webkit/child/site_isolation_policy.h - Issue 22254005: UMA data collector for cross-site documents(XSD)

Side by Side Diff: webkit/child/site_isolation_policy.h

Issue 22254005: UMA data collector for cross-site documents(XSD) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr

Patch Set: UMA Bucket names are reorganized. Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. Use

	2 // of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_

	6 #define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_

	7

	8 #include <map>

	9 #include <utility>

	10

	11 #include "third_party/WebKit/public/web/WebFrame.h"

	12 #include "third_party/WebKit/public/platform/WebURLRequest.h"

	13 #include "third_party/WebKit/public/platform/WebURLResponse.h"

	14 #include "webkit/child/webkit_child_export.h"

	15

	16 using WebKit::WebFrame;

	17 using WebKit::WebURLResponse;

	18 using WebKit::WebURLRequest;

	19

	20 namespace webkit_glue {

	21

	22 struct ResponseMetaData {

	23 enum CanonicalMimeType {

	24 IsHTML = 0,
	Charlie Reis 2013/08/09 00:39:03 nit: Drop the "Is" from these names. nit: Drop the "Is" from these names. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > nit: Drop the "Is" from these names. Done.
	25 IsXML = 1,

	26 IsJSON = 2,

	27 IsPlain = 3,

	28 IsOthers = 4,

	29 MaxCanonicalMimeType,

	30 };

	31

	32 static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) {

	33 const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"};

	34 return mime_type_names[mime_type];

	35 }

	36

	37 static const char* TargetTypeToString(WebURLRequest::TargetType target_type) {

	38 const char* target_type_names[] = {

	39 "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script",

	40 "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker",

	41 "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"};

	42 return target_type_names[target_type];

	43 }

	44

	45 std::string frame_origin;

	46 std::string response_url;

	47 unsigned identifier;
	Charlie Reis 2013/08/09 00:39:03 request_identifier request_identifier dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > request_identifier Done.
	48 WebURLRequest::TargetType target_type;

	49 CanonicalMimeType canonical_mime_type;

	50 int http_status_code;

	51 };

	52

	53 class WEBKIT_CHILD_EXPORT SiteIsolationPolicy {

	54 public:

	55

	56 // Register target_type information for identifier. identifier keeps

	57 // track of the sequence of network requests made for the original
	Charlie Reis 2013/08/09 00:39:03 This wording is a bit awkward. The identifier rep This wording is a bit awkward. The identifier represents a request, not a sequence of them. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > This wording is a bit awkward. The identifier represents a request, not a > sequence of them. Done.
	58 // url. target_type gets sometimes misleading especially when it
	Charlie Reis 2013/08/09 00:39:03 Can you elaborate a bit? Hard for others to know Can you elaborate a bit? Hard for others to know what "sometimes misleading" means. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Can you elaborate a bit? Hard for others to know what "sometimes misleading" > means. Done.
	59 // has TargetIsSubresource. We should not depend on target_type to
	Charlie Reis 2013/08/09 00:39:03 has -> is has -> is dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > has -> is Done.
	60 // decide if this request is for navigation or not.

	61 static void WillSendRequest(unsigned identifier,

	62 WebURLRequest::TargetType target_type);

	63

	64 // Register the header information of the response data. This

	65 // function obtains the target_type set by WillSendRequest(), and

	66 // erase the slot.
	Charlie Reis 2013/08/09 00:39:03 What slot? What slot? dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > What slot? Done.
	67 // TODO(dsjang): does this get called multiple times?

	68 static void DidReceiveResponse(WebFrame* frame,

	69 unsigned identifier,

	70 const WebURLResponse& response);

	71

	72 // Examine the first network packet in case response_url is

	73 // registered as a cross-site document by DidReceiveResponse(). If

	74 // if is the case, this is going to record various kinds of UMA data
	Charlie Reis 2013/08/09 00:39:03 if -> this going to record -> records if -> this going to record -> records dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > if -> this > going to record -> records Done.
	75 // items.

	76 static void DidReceiveData(const char* payload,

	77 int length,

	78 WebKit::WebURL& response_url);

	79

	80 // TODO(dsjang): Either of the following two functions must be

	81 // called at the end of the

	82 // transaction. WebURLLoaderImpl::didReceivedData() is not a place

	83 // where this can be called since it is not guaranteed that the

	84 // function is called in case of network error. Instead,

	85 // RenderFrameImpl::didFinishResourceLoad(identifier) and

	86 // didFailLoad() are used for successful loading, failed one,
	Charlie Reis 2013/08/09 00:39:03 successful loading and failed loading, respectivel successful loading and failed loading, respectively. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > successful loading and failed loading, respectively. Done.
	87 // respectively.

	88 static void DidFinishResourceLoad(unsigned identifier);

	89

	90 static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url);

	91

	92 // Returns the canonical mime type code of the mime type of
	Charlie Reis 2013/08/09 00:39:03 Everything from here down should be a private help Everything from here down should be a private helper method. We have a FRIEND_TEST_ALL_PREFIXES macro that will let you test them (see render_view_impl.h for an example). Also, please elaborate on what "canonical" means. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Everything from here down should be a private helper method. We have a > FRIEND_TEST_ALL_PREFIXES macro that will let you test them (see > render_view_impl.h for an example). > > Also, please elaborate on what "canonical" means. Done.
	93 // response.

