diff options
Diffstat (limited to 'chromium/components/security_interstitials/content')
13 files changed, 295 insertions, 27 deletions
diff --git a/chromium/components/security_interstitials/content/BUILD.gn b/chromium/components/security_interstitials/content/BUILD.gn index 6bd779fa34a..dd19bf9033f 100644 --- a/chromium/components/security_interstitials/content/BUILD.gn +++ b/chromium/components/security_interstitials/content/BUILD.gn @@ -26,6 +26,10 @@ static_library("security_interstitial_page") { "connection_help_ui.h", "content_metrics_helper.cc", "content_metrics_helper.h", + "insecure_form_blocking_page.cc", + "insecure_form_blocking_page.h", + "insecure_form_navigation_throttle.cc", + "insecure_form_navigation_throttle.h", "known_interception_disclosure_ui.cc", "known_interception_disclosure_ui.h", "legacy_tls_blocking_page.cc", diff --git a/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc b/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc index 81df00dd1a4..f53cd6b7ea9 100644 --- a/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc +++ b/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc @@ -184,6 +184,9 @@ void CaptivePortalBlockingPage::PopulateInterstitialStrings( } } load_time_data->SetString("primaryParagraph", paragraph); + load_time_data->SetString( + "optInLink", + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); // Explicitly specify other expected fields to empty. load_time_data->SetString("openDetails", ""); load_time_data->SetString("closeDetails", ""); diff --git a/chromium/components/security_interstitials/content/captive_portal_helper_android.cc b/chromium/components/security_interstitials/content/captive_portal_helper_android.cc index 5095d5e4f35..63f8f36bfbf 100644 --- a/chromium/components/security_interstitials/content/captive_portal_helper_android.cc +++ b/chromium/components/security_interstitials/content/captive_portal_helper_android.cc @@ -3,7 +3,6 @@ // found in the LICENSE file. #include "components/security_interstitials/content/captive_portal_helper_android.h" -#include "base/task/post_task.h" #include "components/security_interstitials/content/captive_portal_helper.h" #include "content/public/browser/browser_task_traits.h" @@ -27,8 +26,8 @@ void JNI_CaptivePortalHelper_SetCaptivePortalCertificateForTesting( const base::android::JavaParamRef<jstring>& jhash) { auto default_proto = SSLErrorAssistant::GetErrorAssistantProtoFromResourceBundle(); - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, - base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, std::move(default_proto))); const std::string hash = ConvertJavaStringToUTF8(env, jhash); @@ -37,16 +36,16 @@ void JNI_CaptivePortalHelper_SetCaptivePortalCertificateForTesting( config_proto->set_version_id(INT_MAX); config_proto->add_captive_portal_cert()->set_sha256_hash(hash); - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, - base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, std::move(config_proto))); } void JNI_CaptivePortalHelper_SetOSReportsCaptivePortalForTesting( JNIEnv* env, jboolean os_reports_captive_portal) { - base::PostTask( - FROM_HERE, {content::BrowserThread::UI}, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetOSReportsCaptivePortalForTesting, os_reports_captive_portal)); } diff --git a/chromium/components/security_interstitials/content/cert_report_helper.cc b/chromium/components/security_interstitials/content/cert_report_helper.cc index 833a226972b..f8d655b1078 100644 --- a/chromium/components/security_interstitials/content/cert_report_helper.cc +++ b/chromium/components/security_interstitials/content/cert_report_helper.cc @@ -86,15 +86,9 @@ void CertReportHelper::PopulateExtendedReportingOption( security_interstitials::kBoxChecked, safe_browsing::IsExtendedReportingEnabled(*GetPrefs(web_contents_))); - const std::string privacy_link = base::StringPrintf( - security_interstitials::kPrivacyLinkHtml, - security_interstitials::CMD_OPEN_REPORTING_PRIVACY, - l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); - load_time_data->SetString( security_interstitials::kOptInLink, - l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE, - base::UTF8ToUTF16(privacy_link))); + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); } void CertReportHelper::SetSSLCertReporterForTesting( diff --git a/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc b/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc new file mode 100644 index 00000000000..4334a0f06cb --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc @@ -0,0 +1,110 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/security_interstitials/content/insecure_form_blocking_page.h" + +#include "base/notreached.h" +#include "base/strings/string_number_conversions.h" +#include "base/values.h" +#include "components/security_interstitials/content/security_interstitial_controller_client.h" +#include "components/strings/grit/components_strings.h" +#include "ui/base/l10n/l10n_util.h" + +namespace security_interstitials { + +// static +const SecurityInterstitialPage::TypeID + InsecureFormBlockingPage::kTypeForTesting = + &InsecureFormBlockingPage::kTypeForTesting; + +InsecureFormBlockingPage::InsecureFormBlockingPage( + content::WebContents* web_contents, + const GURL& request_url, + std::unique_ptr<SecurityInterstitialControllerClient> controller_client) + : SecurityInterstitialPage(web_contents, + request_url, + std::move(controller_client)) {} + +InsecureFormBlockingPage::~InsecureFormBlockingPage() = default; + +SecurityInterstitialPage::TypeID InsecureFormBlockingPage::GetTypeForTesting() { + return InsecureFormBlockingPage::kTypeForTesting; +} + +bool InsecureFormBlockingPage::ShouldCreateNewNavigation() const { + return false; +} + +void InsecureFormBlockingPage::CommandReceived(const std::string& command) { + if (command == "\"pageLoadComplete\"") { + // content::WaitForRenderFrameReady sends this message when the page + // load completes. Ignore it. + return; + } + int cmd = 0; + bool retval = base::StringToInt(command, &cmd); + DCHECK(retval); + switch (cmd) { + case security_interstitials::CMD_DONT_PROCEED: + controller()->GoBack(); + break; + case security_interstitials::CMD_PROCEED: + controller()->Proceed(); + break; + case security_interstitials::CMD_DO_REPORT: + case security_interstitials::CMD_DONT_REPORT: + case security_interstitials::CMD_SHOW_MORE_SECTION: + case security_interstitials::CMD_OPEN_DATE_SETTINGS: + case security_interstitials::CMD_OPEN_REPORTING_PRIVACY: + case security_interstitials::CMD_OPEN_WHITEPAPER: + case security_interstitials::CMD_OPEN_HELP_CENTER: + case security_interstitials::CMD_RELOAD: + case security_interstitials::CMD_OPEN_DIAGNOSTIC: + case security_interstitials::CMD_OPEN_LOGIN: + case security_interstitials::CMD_REPORT_PHISHING_ERROR: + // Not supported by the insecure form blocking page. + NOTREACHED() << "Unsupported command: " << command; + break; + case security_interstitials::CMD_ERROR: + case security_interstitials::CMD_TEXT_FOUND: + case security_interstitials::CMD_TEXT_NOT_FOUND: + // Commands are for testing. + break; + } +} + +void InsecureFormBlockingPage::PopulateInterstitialStrings( + base::DictionaryValue* load_time_data) { + PopulateValuesForSharedHTML(load_time_data); + + load_time_data->SetString("tabTitle", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_TITLE)); + load_time_data->SetString( + "heading", l10n_util::GetStringUTF16(IDS_INSECURE_FORM_HEADING)); + load_time_data->SetString( + "primaryParagraph", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_PRIMARY_PARAGRAPH)); + load_time_data->SetString( + "proceedButtonText", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_SUBMIT_BUTTON)); + load_time_data->SetString( + "primaryButtonText", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_BACK_BUTTON)); + load_time_data->SetString( + "optInLink", + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); +} + +void InsecureFormBlockingPage::PopulateValuesForSharedHTML( + base::DictionaryValue* load_time_data) { + load_time_data->SetString("type", "INSECURE_FORM"); + load_time_data->SetBoolean("overridable", false); + load_time_data->SetBoolean("hide_primary_button", false); + load_time_data->SetBoolean("show_recurrent_error_paragraph", false); + load_time_data->SetString("recurrentErrorParagraph", ""); + load_time_data->SetString("openDetails", ""); + load_time_data->SetString("explanationParagraph", ""); + load_time_data->SetString("finalParagraph", ""); +} +} // namespace security_interstitials diff --git a/chromium/components/security_interstitials/content/insecure_form_blocking_page.h b/chromium/components/security_interstitials/content/insecure_form_blocking_page.h new file mode 100644 index 00000000000..e390ce5b912 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_blocking_page.h @@ -0,0 +1,43 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ +#define COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ + +#include "components/security_interstitials/content/security_interstitial_page.h" + +namespace security_interstitials { +class SecurityInterstitialControllerClient; + +// Interstitial page object used for warnings shown when a form embedded on a +// secure (HTTPS) page is submitted over HTTP. +class InsecureFormBlockingPage : public SecurityInterstitialPage { + public: + InsecureFormBlockingPage( + content::WebContents* web_contents, + const GURL& request_url, + std::unique_ptr<SecurityInterstitialControllerClient> controller_client); + + static const SecurityInterstitialPage::TypeID kTypeForTesting; + ~InsecureFormBlockingPage() override; + + // SecurityInterstitialPage:: + void OnInterstitialClosing() override {} + SecurityInterstitialPage::TypeID GetTypeForTesting() override; + + protected: + // SecurityInterstitialPage:: + void