OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ | 5 #ifndef COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ |
6 #define COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ | 6 #define COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | |
9 | 10 |
11 #include "base/strings/string16.h" | |
10 #include "url/gurl.h" | 12 #include "url/gurl.h" |
11 | 13 |
12 namespace base { | 14 namespace base { |
13 class Value; | 15 class Value; |
14 } | 16 } |
15 | 17 |
16 namespace autofill { | 18 namespace autofill { |
17 | 19 |
18 struct PasswordForm; | 20 struct PasswordForm; |
19 | 21 |
20 // When logging decisions made by password management code about whether to | 22 // When logging decisions made by password management code about whether to |
21 // offer user-entered credentials for saving or not, do use this class. It | 23 // offer user-entered credentials for saving or not, do use this class. It |
22 // offers a suite of convenience methods to format and scrub logs. The methods | 24 // offers a suite of convenience methods to format and scrub logs. The methods |
23 // have built-in privacy protections (never include a password, scrub URLs), so | 25 // have built-in privacy protections (never include a password, scrub URLs), so |
24 // that the result is appropriate for display on the internals page. | 26 // that the result is appropriate for display on the internals page. |
25 // | 27 // |
26 // To use this class, the method SendLog needs to be overriden to send the logs | 28 // To use this class, the method SendLog needs to be overriden to send the logs |
27 // for display as appropriate. | 29 // for display as appropriate. |
28 // | 30 // |
29 // TODO(vabr): Logically, this class belongs to the password_manager component. | 31 // TODO(vabr): Logically, this class belongs to the password_manager component. |
30 // But the PasswordAutofillAgent needs to use it, so until that agent is in a | 32 // But the PasswordAutofillAgent needs to use it, so until that agent is in a |
31 // third component, shared by autofill and password_manager, this helper needs | 33 // third component, shared by autofill and password_manager, this helper needs |
32 // to stay in autofill as well. | 34 // to stay in autofill as well. |
33 class SavePasswordProgressLogger { | 35 class SavePasswordProgressLogger { |
34 public: | 36 public: |
35 // All three possible decisions about saving a password. Call LogFinalDecision | 37 // IDs of strings allowed in the logs: for security reasons, we only pass the |
36 // as soon as one is taken by the password management code. | 38 // IDs from the renderer, and map them to strings in the browser. |
37 enum Decision { DECISION_SAVE, DECISION_ASK, DECISION_DROP }; | 39 // Make sure to keep this in the same order as |kIDsToMessages| in the .cc |
40 // file. | |
Ilya Sherman
2014/04/12 00:00:51
Rather than requiring the order to match, please j
vabr (Chromium)
2014/04/13 20:12:30
Done.
| |
41 // The code relies on them being automatically numbered, starting with 0 and | |
42 // increasing by 1 (guaranteed by the C++ standard, see ISO/IEC 14882:2003 | |
43 // 7.2.1). | |
44 enum StringID { | |
45 STRING_DECISION_ASK, | |
46 STRING_DECISION_DROP, | |
47 STRING_DECISION_SAVE, | |
48 STRING_METHOD, | |
49 STRING_METHOD_GET, | |
50 STRING_METHOD_POST, | |
51 STRING_METHOD_EMPTY, | |
52 STRING_OTHER, | |
53 STRING_SCHEME_HTML, | |
54 STRING_SCHEME_BASIC, | |
55 STRING_SCHEME_DIGEST, | |
56 STRING_SCHEME_MESSAGE, | |
57 STRING_SIGNON_REALM, | |
58 STRING_ORIGINAL_SIGNON_REALM, | |
59 STRING_ORIGIN, | |
60 STRING_ACTION, | |
61 STRING_USERNAME_ELEMENT, | |
62 STRING_PASSWORD_ELEMENT, | |
63 STRING_PASSWORD_AUTOCOMPLETE_SET, | |
64 STRING_OLD_PASSWORD_ELEMENT, | |
65 STRING_SSL_VALID, | |
66 STRING_PASSWORD_GENERATED, | |
67 STRING_TIMES_USED, | |
68 STRING_USE_ADDITIONAL_AUTHENTICATION, | |
69 STRING_PSL_MATCH, | |
70 STRING_NAME_OR_ID, | |
71 STRING_MESSAGE, | |
72 STRING_INVALID, // Represents a string returned in a case of an error. | |
73 STRING_MAX = STRING_INVALID | |
74 }; | |
75 | |
76 // A "structured" log, as opposed to just a log string, is passed from the | |
77 // place of log creation (which might be in a renderer code) to browser for | |
78 // display. We need to keep it structured to allow browser-side sanitization | |
79 // for security reasons. | |
80 struct StructuredLog { | |
81 // Each log has one of these types. Depending on the type, the valid data | |
82 // members are shown in comments (in addition to |log_type| itself). | |
83 enum LogType { | |
84 LOG_TYPE_LABEL, // |label| | |
85 LOG_TYPE_GURL, // |label|, |url| | |
86 LOG_TYPE_MESSAGE, // |label|, |message| | |
87 LOG_TYPE_NUMBER, // |label|, |number| | |
88 LOG_TYPE_BOOL, // |label|, |truth_value| | |
89 LOG_TYPE_ELEMENT_ID, // |label|, |element_id| | |
