// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/ssl/https_first_mode_settings_tracker.h" #include <string_view> #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/json/values_util.h" #include "base/metrics/histogram_functions.h" #include "base/task/thread_pool.h" #include "base/time/default_clock.h" #include "base/values.h" #include "build/chromeos_buildflags.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/metrics/chrome_metrics_service_accessor.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/safe_browsing/advanced_protection_status_manager_factory.h" #include "chrome/browser/ssl/https_upgrades_interceptor.h" #include "chrome/browser/ssl/https_upgrades_util.h" #include "chrome/common/chrome_features.h" #include "chrome/common/pref_names.h" #include "components/prefs/pref_service.h" #include "components/security_interstitials/content/https_only_mode_blocking_page.h" #include "components/security_interstitials/content/stateful_ssl_host_state_delegate.h" #include "components/site_engagement/content/site_engagement_service.h" #include "components/variations/synthetic_trials.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/storage_partition.h" #if BUILDFLAG(IS_CHROMEOS_ASH) #include "chrome/browser/ash/profiles/profile_helper.h" #endif // BUILDFLAG(IS_CHROMEOS_ASH) // Minimum score of an HTTPS origin to enable HFM on its hostname. const base::FeatureParam<int> kHttpsAddThreshold{ … }; // Maximum score of an HTTP origin to enable HFM on its hostname. const base::FeatureParam<int> kHttpsRemoveThreshold{ … }; // If HTTPS score goes below kHttpsRemoveThreshold or HTTP score goes above // kHttpRemoveThreshold, disable HFM on this hostname. const base::FeatureParam<int> kHttpAddThreshold{ … }; const base::FeatureParam<int> kHttpRemoveThreshold{ … }; // Parameters for Typically Secure User heuristic: // The rolling window size during which we check for HTTPS-Upgrades fallback // entries. If the number of fallback entries is smaller than // kMaxRecentFallbackEntryCount, we may automatically enable HTTPS-First Mode. const base::TimeDelta kFallbackEntriesRollingWindowSize = …; // Maximum number of past HTTPS-Upgrade fallback events (i.e. would-be warnings) // to auto-enable HFM, including the current fallback event that's being added // to the events list. const size_t kMaxRecentFallbackEntryCount = …; // Minimum age of the current browser profile to automatically enable HFM. This // prevents auto-enabling HFM immediately upon first launch. const base::TimeDelta kMinTypicallySecureProfileAge = …; // We should observe HTTPS-Upgrade and HFM navigations at least for this long // before enabling HFM. const base::TimeDelta kMinTypicallySecureObservationTime = …; // Minimum total score for a user to be considered typically secure. If the user // doesn't have at least this much engagement score over all sites, they might // not have used Chrome sufficiently for us to auto-enable HFM. const base::FeatureParam<int> kMinTotalEngagementPointsForTypicallySecureUser{ … }; // Rolling window size in days to count recent navigations. Navigations within // this window will be counted to be used for the Typically Secure heuristic. // Navigations older than this many days will be discarded from the count. const base::FeatureParam<int> kNavigationCounterRollingWindowSizeInDays{ … }; // Minimum number of main frame navigations counted in this profile during a // rolling window of kNavigationCounterDefaultRollingWindowSizeInDays for a user // to be considered typically secure. If the user doesn't have at least this // many navigations counted, they might not have used Chrome sufficiently for us // to auto-enable HFM. A default value of 1500 is 100 navigations per day during // the 15 day rolling window. const base::FeatureParam<int> kMinRecentNavigationsForTypicallySecureUser{ … }; // The key for the fallback events in the base preference. constexpr char kFallbackEventsKey[] = …; // The