Home | History | Annotate | Download | only in safe_browsing 
      1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 //
      5 // Classes for managing the SafeBrowsing interstitial pages.
      6 //
      7 // When a user is about to visit a page the SafeBrowsing system has deemed to
      8 // be malicious, either as malware or a phishing page, we show an interstitial
      9 // page with some options (go back, continue) to give the user a chance to avoid
     10 // the harmful page.
     11 //
     12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingService on the UI
     13 // thread when we've determined that a page is malicious. The operation of the
     14 // blocking page occurs on the UI thread, where it waits for the user to make a
     15 // decision about what to do: either go back or continue on.
     16 //
     17 // The blocking page forwards the result of the user's choice back to the
     18 // SafeBrowsingService so that we can cancel the request for the new page, or
     19 // or allow it to continue.
     20 //
     21 // A web page may contain several resources flagged as malware/phishing.  This
     22 // results into more than one interstitial being shown.  On the first unsafe
     23 // resource received we show an interstitial.  Any subsequent unsafe resource
     24 // notifications while the first interstitial is showing is queued.  If the user
     25 // decides to proceed in the first interstitial, we display all queued unsafe
     26 // resources in a new interstitial.
     27 
     28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
     29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
     30 #pragma once
     31 
     32 #include <map>
     33 #include <vector>
     34 
     35 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
     36 #include "content/browser/tab_contents/interstitial_page.h"
     37 #include "googleurl/src/gurl.h"
     38 
     39 class DictionaryValue;
     40 class MessageLoop;
     41 class SafeBrowsingBlockingPageFactory;
     42 class MalwareDetails;
     43 class TabContents;
     44 
     45 class SafeBrowsingBlockingPage : public InterstitialPage {
     46  public:
     47   typedef std::vector<SafeBrowsingService::UnsafeResource> UnsafeResourceList;
     48   typedef std::map<TabContents*, UnsafeResourceList> UnsafeResourceMap;
     49 
     50   virtual ~SafeBrowsingBlockingPage();
     51 
     52   // Shows a blocking page warning the user about phishing/malware for a
     53   // specific resource.
     54   // You can call this method several times, if an interstitial is already
     55   // showing, the new one will be queued and displayed if the user decides
     56   // to proceed on the currently showing interstitial.
     57   static void ShowBlockingPage(
     58       SafeBrowsingService* service,
     59       const SafeBrowsingService::UnsafeResource& resource);
     60 
     61   // Makes the passed |factory| the factory used to instanciate
     62   // SafeBrowsingBlockingPage objects. Usefull for tests.
     63   static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
     64     factory_ = factory;
     65   }
     66 
     67   // InterstitialPage method:
     68   virtual std::string GetHTMLContents();
     69   virtual void SetReportingPreference(bool report);
     70   virtual void Proceed();
     71   virtual void DontProceed();
     72 
     73  protected:
     74   friend class SafeBrowsingBlockingPageTest;
     75 
     76   // InterstitialPage method:
     77   virtual void CommandReceived(const std::string& command);
     78 
     79   // Don't instanciate this class directly, use ShowBlockingPage instead.
     80   SafeBrowsingBlockingPage(SafeBrowsingService* service,
     81                            TabContents* tab_contents,
     82                            const UnsafeResourceList& unsafe_resources);
     83 
     84  private:
     85   enum BlockingPageEvent {
     86     SHOW,
     87     PROCEED,
     88     DONT_PROCEED,
     89   };
     90 
     91   // Fills the passed dictionary with the strings passed to JS Template when
     92   // creating the HTML.
     93   void PopulateMultipleThreatStringDictionary(DictionaryValue* strings);
     94   void PopulateMalwareStringDictionary(DictionaryValue* strings);
     95   void PopulatePhishingStringDictionary(DictionaryValue* strings);
     96 
     97   // A helper method used by the Populate methods above used to populate common
     98   // fields.
     99   void PopulateStringDictionary(DictionaryValue* strings,
    100                                 const string16& title,
    101                                 const string16& headline,
    102                                 const string16& description1,
    103                                 const string16& description2,
    104                                 const string16& description3);
    105 
    106   // Records a user action for this interstitial, using the form
    107   // SBInterstitial[Phishing|Malware|Multiple][Show|Proceed|DontProceed].
    108   void RecordUserAction(BlockingPageEvent event);
    109 
    110   // Checks if we should even show the malware details option. For example, we
    111   // don't show it in incognito mode.
    112   bool CanShowMalwareDetailsOption();
    113 
    114   // Called when the insterstitial is going away. If there is a
    115   // pending malware details object, we look at the user's
    116   // preferences, and if the option to send malware details is
    117   // enabled, the report is scheduled to be sent on the |sb_service_|.
    118   void FinishMalwareDetails();
    119 
    120   // A list of SafeBrowsingService::UnsafeResource for a tab that the user
    121   // should be warned about.  They are queued when displaying more than one
    122   // interstitial at a time.
    123   static UnsafeResourceMap* GetUnsafeResourcesMap();
    124 
    125   // Notifies the SafeBrowsingService on the IO thread whether to proceed or not
    126   // for the |resources|.
    127   static void NotifySafeBrowsingService(SafeBrowsingService* sb_service,
    128                                         const UnsafeResourceList& resources,
    129                                         bool proceed);
    130 
    131   // Returns true if the passed |unsafe_resources| is for the main page.
    132   static bool IsMainPage(const UnsafeResourceList& unsafe_resources);
    133 
    134  private:
    135   friend class SafeBrowsingBlockingPageFactoryImpl;
    136 
    137   // For reporting back user actions.
    138   SafeBrowsingService* sb_service_;
    139   MessageLoop* report_loop_;
    140 
    141   // Whether the flagged resource is the main page (or a sub-resource is false).
    142   bool is_main_frame_;
    143 
    144   // The index of a navigation entry that should be removed when DontProceed()
    145   // is invoked, -1 if not entry should be removed.
    146   int navigation_entry_index_to_remove_;
    147 
    148   // The list of unsafe resources this page is warning about.
    149   UnsafeResourceList unsafe_resources_;
    150 
    151   // A MalwareDetails object that we start generating when the
    152   // blocking page is shown. The object will be sent when the warning
    153   // is gone (if the user enables the feature).
    154   scoped_refptr<MalwareDetails> malware_details_;
    155 
    156   // The factory used to instanciate SafeBrowsingBlockingPage objects.
    157   // Usefull for tests, so they can provide their own implementation of
    158   // SafeBrowsingBlockingPage.
    159   static SafeBrowsingBlockingPageFactory* factory_;
    160 
    161   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
    162 };
    163 
    164 // Factory for creating SafeBrowsingBlockingPage.  Useful for tests.
    165 class SafeBrowsingBlockingPageFactory {
    166  public:
    167   virtual ~SafeBrowsingBlockingPageFactory() { }
    168 
    169   virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
    170       SafeBrowsingService* service,
    171       TabContents* tab_contents,
    172       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
    173 };
    174 
    175 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
    176