Chromium Code Reviews Chromium Code Reviews
Issue 22254005:
UMA data collector for cross-site documents(XSD) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. Use | |
| 2 // of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
| 6 #define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
| 7 | |
| 8 #include <map> | |
| 9 #include <utility> | |
| 10 | |
| 11 #include "third_party/WebKit/public/web/WebFrame.h" | |
| 12 #include "third_party/WebKit/public/platform/WebURLRequest.h" | |
| 13 #include "third_party/WebKit/public/platform/WebURLResponse.h" | |
| 14 #include "webkit/child/webkit_child_export.h" | |
| 15 | |
| 16 using WebKit::WebFrame; | |
| 17 using WebKit::WebURLResponse; | |
| 18 using WebKit::WebURLRequest; | |
| 19 | |
| 20 namespace webkit_glue { | |
| 21 | |
| 22 struct ResponseMetaData { | |
| 23 enum CanonicalMimeType { | |
| 24 IsHTML = 0, | |
| 25 IsXML = 1, | |
| 26 IsJSON = 2, | |
| 27 IsPlain = 3, | |
| 28 IsOthers = 4, | |
| 29 }; | |
| 30 | |
| 31 static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) { | |
| 32 const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"}; | |
| 33 return mime_type_names[mime_type]; | |
| 34 } | |
| 35 | |
| 36 static const char* TargetTypeToString(WebURLRequest::TargetType target_type) { | |
| 37 const char* target_type_names[] = { | |
| 38 "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script", | |
| 39 "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker", | |
| 40 "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"}; | |
| 41 return target_type_names[target_type]; | |
| 42 } | |
| 43 | |
| 44 std::string frame_origin; | |
| 45 std::string response_url; | |
| 46 unsigned identifier; | |
| 47 WebURLRequest::TargetType target_type; | |
| 48 CanonicalMimeType canonical_mime_type; | |
| 49 int http_status_code; | |
| 50 }; | |
| 51 | |
| 52 // The correct calling sequence of the following three functions are | |
|
Charlie Reis
2013/08/07 21:02:02
A class-level comment should describe what the cla
dsjang
2013/08/08 21:21:01
Done.
| |
| 53 // as they appear in this file. | |
| 54 class WEBKIT_CHILD_EXPORT SiteIsolationPolicy { | |
| 55 public: | |
| 56 | |
| 57 // Register target_type information for identifier. identifier keeps | |
| 58 // track of the sequence of network requests made for the original | |
| 59 // url. target_type gets sometimes misleading especially when it | |
| 60 // has TargetIsSubresource. We should not depend on target_type to | |
| 61 // decide if this request is for navigation or not. | |
| 62 static void WillSendRequest(unsigned identifier, | |
| 63 WebURLRequest::TargetType target_type); | |
| 64 | |
| 65 // Register the header information of the response data. This | |
| 66 // function obtains the target_type set by WillSendRequest(), and | |
| 67 // erase the slot. | |
| 68 // TODO(dsjang): does this get called multiple times? | |
| 69 static void DidReceiveResponse(WebFrame* frame, | |
| 70 unsigned identifier, | |
| 71 const WebURLResponse& response); | |
| 72 | |
| 73 // Examine the first network packet in case response_url is | |
| 74 // registered as a cross-site document by DidReceiveResponse(). If | |
| 75 // if is the case, this is going to record various kinds of UMA data | |
| 76 // items. | |
| 77 static void DidReceiveData(const char* payload, | |
| 78 int length, | |
| 79 WebKit::WebURL& response_url); | |
| 80 | |
| 81 // TODO(dsjang): Either of the following two functions must be | |
| 82 // called at the end of the | |
| 83 // transaction. WebURLLoaderImpl::didReceivedData() is not a place | |
| 84 // where this can be called since it is not guaranteed that the | |
| 85 // function is called in case of network error. Instead, | |
| 86 // RenderFrameImpl::didFinishResourceLoad(identifier) and | |
| 87 // didFailLoad() are used for successful loading, failed one, | |
| 88 // respectively. | |
| 89 static void DidFinishResourceLoad(unsigned identifier); | |
| 90 | |
| 91 static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url); | |
| 92 | |
| 93 // Returns the canonical mime type code of the mime type of | |
| 94 // response. | |
| 95 static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType( | |
| 96 const WebURLResponse& response); | |
| 97 | |
| 98 // Returns whether response's scheme is not security relevant. For | |
|
Charlie Reis
2013/08/07 21:02:02
This comment and the function name don't agree.
