1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
|
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/safe_browsing/safe_browsing_navigation_observer_manager.h"
#include "base/memory/ptr_util.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/stringprintf.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chrome_notification_types.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/safe_browsing/safe_browsing_navigation_observer.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
#include "chrome/browser/sessions/session_tab_helper.h"
#include "chrome/browser/tab_contents/retargeting_details.h"
#include "chrome/common/pref_names.h"
#include "components/prefs/pref_service.h"
#include "content/public/browser/navigation_details.h"
#include "content/public/browser/notification_service.h"
#include "content/public/browser/notification_types.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/web_contents.h"
using content::WebContents;
namespace safe_browsing {
namespace {
// Given when an event happened and its TTL, determine if it is already expired.
// Note, if for some reason this event's timestamp is in the future, this
// event's timestamp is invalid, hence we treat it as expired.
bool IsEventExpired(const base::Time& event_time, double ttl_in_second) {
double current_time_in_second = base::Time::Now().ToDoubleT();
double event_time_in_second = event_time.ToDoubleT();
if (current_time_in_second <= event_time_in_second)
return true;
return current_time_in_second - event_time_in_second > ttl_in_second;
}
// Helper function to determine if the URL type should be LANDING_REFERRER or
// LANDING_PAGE, and modify AttributionResult accordingly.
ReferrerChainEntry::URLType GetURLTypeAndAdjustAttributionResult(
bool at_user_gesture_limit,
SafeBrowsingNavigationObserverManager::AttributionResult* out_result) {
// Landing page of a download refers to the page user directly interacts
// with to trigger this download (e.g. clicking on download button). Landing
// referrer page is the one user interacts with right before navigating to
// the landing page.
// Since we are tracing navigations backwards, if we've reached
// user gesture limit before this navigation event, this is a navigation
// leading to the landing referrer page, otherwise it leads to landing page.
if (at_user_gesture_limit) {
*out_result =
SafeBrowsingNavigationObserverManager::SUCCESS_LANDING_REFERRER;
return ReferrerChainEntry::LANDING_REFERRER;
} else {
*out_result = SafeBrowsingNavigationObserverManager::SUCCESS_LANDING_PAGE;
return ReferrerChainEntry::LANDING_PAGE;
}
}
} // namespace
// The expiration period of a user gesture. Any user gesture that happened 1.0
// second ago is considered as expired and not relevant to upcoming navigation
// events.
static const double kUserGestureTTLInSecond = 1.0;
// The expiration period of navigation events and resolved IP addresses. Any
// navigation related records that happened 2 minutes ago are considered as
// expired. So we clean up these navigation footprints every 2 minutes.
static const double kNavigationFootprintTTLInSecond = 120.0;
// The maximum number of latest NavigationEvent we keep. It is used to limit
// memory usage of navigation tracking. This number if picked based on UMA
// metric "SafeBrowsing.NavigationObserver.NavigationEventCleanUpCount".
// Lowering it could make room for abuse.
static const int kNavigationRecordMaxSize = 100;
// The maximum number of ReferrerChainEntry. It is used to limit the size of
// reports (e.g. ClientDownloadRequest) we send to SB server.
static const int kReferrerChainMaxLength = 10;
// -------------------------ReferrerChainData-----------------------
ReferrerChainData::ReferrerChainData(
std::unique_ptr<ReferrerChain> referrer_chain)
: referrer_chain_(std::move(referrer_chain)) {}
ReferrerChainData::~ReferrerChainData() {}
ReferrerChain* ReferrerChainData::GetReferrerChain() {
return referrer_chain_.get();
}
// -------------------------NavigationEventList---------------------
NavigationEventList::NavigationEventList(std::size_t size_limit)
: size_limit_(size_limit) {
DCHECK_GT(size_limit_, 0U);
}
NavigationEventList::~NavigationEventList() {}
NavigationEvent* NavigationEventList::FindNavigationEvent(
const GURL& target_url,
const GURL& target_main_frame_url,
int target_tab_id) {
if (target_url.is_empty() && target_main_frame_url.is_empty())
return nullptr;
// If target_url is empty, we should back trace navigation based on its
// main frame URL instead.
