Chromium Code Reviews Chromium Code Reviews
Issue 2481743009:
Expose malware/phishing/etc. distinction from SafeBrowsingUIManager (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/security_state_model.h" | 5 #include "components/security_state/security_state_model.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 118 return SecurityStateModel::CONTENT_STATUS_NONE; | 118 return SecurityStateModel::CONTENT_STATUS_NONE; |
| 119 } | 119 } |
| 120 | 120 |
| 121 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest( | 121 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest( |
| 122 const SecurityStateModel::VisibleSecurityState& visible_security_state, | 122 const SecurityStateModel::VisibleSecurityState& visible_security_state, |
| 123 SecurityStateModelClient* client, | 123 SecurityStateModelClient* client, |
| 124 SecurityStateModel::SHA1DeprecationStatus sha1_status, | 124 SecurityStateModel::SHA1DeprecationStatus sha1_status, |
| 125 SecurityStateModel::ContentStatus mixed_content_status, | 125 SecurityStateModel::ContentStatus mixed_content_status, |
| 126 SecurityStateModel::ContentStatus content_with_cert_errors_status) { | 126 SecurityStateModel::ContentStatus content_with_cert_errors_status) { |
| 127 DCHECK(visible_security_state.connection_info_initialized || | 127 DCHECK(visible_security_state.connection_info_initialized || |
| 128 visible_security_state.fails_malware_check); | 128 visible_security_state.malicious_content_status != |
| 129 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE); | |
| 129 | 130 |
| 130 // Override the connection security information if the website failed the | 131 // Override the connection security information if the website failed the |
| 131 // browser's malware checks. | 132 // browser's malware checks. |
| 132 if (visible_security_state.fails_malware_check) | 133 if (visible_security_state.malicious_content_status != |
| 134 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE) { | |
| 133 return SecurityStateModel::DANGEROUS; | 135 return SecurityStateModel::DANGEROUS; |
| 136 } | |
| 134 | 137 |
| 135 GURL url = visible_security_state.url; | 138 GURL url = visible_security_state.url; |
| 136 | 139 |
| 137 bool is_cryptographic_with_certificate = | 140 bool is_cryptographic_with_certificate = |
| 138 (url.SchemeIsCryptographic() && visible_security_state.certificate); | 141 (url.SchemeIsCryptographic() && visible_security_state.certificate); |
| 139 | 142 |
| 140 // Set the security level to DANGEROUS for major certificate errors. | 143 // Set the security level to DANGEROUS for major certificate errors. |
| 141 if (is_cryptographic_with_certificate && | 144 if (is_cryptographic_with_certificate && |
| 142 net::IsCertStatusError(visible_security_state.cert_status) && | 145 net::IsCertStatusError(visible_security_state.cert_status) && |
| 143 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { | 146 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 201 } | 204 } |
| 202 return SecurityStateModel::SECURE; | 205 return SecurityStateModel::SECURE; |
| 203 } | 206 } |
| 204 | 207 |
| 205 void SecurityInfoForRequest( | 208 void SecurityInfoForRequest( |
| 206 SecurityStateModelClient* client, | 209 SecurityStateModelClient* client, |
| 207 const SecurityStateModel::VisibleSecurityState& visible_security_state, | 210 const SecurityStateModel::VisibleSecurityState& visible_security_state, |
| 208 SecurityStateModel::SecurityInfo* security_info) { | 211 SecurityStateModel::SecurityInfo* security_info) { |
| 209 if (!visible_security_state.connection_info_initialized) { | 212 if (!visible_security_state.connection_info_initialized) { |
