#include "components/safe_browsing/content/browser/web_ui/safe_browsing_ui.h"
#include <stddef.h>
#include <algorithm>
#include <memory>
#include <utility>
#include <vector>
#include "base/base64.h"
#include "base/base64url.h"
#include "base/command_line.h"
#include "base/functional/bind.h"
#include "base/functional/callback.h"
#include "base/functional/callback_helpers.h"
#include "base/i18n/number_formatting.h"
#include "base/i18n/time_formatting.h"
#include "base/json/json_string_value_serializer.h"
#include "base/memory/ref_counted.h"
#include "base/no_destructor.h"
#include "base/notreached.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/utf_string_conversions.h"
#include "base/time/time.h"
#include "base/values.h"
#include "build/build_config.h"
#include "components/grit/components_resources.h"
#include "components/grit/components_scaled_resources.h"
#include "components/password_manager/core/browser/hash_password_manager.h"
#include "components/safe_browsing/buildflags.h"
#include "components/safe_browsing/core/browser/referrer_chain_provider.h"
#include "components/safe_browsing/core/common/features.h"
#include "components/safe_browsing/core/common/proto/csd.pb.h"
#include "components/safe_browsing/core/common/proto/safebrowsingv5.pb.h"
#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
#include "content/public/browser/global_routing_id.h"
#include "services/network/public/mojom/cookie_manager.mojom.h"
#if BUILDFLAG(FULL_SAFE_BROWSING)
#include "components/enterprise/common/proto/connectors.pb.h"
#endif
#include "components/safe_browsing/core/common/web_ui_constants.h"
#include "components/strings/grit/components_strings.h"
#include "components/user_prefs/user_prefs.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/web_contents.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"
#if BUILDFLAG(SAFE_BROWSING_DB_LOCAL)
#include "components/safe_browsing/core/browser/db/v4_local_database_manager.h"
#endif
#if BUILDFLAG(FULL_SAFE_BROWSING)
TriggeredRule;
#endif
Time;
GaiaPasswordReuse;
PasswordCaptured;
PasswordReuseLookup;
PasswordReuseDetected;
PasswordReuseDialogInteraction;
namespace safe_browsing {
WebUIInfoSingleton::WebUIInfoSingleton() = default;
WebUIInfoSingleton::~WebUIInfoSingleton() = default;
WebUIInfoSingleton* WebUIInfoSingleton::GetInstance() { … }
bool WebUIInfoSingleton::HasListener() { … }
void WebUIInfoSingleton::AddToDownloadUrlsChecked(const std::vector<GURL>& urls,
DownloadCheckResult result) { … }
void WebUIInfoSingleton::AddToClientDownloadRequestsSent(
std::unique_ptr<ClientDownloadRequest> client_download_request) { … }
void WebUIInfoSingleton::ClearDownloadUrlsChecked() { … }
void WebUIInfoSingleton::ClearClientDownloadRequestsSent() { … }
void WebUIInfoSingleton::AddToClientDownloadResponsesReceived(
std::unique_ptr<ClientDownloadResponse> client_download_response) { … }
void WebUIInfoSingleton::ClearClientDownloadResponsesReceived() { … }
void WebUIInfoSingleton::AddToClientPhishingRequestsSent(
std::unique_ptr<ClientPhishingRequest> client_phishing_request,
std::string token) { … }
void WebUIInfoSingleton::ClearClientPhishingRequestsSent() { … }
void WebUIInfoSingleton::AddToClientPhishingResponsesReceived(
std::unique_ptr<ClientPhishingResponse> client_phishing_response) { … }
void WebUIInfoSingleton::ClearClientPhishingResponsesReceived() { … }
void WebUIInfoSingleton::AddToCSBRRsSent(
std::unique_ptr<ClientSafeBrowsingReportRequest> csbrr) { … }
void WebUIInfoSingleton::ClearCSBRRsSent() { … }
void WebUIInfoSingleton::SetOnCSBRRLoggedCallbackForTesting(
base::OnceClosure on_done) { … }
void WebUIInfoSingleton::AddToHitReportsSent(
std::unique_ptr<HitReport> hit_report) { … }
void WebUIInfoSingleton::ClearHitReportsSent() { … }
void WebUIInfoSingleton::AddToPGEvents(
const sync_pb::UserEventSpecifics& event) { … }
void WebUIInfoSingleton::ClearPGEvents() { … }
void WebUIInfoSingleton::AddToSecurityEvents(
const sync_pb::GaiaPasswordReuse& event) { … }
void WebUIInfoSingleton::ClearSecurityEvents() { … }
int WebUIInfoSingleton::AddToPGPings(
const LoginReputationClientRequest& request,
const std::string oauth_token) { … }
void WebUIInfoSingleton::AddToPGResponses(
int token,
const LoginReputationClientResponse& response) { … }
void WebUIInfoSingleton::ClearPGPings() { … }
int WebUIInfoSingleton::AddToURTLookupPings(const RTLookupRequest request,
const std::string oauth_token) { … }
void WebUIInfoSingleton::AddToURTLookupResponses(
int token,
const RTLookupResponse response) { … }
void WebUIInfoSingleton::ClearURTLookupPings() { … }
std::optional<int> WebUIInfoSingleton::AddToHPRTLookupPings(
V5::SearchHashesRequest* inner_request,
std::string relay_url_spec,
std::string ohttp_key) { … }
void WebUIInfoSingleton::AddToHPRTLookupResponses(
int token,
V5::SearchHashesResponse* response) { … }
void WebUIInfoSingleton::ClearHPRTLookupPings() { … }
void WebUIInfoSingleton::LogMessage(const std::string& message) { … }
void WebUIInfoSingleton::ClearLogMessages() { … }
void WebUIInfoSingleton::NotifyLogMessageListeners(
const base::Time& timestamp,
const std::string& message) { … }
void WebUIInfoSingleton::AddToReportingEvents(const base::Value::Dict& event) { … }
void WebUIInfoSingleton::ClearReportingEvents() { … }
#if BUILDFLAG(FULL_SAFE_BROWSING)
void WebUIInfoSingleton::AddToDeepScanRequests(
bool per_profile_request,
const std::string& access_token,
const std::string& upload_info,
const std::string& upload_url,
const enterprise_connectors::ContentAnalysisRequest& request) { … }
void WebUIInfoSingleton::AddToDeepScanResponses(
const std::string& token,
const std::string& status,
const enterprise_connectors::ContentAnalysisResponse& response) { … }
void WebUIInfoSingleton::ClearDeepScans() { … }
void WebUIInfoSingleton::SetTailoredVerdictOverride(
ClientDownloadResponse::TailoredVerdict new_value,
const SafeBrowsingUIHandler* new_source) { … }
void WebUIInfoSingleton::ClearTailoredVerdictOverride() { … }
#endif
void WebUIInfoSingleton::RegisterWebUIInstance(SafeBrowsingUIHandler* webui) { … }
void WebUIInfoSingleton::UnregisterWebUIInstance(SafeBrowsingUIHandler* webui) { … }
mojo::Remote<network::mojom::CookieManager>
WebUIInfoSingleton::GetCookieManager(content::BrowserContext* browser_context) { … }
ReferrerChainProvider* WebUIInfoSingleton::GetReferrerChainProvider(
content::BrowserContext* browser_context) { … }
#if BUILDFLAG(IS_ANDROID)
ReferringAppInfo WebUIInfoSingleton::GetReferringAppInfo(
content::WebContents* web_contents) {
return sb_service_ ? sb_service_->GetReferringAppInfo(web_contents)
: ReferringAppInfo{};
}
#endif
void WebUIInfoSingleton::ClearListenerForTesting() { … }
void WebUIInfoSingleton::MaybeClearData() { … }
#if BUILDFLAG(FULL_SAFE_BROWSING)
DeepScanDebugData::DeepScanDebugData() = default;
DeepScanDebugData::DeepScanDebugData(const DeepScanDebugData&) = default;
DeepScanDebugData::~DeepScanDebugData() = default;
TailoredVerdictOverrideData::TailoredVerdictOverrideData() = default;
TailoredVerdictOverrideData::~TailoredVerdictOverrideData() = default;
void TailoredVerdictOverrideData::Set(
ClientDownloadResponse::TailoredVerdict new_value,
const SafeBrowsingUIHandler* new_source) { … }
bool TailoredVerdictOverrideData::IsFromSource(
const SafeBrowsingUIHandler* maybe_source) const { … }
void TailoredVerdictOverrideData::Clear() { … }
#endif
namespace {
#if BUILDFLAG(SAFE_BROWSING_DB_LOCAL)
std::string UserReadableTimeFromMillisSinceEpoch(int64_t time_in_milliseconds) { … }
void AddStoreInfo(const DatabaseManagerInfo::DatabaseInfo::StoreInfo store_info,
base::Value::List& database_info_list) { … }
void AddDatabaseInfo(const DatabaseManagerInfo::DatabaseInfo database_info,
base::Value::List& database_info_list) { … }
void AddUpdateInfo(const DatabaseManagerInfo::UpdateInfo update_info,
base::Value::List& database_info_list) { … }
void ParseFullHashInfo(
const FullHashCacheInfo::FullHashCache::CachedHashPrefixInfo::FullHashInfo
full_hash_info,
base::Value::Dict& full_hash_info_dict) { … }
void ParseFullHashCache(const FullHashCacheInfo::FullHashCache full_hash_cache,
base::Value::List& full_hash_cache_list) { … }
void ParseFullHashCacheInfo(const FullHashCacheInfo full_hash_cache_info_proto,
base::Value::List& full_hash_cache_info) { … }
std::string AddFullHashCacheInfo(
const FullHashCacheInfo full_hash_cache_info_proto) { … }
#endif
base::Value::Dict SerializeImageFeatureEmbedding(
ImageFeatureEmbedding image_feature_embedding) { … }
base::Value::Dict SerializeChromeUserPopulation(
const ChromeUserPopulation& population) { … }
base::Value::Dict SerializeReferrer(const ReferrerChainEntry& referrer) { … }
std::string SerializeClientDownloadRequest(const ClientDownloadRequest& cdr) { … }
base::Value::Dict SerializeTailoredVerdict(
const ClientDownloadResponse::TailoredVerdict& tv) { … }
std::string SerializeClientDownloadResponse(const ClientDownloadResponse& cdr) { … }
base::Value::Dict SerializeVisualFeatures(
const VisualFeatures& visual_features) { … }
std::string SerializeClientPhishingRequest(
const ClientPhishingRequestAndToken& cprat) { … }
std::string SerializeClientPhishingResponse(const ClientPhishingResponse& cpr) { … }
base::Value::Dict SerializeHTTPHeader(
const ClientSafeBrowsingReportRequest::HTTPHeader& header) { … }
base::Value::Dict SerializeResource(
const ClientSafeBrowsingReportRequest::Resource& resource) { … }
base::Value::Dict SerializeHTMLElement(const HTMLElement& element) { … }
base::Value::Dict SerializeSafeBrowsingClientProperties(
const ClientSafeBrowsingReportRequest::SafeBrowsingClientProperties&
client_properties) { … }
base::Value::Dict SerializeDownloadWarningAction(
const ClientSafeBrowsingReportRequest::DownloadWarningAction&
download_warning_action) { … }
std::string SerializeCSBRR(const ClientSafeBrowsingReportRequest& report) { … }
std::string SerializeHitReport(const HitReport& hit_report) { … }
base::Value::Dict SerializePGEvent(const sync_pb::UserEventSpecifics& event) { … }
base::Value::Dict SerializeSecurityEvent(
const sync_pb::GaiaPasswordReuse& event) { … }
base::Value::Dict SerializeFrame(
const LoginReputationClientRequest::Frame& frame) { … }
base::Value::Dict SerializePasswordReuseEvent(
const LoginReputationClientRequest::PasswordReuseEvent& event) { … }
base::Value::Dict SerializeRTThreatInfo(
const RTLookupResponse::ThreatInfo& threat_info) { … }
base::Value::Dict SerializeDomFeatures(const DomFeatures& dom_features) { … }
base::Value::Dict SerializeUrlDisplayExperiment(
const LoginReputationClientRequest::UrlDisplayExperiment& experiment) { … }
#if BUILDFLAG(IS_ANDROID)
base::Value::Dict SerializeReferringAppInfo(const ReferringAppInfo& info) {
base::Value::Dict dict;
dict.Set(
"referring_app_source",
LoginReputationClientRequest_ReferringAppInfo_ReferringAppSource_Name(
info.referring_app_source));
dict.Set("referring_app_info", info.referring_app_name);
dict.Set("target_url", info.target_url.spec());
return dict;
}
#endif
base::Value::Dict SerializeReferringAppInfo(
const LoginReputationClientRequest::ReferringAppInfo& info) { … }
