net/http/transport_security_state.h - Issue 2901183002: Do not send repeated Expect-CT reports to the same host+port

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/transport_security_state.h

Issue 2901183002: Do not send repeated Expect-CT reports to the same host+port (Closed)

Patch Set: fix comment typo Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/transport_security_state.h

diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h

index 7ce883a952a271cae547bd97544ebc13c142b487..19ba839752c459f78adf174a8e185b6b0a5e6ad7 100644

--- a/net/http/transport_security_state.h

+++ b/net/http/transport_security_state.h

@@ -572,6 +572,10 @@ class NET_EXPORT TransportSecurityState

// unless a RequireCTDelegate overrides). Set to nullptr to reset.

static void SetShouldRequireCTForTesting(bool* required);

+ // For unit tests only. Clears the caches that deduplicate sent HPKP and

+ // Expect-CT reports.

+ void ClearReportCachesForTesting();

private:

friend class TransportSecurityStateTest;

friend class TransportSecurityStateStaticFuzzer;

@@ -583,6 +587,11 @@ class NET_EXPORT TransportSecurityState

typedef std::map<std::string, STSState> STSStateMap;

typedef std::map<std::string, PKPState> PKPStateMap;

typedef std::map<std::string, ExpectCTState> ExpectCTStateMap;

+ typedef ExpiringCache<std::string,

+ bool,

+ base::TimeTicks,

+ std::less<base::TimeTicks>>

+ ReportCache;

// IsBuildTimely returns true if the current build is new enough ensure that

// built in security information (i.e. HSTS preloading and pinning

@@ -662,6 +671,14 @@ class NET_EXPORT TransportSecurityState

const std::string& host,

ExpectStapleState* expect_staple_result) const;

+ void MaybeNotifyExpectCTFailed(

+ const HostPortPair& host_port_pair,

+ const GURL& report_uri,

+ const X509Certificate* validated_certificate_chain,

+ const X509Certificate* served_certificate_chain,

+ const SignedCertificateTimestampAndStatusList&

+ signed_certificate_timestamps);

// The sets of hosts that have enabled TransportSecurity. |domain| will always

// be empty for a STSState, PKPState, or ExpectCTState in these maps; the

// domain comes from the map keys instead. In addition, |upgrade_mode| in the

@@ -693,8 +710,8 @@ class NET_EXPORT TransportSecurityState

// Keeps track of reports that have been sent recently for

// rate-limiting.

- ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>

- sent_reports_cache_;

+ ReportCache sent_hpkp_reports_cache_;

+ ReportCache sent_expect_ct_reports_cache_;

DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);

};

« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »