Home | History | Annotate | Download | only in safe_browsing 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 //
      5 // Classes for managing the SafeBrowsing interstitial pages.
      6 //
      7 // When a user is about to visit a page the SafeBrowsing system has deemed to
      8 // be malicious, either as malware or a phishing page, we show an interstitial
      9 // page with some options (go back, continue) to give the user a chance to avoid
     10 // the harmful page.
     11 //
     12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingUIManager on the
     13 // UI thread when we've determined that a page is malicious. The operation of
     14 // the blocking page occurs on the UI thread, where it waits for the user to
     15 // make a decision about what to do: either go back or continue on.
     16 //
     17 // The blocking page forwards the result of the user's choice back to the
     18 // SafeBrowsingUIManager so that we can cancel the request for the new page,
     19 // or allow it to continue.
     20 //
     21 // A web page may contain several resources flagged as malware/phishing.  This
     22 // results into more than one interstitial being shown.  On the first unsafe
     23 // resource received we show an interstitial.  Any subsequent unsafe resource
     24 // notifications while the first interstitial is showing is queued.  If the user
     25 // decides to proceed in the first interstitial, we display all queued unsafe
     26 // resources in a new interstitial.
     27 
     28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
     29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
     30 
     31 #include <map>
     32 #include <string>
     33 #include <vector>
     34 
     35 #include "base/gtest_prod_util.h"
     36 #include "base/time/time.h"
     37 #include "chrome/browser/history/history_service.h"
     38 #include "chrome/browser/safe_browsing/ui_manager.h"
     39 #include "content/public/browser/interstitial_page_delegate.h"
     40 #include "url/gurl.h"
     41 
     42 class MalwareDetails;
     43 class SafeBrowsingBlockingPageFactory;
     44 
     45 namespace base {
     46 class DictionaryValue;
     47 class MessageLoop;
     48 }
     49 
     50 namespace content {
     51 class InterstitialPage;
     52 class WebContents;
     53 }
     54 
     55 class SafeBrowsingBlockingPage : public content::InterstitialPageDelegate {
     56  public:
     57   typedef SafeBrowsingUIManager::UnsafeResource UnsafeResource;
     58   typedef std::vector<UnsafeResource> UnsafeResourceList;
     59   typedef std::map<content::WebContents*, UnsafeResourceList> UnsafeResourceMap;
     60 
     61   virtual ~SafeBrowsingBlockingPage();
     62 
     63   // Shows a blocking page warning the user about phishing/malware for a
     64   // specific resource.
     65   // You can call this method several times, if an interstitial is already
     66   // showing, the new one will be queued and displayed if the user decides
     67   // to proceed on the currently showing interstitial.
     68   static void ShowBlockingPage(
     69       SafeBrowsingUIManager* ui_manager, const UnsafeResource& resource);
     70 
     71   // Makes the passed |factory| the factory used to instanciate
     72   // SafeBrowsingBlockingPage objects. Useful for tests.
     73   static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
     74     factory_ = factory;
     75   }
     76 
     77   // InterstitialPageDelegate method:
     78   virtual void CommandReceived(const std::string& command) OVERRIDE;
     79   virtual void OverrideRendererPrefs(
     80       content::RendererPreferences* prefs) OVERRIDE;
     81   virtual void OnProceed() OVERRIDE;
     82   virtual void OnDontProceed() OVERRIDE;
     83 
     84  protected:
     85   friend class SafeBrowsingBlockingPageTest;
     86   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
     87                            ProceedThenDontProceed);
     88   friend class SafeBrowsingBlockingPageV2Test;
     89   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageV2Test,
     90                            ProceedThenDontProceed);
     91 
     92   void SetReportingPreference(bool report);
     93 
     94   // Don't instanciate this class directly, use ShowBlockingPage instead.
     95   SafeBrowsingBlockingPage(SafeBrowsingUIManager* ui_manager,
     96                            content::WebContents* web_contents,
     97                            const UnsafeResourceList& unsafe_resources);
     98 
     99   // After a malware interstitial where the user opted-in to the
    100   // report but clicked "proceed anyway", we delay the call to
    101   // MalwareDetails::FinishCollection() by this much time (in
    102   // milliseconds), in order to get data from the blocked resource itself.
