UMA data collector for cross-site documents(XSD)

webkit/child/site_isolation_policy.h

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.  Use
+// of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+#define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+
+#include <map>
+#include <utility>
+
+#include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/platform/WebURLRequest.h"
+#include "third_party/WebKit/public/platform/WebURLResponse.h"
+#include "webkit/child/webkit_child_export.h"
+
+using WebKit::WebFrame;
+using WebKit::WebURLResponse;
+using WebKit::WebURLRequest;
+
+namespace webkit_glue {
+
+struct ResponseMetaData {
+  enum CanonicalMimeType {
+    IsHTML = 0,
+    IsXML = 1,
+    IsJSON = 2,
+    IsPlain = 3,
+    IsOthers = 4,
+  };
+
+  static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) {
+    const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"};
+    return mime_type_names[mime_type];
+  }
+
+  static const char* TargetTypeToString(WebURLRequest::TargetType target_type) {
+    const char* target_type_names[] = {
+        "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script",
+        "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker",
+        "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"};
+    return target_type_names[target_type];
+  }
+
+  std::string frame_origin;
+  std::string response_url;
+  unsigned identifier;
+  WebURLRequest::TargetType target_type;
+  CanonicalMimeType canonical_mime_type;
+  int http_status_code;
+};
+
+// The correct calling sequence of the following three functions are
+// as they appear in this file.
+class WEBKIT_CHILD_EXPORT SiteIsolationPolicy {
+ public:
+
+  // Register target_type information for identifier. identifier keeps
+  // track of the sequence of network requests made for the original
+  // url.  target_type gets sometimes misleading especially when it
+  // has TargetIsSubresource. We should not depend on target_type to
+  // decide if this request is for navigation or not.
+  static void WillSendRequest(unsigned identifier,
+                              WebURLRequest::TargetType target_type);
+
+  // Register the header information of the response data. This
+  // function obtains the target_type set by WillSendRequest(), and
+  // erase the slot.
+  // TODO(dsjang): does this get called multiple times?
+  static void DidReceiveResponse(WebFrame* frame,
+                                 unsigned identifier,
+                                 const WebURLResponse& response);
+
+  static void DidReceiveData(const char* payload,

[nasko, 2013/08/06 17:29:27]

Why is this method without a comment? It seems out of place when the rest have
very detailed comments.

[dsjang, 2013/08/07 00:19:07]

Done.

+                             int length,
+                             WebKit::WebURL& response_url);
+
+  // TODO(dsjang): This seems eventually called by RenderFrameImpl
+  // after WillSendRequest(). Consult experts to confirm this. This
+  // frees the registered target_type information by
+  // WillSendRequest().
+  static void DidFinishResourceLoad(unsigned identifier);
+
+  // TODO(dsjang): This is called by WebURLLoaderImpl to free response
+  // data registred by DidReceiveResponse. This might not be called
+  // when a network request fails since this is only called after
+  // finishing downloading the response to the request. So we might
+  // have to depend on DidFinishResourceLoad(identifier) above.
+  static void DidFinishResourceLoad(WebKit::WebURL& response_url);
+
+  // Returns if this response's scheme is not security relevant. For

[nasko, 2013/08/06 17:29:27]

nit: s/if/whether/ here and all the following comments of the same form.

[dsjang, 2013/08/07 00:19:07]

Done.

+  // example, this returns true for data:

[nasko, 2013/08/06 17:29:27]

Really? It returns a type according to the declaration, not a boolean.

[dsjang, 2013/08/07 00:19:07]

Done.

+  static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType(
+      const WebURLResponse& response);
+
+  // Returns if this response's scheme is not security relevant. For
+  // example, this returns true for data:
+  static bool IsSafeScheme(GURL& frame_origin);
+
+  // Returns if this response's source site is the same as the site of the frame
+  static bool IsSameSite(GURL& frame_origin, GURL& response_url);
+
+  // TODO(dsjang): Scheme should be considered for checking the
+  // validity of a cors header.  Returns if a valid CORS header is set
+  // for the frame's URL.
+  static bool IsValidCorsHeaderSet(GURL& frame_origin,
+                                   GURL& website_origin,
+                                   std::string access_control_origin);
+
+  // Returns if this is for the response for a sub resource, not a
+  // response for frame navigation.
+  static bool IsFrameNotCommitted(WebFrame* frame);
+
+  static bool SniffForHTML(const char* data, size_t length);
+  static bool SniffForXML(const char* data, size_t length);
+  static bool SniffForJSON(const char* data, size_t length);
+
+  static bool UnaffectedStatusCode(int status_code);
+  static bool SniffForJS(const char* data, size_t length);
+
+  static bool DoSignatureMatching(const char* data,
+                                  size_t length,
+                                  const char* signatures[],
+                                  size_t arr_size);
+
+ private:
+  // Maintain data between willSendRequest() -> didReceiveResponse()
+  static std::map<unsigned, WebURLRequest::TargetType> id_target_map_;

[nasko, 2013/08/06 17:29:27]

Be explicit in type declaration. unsigned what?

[dsjang, 2013/08/07 00:19:07]

Decided to leave "unsigned" unchanged to be consistent with existing code.

On 2013/08/06 17:29:27, nasko wrote:

+
+  // Maintain data between didReceiveResponse() -> didReceiveData()
+  // We need to record (mimetype, statuscode) here.
+  static std::map<std::string, ResponseMetaData> url_responsedata_map_;
+
+  // This is a map that maps identifier to the corresponding
+  // ResponseMetaData.
+  static std::map<unsigned, std::string> id_url_map_;

[nasko, 2013/08/06 17:29:27]

Same here, be explicit.

[dsjang, 2013/08/07 00:19:07]

Decided to leave "unsigned" unchanged to be consistent with existing code.

On 2013/08/06 17:29:27, nasko wrote:

+
+  // Never needs to be constructed/destructed.
+  SiteIsolationPolicy() {}
+  ~SiteIsolationPolicy() {}
+
+  DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy);
+};
+
+}  // namespace content
+
+#endif  // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_