CommandReceived(const std::string& command) override; + bool ShouldCreateNewNavigation() const override; + void PopulateInterstitialStrings( + base::DictionaryValue* load_time_data) override; + + private: + // Adds values required for shared interstitial HTML to |load_time_data|. + void PopulateValuesForSharedHTML(base::DictionaryValue* load_time_data); +}; + +} // namespace security_interstitials + +#endif // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ diff --git a/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc new file mode 100644 index 00000000000..0ca198d72d5 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc @@ -0,0 +1,79 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/security_interstitials/content/insecure_form_navigation_throttle.h" + +#include "base/feature_list.h" +#include "components/security_interstitials/content/insecure_form_blocking_page.h" +#include "components/security_interstitials/content/security_interstitial_tab_helper.h" +#include "components/security_interstitials/core/features.h" +#include "content/public/browser/navigation_handle.h" +#include "content/public/browser/web_contents.h" +#include "services/network/public/cpp/is_potentially_trustworthy.h" +#include "url/origin.h" +#include "url/url_constants.h" + +namespace { +bool IsInsecureFormAction(const GURL& action_url) { + if (action_url.SchemeIs(url::kBlobScheme) || + action_url.SchemeIs(url::kFileSystemScheme)) + return false; + return !network::IsOriginPotentiallyTrustworthy( + url::Origin::Create(action_url)); +} +} // namespace + +namespace security_interstitials { + +InsecureFormNavigationThrottle::InsecureFormNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory) + : content::NavigationThrottle(navigation_handle), + blocking_page_factory_(std::move(blocking_page_factory)) {} + +InsecureFormNavigationThrottle::~InsecureFormNavigationThrottle() = default; + +content::NavigationThrottle::ThrottleCheckResult +InsecureFormNavigationThrottle::WillStartRequest() { + content::NavigationHandle* handle = navigation_handle(); + if (!handle->IsFormSubmission()) + return content::NavigationThrottle::PROCEED; + content::WebContents* contents = handle->GetWebContents(); + if (!IsInsecureFormAction(handle->GetURL()) || + !contents->GetLastCommittedURL().SchemeIs(url::kHttpsScheme)) { + // Currently we only warn for insecure forms in secure pages. + return content::NavigationThrottle::PROCEED; + } + + std::unique_ptr<InsecureFormBlockingPage> blocking_page = + blocking_page_factory_->CreateInsecureFormBlockingPage(contents, + handle->GetURL()); + std::string interstitial_html = blocking_page->GetHTMLContents(); + SecurityInterstitialTabHelper::AssociateBlockingPage( + contents, handle->GetNavigationId(), std::move(blocking_page)); + return content::NavigationThrottle::ThrottleCheckResult( + CANCEL, net::ERR_BLOCKED_BY_CLIENT, interstitial_html); +} + +content::NavigationThrottle::ThrottleCheckResult +InsecureFormNavigationThrottle::WillRedirectRequest() { + return WillStartRequest(); +} + +const char* InsecureFormNavigationThrottle::GetNameForLogging() { + return "InsecureFormNavigationThrottle"; +} + +// static +std::unique_ptr<InsecureFormNavigationThrottle> +InsecureFormNavigationThrottle::MaybeCreateNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory) { + if (!base::FeatureList::IsEnabled(kInsecureFormSubmissionInterstitial)) + return nullptr; + return std::make_unique<InsecureFormNavigationThrottle>( + navigation_handle, std::move(blocking_page_factory)); +} + +} // namespace security_interstitials diff --git a/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h new file mode 100644 index 00000000000..19178a5eeb1 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h @@ -0,0 +1,40 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ +#define COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ + +#include "components/security_interstitials/content/security_blocking_page_factory.h" +#include "content/public/browser/navigation_throttle.h" + +namespace content { +class NavigationHandle; +} // namespace content + +namespace security_interstitials { + +class InsecureFormNavigationThrottle : public content::NavigationThrottle { + public: + InsecureFormNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory); + ~InsecureFormNavigationThrottle() override; + + // content::NavigationThrottle: + ThrottleCheckResult WillStartRequest() override; + ThrottleCheckResult WillRedirectRequest() override; + const char* GetNameForLogging() override; + + static std::unique_ptr<InsecureFormNavigationThrottle> + MaybeCreateNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory); + + private: + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory_; +}; + +} // namespace security_interstitials + +#endif // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ diff --git a/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc b/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc index 011f1422707..2d1e123b1be 100644 --- a/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc +++ b/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc @@ -71,6 +71,7 @@ void OriginPolicyInterstitialPage::PopulateInterstitialStrings( {"finalParagraph", IDS_ORIGIN_POLICY_FINAL_PARAGRAPH}, {"heading", IDS_ORIGIN_POLICY_HEADING}, {"openDetails", IDS_ORIGIN_POLICY_DETAILS}, + {"optInLink", IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE}, {"primaryButtonText", IDS_ORIGIN_POLICY_BUTTON}, {"primaryParagraph", IDS_ORIGIN_POLICY_INFO}, {"recurrentErrorParagraph", IDS_ORIGIN_POLICY_INFO2}, diff --git a/chromium/components/security_interstitials/content/security_blocking_page_factory.h b/chromium/components/security_interstitials/content/security_blocking_page_factory.h index 6a09ce9e547..ad3720a6c56 100644 --- a/chromium/components/security_interstitials/content/security_blocking_page_factory.h +++ b/chromium/components/security_interstitials/content/security_blocking_page_factory.h @@ -12,6 +12,7 @@ #include "components/security_interstitials/content/bad_clock_blocking_page.h" #include "components/security_interstitials/content/blocked_interception_blocking_page.h" #include "components/security_interstitials/content/captive_portal_blocking_page.h" +#include "components/security_interstitials/content/insecure_form_blocking_page.h" #include "components/security_interstitials/content/legacy_tls_blocking_page.h" #include "components/security_interstitials/content/mitm_software_blocking_page.h" #include "components/security_interstitials/content/ssl_blocking_page.h" @@ -83,6 +84,10 @@ class SecurityBlockingPageFactory { std::unique_ptr<SSLCertReporter> ssl_cert_reporter, const net::SSLInfo& ssl_info) = 0; + virtual std::unique_ptr<security_interstitials::InsecureFormBlockingPage> + CreateInsecureFormBlockingPage(content::WebContents* web_contents, + const GURL& request_url) = 0; + private: DISALLOW_COPY_AND_ASSIGN(SecurityBlockingPageFactory); }; diff --git a/chromium/components/security_interstitials/content/security_interstitial_page.cc b/chromium/components/security_interstitials/content/security_interstitial_page.cc index ecf7853ab1e..2cdcfd57d93 100644 --- a/chromium/components/security_interstitials/content/security_interstitial_page.cc +++ b/chromium/components/security_interstitials/content/security_interstitial_page.cc @@ -85,14 +85,6 @@ SecurityInterstitialControllerClient* SecurityInterstitialPage::controller() return controller_.get(); } -void SecurityInterstitialPage::UpdateMetricsAfterSecurityInterstitial() { - if (controller_->GetPrefService()) { - safe_browsing::UpdateMetricsAfterSecurityInterstitial( - *controller_->GetPrefService(), on_show_extended_reporting_pref_exists_, - on_show_extended_reporting_pref_value_); - } -} - void SecurityInterstitialPage::SetUpMetrics() { // Remember the initial state of the extended reporting pref, to be compared // to the same data when the interstitial is closed. diff --git a/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc b/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc index c5691b85a0c..6e97fdf7d8d 100644 --- a/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc +++ b/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc @@ -36,7 +36,6 @@ SSLBlockingPageBase::SSLBlockingPageBase( SSLBlockingPageBase::~SSLBlockingPageBase() = default; void SSLBlockingPageBase::OnInterstitialClosing() { - UpdateMetricsAfterSecurityInterstitial(); cert_report_helper_->FinishCertCollection(); } diff --git a/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc b/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc index 9abf785ba23..65e26fd08db 100644 --- a/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc +++ b/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc @@ -11,7 +11,6 @@ #include "base/macros.h" #include "base/metrics/field_trial.h" #include "base/run_loop.h" -#include "base/task/post_task.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "base/test/simple_test_clock.h" @@ -126,7 +125,7 @@ const char kCertWithoutOrganizationOrCommonName[] = std::unique_ptr<net::test_server::HttpResponse> WaitForRequest( const base::Closure& quit_closure, const net::test_server::HttpRequest& request) { - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, quit_closure); + content::GetUIThreadTaskRunner({})->PostTask(FROM_HERE, quit_closure); return std::make_unique<net::test_server::HungResponse>(); } @@ -645,8 +644,8 @@ class SSLErrorHandlerDateInvalidTest base::RunLoop run_loop; std::unique_ptr<network::PendingSharedURLLoaderFactory> pending_url_loader_factory; - base::PostTaskAndReply( - FROM_HERE, {content::BrowserThread::IO}, + content::GetIOThreadTaskRunner({})->PostTaskAndReply( + FROM_HERE, base::BindOnce(CreateURLLoaderFactory, &pending_url_loader_factory), run_loop.QuitClosure()); run_loop.Run(); |