diff options
| author | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-22 16:16:08 +0000 |
|---|---|---|
| committer | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-22 16:16:08 +0000 |
| commit | 749c0dd6ff4df5f2f60a6f1e945bef800598fe01 (patch) | |
| tree | 5e922e89918e489cefdba5946c2051f6dc7c1685 /webkit | |
| parent | b3292f1ee47ee166bd29fcbfaf511bb7438c14cf (diff) | |
| download | chromium_src-749c0dd6ff4df5f2f60a6f1e945bef800598fe01.zip chromium_src-749c0dd6ff4df5f2f60a6f1e945bef800598fe01.tar.gz chromium_src-749c0dd6ff4df5f2f60a6f1e945bef800598fe01.tar.bz2 | |
Remove SiteIsolationMetrics.
BUG=89796
TEST=none
Review URL: http://codereview.chromium.org/7471020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93649 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/glue/site_isolation_metrics.cc | 232 | ||||
| -rw-r--r-- | webkit/glue/site_isolation_metrics.h | 41 | ||||
| -rw-r--r-- | webkit/glue/webkit_glue.gypi | 2 | ||||
| -rw-r--r-- | webkit/glue/weburlloader_impl.cc | 12 |
4 files changed, 0 insertions, 287 deletions
diff --git a/webkit/glue/site_isolation_metrics.cc b/webkit/glue/site_isolation_metrics.cc deleted file mode 100644 index d4e15e2..0000000 --- a/webkit/glue/site_isolation_metrics.cc +++ /dev/null @@ -1,232 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "webkit/glue/site_isolation_metrics.h" - -#include <set> - -#include "base/hash_tables.h" -#include "base/metrics/histogram.h" -#include "net/base/mime_sniffer.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebString.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebURL.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLResponse.h" - -using WebKit::WebFrame; -using WebKit::WebSecurityOrigin; -using WebKit::WebString; -using WebKit::WebURL; -using WebKit::WebURLRequest; -using WebKit::WebURLResponse; - -namespace webkit_glue { - -typedef base::hash_map<unsigned, WebURLRequest::TargetType> TargetTypeMap; -typedef base::hash_map<std::string, int> MimeTypeMap; -typedef std::set<std::string> CrossOriginTextHtmlResponseSet; - -static TargetTypeMap* GetTargetTypeMap() { - static TargetTypeMap target_type_map_; - return &target_type_map_; -} - -// Copied from net/base/mime_util.cc, supported_non_image_types[] -static const char* const kCrossOriginMimeTypesToLog[] = { - "text/cache-manifest", - "text/html", - "text/xml", - "text/xsl", - "text/plain", - "text/vnd.chromium.ftp-dir", - "text/", - "text/css", - "image/svg+xml", - "application/xml", - "application/xhtml+xml", - "application/rss+xml", - "application/atom+xml", - "application/json", - "application/x-x509-user-cert", - "multipart/x-mixed-replace", - "(NONE)" // Keep track of missing MIME types as well -}; - -static MimeTypeMap* GetMimeTypeMap() { - static MimeTypeMap mime_type_map_; - if (!mime_type_map_.size()) { - for (size_t i = 0; i < arraysize(kCrossOriginMimeTypesToLog); ++i) - mime_type_map_[kCrossOriginMimeTypesToLog[i]] = i; - } - return &mime_type_map_; -} - -// This is set is used to keep track of the response urls that we want to -// sniff, since we will have to wait for the payload to arrive. -static CrossOriginTextHtmlResponseSet* GetCrossOriginTextHtmlResponseSet() { - static CrossOriginTextHtmlResponseSet cross_origin_text_html_response_set_; - return &cross_origin_text_html_response_set_; -} - -static void LogVerifiedTextHtmlResponse() { - UMA_HISTOGRAM_COUNTS( - "SiteIsolation.CrossSiteNonFrameResponse_verified_texthtml_BLOCK", 1); -} - -static void LogMislabeledTextHtmlResponse() { - UMA_HISTOGRAM_COUNTS( - "SiteIsolation.CrossSiteNonFrameResponse_mislabeled_texthtml", 1); -} - -void SiteIsolationMetrics::AddRequest(unsigned identifier, - WebURLRequest::TargetType target_type) { - TargetTypeMap& target_type_map = *GetTargetTypeMap(); - target_type_map[identifier] = target_type; -} - -// Check whether the given response is allowed due to access control headers. -// This is basically a copy of the logic of passesAccessControlCheck() in -// WebCore/loader/CrossOriginAccessControl.cpp. -bool SiteIsolationMetrics::AllowedByAccessControlHeader( - WebFrame* frame, const WebURLResponse& response) { - WebString access_control_origin = response.httpHeaderField( - WebString::fromUTF8("Access-Control-Allow-Origin")); - WebSecurityOrigin security_origin = - WebSecurityOrigin::createFromString(access_control_origin); - return access_control_origin == WebString::fromUTF8("*") || - frame->document().securityOrigin().canAccess(security_origin); -} - -// We