Teach SSLHostStateDelegate about subresources with cert errors

chrome/browser/ssl/chrome_ssl_host_state_delegate.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
 
 #include <memory>
 
 #include "base/gtest_prod_util.h"
@@ skipping 19 matching lines @@
 
   // SSLHostStateDelegate:
   void AllowCert(const std::string& host,
                  const net::X509Certificate& cert,
                  net::CertStatus error) override;
   void Clear() override;
   CertJudgment QueryPolicy(const std::string& host,
                            const net::X509Certificate& cert,
                            net::CertStatus error,
                            bool* expired_previous_decision) override;
-  void HostRanInsecureContent(const std::string& host, int pid) override;
-  bool DidHostRunInsecureContent(const std::string& host,
-                                 int pid) const override;
+  void HostRanInsecureContent(const std::string& host,
+                              int pid,
+                              InsecureContentType content_type) override;
+  bool DidHostRunInsecureContent(
+      const std::string& host,
+      int pid,
+      InsecureContentType content_type) const override;
 
   // Revokes all SSL certificate error allow exceptions made by the user for
   // |host| in the given Profile.
   void RevokeUserAllowExceptions(const std::string& host) override;
 
   // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
   // additionally may close idle connections in the process. This should be used
   // *only* for rare events, such as a user controlled button, as it may be very
   // disruptive to the networking stack.
   virtual void RevokeUserAllowExceptionsHard(const std::string& host);
@@ skipping 50 matching lines @@
       bool* expired_previous_decision);
 
   std::unique_ptr<base::Clock> clock_;
   RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
   Profile* profile_;
 
   // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
   // contains insecure content in that renderer process.
   typedef std::pair<std::string, int> BrokenHostEntry;
 
-  // Hosts which have been contaminated with insecure content in the
+  // Hosts which have been contaminated with insecure mixed content in the
   // specified process.  Note that insecure content can travel between
   // same-origin frames in one processs but cannot jump between processes.
-  std::set<BrokenHostEntry> ran_insecure_content_hosts_;
+  std::set<BrokenHostEntry> ran_mixed_content_hosts_;
+
+  // Hosts which have been contaminated with content with certificate errors in
+  // the specific process.
+  std::set<BrokenHostEntry> ran_content_with_cert_errors_hosts_;

[jww, 2016/08/11 18:50:15]

nit: Can you add a #include<set>? This should have been there already, but
apparently it's missing.

[estark, 2016/08/11 20:58:38]

Done.

 
   // This is a GUID to mark this unique session. Whenever a certificate decision
   // expiration is set, the GUID is saved as well so Chrome can tell if it was
   // last set during the current session. This is used by the
   // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END experimental group to
   // determine if the expired_previous_decision bit should be set on queries.
   //
   // Why not just iterate over the set of current extensions and mark them all
   // as expired when the session starts, rather than storing a GUID for the
   // current session? Glad you asked! Unfortunately, content settings does not
   // currently support iterating over all current *compound* content setting
   // values (iteration only works for simple content settings). While this could
   // be added, it would be a fair amount of work for what amounts to a temporary
   // measurement problem, so it's not worth the complexity.
   //
   // TODO(jww): This is only used by the default and disable groups of the
   // certificate memory decisions experiment to tell if a decision has expired
   // since the last session. Since this is only used for UMA purposes, this
   // should be removed after the experiment has finished, and a call to Clear()
   // should be added to the constructor and destructor for members of the
   // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END groups. See
   // https://crbug.com/418631 for more details.
   const std::string current_expiration_guid_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
 };
 
 #endif  // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_