dsjang
2013/08/08 21:21:01
Done.
| |
| 99 // example, this returns true for data:* urls. | |
| 100 static bool IsNetworkScheme(GURL& frame_origin); | |
| 101 | |
| 102 // Returns if this response's source site is the same as the site of the frame | |
| 103 static bool IsSameSite(GURL& frame_origin, GURL& response_url); | |
| 104 | |
| 105 // Returns if a valid CORS's set for frame_origin. This is very | |
| 106 // simliar to CrossOriginAccessControl::passesAccessControlCheck(), | |
| 107 // but we use sites as our security domain, not | |
| 108 // origins. TODO(dsjang): this must be improved to be more accurate | |
| 109 // to the actual CORS specification. For now, this works | |
| 110 // conservatively, allowing XSDs that are not allowed by actual CORS | |
| 111 // rules by ignoring 1) credentials and 2) methods. Preflight | |
| 112 // requests don't matter here since they are not used to decide | |
| 113 // whether to block a document or not on the client side. | |
| 114 static bool IsValidCorsHeaderSet(GURL& frame_origin, | |
| 115 GURL& website_origin, | |
| 116 std::string access_control_origin); | |
| 117 | |
| 118 // Returns if this is for the response for a sub resource, not a | |
| 119 // response for frame navigation. | |
| 120 static bool IsFrameNotCommitted(WebFrame* frame); | |
|
Charlie Reis
2013/08/07 21:02:02
This name is hard to understand (vs the comment).
dsjang
2013/08/08 21:21:01
How about FrameInNavigation?
On 2013/08/07 21:02:
| |
| 121 | |
| 122 static bool SniffForHTML(const char* data, size_t length); | |
| 123 static bool SniffForXML(const char* data, size_t length); | |
| 124 static bool SniffForJSON(const char* data, size_t length); | |
| 125 | |
| 126 static bool IsErrorStatusCode(int status_code); | |
| 127 static bool SniffForJS(const char* data, size_t length); | |
| 128 | |
| 129 static bool DoSignatureMatching(const char* data, | |
| 130 size_t length, | |
| 131 const char* signatures[], | |
| 132 size_t arr_size); | |
| 133 | |
| 134 private: | |
| 135 // Maintain data between willSendRequest() -> didReceiveResponse() | |
|
Charlie Reis
2013/08/07 21:02:02
-> is confusing here because it has a specific C++
dsjang
2013/08/08 21:21:01
Done.
| |
| 136 static std::map<unsigned, WebURLRequest::TargetType> id_target_map_; | |
| 137 | |
| 138 // Maintain data between didReceiveResponse() -> didReceiveData() We | |
| 139 // need to record (mimetype, statuscode) here. | |
| 140 static std::map<std::string, ResponseMetaData> url_responsedata_map_; | |
| 141 | |
| 142 // This is a map that maps identifier to the corresponding | |
| 143 // ResponseMetaData. | |
| 144 static std::map<unsigned, std::string> id_url_map_; | |
| 145 | |
| 146 // Never needs to be constructed/destructed. | |
| 147 SiteIsolationPolicy() {} | |
| 148 ~SiteIsolationPolicy() {} | |
| 149 | |
| 150 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); | |
| 151 }; | |
| 152 | |
| 153 } // namespace content | |
| 154 | |
| 155 #endif // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
| OLD | NEW |
