OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/autofill/core/common/save_password_progress_logger.h" | 5 #include "components/autofill/core/common/save_password_progress_logger.h" |
6 | 6 |
7 #include <algorithm> | |
8 | |
7 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
8 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/memory/scoped_ptr.h" | |
Ilya Sherman
2014/04/19 07:51:22
nit: Not needed?
vabr (Chromium)
2014/04/19 19:35:02
Done.
| |
9 #include "base/numerics/safe_conversions.h" | 12 #include "base/numerics/safe_conversions.h" |
13 #include "base/strings/string16.h" | |
14 #include "base/strings/string_util.h" | |
15 #include "base/strings/utf_string_conversions.h" | |
10 #include "base/values.h" | 16 #include "base/values.h" |
11 #include "components/autofill/core/common/password_form.h" | 17 #include "components/autofill/core/common/password_form.h" |
12 | 18 |
13 using base::checked_cast; | 19 using base::checked_cast; |
14 using base::Value; | 20 using base::Value; |
15 using base::DictionaryValue; | 21 using base::DictionaryValue; |
16 using base::FundamentalValue; | 22 using base::FundamentalValue; |
17 using base::StringValue; | 23 using base::StringValue; |
18 | 24 |
19 namespace autofill { | 25 namespace autofill { |
20 | 26 |
21 namespace { | 27 namespace { |
22 | 28 |
29 // Note 1: Caching the ID->string map in an array would be probably faster, but | |
30 // the switch statement is (a) robust against re-ordering, and (b) checks in | |
31 // compile-time, that all IDs get a string assigned. The expected frequency of | |
32 // calls is low enough (in particular, zero if password manager internals page | |
33 // is not open), that optimizing for code robustness is preferred against speed. | |
34 // Note 2: The messages can be used as dictionary keys. Do not use '.' in them. | |
35 std::string GetStringFromID(SavePasswordProgressLogger::StringID id) { | |
36 switch (id) { | |
37 case SavePasswordProgressLogger::STRING_DECISION_ASK: | |
38 return "Decision: ASK the user"; | |
39 case SavePasswordProgressLogger::STRING_DECISION_DROP: | |
40 return "Decision: DROP the password"; | |
41 case SavePasswordProgressLogger::STRING_DECISION_SAVE: | |
42 return "Decision: SAVE the password"; | |
43 case SavePasswordProgressLogger::STRING_METHOD: | |
44 return "Form method"; | |
45 case SavePasswordProgressLogger::STRING_METHOD_GET: | |
46 return "GET"; | |
47 case SavePasswordProgressLogger::STRING_METHOD_POST: | |
48 return "POST"; | |
49 case SavePasswordProgressLogger::STRING_METHOD_EMPTY: | |
50 return "(empty)"; | |
51 case SavePasswordProgressLogger::STRING_OTHER: | |
52 return "(other)"; | |
53 case SavePasswordProgressLogger::STRING_SCHEME_HTML: | |
54 return "HTML"; | |
55 case SavePasswordProgressLogger::STRING_SCHEME_BASIC: | |
56 return "Basic"; | |
57 case SavePasswordProgressLogger::STRING_SCHEME_DIGEST: | |
58 return "Digest"; | |
59 case SavePasswordProgressLogger::STRING_SCHEME_MESSAGE: | |
60 return "Scheme"; | |
61 case SavePasswordProgressLogger::STRING_SIGNON_REALM: | |
62 return "Signon realm"; | |
63 case SavePasswordProgressLogger::STRING_ORIGINAL_SIGNON_REALM: | |
64 return "Original signon realm"; | |
65 case SavePasswordProgressLogger::STRING_ORIGIN: | |
66 return "Origin"; | |
67 case SavePasswordProgressLogger::STRING_ACTION: | |
68 return "Action"; | |
69 case SavePasswordProgressLogger::STRING_USERNAME_ELEMENT: | |
70 return "Username element"; | |
71 case SavePasswordProgressLogger::STRING_PASSWORD_ELEMENT: | |
72 return "Password element"; | |
73 case SavePasswordProgressLogger::STRING_PASSWORD_AUTOCOMPLETE_SET: | |
74 return "Password autocomplete set"; | |
75 case SavePasswordProgressLogger::STRING_OLD_PASSWORD_ELEMENT: | |
76 return "Old password element"; | |
77 case SavePasswordProgressLogger::STRING_SSL_VALID: | |
78 return "SSL valid"; | |
79 case SavePasswordProgressLogger::STRING_PASSWORD_GENERATED: | |
80 return "Password generated"; | |
81 case SavePasswordProgressLogger::STRING_TIMES_USED: | |