GURL search_url = target_url.is_empty() ? target_main_frame_url : target_url;
// Since navigation events are recorded in chronological order, we traverse
// the vector in reverse order to get the latest match.
for (auto rit = navigation_events_.rbegin(); rit != navigation_events_.rend();
++rit) {
auto* nav_event = rit->get();
// If tab id is not valid, we only compare url, otherwise we compare both.
if (nav_event->GetDestinationUrl() == search_url &&
(target_tab_id == -1 || nav_event->target_tab_id == target_tab_id)) {
// If both source_url and source_main_frame_url are empty, and this
// navigation is not triggered by user, a retargeting navigation probably
// causes this navigation. In this case, we skip this navigation event and
// looks for the retargeting navigation event.
if (nav_event->source_url.is_empty() &&
nav_event->source_main_frame_url.is_empty() &&
!nav_event->is_user_initiated) {
// If there is a server redirection immediately after retargeting, we
// need to adjust our search url to the original request.
if (!nav_event->server_redirect_urls.empty()) {
NavigationEvent* retargeting_nav_event =
FindRetargetingNavigationEvent(nav_event->original_request_url,
nav_event->target_tab_id);
if (!retargeting_nav_event)
return nullptr;
// Adjust retargeting navigation event's attributes.
retargeting_nav_event->server_redirect_urls.push_back(
std::move(search_url));
return retargeting_nav_event;
} else {
continue;
}
} else {
return nav_event;
}
}
}
return nullptr;
}
NavigationEvent* NavigationEventList::FindRetargetingNavigationEvent(
const GURL& target_url,
int target_tab_id) {
if (target_url.is_empty())
return nullptr;
// Since navigation events are recorded in chronological order, we traverse
// the vector in reverse order to get the latest match.
for (auto rit = navigation_events_.rbegin(); rit != navigation_events_.rend();
++rit) {
auto* nav_event = rit->get();
// In addition to url and tab_id checking, we need to compare the
// source_tab_id and target_tab_id to make sure it is a retargeting event.
if (nav_event->original_request_url == target_url &&
nav_event->target_tab_id == target_tab_id &&
nav_event->source_tab_id != nav_event->target_tab_id) {
return nav_event;
}
}
return nullptr;
}
void NavigationEventList::RecordNavigationEvent(
std::unique_ptr<NavigationEvent> nav_event) {
// Skip page refresh.
if (nav_event->source_url == nav_event->GetDestinationUrl() &&
nav_event->source_tab_id == nav_event->target_tab_id)
return;
if (navigation_events_.size() == size_limit_)
navigation_events_.pop_front();
navigation_events_.push_back(std::move(nav_event));
}
std::size_t NavigationEventList::CleanUpNavigationEvents() {
// Remove any stale NavigationEnvent, if it is older than
// kNavigationFootprintTTLInSecond.
std::size_t removal_count = 0;
while (navigation_events_.size() > 0 &&
IsEventExpired(navigation_events_[0]->last_updated,
kNavigationFootprintTTLInSecond)) {
navigation_events_.pop_front();
removal_count++;
}
return removal_count;
}
// -----------------SafeBrowsingNavigationObserverManager-----------
// static
const base::Feature
SafeBrowsingNavigationObserverManager::kDownloadAttribution {
"DownloadAttribution", base::FEATURE_DISABLED_BY_DEFAULT
};
// static
bool SafeBrowsingNavigationObserverManager::IsUserGestureExpired(
const base::Time& timestamp) {
return IsEventExpired(timestamp, kUserGestureTTLInSecond);
}
// static
GURL SafeBrowsingNavigationObserverManager::ClearEmptyRef(const GURL& url) {
if (url.has_ref() && url.ref().empty()) {
url::Replacements<char> replacements;
replacements.ClearRef();
return url.ReplaceComponents(replacements);
}
return url;
}
// static
bool SafeBrowsingNavigationObserverManager::IsEnabledAndReady(
Profile* profile) {
return base::FeatureList::IsEnabled(
SafeBrowsingNavigationObserverManager::kDownloadAttribution) &&
profile->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled) &&
g_browser_process->safe_browsing_service() &&
g_browser_process->safe_browsing_service()->navigation_observer_manager();
}
SafeBrowsingNavigationObserverManager::SafeBrowsingNavigationObserverManager()
: navigation_event_list_(kNavigationRecordMaxSize) {
registrar_.Add(this, chrome::NOTIFICATION_RETARGETING,
content::NotificationService::AllSources());
// Schedule clean up in 2 minutes.
