components/safe_browsing/base_safe_browsing_resource_throttle.h - Issue 2623733002: Componentize SafeBrowsingBlockingPage for WebView use

Side by Side Diff: components/safe_browsing/base_safe_browsing_resource_throttle.h

Issue 2623733002: Componentize SafeBrowsingBlockingPage for WebView use (Closed)

Patch Set: address final comments Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #ifndef COMPONENTS_SAFE_BROWSING_BASE_SAFE_BROWSING_RESOURCE_THROTTLE_H_

6 #define COMPONENTS_SAFE_BROWSING_BASE_SAFE_BROWSING_RESOURCE_THROTTLE_H_

7

8 #include <set>

9 #include <string>

10 #include <vector>

11

12 #include "base/macros.h"

13 #include "base/memory/ref_counted.h"

14 #include "base/time/time.h"

15 #include "base/timer/timer.h"

16 #include "components/safe_browsing/base_ui_manager.h"

17 #include "components/safe_browsing_db/database_manager.h"

18 #include "components/security_interstitials/content/unsafe_resource.h"

19 #include "content/public/browser/resource_throttle.h"

20 #include "content/public/common/resource_type.h"

21 #include "net/log/net_log_event_type.h"

22 #include "net/log/net_log_with_source.h"

23 #include "url/gurl.h"

24

25 namespace content {

26 class ResourceRequestInfo;

27 }

28

29 namespace net {

30 class URLRequest;

31 }

32

33 // BaseSafeBrowsingResourceThrottle checks that URLs are "safe" before

34 // navigating to them. To be considered "safe", a URL must not appear in the

35 // malware/phishing blacklists (see SafeBrowsingService for details).

36 //

37 // Note that the safe browsing check takes at most kCheckUrlTimeoutMs

38 // milliseconds. If it takes longer than this, then the system defaults to

39 // treating the URL as safe.

40 //

41 // If the URL is classified as dangerous, a warning page is thrown up and

42 // the request remains suspended. If the user clicks "proceed" on warning

43 // page, we resume the request.

44 //

45 // Note: The ResourceThrottle interface is called in this order:

46 // WillStartRequest once, WillRedirectRequest zero or more times, and then

47 // WillProcessReponse once.

48 class BaseSafeBrowsingResourceThrottle

49 : public content::ResourceThrottle,

50 public safe_browsing::SafeBrowsingDatabaseManager::Client,

51 public base::SupportsWeakPtr<BaseSafeBrowsingResourceThrottle> {

52 public:

53 // Construct a BaseSafeBrowsingResourceThrottle, or return nullptr if we

54 // cannot access the safe browsing API on Android

55 static BaseSafeBrowsingResourceThrottle* MaybeCreate(

56 net::URLRequest* request,

57 content::ResourceType resource_type,

58 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager>

59 database_manager,

60 scoped_refptr<safe_browsing::BaseSafeBrowsingUIManager> ui_manager);

61

62 // content::ResourceThrottle implementation (called on IO thread):

63 void WillStartRequest(bool* defer) override;

64 void WillRedirectRequest(const net::RedirectInfo& redirect_info,

65 bool* defer) override;

66 void WillProcessResponse(bool* defer) override;

67 bool MustProcessResponseBeforeReadingBody() override;

68

69 const char* GetNameForLogging() const override;

70

71 // SafeBrowsingDatabaseManager::Client implementation (called on IO thread):

72 void OnCheckBrowseUrlResult(

73 const GURL& url,

74 safe_browsing::SBThreatType threat_type,

75 const safe_browsing::ThreatMetadata& metadata) override;

76

77 protected:

78 BaseSafeBrowsingResourceThrottle(

79 const net::URLRequest* request,

80 content::ResourceType resource_type,

81 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager>

82 database_manager,

83 scoped_refptr<safe_browsing::BaseSafeBrowsingUIManager> ui_manager);

84

85 ~BaseSafeBrowsingResourceThrottle() override;

86

87 // Does nothing in the base class. Override this to destroy prerender contents

88 // in chrome.

