• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Classes for managing the SafeBrowsing interstitial pages.
6 //
7 // When a user is about to visit a page the SafeBrowsing system has deemed to
8 // be malicious, either as malware or a phishing page, we show an interstitial
9 // page with some options (go back, continue) to give the user a chance to avoid
10 // the harmful page.
11 //
12 // The SafeBrowsingBlockingPage is created by the SafeBrowsingService on the UI
13 // thread when we've determined that a page is malicious. The operation of the
14 // blocking page occurs on the UI thread, where it waits for the user to make a
15 // decision about what to do: either go back or continue on.
16 //
17 // The blocking page forwards the result of the user's choice back to the
18 // SafeBrowsingService so that we can cancel the request for the new page, or
19 // or allow it to continue.
20 //
21 // A web page may contain several resources flagged as malware/phishing.  This
22 // results into more than one interstitial being shown.  On the first unsafe
23 // resource received we show an interstitial.  Any subsequent unsafe resource
24 // notifications while the first interstitial is showing is queued.  If the user
25 // decides to proceed in the first interstitial, we display all queued unsafe
26 // resources in a new interstitial.
27 
28 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
29 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
30 #pragma once
31 
32 #include <map>
33 #include <vector>
34 
35 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
36 #include "content/browser/tab_contents/interstitial_page.h"
37 #include "googleurl/src/gurl.h"
38 
39 class DictionaryValue;
40 class MessageLoop;
41 class SafeBrowsingBlockingPageFactory;
42 class MalwareDetails;
43 class TabContents;
44 
45 class SafeBrowsingBlockingPage : public InterstitialPage {
46  public:
47   typedef std::vector<SafeBrowsingService::UnsafeResource> UnsafeResourceList;
48   typedef std::map<TabContents*, UnsafeResourceList> UnsafeResourceMap;
49 
50   virtual ~SafeBrowsingBlockingPage();
51 
52   // Shows a blocking page warning the user about phishing/malware for a
53   // specific resource.
54   // You can call this method several times, if an interstitial is already
55   // showing, the new one will be queued and displayed if the user decides
56   // to proceed on the currently showing interstitial.
57   static void ShowBlockingPage(
58       SafeBrowsingService* service,
59       const SafeBrowsingService::UnsafeResource& resource);
60 
61   // Makes the passed |factory| the factory used to instanciate
62   // SafeBrowsingBlockingPage objects. Usefull for tests.
RegisterFactory(SafeBrowsingBlockingPageFactory * factory)63   static void RegisterFactory(SafeBrowsingBlockingPageFactory* factory) {
64     factory_ = factory;
65   }
66 
67   // InterstitialPage method:
68   virtual std::string GetHTMLContents();
69   virtual void SetReportingPreference(bool report);
70   virtual void Proceed();
71   virtual void DontProceed();
72 
73  protected:
74   friend class SafeBrowsingBlockingPageTest;
75 
76   // InterstitialPage method:
77   virtual void CommandReceived(const std::string& command);
78 
79   // Don't instanciate this class directly, use ShowBlockingPage instead.
80   SafeBrowsingBlockingPage(SafeBrowsingService* service,
81                            TabContents* tab_contents,
82                            const UnsafeResourceList& unsafe_resources);
83 
84  private:
85   enum BlockingPageEvent {
86     SHOW,
87     PROCEED,
88     DONT_PROCEED,
89   };
90 
91   // Fills the passed dictionary with the strings passed to JS Template when
92   // creating the HTML.
93   void PopulateMultipleThreatStringDictionary(DictionaryValue* strings);
94   void PopulateMalwareStringDictionary(DictionaryValue* strings);
95   void PopulatePhishingStringDictionary(DictionaryValue* strings);
96 
97   // A helper method used by the Populate methods above used to populate common
98   // fields.
99   void PopulateStringDictionary(DictionaryValue* strings,
100                                 const string16& title,
101                                 const string16& headline,
102                                 const string16& description1,
103                                 const string16& description2,
104                                 const string16& description3);
105 
106   // Records a user action for this interstitial, using the form
107   // SBInterstitial[Phishing|Malware|Multiple][Show|Proceed|DontProceed].
108   void RecordUserAction(BlockingPageEvent event);
109 
110   // Checks if we should even show the malware details option. For example, we
111   // don't show it in incognito mode.
112   bool CanShowMalwareDetailsOption();
113 
114   // Called when the insterstitial is going away. If there is a
115   // pending malware details object, we look at the user's
116   // preferences, and if the option to send malware details is
117   // enabled, the report is scheduled to be sent on the |sb_service_|.
118   void FinishMalwareDetails();
119 
120   // A list of SafeBrowsingService::UnsafeResource for a tab that the user
121   // should be warned about.  They are queued when displaying more than one
122   // interstitial at a time.
123   static UnsafeResourceMap* GetUnsafeResourcesMap();
124 
125   // Notifies the SafeBrowsingService on the IO thread whether to proceed or not
126   // for the |resources|.
127   static void NotifySafeBrowsingService(SafeBrowsingService* sb_service,
128                                         const UnsafeResourceList& resources,
129                                         bool proceed);
130 
131   // Returns true if the passed |unsafe_resources| is for the main page.
132   static bool IsMainPage(const UnsafeResourceList& unsafe_resources);
133 
134  private:
135   friend class SafeBrowsingBlockingPageFactoryImpl;
136 
137   // For reporting back user actions.
138   SafeBrowsingService* sb_service_;
139   MessageLoop* report_loop_;
140 
141   // Whether the flagged resource is the main page (or a sub-resource is false).
142   bool is_main_frame_;
143 
144   // The index of a navigation entry that should be removed when DontProceed()
145   // is invoked, -1 if not entry should be removed.
146   int navigation_entry_index_to_remove_;
147 
148   // The list of unsafe resources this page is warning about.
149   UnsafeResourceList unsafe_resources_;
150 
151   // A MalwareDetails object that we start generating when the
152   // blocking page is shown. The object will be sent when the warning
153   // is gone (if the user enables the feature).
154   scoped_refptr<MalwareDetails> malware_details_;
155 
156   // The factory used to instanciate SafeBrowsingBlockingPage objects.
157   // Usefull for tests, so they can provide their own implementation of
158   // SafeBrowsingBlockingPage.
159   static SafeBrowsingBlockingPageFactory* factory_;
160 
161   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPage);
162 };
163 
164 // Factory for creating SafeBrowsingBlockingPage.  Useful for tests.
165 class SafeBrowsingBlockingPageFactory {
166  public:
~SafeBrowsingBlockingPageFactory()167   virtual ~SafeBrowsingBlockingPageFactory() { }
168 
169   virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
170       SafeBrowsingService* service,
171       TabContents* tab_contents,
172       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources) = 0;
173 };
174 
175 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_BLOCKING_PAGE_H_
176