ScheduleNextCleanUpAfterInterval(
base::TimeDelta::FromSecondsD(kNavigationFootprintTTLInSecond));
}
void SafeBrowsingNavigationObserverManager::RecordNavigationEvent(
std::unique_ptr<NavigationEvent> nav_event) {
navigation_event_list_.RecordNavigationEvent(std::move(nav_event));
}
void SafeBrowsingNavigationObserverManager::RecordUserGestureForWebContents(
content::WebContents* web_contents,
const base::Time& timestamp) {
auto insertion_result =
user_gesture_map_.insert(std::make_pair(web_contents, timestamp));
// Update the timestamp if entry already exists.
if (!insertion_result.second)
insertion_result.first->second = timestamp;
}
void SafeBrowsingNavigationObserverManager::OnUserGestureConsumed(
content::WebContents* web_contents,
const base::Time& timestamp) {
auto it = user_gesture_map_.find(web_contents);
// Remove entry from |user_gesture_map_| as a user_gesture is consumed by
// a navigation event.
if (it != user_gesture_map_.end() && timestamp >= it->second)
user_gesture_map_.erase(it);
}
bool SafeBrowsingNavigationObserverManager::HasUserGesture(
content::WebContents* web_contents) {
if (!web_contents)
return false;
auto it = user_gesture_map_.find(web_contents);
if (it != user_gesture_map_.end() &&
!IsEventExpired(it->second, kUserGestureTTLInSecond)) {
return true;
}
return false;
}
void SafeBrowsingNavigationObserverManager::RecordHostToIpMapping(
const std::string& host,
const std::string& ip) {
auto insert_result = host_to_ip_map_.insert(
std::make_pair(host, std::vector<ResolvedIPAddress>()));
if (!insert_result.second) {
// host_to_ip_map already contains this key.
// If this IP is already in the vector, we update its timestamp.
for (auto& vector_entry : insert_result.first->second) {
if (vector_entry.ip == ip) {
vector_entry.timestamp = base::Time::Now();
return;
}
}
}
// If this is a new IP of this host, and we added to the end of the vector.
insert_result.first->second.push_back(
ResolvedIPAddress(base::Time::Now(), ip));
}
void SafeBrowsingNavigationObserverManager::OnWebContentDestroyed(
content::WebContents* web_contents) {
user_gesture_map_.erase(web_contents);
}
void SafeBrowsingNavigationObserverManager::CleanUpStaleNavigationFootprints() {
CleanUpNavigationEvents();
CleanUpUserGestures();
CleanUpIpAddresses();
ScheduleNextCleanUpAfterInterval(
base::TimeDelta::FromSecondsD(kNavigationFootprintTTLInSecond));
}
SafeBrowsingNavigationObserverManager::AttributionResult
SafeBrowsingNavigationObserverManager::IdentifyReferrerChainForDownload(
const GURL& target_url,
int target_tab_id,
int user_gesture_count_limit,
ReferrerChain* out_referrer_chain) {
if (!target_url.is_valid())
return INVALID_URL;
NavigationEvent* nav_event = navigation_event_list_.FindNavigationEvent(
target_url, GURL(), target_tab_id);
if (!nav_event) {
// We cannot find a single navigation event related to this download.
return NAVIGATION_EVENT_NOT_FOUND;
}
AttributionResult result = SUCCESS;
AddToReferrerChain(out_referrer_chain, nav_event, GURL(),
ReferrerChainEntry::DOWNLOAD_URL);
int user_gesture_count = 0;
GetRemainingReferrerChain(
nav_event,
user_gesture_count,
user_gesture_count_limit,
out_referrer_chain,
&result);
return result;
}
SafeBrowsingNavigationObserverManager::AttributionResult
SafeBrowsingNavigationObserverManager::
IdentifyReferrerChainByDownloadWebContent(
content::WebContents* web_contents,
int user_gesture_count_limit,
ReferrerChain* out_referrer_chain) {
if (!web_contents || !web_contents->GetLastCommittedURL().is_valid())
return INVALID_URL;
bool has_user_gesture = HasUserGesture(web_contents);
int tab_id = SessionTabHelper::IdForTab(web_contents);
return IdentifyReferrerChainForDownloadHostingPage(
web_contents->GetLastCommittedURL(), GURL(), tab_id, has_user_gesture,
user_gesture_count_limit, out_referrer_chain);
}
SafeBrowsingNavigationObserverManager::AttributionResult
SafeBrowsingNavigationObserverManager::
IdentifyReferrerChainForDownloadHostingPage(
const GURL& initiating_frame_url,
const GURL& initiating_main_frame_url,
int tab_id,
bool has_user_gesture,
int user_gesture_count_limit,
ReferrerChain* out_referrer_chain) {
if (!initiating_frame_url.is_valid())
return INVALID_URL;
NavigationEvent* nav_event = navigation_event_list_.FindNavigationEvent(
initiating_frame_url, initiating_main_frame_url, tab_id);
if (!nav_event) {
// We cannot find a single navigation event related to this download hosting
// page.