want to log any cross-site request that we don't think a renderer should -// be allowed to make. We can safely ignore frame requests (since we'd like -// those to be in a separate renderer) and plugin requests, even if they are -// cross-origin. -// -// For comparison, we keep counts of: -// - All requests made by a renderer -// - All cross-site requests -// -// Then, for cross-site non-frame/plugin requests, we keep track of: -// - Counts for MIME types of interest -// - Counts of those MIME types that carry CORS headers -// - Counts of mislabeled text/html responses (without CORS) -// As well as those we would block: -// - Counts of verified text/html responses (without CORS) -// - Counts of XML/JSON responses (without CORS) -// -// This will let us say what percentage of requests we would end up blocking. -void SiteIsolationMetrics::LogMimeTypeForCrossOriginRequest( - WebFrame* frame, unsigned identifier, const WebURLResponse& response) { - UMA_HISTOGRAM_COUNTS("SiteIsolation.Requests", 1); - - TargetTypeMap& target_type_map = *GetTargetTypeMap(); - TargetTypeMap::iterator iter = target_type_map.find(identifier); - if (iter != target_type_map.end()) { - WebURLRequest::TargetType target_type = iter->second; - target_type_map.erase(iter); - - // Focus on cross-site requests. - if (!frame->document().securityOrigin().canAccess( - WebSecurityOrigin::create(response.url()))) { - UMA_HISTOGRAM_COUNTS("SiteIsolation.CrossSiteRequests", 1); - - // Now focus on non-frame, non-plugin requests. - if (target_type != WebURLRequest::TargetIsMainFrame && - target_type != WebURLRequest::TargetIsSubframe && - target_type != WebURLRequest::TargetIsObject) { - // If it is part of a MIME type we might block, log the MIME type. - std::string mime_type = response.mimeType().utf8(); - MimeTypeMap mime_type_map = *GetMimeTypeMap(); - // Also track it if it lacks a MIME type. - // TODO(creis): 304 responses have no MIME type, so we don't handle - // them correctly. Can we look up their MIME type from the cache? - if (mime_type == "") - mime_type = "(NONE)"; - MimeTypeMap::iterator mime_type_iter = mime_type_map.find(mime_type); - if (mime_type_iter != mime_type_map.end()) { - UMA_HISTOGRAM_ENUMERATION( - "SiteIsolation.CrossSiteNonFrameResponse_MIME_Type", - mime_type_iter->second, - arraysize(kCrossOriginMimeTypesToLog)); - - // We also check access control headers, in case this - // cross-origin request has been explicitly permitted. - if (AllowedByAccessControlHeader(frame, response)) { - UMA_HISTOGRAM_ENUMERATION( - "SiteIsolation.CrossSiteNonFrameResponse_With_CORS_MIME_Type", - mime_type_iter->second, - arraysize(kCrossOriginMimeTypesToLog)); - } else { - // Without access control headers, we might block this request. - // Sometimes resources are mislabled as text/html, though, and we - // should only block them if we can verify that. To do so, we sniff - // the content once we have some of the payload. - if (mime_type == "text/html") { - // Remember the response until we can sniff its contents. - GetCrossOriginTextHtmlResponseSet()->insert( - response.url().spec()); - } else if (mime_type == "text/xml" || - mime_type == "text/xsl" || - mime_type == "application/xml" || - mime_type == "application/xhtml+xml" || - mime_type == "application/rss+xml" || - mime_type == "application/atom+xml" || - mime_type == "application/json") { - // We will also block XML and JSON MIME types for cross-site - // non-frame requests without CORS headers. - UMA_HISTOGRAM_COUNTS( - "SiteIsolation.CrossSiteNonFrameResponse_xml_or_json_BLOCK", - 1); - } - } - } - } - } - } -} - -void SiteIsolationMetrics::SniffCrossOriginHTML(const WebURL& response_url, - const char* data, - int len) { - if (!response_url.isValid()) - return; - - // Look up the URL to see if it is a text/html request we are tracking. - CrossOriginTextHtmlResponseSet& cross_origin_text_html_response_set = - *GetCrossOriginTextHtmlResponseSet(); - CrossOriginTextHtmlResponseSet::iterator request_iter = - cross_origin_text_html_response_set.find(response_url.spec()); - if (request_iter != cross_origin_text_html_response_set.end()) { - // Log whether it actually looks like HTML. - std::string sniffed_mime_type; - bool successful = net::SniffMimeType(data, len, response_url, - "", &sniffed_mime_type); - if (successful && sniffed_mime_type == "text/html") - LogVerifiedTextHtmlResponse(); - else - LogMislabeledTextHtmlResponse(); - cross_origin_text_html_response_set.erase(request_iter); - } -} - -void