Convert ClientSideDetectionHost to use the new navigation callbacks.

chrome/browser/safe_browsing/client_side_detection_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/client_side_detection_host.h"
 
 #include <memory>
 #include <utility>
 #include <vector>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/sequenced_task_runner_helpers.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/browser_feature_extractor.h"
 #include "chrome/browser/safe_browsing/client_side_detection_service.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/common/safebrowsing_messages.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "components/safe_browsing_db/safe_browsing_prefs.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/navigation_controller.h"
-#include "content/public/browser/navigation_details.h"
 #include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/resource_request_details.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/frame_navigate_params.h"
 #include "content/public/common/url_constants.h"
+#include "net/http/http_response_headers.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 using content::NavigationEntry;
 using content::ResourceRequestDetails;
 using content::ResourceType;
 using content::WebContents;
 
 namespace safe_browsing {
+namespace {
+bool g_ignore_mime_type_check = false;
+}
 
 const size_t ClientSideDetectionHost::kMaxUrlsPerIP = 20;
 const size_t ClientSideDetectionHost::kMaxIPsPerBrowse = 200;
 
 typedef base::Callback<void(bool)> ShouldClassifyUrlCallback;
 
 // This class is instantiated each time a new toplevel URL loads, and
 // asynchronously checks whether the malware and phishing classifiers should run
 // for this URL.  If so, it notifies the host class by calling the provided
 // callback form the UI thread.  Objects of this class are ref-counted and will
 // be destroyed once nobody uses it anymore.  If |web_contents|, |csd_service|
 // or |host| go away you need to call Cancel().  We keep the |database_manager|
 // alive in a ref pointer for as long as it takes.
 class ClientSideDetectionHost::ShouldClassifyUrlRequest
     : public base::RefCountedThreadSafe<
           ClientSideDetectionHost::ShouldClassifyUrlRequest> {
  public:
   ShouldClassifyUrlRequest(
-      const content::FrameNavigateParams& params,
+      content::NavigationHandle* navigation_handle,
       const ShouldClassifyUrlCallback& start_phishing_classification,
       const ShouldClassifyUrlCallback& start_malware_classification,
       WebContents* web_contents,
       ClientSideDetectionService* csd_service,
       SafeBrowsingDatabaseManager* database_manager,
       ClientSideDetectionHost* host)
-      : params_(params),
-        web_contents_(web_contents),
+      : web_contents_(web_contents),
         csd_service_(csd_service),
         database_manager_(database_manager),
         host_(host),
         start_phishing_classification_cb_(start_phishing_classification),
         start_malware_classification_cb_(start_malware_classification) {
     DCHECK_CURRENTLY_ON(BrowserThread::UI);
     DCHECK(web_contents_);
     DCHECK(csd_service_);
     DCHECK(database_manager_.get());
     DCHECK(host_);
+    url_ = navigation_handle->GetURL();
+    if (navigation_handle->GetResponseHeaders())
+      navigation_handle->GetResponseHeaders()->GetMimeType(&mime_type_);
+    socket_address_ = navigation_handle->GetSocketAddress();
   }
 
   void Start() {
     DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
     // We start by doing some simple checks that can run on the UI thread.
     UMA_HISTOGRAM_BOOLEAN("SBClientPhishing.ClassificationStart", 1);
     UMA_HISTOGRAM_BOOLEAN("SBClientMalware.ClassificationStart", 1);
 
     // Only classify [X]HTML documents.
-    if (params_.contents_mime_type != "text/html" &&
-        params_.contents_mime_type != "application/xhtml+xml") {
-      DVLOG(1) << "Skipping phishing classification for URL: " << params_.url
+    if (mime_type_ != "text/html" && mime_type_ != "application/xhtml+xml" &&
+        !g_ignore_mime_type_check) {
+      DVLOG(1) << "Skipping phishing classification for URL: " << url_
                << " because it has an unsupported MIME type: "
-               << params_.contents_mime_type;
+               << mime_type_;
       DontClassifyForPhishing(NO_CLASSIFY_UNSUPPORTED_MIME_TYPE);
     }
 
-    if (csd_service_->IsPrivateIPAddress(params_.socket_address.host())) {
-      DVLOG(1) << "Skipping phishing classification for URL: " << params_.url
+    if (csd_service_->IsPrivateIPAddress(socket_address_.host())) {
+      DVLOG(1) << "Skipping phishing classification for URL: " << url_
                << " because of hosting on private IP: "
-               << params_.socket_address.host();
+               << socket_address_.host();
       DontClassifyForPhishing(NO_CLASSIFY_PRIVATE_IP);
       DontClassifyForMalware(NO_CLASSIFY_PRIVATE_IP);
     }
 