82 return "Times used"; | |
83 case SavePasswordProgressLogger::STRING_USE_ADDITIONAL_AUTHENTICATION: | |
84 return "Use additional authentication"; | |
85 case SavePasswordProgressLogger::STRING_PSL_MATCH: | |
86 return "PSL match"; | |
87 case SavePasswordProgressLogger::STRING_NAME_OR_ID: | |
88 return "Form name or ID"; | |
89 case SavePasswordProgressLogger::STRING_MESSAGE: | |
90 return "Message"; | |
91 case SavePasswordProgressLogger::STRING_INVALID: | |
92 return "INVALID"; | |
93 // Intentionally no default: clause here -- all IDs need to get covered. | |
94 } | |
95 NOTREACHED(); // Win compilers don't believe this is unreachable. | |
96 return std::string(); | |
97 }; | |
98 | |
23 // Removes privacy sensitive parts of |url| (currently all but host and scheme). | 99 // Removes privacy sensitive parts of |url| (currently all but host and scheme). |
24 std::string ScrubURL(const GURL& url) { | 100 std::string ScrubURL(const GURL& url) { |
25 if (url.is_valid()) | 101 if (url.is_valid()) |
26 return url.GetWithEmptyPath().spec(); | 102 return url.GetWithEmptyPath().spec(); |
27 return std::string(); | 103 return std::string(); |
28 } | 104 } |
29 | 105 |
106 // Returns true for all characters which we don't want to see in the logged IDs | |
107 // or names of HTML elements. | |
108 bool IsUnwantedInElementID(char c) { | |
109 return !(c == '_' || c == '-' || IsAsciiAlpha(c) || IsAsciiDigit(c)); | |
110 } | |
111 | |
112 // Replaces all characters satisfying IsUnwantedInElementID by a ' ', and turns | |
113 // all characters to lowercase. This damages some valid HTML element IDs or | |
114 // names, but it is likely that it will be still possible to match the scrubbed | |
115 // string to the original ID or name in the HTML doc. That's good enough for the | |
116 // logging purposes, and provides some security benefits. | |
117 std::string ScrubElementID(std::string element_id) { | |
118 std::replace_if( | |
119 element_id.begin(), element_id.end(), IsUnwantedInElementID, ' '); | |
120 return StringToLowerASCII(element_id); | |
121 } | |
122 | |
123 std::string ScrubElementID(base::string16 element_id) { | |
Ilya Sherman
2014/04/19 07:51:22
nit: Pass by const-reference.
vabr (Chromium)
2014/04/19 19:35:02
Thanks! This was a silly copy-paste from the 8-bit
| |
124 return ScrubElementID(base::UTF16ToUTF8(element_id)); | |
125 } | |
126 | |
30 std::string FormSchemeToString(PasswordForm::Scheme scheme) { | 127 std::string FormSchemeToString(PasswordForm::Scheme scheme) { |
128 SavePasswordProgressLogger::StringID result_id = | |
129 SavePasswordProgressLogger::STRING_INVALID; | |
31 switch (scheme) { | 130 switch (scheme) { |
32 case PasswordForm::SCHEME_HTML: | 131 case PasswordForm::SCHEME_HTML: |
33 return "HTML"; | 132 result_id = SavePasswordProgressLogger::STRING_SCHEME_HTML; |
133 break; | |
34 case PasswordForm::SCHEME_BASIC: | 134 case PasswordForm::SCHEME_BASIC: |
35 return "BASIC"; | 135 result_id = SavePasswordProgressLogger::STRING_SCHEME_BASIC; |
136 break; | |
36 case PasswordForm::SCHEME_DIGEST: | 137 case PasswordForm::SCHEME_DIGEST: |
37 return "DIGEST"; | 138 result_id = SavePasswordProgressLogger::STRING_SCHEME_DIGEST; |
139 break; | |
38 case PasswordForm::SCHEME_OTHER: | 140 case PasswordForm::SCHEME_OTHER: |
39 return "OTHER"; | 141 result_id = SavePasswordProgressLogger::STRING_OTHER; |
142 break; | |
40 } | 143 } |
41 NOTREACHED(); // Win compilers don't believe this is unreachable. | 144 return GetStringFromID(result_id); |
42 return std::string(); | |
43 } | 145 } |
44 | 146 |
45 StringValue DecisionToStringValue( | 147 std::string FormMethodToString(const std::string& method) { |
46 SavePasswordProgressLogger::Decision decision) { | 148 std::string method_processed; |
47 switch (decision) { | 149 base::TrimWhitespaceASCII( |
48 case SavePasswordProgressLogger::DECISION_SAVE: | 150 StringToLowerASCII(method), base::TRIM_ALL, &method_processed); |
