chrome/browser/safe_browsing/safe_browsing_blocking_page.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 //
   5 // Classes for managing the SafeBrowsing interstitial pages.
   6 //
   7 // When a user is about to visit a page the SafeBrowsing system has deemed to
   8 // be malicious, either as malware or a phishing page, we show an interstitial
   9 // page with some options (go back, continue) to give the user a chance to avoid
  10 // the harmful page.
  11 //
  12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingUIManager on the
  13 // UI thread when we've determined that a page is malicious. The operation of
  14 // the blocking page occurs on the UI thread, where it waits for the user to
  15 // make a decision about what to do: either go back or continue on.
  16 //
  17 // The blocking page forwards the result of the user's choice back to the
  18 // SafeBrowsingUIManager so that we can cancel the request for the new page,
  19 // or allow it to continue.
  20 //
  21 // A web page may contain several resources flagged as malware/phishing.  This
  22 // results into more than one interstitial being shown.  On the first unsafe
  23 // resource received we show an interstitial.  Any subsequent unsafe resource
  24 // notifications while the first interstitial is showing is queued.  If the user
  25 // decides to proceed in the first interstitial, we display all queued unsafe
  26 // resources in a new interstitial.
  27
  28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
  29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
  30
  31 #include <map>
  32 #include <string>
  33 #include <vector>
  34
  35 #include "base/gtest_prod_util.h"
  36 #include "base/task/cancelable_task_tracker.h"
  37 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h"
  38 #include "chrome/browser/interstitials/security_interstitial_page.h"
  39 #include "chrome/browser/safe_browsing/ui_manager.h"
  40 #include "url/gurl.h"
  41
  42 class MalwareDetails;
  43 class SafeBrowsingBlockingPageFactory;
  44
  45 namespace base {
  46 class MessageLoop;
  47 }
  48
  49 class SafeBrowsingBlockingPage : public SecurityInterstitialPage {
  50  public:
  51   typedef SafeBrowsingUIManager::UnsafeResource UnsafeResource;
  52   typedef std::vector<UnsafeResource> UnsafeResourceList;
  53   typedef std::map<content::WebContents*, UnsafeResourceList> UnsafeResourceMap;
  54
  55   // Interstitial type, used in tests.
  56   static const void* kTypeForTesting;
  57
  58   ~SafeBrowsingBlockingPage() override;
  59
  60   // Creates a blocking page. Use ShowBlockingPage if you don't need to access
  61   // the blocking page directly.
  62   static SafeBrowsingBlockingPage* CreateBlockingPage(
  63       SafeBrowsingUIManager* ui_manager,
  64       content::WebContents* web_contents,
  65       const UnsafeResource& unsafe_resource);
  66
  67   // Shows a blocking page warning the user about phishing/malware for a
  68   // specific resource.
  69   // You can call this method several times, if an interstitial is already
  70   // showing, the new one will be queued and displayed if the user decides
  71   // to proceed on the currently showing interstitial.
  72   static void ShowBlockingPage(
  73       SafeBrowsingUIManager* ui_manager, const UnsafeResource& resource);
  74
  75   // Makes the passed |factory| the factory used to instantiate
  76   // SafeBrowsingBlockingPage objects. Useful for tests.
  77   static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
  78     factory_ = factory;
  79   }
  80
  81   // InterstitialPageDelegate method:
  82   void OnProceed() override;
  83   void OnDontProceed() override;
  84   void CommandReceived(const std::string& command) override;
  85   void OverrideRendererPrefs(content::RendererPreferences* prefs) override;
  86
  87   // SecurityInterstitialPage method:
  88   const void* GetTypeForTesting() const override;
  89
  90  protected:
  91   friend class SafeBrowsingBlockingPageTest;
  92   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
  93                            ProceedThenDontProceed);
  94   void SetReportingPreference(bool report);
  95   void UpdateReportingPref();  // Used for the transition from old to new pref.
  96
  97   // Don't instantiate this class directly, use ShowBlockingPage instead.
  98   SafeBrowsingBlockingPage(SafeBrowsingUIManager* ui_manager,
  99                            content::WebContents* web_contents,
 100                            const UnsafeResourceList& unsafe_resources);
 101
 102   // SecurityInterstitialPage methods:
 103   bool ShouldCreateNewNavigation() const override;
 104   void PopulateInterstitialStrings(
 105       base::DictionaryValue* load_time_data) override;
 106
 107   // After a malware interstitial where the user opted-in to the
 108   // report but clicked "proceed anyway", we delay the call to
 109   // MalwareDetails::FinishCollection() by this much time (in
 110   // milliseconds), in order to get data from the blocked resource itself.
