| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Implementation of the SafeBrowsingBlockingPage class. | 5 // Implementation of the SafeBrowsingBlockingPage class. |
| 6 | 6 |
| 7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 16 #include "base/strings/string_number_conversions.h" | 16 #include "base/strings/string_number_conversions.h" |
| 17 #include "base/time/time.h" | 17 #include "base/time/time.h" |
| 18 #include "base/values.h" | 18 #include "base/values.h" |
| 19 #include "chrome/browser/browser_process.h" | 19 #include "chrome/browser/browser_process.h" |
| 20 #include "chrome/browser/interstitials/chrome_controller_client.h" | 20 #include "chrome/browser/interstitials/chrome_controller_client.h" |
| 21 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chrome/browser/renderer_preferences_util.h" | 22 #include "chrome/browser/renderer_preferences_util.h" |
| 23 #include "chrome/browser/safe_browsing/threat_details.h" | 23 #include "chrome/browser/safe_browsing/threat_details.h" |
| 24 #include "chrome/browser/safe_browsing/ui_manager.h" | 24 #include "chrome/browser/safe_browsing/ui_manager.h" |
| 25 #include "chrome/common/pref_names.h" | 25 #include "chrome/common/pref_names.h" |
| 26 #include "chrome/common/url_constants.h" |
| 26 #include "components/prefs/pref_service.h" | 27 #include "components/prefs/pref_service.h" |
| 27 #include "components/safe_browsing_db/safe_browsing_prefs.h" | 28 #include "components/safe_browsing_db/safe_browsing_prefs.h" |
| 29 #include "components/security_interstitials/content/security_interstitial_contro
ller_client.h" |
| 28 #include "content/public/browser/browser_thread.h" | 30 #include "content/public/browser/browser_thread.h" |
| 29 #include "content/public/browser/interstitial_page.h" | 31 #include "content/public/browser/interstitial_page.h" |
| 30 #include "content/public/browser/navigation_entry.h" | 32 #include "content/public/browser/navigation_entry.h" |
| 31 #include "content/public/browser/user_metrics.h" | 33 #include "content/public/browser/user_metrics.h" |
| 32 #include "content/public/browser/web_contents.h" | 34 #include "content/public/browser/web_contents.h" |
| 33 | 35 |
| 34 using base::UserMetricsAction; | 36 using base::UserMetricsAction; |
| 35 using content::BrowserThread; | 37 using content::BrowserThread; |
| 36 using content::InterstitialPage; | 38 using content::InterstitialPage; |
| 37 using content::WebContents; | 39 using content::WebContents; |
| 38 using security_interstitials::SafeBrowsingErrorUI; | 40 using security_interstitials::SafeBrowsingErrorUI; |
| 41 using security_interstitials::SecurityInterstitialControllerClient; |
| 39 | 42 |
| 40 namespace safe_browsing { | 43 namespace safe_browsing { |
| 41 | 44 |
| 42 namespace { | 45 namespace { |
| 43 | 46 |
| 44 // After a safe browsing interstitial where the user opted-in to the report | 47 // After a safe browsing interstitial where the user opted-in to the report |
| 45 // but clicked "proceed anyway", we delay the call to | 48 // but clicked "proceed anyway", we delay the call to |
| 46 // ThreatDetails::FinishCollection() by this much time (in | 49 // ThreatDetails::FinishCollection() by this much time (in |
| 47 // milliseconds). | 50 // milliseconds). |
| 48 const int64_t kThreatDetailsProceedDelayMilliSeconds = 3000; | 51 const int64_t kThreatDetailsProceedDelayMilliSeconds = 3000; |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 &SafeBrowsingBlockingPage::kTypeForTesting; | 97 &SafeBrowsingBlockingPage::kTypeForTesting; |
| 95 | 98 |
| 96 SafeBrowsingBlockingPage::SafeBrowsingBlockingPage( | 99 SafeBrowsingBlockingPage::SafeBrowsingBlockingPage( |
| 97 SafeBrowsingUIManager* ui_manager, | 100 SafeBrowsingUIManager* ui_manager, |
| 98 WebContents* web_contents, | 101 WebContents* web_contents, |
| 99 const GURL& main_frame_url, | 102 const GURL& main_frame_url, |
| 100 const UnsafeResourceList& unsafe_resources) | 103 const UnsafeResourceList& unsafe_resources) |
| 101 : SecurityInterstitialPage( | 104 : SecurityInterstitialPage( |
| 102 web_contents, | 105 web_contents, |
| 103 unsafe_resources[0].url, | 106 unsafe_resources[0].url, |
