1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Classes for managing the SafeBrowsing interstitial pages.
7 // When a user is about to visit a page the SafeBrowsing system has deemed to
8 // be malicious, either as malware or a phishing page, we show an interstitial
9 // page with some options (go back, continue) to give the user a chance to avoid
12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingUIManager on the
13 // UI thread when we've determined that a page is malicious. The operation of
14 // the blocking page occurs on the UI thread, where it waits for the user to
15 // make a decision about what to do: either go back or continue on.
17 // The blocking page forwards the result of the user's choice back to the
18 // SafeBrowsingUIManager so that we can cancel the request for the new page,
19 // or allow it to continue.
21 // A web page may contain several resources flagged as malware/phishing. This
22 // results into more than one interstitial being shown. On the first unsafe
23 // resource received we show an interstitial. Any subsequent unsafe resource
24 // notifications while the first interstitial is showing is queued. If the user
25 // decides to proceed in the first interstitial, we display all queued unsafe
26 // resources in a new interstitial.
28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
35 #include "base/gtest_prod_util.h"
36 #include "base/task/cancelable_task_tracker.h"
37 #include "base/time/time.h"
38 #include "chrome/browser/history/history_service.h"
39 #include "chrome/browser/safe_browsing/ui_manager.h"
40 #include "content/public/browser/interstitial_page_delegate.h"
44 class SafeBrowsingBlockingPageFactory;
47 class DictionaryValue;
52 class InterstitialPage;
56 #if defined(ENABLE_EXTENSIONS)
57 namespace extensions {
58 class ExperienceSamplingEvent;
62 class SafeBrowsingBlockingPage : public content::InterstitialPageDelegate {
64 typedef SafeBrowsingUIManager::UnsafeResource UnsafeResource;
65 typedef std::vector<UnsafeResource> UnsafeResourceList;
66 typedef std::map<content::WebContents*, UnsafeResourceList> UnsafeResourceMap;
68 ~SafeBrowsingBlockingPage() override;
70 // Creates a blocking page. Use ShowBlockingPage if you don't need to access
71 // the blocking page directly.
72 static SafeBrowsingBlockingPage* CreateBlockingPage(
73 SafeBrowsingUIManager* ui_manager,
74 content::WebContents* web_contents,
75 const UnsafeResource& unsafe_resource);
77 // Shows a blocking page warning the user about phishing/malware for a
79 // You can call this method several times, if an interstitial is already
80 // showing, the new one will be queued and displayed if the user decides
81 // to proceed on the currently showing interstitial.
82 static void ShowBlockingPage(
83 SafeBrowsingUIManager* ui_manager, const UnsafeResource& resource);
85 // Makes the passed |factory| the factory used to instantiate
86 // SafeBrowsingBlockingPage objects. Useful for tests.
87 static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
91 // InterstitialPageDelegate method:
92 std::string GetHTMLContents() override;
93 void OnProceed() override;
94 void OnDontProceed() override;
95 void CommandReceived(const std::string& command) override;
96 void OverrideRendererPrefs(content::RendererPreferences* prefs) override;
99 friend class SafeBrowsingBlockingPageTest;
100 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
101 ProceedThenDontProceed);
103 void DontCreateViewForTesting();
105 void SetReportingPreference(bool report);
106 void UpdateReportingPref(); // Used for the transition from old to new pref.
108 // Don't instantiate this class directly, use ShowBlockingPage instead.
109 SafeBrowsingBlockingPage(SafeBrowsingUIManager* ui_manager,
110 content::WebContents* web_contents,
111 const UnsafeResourceList& unsafe_resources);
113 // After a malware interstitial where the user opted-in to the
114 // report but clicked "proceed anyway", we delay the call to
115 // MalwareDetails::FinishCollection() by this much time (in
116 // milliseconds), in order to get data from the blocked resource itself.
117 int64 malware_details_proceed_delay_ms_;
118 content::InterstitialPage* interstitial_page() const {
119 return interstitial_page_;
122 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
123 MalwareReportsTransitionDisabled);
124 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
125 MalwareReportsToggling);
127 // These enums are used for histograms. Don't reorder, delete, or insert
128 // elements. New elements should be added before MAX_ACTION only.