     // For phishing we only classify HTTP pages.
-    if (!params_.url.SchemeIs(url::kHttpScheme)) {
-      DVLOG(1) << "Skipping phishing classification for URL: " << params_.url
+    if (!url_.SchemeIs(url::kHttpScheme)) {
+      DVLOG(1) << "Skipping phishing classification for URL: " << url_
                << " because it is not HTTP: "
-               << params_.socket_address.host();
+               << socket_address_.host();
       DontClassifyForPhishing(NO_CLASSIFY_NOT_HTTP_URL);
     }
 
     // Don't run any classifier if the tab is incognito.
     if (web_contents_->GetBrowserContext()->IsOffTheRecord()) {
       DVLOG(1) << "Skipping phishing and malware classification for URL: "
-               << params_.url << " because we're browsing incognito.";
+               << url_ << " because we're browsing incognito.";
       DontClassifyForPhishing(NO_CLASSIFY_OFF_THE_RECORD);
       DontClassifyForMalware(NO_CLASSIFY_OFF_THE_RECORD);
     }
 
     // We lookup the csd-whitelist before we lookup the cache because
     // a URL may have recently been whitelisted.  If the URL matches
     // the csd-whitelist we won't start phishing classification.  The
     // csd-whitelist check has to be done on the IO thread because it
     // uses the SafeBrowsing service class.
     if (ShouldClassifyForPhishing() || ShouldClassifyForMalware()) {
       BrowserThread::PostTask(
           BrowserThread::IO,
           FROM_HERE,
           base::Bind(&ShouldClassifyUrlRequest::CheckSafeBrowsingDatabase,
-                     this, params_.url));
+                     this, url_));
     }
   }
 
   void Cancel() {
     DontClassifyForPhishing(NO_CLASSIFY_CANCEL);
     DontClassifyForMalware(NO_CLASSIFY_CANCEL);
     // Just to make sure we don't do anything stupid we reset all these
     // pointers except for the safebrowsing service class which may be
     // accessed by CheckSafeBrowsingDatabase().
     web_contents_ = NULL;
@@ skipping 97 matching lines @@
     if (phishing_reason != NO_CLASSIFY_MAX)
       DontClassifyForPhishing(phishing_reason);
     if (malware_reason != NO_CLASSIFY_MAX)
       DontClassifyForMalware(malware_reason);
     if (!ShouldClassifyForMalware() && !ShouldClassifyForPhishing()) {
       return;  // No point in doing anything else.
     }
     // If result is cached, we don't want to run classification again.
     // In that case we're just trying to show the warning.
     bool is_phishing;
-    if (csd_service_->GetValidCachedResult(params_.url, &is_phishing)) {
-      DVLOG(1) << "Satisfying request for " << params_.url << " from cache";
+    if (csd_service_->GetValidCachedResult(url_, &is_phishing)) {
+      DVLOG(1) << "Satisfying request for " << url_ << " from cache";
       UMA_HISTOGRAM_BOOLEAN("SBClientPhishing.RequestSatisfiedFromCache", 1);
       // Since we are already on the UI thread, this is safe.
-      host_->MaybeShowPhishingWarning(params_.url, is_phishing);
+      host_->MaybeShowPhishingWarning(url_, is_phishing);
       DontClassifyForPhishing(NO_CLASSIFY_RESULT_FROM_CACHE);
     }
 
     // We want to limit the number of requests, though we will ignore the
     // limit for urls in the cache.  We don't want to start classifying
     // too many pages as phishing, but for those that we already think are
     // phishing we want to send a request to the server to give ourselves
     // a chance to fix misclassifications.
-    if (csd_service_->IsInCache(params_.url)) {
-      DVLOG(1) << "Reporting limit skipped for " << params_.url
+    if (csd_service_->IsInCache(url_)) {
+      DVLOG(1) << "Reporting limit skipped for " << url_
                << " as it was in the cache.";
       UMA_HISTOGRAM_BOOLEAN("SBClientPhishing.ReportLimitSkipped", 1);
     } else if (csd_service_->OverPhishingReportLimit()) {
       DVLOG(1) << "Too many report phishing requests sent recently, "
-               << "not running classification for " << params_.url;
+               << "not running classification for " << url_;
       DontClassifyForPhishing(NO_CLASSIFY_TOO_MANY_REPORTS);
     }
     if (csd_service_->OverMalwareReportLimit()) {
       DontClassifyForMalware(NO_CLASSIFY_TOO_MANY_REPORTS);
     }
 
     // Everything checks out, so start classification.
     // |web_contents_| is safe to call as we will be destructed
     // before it is.
     if (ShouldClassifyForPhishing()) {
       start_phishing_classification_cb_.Run(true);
       // Reset the callback to make sure ShouldClassifyForPhishing()
       // returns false.
       start_phishing_classification_cb_.Reset();
     }
     if (ShouldClassifyForMalware()) {
       start_malware_classification_cb_.Run(true);
       // Reset the callback to make sure ShouldClassifyForMalware()
       // returns false.
       start_malware_classification_cb_.Reset();
     }
   }
 
