From 8f348bf2c249701de2f6049ac57fe346bd6b665f Mon Sep 17 00:00:00 2001 From: Joachim Bauch Date: Tue, 7 Jul 2015 18:28:46 +0200 Subject: [PATCH 48/66] safe_browsing: disable reporting of safebrowsing override Disables reporting of the safebrowsing override, i.e. the report sent if a user decides to visit a page that was flagged as "insecure". This prevents trk:148 (phishing) and trk:149 (malware). --- .../browser/safe_browsing/client_side_detection_service.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/chrome/browser/safe_browsing/client_side_detection_service.cc +++ b/chrome/browser/safe_browsing/client_side_detection_service.cc @@ -64,12 +64,6 @@ enum MalwareReportTypes { REPORT_RESULT_MAX }; -void UpdateEnumUMAHistogram(MalwareReportTypes report_type) { - DCHECK(report_type >= 0 && report_type < REPORT_RESULT_MAX); - UMA_HISTOGRAM_ENUMERATION("SBClientMalware.SentReports", report_type, - REPORT_RESULT_MAX); -} - } // namespace const int ClientSideDetectionService::kInitialClientModelFetchDelayMs = 10000; @@ -284,94 +278,8 @@ void ClientSideDetectionService::StartCl DCHECK_CURRENTLY_ON(BrowserThread::UI); std::unique_ptr request(verdict); - if (!enabled_) { - if (!callback.is_null()) - callback.Run(GURL(request->url()), false); - return; - } - - // Fill in metadata about which model we used. - if (is_extended_reporting) { - request->set_model_filename(model_loader_extended_->name()); - request->mutable_population()->set_user_population( - ChromeUserPopulation::EXTENDED_REPORTING); - } else { - request->set_model_filename(model_loader_standard_->name()); - request->mutable_population()->set_user_population( - ChromeUserPopulation::SAFE_BROWSING); - } - DVLOG(2) << "Starting report for hit on model " << request->model_filename(); - - request->mutable_population()->set_profile_management_status( - GetProfileManagementStatus( - g_browser_process->browser_policy_connector())); - - std::string request_data; - if (!request->SerializeToString(&request_data)) { - UMA_HISTOGRAM_COUNTS_1M("SBClientPhishing.RequestNotSerialized", 1); - DVLOG(1) << "Unable to serialize the CSD request. Proto file changed?"; - if (!callback.is_null()) - callback.Run(GURL(request->url()), false); - return; - } - - net::NetworkTrafficAnnotationTag traffic_annotation = - net::DefineNetworkTrafficAnnotation( - "safe_browsing_client_side_phishing_detector", R"( - semantics { - sender: "Safe Browsing Client-Side Phishing Detector" - description: - "If the client-side phishing detector determines that the " - "current page contents are similar to phishing pages, it will " - "send a request to Safe Browsing to ask for a final verdict. If " - "Safe Browsing agrees the page is dangerous, Chrome will show a " - "full-page interstitial warning." - trigger: - "Whenever the clinet-side detector machine learning model " - "computes a phishy-ness score above a threshold, after page-load." - data: - "Top-level page URL without CGI parameters, boolean and double " - "features extracted from DOM, such as the number of resources " - "loaded in the page, if certain likely phishing and social " - "engineering terms found on the page, etc." - destination: GOOGLE_OWNED_SERVICE - } - policy { - cookies_allowed: YES - cookies_store: "Safe browsing cookie store" - setting: - "Users can enable or disable this feature by toggling 'Protect " - "you and your device from dangerous sites' in Chrome settings " - "under Privacy. This feature is enabled by default." - chrome_policy { - SafeBrowsingEnabled { - policy_options {mode: MANDATORY} - SafeBrowsingEnabled: false - } - } - })"); - auto resource_request = std::make_unique(); - resource_request->url = GetClientReportUrl(kClientReportPhishingUrl); - resource_request->method = "POST"; - resource_request->load_flags = net::LOAD_DISABLE_CACHE; - auto loader = network::SimpleURLLoader::Create(std::move(resource_request), - traffic_annotation); - loader->AttachStringForUpload(request_data, "application/octet-stream"); - loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie( - url_loader_factory_.get(), - base::BindOnce(&ClientSideDetectionService::OnURLLoaderComplete, - base::Unretained(this), loader.get())); - - // Remember which callback and URL correspond to the current fetcher object. - std::unique_ptr info(new ClientPhishingReportInfo); - auto* loader_ptr = loader.get(); - info->loader = std::move(loader); - info->callback = callback; - info->phishing_url = GURL(request->url()); - client_phishing_reports_[loader_ptr] = std::move(info); - - // Record that we made a request - phishing_report_times_.push(base::Time::Now()); + if (!callback.is_null()) + callback.Run(GURL(request->url()), false); } void ClientSideDetectionService::StartClientReportMalwareRequest( @@ -380,81 +288,8 @@ void ClientSideDetectionService::StartCl DCHECK_CURRENTLY_ON(BrowserThread::UI); std::unique_ptr request(verdict); - if (!enabled_) { - if (!callback.is_null()) - callback.Run(GURL(request->url()), GURL(request->url()), false); - return; - } - - std::string request_data; - if (!request->SerializeToString(&request_data)) { - UpdateEnumUMAHistogram(REPORT_FAILED_SERIALIZATION); - DVLOG(1) << "Unable to serialize the CSD request. Proto file changed?"; - if (!callback.is_null()) - callback.Run(GURL(request->url()), GURL(request->url()), false); - return; - } - - net::NetworkTrafficAnnotationTag traffic_annotation = - net::DefineNetworkTrafficAnnotation( - "safe_browsing_client_side_malware_detector", R"( - semantics { - sender: "Safe Browsing Client-Side Malware Detector" - description: - "If the client-side malware detector determines that a requested " - "page's IP is in the blacklisted malware IPs, it will send a " - "request to Safe Browsing to ask for a final verdict. If Safe " - "Browsing agrees the page is dangerous, Chrome will show a " - "full-page interstitial warning." - trigger: - "Whenever the IP of the page is in malware blacklist." - data: - "Top-level page URL without CGI parameters, its non-https " - "referrer, URLs of resources that match IP blacklist." - destination: GOOGLE_OWNED_SERVICE - } - policy { - cookies_allowed: YES - cookies_store: "Safe browsing cookie store" - setting: - "Users can enable or disable this feature by toggling 'Protect " - "you and your device from dangerous sites' in Chrome settings " - "under Privacy. This feature is enabled by default." - chrome_policy { - SafeBrowsingEnabled { - policy_options {mode: MANDATORY} - SafeBrowsingEnabled: false - } - } - })"); - auto resource_request = std::make_unique(); - resource_request->url = GetClientReportUrl(kClientReportMalwareUrl); - resource_request->method = "POST"; - resource_request->load_flags = net::LOAD_DISABLE_CACHE; - auto loader = network::SimpleURLLoader::Create(std::move(resource_request), - traffic_annotation); - loader->AttachStringForUpload(request_data, "application/octet-stream"); - loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie( - url_loader_factory_.get(), - base::BindOnce(&ClientSideDetectionService::OnURLLoaderComplete, - base::Unretained(this), loader.get())); - - // Remember which callback and URL correspond to the current fetcher object. - std::unique_ptr info(new ClientMalwareReportInfo); - auto* loader_ptr = loader.get(); - info->loader = std::move(loader); - info->callback = callback; - info->original_url = GURL(request->url()); - client_malware_reports_[loader_ptr] = std::move(info); - - UMA_HISTOGRAM_ENUMERATION("SBClientMalware.SentReports", REPORT_SENT, - REPORT_RESULT_MAX); - - UMA_HISTOGRAM_COUNTS_1M("SBClientMalware.IPBlacklistRequestPayloadSize", - request_data.size()); - - // Record that we made a malware request - malware_report_times_.push(base::Time::Now()); + if (!callback.is_null()) + callback.Run(GURL(request->url()), GURL(request->url()), false); } void ClientSideDetectionService::HandlePhishingVerdict(