chromium/components/safe_browsing/content/browser/web_ui/safe_browsing_ui.cc

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/safe_browsing/content/browser/web_ui/safe_browsing_ui.h"

#include <stddef.h>

#include <algorithm>
#include <memory>
#include <utility>
#include <vector>

#include "base/base64.h"
#include "base/base64url.h"
#include "base/command_line.h"
#include "base/functional/bind.h"
#include "base/functional/callback.h"
#include "base/functional/callback_helpers.h"
#include "base/i18n/number_formatting.h"
#include "base/i18n/time_formatting.h"
#include "base/json/json_string_value_serializer.h"
#include "base/memory/ref_counted.h"
#include "base/no_destructor.h"
#include "base/notreached.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/utf_string_conversions.h"
#include "base/time/time.h"
#include "base/values.h"
#include "build/build_config.h"
#include "components/grit/components_resources.h"
#include "components/grit/components_scaled_resources.h"
#include "components/password_manager/core/browser/hash_password_manager.h"
#include "components/safe_browsing/buildflags.h"
#include "components/safe_browsing/core/browser/referrer_chain_provider.h"
#include "components/safe_browsing/core/common/features.h"
#include "components/safe_browsing/core/common/proto/csd.pb.h"
#include "components/safe_browsing/core/common/proto/safebrowsingv5.pb.h"
#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
#include "content/public/browser/global_routing_id.h"
#include "services/network/public/mojom/cookie_manager.mojom.h"
#if BUILDFLAG(FULL_SAFE_BROWSING)
#include "components/enterprise/common/proto/connectors.pb.h"
#endif
#include "components/safe_browsing/core/common/web_ui_constants.h"
#include "components/strings/grit/components_strings.h"
#include "components/user_prefs/user_prefs.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/web_contents.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"

#if BUILDFLAG(SAFE_BROWSING_DB_LOCAL)
#include "components/safe_browsing/core/browser/db/v4_local_database_manager.h"
#endif

#if BUILDFLAG(FULL_SAFE_BROWSING)
TriggeredRule;
#endif

Time;
GaiaPasswordReuse;
PasswordCaptured;
PasswordReuseLookup;
PasswordReuseDetected;
PasswordReuseDialogInteraction;

namespace safe_browsing {
WebUIInfoSingleton::WebUIInfoSingleton() = default;

WebUIInfoSingleton::~WebUIInfoSingleton() = default;

// static
WebUIInfoSingleton* WebUIInfoSingleton::GetInstance() {}

// static
bool WebUIInfoSingleton::HasListener() {}

void WebUIInfoSingleton::AddToDownloadUrlsChecked(const std::vector<GURL>& urls,
                                                  DownloadCheckResult result) {}

void WebUIInfoSingleton::AddToClientDownloadRequestsSent(
    std::unique_ptr<ClientDownloadRequest> client_download_request) {}

void WebUIInfoSingleton::ClearDownloadUrlsChecked() {}

void WebUIInfoSingleton::ClearClientDownloadRequestsSent() {}

void WebUIInfoSingleton::AddToClientDownloadResponsesReceived(
    std::unique_ptr<ClientDownloadResponse> client_download_response) {}

void WebUIInfoSingleton::ClearClientDownloadResponsesReceived() {}

void WebUIInfoSingleton::AddToClientPhishingRequestsSent(
    std::unique_ptr<ClientPhishingRequest> client_phishing_request,
    std::string token) {}

void WebUIInfoSingleton::ClearClientPhishingRequestsSent() {}

void WebUIInfoSingleton::AddToClientPhishingResponsesReceived(
    std::unique_ptr<ClientPhishingResponse> client_phishing_response) {}

void WebUIInfoSingleton::ClearClientPhishingResponsesReceived() {}

void WebUIInfoSingleton::AddToCSBRRsSent(
    std::unique_ptr<ClientSafeBrowsingReportRequest> csbrr) {}

void WebUIInfoSingleton::ClearCSBRRsSent() {}

void WebUIInfoSingleton::SetOnCSBRRLoggedCallbackForTesting(
    base::OnceClosure on_done) {}

void WebUIInfoSingleton::AddToHitReportsSent(
    std::unique_ptr<HitReport> hit_report) {}

