Report HTTPS links in MalwareDetails

chrome/browser/safe_browsing/malware_details.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Implementation of the MalwareDetails class.
 
 #include "chrome/browser/safe_browsing/malware_details.h"
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
@@ skipping 78 matching lines @@
 bool MalwareDetails::OnMessageReceived(const IPC::Message& message) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(MalwareDetails, message)
     IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_MalwareDOMDetails,
                         OnReceivedMalwareDOMDetails)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
-bool MalwareDetails::IsPublicUrl(const GURL& url) const {
-  return url.SchemeIs("http");  // TODO(panayiotis): also skip internal urls.
+bool MalwareDetails::IsReportableUrl(const GURL& url) const {
+  // TODO(panayiotis): also skip internal urls.
+  return url.SchemeIs("http") || url.SchemeIs("https");
 }
 
 // Looks for a Resource for the given url in resources_.  If found, it
 // updates |resource|. Otherwise, it creates a new message, adds it to
 // resources_ and updates |resource| to point to it.
+//
 ClientMalwareReportRequest::Resource* MalwareDetails::FindOrCreateResource(
     const GURL& url) {
   safe_browsing::ResourceMap::iterator it = resources_.find(url.spec());
   if (it != resources_.end())
     return it->second.get();
 
   // Create the resource for |url|.
   int id = resources_.size();
   linked_ptr<ClientMalwareReportRequest::Resource> new_resource(
       new ClientMalwareReportRequest::Resource());
   new_resource->set_url(url.spec());
   new_resource->set_id(id);
   resources_[url.spec()] = new_resource;
   return new_resource.get();
 }
 
 void MalwareDetails::AddUrl(const GURL& url,
                             const GURL& parent,
                             const std::string& tagname,
                             const std::vector<GURL>* children) {
-  if (!url.is_valid() || !IsPublicUrl(url))
+  if (!url.is_valid() || !IsReportableUrl(url))
     return;
 
   // Find (or create) the resource for the url.
   ClientMalwareReportRequest::Resource* url_resource =
       FindOrCreateResource(url);
   if (!tagname.empty())
     url_resource->set_tag_name(tagname);
-  if (!parent.is_empty() && IsPublicUrl(parent)) {
+  if (!parent.is_empty() && IsReportableUrl(parent)) {
     // Add the resource for the parent.
     ClientMalwareReportRequest::Resource* parent_resource =
         FindOrCreateResource(parent);
     // Update the parent-child relation
     url_resource->set_parent_id(parent_resource->id());
   }
   if (children) {
     for (std::vector<GURL>::const_iterator it = children->begin();
          it != children->end(); ++it) {
       ClientMalwareReportRequest::Resource* child_resource =
           FindOrCreateResource(*it);
       url_resource->add_child_ids(child_resource->id());
     }
   }
 }
 
 void MalwareDetails::StartCollection() {
   DVLOG(1) << "Starting to compute malware details.";
   report_.reset(new ClientMalwareReportRequest());
 
-  if (IsPublicUrl(resource_.url))
+  if (IsReportableUrl(resource_.url))
     report_->set_malware_url(resource_.url.spec());
 
   GURL page_url = web_contents()->GetURL();
-  if (IsPublicUrl(page_url))
+  if (IsReportableUrl(page_url))
     report_->set_page_url(page_url.spec());
 
   GURL referrer_url;
   NavigationEntry* nav_entry = web_contents()->GetController().GetActiveEntry();
   if (nav_entry) {
     referrer_url = nav_entry->GetReferrer().url;
-    if (IsPublicUrl(referrer_url)) {
+    if (IsReportableUrl(referrer_url)) {
       report_->set_referrer_url(referrer_url.spec());
     }
   }
 
   // Add the nodes, starting from the page url.
   AddUrl(page_url, GURL(), std::string(), NULL);
 
   // Add the resource_url and its original url, if non-empty and different.
   if (!resource_.original_url.is_empty() &&
       resource_.url != resource_.original_url) {
@@ skipping 105 matching lines @@
 }
 
 void MalwareDetails::OnCacheCollectionReady() {
   DVLOG(1) << "OnCacheCollectionReady.";
   // Add all the urls in our |resources_| maps to the |report_| protocol buffer.
   for (safe_browsing::ResourceMap::const_iterator it = resources_.begin();
        it != resources_.end(); ++it) {
     ClientMalwareReportRequest::Resource* pb_resource =
         report_->add_resources();
     pb_resource->CopyFrom(*(it->second));
+    const GURL url(pb_resource->url());
+    if (url.SchemeIs("https")) {
+      // Don't report headers of HTTPS requests since they may contain private
+      // cookies.  We still retain the full URL.
+      DVLOG(1) << "Clearing out HTTPS resource: " << pb_resource->url();
+      pb_resource->clear_request();
+      pb_resource->clear_response();
+      // Keep id, parent_id, child_ids, and tag_name.
+    }
   }
-
   report_->set_complete(cache_result_);
 
   // Send the report, using the SafeBrowsingService.
   std::string serialized;
   if (!report_->SerializeToString(&serialized)) {
     DLOG(ERROR) << "Unable to serialize the malware report.";
     return;
   }
 
   ui_manager_->SendSerializedMalwareDetails(serialized);
 }