-  content::FrameNavigateParams params_;
+  GURL url_;
+  std::string mime_type_;
+  net::HostPortPair socket_address_;
   WebContents* web_contents_;
   ClientSideDetectionService* csd_service_;
   // We keep a ref pointer here just to make sure the safe browsing
   // database manager stays alive long enough.
   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
   ClientSideDetectionHost* host_;
 
   ShouldClassifyUrlCallback start_phishing_classification_cb_;
   ShouldClassifyUrlCallback start_malware_classification_cb_;
 
@@ skipping 39 matching lines @@
     content::RenderFrameHost* render_frame_host) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(ClientSideDetectionHost, message)
     IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_PhishingDetectionDone,
                         OnPhishingDetectionDone)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
-void ClientSideDetectionHost::DidNavigateMainFrame(
-    const content::LoadCommittedDetails& details,
-    const content::FrameNavigateParams& params) {
+void ClientSideDetectionHost::DidFinishNavigation(
+    content::NavigationHandle* navigation_handle) {
+  if (!navigation_handle->IsInMainFrame() || !navigation_handle->HasCommitted())
+    return;
+
   // TODO(noelutz): move this DCHECK to WebContents and fix all the unit tests
   // that don't call this method on the UI thread.
   // DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  if (details.is_in_page) {
+  if (navigation_handle->IsSamePage()) {
     // If the navigation is within the same page, the user isn't really
     // navigating away.  We don't need to cancel a pending callback or
     // begin a new classification.
     return;
   }
   // Cancel any pending classification request.
   if (classification_request_.get()) {
     classification_request_->Cancel();
   }
   // If we navigate away and there currently is a pending phishing
   // report request we have to cancel it to make sure we don't display
   // an interstitial for the wrong page.  Note that this won't cancel
   // the server ping back but only cancel the showing of the
   // interstial.
   weak_factory_.InvalidateWeakPtrs();
 
   if (!csd_service_) {
     return;
   }
   browse_info_.reset(new BrowseInfo);
 
   // Store redirect chain information.
-  if (params.url.host() != cur_host_) {
-    cur_host_ = params.url.host();
-    cur_host_redirects_ = params.redirects;
+  if (navigation_handle->GetURL().host() != cur_host_) {
+    cur_host_ = navigation_handle->GetURL().host();
+    cur_host_redirects_ = navigation_handle->GetRedirectChain();
   }
-  browse_info_->url = params.url;
+  browse_info_->url = navigation_handle->GetURL();
   browse_info_->host_redirects = cur_host_redirects_;
-  browse_info_->url_redirects = params.redirects;
-  browse_info_->referrer = params.referrer.url;
-  browse_info_->http_status_code = details.http_status_code;
+  browse_info_->url_redirects = navigation_handle->GetRedirectChain();
+  browse_info_->referrer = navigation_handle->GetReferrer().url;
+  if (navigation_handle->GetResponseHeaders()) {
+    browse_info_->http_status_code =
+        navigation_handle->GetResponseHeaders()->response_code();
+  }
 
   should_extract_malware_features_ = true;
   should_classify_for_malware_ = false;
   pageload_complete_ = false;
 
   // Check whether we can cassify the current URL for phishing or malware.
   classification_request_ = new ShouldClassifyUrlRequest(
-      params,
+      navigation_handle,
       base::Bind(&ClientSideDetectionHost::OnPhishingPreClassificationDone,
                  weak_factory_.GetWeakPtr()),
       base::Bind(&ClientSideDetectionHost::OnMalwarePreClassificationDone,
                  weak_factory_.GetWeakPtr()),
       web_contents(), csd_service_, database_manager_.get(), this);
   classification_request_->Start();
 }
 
 void ClientSideDetectionHost::OnSafeBrowsingHit(
     const security_interstitials::UnsafeResource& resource) {
@@ skipping 20 matching lines @@
   // malicious URL to the server.
   unsafe_resource_.reset(new security_interstitials::UnsafeResource(resource));
   unsafe_resource_->callback.Reset();  // Don't do anything stupid.
 }
 
 scoped_refptr<SafeBrowsingDatabaseManager>
 ClientSideDetectionHost::database_manager() {
   return database_manager_;
 }
 
+void ClientSideDetectionHost::IgnoreMimeTypeCheckForTesting(bool ignore) {
+  g_ignore_mime_type_check = ignore;
+}
+
 void ClientSideDetectionHost::WebContentsDestroyed() {
   // Tell any pending classification request that it is being canceled.
   if (classification_request_.get()) {
     classification_request_->Cancel();
   }
   // Cancel all pending feature extractions.
   feature_extractor_.reset();
 }
 
 void ClientSideDetectionHost::OnPhishingPreClassificationDone(
@@ skipping 262 matching lines @@
     ui_manager_->RemoveObserver(this);
 
   ui_manager_ = ui_manager;
   if (ui_manager)
     ui_manager_->AddObserver(this);
 
   database_manager_ = database_manager;
 }
 
 }  // namespace safe_browsing