void WebUIInfoSingleton::ClearHitReportsSent() {}

void WebUIInfoSingleton::AddToPGEvents(
    const sync_pb::UserEventSpecifics& event) {}

void WebUIInfoSingleton::ClearPGEvents() {}

void WebUIInfoSingleton::AddToSecurityEvents(
    const sync_pb::GaiaPasswordReuse& event) {}

void WebUIInfoSingleton::ClearSecurityEvents() {}

int WebUIInfoSingleton::AddToPGPings(
    const LoginReputationClientRequest& request,
    const std::string oauth_token) {}

void WebUIInfoSingleton::AddToPGResponses(
    int token,
    const LoginReputationClientResponse& response) {}

void WebUIInfoSingleton::ClearPGPings() {}

int WebUIInfoSingleton::AddToURTLookupPings(const RTLookupRequest request,
                                            const std::string oauth_token) {}

void WebUIInfoSingleton::AddToURTLookupResponses(
    int token,
    const RTLookupResponse response) {}

void WebUIInfoSingleton::ClearURTLookupPings() {}

std::optional<int> WebUIInfoSingleton::AddToHPRTLookupPings(
    V5::SearchHashesRequest* inner_request,
    std::string relay_url_spec,
    std::string ohttp_key) {}

void WebUIInfoSingleton::AddToHPRTLookupResponses(
    int token,
    V5::SearchHashesResponse* response) {}

void WebUIInfoSingleton::ClearHPRTLookupPings() {}

void WebUIInfoSingleton::LogMessage(const std::string& message) {}

void WebUIInfoSingleton::ClearLogMessages() {}

/* static */ void WebUIInfoSingleton::NotifyLogMessageListeners(
    const base::Time& timestamp,
    const std::string& message) {}

void WebUIInfoSingleton::AddToReportingEvents(const base::Value::Dict& event) {}

void WebUIInfoSingleton::ClearReportingEvents() {}

#if BUILDFLAG(FULL_SAFE_BROWSING)
void WebUIInfoSingleton::AddToDeepScanRequests(
    bool per_profile_request,
    const std::string& access_token,
    const std::string& upload_info,
    const std::string& upload_url,
    const enterprise_connectors::ContentAnalysisRequest& request) {}

void WebUIInfoSingleton::AddToDeepScanResponses(
    const std::string& token,
    const std::string& status,
    const enterprise_connectors::ContentAnalysisResponse& response) {}

void WebUIInfoSingleton::ClearDeepScans() {}

void WebUIInfoSingleton::SetTailoredVerdictOverride(
    ClientDownloadResponse::TailoredVerdict new_value,
    const SafeBrowsingUIHandler* new_source) {}

void WebUIInfoSingleton::ClearTailoredVerdictOverride() {}
#endif  // BUILDFLAG(FULL_SAFE_BROWSING)

void WebUIInfoSingleton::RegisterWebUIInstance(SafeBrowsingUIHandler* webui) {}

void WebUIInfoSingleton::UnregisterWebUIInstance(SafeBrowsingUIHandler* webui) {}

mojo::Remote<network::mojom::CookieManager>
WebUIInfoSingleton::GetCookieManager(content::BrowserContext* browser_context) {}

ReferrerChainProvider* WebUIInfoSingleton::GetReferrerChainProvider(
    content::BrowserContext* browser_context) {}

#if BUILDFLAG(IS_ANDROID)
ReferringAppInfo WebUIInfoSingleton::GetReferringAppInfo(
    content::WebContents* web_contents) {
  return sb_service_ ? sb_service_->GetReferringAppInfo(web_contents)
                     : ReferringAppInfo{};
}
#endif

void WebUIInfoSingleton::ClearListenerForTesting() {}

void WebUIInfoSingleton::MaybeClearData() {}

#if BUILDFLAG(FULL_SAFE_BROWSING)
DeepScanDebugData::DeepScanDebugData() = default;
DeepScanDebugData::DeepScanDebugData(const DeepScanDebugData&) = default;
DeepScanDebugData::~DeepScanDebugData() = default;

