Add histograms to record the severity scores for SSL

chrome/browser/ssl/ssl_error_classification.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <vector>
 
 #include "chrome/browser/ssl/ssl_error_classification.h"
 
 #include "base/build_time.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_split.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chrome_notification_types.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
+#include "content/public/browser/notification_service.h"
+#include "content/public/browser/web_contents.h"
 #include "net/base/net_util.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/cert/x509_certificate.h"
 #include "url/gurl.h"
 
-using base::Time;
-using base::TimeTicks;
-using base::TimeDelta;
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+#include "chrome/browser/captive_portal/captive_portal_service.h"
+#include "chrome/browser/captive_portal/captive_portal_service_factory.h"
+#endif
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #endif
 
+using base::Time;
+using base::TimeTicks;
+using base::TimeDelta;
+
 namespace {
 
 // Events for UMA. Do not reorder or change!
 enum SSLInterstitialCause {
   CLOCK_PAST,
   CLOCK_FUTURE,
   WWW_SUBDOMAIN_MATCH,
   SUBDOMAIN_MATCH,
   SUBDOMAIN_INVERSE_MATCH,
   SUBDOMAIN_OUTSIDE_WILDCARD,
   HOST_NAME_NOT_KNOWN_TLD,
   LIKELY_MULTI_TENANT_HOSTING,
   UNUSED_INTERSTITIAL_CAUSE_ENTRY,
 };
 
-// Scores/weights which will be constant through all the SSL error types.
-static const float kServerWeight = 0.5f;
-static const float kClientWeight = 0.5f;
+// Events for UMA. Do not reorder or change!
+enum SSLInterstitialCauseCaptivePortal {
+  CAPTIVE_PORTAL_DETECTION_ENABLED,
+  CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE,
+  CAPTIVE_PORTAL_PROBE_COMPLETED,
+  CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE,
+  CAPTIVE_PORTAL_NO_RESPONSE,
+  CAPTIVE_PORTAL_NO_RESPONSE_OVERRIDABLE,
+  CAPTIVE_PORTAL_DETECTED,
+  CAPTIVE_PORTAL_DETECTED_OVERRIDABLE,
+  UNUSED_CAPTIVE_PORTAL_EVENT,
+};
+
+void RecordSSLInterstitialSeverityScore(float ssl_severity_score,
+                                        int cert_error) {
+  if (SSLErrorInfo::NetErrorToErrorType(cert_error) ==
+      SSLErrorInfo::CERT_DATE_INVALID) {
+    UMA_HISTOGRAM_CUSTOM_COUNTS("interstitial.ssl.severity_score.date_invalid",
+                                static_cast<int>(ssl_severity_score * 100),
+                                0, 100, 20);

[felt, 2014/08/15 15:11:04]

is "20" the number of buckets? what kind of granularity does that give us? is it
enough?

[radhikabhar, 2014/08/15 18:28:28]

That's right 20 is the number of bucket counts. We are expressing it in 
percentage so buckets will be divided according to 0-5,5-10.

Should we wait for some data, or should I increase the bucket count. I think it
is better if we wait for some data to come in.

[felt, 2014/08/15 19:06:19]

my understanding is that it's logarithmic or some such, so the buckets get much
larger closer to 100. is that right? 

[radhikabhar, 2014/08/15 20:28:57]

I don't think so it is logarathmic

[palmer, 2014/09/09 00:13:51]

It looks like there is a standard macro for counts 1 – 100, so let's just use
that (50 buckets, which should give us very good granularity):

#define UMA_HISTOGRAM_COUNTS_100(name, sample) UMA_HISTOGRAM_CUSTOM_COUNTS( \
    name, sample, 1, 100, 50)

...

#define UMA_HISTOGRAM_CUSTOM_COUNTS(name, sample, min, max, bucket_count) \
    STATIC_HISTOGRAM_POINTER_BLOCK(name, Add(sample), \
        base::Histogram::FactoryGet(name, min, max, bucket_count, \
            base::HistogramBase::kUmaTargetedHistogramFlag))