| 210 *security_info = SecurityStateModel::SecurityInfo(); | 213 *security_info = SecurityStateModel::SecurityInfo(); |
| 211 security_info->fails_malware_check = | 214 security_info->malicious_content_status = |
| 212 visible_security_state.fails_malware_check; | 215 visible_security_state.malicious_content_status; |
| 213 if (security_info->fails_malware_check) { | 216 if (security_info->malicious_content_status != |
| 217 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE) { | |
|
Nathan Parker
2016/11/10 00:13:03
I don't understand what this logic does, but I tru
estark
2016/11/11 20:28:14
Yeah the whole |connection_info_initialized| thing
| |
| 214 security_info->security_level = GetSecurityLevelForRequest( | 218 security_info->security_level = GetSecurityLevelForRequest( |
| 215 visible_security_state, client, SecurityStateModel::UNKNOWN_SHA1, | 219 visible_security_state, client, SecurityStateModel::UNKNOWN_SHA1, |
| 216 SecurityStateModel::CONTENT_STATUS_UNKNOWN, | 220 SecurityStateModel::CONTENT_STATUS_UNKNOWN, |
| 217 SecurityStateModel::CONTENT_STATUS_UNKNOWN); | 221 SecurityStateModel::CONTENT_STATUS_UNKNOWN); |
| 218 } | 222 } |
| 219 return; | 223 return; |
| 220 } | 224 } |
| 221 security_info->certificate = visible_security_state.certificate; | 225 security_info->certificate = visible_security_state.certificate; |
| 222 security_info->sha1_deprecation_status = | 226 security_info->sha1_deprecation_status = |
| 223 GetSHA1DeprecationStatus(visible_security_state); | 227 GetSHA1DeprecationStatus(visible_security_state); |
| 224 security_info->mixed_content_status = | 228 security_info->mixed_content_status = |
| 225 GetContentStatus(visible_security_state.displayed_mixed_content, | 229 GetContentStatus(visible_security_state.displayed_mixed_content, |
| 226 visible_security_state.ran_mixed_content); | 230 visible_security_state.ran_mixed_content); |
| 227 security_info->content_with_cert_errors_status = GetContentStatus( | 231 security_info->content_with_cert_errors_status = GetContentStatus( |
| 228 visible_security_state.displayed_content_with_cert_errors, | 232 visible_security_state.displayed_content_with_cert_errors, |
| 229 visible_security_state.ran_content_with_cert_errors); | 233 visible_security_state.ran_content_with_cert_errors); |
| 230 security_info->security_bits = visible_security_state.security_bits; | 234 security_info->security_bits = visible_security_state.security_bits; |
| 231 security_info->connection_status = visible_security_state.connection_status; | 235 security_info->connection_status = visible_security_state.connection_status; |
| 232 security_info->key_exchange_group = visible_security_state.key_exchange_group; | 236 security_info->key_exchange_group = visible_security_state.key_exchange_group; |
| 233 security_info->cert_status = visible_security_state.cert_status; | 237 security_info->cert_status = visible_security_state.cert_status; |
| 234 security_info->scheme_is_cryptographic = | 238 security_info->scheme_is_cryptographic = |
| 235 visible_security_state.url.SchemeIsCryptographic(); | 239 visible_security_state.url.SchemeIsCryptographic(); |
| 236 security_info->obsolete_ssl_status = | 240 security_info->obsolete_ssl_status = |
| 237 net::ObsoleteSSLStatus(security_info->connection_status); | 241 net::ObsoleteSSLStatus(security_info->connection_status); |
| 238 security_info->pkp_bypassed = visible_security_state.pkp_bypassed; | 242 security_info->pkp_bypassed = visible_security_state.pkp_bypassed; |
| 239 security_info->sct_verify_statuses = | 243 security_info->sct_verify_statuses = |
| 240 visible_security_state.sct_verify_statuses; | 244 visible_security_state.sct_verify_statuses; |
| 241 | 245 |
