RISCI_ATOM
/
ungoogled-chromium
镜像来自 https://github.com/Eloston/ungoogled-chromium.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
							From 8f348bf2c249701de2f6049ac57fe346bd6b665f Mon Sep 17 00:00:00 2001
From: Joachim Bauch <jojo@struktur.de>
Date: Tue, 7 Jul 2015 18:28:46 +0200
Subject: [PATCH 48/66] safe_browsing: disable reporting of safebrowsing
 override

Disables reporting of the safebrowsing override, i.e. the report sent
if a user decides to visit a page that was flagged as "insecure".
This prevents trk:148 (phishing) and trk:149 (malware).
---
 .../browser/safe_browsing/client_side_detection_service.cc   | 12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/chrome/browser/safe_browsing/client_side_detection_service.cc
+++ b/chrome/browser/safe_browsing/client_side_detection_service.cc
@@ -63,12 +63,6 @@ enum MalwareReportTypes {
   REPORT_RESULT_MAX
 };
 
-void UpdateEnumUMAHistogram(MalwareReportTypes report_type) {
-  DCHECK(report_type >= 0 && report_type < REPORT_RESULT_MAX);
-  UMA_HISTOGRAM_ENUMERATION("SBClientMalware.SentReports", report_type,
-                            REPORT_RESULT_MAX);
-}
-
 }  // namespace
 
 const int ClientSideDetectionService::kInitialClientModelFetchDelayMs = 10000;
@@ -281,94 +275,8 @@ void ClientSideDetectionService::StartCl
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   std::unique_ptr<ClientPhishingRequest> request(verdict);
 
-  if (!enabled_) {
-    if (!callback.is_null())
-      callback.Run(GURL(request->url()), false);
-    return;
-  }
-
-  // Fill in metadata about which model we used.
-  if (is_extended_reporting) {
-    request->set_model_filename(model_loader_extended_->name());
-    request->mutable_population()->set_user_population(
-        ChromeUserPopulation::EXTENDED_REPORTING);
-  } else {
-    request->set_model_filename(model_loader_standard_->name());
-    request->mutable_population()->set_user_population(
-        ChromeUserPopulation::SAFE_BROWSING);
-  }
-  DVLOG(2) << "Starting report for hit on model " << request->model_filename();
-
-  request->mutable_population()->set_profile_management_status(
-      GetProfileManagementStatus(
-          g_browser_process->browser_policy_connector()));
-
-  std::string request_data;
-  if (!request->SerializeToString(&request_data)) {
-    UMA_HISTOGRAM_COUNTS_1M("SBClientPhishing.RequestNotSerialized", 1);
-    DVLOG(1) << "Unable to serialize the CSD request. Proto file changed?";
-    if (!callback.is_null())
-      callback.Run(GURL(request->url()), false);
-    return;
-  }
-
-  net::NetworkTrafficAnnotationTag traffic_annotation =
-      net::DefineNetworkTrafficAnnotation(
-          "safe_browsing_client_side_phishing_detector", R"(
-          semantics {
-            sender: "Safe Browsing Client-Side Phishing Detector"
-            description:
-              "If the client-side phishing detector determines that the "
-              "current page contents are similar to phishing pages, it will "
-              "send a request to Safe Browsing to ask for a final verdict. If "
-              "Safe Browsing agrees the page is dangerous, Chrome will show a "
-              "full-page interstitial warning."
-            trigger:
-              "Whenever the clinet-side detector machine learning model "
-              "computes a phishy-ness score above a threshold, after page-load."
-            data:
-              "Top-level page URL without CGI parameters, boolean and double "
-              "features extracted from DOM, such as the number of resources "
-              "loaded in the page, if certain likely phishing and social "
-              "engineering terms found on the page, etc."
-            destination: GOOGLE_OWNED_SERVICE
-          }
-          policy {
-            cookies_allowed: YES
-            cookies_store: "Safe browsing cookie store"
-            setting:
-              "Users can enable or disable this feature by toggling 'Protect "
-              "you and your device from dangerous sites' in Chrome settings "
-              "under Privacy. This feature is enabled by default."
-            chrome_policy {
-              SafeBrowsingEnabled {
-                policy_options {mode: MANDATORY}
-                SafeBrowsingEnabled: false
-              }
-            }
-          })");
-  auto resource_request = std::make_unique<network::ResourceRequest>();
-  resource_request->url = GetClientReportUrl(kClientReportPhishingUrl);
-  resource_request->method = "POST";
-  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
-  auto loader = network::SimpleURLLoader::Create(std::move(resource_request),
-                                                 traffic_annotation);
-  loader->AttachStringForUpload(request_data, "application/octet-stream");
-  loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
-      url_loader_factory_.get(),
-      base::BindOnce(&ClientSideDetectionService::OnURLLoaderComplete,
-                     base::Unretained(this), loader.get()));
-
-  // Remember which callback and URL correspond to the current fetcher object.
-  std::unique_ptr<ClientPhishingReportInfo> info(new ClientPhishingReportInfo);
-  auto* loader_ptr = loader.get();
-  info->loader = std::move(loader);
-  info->callback = callback;
-  info->phishing_url = GURL(request->url());
-  client_phishing_reports_[loader_ptr] = std::move(info);
-
-  // Record that we made a request
-  phishing_report_times_.push(base::Time::Now());
+  if (!callback.is_null())
+    callback.Run(GURL(request->url()), false);
 }
 