SiteIsolationMetrics::RemoveCompletedResponse( - const WebURL& response_url) { - if (!response_url.isValid()) - return; - - // Ensure we don't leave responses in the set after they've completed. - CrossOriginTextHtmlResponseSet& cross_origin_text_html_response_set = - *GetCrossOriginTextHtmlResponseSet(); - CrossOriginTextHtmlResponseSet::iterator request_iter = - cross_origin_text_html_response_set.find(response_url.spec()); - if (request_iter != cross_origin_text_html_response_set.end()) { - LogMislabeledTextHtmlResponse(); - cross_origin_text_html_response_set.erase(request_iter); - } -} - -} // namespace webkit_glue diff --git a/webkit/glue/site_isolation_metrics.h b/webkit/glue/site_isolation_metrics.h deleted file mode 100644 index c2bd275..0000000 --- a/webkit/glue/site_isolation_metrics.h +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef WEBKIT_GLUE_SITE_ISOLATION_METRICS_H_ -#define WEBKIT_GLUE_SITE_ISOLATION_METRICS_H_ - -#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" - -namespace WebKit { -class WebFrame; -class WebURL; -class WebURLResponse; -} - -namespace webkit_glue { - -// Metrics to check the feasability of blocking cross-site requests that -// a renderer shouldn't be making (in case we try to move cross-site frames -// into their own process someday). We're erring on the side of counting more -// mime-types then we strictly need (we'd only consider blocking cross-site -// requests with types similar to HTML, XML, or JSON). -class SiteIsolationMetrics { - public: - static void AddRequest(unsigned identifier, - WebKit::WebURLRequest::TargetType target_type); - static bool AllowedByAccessControlHeader( - WebKit::WebFrame* frame, const WebKit::WebURLResponse& response); - static void LogMimeTypeForCrossOriginRequest( - WebKit::WebFrame* frame, - unsigned identifier, - const WebKit::WebURLResponse& response); - static void SniffCrossOriginHTML(const WebKit::WebURL& response_url, - const char* data, - int len); - static void RemoveCompletedResponse(const WebKit::WebURL& response_url); -}; - -} // namespace webkit_glue - -#endif // WEBKIT_GLUE_SITE_ISOLATION_METRICS_H_ diff --git a/webkit/glue/webkit_glue.gypi b/webkit/glue/webkit_glue.gypi index e2ac88a..1573e1d 100644 --- a/webkit/glue/webkit_glue.gypi +++ b/webkit/glue/webkit_glue.gypi @@ -384,8 +384,6 @@ 'scoped_clipboard_writer_glue.h', 'simple_webmimeregistry_impl.cc', 'simple_webmimeregistry_impl.h', - 'site_isolation_metrics.cc', - 'site_isolation_metrics.h', 'webaccessibility.cc', 'webaccessibility.h', 'webclipboard_impl.cc', diff --git a/webkit/glue/weburlloader_impl.cc b/webkit/glue/weburlloader_impl.cc index 116ea0f..5e3ddef 100644 --- a/webkit/glue/weburlloader_impl.cc +++ b/webkit/glue/weburlloader_impl.cc @@ -31,7 +31,6 @@ #include "webkit/glue/multipart_response_delegate.h" #include "webkit/glue/resource_loader_bridge.h" #include "webkit/glue/request_extra_data.h" -#include "webkit/glue/site_isolation_metrics.h" #include "webkit/glue/webkit_glue.h" using base::Time; @@ -331,9 +330,6 @@ class WebURLLoaderImpl::Context : public base::RefCounted<Context>, scoped_ptr<FtpDirectoryListingResponseDelegate> ftp_listing_delegate_; scoped_ptr<MultipartResponseDelegate> multipart_delegate_; scoped_ptr<ResourceLoaderBridge> completed_bridge_; - - // TODO(japhet): Storing this is a temporary hack for site isolation logging. - WebURL response_url_; }; WebURLLoaderImpl::Context::Context(WebURLLoaderImpl* loader) @@ -598,8 +594,6 @@ void WebURLLoaderImpl::Context::OnReceivedResponse( ftp_listing_delegate_.reset( new FtpDirectoryListingResponseDelegate(client_, loader_, response)); } - - response_url_ = response.url(); } void WebURLLoaderImpl::Context::OnDownloadedData(int len) { @@ -613,9 +607,6 @@ void WebURLLoaderImpl::Context::OnReceivedData(const char* data, if (!client_) return; - // Temporary logging, see site_isolation_metrics.h/cc. - SiteIsolationMetrics::SniffCrossOriginHTML(response_url_, data, data_length); - if (ftp_listing_delegate_.get()) { // The FTP listing delegate will make the appropriate calls to // client_->didReceiveData and client_->didReceiveResponse. @@ -674,9 +665,6 @@ void WebURLLoaderImpl::Context::OnCompletedRequest( } } - // Temporary logging, see site_isolation_metrics.h/cc - SiteIsolationMetrics::RemoveCompletedResponse(response_url_); - // We are done with the bridge now, and so we need to release the reference // to ourselves that we took on behalf of the bridge. This may cause our // destruction. |