return NAVIGATION_EVENT_NOT_FOUND;
}
AttributionResult result = SUCCESS;
int user_gesture_count = 0;
// If this initiating_frame has user gesture, we consider this as the landing
// page of the PPAPI download.
if (has_user_gesture) {
user_gesture_count = 1;
AddToReferrerChain(
out_referrer_chain, nav_event, initiating_main_frame_url,
GetURLTypeAndAdjustAttributionResult(
user_gesture_count == user_gesture_count_limit, &result));
} else {
AddToReferrerChain(out_referrer_chain, nav_event, initiating_main_frame_url,
ReferrerChainEntry::CLIENT_REDIRECT);
}
GetRemainingReferrerChain(
nav_event,
user_gesture_count,
user_gesture_count_limit,
out_referrer_chain,
&result);
return result;
}
SafeBrowsingNavigationObserverManager::
~SafeBrowsingNavigationObserverManager() {}
void SafeBrowsingNavigationObserverManager::Observe(
int type,
const content::NotificationSource& source,
const content::NotificationDetails& details) {
if (type == chrome::NOTIFICATION_RETARGETING)
RecordRetargeting(details);
}
void SafeBrowsingNavigationObserverManager::RecordRetargeting(
const content::NotificationDetails& details) {
const RetargetingDetails* retargeting_detail =
content::Details<const RetargetingDetails>(details).ptr();
DCHECK(retargeting_detail);
content::WebContents* source_contents =
retargeting_detail->source_web_contents;
content::WebContents* target_contents =
retargeting_detail->target_web_contents;
DCHECK(source_contents);
DCHECK(target_contents);
content::RenderFrameHost* rfh = content::RenderFrameHost::FromID(
retargeting_detail->source_render_process_id,
retargeting_detail->source_render_frame_id);
// Remove the "#" at the end of URL, since it does not point to any actual
// page fragment ID.
GURL target_url = SafeBrowsingNavigationObserverManager::ClearEmptyRef(
retargeting_detail->target_url);
std::unique_ptr<NavigationEvent> nav_event =
base::MakeUnique<NavigationEvent>();
if (rfh) {
nav_event->source_url =
SafeBrowsingNavigationObserverManager::ClearEmptyRef(
rfh->GetLastCommittedURL());
}
nav_event->source_tab_id = SessionTabHelper::IdForTab(source_contents);
nav_event->source_main_frame_url =
SafeBrowsingNavigationObserverManager::ClearEmptyRef(
source_contents->GetLastCommittedURL());
nav_event->original_request_url = target_url;
nav_event->target_tab_id = SessionTabHelper::IdForTab(target_contents);
nav_event->frame_id = rfh ? rfh->GetFrameTreeNodeId() : -1;
auto it = user_gesture_map_.find(source_contents);
if (it != user_gesture_map_.end() &&
!SafeBrowsingNavigationObserverManager::IsUserGestureExpired(
it->second)) {
nav_event->is_user_initiated = true;
OnUserGestureConsumed(it->first, it->second);
} else {
nav_event->is_user_initiated = false;
}
navigation_event_list_.RecordNavigationEvent(std::move(nav_event));
}
void SafeBrowsingNavigationObserverManager::CleanUpNavigationEvents() {
std::size_t removal_count = navigation_event_list_.CleanUpNavigationEvents();
UMA_HISTOGRAM_COUNTS_10000(
"SafeBrowsing.NavigationObserver.NavigationEventCleanUpCount",
removal_count);
}
void SafeBrowsingNavigationObserverManager::CleanUpUserGestures() {
for (auto it = user_gesture_map_.begin(); it != user_gesture_map_.end();) {
if (IsEventExpired(it->second, kUserGestureTTLInSecond))
it = user_gesture_map_.erase(it);
else
++it;
}
}
void SafeBrowsingNavigationObserverManager::CleanUpIpAddresses() {
std::size_t remove_count = 0;
for (auto it = host_to_ip_map_.begin(); it != host_to_ip_map_.end();) {
std::size_t size_before_removal = it->second.size();
it->second.erase(std::remove_if(it->second.begin(), it->second.end(),