    103   int64 malware_details_proceed_delay_ms_;
    104   content::InterstitialPage* interstitial_page() const {
    105     return interstitial_page_;
    106   }
    107 
    108   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest, MalwareReports);
    109   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageV2Test, MalwareReports);
    110 
    111   enum BlockingPageEvent {
    112     SHOW,
    113     PROCEED,
    114     DONT_PROCEED,
    115     SHOW_ADVANCED,
    116   };
    117 
    118   // Records a user action for this interstitial, using the form
    119   // SBInterstitial[Phishing|Malware|Multiple][Show|Proceed|DontProceed].
    120   void RecordUserAction(BlockingPageEvent event);
    121 
    122   // Used to query the HistoryService to see if the URL is in history. For UMA.
    123   void OnGotHistoryCount(HistoryService::Handle handle,
    124                          bool success,
    125                          int num_visits,
    126                          base::Time first_visit);
    127 
    128   // Records the time it took for the user to react to the
    129   // interstitial.  We won't double-count if this method is called
    130   // multiple times.
    131   void RecordUserReactionTime(const std::string& command);
    132 
    133   // Checks if we should even show the malware details option. For example, we
    134   // don't show it in incognito mode.
    135   bool CanShowMalwareDetailsOption();
    136 
    137   // Called when the insterstitial is going away. If there is a
    138   // pending malware details object, we look at the user's
    139   // preferences, and if the option to send malware details is
    140   // enabled, the report is scheduled to be sent on the |ui_manager_|.
    141   void FinishMalwareDetails(int64 delay_ms);
    142 
    143   // Returns the boolean value of the given |pref| from the PrefService of the
    144   // Profile associated with |web_contents_|.
    145   bool IsPrefEnabled(const char* pref);
    146 
    147   // A list of SafeBrowsingUIManager::UnsafeResource for a tab that the user
    148   // should be warned about.  They are queued when displaying more than one
    149   // interstitial at a time.
    150   static UnsafeResourceMap* GetUnsafeResourcesMap();
    151 
    152   // Notifies the SafeBrowsingUIManager on the IO thread whether to proceed
    153   // or not for the |resources|.
    154   static void NotifySafeBrowsingUIManager(
    155       SafeBrowsingUIManager* ui_manager,
    156       const UnsafeResourceList& resources, bool proceed);
    157 
    158   // Returns true if the passed |unsafe_resources| is blocking the load of
    159   // the main page.
    160   static bool IsMainPageLoadBlocked(
    161       const UnsafeResourceList& unsafe_resources);
    162 
    163   friend class SafeBrowsingBlockingPageFactoryImpl;
    164 
    165   // For reporting back user actions.
    166   SafeBrowsingUIManager* ui_manager_;
    167   base::MessageLoop* report_loop_;
    168 
    169   // True if the interstitial is blocking the main page because it is on one
    170   // of our lists.  False if a subresource is being blocked, or in the case of
    171   // client-side detection where the interstitial is shown after page load
    172   // finishes.
    173   bool is_main_frame_load_blocked_;
    174 
    175   // The index of a navigation entry that should be removed when DontProceed()
    176   // is invoked, -1 if not entry should be removed.
    177   int navigation_entry_index_to_remove_;
    178 
    179   // The list of unsafe resources this page is warning about.
    180   UnsafeResourceList unsafe_resources_;
    181 
    182   // A MalwareDetails object that we start generating when the
    183   // blocking page is shown. The object will be sent when the warning
    184   // is gone (if the user enables the feature).
    185   scoped_refptr<MalwareDetails> malware_details_;
    186 
    187   bool proceeded_;
    188 
    189   content::WebContents* web_contents_;
    190   GURL url_;
    191   content::InterstitialPage* interstitial_page_;  // Owns us
    192 
    193   // Time when the interstitial was show.  This variable is set in
    194   // GetHTMLContents() which is called right before the interstitial
    195   // is shown to the user. Will return is_null() once we reported the
    196   // user action.