| 242 security_info->fails_malware_check = | 246 security_info->malicious_content_status = |
| 243 visible_security_state.fails_malware_check; | 247 visible_security_state.malicious_content_status; |
| 244 | 248 |
| 245 security_info->displayed_private_user_data_input_on_http = | 249 security_info->displayed_private_user_data_input_on_http = |
| 246 visible_security_state.displayed_password_field_on_http || | 250 visible_security_state.displayed_password_field_on_http || |
| 247 visible_security_state.displayed_credit_card_field_on_http; | 251 visible_security_state.displayed_credit_card_field_on_http; |
| 248 | 252 |
| 249 security_info->security_level = GetSecurityLevelForRequest( | 253 security_info->security_level = GetSecurityLevelForRequest( |
| 250 visible_security_state, client, security_info->sha1_deprecation_status, | 254 visible_security_state, client, security_info->sha1_deprecation_status, |
| 251 security_info->mixed_content_status, | 255 security_info->mixed_content_status, |
| 252 security_info->content_with_cert_errors_status); | 256 security_info->content_with_cert_errors_status); |
| 253 } | 257 } |
| 254 | 258 |
| 255 } // namespace | 259 } // namespace |
| 256 | 260 |
| 257 const SecurityStateModel::SecurityLevel | 261 const SecurityStateModel::SecurityLevel |
| 258 SecurityStateModel::kDisplayedInsecureContentLevel = | 262 SecurityStateModel::kDisplayedInsecureContentLevel = |
| 259 SecurityStateModel::NONE; | 263 SecurityStateModel::NONE; |
| 260 const SecurityStateModel::SecurityLevel | 264 const SecurityStateModel::SecurityLevel |
| 261 SecurityStateModel::kRanInsecureContentLevel = | 265 SecurityStateModel::kRanInsecureContentLevel = |
| 262 SecurityStateModel::DANGEROUS; | 266 SecurityStateModel::DANGEROUS; |
| 263 | 267 |
| 264 SecurityStateModel::SecurityInfo::SecurityInfo() | 268 SecurityStateModel::SecurityInfo::SecurityInfo() |
| 265 : security_level(SecurityStateModel::NONE), | 269 : security_level(SecurityStateModel::NONE), |
| 266 fails_malware_check(false), | 270 malicious_content_status( |
| 271 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE), | |
| 267 sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1), | 272 sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1), |
| 268 mixed_content_status(SecurityStateModel::CONTENT_STATUS_NONE), | 273 mixed_content_status(SecurityStateModel::CONTENT_STATUS_NONE), |
| 269 content_with_cert_errors_status(SecurityStateModel::CONTENT_STATUS_NONE), | 274 content_with_cert_errors_status(SecurityStateModel::CONTENT_STATUS_NONE), |
| 270 scheme_is_cryptographic(false), | 275 scheme_is_cryptographic(false), |
| 271 cert_status(0), | 276 cert_status(0), |
| 272 security_bits(-1), | 277 security_bits(-1), |
| 273 connection_status(0), | 278 connection_status(0), |
| 274 key_exchange_group(0), | 279 key_exchange_group(0), |
| 275 obsolete_ssl_status(net::OBSOLETE_SSL_NONE), | 280 obsolete_ssl_status(net::OBSOLETE_SSL_NONE), |
| 276 pkp_bypassed(false), | 281 pkp_bypassed(false), |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 287 VisibleSecurityState new_visible_state; | 292 VisibleSecurityState new_visible_state; |
| 288 client_->GetVisibleSecurityState(&new_visible_state); | 293 client_->GetVisibleSecurityState(&new_visible_state); |
| 289 SecurityInfoForRequest(client_, new_visible_state, result); | 294 SecurityInfoForRequest(client_, new_visible_state, result); |
| 290 } | 295 } |
| 291 | 296 |
| 292 void SecurityStateModel::SetClient(SecurityStateModelClient* client) { | 297 void SecurityStateModel::SetClient(SecurityStateModelClient* client) { |
| 293 client_ = client; | 298 client_ = client; |
| 294 } | 299 } |
| 295 | 300 |
