UMA data collector for cross-site documents(XSD)

webkit/child/site_isolation_policy.h

Index: webkit/child/site_isolation_policy.h
diff --git a/webkit/child/site_isolation_policy.h b/webkit/child/site_isolation_policy.h
new file mode 100644
index 0000000000000000000000000000000000000000..3cde0a61ddcd577bb497cb9870e3c5aa4a4a4f9a
--- /dev/null
+++ b/webkit/child/site_isolation_policy.h
@@ -0,0 +1,155 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.  Use
+// of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+#define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+
+#include <map>
+#include <utility>
+
+#include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/platform/WebURLRequest.h"
+#include "third_party/WebKit/public/platform/WebURLResponse.h"
+#include "webkit/child/webkit_child_export.h"
+
+using WebKit::WebFrame;
+using WebKit::WebURLResponse;
+using WebKit::WebURLRequest;
+
+namespace webkit_glue {
+
+struct ResponseMetaData {
+  enum CanonicalMimeType {
+    IsHTML = 0,
+    IsXML = 1,
+    IsJSON = 2,
+    IsPlain = 3,
+    IsOthers = 4,
+  };
+
+  static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) {
+    const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"};
+    return mime_type_names[mime_type];
+  }
+
+  static const char* TargetTypeToString(WebURLRequest::TargetType target_type) {
+    const char* target_type_names[] = {
+        "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script",
+        "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker",
+        "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"};
+    return target_type_names[target_type];
+  }
+
+  std::string frame_origin;
+  std::string response_url;
+  unsigned identifier;
+  WebURLRequest::TargetType target_type;
+  CanonicalMimeType canonical_mime_type;
+  int http_status_code;
+};
+
+// The correct calling sequence of the following three functions are

[Charlie Reis, 2013/08/07 21:02:02]

A class-level comment should describe what the class is for.  If this comment is
accurate, it should be below the public: line with a blank line between it and
the WillSendRequest line.  It's confusing to me, though, since it sounds like
you require the 4th/5th one as well.

[dsjang, 2013/08/08 21:21:01]

Done.

+// as they appear in this file.
+class WEBKIT_CHILD_EXPORT SiteIsolationPolicy {
+ public:
+
+  // Register target_type information for identifier. identifier keeps
+  // track of the sequence of network requests made for the original
+  // url.  target_type gets sometimes misleading especially when it
+  // has TargetIsSubresource. We should not depend on target_type to
+  // decide if this request is for navigation or not.
+  static void WillSendRequest(unsigned identifier,
+                              WebURLRequest::TargetType target_type);
+
+  // Register the header information of the response data. This
+  // function obtains the target_type set by WillSendRequest(), and
+  // erase the slot.
+  // TODO(dsjang): does this get called multiple times?
+  static void DidReceiveResponse(WebFrame* frame,
+                                 unsigned identifier,
+                                 const WebURLResponse& response);
+
+  // Examine the first network packet in case response_url is
+  // registered as a cross-site document by DidReceiveResponse(). If
+  // if is the case, this is going to record various kinds of UMA data
+  // items.
+  static void DidReceiveData(const char* payload,
+                             int length,
+                             WebKit::WebURL& response_url);
+
+  // TODO(dsjang): Either of the following two functions must be
+  // called at the end of the
+  // transaction. WebURLLoaderImpl::didReceivedData() is not a place
+  // where this can be called since it is not guaranteed that the
+  // function is called in case of network error. Instead,
+  // RenderFrameImpl::didFinishResourceLoad(identifier) and
+  // didFailLoad() are used for successful loading, failed one,
+  // respectively.
+  static void DidFinishResourceLoad(unsigned identifier);
+
+  static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url);
+
+  // Returns the canonical mime type code of the mime type of
+  // response.
+  static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType(
+      const WebURLResponse& response);
+
+  // Returns whether response's scheme is not security relevant. For

[Charlie Reis, 2013/08/07 21:02:02]

This comment and the function name don't agree.

[dsjang, 2013/08/08 21:21:01]

Done.

+  // example, this returns true for data:* urls.
+  static bool IsNetworkScheme(GURL& frame_origin);
+
+  // Returns if this response's source site is the same as the site of the frame
+  static bool IsSameSite(GURL& frame_origin, GURL& response_url);
+
+  // Returns if a valid CORS's set for frame_origin. This is very
+  // simliar to CrossOriginAccessControl::passesAccessControlCheck(),
+  // but we use sites as our security domain, not
+  // origins. TODO(dsjang): this must be improved to be more accurate
+  // to the actual CORS specification. For now, this works
+  // conservatively, allowing XSDs that are not allowed by actual CORS
+  // rules by ignoring 1) credentials and 2) methods. Preflight
+  // requests don't matter here since they are not used to decide
+  // whether to block a document or not on the client side.
+  static bool IsValidCorsHeaderSet(GURL& frame_origin,
+                                   GURL& website_origin,
+                                   std::string access_control_origin);
+
+  // Returns if this is for the response for a sub resource, not a
+  // response for frame navigation.
+  static bool IsFrameNotCommitted(WebFrame* frame);

[Charlie Reis, 2013/08/07 21:02:02]

This name is hard to understand (vs the comment).  Sounds like whether the frame
is committed is an implementation detail.

[dsjang, 2013/08/08 21:21:01]

How about FrameInNavigation?

On 2013/08/07 21:02:02, creis wrote:

+
+  static bool SniffForHTML(const char* data, size_t length);
+  static bool SniffForXML(const char* data, size_t length);
+  static bool SniffForJSON(const char* data, size_t length);
+
+  static bool IsErrorStatusCode(int status_code);
+  static bool SniffForJS(const char* data, size_t length);
+
+  static bool DoSignatureMatching(const char* data,
+                                  size_t length,
+                                  const char* signatures[],
+                                  size_t arr_size);
+
+ private:
+  // Maintain data between willSendRequest() -> didReceiveResponse()

[Charlie Reis, 2013/08/07 21:02:02]

-> is confusing here because it has a specific C++ meaning.  Just say "and".

Please explain what the key is.

[dsjang, 2013/08/08 21:21:01]

Done.

+  static std::map<unsigned, WebURLRequest::TargetType> id_target_map_;
+
+  // Maintain data between didReceiveResponse() -> didReceiveData() We
+  // need to record (mimetype, statuscode) here.
+  static std::map<std::string, ResponseMetaData> url_responsedata_map_;
+
+  // This is a map that maps identifier to the corresponding
+  // ResponseMetaData.
+  static std::map<unsigned, std::string> id_url_map_;
+
+  // Never needs to be constructed/destructed.
+  SiteIsolationPolicy() {}
+  ~SiteIsolationPolicy() {}
+
+  DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy);
+};
+
+}  // namespace content
+
+#endif  // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_