base::Value::Dict SerializeCsdDebuggingMetadata(
const LoginReputationClientRequest::DebuggingMetadata& debugging_metadata) { … }
std::string SerializePGPing(
const LoginReputationClientRequestAndToken& request_and_token) { … }
std::string SerializePGResponse(const LoginReputationClientResponse& response) { … }
std::string SerializeURTLookupPing(const URTLookupRequest& ping) { … }
std::string SerializeURTLookupResponse(const RTLookupResponse& response) { … }
std::string SerializeHPRTLookupPing(const HPRTLookupRequest& ping) { … }
std::string SerializeHPRTLookupResponse(
const V5::SearchHashesResponse& response) { … }
base::Value::Dict SerializeLogMessage(const base::Time& timestamp,
const std::string& message) { … }
base::Value::Dict SerializeReportingEvent(const base::Value::Dict& event) { … }
#if BUILDFLAG(FULL_SAFE_BROWSING)
std::string SerializeContentAnalysisRequest(
bool per_profile_request,
const std::string& access_token_truncated,
const std::string& upload_info,
const std::string& upload_url,
const enterprise_connectors::ContentAnalysisRequest& request) { … }
std::string SerializeContentAnalysisResponse(
const enterprise_connectors::ContentAnalysisResponse& response) { … }
base::Value::Dict SerializeDeepScanDebugData(const std::string& token,
const DeepScanDebugData& data) { … }
#endif
}
SafeBrowsingUI::SafeBrowsingUI(
content::WebUI* web_ui,
std::unique_ptr<SafeBrowsingLocalStateDelegate> delegate)
: … { … }
SafeBrowsingUI::~SafeBrowsingUI() { … }
SafeBrowsingUIHandler::SafeBrowsingUIHandler(
content::BrowserContext* context,
std::unique_ptr<SafeBrowsingLocalStateDelegate> delegate)
: … { … }
SafeBrowsingUIHandler::~SafeBrowsingUIHandler() { … }
void SafeBrowsingUIHandler::OnJavascriptAllowed() { … }
void SafeBrowsingUIHandler::OnJavascriptDisallowed() { … }
void SafeBrowsingUIHandler::GetExperiments(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetPrefs(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetPolicies(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetCookie(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::OnGetCookie(
const std::string& callback_id,
const std::vector<net::CanonicalCookie>& cookies) { … }
void SafeBrowsingUIHandler::GetSavedPasswords(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetDatabaseManagerInfo(
const base::Value::List& args) { … }
std::string SerializeDownloadUrlChecked(const std::vector<GURL>& urls,
DownloadCheckResult result) { … }
void SafeBrowsingUIHandler::GetDownloadUrlsChecked(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetSentClientDownloadRequests(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetReceivedClientDownloadResponses(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetSentClientPhishingRequests(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetReceivedClientPhishingResponses(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetSentCSBRRs(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetSentHitReports(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetPGEvents(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetSecurityEvents(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetPGPings(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetPGResponses(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetURTLookupPings(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetURTLookupResponses(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetHPRTLookupPings(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetHPRTLookupResponses(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetReferrerChain(const base::Value::List& args) { … }
#if BUILDFLAG(IS_ANDROID)
