Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_blocking_page.h
blob43ac464b57d8d2d4d8769e630e575e4fd5cf2d53
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Classes for managing the SafeBrowsing interstitial pages.
6 //
7 // When a user is about to visit a page the SafeBrowsing system has deemed to
8 // be malicious, either as malware or a phishing page, we show an interstitial
9 // page with some options (go back, continue) to give the user a chance to avoid
10 // the harmful page.
12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingUIManager on the
13 // UI thread when we've determined that a page is malicious. The operation of
14 // the blocking page occurs on the UI thread, where it waits for the user to
15 // make a decision about what to do: either go back or continue on.
17 // The blocking page forwards the result of the user's choice back to the
18 // SafeBrowsingUIManager so that we can cancel the request for the new page,
19 // or allow it to continue.
21 // A web page may contain several resources flagged as malware/phishing. This
22 // results into more than one interstitial being shown. On the first unsafe
23 // resource received we show an interstitial. Any subsequent unsafe resource
24 // notifications while the first interstitial is showing is queued. If the user
25 // decides to proceed in the first interstitial, we display all queued unsafe
26 // resources in a new interstitial.
28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
31 #include <map>
32 #include <string>
33 #include <vector>
35 #include "base/gtest_prod_util.h"
36 #include "base/time/time.h"
37 #include "chrome/browser/history/history_service.h"
38 #include "chrome/browser/safe_browsing/ui_manager.h"
39 #include "content/public/browser/interstitial_page_delegate.h"
40 #include "url/gurl.h"
42 class MalwareDetails;
43 class SafeBrowsingBlockingPageFactory;
45 namespace base {
46 class DictionaryValue;
47 class MessageLoop;
50 namespace content {
51 class InterstitialPage;
52 class WebContents;
55 class SafeBrowsingBlockingPage : public content::InterstitialPageDelegate {
56 public:
57 typedef SafeBrowsingUIManager::UnsafeResource UnsafeResource;
58 typedef std::vector<UnsafeResource> UnsafeResourceList;
59 typedef std::map<content::WebContents*, UnsafeResourceList> UnsafeResourceMap;
61 virtual ~SafeBrowsingBlockingPage();
63 // Shows a blocking page warning the user about phishing/malware for a
64 // specific resource.
65 // You can call this method several times, if an interstitial is already
66 // showing, the new one will be queued and displayed if the user decides
67 // to proceed on the currently showing interstitial.
68 static void ShowBlockingPage(
69 SafeBrowsingUIManager* ui_manager, const UnsafeResource& resource);
71 // Makes the passed |factory| the factory used to instanciate
72 // SafeBrowsingBlockingPage objects. Useful for tests.
73 static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
74 factory_ = factory;
77 // InterstitialPageDelegate method:
78 virtual void CommandReceived(const std::string& command) OVERRIDE;
79 virtual void OverrideRendererPrefs(
80 content::RendererPreferences* prefs) OVERRIDE;
81 virtual void OnProceed() OVERRIDE;
82 virtual void OnDontProceed() OVERRIDE;
84 protected:
85 friend class SafeBrowsingBlockingPageTest;
86 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
87 ProceedThenDontProceed);
88 friend class SafeBrowsingBlockingPageV2Test;
89 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageV2Test,
90 ProceedThenDontProceed);
92 void SetReportingPreference(bool report);
94 // Don't instanciate this class directly, use ShowBlockingPage instead.
95 SafeBrowsingBlockingPage(SafeBrowsingUIManager* ui_manager,
96 content::WebContents* web_contents,
97 const UnsafeResourceList& unsafe_resources);
99 // After a malware interstitial where the user opted-in to the
100 // report but clicked "proceed anyway", we delay the call to
101 // MalwareDetails::FinishCollection() by this much time (in
102 // milliseconds), in order to get data from the blocked resource itself.
103 int64 malware_details_proceed_delay_ms_;
104 content::InterstitialPage* interstitial_page() const {
105 return interstitial_page_;
108 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest, MalwareReports);
109 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageV2Test, MalwareReports);
111 enum BlockingPageEvent {
112 SHOW,
113 PROCEED,
114 DONT_PROCEED,
115 SHOW_ADVANCED,
118 // Records a user action for this interstitial, using the form
119 // SBInterstitial[Phishing|Malware|Multiple][Show|Proceed|DontProceed].
120 void RecordUserAction(BlockingPageEvent event);
122 // Used to query the HistoryService to see if the URL is in history. For UMA.
123 void OnGotHistoryCount(HistoryService::Handle handle,
124 bool success,
125 int num_visits,
126 base::Time first_visit);
128 // Records the time it took for the user to react to the
129 // interstitial. We won't double-count if this method is called
130 // multiple times.
131 void RecordUserReactionTime(const std::string& command);
133 // Checks if we should even show the malware details option. For example, we
134 // don't show it in incognito mode.
135 bool CanShowMalwareDetailsOption();
137 // Called when the insterstitial is going away. If there is a
138 // pending malware details object, we look at the user's
139 // preferences, and if the option to send malware details is
140 // enabled, the report is scheduled to be sent on the |ui_manager_|.
141 void FinishMalwareDetails(int64 delay_ms);
143 // Returns the boolean value of the given |pref| from the PrefService of the
144 // Profile associated with |web_contents_|.
145 bool IsPrefEnabled(const char* pref);
147 // A list of SafeBrowsingUIManager::UnsafeResource for a tab that the user
148 // should be warned about. They are queued when displaying more than one
149 // interstitial at a time.