89 virtual void MaybeDestroyPrerenderContents(

90 const content::ResourceRequestInfo* info);

91

92 // Posts a task for StartDisplayingBlockingPage

93 virtual void StartDisplayingBlockingPageHelper(

94 security_interstitials::UnsafeResource resource);

95

96 scoped_refptr<safe_browsing::BaseSafeBrowsingUIManager> ui_manager_;

97

98 private:

99 // Describes what phase of the check a throttle is in.

100 enum State {

101 // Haven't started checking or checking is complete. Not deferred.

102 STATE_NONE,

103 // We have one outstanding URL-check. Could be deferred.

104 STATE_CHECKING_URL,

105 // We're displaying a blocking page. Could be deferred.

106 STATE_DISPLAYING_BLOCKING_PAGE,

107 };

108

109 // Describes what stage of the request got paused by the check.

110 enum DeferState {

111 DEFERRED_NONE,

112 DEFERRED_START,

113 DEFERRED_REDIRECT,

114 DEFERRED_UNCHECKED_REDIRECT, // unchecked_redirect_url_ is populated.

115 DEFERRED_PROCESSING,

116 };

117

118 // Called on the IO thread when the user has decided to proceed with the

119 // current request, or go back.

120 void OnBlockingPageComplete(bool proceed);

121

122 // Starts running \|url\| through the safe browsing check. Returns true if the

123 // URL is safe to visit. Otherwise returns false and will call

124 // OnBrowseUrlResult() when the check has completed.

125 bool CheckUrl(const GURL& url);

126

127 // Callback for when the safe browsing check (which was initiated by

128 // StartCheckingUrl()) has taken longer than kCheckUrlTimeoutMs.

129 void OnCheckUrlTimeout();

130

131 // Starts displaying the safe browsing interstitial page. Called on the UI

132 // thread.

133 static void StartDisplayingBlockingPage(

134 const base::WeakPtr<BaseSafeBrowsingResourceThrottle>& throttle,

135 scoped_refptr<safe_browsing::BaseSafeBrowsingUIManager> ui_manager,

136 const security_interstitials::UnsafeResource& resource);

137

138 void ResumeRequest();

139

140 // For marking network events. \|name\| and \|value\| can be null.

141 void BeginNetLogEvent(net::NetLogEventType type,

142 const GURL& url,

143 const char* name,

144 const char* value);

145 void EndNetLogEvent(net::NetLogEventType type,

146 const char* name,

147 const char* value);

148

149 // The result of the most recent safe browsing check. Only valid to read this

150 // when state_ != STATE_CHECKING_URL.

151 safe_browsing::SBThreatType threat_type_;

152

153 // The time when we started deferring the request.

154 base::TimeTicks defer_start_time_;

155

156 // Timer to abort the safe browsing check if it takes too long.

157 base::OneShotTimer timer_;

158

159 // The redirect chain for this resource

160 std::vector<GURL> redirect_urls_;

161

162 // If in DEFERRED_UNCHECKED_REDIRECT state, this is the

163 // URL we still need to check before resuming.

164 GURL unchecked_redirect_url_;

165 GURL url_being_checked_;

166

167 scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager> database_manager_;

168 const net::URLRequest* request_;

169

170 State state_;

171 DeferState defer_state_;

172

173 const content::ResourceType resource_type_;

174 net::NetLogWithSource net_log_with_source_;

175

176 // TODO(vakh): The following set should be removed after fixing

177 // http://crbug.com/660293

178 // URLs that timed out waiting for a SafeBrowsing reputation check.

179 std::set<GURL> timed_out_urls_;

180

181 DISALLOW_COPY_AND_ASSIGN(BaseSafeBrowsingResourceThrottle);

182 };

183

184 #endif // COMPONENTS_SAFE_BROWSING_BASE_SAFE_BROWSING_RESOURCE_THROTTLE_H_

OLD	NEW