 void ClientSideDetectionService::StartClientReportMalwareRequest(
@@ -377,81 +285,8 @@ void ClientSideDetectionService::StartCl
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   std::unique_ptr<ClientMalwareRequest> request(verdict);
 
-  if (!enabled_) {
-    if (!callback.is_null())
-      callback.Run(GURL(request->url()), GURL(request->url()), false);
-    return;
-  }
-
-  std::string request_data;
-  if (!request->SerializeToString(&request_data)) {
-    UpdateEnumUMAHistogram(REPORT_FAILED_SERIALIZATION);
-    DVLOG(1) << "Unable to serialize the CSD request. Proto file changed?";
-    if (!callback.is_null())
-      callback.Run(GURL(request->url()), GURL(request->url()), false);
-    return;
-  }
-
-  net::NetworkTrafficAnnotationTag traffic_annotation =
-      net::DefineNetworkTrafficAnnotation(
-          "safe_browsing_client_side_malware_detector", R"(
-          semantics {
-            sender: "Safe Browsing Client-Side Malware Detector"
-            description:
-              "If the client-side malware detector determines that a requested "
-              "page's IP is in the blacklisted malware IPs, it will send a "
-              "request to Safe Browsing to ask for a final verdict. If Safe "
-              "Browsing agrees the page is dangerous, Chrome will show a "
-              "full-page interstitial warning."
-            trigger:
-              "Whenever the IP of the page is in malware blacklist."
-            data:
-              "Top-level page URL without CGI parameters, its non-https "
-              "referrer, URLs of resources that match IP blacklist."
-            destination: GOOGLE_OWNED_SERVICE
-          }
-          policy {
-            cookies_allowed: YES
-            cookies_store: "Safe browsing cookie store"
-            setting:
-              "Users can enable or disable this feature by toggling 'Protect "
-              "you and your device from dangerous sites' in Chrome settings "
-              "under Privacy. This feature is enabled by default."
-            chrome_policy {
-              SafeBrowsingEnabled {
-                policy_options {mode: MANDATORY}
-                SafeBrowsingEnabled: false
-              }
-            }
-          })");
-  auto resource_request = std::make_unique<network::ResourceRequest>();
-  resource_request->url = GetClientReportUrl(kClientReportMalwareUrl);
-  resource_request->method = "POST";
-  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
-  auto loader = network::SimpleURLLoader::Create(std::move(resource_request),
-                                                 traffic_annotation);
-  loader->AttachStringForUpload(request_data, "application/octet-stream");
-  loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
-      url_loader_factory_.get(),
-      base::BindOnce(&ClientSideDetectionService::OnURLLoaderComplete,
-                     base::Unretained(this), loader.get()));
-
-  // Remember which callback and URL correspond to the current fetcher object.
-  std::unique_ptr<ClientMalwareReportInfo> info(new ClientMalwareReportInfo);
-  auto* loader_ptr = loader.get();
-  info->loader = std::move(loader);
-  info->callback = callback;
-  info->original_url = GURL(request->url());
-  client_malware_reports_[loader_ptr] = std::move(info);
-
-  UMA_HISTOGRAM_ENUMERATION("SBClientMalware.SentReports", REPORT_SENT,
-                            REPORT_RESULT_MAX);
-
-  UMA_HISTOGRAM_COUNTS_1M("SBClientMalware.IPBlacklistRequestPayloadSize",
-                          request_data.size());
-
-  // Record that we made a malware request
-  malware_report_times_.push(base::Time::Now());
+  if (!callback.is_null())
+    callback.Run(GURL(request->url()), GURL(request->url()), false);
 }
 
 void ClientSideDetectionService::HandlePhishingVerdict(