CompareCase::INSENSITIVE_ASCII))
-      SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_READER);
-  } else if (origin_host == kMailDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAIL_GOOGLE);
-  } else if (origin_host == kPlusDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PLUS_GOOGLE);
-  } else if (origin_host == kDocsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_DOCS_GOOGLE);
-  } else if (origin_host == kSitesDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_SITES_GOOGLE);
-  } else if (origin_host == kPicasawebDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PICASAWEB_GOOGLE);
-  } else if (origin_host == kCodeDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_CODE_GOOGLE);
-  } else if (origin_host == kGroupsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE);
-  } else if (origin_host == kMapsDotGoogleDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE);
-  } else if (origin_host == kWWWDotYoutubeDotCom) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_YOUTUBE);
-  } else if (base::EndsWith(origin_host, kDotGoogleUserContentDotCom,
-                            base::CompareCase::INSENSITIVE_ASCII)) {
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLEUSERCONTENT);
-  }
-
   GURL resource_gurl(resource_url);
-  if (resource_gurl.host() == kWWWDotYoutubeDotCom)
-    SendInsecureContentSignal(INSECURE_CONTENT_RUN_TARGET_YOUTUBE);
-
   if (base::EndsWith(resource_gurl.path(), kDotJS,
                      base::CompareCase::INSENSITIVE_ASCII))
     SendInsecureContentSignal(INSECURE_CONTENT_RUN_JS);
   else if (base::EndsWith(resource_gurl.path(), kDotCSS,
                           base::CompareCase::INSENSITIVE_ASCII))
     SendInsecureContentSignal(INSECURE_CONTENT_RUN_CSS);
   else if (base::EndsWith(resource_gurl.path(), kDotSWF,
                           base::CompareCase::INSENSITIVE_ASCII))
     SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF);
 
@@ skipping 143 matching lines @@
 
   // If the scheme is file:, an empty file name indicates a directory listing,
   // which requires JavaScript to function properly.
   if (base::EqualsASCII(protocol, url::kFileScheme)) {
     return document_url.SchemeIs(url::kFileScheme) &&
            document_url.ExtractFileName().empty();
   }
 
   return false;
 }