UMA data collector for cross-site documents(XSD)

webkit/child/site_isolation_policy.h

Index: webkit/child/site_isolation_policy.h
diff --git a/webkit/child/site_isolation_policy.h b/webkit/child/site_isolation_policy.h
new file mode 100644
index 0000000000000000000000000000000000000000..3d5687a09445695e3a58eb08c337ed63d903af9e
--- /dev/null
+++ b/webkit/child/site_isolation_policy.h
@@ -0,0 +1,158 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.  Use
+// of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+#define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_
+
+#include <map>
+#include <utility>
+
+#include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/platform/WebURLRequest.h"
+#include "third_party/WebKit/public/platform/WebURLResponse.h"
+#include "webkit/child/webkit_child_export.h"
+
+using WebKit::WebFrame;
+using WebKit::WebURLResponse;
+using WebKit::WebURLRequest;
+
+namespace webkit_glue {
+
+struct ResponseMetaData {
+  enum CanonicalMimeType {
+    IsHTML = 0,

[Charlie Reis, 2013/08/09 00:39:03]

nit: Drop the "Is" from these names.

[dsjang, 2013/08/09 01:31:23]

Done.

+    IsXML = 1,
+    IsJSON = 2,
+    IsPlain = 3,
+    IsOthers = 4,
+    MaxCanonicalMimeType,
+  };
+
+  static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) {
+    const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"};
+    return mime_type_names[mime_type];
+  }
+
+  static const char* TargetTypeToString(WebURLRequest::TargetType target_type) {
+    const char* target_type_names[] = {
+        "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script",
+        "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker",
+        "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"};
+    return target_type_names[target_type];
+  }
+
+  std::string frame_origin;
+  std::string response_url;
+  unsigned identifier;

[Charlie Reis, 2013/08/09 00:39:03]

request_identifier

[dsjang, 2013/08/09 01:31:23]

Done.

+  WebURLRequest::TargetType target_type;
+  CanonicalMimeType canonical_mime_type;
+  int http_status_code;
+};
+
+class WEBKIT_CHILD_EXPORT SiteIsolationPolicy {
+ public:
+
+  // Register target_type information for identifier. identifier keeps
+  // track of the sequence of network requests made for the original

[Charlie Reis, 2013/08/09 00:39:03]

This wording is a bit awkward.  The identifier represents a request, not a
sequence of them.

[dsjang, 2013/08/09 01:31:23]

Done.

+  // url.  target_type gets sometimes misleading especially when it

[Charlie Reis, 2013/08/09 00:39:03]

Can you elaborate a bit?  Hard for others to know what "sometimes misleading"
means.

[dsjang, 2013/08/09 01:31:23]

Done.

+  // has TargetIsSubresource. We should not depend on target_type to

[Charlie Reis, 2013/08/09 00:39:03]

has -> is

[dsjang, 2013/08/09 01:31:23]

Done.

+  // decide if this request is for navigation or not.
+  static void WillSendRequest(unsigned identifier,
+                              WebURLRequest::TargetType target_type);
+
+  // Register the header information of the response data. This
+  // function obtains the target_type set by WillSendRequest(), and
+  // erase the slot.

[Charlie Reis, 2013/08/09 00:39:03]

What slot?

[dsjang, 2013/08/09 01:31:23]

Done.

+  // TODO(dsjang): does this get called multiple times?
+  static void DidReceiveResponse(WebFrame* frame,
+                                 unsigned identifier,
+                                 const WebURLResponse& response);
+
+  // Examine the first network packet in case response_url is
+  // registered as a cross-site document by DidReceiveResponse(). If
+  // if is the case, this is going to record various kinds of UMA data

[Charlie Reis, 2013/08/09 00:39:03]

if -> this
going to record -> records

[dsjang, 2013/08/09 01:31:23]

Done.

+  // items.
+  static void DidReceiveData(const char* payload,
+                             int length,
+                             WebKit::WebURL& response_url);
+
+  // TODO(dsjang): Either of the following two functions must be
+  // called at the end of the
+  // transaction. WebURLLoaderImpl::didReceivedData() is not a place
+  // where this can be called since it is not guaranteed that the
+  // function is called in case of network error. Instead,
+  // RenderFrameImpl::didFinishResourceLoad(identifier) and
+  // didFailLoad() are used for successful loading, failed one,

[Charlie Reis, 2013/08/09 00:39:03]

successful loading and failed loading, respectively.

[dsjang, 2013/08/09 01:31:23]

Done.

