Chromium Code Reviews Chromium Code Reviews
Issue 2275123004:
Downgrade security state while displaying an SB interstitial (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@dangerstate| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 74 case SecurityStateModel::SECURE: | 74 case SecurityStateModel::SECURE: |
| 75 return content::SECURITY_STYLE_AUTHENTICATED; | 75 return content::SECURITY_STYLE_AUTHENTICATED; |
| 76 case SecurityStateModel::SECURITY_ERROR: | 76 case SecurityStateModel::SECURITY_ERROR: |
| 77 return content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 77 return content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 78 } | 78 } |
| 79 | 79 |
| 80 NOTREACHED(); | 80 NOTREACHED(); |
| 81 return content::SECURITY_STYLE_UNKNOWN; | 81 return content::SECURITY_STYLE_UNKNOWN; |
| 82 } | 82 } |
| 83 | 83 |
| 84 // Check to see whether the security state should be downgraded to reflect | |
| 85 // a Safe Browsing verdict. | |
| 86 void CheckSafeBrowsingStatus(content::NavigationEntry* entry, | |
| 87 content::WebContents* web_contents, | |
| 88 SecurityStateModel::VisibleSecurityState* state) { | |
| 89 safe_browsing::SafeBrowsingService* sb_service = | |
| 90 g_browser_process->safe_browsing_service(); | |
| 91 if (!sb_service) | |
| 92 return; | |
| 93 scoped_refptr<SafeBrowsingUIManager> sb_ui_manager = sb_service->ui_manager(); | |
| 94 if (sb_ui_manager->IsUrlWhitelistedOrPendingForWebContents( | |
| 95 entry->GetURL(), false, entry, web_contents, false)) { | |
| 96 state->fails_malware_check = true; | |
| 97 state->initial_security_level = SecurityStateModel::SECURITY_ERROR; | |
| 98 } | |
| 99 } | |
| 100 | |
| 84 } // namespace | 101 } // namespace |
| 85 | 102 |
| 86 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( | 103 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( |
| 87 content::WebContents* web_contents) | 104 content::WebContents* web_contents) |
| 88 : web_contents_(web_contents), | 105 : web_contents_(web_contents), |
| 89 security_state_model_(new SecurityStateModel()) { | 106 security_state_model_(new SecurityStateModel()) { |
| 90 security_state_model_->SetClient(this); | 107 security_state_model_->SetClient(this); |
| 91 } | 108 } |
| 92 | 109 |
| 93 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {} | 110 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {} |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 222 } | 239 } |
| 223 | 240 |
| 224 bool ChromeSecurityStateModelClient::IsOriginSecure(const GURL& url) { | 241 bool ChromeSecurityStateModelClient::IsOriginSecure(const GURL& url) { |
| 225 return content::IsOriginSecure(url); | 242 return content::IsOriginSecure(url); |
| 226 } | 243 } |
| 227 | 244 |
| 228 void ChromeSecurityStateModelClient::GetVisibleSecurityState( | 245 void ChromeSecurityStateModelClient::GetVisibleSecurityState( |
| 229 SecurityStateModel::VisibleSecurityState* state) { | 246 SecurityStateModel::VisibleSecurityState* state) { |
| 230 content::NavigationEntry* entry = | 247 content::NavigationEntry* entry = |
| 231 web_contents_->GetController().GetVisibleEntry(); | 248 web_contents_->GetController().GetVisibleEntry(); |
| 232 if (!entry || | 249 if (!entry) { |
| 233 entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN) { | |
| 234 *state = SecurityStateModel::VisibleSecurityState(); | 250 *state = SecurityStateModel::VisibleSecurityState(); |
| 235 return; | 251 return; |
| 236 } | 252 } |
| 237 | 253 |
| 254 if (entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN) { | |
|
estark
2016/08/25 06:54:06
nit: could you add a comment around here along the
felt
2016/08/25 15:17:27
Done.
| |
| 255 *state = SecurityStateModel::VisibleSecurityState(); | |
| 256 CheckSafeBrowsingStatus(entry, web_contents_, state); | |
| 257 return; | |
| 258 } | |
| 259 | |
| 238 state->connection_info_initialized = true; | 260 state->connection_info_initialized = true; |
| 239 state->url = entry->GetURL(); | 261 state->url = entry->GetURL(); |
| 240 const content::SSLStatus& ssl = entry->GetSSL(); | 262 const content::SSLStatus& ssl = entry->GetSSL(); |
| 241 state->initial_security_level = | 263 state->initial_security_level = |
| 242 GetSecurityLevelForSecurityStyle(ssl.security_style); | 264 GetSecurityLevelForSecurityStyle(ssl.security_style); |
| 243 state->cert_id = ssl.cert_id; | 265 state->cert_id = ssl.cert_id; |
| 244 state->cert_status = ssl.cert_status; | 266 state->cert_status = ssl.cert_status; |
| 245 state->connection_status = ssl.connection_status; | 267 state->connection_status = ssl.connection_status; |
| 246 state->security_bits = ssl.security_bits; | 268 state->security_bits = ssl.security_bits; |
| 247 state->pkp_bypassed = ssl.pkp_bypassed; | 269 state->pkp_bypassed = ssl.pkp_bypassed; |
| 248 state->sct_verify_statuses.clear(); | 270 state->sct_verify_statuses.clear(); |
| 249 state->sct_verify_statuses.insert(state->sct_verify_statuses.begin(), | 271 state->sct_verify_statuses.insert(state->sct_verify_statuses.begin(), |
| 250 ssl.sct_statuses.begin(), | 272 ssl.sct_statuses.begin(), |
| 251 ssl.sct_statuses.end()); | 273 ssl.sct_statuses.end()); |
| 252 state->displayed_mixed_content = | 274 state->displayed_mixed_content = |
| 253 !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT); | 275 !!(ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT); |
| 254 state->ran_mixed_content = | 276 state->ran_mixed_content = |
| 255 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); | 277 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); |
| 256 state->displayed_content_with_cert_errors = | 278 state->displayed_content_with_cert_errors = |
| 257 !!(ssl.content_status & | 279 !!(ssl.content_status & |
| 258 content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS); | 280 content::SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS); |
| 259 state->ran_content_with_cert_errors = | 281 state->ran_content_with_cert_errors = |
| 260 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); | 282 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); |
| 261 | 283 |
| 262 // Check to see whether the security state should be downgraded to reflect | 284 CheckSafeBrowsingStatus(entry, web_contents_, state); |
| 263 // a Safe Browsing verdict. | |
| 264 safe_browsing::SafeBrowsingService* sb_service = | |
| 265 g_browser_process->safe_browsing_service(); | |
| 266 if (!sb_service) | |
| 267 return; | |
| 268 scoped_refptr<SafeBrowsingUIManager> sb_ui_manager = sb_service->ui_manager(); | |
| 269 if (sb_ui_manager->IsUrlWhitelistedForWebContents(entry->GetURL(), false, | |
| 270 entry, web_contents_)) { | |
| 271 state->fails_malware_check = true; | |
| 272 state->initial_security_level = SecurityStateModel::SECURITY_ERROR; | |
| 273 } | |
| 274 } | 285 } |
| OLD | NEW |
