chrome/browser/renderer_host/safe_browsing_resource_throttle.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
   6 #define CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "base/time/time.h"
  13 #include "base/timer/timer.h"
  14 #include "chrome/browser/safe_browsing/database_manager.h"
  15 #include "chrome/browser/safe_browsing/ui_manager.h"
  16 #include "content/public/browser/resource_throttle.h"
  17
  18 class ResourceDispatcherHost;
  19
  20 namespace net {
  21 class URLRequest;
  22 }
  23
  24 // SafeBrowsingResourceThrottle checks that URLs are "safe" before navigating
  25 // to them. To be considered "safe", a URL must not appear in the
  26 // malware/phishing blacklists (see SafeBrowsingService for details).
  27 //
  28 // This check is done before requesting the original URL, and additionally
  29 // before following any subsequent redirect.
  30 //
  31 // In the common case, the check completes synchronously (no match in the bloom
  32 // filter), so the request's flow is un-interrupted.
  33 //
  34 // However if the URL fails this quick check, it has the possibility of being
  35 // on the blacklist. Now the request is suspended (prevented from starting),
  36 // and a more expensive safe browsing check is begun (fetches the full hashes).
  37 //
  38 // Note that the safe browsing check takes at most kCheckUrlTimeoutMs
  39 // milliseconds. If it takes longer than this, then the system defaults to
  40 // treating the URL as safe.
  41 //
  42 // Once the safe browsing check has completed, if the URL was decided to be
  43 // dangerous, a warning page is thrown up and the request remains suspended.
  44 // If on the other hand the URL was decided to be safe, the request is
  45 // resumed.
  46 class SafeBrowsingResourceThrottle
  47     : public content::ResourceThrottle,
  48       public SafeBrowsingDatabaseManager::Client,
  49       public base::SupportsWeakPtr<SafeBrowsingResourceThrottle> {
  50  public:
  51   SafeBrowsingResourceThrottle(const net::URLRequest* request,
  52                                bool is_subresource,
  53                                SafeBrowsingService* safe_browsing);
  54
  55   // content::ResourceThrottle implementation (called on IO thread):
  56   virtual void WillStartRequest(bool* defer) OVERRIDE;
  57   virtual void WillRedirectRequest(const GURL& new_url, bool* defer) OVERRIDE;
  58   virtual const char* GetNameForLogging() const OVERRIDE;
  59
  60   // SafeBrowsingDabaseManager::Client implementation (called on IO thread):
  61   virtual void OnCheckBrowseUrlResult(
  62       const GURL& url, SBThreatType result) OVERRIDE;
  63
  64  private:
  65   // Describes what phase of the check a throttle is in.
  66   enum State {
  67     STATE_NONE,
  68     STATE_CHECKING_URL,
  69     STATE_DISPLAYING_BLOCKING_PAGE,
  70   };
  71
  72   // Describes what stage of the request got paused by the check.
  73   enum DeferState {
  74     DEFERRED_NONE,
  75     DEFERRED_START,
  76     DEFERRED_REDIRECT,
  77   };
  78
  79   virtual ~SafeBrowsingResourceThrottle();
  80
  81   // SafeBrowsingService::UrlCheckCallback implementation.
  82   void OnBlockingPageComplete(bool proceed);
  83
  84   // Starts running |url| through the safe browsing check. Returns true if the
  85   // URL is safe to visit. Otherwise returns false and will call
  86   // OnBrowseUrlResult() when the check has completed.
  87   bool CheckUrl(const GURL& url);
  88
  89   // Callback for when the safe browsing check (which was initiated by
  90   // StartCheckingUrl()) has taken longer than kCheckUrlTimeoutMs.
  91   void OnCheckUrlTimeout();
  92
  93   // Starts displaying the safe browsing interstitial page if it's not
  94   // prerendering. Called on the UI thread.
  95   static void StartDisplayingBlockingPage(
  96       const base::WeakPtr<SafeBrowsingResourceThrottle>& throttle,
  97       scoped_refptr<SafeBrowsingUIManager> ui_manager,
  98       const SafeBrowsingUIManager::UnsafeResource& resource);
  99
 100   // Called on the IO thread if the request turned out to be for a prerendered
 101   // page.
 102   void Cancel();
 103
 104   // Resumes the request, by continuing the deferred action (either starting the
 105   // request, or following a redirect).
 106   void ResumeRequest();
 107
 108   State state_;
 109   DeferState defer_state_;
 110
 111   // The result of the most recent safe browsing check. Only valid to read this
 112   // when state_ != STATE_CHECKING_URL.
 113   SBThreatType threat_type_;
 114
 115   // The time when the outstanding safe browsing check was started.
 116   base::TimeTicks url_check_start_time_;
 117
 118   // Timer to abort the safe browsing check if it takes too long.
 119   base::OneShotTimer<SafeBrowsingResourceThrottle> timer_;
 120
 121   // The redirect chain for this resource
 122   std::vector<GURL> redirect_urls_;
 123
 124   GURL url_being_checked_;
 125
 126   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
 127   scoped_refptr<SafeBrowsingUIManager> ui_manager_;
 128   const net::URLRequest* request_;
 129   bool is_subresource_;
 130
 131   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingResourceThrottle);
 132 };
 133
 134
 135 #endif  // CHROME_BROWSER_RENDERER_HOST_SAFE_BROWSING_RESOURCE_THROTTLE_H_