OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/security_state_tab_helper.h" | 5 #include "chrome/browser/ssl/security_state_tab_helper.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/metrics/histogram_macros.h" | 8 #include "base/metrics/histogram_macros.h" |
| 9 #include "base/time/time.h" |
9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
10 #include "chrome/browser/browser_process.h" | 11 #include "chrome/browser/browser_process.h" |
11 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 12 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
12 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 13 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
13 #include "chrome/browser/profiles/profile.h" | 14 #include "chrome/browser/profiles/profile.h" |
14 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 15 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
15 #include "chrome/browser/safe_browsing/ui_manager.h" | 16 #include "chrome/browser/safe_browsing/ui_manager.h" |
16 #include "components/security_state/content/content_utils.h" | 17 #include "components/security_state/content/content_utils.h" |
17 #include "content/public/browser/navigation_entry.h" | 18 #include "content/public/browser/navigation_entry.h" |
18 #include "content/public/browser/navigation_handle.h" | 19 #include "content/public/browser/navigation_handle.h" |
(...skipping 29 matching lines...) Expand all Loading... |
48 if (logged_http_warning_on_current_navigation_) | 49 if (logged_http_warning_on_current_navigation_) |
49 return; | 50 return; |
50 | 51 |
51 security_state::SecurityInfo security_info; | 52 security_state::SecurityInfo security_info; |
52 GetSecurityInfo(&security_info); | 53 GetSecurityInfo(&security_info); |
53 if (!security_info.displayed_password_field_on_http && | 54 if (!security_info.displayed_password_field_on_http && |
54 !security_info.displayed_credit_card_field_on_http) { | 55 !security_info.displayed_credit_card_field_on_http) { |
55 return; | 56 return; |
56 } | 57 } |
57 | 58 |
| 59 DCHECK(time_of_http_warning_on_current_navigation_.is_null()); |
| 60 time_of_http_warning_on_current_navigation_ = base::Time::Now(); |
| 61 |
58 std::string warning; | 62 std::string warning; |
59 bool warning_is_user_visible = false; | 63 bool warning_is_user_visible = false; |
60 switch (security_info.security_level) { | 64 switch (security_info.security_level) { |
61 case security_state::HTTP_SHOW_WARNING: | 65 case security_state::HTTP_SHOW_WARNING: |
62 warning = | 66 warning = |
63 "This page includes a password or credit card input in a non-secure " | 67 "This page includes a password or credit card input in a non-secure " |
64 "context. A warning has been added to the URL bar. For more " | 68 "context. A warning has been added to the URL bar. For more " |
65 "information, see https://goo.gl/zmWq3m."; | 69 "information, see https://goo.gl/zmWq3m."; |
66 warning_is_user_visible = true; | 70 warning_is_user_visible = true; |
67 break; | 71 break; |
(...skipping 17 matching lines...) Expand all Loading... |
85 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard", | 89 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard", |
86 warning_is_user_visible); | 90 warning_is_user_visible); |
87 } | 91 } |
88 if (security_info.displayed_password_field_on_http) { | 92 if (security_info.displayed_password_field_on_http) { |
89 UMA_HISTOGRAM_BOOLEAN( | 93 UMA_HISTOGRAM_BOOLEAN( |
90 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password", | 94 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password", |
91 warning_is_user_visible); | 95 warning_is_user_visible); |
92 } | 96 } |
93 } | 97 } |
94 | 98 |
| 99 void SecurityStateTabHelper::DidStartNavigation( |
| 100 content::NavigationHandle* navigation_handle) { |
| 101 if (time_of_http_warning_on_current_navigation_.is_null() || |
| 102 !navigation_handle->IsInMainFrame() || navigation_handle->IsSamePage()) { |
| 103 return; |
| 104 } |