| 296 SecurityStateModel::VisibleSecurityState::VisibleSecurityState() | 301 SecurityStateModel::VisibleSecurityState::VisibleSecurityState() |
| 297 : fails_malware_check(false), | 302 : malicious_content_status( |
| 303 SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE), | |
| 298 connection_info_initialized(false), | 304 connection_info_initialized(false), |
| 299 cert_status(0), | 305 cert_status(0), |
| 300 connection_status(0), | 306 connection_status(0), |
| 301 key_exchange_group(0), | 307 key_exchange_group(0), |
| 302 security_bits(-1), | 308 security_bits(-1), |
| 303 displayed_mixed_content(false), | 309 displayed_mixed_content(false), |
| 304 ran_mixed_content(false), | 310 ran_mixed_content(false), |
| 305 displayed_content_with_cert_errors(false), | 311 displayed_content_with_cert_errors(false), |
| 306 ran_content_with_cert_errors(false), | 312 ran_content_with_cert_errors(false), |
| 307 pkp_bypassed(false), | 313 pkp_bypassed(false), |
| 308 displayed_password_field_on_http(false), | 314 displayed_password_field_on_http(false), |
| 309 displayed_credit_card_field_on_http(false) {} | 315 displayed_credit_card_field_on_http(false) {} |
| 310 | 316 |
| 311 SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {} | 317 SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {} |
| 312 | 318 |
| 313 bool SecurityStateModel::VisibleSecurityState::operator==( | 319 bool SecurityStateModel::VisibleSecurityState::operator==( |
| 314 const SecurityStateModel::VisibleSecurityState& other) const { | 320 const SecurityStateModel::VisibleSecurityState& other) const { |
| 315 return (url == other.url && | 321 return (url == other.url && |
| 316 fails_malware_check == other.fails_malware_check && | 322 malicious_content_status == other.malicious_content_status && |
| 317 !!certificate == !!other.certificate && | 323 !!certificate == !!other.certificate && |
|
Nathan Parker
2016/11/10 00:13:03
ooo I like all the the !!'s. That mirrors my mood
| |
| 318 (certificate ? certificate->Equals(other.certificate.get()) : true) && | 324 (certificate ? certificate->Equals(other.certificate.get()) : true) && |
| 319 connection_status == other.connection_status && | 325 connection_status == other.connection_status && |
| 320 key_exchange_group == other.key_exchange_group && | 326 key_exchange_group == other.key_exchange_group && |
| 321 security_bits == other.security_bits && | 327 security_bits == other.security_bits && |
| 322 sct_verify_statuses == other.sct_verify_statuses && | 328 sct_verify_statuses == other.sct_verify_statuses && |
| 323 displayed_mixed_content == other.displayed_mixed_content && | 329 displayed_mixed_content == other.displayed_mixed_content && |
| 324 ran_mixed_content == other.ran_mixed_content && | 330 ran_mixed_content == other.ran_mixed_content && |
| 325 displayed_content_with_cert_errors == | 331 displayed_content_with_cert_errors == |
| 326 other.displayed_content_with_cert_errors && | 332 other.displayed_content_with_cert_errors && |
| 327 ran_content_with_cert_errors == other.ran_content_with_cert_errors && | 333 ran_content_with_cert_errors == other.ran_content_with_cert_errors && |
| 328 pkp_bypassed == other.pkp_bypassed && | 334 pkp_bypassed == other.pkp_bypassed && |
| 329 displayed_password_field_on_http == | 335 displayed_password_field_on_http == |
| 330 other.displayed_password_field_on_http && | 336 other.displayed_password_field_on_http && |
| 331 displayed_credit_card_field_on_http == | 337 displayed_credit_card_field_on_http == |
| 332 other.displayed_credit_card_field_on_http); | 338 other.displayed_credit_card_field_on_http); |
| 333 } | 339 } |
| 334 | 340 |
| 335 } // namespace security_state | 341 } // namespace security_state |
| OLD | NEW |