key for the start timestamp in the base preference. This is the time // when we started observing the profile with the Typically Secure User // heuristic. constexpr char kHeuristicStartTimestampKey[] = …; // The key in each fallback event for the fallback event timestamp. A fallback // event is evicted from the list if this timestamp is older than // kFallbackEntriesRollingWindowSize. constexpr char kFallbackEventsPrefTimestampKey[] = …; constexpr int kNavigationCounterDefaultSaveInterval = …; namespace { SiteEngagementHeuristicState; const char kHttpsFirstModeServiceName[] = …; const char kHttpsFirstModeSyntheticFieldTrialName[] = …; const char kHttpsFirstModeSyntheticFieldTrialEnabledGroup[] = …; const char kHttpsFirstModeSyntheticFieldTrialBalancedGroup[] = …; const char kHttpsFirstModeSyntheticFieldTrialDisabledGroup[] = …; // We don't need to protect this with a lock since it's only set while // single-threaded in tests. base::Clock* g_clock = …; base::Clock* GetClock() { … } // Returns the HTTP URL from `http_url` using the test port numbers, if any. // TODO(crbug.com/40904694): Refactor and merge with UpgradeUrlToHttps(). GURL GetHttpUrlFromHttps(const GURL& https_url) { … } // Returns the HTTPS URL from `http_url` using the test port numbers, if any. // TODO(crbug.com/40904694): Refactor and merge with UpgradeUrlToHttps(). GURL GetHttpsUrlFromHttp(const GURL& http_url) { … } std::unique_ptr<KeyedService> BuildService(content::BrowserContext* context) { … } base::Time GetTimestamp(const base::Value::Dict& dict, const char* key) { … } std::string GetSyntheticFieldTrialGroupName(HttpsFirstModeSetting setting) { … } } // namespace HttpsFirstModeService::HttpsFirstModeService(Profile* profile, base::Clock* clock) : … { … } void HttpsFirstModeService::AfterStartup() { … } void HttpsFirstModeService:: CheckUserIsTypicallySecureAndMaybeEnableHttpsFirstMode() { … } HttpsFirstModeService::~HttpsFirstModeService() = default; void HttpsFirstModeService::OnHttpsFirstModePrefChanged() { … } void HttpsFirstModeService::OnAdvancedProtectionStatusChanged(bool enabled) { … } bool HttpsFirstModeService:: IsInterstitialEnabledByTypicallySecureUserHeuristic() const { … } void HttpsFirstModeService::RecordHttpsUpgradeFallbackEvent() { … } bool HttpsFirstModeService::IsUserTypicallySecure() { … } bool HttpsFirstModeService::UpdateFallbackEntries(bool add_new_entry) { … } void HttpsFirstModeService::MaybeEnableHttpsFirstModeForEngagedSites( base::OnceClosure done_callback) { … } void HttpsFirstModeService::ProcessEngagedSitesList( base::OnceClosure done_callback, const std::vector<site_engagement::mojom::SiteEngagementDetails>& details) { … } void HttpsFirstModeService::MaybeEnableHttpsFirstModeForUrl( const GURL& url, site_engagement::SiteEngagementService* engagement_service, StatefulSSLHostStateDelegate* state) { … } HttpsFirstModeSetting HttpsFirstModeService::GetCurrentSetting() const { … } void HttpsFirstModeService::IncrementRecentNavigationCount() { … } size_t HttpsFirstModeService::GetRecentNavigationCount() const { … } void HttpsFirstModeService::SetClockForTesting(base::Clock* clock) { … } size_t HttpsFirstModeService::GetFallbackEntryCountForTesting() const { … } // static HttpsFirstModeService* HttpsFirstModeServiceFactory::GetForProfile( Profile* profile) { … } // static HttpsFirstModeServiceFactory* HttpsFirstModeServiceFactory::GetInstance() { … } // static BrowserContextKeyedServiceFactory::TestingFactory HttpsFirstModeServiceFactory::GetDefaultFactoryForTesting() { … } HttpsFirstModeServiceFactory::HttpsFirstModeServiceFactory() : … { … } HttpsFirstModeServiceFactory::~HttpsFirstModeServiceFactory() = default; std::unique_ptr<KeyedService> HttpsFirstModeServiceFactory::BuildServiceInstanceForBrowserContext( content::BrowserContext* context) const { … } // static base::Clock* HttpsFirstModeServiceFactory::SetClockForTesting( base::Clock* clock) { … }
Codebase Browser
chromium