	94 static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType(

	95 const WebURLResponse& response);

	96

	97 // Returns whether response's scheme is network relevant. This
	Charlie Reis 2013/08/09 00:39:03 Is "network relevant" the right name for this? FT Is "network relevant" the right name for this? FTP is a network scheme. Maybe something like IsBlockableScheme? dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Is "network relevant" the right name for this? FTP is a network scheme. Maybe > something like IsBlockableScheme? Done.
	98 // returns true only for http://* and https:// urls.

	99 static bool IsNetworkScheme(GURL& frame_origin);
	Charlie Reis 2013/08/09 00:39:03 Most of these should probably be const GURL&. Most of these should probably be const GURL&. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Most of these should probably be const GURL&. Done.
	100

	101 // Returns if this response's source site is the same as the site of the frame

	102 static bool IsSameSite(GURL& frame_origin, GURL& response_url);

	103

	104 // Returns if a valid CORS's set for frame_origin. This is very
	Charlie Reis 2013/08/09 00:39:03 "Returns if there is a valid CORS header for frame "Returns if there is a valid CORS header for frame_origin." dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > "Returns if there is a valid CORS header for frame_origin." Done.
	105 // simliar to CrossOriginAccessControl::passesAccessControlCheck(),

	106 // but we use sites as our security domain, not

	107 // origins. TODO(dsjang): this must be improved to be more accurate

	108 // to the actual CORS specification. For now, this works

	109 // conservatively, allowing XSDs that are not allowed by actual CORS

	110 // rules by ignoring 1) credentials and 2) methods. Preflight

	111 // requests don't matter here since they are not used to decide

	112 // whether to block a document or not on the client side.

	113 static bool IsValidCorsHeaderSet(GURL& frame_origin,

	114 GURL& website_origin,

	115 std::string access_control_origin);

	116

	117 // Returns if this is for the response for a sub resource, not a

	118 // response for frame navigation.

	119 static bool IsFrameInNavigation(WebFrame* frame);
	Charlie Reis 2013/08/09 00:39:03 Perhaps IsFrameNavigating? Perhaps IsFrameNavigating? dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Perhaps IsFrameNavigating? Done.
	120

	121 static bool SniffForHTML(const char* data, size_t length);

	122 static bool SniffForXML(const char* data, size_t length);

	123 static bool SniffForJSON(const char* data, size_t length);

	124

	125 static bool IsErrorStatusCode(int status_code);

	126 static bool SniffForJS(const char* data, size_t length);
	Charlie Reis 2013/08/09 00:39:03 Why isn't this Sniff function with the others? Al Why isn't this Sniff function with the others? Also, if there's a way to separate out the stuff we would need to block requests from the stuff that's only needed for UMA stats (even if it's just TODO comments to remove the latter), that will make it clearer which parts of the code are intended to stick around for a while. dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > Why isn't this Sniff function with the others? > > Also, if there's a way to separate out the stuff we would need to block requests > from the stuff that's only needed for UMA stats (even if it's just TODO comments > to remove the latter), that will make it clearer which parts of the code are > intended to stick around for a while. Done.
	127

	128 static bool DoSignatureMatching(const char* data,

	129 size_t length,

	130 const char* signatures[],

	131 size_t arr_size);

	132

	133 private:

	134 // Maintain bookkeeping data between WillSendRequest() and

	135 // DidReceiveResponse(). The key is the identifier of response.

	136 static std::map<unsigned, WebURLRequest::TargetType> id_target_map_;

	137

	138 // Maintain data between DidReceiveResponse() and DidReceiveData().

	139 // The key is the url of response. We can't use identifier anymore

	140 // from here since that information is no longer available for

	141 // DidReceiveData().

	142 static std::map<std::string, ResponseMetaData> url_responsedata_map_;

	143

	144 // This is a map that maps the identifier of a response to the
	Charlie Reis 2013/08/09 00:39:03 This maps the identifier... This maps the identifier... dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > This maps the identifier... Done.
	145 // response's url. This is used to free REsponseMetaData in
	Charlie Reis 2013/08/09 00:39:03 typo: REsponse typo: REsponse dsjang 2013/08/09 01:31:23 Done. Show quoted text On 2013/08/09 00:39:03, creis wrote: > typo: REsponse Done.
	146 // url_responsedata_map_, when DidReceiveData() is never called.

	147 static std::map<unsigned, std::string> id_url_map_;

	148

	149 // Never needs to be constructed/destructed.

	150 SiteIsolationPolicy() {}

	151 ~SiteIsolationPolicy() {}

	152

	153 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy);

	154 };

	155

	156 } // namespace content

	157

	158 #endif // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_

OLD	NEW

« content/renderer/render_frame_impl.cc ('K') | « content/renderer/render_frame_impl.cc ('k') | webkit/child/site_isolation_policy.cc » ('j') | webkit/child/site_isolation_policy.cc » ('J')