TailoredVerdictOverrideData::TailoredVerdictOverrideData() = default;
TailoredVerdictOverrideData::~TailoredVerdictOverrideData() = default;

void TailoredVerdictOverrideData::Set(
    ClientDownloadResponse::TailoredVerdict new_value,
    const SafeBrowsingUIHandler* new_source) {}

bool TailoredVerdictOverrideData::IsFromSource(
    const SafeBrowsingUIHandler* maybe_source) const {}

void TailoredVerdictOverrideData::Clear() {}
#endif

namespace {
#if BUILDFLAG(SAFE_BROWSING_DB_LOCAL)

std::string UserReadableTimeFromMillisSinceEpoch(int64_t time_in_milliseconds) {}

void AddStoreInfo(const DatabaseManagerInfo::DatabaseInfo::StoreInfo store_info,
                  base::Value::List& database_info_list) {}

void AddDatabaseInfo(const DatabaseManagerInfo::DatabaseInfo database_info,
                     base::Value::List& database_info_list) {}

void AddUpdateInfo(const DatabaseManagerInfo::UpdateInfo update_info,
                   base::Value::List& database_info_list) {}

void ParseFullHashInfo(
    const FullHashCacheInfo::FullHashCache::CachedHashPrefixInfo::FullHashInfo
        full_hash_info,
    base::Value::Dict& full_hash_info_dict) {}

void ParseFullHashCache(const FullHashCacheInfo::FullHashCache full_hash_cache,
                        base::Value::List& full_hash_cache_list) {}

void ParseFullHashCacheInfo(const FullHashCacheInfo full_hash_cache_info_proto,
                            base::Value::List& full_hash_cache_info) {}

std::string AddFullHashCacheInfo(
    const FullHashCacheInfo full_hash_cache_info_proto) {}

#endif

base::Value::Dict SerializeImageFeatureEmbedding(
    ImageFeatureEmbedding image_feature_embedding) {}

base::Value::Dict SerializeChromeUserPopulation(
    const ChromeUserPopulation& population) {}

base::Value::Dict SerializeReferrer(const ReferrerChainEntry& referrer) {}

std::string SerializeClientDownloadRequest(const ClientDownloadRequest& cdr) {}

base::Value::Dict SerializeTailoredVerdict(
    const ClientDownloadResponse::TailoredVerdict& tv) {}

std::string SerializeClientDownloadResponse(const ClientDownloadResponse& cdr) {}

base::Value::Dict SerializeVisualFeatures(
    const VisualFeatures& visual_features) {}

std::string SerializeClientPhishingRequest(
    const ClientPhishingRequestAndToken& cprat) {}

std::string SerializeClientPhishingResponse(const ClientPhishingResponse& cpr) {}

base::Value::Dict SerializeHTTPHeader(
    const ClientSafeBrowsingReportRequest::HTTPHeader& header) {}

base::Value::Dict SerializeResource(
    const ClientSafeBrowsingReportRequest::Resource& resource) {}

base::Value::Dict SerializeHTMLElement(const HTMLElement& element) {}

base::Value::Dict SerializeSafeBrowsingClientProperties(
    const ClientSafeBrowsingReportRequest::SafeBrowsingClientProperties&
        client_properties) {}

base::Value::Dict SerializeDownloadWarningAction(
    const ClientSafeBrowsingReportRequest::DownloadWarningAction&
        download_warning_action) {}

std::string SerializeCSBRR(const ClientSafeBrowsingReportRequest& report) {}

std::string SerializeHitReport(const HitReport& hit_report) {}

base::Value::Dict SerializePGEvent(const sync_pb::UserEventSpecifics& event) {}

base::Value::Dict SerializeSecurityEvent(
    const sync_pb::GaiaPasswordReuse& event) {}

base::Value::Dict SerializeFrame(
    const LoginReputationClientRequest::Frame& frame) {}

base::Value::Dict SerializePasswordReuseEvent(
    const LoginReputationClientRequest::PasswordReuseEvent& event) {}

base::Value::Dict SerializeRTThreatInfo(
    const RTLookupResponse::ThreatInfo& threat_info) {}

base::Value::Dict SerializeDomFeatures(const DomFeatures& dom_features) {}

base::Value::Dict SerializeUrlDisplayExperiment(
    const LoginReputationClientRequest::UrlDisplayExperiment& experiment) {}

