1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/autofill/core/common/save_password_progress_logger.h"
9 #include "base/json/json_writer.h"
10 #include "base/logging.h"
11 #include "base/numerics/safe_conversions.h"
12 #include "base/strings/string16.h"
13 #include "base/strings/string_util.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "base/values.h"
16 #include "components/autofill/core/common/password_form.h"
18 using base::checked_cast;
20 using base::DictionaryValue;
21 using base::FundamentalValue;
22 using base::StringValue;
28 // Note 1: Caching the ID->string map in an array would be probably faster, but
29 // the switch statement is (a) robust against re-ordering, and (b) checks in
30 // compile-time, that all IDs get a string assigned. The expected frequency of
31 // calls is low enough (in particular, zero if password manager internals page
32 // is not open), that optimizing for code robustness is preferred against speed.
33 // Note 2: The messages can be used as dictionary keys. Do not use '.' in them.
34 std::string GetStringFromID(SavePasswordProgressLogger::StringID id) {
36 case SavePasswordProgressLogger::STRING_DECISION_ASK:
37 return "Decision: ASK the user";
38 case SavePasswordProgressLogger::STRING_DECISION_DROP:
39 return "Decision: DROP the password";
40 case SavePasswordProgressLogger::STRING_DECISION_SAVE:
41 return "Decision: SAVE the password";
42 case SavePasswordProgressLogger::STRING_OTHER:
44 case SavePasswordProgressLogger::STRING_SCHEME_HTML:
46 case SavePasswordProgressLogger::STRING_SCHEME_BASIC:
48 case SavePasswordProgressLogger::STRING_SCHEME_DIGEST:
50 case SavePasswordProgressLogger::STRING_SCHEME_MESSAGE:
52 case SavePasswordProgressLogger::STRING_SIGNON_REALM:
53 return "Signon realm";
54 case SavePasswordProgressLogger::STRING_ORIGINAL_SIGNON_REALM:
55 return "Original signon realm";
56 case SavePasswordProgressLogger::STRING_ORIGIN:
58 case SavePasswordProgressLogger::STRING_ACTION:
60 case SavePasswordProgressLogger::STRING_USERNAME_ELEMENT:
61 return "Username element";
62 case SavePasswordProgressLogger::STRING_PASSWORD_ELEMENT:
63 return "Password element";
64 case SavePasswordProgressLogger::STRING_PASSWORD_AUTOCOMPLETE_SET:
65 return "Password autocomplete set";
66 case SavePasswordProgressLogger::STRING_NEW_PASSWORD_ELEMENT:
67 return "New password element";
68 case SavePasswordProgressLogger::STRING_SSL_VALID:
70 case SavePasswordProgressLogger::STRING_PASSWORD_GENERATED:
71 return "Password generated";
72 case SavePasswordProgressLogger::STRING_TIMES_USED:
74 case SavePasswordProgressLogger::STRING_PSL_MATCH:
76 case SavePasswordProgressLogger::STRING_NAME_OR_ID:
77 return "Form name or ID";
78 case SavePasswordProgressLogger::STRING_MESSAGE:
80 case SavePasswordProgressLogger::STRING_SET_AUTH_METHOD:
81 return "LoginHandler::SetAuth";
82 case SavePasswordProgressLogger::STRING_AUTHENTICATION_HANDLED:
83 return "Authentication already handled";
84 case SavePasswordProgressLogger::STRING_LOGINHANDLER_FORM:
85 return "LoginHandler reports this form";
86 case SavePasswordProgressLogger::STRING_SEND_PASSWORD_FORMS_METHOD:
87 return "PasswordAutofillAgent::SendPasswordForms";
88 case SavePasswordProgressLogger::STRING_SECURITY_ORIGIN:
89 return "Security origin";
90 case SavePasswordProgressLogger::STRING_SECURITY_ORIGIN_FAILURE:
91 return "Security origin cannot access password manager.";
92 case SavePasswordProgressLogger::STRING_WEBPAGE_EMPTY:
93 return "Webpage is empty.";
94 case SavePasswordProgressLogger::STRING_NUMBER_OF_ALL_FORMS:
95 return "Number of all forms";
96 case SavePasswordProgressLogger::STRING_FORM_FOUND_ON_PAGE:
97 return "Form found on page";
98 case SavePasswordProgressLogger::STRING_FORM_IS_VISIBLE:
99 return "Form is visible";
100 case SavePasswordProgressLogger::STRING_FORM_IS_PASSWORD:
101 return "Form is a password form";
102 case SavePasswordProgressLogger::STRING_WILL_SUBMIT_FORM_METHOD:
103 return "PasswordAutofillAgent::WillSubmitForm";
104 case SavePasswordProgressLogger::STRING_HTML_FORM_FOR_SUBMIT:
105 return "HTML form for submit";
106 case SavePasswordProgressLogger::STRING_CREATED_PASSWORD_FORM:
107 return "Created PasswordForm";
108 case SavePasswordProgressLogger::STRING_SUBMITTED_PASSWORD_REPLACED:
109 return "Submitted password replaced with the provisionally saved one.";
110 case SavePasswordProgressLogger::STRING_DID_START_PROVISIONAL_LOAD_METHOD:
111 return "PasswordAutofillAgent::DidStartProvisionalLoad";
112 case SavePasswordProgressLogger::STRING_FORM_FRAME_EQ_FRAME:
113 return "form_frame == frame";
114 case SavePasswordProgressLogger::STRING_PROVISIONALLY_SAVED_FORM_FOR_FRAME:
115 return "provisionally_saved_forms_[form_frame]";
116 case SavePasswordProgressLogger::STRING_PASSWORD_FORM_FOUND_ON_PAGE:
117 return "PasswordForm found on the page";
118 case SavePasswordProgressLogger::STRING_PROVISIONALLY_SAVE_PASSWORD_METHOD:
119 return "PasswordManager::ProvisionallySavePassword";
120 case SavePasswordProgressLogger::STRING_PROVISIONALLY_SAVE_PASSWORD_FORM:
121 return "ProvisionallySavePassword form";
122 case SavePasswordProgressLogger::STRING_IS_SAVING_ENABLED:
123 return "IsSavingEnabledForCurrentPage";
124 case SavePasswordProgressLogger::STRING_EMPTY_PASSWORD:
125 return "Empty password";
126 case SavePasswordProgressLogger::STRING_EXACT_MATCH:
127 return "Form manager found, exact match.";
128 case SavePasswordProgressLogger::STRING_MATCH_WITHOUT_ACTION:
129 return "Form manager found, match except for action.";
130 case SavePasswordProgressLogger::STRING_MATCHING_NOT_COMPLETE:
131 return "No form manager has completed matching.";
132 case SavePasswordProgressLogger::STRING_FORM_BLACKLISTED:
133 return "Form blacklisted.";
134 case SavePasswordProgressLogger::STRING_INVALID_FORM:
135 return "Invalid form.";
136 case SavePasswordProgressLogger::STRING_SYNC_CREDENTIAL:
137 return "Credential is used for syncing passwords.";
138 case SavePasswordProgressLogger::STRING_PROVISIONALLY_SAVED_FORM:
139 return "provisionally_saved_form";
140 case SavePasswordProgressLogger::STRING_IGNORE_POSSIBLE_USERNAMES:
141 return "Ignore other possible usernames";
142 case SavePasswordProgressLogger::STRING_ON_PASSWORD_FORMS_RENDERED_METHOD:
143 return "PasswordManager::OnPasswordFormsRendered";
144 case SavePasswordProgressLogger::STRING_NO_PROVISIONAL_SAVE_MANAGER:
145 return "No provisional save manager";
146 case SavePasswordProgressLogger::STRING_NUMBER_OF_VISIBLE_FORMS:
147 return "Number of visible forms";
148 case SavePasswordProgressLogger::STRING_PASSWORD_FORM_REAPPEARED:
149 return "Password form re-appeared";
150 case SavePasswordProgressLogger::STRING_SAVING_DISABLED:
151 return "Saving disabled";
152 case SavePasswordProgressLogger::STRING_NO_MATCHING_FORM:
153 return "No matching form";
154 case SavePasswordProgressLogger::STRING_SSL_ERRORS_PRESENT:
155 return "SSL errors present";
156 case SavePasswordProgressLogger::STRING_ONLY_VISIBLE:
157 return "only_visible";
158 case SavePasswordProgressLogger::STRING_SHOW_PASSWORD_PROMPT:
159 return "Show password prompt";
160 case SavePasswordProgressLogger::STRING_INVALID:
162 // Intentionally no default: clause here -- all IDs need to get covered.
164 NOTREACHED(); // Win compilers don't believe this is unreachable.
165 return std::string();
168 // Removes privacy sensitive parts of |url| (currently all but host and scheme).
169 std::string ScrubURL(const GURL& url) {
171 return url.GetWithEmptyPath().spec();
172 return std::string();
175 // Returns true for all characters which we don't want to see in the logged IDs
176 // or names of HTML elements.
177 bool IsUnwantedInElementID(char c) {
178 return !(c == '_' || c == '-' || IsAsciiAlpha(c) || IsAsciiDigit(c));
181 // Replaces all characters satisfying IsUnwantedInElementID by a ' ', and turns
182 // all characters to lowercase. This damages some valid HTML element IDs or
183 // names, but it is likely that it will be still possible to match the scrubbed
184 // string to the original ID or name in the HTML doc. That's good enough for the
185 // logging purposes, and provides some security benefits.