145 // Record a user decision or interaction to the appropriate UMA histogram.
146 void RecordUserDecision(Decision decision);
147 void RecordUserInteraction(Interaction interaction);
149 // Used to query the HistoryService to see if the URL is in history. For UMA.
150 void OnGotHistoryCount(bool success, int num_visits, base::Time first_visit);
152 // Checks if we should even show the malware details option. For example, we
153 // don't show it in incognito mode.
154 bool CanShowMalwareDetailsOption();
156 // Called when the insterstitial is going away. If there is a
157 // pending malware details object, we look at the user's
158 // preferences, and if the option to send malware details is
159 // enabled, the report is scheduled to be sent on the |ui_manager_|.
160 void FinishMalwareDetails(int64 delay_ms);
162 // Returns the boolean value of the given |pref| from the PrefService of the
163 // Profile associated with |web_contents_|.
164 bool IsPrefEnabled(const char* pref);
166 // A list of SafeBrowsingUIManager::UnsafeResource for a tab that the user
167 // should be warned about. They are queued when displaying more than one
168 // interstitial at a time.
169 static UnsafeResourceMap* GetUnsafeResourcesMap();
171 // Notifies the SafeBrowsingUIManager on the IO thread whether to proceed
172 // or not for the |resources|.
173 static void NotifySafeBrowsingUIManager(
174 SafeBrowsingUIManager* ui_manager,
175 const UnsafeResourceList& resources, bool proceed);
177 // Returns true if the passed |unsafe_resources| is blocking the load of
179 static bool IsMainPageLoadBlocked(
180 const UnsafeResourceList& unsafe_resources);
182 friend class SafeBrowsingBlockingPageFactoryImpl;
184 // For reporting back user actions.
185 SafeBrowsingUIManager* ui_manager_;
186 base::MessageLoop* report_loop_;
188 // True if the interstitial is blocking the main page because it is on one
189 // of our lists. False if a subresource is being blocked, or in the case of
190 // client-side detection where the interstitial is shown after page load
192 bool is_main_frame_load_blocked_;
194 // The index of a navigation entry that should be removed when DontProceed()
195 // is invoked, -1 if not entry should be removed.
196 int navigation_entry_index_to_remove_;
198 // The list of unsafe resources this page is warning about.
199 UnsafeResourceList unsafe_resources_;
201 // A MalwareDetails object that we start generating when the
202 // blocking page is shown. The object will be sent when the warning
203 // is gone (if the user enables the feature).
204 scoped_refptr<MalwareDetails> malware_details_;
208 content::WebContents* web_contents_;
210 content::InterstitialPage* interstitial_page_; // Owns us
212 // Whether the interstitial should create a view.
215 // Which type of interstitial this is.
220 } interstitial_type_;
222 // The factory used to instantiate SafeBrowsingBlockingPage objects.
223 // Usefull for tests, so they can provide their own implementation of
224 // SafeBrowsingBlockingPage.
225 static SafeBrowsingBlockingPageFactory* factory_;
227 // How many times is this same URL in history? Used for histogramming.
229 base::CancelableTaskTracker request_tracker_;
232 // Fills the passed dictionary with the values to be passed to the template
233 // when creating the HTML.
234 void PopulateMalwareLoadTimeData(base::DictionaryValue* load_time_data);
235 void PopulateHarmfulLoadTimeData(base::DictionaryValue* load_time_data);
236 void PopulatePhishingLoadTimeData(base::DictionaryValue* load_time_data);
238 #if defined(ENABLE_EXTENSIONS)
239 scoped_ptr<extensions::ExperienceSamplingEvent> sampling_event_;
242 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
245 // Factory for creating SafeBrowsingBlockingPage. Useful for tests.
246 class SafeBrowsingBlockingPageFactory {
248 virtual ~SafeBrowsingBlockingPageFactory() { }
250 virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
251 SafeBrowsingUIManager* ui_manager,
252 content::WebContents* web_contents,
253 const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
256 #endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_