| 104 CreateMetricsHelper(web_contents, unsafe_resources)), | 107 CreateControllerClient(web_contents, unsafe_resources)), |
| 105 threat_details_proceed_delay_ms_(kThreatDetailsProceedDelayMilliSeconds), | 108 threat_details_proceed_delay_ms_(kThreatDetailsProceedDelayMilliSeconds), |
| 106 ui_manager_(ui_manager), | 109 ui_manager_(ui_manager), |
| 107 main_frame_url_(main_frame_url), | 110 main_frame_url_(main_frame_url), |
| 108 unsafe_resources_(unsafe_resources), | 111 unsafe_resources_(unsafe_resources), |
| 109 proceeded_(false) { | 112 proceeded_(false) { |
| 110 // Computes display options based on user profile and blocked resource. | 113 // Computes display options based on user profile and blocked resource. |
| 111 bool is_main_frame_load_blocked = IsMainPageLoadBlocked(unsafe_resources); | 114 bool is_main_frame_load_blocked = IsMainPageLoadBlocked(unsafe_resources); |
| 112 bool can_show_extended_reporting_option = CanShowExtendedReportingOption(); | |
| 113 SafeBrowsingErrorUI::SBErrorDisplayOptions display_options( | 115 SafeBrowsingErrorUI::SBErrorDisplayOptions display_options( |
| 114 is_main_frame_load_blocked, can_show_extended_reporting_option, | 116 is_main_frame_load_blocked, |
| 115 IsExtendedReportingEnabled(*profile()->GetPrefs()), | 117 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingOptInAllowed), |
| 116 IsScout(*profile()->GetPrefs()), | 118 web_contents->GetBrowserContext()->IsOffTheRecord(), |
| 119 IsExtendedReportingEnabled(*controller()->GetPrefService()), |
| 120 IsScout(*controller()->GetPrefService()), |
| 117 IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)); | 121 IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)); |
| 118 sb_error_ui_ = base::MakeUnique<SafeBrowsingErrorUI>( | 122 sb_error_ui_ = base::MakeUnique<SafeBrowsingErrorUI>( |
| 119 unsafe_resources[0].url, main_frame_url_, | 123 unsafe_resources[0].url, main_frame_url_, |
| 120 GetInterstitialReason(unsafe_resources), display_options, | 124 GetInterstitialReason(unsafe_resources), display_options, |
| 121 g_browser_process->GetApplicationLocale(), | 125 g_browser_process->GetApplicationLocale(), |
| 122 base::Time::NowFromSystemTime(), controller()); | 126 base::Time::NowFromSystemTime(), controller()); |
| 123 | 127 |
| 124 if (!is_main_frame_load_blocked) { | 128 if (!is_main_frame_load_blocked) { |
| 125 navigation_entry_index_to_remove_ = | 129 navigation_entry_index_to_remove_ = |
| 126 web_contents->GetController().GetLastCommittedEntryIndex(); | 130 web_contents->GetController().GetLastCommittedEntryIndex(); |
| 127 } else { | 131 } else { |
| 128 navigation_entry_index_to_remove_ = -1; | 132 navigation_entry_index_to_remove_ = -1; |
| 129 } | 133 } |
| 130 | 134 |
| 131 // Start computing threat details. They will be sent only | 135 // Start computing threat details. They will be sent only |
| 132 // if the user opts-in on the blocking page later. | 136 // if the user opts-in on the blocking page later. |
| 133 // If there's more than one malicious resources, it means the user | 137 // If there's more than one malicious resources, it means the user |
| 134 // clicked through the first warning, so we don't prepare additional | 138 // clicked through the first warning, so we don't prepare additional |
| 135 // reports. | 139 // reports. |
| 136 if (unsafe_resources.size() == 1 && | 140 if (unsafe_resources.size() == 1 && |
| 137 ShouldReportThreatDetails(unsafe_resources[0].threat_type) && | 141 ShouldReportThreatDetails(unsafe_resources[0].threat_type) && |
| 138 threat_details_.get() == NULL && can_show_extended_reporting_option) { | 142 threat_details_.get() == NULL && |
| 143 sb_error_ui_->CanShowExtendedReportingOption()) { |
| 139 threat_details_ = ThreatDetails::NewThreatDetails(ui_manager_, web_contents, | 144 threat_details_ = ThreatDetails::NewThreatDetails(ui_manager_, web_contents, |
| 140 unsafe_resources[0]); | 145 unsafe_resources[0]); |
| 141 } | 146 } |
| 142 } | 147 } |
| 143 | 148 |
| 144 bool SafeBrowsingBlockingPage::ShouldReportThreatDetails( | 149 bool SafeBrowsingBlockingPage::ShouldReportThreatDetails( |
| 145 SBThreatType threat_type) { | 150 SBThreatType threat_type) { |