| 105 // Record how quickly a user leaves a site after encountering an |
| 106 // HTTP-bad warning. A navigation here only counts if it is a |
| 107 // main-frame, not-same-page navigation, since it aims to measure how |
| 108 // quickly a user leaves a site after seeing the HTTP warning. |
| 109 UMA_HISTOGRAM_LONG_TIMES( |
| 110 "Security.HTTPBad.NavigationStartedAfterUserWarnedAboutSensitiveInput", |
| 111 base::Time::Now() - time_of_http_warning_on_current_navigation_); |
| 112 // After recording the histogram, clear the time of the warning. A |
| 113 // timing histogram will not be recorded again on this page, because |
| 114 // the time is only set the first time the HTTP-bad warning is shown |
| 115 // per page. |
| 116 time_of_http_warning_on_current_navigation_ = base::Time(); |
| 117 } |
| 118 |
95 void SecurityStateTabHelper::DidFinishNavigation( | 119 void SecurityStateTabHelper::DidFinishNavigation( |
96 content::NavigationHandle* navigation_handle) { | 120 content::NavigationHandle* navigation_handle) { |
97 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { | 121 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { |
98 // Only reset the console message flag for main-frame navigations, | 122 // Only reset the console message flag for main-frame navigations, |
99 // and not for same-page navigations like reference fragments and pushState. | 123 // and not for same-page navigations like reference fragments and pushState. |
100 logged_http_warning_on_current_navigation_ = false; | 124 logged_http_warning_on_current_navigation_ = false; |
101 } | 125 } |
102 } | 126 } |
103 | 127 |
| 128 void SecurityStateTabHelper::WebContentsDestroyed() { |
| 129 if (time_of_http_warning_on_current_navigation_.is_null()) { |
| 130 return; |
| 131 } |
| 132 // Record how quickly the tab is closed after a user encounters an |
| 133 // HTTP-bad warning. This histogram will only be recorded if the |
| 134 // WebContents is destroyed before another navigation begins. |
| 135 UMA_HISTOGRAM_LONG_TIMES( |
| 136 "Security.HTTPBad.WebContentsDestroyedAfterUserWarnedAboutSensitiveInput", |
| 137 base::Time::Now() - time_of_http_warning_on_current_navigation_); |
| 138 } |
| 139 |
104 bool SecurityStateTabHelper::UsedPolicyInstalledCertificate() const { | 140 bool SecurityStateTabHelper::UsedPolicyInstalledCertificate() const { |
105 #if defined(OS_CHROMEOS) | 141 #if defined(OS_CHROMEOS) |
106 policy::PolicyCertService* service = | 142 policy::PolicyCertService* service = |
107 policy::PolicyCertServiceFactory::GetForProfile( | 143 policy::PolicyCertServiceFactory::GetForProfile( |
108 Profile::FromBrowserContext(web_contents()->GetBrowserContext())); | 144 Profile::FromBrowserContext(web_contents()->GetBrowserContext())); |
109 if (service && service->UsedPolicyCertificates()) | 145 if (service && service->UsedPolicyCertificates()) |
110 return true; | 146 return true; |
111 #endif | 147 #endif |
112 return false; | 148 return false; |
113 } | 149 } |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 std::unique_ptr<security_state::VisibleSecurityState> | 194 std::unique_ptr<security_state::VisibleSecurityState> |
159 SecurityStateTabHelper::GetVisibleSecurityState() const { | 195 SecurityStateTabHelper::GetVisibleSecurityState() const { |
160 auto state = security_state::GetVisibleSecurityState(web_contents()); | 196 auto state = security_state::GetVisibleSecurityState(web_contents()); |
161 | 197 |
162 // Malware status might already be known even if connection security | 198 // Malware status might already be known even if connection security |
163 // information is still being initialized, thus no need to check for that. | 199 // information is still being initialized, thus no need to check for that. |
164 state->malicious_content_status = GetMaliciousContentStatus(); | 200 state->malicious_content_status = GetMaliciousContentStatus(); |
165 | 201 |
166 return state; | 202 return state; |
167 } | 203 } |
OLD | NEW |