// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // Implementation of the ThreatDetails class. #include "components/safe_browsing/content/browser/threat_details.h" #include <stddef.h> #include <stdint.h> #include <memory> #include <unordered_set> #include <utility> #include <vector> #include "base/containers/contains.h" #include "base/containers/fixed_flat_set.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/lazy_instance.h" #include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "components/back_forward_cache/back_forward_cache_disable.h" #include "components/history/core/browser/history_service.h" #include "components/safe_browsing/content/browser/async_check_tracker.h" #include "components/safe_browsing/content/browser/base_ui_manager.h" #include "components/safe_browsing/content/browser/client_report_util.h" #include "components/safe_browsing/content/browser/threat_details_cache.h" #include "components/safe_browsing/content/browser/threat_details_history.h" #include "components/safe_browsing/content/browser/unsafe_resource_util.h" #include "components/safe_browsing/content/browser/web_contents_key.h" #include "components/safe_browsing/content/browser/web_ui/safe_browsing_ui.h" #include "components/safe_browsing/core/browser/db/hit_report.h" #include "components/safe_browsing/core/browser/referrer_chain_provider.h" #include "components/safe_browsing/core/common/features.h" #include "components/safe_browsing/core/common/proto/csd.pb.h" #include "content/public/browser/back_forward_cache.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/navigation_controller.h" #include "content/public/browser/navigation_entry.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_process_host.h" #include "content/public/browser/web_contents.h" #include "services/network/public/cpp/shared_url_loader_factory.h" #include "services/network/public/mojom/fetch_api.mojom.h" #include "services/service_manager/public/cpp/interface_provider.h" #include "third_party/protobuf/src/google/protobuf/repeated_ptr_field.h" BrowserThread; NavigationEntry; WebContents; // Keep in sync with KMaxNodes in components/safe_browsing/content/renderer/ // threat_dom_details.cc static const uint32_t kMaxDomNodes = …; namespace safe_browsing { // static ThreatDetailsFactory* ThreatDetails::factory_ = …; namespace { // An element ID indicating that an HTML Element has no parent. const int kElementIdNoParent = …; // The number of user gestures to trace back for the referrer chain. const int kThreatDetailsUserGestureLimit = …; StringSet; // A set of HTTPS headers that are allowed to be collected. Contains both // request and response headers. All entries in this list should be lower-case // to support case-insensitive comparison. struct AllowlistedHttpsHeadersTraits : base::internal::DestructorAtExitLazyInstanceTraits<StringSet> { … }; base::LazyInstance<StringSet, AllowlistedHttpsHeadersTraits> g_https_headers_allowlist = …; // Clears the specified HTTPS resource of any sensitive data, only retaining // data that is allowlisted for collection. void ClearHttpsResource(ClientSafeBrowsingReportRequest::Resource* resource) { … } std::string GetElementKey(const int frame_tree_node_id, const int element_node_id) { … } void TrimElements(const std::set<int> target_ids, ElementMap* elements, ResourceMap* resources) { … } } // namespace // The default ThreatDetailsFactory. Global, made a singleton so we // don't leak it. class ThreatDetailsFactoryImpl : public ThreatDetailsFactory { … }; static base::LazyInstance<ThreatDetailsFactoryImpl>::DestructorAtExit g_threat_details_factory_impl = …; // Create a ThreatDetails for the given tab. /* static */ std::unique_ptr<ThreatDetails> ThreatDetails::NewThreatDetails( BaseUIManager* ui_manager, WebContents* web_contents, const UnsafeResource& resource, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory, history::HistoryService* history_service, ReferrerChainProvider* referrer_chain_provider, bool trim_to_ad_tags, ThreatDetailsDoneCallback done_callback) { … } // Create a ThreatDetails for the given tab. Runs in the UI thread. ThreatDetails::ThreatDetails( BaseUIManager* ui_manager, content::WebContents* web_contents, const UnsafeResource& resource, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory, history::HistoryService* history_service, ReferrerChainProvider* referrer_chain_provider, bool trim_to_ad_tags, ThreatDetailsDoneCallback done_callback) : … { … } // TODO(lpz): Consider making this constructor delegate to the parameterized one // above. ThreatDetails::ThreatDetails() : … { … } ThreatDetails::~ThreatDetails() = default; // Looks for a Resource for the given url in resources_. If found, it // updates |resource|. Otherwise, it creates a new message, adds it to // resources_ and updates |resource| to point to it. // ClientSafeBrowsingReportRequest::Resource* ThreatDetails::FindOrCreateResource( const GURL& url) { … } HTMLElement* ThreatDetails::FindOrCreateElement( const std::string& element_key) { … } ClientSafeBrowsingReportRequest::Resource* ThreatDetails::AddUrl( const GURL& url, const GURL& parent, const std::string& tagname, const std::vector<GURL>* children) { … } void ThreatDetails::AddDomElement( const int frame_tree_node_id, const int element_node_id, const std::string& tagname, const int parent_element_node_id, const std::vector<mojom::AttributeNameValuePtr> attributes, const std::string& inner_html, const ClientSafeBrowsingReportRequest::Resource* resource) { … } void ThreatDetails::StartCollection() { … } void ThreatDetails::RequestThreatDOMDetails(content::RenderFrameHost* frame) { … } // When the renderer is done, this is called. void ThreatDetails::OnReceivedThreatDOMDetails( mojo::Remote<mojom::ThreatReporter> threat_reporter, content::WeakDocumentPtr sender, std::vector<mojom::ThreatDOMDetailsNodePtr> params) { … } void ThreatDetails::AddDOMDetails( const int frame_tree_node_id, std::vector<mojom::ThreatDOMDetailsNodePtr> params, const KeyToFrameTreeIdMap& child_frame_tree_map) { … } // Called from the SB Service on the IO thread, after the user has // closed the tab, or clicked proceed or goback. Since the user needs // to take an action, we expect this to be called after // OnReceivedThreatDOMDetails in most cases. If not, we don't include // the DOM data in our report. void ThreatDetails::FinishCollection( bool did_proceed, int num_visit, std::unique_ptr<security_interstitials::InterstitialInteractionMap> interstitial_interactions, std::optional<int64_t> warning_shown_ts) { … } void ThreatDetails::OnRedirectionCollectionReady() { … } void ThreatDetails::AddRedirectUrlList(const std::vector<GURL>& urls) { … } void ThreatDetails::OnCacheCollectionReady() { … } bool ThreatDetails::ShouldFillReferrerChain() { … } void ThreatDetails::FillReferrerChain( google::protobuf::RepeatedPtrField<ReferrerChainEntry>* out_referrer_chain) { … } bool ThreatDetails::ShouldFillInterstitialInteractions() { … } void ThreatDetails::MaybeAttachThreatDetailsAndLaunchSurvey() { … } void ThreatDetails::AllDone() { … } base::WeakPtr<ThreatDetails> ThreatDetails::GetWeakPtr() { … } } // namespace safe_browsing
Codebase Browser
chromium