| 146 return threat_type == SB_THREAT_TYPE_URL_PHISHING || | 151 return threat_type == SB_THREAT_TYPE_URL_PHISHING || |
| 147 threat_type == SB_THREAT_TYPE_URL_MALWARE || | 152 threat_type == SB_THREAT_TYPE_URL_MALWARE || |
| 148 threat_type == SB_THREAT_TYPE_URL_UNWANTED || | 153 threat_type == SB_THREAT_TYPE_URL_UNWANTED || |
| 149 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL || | 154 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL || |
| 150 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; | 155 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; |
| 151 } | 156 } |
| 152 | 157 |
| 153 bool SafeBrowsingBlockingPage::CanShowExtendedReportingOption() { | |
| 154 return (!web_contents()->GetBrowserContext()->IsOffTheRecord() && | |
| 155 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingOptInAllowed)); | |
| 156 } | |
| 157 | |
| 158 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { | 158 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { |
| 159 } | 159 } |
| 160 | 160 |
| 161 void SafeBrowsingBlockingPage::CommandReceived(const std::string& page_cmd) { | 161 void SafeBrowsingBlockingPage::CommandReceived(const std::string& page_cmd) { |
| 162 if (page_cmd == "\"pageLoadComplete\"") { | 162 if (page_cmd == "\"pageLoadComplete\"") { |
| 163 // content::WaitForRenderFrameReady sends this message when the page | 163 // content::WaitForRenderFrameReady sends this message when the page |
| 164 // load completes. Ignore it. | 164 // load completes. Ignore it. |
| 165 return; | 165 return; |
| 166 } | 166 } |
| 167 | 167 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 222 bool SafeBrowsingBlockingPage::ShouldCreateNewNavigation() const { | 222 bool SafeBrowsingBlockingPage::ShouldCreateNewNavigation() const { |
| 223 return sb_error_ui_->is_main_frame_load_blocked(); | 223 return sb_error_ui_->is_main_frame_load_blocked(); |
| 224 } | 224 } |
| 225 | 225 |
| 226 void SafeBrowsingBlockingPage::OnDontProceed() { | 226 void SafeBrowsingBlockingPage::OnDontProceed() { |
| 227 // We could have already called Proceed(), in which case we must not notify | 227 // We could have already called Proceed(), in which case we must not notify |
| 228 // the SafeBrowsingUIManager again, as the client has been deleted. | 228 // the SafeBrowsingUIManager again, as the client has been deleted. |
| 229 if (proceeded_) | 229 if (proceeded_) |
| 230 return; | 230 return; |
| 231 | 231 |
| 232 if (!IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) { | 232 if (!sb_error_ui_->is_proceed_anyway_disabled()) { |
| 233 controller()->metrics_helper()->RecordUserDecision( | 233 controller()->metrics_helper()->RecordUserDecision( |
| 234 security_interstitials::MetricsHelper::DONT_PROCEED); | 234 security_interstitials::MetricsHelper::DONT_PROCEED); |
| 235 } | 235 } |
| 236 | 236 |
| 237 // Send the malware details, if we opted to. | 237 // Send the malware details, if we opted to. |
| 238 FinishThreatDetails(0, false /* did_proceed */, | 238 FinishThreatDetails(0, false /* did_proceed */, |
| 239 controller()->metrics_helper()->NumVisits()); // No delay | 239 controller()->metrics_helper()->NumVisits()); // No delay |
| 240 | 240 |
| 241 ui_manager_->OnBlockingPageDone(unsafe_resources_, false, web_contents(), | 241 ui_manager_->OnBlockingPageDone(unsafe_resources_, false, web_contents(), |
| 242 main_frame_url_); | 242 main_frame_url_); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 267 } | 267 } |
| 268 } | 268 } |
| 269 | 269 |
| 270 void SafeBrowsingBlockingPage::FinishThreatDetails(int64_t delay_ms, | 270 void SafeBrowsingBlockingPage::FinishThreatDetails(int64_t delay_ms, |
| 271 bool did_proceed, | 271 bool did_proceed, |
| 272 int num_visits) { | 272 int num_visits) { |
| 273 if (threat_details_.get() == NULL) | 273 if (threat_details_.get() == NULL) |
| 274 return; // Not all interstitials have threat details (eg., incognito mode). | 274 return; // Not all interstitials have threat details (eg., incognito mode). |
| 275 | 275 |
| 276 const bool enabled = | 276 const bool enabled = |
| 277 IsExtendedReportingEnabled(*profile()->GetPrefs()) && | 277 sb_error_ui_->is_extended_reporting_enabled() && |