 111   int64 malware_details_proceed_delay_ms_;
 112
 113   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
 114       MalwareReportsTransitionDisabled);
 115   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
 116       MalwareReportsToggling);
 117
 118   // Checks if we should even show the malware details option. For example, we
 119   // don't show it in incognito mode.
 120   bool CanShowMalwareDetailsOption();
 121
 122   // Called when the insterstitial is going away. If there is a
 123   // pending malware details object, we look at the user's
 124   // preferences, and if the option to send malware details is
 125   // enabled, the report is scheduled to be sent on the |ui_manager_|.
 126   void FinishMalwareDetails(int64 delay_ms);
 127
 128   // Returns the boolean value of the given |pref| from the PrefService of the
 129   // Profile associated with |web_contents_|.
 130   bool IsPrefEnabled(const char* pref);
 131
 132   // A list of SafeBrowsingUIManager::UnsafeResource for a tab that the user
 133   // should be warned about.  They are queued when displaying more than one
 134   // interstitial at a time.
 135   static UnsafeResourceMap* GetUnsafeResourcesMap();
 136
 137   // Notifies the SafeBrowsingUIManager on the IO thread whether to proceed
 138   // or not for the |resources|.
 139   static void NotifySafeBrowsingUIManager(
 140       SafeBrowsingUIManager* ui_manager,
 141       const UnsafeResourceList& resources, bool proceed);
 142
 143   // Returns true if the passed |unsafe_resources| is blocking the load of
 144   // the main page.
 145   static bool IsMainPageLoadBlocked(
 146       const UnsafeResourceList& unsafe_resources);
 147
 148   friend class SafeBrowsingBlockingPageFactoryImpl;
 149
 150   // For reporting back user actions.
 151   SafeBrowsingUIManager* ui_manager_;
 152   base::MessageLoop* report_loop_;
 153
 154   // True if the interstitial is blocking the main page because it is on one
 155   // of our lists.  False if a subresource is being blocked, or in the case of
 156   // client-side detection where the interstitial is shown after page load
 157   // finishes.
 158   bool is_main_frame_load_blocked_;
 159
 160   // The index of a navigation entry that should be removed when DontProceed()
 161   // is invoked, -1 if not entry should be removed.
 162   int navigation_entry_index_to_remove_;
 163
 164   // The list of unsafe resources this page is warning about.
 165   UnsafeResourceList unsafe_resources_;
 166
 167   // A MalwareDetails object that we start generating when the
 168   // blocking page is shown. The object will be sent when the warning
 169   // is gone (if the user enables the feature).
 170   scoped_refptr<MalwareDetails> malware_details_;
 171
 172   bool proceeded_;
 173
 174   // Which type of Safe Browsing interstitial this is.
 175   enum SBInterstitialReason {
 176     SB_REASON_MALWARE,
 177     SB_REASON_HARMFUL,
 178     SB_REASON_PHISHING,
 179   } interstitial_reason_;
 180
 181   // The factory used to instantiate SafeBrowsingBlockingPage objects.
 182   // Usefull for tests, so they can provide their own implementation of
 183   // SafeBrowsingBlockingPage.
 184   static SafeBrowsingBlockingPageFactory* factory_;
 185
 186  private:
 187   // Fills the passed dictionary with the values to be passed to the template
 188   // when creating the HTML.
 189   void PopulateExtendedReportingOption(base::DictionaryValue* load_time_data);
 190   void PopulateMalwareLoadTimeData(base::DictionaryValue* load_time_data);
 191   void PopulateHarmfulLoadTimeData(base::DictionaryValue* load_time_data);
 192   void PopulatePhishingLoadTimeData(base::DictionaryValue* load_time_data);
 193
 194   std::string GetMetricPrefix() const;
 195   std::string GetSamplingEventName() const;
 196
 197   scoped_ptr<SecurityInterstitialMetricsHelper> metrics_helper_;
 198
 199   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
 200 };
 201
 202 // Factory for creating SafeBrowsingBlockingPage.  Useful for tests.
 203 class SafeBrowsingBlockingPageFactory {
 204  public:
 205   virtual ~SafeBrowsingBlockingPageFactory() { }
 206
 207   virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
 208       SafeBrowsingUIManager* ui_manager,
 209       content::WebContents* web_contents,
 210       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
 211 };
 212
 213 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_