186 std::string ScrubElementID(std::string element_id) {
188 element_id.begin(), element_id.end(), IsUnwantedInElementID, ' ');
189 return base::StringToLowerASCII(element_id);
192 std::string ScrubElementID(const base::string16& element_id) {
193 return ScrubElementID(base::UTF16ToUTF8(element_id));
196 std::string FormSchemeToString(PasswordForm::Scheme scheme) {
197 SavePasswordProgressLogger::StringID result_id =
198 SavePasswordProgressLogger::STRING_INVALID;
200 case PasswordForm::SCHEME_HTML:
201 result_id = SavePasswordProgressLogger::STRING_SCHEME_HTML;
203 case PasswordForm::SCHEME_BASIC:
204 result_id = SavePasswordProgressLogger::STRING_SCHEME_BASIC;
206 case PasswordForm::SCHEME_DIGEST:
207 result_id = SavePasswordProgressLogger::STRING_SCHEME_DIGEST;
209 case PasswordForm::SCHEME_OTHER:
210 result_id = SavePasswordProgressLogger::STRING_OTHER;
213 return GetStringFromID(result_id);
218 SavePasswordProgressLogger::SavePasswordProgressLogger() {
221 SavePasswordProgressLogger::~SavePasswordProgressLogger() {
224 void SavePasswordProgressLogger::LogPasswordForm(
225 SavePasswordProgressLogger::StringID label,
226 const PasswordForm& form) {
228 log.SetString(GetStringFromID(STRING_SCHEME_MESSAGE),
229 FormSchemeToString(form.scheme));
230 log.SetString(GetStringFromID(STRING_SCHEME_MESSAGE),
231 FormSchemeToString(form.scheme));
232 log.SetString(GetStringFromID(STRING_SIGNON_REALM),
233 ScrubURL(GURL(form.signon_realm)));
234 log.SetString(GetStringFromID(STRING_ORIGINAL_SIGNON_REALM),
235 ScrubURL(GURL(form.original_signon_realm)));
236 log.SetString(GetStringFromID(STRING_ORIGIN), ScrubURL(form.origin));
237 log.SetString(GetStringFromID(STRING_ACTION), ScrubURL(form.action));
238 log.SetString(GetStringFromID(STRING_USERNAME_ELEMENT),
239 ScrubElementID(form.username_element));
240 log.SetString(GetStringFromID(STRING_PASSWORD_ELEMENT),
241 ScrubElementID(form.password_element));
242 log.SetBoolean(GetStringFromID(STRING_PASSWORD_AUTOCOMPLETE_SET),
243 form.password_autocomplete_set);
244 log.SetString(GetStringFromID(STRING_NEW_PASSWORD_ELEMENT),
245 ScrubElementID(form.new_password_element));
246 log.SetBoolean(GetStringFromID(STRING_SSL_VALID), form.ssl_valid);
247 log.SetBoolean(GetStringFromID(STRING_PASSWORD_GENERATED),
248 form.type == PasswordForm::TYPE_GENERATED);
249 log.SetInteger(GetStringFromID(STRING_TIMES_USED), form.times_used);
250 log.SetBoolean(GetStringFromID(STRING_PSL_MATCH), form.IsPublicSuffixMatch());
251 LogValue(label, log);
254 void SavePasswordProgressLogger::LogHTMLForm(
255 SavePasswordProgressLogger::StringID label,
256 const std::string& name_or_id,
257 const GURL& action) {
259 log.SetString(GetStringFromID(STRING_NAME_OR_ID), ScrubElementID(name_or_id));
260 log.SetString(GetStringFromID(STRING_ACTION), ScrubURL(action));
261 LogValue(label, log);
264 void SavePasswordProgressLogger::LogURL(
265 SavePasswordProgressLogger::StringID label,
267 LogValue(label, StringValue(ScrubURL(url)));
270 void SavePasswordProgressLogger::LogBoolean(
271 SavePasswordProgressLogger::StringID label,
273 LogValue(label, FundamentalValue(truth_value));
276 void SavePasswordProgressLogger::LogNumber(
277 SavePasswordProgressLogger::StringID label,
279 LogValue(label, FundamentalValue(signed_number));
282 void SavePasswordProgressLogger::LogNumber(
283 SavePasswordProgressLogger::StringID label,
284 size_t unsigned_number) {
285 int signed_number = checked_cast<int, size_t>(unsigned_number);
286 LogNumber(label, signed_number);
289 void SavePasswordProgressLogger::LogMessage(
290 SavePasswordProgressLogger::StringID message) {
291 LogValue(STRING_MESSAGE, StringValue(GetStringFromID(message)));
294 void SavePasswordProgressLogger::LogValue(StringID label, const Value& log) {
295 std::string log_string;
296 bool conversion_to_string_successful = base::JSONWriter::WriteWithOptions(
297 &log, base::JSONWriter::OPTIONS_PRETTY_PRINT, &log_string);
298 DCHECK(conversion_to_string_successful);
299 SendLog(GetStringFromID(label) + ": " + log_string);
302 } // namespace autofill