| 278 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingOptInAllowed); | 278 sb_error_ui_->is_extended_reporting_opt_in_allowed(); |
| 279 if (!enabled) | 279 if (!enabled) |
| 280 return; | 280 return; |
| 281 | 281 |
| 282 controller()->metrics_helper()->RecordUserInteraction( | 282 controller()->metrics_helper()->RecordUserInteraction( |
| 283 security_interstitials::MetricsHelper::EXTENDED_REPORTING_IS_ENABLED); | 283 security_interstitials::MetricsHelper::EXTENDED_REPORTING_IS_ENABLED); |
| 284 // Finish the malware details collection, send it over. | 284 // Finish the malware details collection, send it over. |
| 285 BrowserThread::PostDelayedTask( | 285 BrowserThread::PostDelayedTask( |
| 286 BrowserThread::IO, FROM_HERE, | 286 BrowserThread::IO, FROM_HERE, |
| 287 base::Bind(&ThreatDetails::FinishCollection, threat_details_, | 287 base::Bind(&ThreatDetails::FinishCollection, threat_details_, |
| 288 did_proceed, num_visits), | 288 did_proceed, num_visits), |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 } | 436 } |
| 437 DCHECK(phishing || malware || harmful); | 437 DCHECK(phishing || malware || harmful); |
| 438 if (malware) | 438 if (malware) |
| 439 return SafeBrowsingErrorUI::SB_REASON_MALWARE; | 439 return SafeBrowsingErrorUI::SB_REASON_MALWARE; |
| 440 else if (harmful) | 440 else if (harmful) |
| 441 return SafeBrowsingErrorUI::SB_REASON_HARMFUL; | 441 return SafeBrowsingErrorUI::SB_REASON_HARMFUL; |
| 442 return SafeBrowsingErrorUI::SB_REASON_PHISHING; | 442 return SafeBrowsingErrorUI::SB_REASON_PHISHING; |
| 443 } | 443 } |
| 444 | 444 |
| 445 // static | 445 // static |
| 446 std::unique_ptr<ChromeMetricsHelper> | 446 std::unique_ptr<security_interstitials::SecurityInterstitialControllerClient> |
| 447 SafeBrowsingBlockingPage::CreateMetricsHelper( | 447 SafeBrowsingBlockingPage::CreateControllerClient( |
| 448 WebContents* web_contents, | 448 WebContents* web_contents, |
| 449 const UnsafeResourceList& unsafe_resources) { | 449 const UnsafeResourceList& unsafe_resources) { |
| 450 SafeBrowsingErrorUI::SBInterstitialReason interstitial_reason = | 450 SafeBrowsingErrorUI::SBInterstitialReason interstitial_reason = |
| 451 GetInterstitialReason(unsafe_resources); | 451 GetInterstitialReason(unsafe_resources); |
| 452 GURL request_url(unsafe_resources[0].url); | 452 GURL request_url(unsafe_resources[0].url); |
| 453 security_interstitials::MetricsHelper::ReportDetails reporting_info; | 453 security_interstitials::MetricsHelper::ReportDetails reporting_info; |
| 454 reporting_info.metric_prefix = | 454 reporting_info.metric_prefix = |
| 455 GetMetricPrefix(unsafe_resources, interstitial_reason); | 455 GetMetricPrefix(unsafe_resources, interstitial_reason); |
| 456 reporting_info.extra_suffix = GetExtraMetricsSuffix(unsafe_resources); | 456 reporting_info.extra_suffix = GetExtraMetricsSuffix(unsafe_resources); |
| 457 return std::unique_ptr<ChromeMetricsHelper>( | 457 |
| 458 new ChromeMetricsHelper(web_contents, request_url, reporting_info, | 458 std::unique_ptr<ChromeMetricsHelper> metrics_helper = |
| 459 GetSamplingEventName(interstitial_reason))); | 459 base::MakeUnique<ChromeMetricsHelper>( |
| 460 web_contents, request_url, reporting_info, |
| 461 GetSamplingEventName(interstitial_reason)); |
| 462 |
| 463 Profile* profile = Profile::FromBrowserContext( |
| 464 web_contents->GetBrowserContext()); |
| 465 DCHECK(profile); |
| 466 |
| 467 return base::MakeUnique< |
| 468 security_interstitials::SecurityInterstitialControllerClient>( |
| 469 web_contents, |
| 470 std::move(metrics_helper), |
| 471 profile->GetPrefs(), |
| 472 g_browser_process->GetApplicationLocale(), |
| 473 GURL(chrome::kChromeUINewTabURL)); |
| 460 } | 474 } |
| 461 | 475 |
| 462 void SafeBrowsingBlockingPage::PopulateInterstitialStrings( | 476 void SafeBrowsingBlockingPage::PopulateInterstitialStrings( |
| 463 base::DictionaryValue* load_time_data) { | 477 base::DictionaryValue* load_time_data) { |
| 464 sb_error_ui_->PopulateStringsForHTML(load_time_data); | 478 sb_error_ui_->PopulateStringsForHTML(load_time_data); |
| 465 } | 479 } |
| 466 | 480 |
| 467 } // namespace safe_browsing | 481 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2603433002:
Move SecurityInterstitialPage into component (Closed)