    197   base::TimeTicks interstitial_show_time_;
    198 
    199   // Whether the user has expanded the "see more" section of the page already
    200   // during this interstitial page.
    201   bool has_expanded_see_more_section_;
    202 
    203   // Which type of interstitial this is.
    204   enum {
    205     TYPE_MALWARE,
    206     TYPE_PHISHING,
    207     TYPE_MALWARE_AND_PHISHING,
    208   } interstitial_type_;
    209 
    210   // The factory used to instanciate SafeBrowsingBlockingPage objects.
    211   // Usefull for tests, so they can provide their own implementation of
    212   // SafeBrowsingBlockingPage.
    213   static SafeBrowsingBlockingPageFactory* factory_;
    214 
    215   // How many times is this same URL in history? Used for histogramming.
    216   int num_visits_;
    217   CancelableRequestConsumer request_consumer_;
    218 
    219   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
    220 };
    221 
    222 class SafeBrowsingBlockingPageV1 : public SafeBrowsingBlockingPage {
    223  public:
    224   // Don't instanciate this class directly, use ShowBlockingPage instead.
    225   SafeBrowsingBlockingPageV1(SafeBrowsingUIManager* ui_manager,
    226                              content::WebContents* web_contents,
    227                              const UnsafeResourceList& unsafe_resources);
    228 
    229   // InterstitialPageDelegate method:
    230   virtual std::string GetHTMLContents() OVERRIDE;
    231 
    232  private:
    233   // Fills the passed dictionary with the strings passed to JS Template when
    234   // creating the HTML.
    235   void PopulateMultipleThreatStringDictionary(base::DictionaryValue* strings);
    236   void PopulateMalwareStringDictionary(base::DictionaryValue* strings);
    237   void PopulatePhishingStringDictionary(base::DictionaryValue* strings);
    238 
    239   // A helper method used by the Populate methods above used to populate common
    240   // fields.
    241   void PopulateStringDictionary(base::DictionaryValue* strings,
    242                                 const base::string16& title,
    243                                 const base::string16& headline,
    244                                 const base::string16& description1,
    245                                 const base::string16& description2,
    246                                 const base::string16& description3);
    247 
    248   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageV1);
    249 };
    250 
    251 class SafeBrowsingBlockingPageV2 : public SafeBrowsingBlockingPage {
    252  public:
    253   // Don't instanciate this class directly, use ShowBlockingPage instead.
    254   SafeBrowsingBlockingPageV2(SafeBrowsingUIManager* ui_manager,
    255                              content::WebContents* web_contents,
    256                              const UnsafeResourceList& unsafe_resources);
    257 
    258   // InterstitialPageDelegate method:
    259   virtual std::string GetHTMLContents() OVERRIDE;
    260 
    261  private:
    262   // Fills the passed dictionary with the strings passed to JS Template when
    263   // creating the HTML.
    264   void PopulateMultipleThreatStringDictionary(base::DictionaryValue* strings);
    265   void PopulateMalwareStringDictionary(base::DictionaryValue* strings);
    266   void PopulatePhishingStringDictionary(base::DictionaryValue* strings);
    267 
    268   // A helper method used by the Populate methods above used to populate common
    269   // fields.
    270   void PopulateStringDictionary(base::DictionaryValue* strings,
    271                                 const base::string16& title,
    272                                 const base::string16& headline,
    273                                 const base::string16& description1,
    274                                 const base::string16& description2,
    275                                 const base::string16& description3);
    276 
    277   // For the FieldTrial: this contains the name of the condition.
    278   std::string trialCondition_;
    279 
    280   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageV2);
    281 };
    282 
    283 // Factory for creating SafeBrowsingBlockingPage.  Useful for tests.
    284 class SafeBrowsingBlockingPageFactory {
    285  public:
    286   virtual ~SafeBrowsingBlockingPageFactory() { }
    287 
    288   virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
    289       SafeBrowsingUIManager* ui_manager,
    290       content::WebContents* web_contents,
    291       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
    292 };
    293 
    294 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
    295