void SafeBrowsingUIHandler::GetReferringAppInfo(const base::Value::List& args) {
base::Value::Dict referring_app_value;
ReferringAppInfo info =
WebUIInfoSingleton::GetInstance()->GetReferringAppInfo(
web_ui()->GetWebContents());
referring_app_value = SerializeReferringAppInfo(info);
std::string referring_app_serialized;
JSONStringValueSerializer serializer(&referring_app_serialized);
serializer.set_pretty_print(true);
serializer.Serialize(referring_app_value);
AllowJavascript();
DCHECK(!args.empty());
std::string callback_id = args[0].GetString();
ResolveJavascriptCallback(base::Value(callback_id),
base::Value(referring_app_serialized));
}
#endif
void SafeBrowsingUIHandler::GetReportingEvents(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetLogMessages(const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetDeepScans(const base::Value::List& args) { … }
base::Value::Dict SafeBrowsingUIHandler::GetFormattedTailoredVerdictOverride() { … }
void SafeBrowsingUIHandler::SetTailoredVerdictOverride(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::GetTailoredVerdictOverride(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::ClearTailoredVerdictOverride(
const base::Value::List& args) { … }
void SafeBrowsingUIHandler::ResolveTailoredVerdictOverrideCallback(
const std::string& callback_id) { … }
void SafeBrowsingUIHandler::NotifyTailoredVerdictOverrideJsListener() { … }
void SafeBrowsingUIHandler::NotifyDownloadUrlCheckedJsListener(
const std::vector<GURL>& urls,
DownloadCheckResult result) { … }
void SafeBrowsingUIHandler::NotifyClientDownloadRequestJsListener(
ClientDownloadRequest* client_download_request) { … }
void SafeBrowsingUIHandler::NotifyClientDownloadResponseJsListener(
ClientDownloadResponse* client_download_response) { … }
void SafeBrowsingUIHandler::NotifyClientPhishingRequestJsListener(
const ClientPhishingRequestAndToken& client_phishing_request) { … }
void SafeBrowsingUIHandler::NotifyClientPhishingResponseJsListener(
ClientPhishingResponse* client_phishing_response) { … }
void SafeBrowsingUIHandler::NotifyCSBRRJsListener(
ClientSafeBrowsingReportRequest* csbrr) { … }
void SafeBrowsingUIHandler::NotifyHitReportJsListener(HitReport* hit_report) { … }
void SafeBrowsingUIHandler::NotifyPGEventJsListener(
const sync_pb::UserEventSpecifics& event) { … }
void SafeBrowsingUIHandler::NotifySecurityEventJsListener(
const sync_pb::GaiaPasswordReuse& event) { … }
void SafeBrowsingUIHandler::NotifyPGPingJsListener(
int token,
const LoginReputationClientRequestAndToken& request) { … }
void SafeBrowsingUIHandler::NotifyPGResponseJsListener(
int token,
const LoginReputationClientResponse& response) { … }
void SafeBrowsingUIHandler::NotifyURTLookupPingJsListener(
int token,
const URTLookupRequest& request) { … }
void SafeBrowsingUIHandler::NotifyURTLookupResponseJsListener(
int token,
const RTLookupResponse& response) { … }
void SafeBrowsingUIHandler::NotifyHPRTLookupPingJsListener(
int token,
const HPRTLookupRequest& request) { … }
void SafeBrowsingUIHandler::NotifyHPRTLookupResponseJsListener(
int token,
const V5::SearchHashesResponse& response) { … }
void SafeBrowsingUIHandler::NotifyLogMessageJsListener(
const base::Time& timestamp,
const std::string& message) { … }
void SafeBrowsingUIHandler::NotifyReportingEventJsListener(
const base::Value::Dict& event) { … }
#if BUILDFLAG(FULL_SAFE_BROWSING)
void SafeBrowsingUIHandler::NotifyDeepScanJsListener(
const std::string& token,
const DeepScanDebugData& deep_scan_data) { … }
#endif
void SafeBrowsingUIHandler::RegisterMessages() { … }
void SafeBrowsingUIHandler::SetWebUIForTesting(content::WebUI* web_ui) { … }
CrSBLogMessage::CrSBLogMessage() { … }
CrSBLogMessage::~CrSBLogMessage() { … }
}