chrome/browser/safe_browsing/ping_manager.cc - Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains

Side by Side Diff: chrome/browser/safe_browsing/ping_manager.cc

Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: also record when users disable extended reporting Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/resources/security_warnings/extended_reporting.js ('K') | « chrome/browser/safe_browsing/ping_manager.h ('k') | chrome/browser/safe_browsing/safe_browsing_blocking_page.h » ('j') | chrome/browser/safe_browsing/ui_manager.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/safe_browsing/ping_manager.h"	5 #include "chrome/browser/safe_browsing/ping_manager.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/stl_util.h"	8 #include "base/stl_util.h"

9 #include "base/strings/string_util.h"	9 #include "base/strings/string_util.h"

10 #include "base/strings/stringprintf.h"	10 #include "base/strings/stringprintf.h"

	11 #include "chrome/browser/net/certificate_error_reporter.h"

11 #include "chrome/common/env_vars.h"	12 #include "chrome/common/env_vars.h"

12 #include "content/public/browser/browser_thread.h"	13 #include "content/public/browser/browser_thread.h"

13 #include "google_apis/google_api_keys.h"	14 #include "google_apis/google_api_keys.h"

14 #include "net/base/escape.h"	15 #include "net/base/escape.h"

15 #include "net/base/load_flags.h"	16 #include "net/base/load_flags.h"

	17 #include "net/ssl/ssl_info.h"

16 #include "net/url_request/url_fetcher.h"	18 #include "net/url_request/url_fetcher.h"

17 #include "net/url_request/url_request_context_getter.h"	19 #include "net/url_request/url_request_context_getter.h"

18 #include "net/url_request/url_request_status.h"	20 #include "net/url_request/url_request_status.h"

	21 #include "url/gurl.h"

19	22

	23 using chrome_browser_net::CertificateErrorReporter;

20 using content::BrowserThread;	24 using content::BrowserThread;

21	25

	26 namespace {

	27 // URL to upload invalid certificate chain reports

	28 // TODO(estark): Fill this in with the real URL when live.

	29 const char kExtendedReportingUploadUrl[] = "http://example.test";
	Ryan Sleevi 2015/03/25 04:49:45 What will ensure this gets fixed? This seems like What will ensure this gets fixed? This seems like a pretty far distance from the actual code to report. I want to make sure we don't accidentally send reports here. An empty/invalid URL + a DCHECK() somewhere seems... safer? estark 2015/03/25 05:34:33 Done. Changed to an empty URL, and moved the DCHEC Show quoted text On 2015/03/25 04:49:45, Ryan Sleevi wrote: > What will ensure this gets fixed? This seems like a pretty far distance from the > actual code to report. I want to make sure we don't accidentally send reports > here. > > An empty/invalid URL + a DCHECK() somewhere seems... safer? Done. Changed to an empty URL, and moved the DCHECK for an empty url from the CertificateErrorReporter constructor to \|SendReport\|. (If I were to leave it in the constructor, then it would trigger every time regardless of whether the extended reporting switch or preference is set.)
	30 } // namespace

	31

22 // SafeBrowsingPingManager implementation ----------------------------------	32 // SafeBrowsingPingManager implementation ----------------------------------

23	33

24 // static	34 // static

25 SafeBrowsingPingManager* SafeBrowsingPingManager::Create(	35 SafeBrowsingPingManager* SafeBrowsingPingManager::Create(

26 net::URLRequestContextGetter* request_context_getter,	36 net::URLRequestContextGetter* request_context_getter,

27 const SafeBrowsingProtocolConfig& config) {	37 const SafeBrowsingProtocolConfig& config) {

28 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));	38 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

29 return new SafeBrowsingPingManager(request_context_getter, config);	39 return new SafeBrowsingPingManager(request_context_getter, config);

30 }	40 }

31	41

32 SafeBrowsingPingManager::SafeBrowsingPingManager(	42 SafeBrowsingPingManager::SafeBrowsingPingManager(

33 net::URLRequestContextGetter* request_context_getter,	43 net::URLRequestContextGetter* request_context_getter,

34 const SafeBrowsingProtocolConfig& config)	44 const SafeBrowsingProtocolConfig& config)

35 : client_name_(config.client_name),	45 : client_name_(config.client_name),

36 request_context_getter_(request_context_getter),	46 request_context_getter_(request_context_getter),