+  }
+  if (SSLErrorInfo::NetErrorToErrorType(cert_error) ==
+      SSLErrorInfo::CERT_COMMON_NAME_INVALID) {
+    UMA_HISTOGRAM_CUSTOM_COUNTS(
+        "interstitial.ssl.severity_score.common_name_invalid",
+        static_cast<int>(ssl_severity_score * 100),
+        0, 100, 20);
+  }
+
+}
 
 void RecordSSLInterstitialCause(bool overridable, SSLInterstitialCause event) {
   if (overridable) {
     UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.overridable", event,
                               UNUSED_INTERSTITIAL_CAUSE_ENTRY);
   } else {
     UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.nonoverridable", event,
                               UNUSED_INTERSTITIAL_CAUSE_ENTRY);
   }
 }
 
+void RecordCaptivePortalEventStats(SSLInterstitialCauseCaptivePortal event) {
+  UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.captive_portal",
+                            event,
+                            UNUSED_CAPTIVE_PORTAL_EVENT);
+}
+
+// Scores/weights which will be constant through all the SSL error types.
+static const float kServerWeight = 0.5f;
+static const float kClientWeight = 0.5f;
+
 int GetLevensteinDistance(const std::string& str1,
                           const std::string& str2) {
   if (str1 == str2)
     return 0;
   if (str1.size() == 0)
     return str2.size();
   if (str2.size() == 0)
     return str1.size();
   std::vector<int> kFirstRow(str2.size() + 1, 0);
   std::vector<int> kSecondRow(str2.size() + 1, 0);
 
   for (size_t i = 0; i < kFirstRow.size(); ++i)
     kFirstRow[i] = i;
   for (size_t i = 0; i < str1.size(); ++i) {
     kSecondRow[0] = i + 1;
     for (size_t j = 0; j < str2.size(); ++j) {
       int cost = str1[i] == str2[j] ? 0 : 1;
       kSecondRow[j+1] = std::min(std::min(
           kSecondRow[j] + 1, kFirstRow[j + 1] + 1), kFirstRow[j] + cost);
     }
     for (size_t j = 0; j < kFirstRow.size(); j++)
       kFirstRow[j] = kSecondRow[j];
   }
   return kSecondRow[str2.size()];
 }
 
 } // namespace
 
 SSLErrorClassification::SSLErrorClassification(
+    content::WebContents* web_contents,
     const base::Time& current_time,
     const GURL& url,
+    int cert_error,
     const net::X509Certificate& cert)
-  : current_time_(current_time),
+  : web_contents_(web_contents),
+    current_time_(current_time),
     request_url_(url),
-    cert_(cert) { }
+    cert_error_(cert_error),
+    cert_(cert),
+    captive_portal_detection_enabled_(false),
+    captive_portal_probe_completed_(false),
+    captive_portal_no_response_(false),
+    captive_portal_detected_(false) {
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  Profile* profile = Profile::FromBrowserContext(
+      web_contents_->GetBrowserContext());
+  CaptivePortalService* captive_portal_service =
+      CaptivePortalServiceFactory::GetForProfile(profile);
+  captive_portal_detection_enabled_ = captive_portal_service->enabled();
+  captive_portal_service->DetectCaptivePortal();
+  registrar_.Add(this,
+                 chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
+                 content::Source<Profile>(profile));
+#endif
+}
 
 SSLErrorClassification::~SSLErrorClassification() { }
 
-float SSLErrorClassification::InvalidDateSeverityScore(
-    int cert_error) const {
+void SSLErrorClassification::RecordCaptivePortalUMAStatistics(
+    bool overridable) const {
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  if (captive_portal_detection_enabled_)
+    RecordCaptivePortalEventStats(
+        overridable ?
+        CAPTIVE_PORTAL_DETECTION_ENABLED_OVERRIDABLE :
+        CAPTIVE_PORTAL_DETECTION_ENABLED);
+  if (captive_portal_probe_completed_)
+    RecordCaptivePortalEventStats(
+        overridable ?
+        CAPTIVE_PORTAL_PROBE_COMPLETED_OVERRIDABLE :
+        CAPTIVE_PORTAL_PROBE_COMPLETED);
+  // Log only one of portal detected and no response results.
+  if (captive_portal_detected_)
+    RecordCaptivePortalEventStats(
+        overridable ?
+        CAPTIVE_PORTAL_DETECTED_OVERRIDABLE :
+        CAPTIVE_PORTAL_DETECTED);
+  else if (captive_portal_no_response_)
+    RecordCaptivePortalEventStats(
+        overridable ?
+        CAPTIVE_PORTAL_NO_RESPONSE_OVERRIDABLE :
+        CAPTIVE_PORTAL_NO_RESPONSE);
+#endif
+}
+
+void SSLErrorClassification::InvalidDateSeverityScore() {
   SSLErrorInfo::ErrorType type =
-      SSLErrorInfo::NetErrorToErrorType(cert_error);
+      SSLErrorInfo::NetErrorToErrorType(cert_error_);
   DCHECK(type == SSLErrorInfo::CERT_DATE_INVALID);
+
   // Client-side characteristics. Check whether or not the system's clock is
-  // wrong and whether or not the user has already encountered this error
-  // before.
+  // wrong and whether or not the user has encountered this error before.
   float severity_date_score = 0.0f;
 