90 LOG_TYPE_MAX = LOG_TYPE_ELEMENT_ID | |
91 }; | |
92 | |
93 LogType log_type; | |
94 StringID label; | |
95 // The members below would ideally form a union, but cannot, because of | |
96 // non-POD members. The size overhead does not seem worse than having | |
97 // multiple IPC methods specialized for each possible log type. | |
98 GURL url; | |
99 StringID message; | |
100 int number; | |
101 bool truth_value; | |
102 // Only use |element_id| to store an HTML element name or id; for security | |
103 // reasons all characters other than alphanumeric ones will be replaced by | |
104 // spaces. | |
105 std::string element_id; | |
106 | |
107 StructuredLog(); | |
108 explicit StructuredLog(StringID label); | |
109 StructuredLog(StringID label, GURL url); | |
110 StructuredLog(StringID label, StringID message); | |
111 StructuredLog(StringID label, int number); | |
112 StructuredLog(StringID label, bool truth_value); | |
113 StructuredLog(StringID label, const std::string& element_id); | |
114 StructuredLog(StringID label, const base::string16& element_id); | |
115 ~StructuredLog(); | |
116 | |
117 // Equality operators for testing. | |
118 bool operator==(const StructuredLog& form) const; | |
119 bool operator!=(const StructuredLog& form) const; | |
120 }; | |
Ilya Sherman
2014/04/12 00:00:51
I'm not convinced that passing a struct rather tha
vabr (Chromium)
2014/04/12 09:11:38
My understanding is that LogFoo don't actually pre
Ilya Sherman
2014/04/12 22:25:31
I would keep the previous IPC design, i.e. just se
vabr (Chromium)
2014/04/16 20:55:36
Done.
| |
38 | 121 |
39 SavePasswordProgressLogger(); | 122 SavePasswordProgressLogger(); |
40 virtual ~SavePasswordProgressLogger(); | 123 virtual ~SavePasswordProgressLogger(); |
41 | 124 |
42 // Logging: specialized methods (for logging forms, URLs, etc.) take care of | 125 // Call SanitizeStructuredLogs only in the browser, to get a safe-for-display |
43 // proper removing of sensitive data where appropriate. | 126 // string representation of |logs|. The vector |logs| needs to be organised in |
44 void LogPasswordForm(const std::string& message, | 127 // one of the two following ways: |
128 // 1) there is only one log in the vector, of type different than | |
129 // LOG_TYPE_LABEL, or | |
130 // 2) there are more logs, and exactly the first one has type LOG_TYPE_LABEL, | |
131 // providing a label for the whole group. | |
132 static std::string SanitizeStructuredLogs( | |
133 const std::vector<StructuredLog>& logs); | |
Ilya Sherman
2014/04/12 00:00:51
How about only making this function available in t
vabr (Chromium)
2014/04/16 20:55:36
That function is gone.
| |
134 | |
135 // Logging: these methods create and send a StructuredLog for sanitization and | |
136 // display. | |
137 void LogPasswordForm(StringID label, | |
45 const autofill::PasswordForm& form); | 138 const autofill::PasswordForm& form); |
46 void LogHTMLForm(const std::string& message, | 139 void LogHTMLForm(StringID label, |
47 const std::string& name_or_id, | 140 const std::string& name_or_id, |
48 const std::string& method, | 141 const std::string& method, |
49 const GURL& action); | 142 const GURL& action); |
50 void LogURL(const std::string& message, const GURL& url); | 143 void LogURL(StringID label, const GURL& url); |
51 void LogBoolean(const std::string& message, bool value); | 144 void LogBoolean(StringID label, bool value); |
52 void LogNumber(const std::string& message, int value); | 145 void LogNumber(StringID label, int value); |
53 void LogNumber(const std::string& message, size_t value); | 146 void LogNumber(StringID label, size_t value); |
54 void LogFinalDecision(Decision decision); | 147 void LogMessage(StringID message); |
55 // Do not use LogMessage when there is an appropriate specialized method | |
56 // above. LogMessage performs no scrubbing of sensitive data. | |
57 void LogMessage(const std::string& message); | |
58 | 148 |
59 protected: | 149 protected: |
60 // Sends |log| immediately for display. | 150 // Sends |logs| immediately for display. |
61 virtual void SendLog(const std::string& log) = 0; | 151 virtual void SendLog(const std::vector<StructuredLog>& logs) = 0; |
62 | 152 |
63 private: | 153 private: |
64 // Takes a structured |log|, converts it to a string suitable for plain text | |
65 // output, adds the |name| as a caption, and sends out via SendLog. | |
66 void LogValue(const std::string& name, const base::Value& log); | |
67 | |
68 DISALLOW_COPY_AND_ASSIGN(SavePasswordProgressLogger); | 154 DISALLOW_COPY_AND_ASSIGN(SavePasswordProgressLogger); |
69 }; | 155 }; |
70 | 156 |
71 } // namespace autofill | 157 } // namespace autofill |
72 | 158 |
73 #endif // COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ | 159 #endif // COMPONENTS_AUTOFILL_CORE_COMMON_SAVE_PASSWORD_PROGRESS_LOGGER_H_ |
OLD | NEW |