Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(331)

Side by Side Diff: chrome/browser/ssl/chrome_security_state_model_client.cc

Issue 2499243002: Record time to navigation/tab-closed after HTTP-bad warning (Closed)
Patch Set: fix test Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/metrics/field_trial.h" 10 #include "base/metrics/field_trial.h"
11 #include "base/metrics/histogram_macros.h" 11 #include "base/metrics/histogram_macros.h"
12 #include "base/strings/string16.h" 12 #include "base/strings/string16.h"
13 #include "base/strings/utf_string_conversions.h" 13 #include "base/strings/utf_string_conversions.h"
14 #include "base/time/time.h"
14 #include "build/build_config.h" 15 #include "build/build_config.h"
15 #include "chrome/browser/browser_process.h" 16 #include "chrome/browser/browser_process.h"
16 #include "chrome/browser/chromeos/policy/policy_cert_service.h" 17 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
17 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" 18 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
18 #include "chrome/browser/profiles/profile.h" 19 #include "chrome/browser/profiles/profile.h"
19 #include "chrome/browser/safe_browsing/safe_browsing_service.h" 20 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
20 #include "chrome/browser/safe_browsing/ui_manager.h" 21 #include "chrome/browser/safe_browsing/ui_manager.h"
21 #include "chrome/grit/chromium_strings.h" 22 #include "chrome/grit/chromium_strings.h"
22 #include "chrome/grit/generated_resources.h" 23 #include "chrome/grit/generated_resources.h"
23 #include "content/public/browser/navigation_entry.h" 24 #include "content/public/browser/navigation_entry.h"
(...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after
359 if (logged_http_warning_on_current_navigation_) 360 if (logged_http_warning_on_current_navigation_)
360 return; 361 return;
361 362
362 security_state::SecurityStateModel::SecurityInfo security_info; 363 security_state::SecurityStateModel::SecurityInfo security_info;
363 GetSecurityInfo(&security_info); 364 GetSecurityInfo(&security_info);
364 if (!security_info.displayed_password_field_on_http && 365 if (!security_info.displayed_password_field_on_http &&
365 !security_info.displayed_credit_card_field_on_http) { 366 !security_info.displayed_credit_card_field_on_http) {
366 return; 367 return;
367 } 368 }
368 369
370 if (time_of_http_warning_on_current_navigation_.is_null()) {
371 time_of_http_warning_on_current_navigation_ = base::Time::Now();
elawrence 2016/11/15 16:29:52 Do we really want to clear this? If a warning flas
estark 2016/11/16 05:16:13 First of all, I remember being very convinced that
372 }
373
369 std::string warning; 374 std::string warning;
370 bool warning_is_user_visible = false; 375 bool warning_is_user_visible = false;
371 switch (security_info.security_level) { 376 switch (security_info.security_level) {
372 case security_state::SecurityStateModel::HTTP_SHOW_WARNING: 377 case security_state::SecurityStateModel::HTTP_SHOW_WARNING:
373 warning = 378 warning =
374 "This page includes a password or credit card input in a non-secure " 379 "This page includes a password or credit card input in a non-secure "
375 "context. A warning has been added to the URL bar. For more " 380 "context. A warning has been added to the URL bar. For more "
376 "information, see https://goo.gl/zmWq3m."; 381 "information, see https://goo.gl/zmWq3m.";
377 warning_is_user_visible = true; 382 warning_is_user_visible = true;
378 break; 383 break;
(...skipping 17 matching lines...) Expand all
396 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard", 401 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard",
397 warning_is_user_visible); 402 warning_is_user_visible);
398 } 403 }
399 if (security_info.displayed_password_field_on_http) { 404 if (security_info.displayed_password_field_on_http) {
400 UMA_HISTOGRAM_BOOLEAN( 405 UMA_HISTOGRAM_BOOLEAN(
401 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password", 406 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password",
402 warning_is_user_visible); 407 warning_is_user_visible);
403 } 408 }
404 } 409 }
405 410
411 void ChromeSecurityStateModelClient::DidStartNavigation(
412 content::NavigationHandle* navigation_handle) {
413 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) {
414 if (time_of_http_warning_on_current_navigation_.is_null()) {
415 return;
elawrence 2016/11/15 16:29:52 Is if (time_of_http_warning_on_current_navigatio
estark 2016/11/16 05:16:13 Done.
