OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
11 #include "build/build_config.h" | 11 #include "build/build_config.h" |
12 #include "chrome/browser/browser_process.h" | |
12 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 13 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
13 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 14 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
14 #include "chrome/browser/profiles/profile.h" | 15 #include "chrome/browser/profiles/profile.h" |
16 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
17 #include "chrome/browser/safe_browsing/ui_manager.h" | |
15 #include "chrome/grit/generated_resources.h" | 18 #include "chrome/grit/generated_resources.h" |
16 #include "content/public/browser/cert_store.h" | 19 #include "content/public/browser/cert_store.h" |
17 #include "content/public/browser/navigation_entry.h" | 20 #include "content/public/browser/navigation_entry.h" |
21 #include "content/public/browser/render_frame_host.h" | |
22 #include "content/public/browser/render_process_host.h" | |
18 #include "content/public/browser/security_style_explanation.h" | 23 #include "content/public/browser/security_style_explanation.h" |
19 #include "content/public/browser/security_style_explanations.h" | 24 #include "content/public/browser/security_style_explanations.h" |
20 #include "content/public/browser/web_contents.h" | 25 #include "content/public/browser/web_contents.h" |
21 #include "content/public/common/origin_util.h" | 26 #include "content/public/common/origin_util.h" |
22 #include "content/public/common/ssl_status.h" | 27 #include "content/public/common/ssl_status.h" |
23 #include "net/base/net_errors.h" | 28 #include "net/base/net_errors.h" |
24 #include "net/cert/x509_certificate.h" | 29 #include "net/cert/x509_certificate.h" |
25 #include "ui/base/l10n/l10n_util.h" | 30 #include "ui/base/l10n/l10n_util.h" |
26 | 31 |
27 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient); | 32 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient); |
28 | 33 |
34 using safe_browsing::SafeBrowsingUIManager; | |
29 using security_state::SecurityStateModel; | 35 using security_state::SecurityStateModel; |
30 | 36 |
31 namespace { | 37 namespace { |
32 | 38 |
33 // Converts a content::SecurityStyle (an indicator of a request's | 39 // Converts a content::SecurityStyle (an indicator of a request's |
34 // overall security level computed by //content) into a | 40 // overall security level computed by //content) into a |
35 // SecurityStateModel::SecurityLevel (a finer-grained SecurityStateModel | 41 // SecurityStateModel::SecurityLevel (a finer-grained SecurityStateModel |
36 // concept that can express all of SecurityStateModel's policies that | 42 // concept that can express all of SecurityStateModel's policies that |
37 // //content doesn't necessarily know about). | 43 // //content doesn't necessarily know about). |
38 SecurityStateModel::SecurityLevel GetSecurityLevelForSecurityStyle( | 44 SecurityStateModel::SecurityLevel GetSecurityLevelForSecurityStyle( |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
247 ssl.sct_statuses.end()); | 253 ssl.sct_statuses.end()); |
248 state->displayed_mixed_content = | 254 state->displayed_mixed_content = |
249 !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT); | 255 !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT); |
250 state->ran_mixed_content = | 256 state->ran_mixed_content = |
251 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); | 257 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); |
252 state->displayed_content_with_cert_errors = | 258 state->displayed_content_with_cert_errors = |
253 !!(ssl.content_status & | 259 !!(ssl.content_status & |
254 content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS); | 260 content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS); |
255 state->ran_content_with_cert_errors = | 261 state->ran_content_with_cert_errors = |
256 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); | 262 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); |
263 | |
264 // Check to see whether the security state should be downgraded to reflect | |
265 // a Safe Browsing verdict. | |
266 safe_browsing::SafeBrowsingService* sb_service = | |
267 g_browser_process->safe_browsing_service(); | |
268 if (!sb_service) | |
269 return; | |
270 scoped_refptr<SafeBrowsingUIManager> sb_ui_manager = sb_service->ui_manager(); | |
estark
2016/08/24 05:15:39
optional: it might be simpler to add a new SBUIMan
Jialiu Lin
2016/08/24 06:27:20
I agree with estark@.
felt
2016/08/24 19:27:19
I was trying to avoid introducing a new method to
| |
271 SafeBrowsingUIManager::UnsafeResource test_resource; | |
272 test_resource.url = entry->GetURL(); | |
273 test_resource.is_subresource = false; | |
274 test_resource.web_contents_getter = | |
275 SafeBrowsingUIManager::UnsafeResource::GetWebContentsGetter( | |
276 web_contents_->GetRenderProcessHost()->GetID(), | |
277 web_contents_->GetMainFrame()->GetRoutingID()); | |
278 if (sb_ui_manager->IsWhitelisted(test_resource)) { | |
279 state->fails_malware_check = true; | |
280 state->initial_security_level = SecurityStateModel::SECURITY_ERROR; | |
estark
2016/08/24 05:15:39
Strictly speaking, you don't need this, right? The
felt
2016/08/24 19:27:19
Strictly speaking, no. But it seems potentially co
| |
281 } | |
257 } | 282 } |
OLD | NEW |