   static const float kCertificateExpiredWeight = 0.3f;
   static const float kNotYetValidWeight = 0.2f;
 
   static const float kSystemClockWeight = 0.75f;
   static const float kSystemClockWrongWeight = 0.1f;
   static const float kSystemClockRightWeight = 1.0f;
 
   if (IsUserClockInThePast(current_time_)  ||
       IsUserClockInTheFuture(current_time_)) {
     severity_date_score += kClientWeight * kSystemClockWeight *
         kSystemClockWrongWeight;
   } else {
     severity_date_score += kClientWeight * kSystemClockWeight *
         kSystemClockRightWeight;
   }
   // TODO(radhikabhar): (crbug.com/393262) Check website settings.
 
   // Server-side characteristics. Check whether the certificate has expired or
   // is not yet valid. If the certificate has expired then factor the time which
   // has passed since expiry.
   if (cert_.HasExpired()) {
     severity_date_score += kServerWeight * kCertificateExpiredWeight *
         CalculateScoreTimePassedSinceExpiry();
   }
   if (current_time_ < cert_.valid_start())
     severity_date_score += kServerWeight * kNotYetValidWeight;
-  return severity_date_score;
+
+  RecordSSLInterstitialSeverityScore(severity_date_score, cert_error_);
 }
 
-float SSLErrorClassification::InvalidCommonNameSeverityScore(
-    int cert_error) const {
+void SSLErrorClassification::InvalidCommonNameSeverityScore() {
   SSLErrorInfo::ErrorType type =
-      SSLErrorInfo::NetErrorToErrorType(cert_error);
+      SSLErrorInfo::NetErrorToErrorType(cert_error_);
   DCHECK(type == SSLErrorInfo::CERT_COMMON_NAME_INVALID);
   float severity_name_score = 0.0f;
 
   static const float kWWWDifferenceWeight = 0.3f;
   static const float kNameUnderAnyNamesWeight = 0.2f;
   static const float kAnyNamesUnderNameWeight = 1.0f;
   static const float kLikelyMultiTenantHostingWeight = 0.1f;
 
   std::string host_name = request_url_.host();
   if (IsHostNameKnownTLD(host_name)) {
     Tokens host_name_tokens = Tokenize(host_name);
     if (IsWWWSubDomainMatch())
       severity_name_score += kServerWeight * kWWWDifferenceWeight;
     if (IsSubDomainOutsideWildcard(host_name_tokens))
       severity_name_score += kServerWeight * kWWWDifferenceWeight;
 
     std::vector<std::string> dns_names;
     cert_.GetDNSNames(&dns_names);
     std::vector<Tokens> dns_name_tokens = GetTokenizedDNSNames(dns_names);
     if (NameUnderAnyNames(host_name_tokens, dns_name_tokens))
       severity_name_score += kServerWeight * kNameUnderAnyNamesWeight;
     // Inverse case is more likely to be a MITM attack.
     if (AnyNamesUnderName(dns_name_tokens, host_name_tokens))
       severity_name_score += kServerWeight * kAnyNamesUnderNameWeight;
     if (IsCertLikelyFromMultiTenantHosting())
       severity_name_score += kServerWeight * kLikelyMultiTenantHostingWeight;
   }
-  return severity_name_score;
+
+  static const float kEnvironmentWeight = 0.25f;
+
+  severity_name_score += kClientWeight * kEnvironmentWeight *
+      CalculateScoreEnvironments();
+
+  RecordSSLInterstitialSeverityScore(severity_name_score, cert_error_);
 }
 
