Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(876)

Unified Diff: net/http/transport_security_state.cc

Issue 2272323004: Add UMA histogram for Expect-CT header processing (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: eroman comments Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 4ce0823e3653a58bf1bf5d58672d2646996a55c1..db0daf074f0d9fb79c912e76833fef6c5f5e35fb 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -1294,24 +1294,55 @@ void TransportSecurityState::ProcessExpectCTHeader(
const SSLInfo& ssl_info) {
DCHECK(CalledOnValidThread());
- if (!expect_ct_reporter_)
- return;
+ // Records the result of processing an Expect-CT header. This enum is
+ // histogrammed, so do not reorder or remove values.
+ enum ExpectCTHeaderResult {
+ // An Expect-CT header was received, but it had the wrong value.
+ EXPECT_CT_HEADER_BAD_VALUE = 0,
+ // The Expect-CT header was ignored because the build was old.
+ EXPECT_CT_HEADER_BUILD_NOT_TIMELY = 1,
+ // The Expect-CT header was ignored because the certificate did not chain to
+ // a public root.
+ EXPECT_CT_HEADER_PRIVATE_ROOT = 2,
+ // The Expect-CT header was ignored because CT compliance details were
+ // unavailable.
+ EXPECT_CT_HEADER_COMPLIANCE_DETAILS_UNAVAILABLE = 3,
+ // The request satisified the Expect-CT compliance policy, so no action was
+ // taken.
+ EXPECT_CT_HEADER_COMPLIED = 4,
+ // The Expect-CT header was ignored because there was no corresponding
+ // preload list entry.
+ EXPECT_CT_HEADER_NOT_PRELOADED = 5,
+ // The Expect-CT header was processed successfully and passed on to the
+ // delegate to send a report.
+ EXPECT_CT_HEADER_PROCESSED = 6,
+ EXPECT_CT_HEADER_LAST = EXPECT_CT_HEADER_PROCESSED
+ };
+
+ ExpectCTHeaderResult result = EXPECT_CT_HEADER_PROCESSED;
- if (value != "preload")
- return;
-
- if (!IsBuildTimely())
+ if (!expect_ct_reporter_)
return;
- if (!ssl_info.is_issued_by_known_root ||
- !ssl_info.ct_compliance_details_available ||
- ssl_info.ct_cert_policy_compliance ==
- ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {
- return;
+ ExpectCTState state;
+ if (value != "preload") {
+ result = EXPECT_CT_HEADER_BAD_VALUE;
+ } else if (!IsBuildTimely()) {
+ result = EXPECT_CT_HEADER_BUILD_NOT_TIMELY;
+ } else if (!ssl_info.is_issued_by_known_root) {
+ result = EXPECT_CT_HEADER_PRIVATE_ROOT;
+ } else if (!ssl_info.ct_compliance_details_available) {
+ result = EXPECT_CT_HEADER_COMPLIANCE_DETAILS_UNAVAILABLE;
+ } else if (ssl_info.ct_cert_policy_compliance ==
+ ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {
+ result = EXPECT_CT_HEADER_COMPLIED;
+ } else if (!GetStaticExpectCTState(host_port_pair.host(), &state)) {
+ result = EXPECT_CT_HEADER_NOT_PRELOADED;
}
- ExpectCTState state;
- if (!GetStaticExpectCTState(host_port_pair.host(), &state))
+ UMA_HISTOGRAM_ENUMERATION("Net.ExpectCTHeaderResult", result,
+ EXPECT_CT_HEADER_LAST + 1);
+ if (result != EXPECT_CT_HEADER_PROCESSED)
return;
expect_ct_reporter_->OnExpectCTFailed(host_port_pair, state.report_uri,
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698