#if BUILDFLAG(IS_ANDROID)
base::Value::Dict SerializeReferringAppInfo(const ReferringAppInfo& info) {
  base::Value::Dict dict;
  dict.Set(
      "referring_app_source",
      LoginReputationClientRequest_ReferringAppInfo_ReferringAppSource_Name(
          info.referring_app_source));
  dict.Set("referring_app_info", info.referring_app_name);
  dict.Set("target_url", info.target_url.spec());
  return dict;
}
#endif

base::Value::Dict SerializeReferringAppInfo(
    const LoginReputationClientRequest::ReferringAppInfo& info) {}

base::Value::Dict SerializeCsdDebuggingMetadata(
    const LoginReputationClientRequest::DebuggingMetadata& debugging_metadata) {}

std::string SerializePGPing(
    const LoginReputationClientRequestAndToken& request_and_token) {}

std::string SerializePGResponse(const LoginReputationClientResponse& response) {}

std::string SerializeURTLookupPing(const URTLookupRequest& ping) {}

std::string SerializeURTLookupResponse(const RTLookupResponse& response) {}

std::string SerializeHPRTLookupPing(const HPRTLookupRequest& ping) {}

std::string SerializeHPRTLookupResponse(
    const V5::SearchHashesResponse& response) {}

base::Value::Dict SerializeLogMessage(const base::Time& timestamp,
                                      const std::string& message) {}

base::Value::Dict SerializeReportingEvent(const base::Value::Dict& event) {}

#if BUILDFLAG(FULL_SAFE_BROWSING)
std::string SerializeContentAnalysisRequest(
    bool per_profile_request,
    const std::string& access_token_truncated,
    const std::string& upload_info,
    const std::string& upload_url,
    const enterprise_connectors::ContentAnalysisRequest& request) {}

std::string SerializeContentAnalysisResponse(
    const enterprise_connectors::ContentAnalysisResponse& response) {}

base::Value::Dict SerializeDeepScanDebugData(const std::string& token,
                                             const DeepScanDebugData& data) {}

#endif  // BUILDFLAG(FULL_SAFE_BROWSING)
}  // namespace

SafeBrowsingUI::SafeBrowsingUI(
    content::WebUI* web_ui,
    std::unique_ptr<SafeBrowsingLocalStateDelegate> delegate)
    :{}

SafeBrowsingUI::~SafeBrowsingUI() {}

SafeBrowsingUIHandler::SafeBrowsingUIHandler(
    content::BrowserContext* context,
    std::unique_ptr<SafeBrowsingLocalStateDelegate> delegate)
    :{}

SafeBrowsingUIHandler::~SafeBrowsingUIHandler() {}

void SafeBrowsingUIHandler::OnJavascriptAllowed() {}

void SafeBrowsingUIHandler::OnJavascriptDisallowed() {}

void SafeBrowsingUIHandler::GetExperiments(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetPrefs(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetPolicies(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetCookie(const base::Value::List& args) {}

void SafeBrowsingUIHandler::OnGetCookie(
    const std::string& callback_id,
    const std::vector<net::CanonicalCookie>& cookies) {}

void SafeBrowsingUIHandler::GetSavedPasswords(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetDatabaseManagerInfo(
    const base::Value::List& args) {}

std::string SerializeDownloadUrlChecked(const std::vector<GURL>& urls,
                                        DownloadCheckResult result) {}

void SafeBrowsingUIHandler::GetDownloadUrlsChecked(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetSentClientDownloadRequests(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetReceivedClientDownloadResponses(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetSentClientPhishingRequests(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetReceivedClientPhishingResponses(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetSentCSBRRs(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetSentHitReports(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetPGEvents(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetSecurityEvents(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetPGPings(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetPGResponses(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetURTLookupPings(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetURTLookupResponses(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetHPRTLookupPings(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetHPRTLookupResponses(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetReferrerChain(const base::Value::List& args) {}

