Record time to navigation/tab-closed after HTTP-bad warning

chrome/browser/ssl/security_state_tab_helper.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/security_state_tab_helper.h"
 
 #include "base/bind.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/time/time.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "components/security_state/content/content_utils.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/navigation_handle.h"
@@ skipping 29 matching lines @@
   if (logged_http_warning_on_current_navigation_)
     return;
 
   security_state::SecurityInfo security_info;
   GetSecurityInfo(&security_info);
   if (!security_info.displayed_password_field_on_http &&
       !security_info.displayed_credit_card_field_on_http) {
     return;
   }
 
+  DCHECK(time_of_http_warning_on_current_navigation_.is_null());
+  time_of_http_warning_on_current_navigation_ = base::Time::Now();
+
   std::string warning;
   bool warning_is_user_visible = false;
   switch (security_info.security_level) {
     case security_state::HTTP_SHOW_WARNING:
       warning =
           "This page includes a password or credit card input in a non-secure "
           "context. A warning has been added to the URL bar. For more "
           "information, see https://goo.gl/zmWq3m.";
       warning_is_user_visible = true;
       break;
@@ skipping 17 matching lines @@
         "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard",
         warning_is_user_visible);
   }
   if (security_info.displayed_password_field_on_http) {
     UMA_HISTOGRAM_BOOLEAN(
         "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password",
         warning_is_user_visible);
   }
 }
 
+void SecurityStateTabHelper::DidStartNavigation(
+    content::NavigationHandle* navigation_handle) {
+  if (time_of_http_warning_on_current_navigation_.is_null() ||
+      !navigation_handle->IsInMainFrame() || navigation_handle->IsSamePage()) {
+    return;
+  }
+  // Record how quickly a user leaves a site after encountering an
+  // HTTP-bad warning. A navigation here only counts if it is a
+  // main-frame, not-same-page navigation, since it aims to measure how
+  // quickly a user leaves a site after seeing the HTTP warning.
+  UMA_HISTOGRAM_LONG_TIMES(
+      "Security.HTTPBad.NavigationStartedAfterUserWarnedAboutSensitiveInput",
+      base::Time::Now() - time_of_http_warning_on_current_navigation_);
+  // After recording the histogram, clear the time of the warning. A
+  // timing histogram will not be recorded again on this page, because
+  // the time is only set the first time the HTTP-bad warning is shown
+  // per page.
+  time_of_http_warning_on_current_navigation_ = base::Time();
+}
+
 void SecurityStateTabHelper::DidFinishNavigation(
     content::NavigationHandle* navigation_handle) {
   if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) {
     // Only reset the console message flag for main-frame navigations,
     // and not for same-page navigations like reference fragments and pushState.
     logged_http_warning_on_current_navigation_ = false;
   }
 }
 
+void SecurityStateTabHelper::WebContentsDestroyed() {
+  if (time_of_http_warning_on_current_navigation_.is_null()) {
+    return;
+  }
+  // Record how quickly the tab is closed after a user encounters an
+  // HTTP-bad warning. This histogram will only be recorded if the
+  // WebContents is destroyed before another navigation begins.
+  UMA_HISTOGRAM_LONG_TIMES(
+      "Security.HTTPBad.WebContentsDestroyedAfterUserWarnedAboutSensitiveInput",
+      base::Time::Now() - time_of_http_warning_on_current_navigation_);
+}
+
 bool SecurityStateTabHelper::UsedPolicyInstalledCertificate() const {
 #if defined(OS_CHROMEOS)
   policy::PolicyCertService* service =
       policy::PolicyCertServiceFactory::GetForProfile(
           Profile::FromBrowserContext(web_contents()->GetBrowserContext()));
   if (service && service->UsedPolicyCertificates())
     return true;
 #endif
   return false;
 }
@@ skipping 44 matching lines @@
 std::unique_ptr<security_state::VisibleSecurityState>
 SecurityStateTabHelper::GetVisibleSecurityState() const {
   auto state = security_state::GetVisibleSecurityState(web_contents());
 
   // Malware status might already be known even if connection security
   // information is still being initialized, thus no need to check for that.
   state->malicious_content_status = GetMaliciousContentStatus();
 
   return state;
 }