-void SSLErrorClassification::RecordUMAStatistics(bool overridable,
-                                                 int cert_error) {
+void SSLErrorClassification::RecordUMAStatistics(
+    bool overridable) const {
   SSLErrorInfo::ErrorType type =
-      SSLErrorInfo::NetErrorToErrorType(cert_error);
+      SSLErrorInfo::NetErrorToErrorType(cert_error_);
   switch (type) {
     case SSLErrorInfo::CERT_DATE_INVALID: {
       if (IsUserClockInThePast(base::Time::NowFromSystemTime()))
         RecordSSLInterstitialCause(overridable, CLOCK_PAST);
       if (IsUserClockInTheFuture(base::Time::NowFromSystemTime()))
         RecordSSLInterstitialCause(overridable, CLOCK_FUTURE);
       break;
     }
     case SSLErrorInfo::CERT_COMMON_NAME_INVALID: {
       std::string host_name = request_url_.host();
@@ skipping 37 matching lines @@
   static const float kMediumThresholdWeight = 0.3f;
   static const float kLowThresholdWeight = 0.2f;
   if (time_passed >= kHighThreshold)
     return kHighThresholdWeight;
   else if (time_passed >= kLowThreshold)
     return kMediumThresholdWeight;
   else
     return kLowThresholdWeight;
 }
 
+float SSLErrorClassification::CalculateScoreEnvironments() const {
+  static const float kWifiWeight = 0.7f;
+  static const float kCellularWeight = 0.7f;
+  static const float kHotspotWeight = 0.2f;
+  static const float kEthernetWeight = 0.7f;
+  static const float kOtherWeight = 0.7f;
+  net::NetworkChangeNotifier::ConnectionType type =
+      net::NetworkChangeNotifier::GetConnectionType();
+  if (type == net::NetworkChangeNotifier::CONNECTION_WIFI)
+    return kWifiWeight;
+  if (type == net::NetworkChangeNotifier::CONNECTION_2G ||
+      type == net::NetworkChangeNotifier::CONNECTION_3G ||
+      type == net::NetworkChangeNotifier::CONNECTION_4G ) {
+    return kCellularWeight;
+  }
+  if (type == net::NetworkChangeNotifier::CONNECTION_ETHERNET)
+    return kEthernetWeight;
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  // Assume if captive portals are detected then the user is connected using a
+  // hot spot.
+  if (captive_portal_probe_completed_ && captive_portal_detected_)
+      return kHotspotWeight;
+#endif
+  return kOtherWeight;
+}
+
 bool SSLErrorClassification::IsUserClockInThePast(const base::Time& time_now) {
   base::Time build_time = base::GetBuildTime();
   if (time_now < build_time - base::TimeDelta::FromDays(2))
     return true;
   return false;
 }
 
 bool SSLErrorClassification::IsUserClockInTheFuture(
     const base::Time& time_now) {
   base::Time build_time = base::GetBuildTime();
@@ skipping 198 matching lines @@
   static const int kMinimumEditDsitance = 5;
   for (size_t i = 0; i < dns_names_size; ++i) {
     for (size_t j = i + 1; j < dns_names_size; ++j) {
       int edit_distance = GetLevensteinDistance(dns_names[i], dns_names[j]);
       if (edit_distance < kMinimumEditDsitance)
         return false;
     }
   }
   return true;
 }
+
+void SSLErrorClassification::Observe(
+    int type,
+    const content::NotificationSource& source,
+    const content::NotificationDetails& details) {
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  // When detection is disabled, captive portal service always sends
+  // RESULT_INTERNET_CONNECTED. Ignore any probe results in that case.
+  if (!captive_portal_detection_enabled_)
+    return;
+  if (type == chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT) {
+    captive_portal_probe_completed_ = true;
+    CaptivePortalService::Results* results =
+        content::Details<CaptivePortalService::Results>(
+            details).ptr();
+    // If a captive portal was detected at any point when the interstitial was
+    // displayed, assume that the interstitial was caused by a captive portal.
+    // Example scenario:
+    // 1- Interstitial displayed and captive portal detected, setting the flag.
+    // 2- Captive portal detection automatically opens portal login page.
+    // 3- User logs in on the portal login page.
+    // A notification will be received here for RESULT_INTERNET_CONNECTED. Make
+    // sure we don't clear the captive protal flag, since the interstitial was
+    // potentially caused by the captive portal.
+    captive_portal_detected_ = captive_portal_detected_ ||
+        (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL);
+    // Also keep track of non-HTTP portals and error cases.
+    captive_portal_no_response_ = captive_portal_no_response_ ||
+        (results->result == captive_portal::RESULT_NO_RESPONSE);
+  }
+#endif
+}