37 url_prefix_(config.url_prefix) {	47 url_prefix_(config.url_prefix),

	48 certificate_error_reporter_(new CertificateErrorReporter(

	49 request_context_getter->GetURLRequestContext(),

	50 GURL(kExtendedReportingUploadUrl),

	51 CertificateErrorReporter::SEND_COOKIES)) {
	Ryan Sleevi 2015/03/25 04:49:45 o_O (Edit: ;( ) o_O (Edit: ;( )
38 DCHECK(!url_prefix_.empty());	52 DCHECK(!url_prefix_.empty());

39	53

40 version_ = SafeBrowsingProtocolManagerHelper::Version();	54 version_ = SafeBrowsingProtocolManagerHelper::Version();

41 }	55 }

42	56

43 SafeBrowsingPingManager::~SafeBrowsingPingManager() {	57 SafeBrowsingPingManager::~SafeBrowsingPingManager() {

44 // Delete in-progress safebrowsing reports (hits and details).	58 // Delete in-progress safebrowsing reports (hits and details).

45 STLDeleteContainerPointers(safebrowsing_reports_.begin(),	59 STLDeleteContainerPointers(safebrowsing_reports_.begin(),

46 safebrowsing_reports_.end());	60 safebrowsing_reports_.end());

47 }	61 }

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
88 report_url, net::URLFetcher::POST, this);	102 report_url, net::URLFetcher::POST, this);

89 fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);	103 fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);

90 fetcher->SetRequestContext(request_context_getter_.get());	104 fetcher->SetRequestContext(request_context_getter_.get());

91 fetcher->SetUploadData("application/octet-stream", report);	105 fetcher->SetUploadData("application/octet-stream", report);

92 // Don't try too hard to send reports on failures.	106 // Don't try too hard to send reports on failures.

93 fetcher->SetAutomaticallyRetryOn5xx(false);	107 fetcher->SetAutomaticallyRetryOn5xx(false);

94 fetcher->Start();	108 fetcher->Start();

95 safebrowsing_reports_.insert(fetcher);	109 safebrowsing_reports_.insert(fetcher);

96 }	110 }

97	111

	112 void SafeBrowsingPingManager::ReportInvalidCertificateChain(

	113 const std::string& hostname,

	114 const net::SSLInfo& ssl_info) {

	115 certificate_error_reporter_->SendReport(

	116 CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, hostname,

	117 ssl_info);

	118 }

	119

	120 void SafeBrowsingPingManager::SetCertificateErrorReporterForTesting(

	121 scoped_ptr<CertificateErrorReporter> certificate_error_reporter) {

	122 certificate_error_reporter_ = certificate_error_reporter.Pass();

	123 }

	124

98 GURL SafeBrowsingPingManager::SafeBrowsingHitUrl(	125 GURL SafeBrowsingPingManager::SafeBrowsingHitUrl(

99 const GURL& malicious_url, const GURL& page_url,	126 const GURL& malicious_url, const GURL& page_url,

100 const GURL& referrer_url, bool is_subresource,	127 const GURL& referrer_url, bool is_subresource,

101 SBThreatType threat_type) const {	128 SBThreatType threat_type) const {

102 DCHECK(threat_type == SB_THREAT_TYPE_URL_MALWARE \|\|	129 DCHECK(threat_type == SB_THREAT_TYPE_URL_MALWARE \|\|

103 threat_type == SB_THREAT_TYPE_URL_PHISHING \|\|	130 threat_type == SB_THREAT_TYPE_URL_PHISHING \|\|

104 threat_type == SB_THREAT_TYPE_URL_UNWANTED \|\|	131 threat_type == SB_THREAT_TYPE_URL_UNWANTED \|\|

105 threat_type == SB_THREAT_TYPE_BINARY_MALWARE_URL \|\|	132 threat_type == SB_THREAT_TYPE_BINARY_MALWARE_URL \|\|

106 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL \|\|	133 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL \|\|

107 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL);	134 threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL);

(...skipping 36 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
144 url_prefix_.c_str(),	171 url_prefix_.c_str(),

145 client_name_.c_str(),	172 client_name_.c_str(),

146 version_.c_str());	173 version_.c_str());

147 std::string api_key = google_apis::GetAPIKey();	174 std::string api_key = google_apis::GetAPIKey();

148 if (!api_key.empty()) {	175 if (!api_key.empty()) {

149 base::StringAppendF(&url, "&key=%s",	176 base::StringAppendF(&url, "&key=%s",

150 net::EscapeQueryParamValue(api_key, true).c_str());	177 net::EscapeQueryParamValue(api_key, true).c_str());

151 }	178 }

152 return GURL(url);	179 return GURL(url);

153 }	180 }

OLD	NEW