150 static UnsafeResourceMap* GetUnsafeResourcesMap();
152 // Notifies the SafeBrowsingUIManager on the IO thread whether to proceed
153 // or not for the |resources|.
154 static void NotifySafeBrowsingUIManager(
155 SafeBrowsingUIManager* ui_manager,
156 const UnsafeResourceList& resources, bool proceed);
158 // Returns true if the passed |unsafe_resources| is blocking the load of
159 // the main page.
160 static bool IsMainPageLoadBlocked(
161 const UnsafeResourceList& unsafe_resources);
163 friend class SafeBrowsingBlockingPageFactoryImpl;
165 // For reporting back user actions.
166 SafeBrowsingUIManager* ui_manager_;
167 base::MessageLoop* report_loop_;
169 // True if the interstitial is blocking the main page because it is on one
170 // of our lists. False if a subresource is being blocked, or in the case of
171 // client-side detection where the interstitial is shown after page load
172 // finishes.
173 bool is_main_frame_load_blocked_;
175 // The index of a navigation entry that should be removed when DontProceed()
176 // is invoked, -1 if not entry should be removed.
177 int navigation_entry_index_to_remove_;
179 // The list of unsafe resources this page is warning about.
180 UnsafeResourceList unsafe_resources_;
182 // A MalwareDetails object that we start generating when the
183 // blocking page is shown. The object will be sent when the warning
184 // is gone (if the user enables the feature).
185 scoped_refptr<MalwareDetails> malware_details_;
187 bool proceeded_;
189 content::WebContents* web_contents_;
190 GURL url_;
191 content::InterstitialPage* interstitial_page_; // Owns us
193 // Time when the interstitial was show. This variable is set in
194 // GetHTMLContents() which is called right before the interstitial
195 // is shown to the user. Will return is_null() once we reported the
196 // user action.
197 base::TimeTicks interstitial_show_time_;
199 // Whether the user has expanded the "see more" section of the page already
200 // during this interstitial page.
201 bool has_expanded_see_more_section_;
203 // Which type of interstitial this is.
204 enum {
205 TYPE_MALWARE,
206 TYPE_PHISHING,
207 TYPE_MALWARE_AND_PHISHING,
208 } interstitial_type_;
210 // The factory used to instanciate SafeBrowsingBlockingPage objects.
211 // Usefull for tests, so they can provide their own implementation of
212 // SafeBrowsingBlockingPage.
213 static SafeBrowsingBlockingPageFactory* factory_;
215 // How many times is this same URL in history? Used for histogramming.
216 int num_visits_;
217 CancelableRequestConsumer request_consumer_;
219 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
222 class SafeBrowsingBlockingPageV1 : public SafeBrowsingBlockingPage {
223 public:
224 // Don't instanciate this class directly, use ShowBlockingPage instead.
225 SafeBrowsingBlockingPageV1(SafeBrowsingUIManager* ui_manager,
226 content::WebContents* web_contents,
227 const UnsafeResourceList& unsafe_resources);
229 // InterstitialPageDelegate method:
230 virtual std::string GetHTMLContents() OVERRIDE;
232 private:
233 // Fills the passed dictionary with the strings passed to JS Template when
234 // creating the HTML.
235 void PopulateMultipleThreatStringDictionary(base::DictionaryValue* strings);
236 void PopulateMalwareStringDictionary(base::DictionaryValue* strings);
237 void PopulatePhishingStringDictionary(base::DictionaryValue* strings);
239 // A helper method used by the Populate methods above used to populate common
240 // fields.
241 void PopulateStringDictionary(base::DictionaryValue* strings,
242 const base::string16& title,
243 const base::string16& headline,
244 const base::string16& description1,
245 const base::string16& description2,
246 const base::string16& description3);
248 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageV1);
251 class SafeBrowsingBlockingPageV2 : public SafeBrowsingBlockingPage {
252 public:
253 // Don't instanciate this class directly, use ShowBlockingPage instead.
254 SafeBrowsingBlockingPageV2(SafeBrowsingUIManager* ui_manager,
255 content::WebContents* web_contents,
256 const UnsafeResourceList& unsafe_resources);
258 // InterstitialPageDelegate method:
259 virtual std::string GetHTMLContents() OVERRIDE;
261 private:
262 // Fills the passed dictionary with the strings passed to JS Template when
263 // creating the HTML.
264 void PopulateMultipleThreatStringDictionary(base::DictionaryValue* strings);
265 void PopulateMalwareStringDictionary(base::DictionaryValue* strings);
266 void PopulatePhishingStringDictionary(base::DictionaryValue* strings);
268 // A helper method used by the Populate methods above used to populate common
269 // fields.
270 void PopulateStringDictionary(base::DictionaryValue* strings,
271 const base::string16& title,
272 const base::string16& headline,
273 const base::string16& description1,
274 const base::string16& description2,
275 const base::string16& description3);
277 // For the FieldTrial: this contains the name of the condition.
278 std::string trialCondition_;
280 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageV2);
283 // Factory for creating SafeBrowsingBlockingPage. Useful for tests.
284 class SafeBrowsingBlockingPageFactory {
285 public:
286 virtual ~SafeBrowsingBlockingPageFactory() { }
288 virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
289 SafeBrowsingUIManager* ui_manager,
290 content::WebContents* web_contents,
291 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
294 #endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_