#if BUILDFLAG(IS_ANDROID)
void SafeBrowsingUIHandler::GetReferringAppInfo(const base::Value::List& args) {
  base::Value::Dict referring_app_value;
  ReferringAppInfo info =
      WebUIInfoSingleton::GetInstance()->GetReferringAppInfo(
          web_ui()->GetWebContents());
  referring_app_value = SerializeReferringAppInfo(info);

  std::string referring_app_serialized;
  JSONStringValueSerializer serializer(&referring_app_serialized);
  serializer.set_pretty_print(true);
  serializer.Serialize(referring_app_value);

  AllowJavascript();
  DCHECK(!args.empty());
  std::string callback_id = args[0].GetString();
  ResolveJavascriptCallback(base::Value(callback_id),
                            base::Value(referring_app_serialized));
}
#endif

void SafeBrowsingUIHandler::GetReportingEvents(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetLogMessages(const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetDeepScans(const base::Value::List& args) {}

base::Value::Dict SafeBrowsingUIHandler::GetFormattedTailoredVerdictOverride() {}

void SafeBrowsingUIHandler::SetTailoredVerdictOverride(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::GetTailoredVerdictOverride(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::ClearTailoredVerdictOverride(
    const base::Value::List& args) {}

void SafeBrowsingUIHandler::ResolveTailoredVerdictOverrideCallback(
    const std::string& callback_id) {}

void SafeBrowsingUIHandler::NotifyTailoredVerdictOverrideJsListener() {}

void SafeBrowsingUIHandler::NotifyDownloadUrlCheckedJsListener(
    const std::vector<GURL>& urls,
    DownloadCheckResult result) {}

void SafeBrowsingUIHandler::NotifyClientDownloadRequestJsListener(
    ClientDownloadRequest* client_download_request) {}

void SafeBrowsingUIHandler::NotifyClientDownloadResponseJsListener(
    ClientDownloadResponse* client_download_response) {}

void SafeBrowsingUIHandler::NotifyClientPhishingRequestJsListener(
    const ClientPhishingRequestAndToken& client_phishing_request) {}

void SafeBrowsingUIHandler::NotifyClientPhishingResponseJsListener(
    ClientPhishingResponse* client_phishing_response) {}

void SafeBrowsingUIHandler::NotifyCSBRRJsListener(
    ClientSafeBrowsingReportRequest* csbrr) {}

void SafeBrowsingUIHandler::NotifyHitReportJsListener(HitReport* hit_report) {}

void SafeBrowsingUIHandler::NotifyPGEventJsListener(
    const sync_pb::UserEventSpecifics& event) {}

void SafeBrowsingUIHandler::NotifySecurityEventJsListener(
    const sync_pb::GaiaPasswordReuse& event) {}

void SafeBrowsingUIHandler::NotifyPGPingJsListener(
    int token,
    const LoginReputationClientRequestAndToken& request) {}

void SafeBrowsingUIHandler::NotifyPGResponseJsListener(
    int token,
    const LoginReputationClientResponse& response) {}

void SafeBrowsingUIHandler::NotifyURTLookupPingJsListener(
    int token,
    const URTLookupRequest& request) {}

void SafeBrowsingUIHandler::NotifyURTLookupResponseJsListener(
    int token,
    const RTLookupResponse& response) {}

void SafeBrowsingUIHandler::NotifyHPRTLookupPingJsListener(
    int token,
    const HPRTLookupRequest& request) {}

void SafeBrowsingUIHandler::NotifyHPRTLookupResponseJsListener(
    int token,
    const V5::SearchHashesResponse& response) {}

void SafeBrowsingUIHandler::NotifyLogMessageJsListener(
    const base::Time& timestamp,
    const std::string& message) {}

void SafeBrowsingUIHandler::NotifyReportingEventJsListener(
    const base::Value::Dict& event) {}

#if BUILDFLAG(FULL_SAFE_BROWSING)
void SafeBrowsingUIHandler::NotifyDeepScanJsListener(
    const std::string& token,
    const DeepScanDebugData& deep_scan_data) {}
#endif

void SafeBrowsingUIHandler::RegisterMessages() {}

void SafeBrowsingUIHandler::SetWebUIForTesting(content::WebUI* web_ui) {}

CrSBLogMessage::CrSBLogMessage() {}

CrSBLogMessage::~CrSBLogMessage() {}

}  // namespace safe_browsing