416 }
417 // Record the time delta between when an HTTP warning was shown and
elawrence 2016/11/15 16:29:52 I love comments. I worry that explaining what's ha
estark 2016/11/16 05:16:13 Done.
418 // when a navigation began. A navigation here only counts if it is a
419 // main-frame, not-same-page navigation, since it aims to measure
420 // how quickly a user leaves a site after seeing the HTTP warning.
421 UMA_HISTOGRAM_LONG_TIMES(
422 "Security.HTTPBad.NavigationStartedAfterUserWarnedAboutSensitiveInput",
423 base::Time::Now() - time_of_http_warning_on_current_navigation_);
424 time_of_http_warning_on_current_navigation_ = base::Time();
elawrence 2016/11/15 16:29:52 I don't understand why we reset this here?
estark 2016/11/16 05:16:13 I find it easiest to reason about these histograms
425 }
426 }
427
406 void ChromeSecurityStateModelClient::DidFinishNavigation( 428 void ChromeSecurityStateModelClient::DidFinishNavigation(
407 content::NavigationHandle* navigation_handle) { 429 content::NavigationHandle* navigation_handle) {
408 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { 430 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) {
409 // Only reset the console message flag for main-frame navigations, 431 // Only reset the console message flag for main-frame navigations,
410 // and not for same-page navigations like reference fragments and pushState. 432 // and not for same-page navigations like reference fragments and pushState.
411 logged_http_warning_on_current_navigation_ = false; 433 logged_http_warning_on_current_navigation_ = false;
412 } 434 }
413 } 435 }
414 436
437 void ChromeSecurityStateModelClient::WebContentsDestroyed() {
elawrence 2016/11/15 16:29:53 This event only fires for the top-level frame, rig
estark 2016/11/16 05:16:13 Yeah, a WebContents usually is 1:1 with a tab.
438 if (time_of_http_warning_on_current_navigation_.is_null()) {
439 return;
440 }
441 // Record the time delta between when an HTTP warning was shown and
442 // when the WebContents was destroyed. This histogram will only be
443 // recorded if the WebContents is destroyed before another
444 // navigation begins.
445 UMA_HISTOGRAM_LONG_TIMES(
elawrence 2016/11/15 16:29:52 "This histogram will only be recorded if the WebCo
estark 2016/11/16 05:16:13 If a navigation has begun before the WebContents i
446 "Security.HTTPBad.WebContentsDestroyedAfterUserWarnedAboutSensitiveInput",
447 base::Time::Now() - time_of_http_warning_on_current_navigation_);
448 time_of_http_warning_on_current_navigation_ = base::Time();
elawrence 2016/11/15 16:29:52 I don't understand why we reset this here?
estark 2016/11/16 05:16:13 I guess this is unnecessary, removed.
449 }
450
415 bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() { 451 bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() {
416 #if defined(OS_CHROMEOS) 452 #if defined(OS_CHROMEOS)
417 policy::PolicyCertService* service = 453 policy::PolicyCertService* service =
418 policy::PolicyCertServiceFactory::GetForProfile( 454 policy::PolicyCertServiceFactory::GetForProfile(
419 Profile::FromBrowserContext(web_contents_->GetBrowserContext())); 455 Profile::FromBrowserContext(web_contents_->GetBrowserContext()));
420 if (service && service->UsedPolicyCertificates()) 456 if (service && service->UsedPolicyCertificates())
421 return true; 457 return true;
422 #endif 458 #endif
423 return false; 459 return false;
424 } 460 }
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
468 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); 504 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS);
469 state->displayed_password_field_on_http = 505 state->displayed_password_field_on_http =
470 !!(ssl.content_status & 506 !!(ssl.content_status &
471 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); 507 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
472 state->displayed_credit_card_field_on_http = 508 state->displayed_credit_card_field_on_http =
473 !!(ssl.content_status & 509 !!(ssl.content_status &
474 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP); 510 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP);
475 511
476 CheckSafeBrowsingStatus(entry, web_contents_, state); 512 CheckSafeBrowsingStatus(entry, web_contents_, state);
477 } 513 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698