Add throttling to permission reporter

chrome/browser/safe_browsing/permission_reporter.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "chrome/browser/safe_browsing/permission_reporter.h"
+
+#include <functional>
+
+#include "base/hash.h"
 #include "base/memory/ptr_util.h"
-#include "chrome/browser/safe_browsing/permission_reporter.h"
+#include "base/time/default_clock.h"
 #include "chrome/common/safe_browsing/permission_report.pb.h"
 #include "components/variations/active_field_trials.h"
 #include "content/public/browser/permission_type.h"
 #include "net/url_request/report_sender.h"
 
 using content::PermissionType;
 
 namespace safe_browsing {
 
 namespace {
 // URL to upload permission action reports.
 const char kPermissionActionReportingUploadUrl[] =
     "http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/"
     "permission-action";
 
+const int kMaximumReportsPerOriginPerPermissionPerMinute = 5;
+
 PermissionReport::PermissionType PermissionTypeForReport(
     PermissionType permission) {
   switch (permission) {
     case PermissionType::MIDI_SYSEX:
       return PermissionReport::MIDI_SYSEX;
     case PermissionType::PUSH_MESSAGING:
       return PermissionReport::PUSH_MESSAGING;
     case PermissionType::NOTIFICATIONS:
       return PermissionReport::NOTIFICATIONS;
     case PermissionType::GEOLOCATION:
@@ skipping 36 matching lines @@
     case PERMISSION_ACTION_NUM:
       break;
   }
 
   NOTREACHED();
   return PermissionReport::ACTION_UNSPECIFIED;
 }
 
 }  // namespace
 
+bool PermissionAndOrigin::operator==(const PermissionAndOrigin& other) const {
+  return (permission == other.permission && origin == other.origin);
+}
+
+std::size_t PermissionAndOriginHash::operator()(
+    const PermissionAndOrigin& permission_and_origin) const {
+  std::size_t permission_hash =
+      static_cast<std::size_t>(permission_and_origin.permission);
+  std::size_t origin_hash =
+      std::hash<std::string>()(permission_and_origin.origin.spec());
+  return base::HashInts(permission_hash, origin_hash);
+}
+
 PermissionReporter::PermissionReporter(net::URLRequestContext* request_context)
-    : PermissionReporter(base::WrapUnique(new net::ReportSender(
-          request_context,
-          net::ReportSender::CookiesPreference::DO_NOT_SEND_COOKIES))) {}
+    : PermissionReporter(
+          base::WrapUnique(new net::ReportSender(
+              request_context,
+              net::ReportSender::CookiesPreference::DO_NOT_SEND_COOKIES)),
+          base::WrapUnique(new base::DefaultClock)) {}
 
 PermissionReporter::PermissionReporter(
-    std::unique_ptr<net::ReportSender> report_sender)
-    : permission_report_sender_(std::move(report_sender)) {}
+    std::unique_ptr<net::ReportSender> report_sender,
+    std::unique_ptr<base::Clock> clock)
+    : permission_report_sender_(std::move(report_sender)),
+      clock_(std::move(clock)) {}
 
 PermissionReporter::~PermissionReporter() {}
 
 void PermissionReporter::SendReport(const GURL& origin,
                                     content::PermissionType permission,
                                     PermissionAction action) {
+  if (IsReportThresholdExceeded(permission, origin))
+    return;
   std::string serialized_report;
   BuildReport(origin, permission, action, &serialized_report);
   permission_report_sender_->Send(GURL(kPermissionActionReportingUploadUrl),
                                   serialized_report);
 }
 
 // static
 bool PermissionReporter::BuildReport(const GURL& origin,
                                      PermissionType permission,
                                      PermissionAction action,
@@ skipping 17 matching lines @@
   std::vector<variations::ActiveGroupId> active_group_ids;
   variations::GetFieldTrialActiveGroupIds(&active_group_ids);
   for (auto active_group_id : active_group_ids) {
     PermissionReport::FieldTrial* field_trial = report.add_field_trials();
     field_trial->set_name_id(active_group_id.name);
     field_trial->set_group_id(active_group_id.group);
   }
   return report.SerializeToString(output);
 }
 
+bool PermissionReporter::IsReportThresholdExceeded(
+    content::PermissionType permission,
+    const GURL& origin) {
+  std::queue<base::Time>& history = sent_histories[{permission, origin}];

[Nathan Parker, 2016/07/14 22:00:24]

A caveat, probably with no action required:

This map will collect entries for every permission granted, and will never
delete them when they're no longer useful. I think this is probably fine, since
the rate of new permission requests x origins shouldn't be huge.

If that is a problem you could store
 [ {origin, permission, timestamp}, {.., .., ..}, ... ]

And then prune that list of old timestamps every time you hit this function. 
Then you'd need to count those that match origin + permission.

[stefanocs, 2016/07/15 02:04:28]

Yes, me and Raymes have discussed this before and we think this is okay. Kendra,
what do you think?

[raymes, 2016/07/18 01:16:51]

We also discussed just keeping:
{(origin, permissions, timestamp): count}

If timestamp is older than 1min we reset count. This gets an approximation of
the limit but is much simpler to implement, requires less storage, etc.

[kcarattini, 2016/07/18 01:56:36]

In the normal case I wouldn't expect this to be a problem. How about a TODO to
address this if memory becomes an issue?

+  base::Time current_time = clock_->Now();
+  // Remove entries that are sent more than one minute ago.
+  while (!history.empty() &&
+         current_time - history.front() > base::TimeDelta::FromMinutes(1)) {
+    history.pop();
+  }
+  if (history.size() < kMaximumReportsPerOriginPerPermissionPerMinute) {
+    history.push(current_time);
+    return false;
+  } else {
+    return true;
+  }
+}
+
 }  // namespace safe_browsing