Chromium Code Reviews Chromium Code Reviews
Issue 376663002:
Calculate severity score for date_invalid error (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/ssl/ssl_error_classification.h" | |
| 6 | |
| 7 #include "base/build_time.h" | |
| 8 #include "base/metrics/field_trial.h" | |
| 9 #include "base/metrics/histogram.h" | |
| 10 #include "base/time/time.h" | |
| 11 #include "chrome/browser/browser_process.h" | |
| 12 #include "components/network_time/network_time_tracker.h" | |
| 13 #include "net/cert/x509_certificate.h" | |
| 14 | |
| 15 using base::Time; | |
| 16 using base::TimeTicks; | |
| 17 using base::TimeDelta; | |
| 18 | |
| 19 namespace { | |
| 20 | |
| 21 // Events for UMA. Do not reorder or change! | |
| 22 enum SSLInterstitialCause { | |
| 23 CLOCK_PAST, | |
| 24 CLOCK_FUTURE, | |
| 25 UNUSED_INTERSTITIAL_CAUSE_ENTRY, | |
| 26 }; | |
|
felt
2014/07/09 19:00:45
^ woah crazy formatting here :)
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 27 | |
| 28 void RecordSSLInterstitialCause(bool overridable, SSLInterstitialCause event) { | |
| 29 if (overridable) { | |
| 30 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.overridable", event, | |
| 31 UNUSED_INTERSTITIAL_CAUSE_ENTRY); | |
| 32 } else { | |
| 33 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.nonoverridable", event, | |
| 34 UNUSED_INTERSTITIAL_CAUSE_ENTRY); | |
| 35 } | |
| 36 } | |
| 37 | |
| 38 } // namespace | |
| 39 | |
| 40 SSLErrorClassification::SSLErrorClassification( | |
| 41 base::Time current_time, | |
| 42 net::X509Certificate* cert) | |
| 43 : current_time_(current_time), | |
| 44 cert_(cert) { } | |
|
felt
2014/07/09 19:00:44
formatting
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 45 | |
| 46 SSLErrorClassification::~SSLErrorClassification() { } | |
| 47 | |
| 48 float SSLErrorClassification::ServerCharacteristics(){ | |
|
felt
2014/07/09 19:00:45
missing space:
ServerCharacteristics() {
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 49 if (cert_->HasExpired()) { | |
|
felt
2014/07/09 19:00:44
you don't need to use { } for single-line if-state
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 50 return 0.3 * TimePassedSinceExpiry(); | |
| 51 } | |
| 52 if (current_time_ < cert_->valid_start()) | |
| 53 return 0.2; | |
| 54 return 0.0; | |
| 55 } | |
| 56 | |
| 57 float SSLErrorClassification::ClientCharacteristics() { | |
| 58 float severity_client_score = 0.0; | |
| 59 if (IsUserClockInThePast(true, current_time_) || | |
| 60 IsUserClockInTheFuture(true, current_time_)) { | |
| 61 severity_client_score = 0.75 * 0.1; | |
| 62 } else { | |
| 63 severity_client_score = 0.75 * 1; | |
| 64 } | |
| 65 //TODO(radhikabhar): Check website settings. | |
|
felt
2014/07/09 19:00:45
need a space:
// TODO
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 66 return severity_client_score; | |
| 67 } | |
| 68 | |
| 69 float SSLErrorClassification::TimePassedSinceExpiry() { | |
|
felt
2014/07/09 19:00:45
It doesn't make sense for a method named TimePasse
radhikabhar
2014/07/10 17:14:47
Done.
| |
| 70 base::TimeDelta delta = current_time_ - cert_->valid_expiry(); | |
| 71 int64 time_passed = delta.InDays(); | |
| 72 const int kHighThreshold = 7; | |
| 73 const int kLowThreshold = 4; | |
| 74 if (time_passed >= kHighThreshold) | |
| 75 return 0.4; | |
| 76 else if (time_passed >= kLowThreshold) | |
| 77 return 0.3; | |
| 78 else | |
| 79 return 0.2; | |
| 80 } | |
| 81 | |
| 82 bool SSLErrorClassification::IsUserClockInThePast(bool overridable, | |
| 83 base::Time time_now) { | |
| 84 base::Time network_time; | |
| 85 base::TimeDelta uncertainty; | |
| 86 base::Time build_time = base::GetBuildTime(); | |
| 87 if (!g_browser_process->network_time_tracker()->GetNetworkTime( | |
| 88 base::TimeTicks(), &network_time, &uncertainty)) { | |
| 89 // When network time has not been initialized yet, simply rely on the | |
| 90 // machine's build time. | |
|
felt
2014/07/09 19:00:44
you ought to check both network time and build tim
radhikabhar
2014/07/10 17:14:47
I have deleted this because according to rsleevi@
| |
| 91 network_time = build_time; | |
| 92 } | |
| 93 if (network_time < build_time) | |
| 94 network_time = build_time; | |
| 95 if (time_now < network_time - base::TimeDelta::FromDays(2) || | |
| 96 time_now < build_time - base::TimeDelta::FromDays(2)) { | |
| 97 RecordSSLInterstitialCause(overridable, CLOCK_PAST); | |
| 98 return true; | |
| 99 } | |
| 100 return false; | |
| 101 } | |
| 102 | |
| 103 bool SSLErrorClassification::IsUserClockInTheFuture(bool overridable, | |
| 104 base::Time time_now) { | |
| 105 base::Time network_time; | |
| 106 base::TimeDelta uncertainty; | |
| 107 base::Time build_time = base::GetBuildTime(); | |
| 108 if (!g_browser_process->network_time_tracker()->GetNetworkTime( | |
| 109 base::TimeTicks(), &network_time, &uncertainty)) { | |
| 110 // When network time has not been initialized yet, simply rely on the | |
| 111 // machine's build time. | |
| 112 network_time = build_time; | |
| 113 } | |
|
felt
2014/07/09 19:00:44
same comment as above for checking both build_time
radhikabhar
2014/07/10 17:14:47
Same as above.
On 2014/07/09 19:00:44, felt wrote:
| |
| 114 if (network_time < build_time) | |
| 115 network_time = build_time; | |
| 116 if (network_time == build_time) { | |
| 117 // The build time will probably be weeks before the current date. | |
| 118 if (time_now > network_time - base::TimeDelta::FromDays(365)) { | |
| 119 RecordSSLInterstitialCause(overridable, CLOCK_FUTURE); | |
| 120 return true; | |
| 121 } | |
| 122 } else if (time_now > network_time) { | |
| 123 // Network time is more accurate. | |
| 124 RecordSSLInterstitialCause(overridable, CLOCK_FUTURE); | |
| 125 return true; | |
| 126 } | |
| 127 return false; | |
| 128 } | |
| 129 | |
| OLD | NEW |