49 return StringValue("SAVE the password"); | 151 SavePasswordProgressLogger::StringID result_id = |
50 case SavePasswordProgressLogger::DECISION_ASK: | 152 SavePasswordProgressLogger::STRING_OTHER; |
51 return StringValue("ASK the user whether to save the password"); | 153 if (method_processed.empty()) |
52 case SavePasswordProgressLogger::DECISION_DROP: | 154 result_id = SavePasswordProgressLogger::STRING_METHOD_EMPTY; |
53 return StringValue("DROP the password"); | 155 else if (method_processed == "get") |
54 } | 156 result_id = SavePasswordProgressLogger::STRING_METHOD_GET; |
55 NOTREACHED(); // Win compilers don't believe this is unreachable. | 157 else if (method_processed == "post") |
56 return StringValue(std::string()); | 158 result_id = SavePasswordProgressLogger::STRING_METHOD_POST; |
159 return GetStringFromID(result_id); | |
57 } | 160 } |
58 | 161 |
59 } // namespace | 162 } // namespace |
60 | 163 |
61 SavePasswordProgressLogger::SavePasswordProgressLogger() {} | 164 SavePasswordProgressLogger::SavePasswordProgressLogger() { |
62 | |
63 SavePasswordProgressLogger::~SavePasswordProgressLogger() {} | |
64 | |
65 void SavePasswordProgressLogger::LogPasswordForm(const std::string& message, | |
66 const PasswordForm& form) { | |
67 DictionaryValue log; | |
68 // Do not use the "<<" operator for PasswordForms, because it also prints | |
69 // passwords. Also, that operator is only for testing. | |
70 log.SetString("scheme", FormSchemeToString(form.scheme)); | |
71 log.SetString("signon realm", ScrubURL(GURL(form.signon_realm))); | |
72 log.SetString("original signon realm", | |
73 ScrubURL(GURL(form.original_signon_realm))); | |
74 log.SetString("origin", ScrubURL(form.origin)); | |
75 log.SetString("action", ScrubURL(form.action)); | |
76 log.SetString("username element", form.username_element); | |
77 log.SetString("password element", form.password_element); | |
78 log.SetBoolean("password autocomplete set", form.password_autocomplete_set); | |
79 log.SetString("old password element", form.old_password_element); | |
80 log.SetBoolean("ssl valid", form.ssl_valid); | |
81 log.SetBoolean("password generated", | |
82 form.type == PasswordForm::TYPE_GENERATED); | |
83 log.SetInteger("times used", form.times_used); | |
84 log.SetBoolean("use additional authentication", | |
85 form.use_additional_authentication); | |
86 log.SetBoolean("is PSL match", form.IsPublicSuffixMatch()); | |
87 LogValue(message, log); | |
88 } | 165 } |
89 | 166 |
90 void SavePasswordProgressLogger::LogHTMLForm(const std::string& message, | 167 SavePasswordProgressLogger::~SavePasswordProgressLogger() { |
91 const std::string& name_or_id, | |
92 const std::string& method, | |
93 const GURL& action) { | |
94 DictionaryValue log; | |
95 log.SetString("name_or_id", name_or_id); | |
96 log.SetString("method", method); | |
97 log.SetString("action", ScrubURL(action)); | |
98 LogValue(message, log); | |
99 } | 168 } |
100 | 169 |
101 void SavePasswordProgressLogger::LogURL(const std::string& message, | 170 void SavePasswordProgressLogger::LogPasswordForm( |
102 const GURL& url) { | 171 SavePasswordProgressLogger::StringID label, |
103 LogValue(message, StringValue(ScrubURL(url))); | 172 const PasswordForm& form) { |
173 DictionaryValue log; | |
174 log.SetString(GetStringFromID(STRING_SCHEME_MESSAGE), | |
175 FormSchemeToString(form.scheme)); | |
176 log.SetString(GetStringFromID(STRING_SCHEME_MESSAGE), | |
177 FormSchemeToString(form.scheme)); | |
178 log.SetString(GetStringFromID(STRING_SIGNON_REALM), | |
179 ScrubURL(GURL(form.signon_realm))); | |
180 log.SetString(GetStringFromID(STRING_ORIGINAL_SIGNON_REALM), | |
181 ScrubURL(GURL(form.original_signon_realm))); | |
182 log.SetString(GetStringFromID(STRING_ORIGIN), ScrubURL(form.origin)); | |
183 log.SetString(GetStringFromID(STRING_ACTION), ScrubURL(form.action)); | |
184 log.SetString(GetStringFromID(STRING_USERNAME_ELEMENT), | |
185 ScrubElementID(form.username_element)); | |
186 log.SetString(GetStringFromID(STRING_PASSWORD_ELEMENT), | |
187 ScrubElementID(form.password_element)); | |
188 log.SetBoolean(GetStringFromID(STRING_PASSWORD_AUTOCOMPLETE_SET), | |
189 form.password_autocomplete_set); | |
190 log.SetString(GetStringFromID(STRING_OLD_PASSWORD_ELEMENT), | |
191 ScrubElementID(form.old_password_element)); | |
192 log.SetBoolean(GetStringFromID(STRING_SSL_VALID), form.ssl_valid); | |
193 log.SetBoolean(GetStringFromID(STRING_PASSWORD_GENERATED), | |
194 form.type == PasswordForm::TYPE_GENERATED); | |
195 log.SetInteger(GetStringFromID(STRING_TIMES_USED), form.times_used); | |
196 log.SetBoolean(GetStringFromID(STRING_USE_ADDITIONAL_AUTHENTICATION), | |
197 form.use_additional_authentication); | |
198 log.SetBoolean(GetStringFromID(STRING_PSL_MATCH), form.IsPublicSuffixMatch()); | |
199 LogValue(label, log); | |
104 } | 200 } |
105 | 201 |
106 void SavePasswordProgressLogger::LogBoolean(const std::string& message, | 202 void SavePasswordProgressLogger::LogHTMLForm( |
107 bool value) { | 203 SavePasswordProgressLogger::StringID label, |
108 LogValue(message, FundamentalValue(value)); | 204 const std::string& name_or_id, |
205 const std::string& method, | |
206 const GURL& action) { | |
207 DictionaryValue log; | |
208 log.SetString(GetStringFromID(STRING_NAME_OR_ID), ScrubElementID(name_or_id)); | |
209 log.SetString(GetStringFromID(STRING_METHOD), FormMethodToString(method)); | |
210 log.SetString(GetStringFromID(STRING_ACTION), ScrubURL(action)); | |
211 LogValue(label, log); | |
109 } | 212 } |
110 | 213 |
111 void SavePasswordProgressLogger::LogNumber(const std::string& message, | 214 void SavePasswordProgressLogger::LogURL( |
112 int value) { | 215 SavePasswordProgressLogger::StringID label, |
113 LogValue(message, FundamentalValue(value)); | 216 const GURL& url) { |
217 LogValue(label, StringValue(ScrubURL(url))); | |
114 } | 218 } |
115 | 219 |
116 void SavePasswordProgressLogger::LogNumber(const std::string& message, | 220 void SavePasswordProgressLogger::LogBoolean( |
117 size_t value) { | 221 SavePasswordProgressLogger::StringID label, |
118 LogValue(message, FundamentalValue(checked_cast<int, size_t>(value))); | 222 bool truth_value) { |
223 LogValue(label, FundamentalValue(truth_value)); | |
119 } | 224 } |
120 | 225 |
121 void SavePasswordProgressLogger::LogFinalDecision(Decision decision) { | 226 void SavePasswordProgressLogger::LogNumber( |
122 LogValue("Final decision taken", DecisionToStringValue(decision)); | 227 SavePasswordProgressLogger::StringID label, |
228 int signed_number) { | |
229 LogValue(label, FundamentalValue(signed_number)); | |
123 } | 230 } |
124 | 231 |
125 void SavePasswordProgressLogger::LogMessage(const std::string& message) { | 232 void SavePasswordProgressLogger::LogNumber( |
126 LogValue("Message", StringValue(message)); | 233 SavePasswordProgressLogger::StringID label, |
234 size_t unsigned_number) { | |
235 int signed_number = checked_cast<int, size_t>(unsigned_number); | |
236 LogNumber(label, signed_number); | |
127 } | 237 } |
128 | 238 |
129 void SavePasswordProgressLogger::LogValue(const std::string& name, | 239 void SavePasswordProgressLogger::LogMessage( |
130 const Value& log) { | 240 SavePasswordProgressLogger::StringID message) { |
241 LogValue(STRING_MESSAGE, StringValue(GetStringFromID(message))); | |
242 } | |
243 | |
244 void SavePasswordProgressLogger::LogValue(StringID label, const Value& log) { | |
131 std::string log_string; | 245 std::string log_string; |
132 bool conversion_to_string_successful = base::JSONWriter::WriteWithOptions( | 246 bool conversion_to_string_successful = base::JSONWriter::WriteWithOptions( |
133 &log, base::JSONWriter::OPTIONS_PRETTY_PRINT, &log_string); | 247 &log, base::JSONWriter::OPTIONS_PRETTY_PRINT, &log_string); |
134 DCHECK(conversion_to_string_successful); | 248 DCHECK(conversion_to_string_successful); |
135 SendLog(name + ": " + log_string); | 249 SendLog(GetStringFromID(label) + ": " + log_string); |
136 } | 250 } |
137 | 251 |
138 } // namespace autofill | 252 } // namespace autofill |
OLD | NEW |