+  // respectively.
+  static void DidFinishResourceLoad(unsigned identifier);
+
+  static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url);
+
+  // Returns the canonical mime type code of the mime type of

[Charlie Reis, 2013/08/09 00:39:03]

Everything from here down should be a private helper method.  We have a
FRIEND_TEST_ALL_PREFIXES macro that will let you test them (see
render_view_impl.h for an example).

Also, please elaborate on what "canonical" means.

[dsjang, 2013/08/09 01:31:23]

Done.

+  // response.
+  static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType(
+      const WebURLResponse& response);
+
+  // Returns whether response's scheme is network relevant. This

[Charlie Reis, 2013/08/09 00:39:03]

Is "network relevant" the right name for this?  FTP is a network scheme.  Maybe
something like IsBlockableScheme?

[dsjang, 2013/08/09 01:31:23]

Done.

+  // returns true only for http://* and https:// urls.
+  static bool IsNetworkScheme(GURL& frame_origin);

[Charlie Reis, 2013/08/09 00:39:03]

Most of these should probably be const GURL&.

[dsjang, 2013/08/09 01:31:23]

Done.

+
+  // Returns if this response's source site is the same as the site of the frame
+  static bool IsSameSite(GURL& frame_origin, GURL& response_url);
+
+  // Returns if a valid CORS's set for frame_origin. This is very

[Charlie Reis, 2013/08/09 00:39:03]

"Returns if there is a valid CORS header for frame_origin."

[dsjang, 2013/08/09 01:31:23]

Done.

+  // simliar to CrossOriginAccessControl::passesAccessControlCheck(),
+  // but we use sites as our security domain, not
+  // origins. TODO(dsjang): this must be improved to be more accurate
+  // to the actual CORS specification. For now, this works
+  // conservatively, allowing XSDs that are not allowed by actual CORS
+  // rules by ignoring 1) credentials and 2) methods. Preflight
+  // requests don't matter here since they are not used to decide
+  // whether to block a document or not on the client side.
+  static bool IsValidCorsHeaderSet(GURL& frame_origin,
+                                   GURL& website_origin,
+                                   std::string access_control_origin);
+
+  // Returns if this is for the response for a sub resource, not a
+  // response for frame navigation.
+  static bool IsFrameInNavigation(WebFrame* frame);

[Charlie Reis, 2013/08/09 00:39:03]

Perhaps IsFrameNavigating?

[dsjang, 2013/08/09 01:31:23]

Done.

+
+  static bool SniffForHTML(const char* data, size_t length);
+  static bool SniffForXML(const char* data, size_t length);
+  static bool SniffForJSON(const char* data, size_t length);
+
+  static bool IsErrorStatusCode(int status_code);
+  static bool SniffForJS(const char* data, size_t length);

[Charlie Reis, 2013/08/09 00:39:03]

Why isn't this Sniff function with the others?

Also, if there's a way to separate out the stuff we would need to block requests
from the stuff that's only needed for UMA stats (even if it's just TODO comments
to remove the latter), that will make it clearer which parts of the code are
intended to stick around for a while.

[dsjang, 2013/08/09 01:31:23]

Done.

+
+  static bool DoSignatureMatching(const char* data,
+                                  size_t length,
+                                  const char* signatures[],
+                                  size_t arr_size);
+
+ private:
+  // Maintain bookkeeping data between WillSendRequest() and
+  // DidReceiveResponse(). The key is the identifier of response.
+  static std::map<unsigned, WebURLRequest::TargetType> id_target_map_;
+
+  // Maintain data between DidReceiveResponse() and DidReceiveData().
+  // The key is the url of response. We can't use identifier anymore
+  // from here since that information is no longer available for
+  // DidReceiveData().
+  static std::map<std::string, ResponseMetaData> url_responsedata_map_;
+
+  // This is a map that maps the identifier of a response to the

[Charlie Reis, 2013/08/09 00:39:03]

This maps the identifier...

[dsjang, 2013/08/09 01:31:23]

Done.

+  // response's url. This is used to free REsponseMetaData in

[Charlie Reis, 2013/08/09 00:39:03]

typo: REsponse

[dsjang, 2013/08/09 01:31:23]

Done.

+  // url_responsedata_map_, when DidReceiveData() is never called.
+  static std::map<unsigned, std::string> id_url_map_;
+
+  // Never needs to be constructed/destructed.
+  SiteIsolationPolicy() {}
+  ~SiteIsolationPolicy() {}
+
+  DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy);
+};
+
+}  // namespace content
+
+#endif  // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_