chrome/browser/renderer_host/safe_browsing_resource_throttle.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
   6 #define CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "base/time/time.h"
  13 #include "base/timer/timer.h"
  14 #include "chrome/browser/safe_browsing/database_manager.h"
  15 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
  16 #include "chrome/browser/safe_browsing/ui_manager.h"
  17 #include "content/public/browser/resource_throttle.h"
  18 #include "content/public/common/resource_type.h"
  19
  20 class ResourceDispatcherHost;
  21
  22 namespace net {
  23 class URLRequest;
  24 }
  25
  26 // SafeBrowsingResourceThrottle checks that URLs are "safe" before
  27 // navigating to them. To be considered "safe", a URL must not appear in the
  28 // malware/phishing blacklists (see SafeBrowsingService for details).
  29 //
  30 // On desktop (ifdef SAFE_BROWSING_DB_LOCAL)
  31 // -----------------------------------------
  32 // This check is done before requesting the original URL, and additionally
  33 // before following any subsequent redirect.  In the common case the check
  34 // completes synchronously (no match in the in-memory DB), so the request's
  35 // flow is un-interrupted.  However if the URL fails this quick check, it
  36 // has the possibility of being on the blacklist. Now the request is
  37 // deferred (prevented from starting), and a more expensive safe browsing
  38 // check is begun (fetches the full hashes).
  39 //
  40 // On mobile (ifdef SAFE_BROWSING_DB_REMOTE):
  41 // -----------------------------------------
  42 // The check is started and runs in parallel with the resource load.  If the
  43 // check is not complete by the time the headers are loaded, the request is
  44 // suspended until the URL is classified.  We let the headers load on mobile
  45 // since the RemoteSafeBrowsingDatabase checks always have some non-zero
  46 // latency -- there no synchronous pass.  This parallelism helps
  47 // performance.  Redirects are handled the same way as desktop so they
  48 // always defer.
  49 //
  50 //
  51 // Note that the safe browsing check takes at most kCheckUrlTimeoutMs
  52 // milliseconds. If it takes longer than this, then the system defaults to
  53 // treating the URL as safe.
  54 //
  55 // If the URL is classified as dangerous, a warning page is thrown up and
  56 // the request remains suspended.  If the user clicks "proceed" on warning
  57 // page, we resume the request.
  58 //
  59 // Note: The ResourceThrottle interface is called in this order:
  60 // WillStartRequest once, WillRedirectRequest zero or more times, and then
  61 // WillProcessReponse once.
  62 class SafeBrowsingResourceThrottle
  63     : public content::ResourceThrottle,
  64       public SafeBrowsingDatabaseManager::Client,
  65       public base::SupportsWeakPtr<SafeBrowsingResourceThrottle> {
  66  public:
  67   // Will construct a SafeBrowsingResourceThrottle, or return NULL
  68   // if on Android and not in the field trial.
  69   static SafeBrowsingResourceThrottle* MaybeCreate(
  70       net::URLRequest* request,
  71       content::ResourceType resource_type,
  72       SafeBrowsingService* sb_service);
  73
  74   // content::ResourceThrottle implementation (called on IO thread):
  75   void WillStartRequest(bool* defer) override;
  76   void WillRedirectRequest(const net::RedirectInfo& redirect_info,
  77                            bool* defer) override;
  78   void WillProcessResponse(bool* defer) override;
  79
  80   const char* GetNameForLogging() const override;
  81
  82   // SafeBrowsingDabaseManager::Client implementation (called on IO thread):
  83   void OnCheckBrowseUrlResult(const GURL& url,
  84                               SBThreatType result,
  85                               const std::string& metadata) override;
  86
  87  protected:
  88   enum DeferAtStartSetting {
  89     DEFER_AT_START,
  90     DONT_DEFER_AT_START
  91   };
  92
  93   SafeBrowsingResourceThrottle(
  94       const net::URLRequest* request,
  95       content::ResourceType resource_type,
  96       SafeBrowsingService* sb_service,
  97       DeferAtStartSetting defer_setting,
  98       SafeBrowsingService::ResourceTypesToCheck types_to_check);
  99
 100  private:
 101   // Describes what phase of the check a throttle is in.
 102   enum State {
 103     // Haven't started checking or checking is complete. Not deferred.
 104     STATE_NONE,
 105     // We have one outstanding URL-check. Could be deferred.
 106     STATE_CHECKING_URL,
 107     // We're displaying a blocking page. Could be deferred.
 108     STATE_DISPLAYING_BLOCKING_PAGE,
 109   };
 110
 111   // Describes what stage of the request got paused by the check.
 112   enum DeferState {
 113     DEFERRED_NONE,
 114     DEFERRED_START,
 115     DEFERRED_REDIRECT,
 116     DEFERRED_UNCHECKED_REDIRECT,  // unchecked_redirect_url_ is populated.
 117     DEFERRED_PROCESSING,
 118   };
 119
 120   ~SafeBrowsingResourceThrottle() override;
 121
 122   // SafeBrowsingService::UrlCheckCallback implementation.
 123   void OnBlockingPageComplete(bool proceed);
 124
 125   // Starts running |url| through the safe browsing check. Returns true if the
 126   // URL is safe to visit. Otherwise returns false and will call
 127   // OnBrowseUrlResult() when the check has completed.
 128   bool CheckUrl(const GURL& url);
 129
 130   // Callback for when the safe browsing check (which was initiated by
 131   // StartCheckingUrl()) has taken longer than kCheckUrlTimeoutMs.
 132   void OnCheckUrlTimeout();
 133
 134   // Starts displaying the safe browsing interstitial page if it's not
 135   // prerendering. Called on the UI thread.
 136   static void StartDisplayingBlockingPage(
 137       const base::WeakPtr<SafeBrowsingResourceThrottle>& throttle,
 138       scoped_refptr<SafeBrowsingUIManager> ui_manager,
 139       const SafeBrowsingUIManager::UnsafeResource& resource);
 140
 141   // Called on the IO thread if the request turned out to be for a prerendered
 142   // page.
 143   void Cancel();
 144
 145   // Resumes the request, by continuing the deferred action (either starting the
 146   // request, or following a redirect).
 147   void ResumeRequest();
 148
 149   // True if we want to block the starting of requests until they're
 150   // deemed safe.  Otherwise we let the resource partially load.
 151   const bool defer_at_start_;
 152
 153   // Check all types, or just the dangerous ones?
 154   const SafeBrowsingService::ResourceTypesToCheck resource_types_to_check_;
 155
 156   State state_;
 157   DeferState defer_state_;
 158
 159   // The result of the most recent safe browsing check. Only valid to read this
 160   // when state_ != STATE_CHECKING_URL.
 161   SBThreatType threat_type_;
 162
 163   // The time when we started deferring the request.
 164   base::TimeTicks defer_start_time_;
 165
 166   // Timer to abort the safe browsing check if it takes too long.
 167   base::OneShotTimer<SafeBrowsingResourceThrottle> timer_;
 168
 169   // The redirect chain for this resource
 170   std::vector<GURL> redirect_urls_;
 171
 172   // If in DEFERRED_UNCHECKED_REDIRECT state, this is the
 173   // URL we still need to check before resuming.
 174   GURL unchecked_redirect_url_;
 175   GURL url_being_checked_;
 176
 177   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
 178   scoped_refptr<SafeBrowsingUIManager> ui_manager_;
 179   const net::URLRequest* request_;
 180   const content::ResourceType resource_type_;
 181
 182   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingResourceThrottle);
 183 };
 184 #endif  // CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_