[](const ResolvedIPAddress& resolved_ip) {
return IsEventExpired(
resolved_ip.timestamp,
kNavigationFootprintTTLInSecond);
}),
it->second.end());
std::size_t size_after_removal = it->second.size();
remove_count += (size_before_removal - size_after_removal);
if (size_after_removal == 0)
it = host_to_ip_map_.erase(it);
else
++it;
}
UMA_HISTOGRAM_COUNTS_10000(
"SafeBrowsing.NavigationObserver.IPAddressCleanUpCount", remove_count);
}
bool SafeBrowsingNavigationObserverManager::IsCleanUpScheduled() const {
return cleanup_timer_.IsRunning();
}
void SafeBrowsingNavigationObserverManager::ScheduleNextCleanUpAfterInterval(
base::TimeDelta interval) {
DCHECK_GT(interval, base::TimeDelta());
cleanup_timer_.Stop();
cleanup_timer_.Start(
FROM_HERE, interval, this,
&SafeBrowsingNavigationObserverManager::CleanUpStaleNavigationFootprints);
}
void SafeBrowsingNavigationObserverManager::AddToReferrerChain(
ReferrerChain* referrer_chain,
NavigationEvent* nav_event,
const GURL& destination_main_frame_url,
ReferrerChainEntry::URLType type) {
std::unique_ptr<ReferrerChainEntry> referrer_chain_entry =
base::MakeUnique<ReferrerChainEntry>();
const GURL destination_url = nav_event->GetDestinationUrl();
referrer_chain_entry->set_url(destination_url.spec());
if (destination_main_frame_url.is_valid() &&
destination_url != destination_main_frame_url)
referrer_chain_entry->set_main_frame_url(destination_main_frame_url.spec());
referrer_chain_entry->set_type(type);
auto ip_it = host_to_ip_map_.find(destination_url.host());
if (ip_it != host_to_ip_map_.end()) {
for (ResolvedIPAddress entry : ip_it->second) {
referrer_chain_entry->add_ip_addresses(entry.ip);
}
}
// Since we only track navigation to landing referrer, we will not log the
// referrer of the landing referrer page.
if (type != ReferrerChainEntry::LANDING_REFERRER) {
referrer_chain_entry->set_referrer_url(nav_event->source_url.spec());
// Only set |referrer_main_frame_url| if it is diff from |referrer_url|.
if (nav_event->source_main_frame_url.is_valid() &&
nav_event->source_url != nav_event->source_main_frame_url) {
referrer_chain_entry->set_referrer_main_frame_url(
nav_event->source_main_frame_url.spec());
}
}
referrer_chain_entry->set_is_retargeting(nav_event->source_tab_id !=
nav_event->target_tab_id);
referrer_chain_entry->set_navigation_time_msec(
nav_event->last_updated.ToJavaTime());
if (!nav_event->server_redirect_urls.empty()) {
// The first entry in |server_redirect_chain| should be the original request
// url.
ReferrerChainEntry::ServerRedirect* server_redirect =
referrer_chain_entry->add_server_redirect_chain();
server_redirect->set_url(nav_event->original_request_url.spec());
for (const GURL& redirect : nav_event->server_redirect_urls) {
server_redirect = referrer_chain_entry->add_server_redirect_chain();
server_redirect->set_url(redirect.spec());
}
}
referrer_chain->Add()->Swap(referrer_chain_entry.get());
}
void SafeBrowsingNavigationObserverManager::GetRemainingReferrerChain(
NavigationEvent* last_nav_event_traced,
int current_user_gesture_count,
int user_gesture_count_limit,
ReferrerChain* out_referrer_chain,
SafeBrowsingNavigationObserverManager::AttributionResult* out_result) {
GURL last_main_frame_url_traced(last_nav_event_traced->source_main_frame_url);
while (current_user_gesture_count < user_gesture_count_limit) {
// Back trace to the next nav_event that was initiated by the user.
while (!last_nav_event_traced->is_user_initiated) {
last_nav_event_traced = navigation_event_list_.FindNavigationEvent(
last_nav_event_traced->source_url,
last_nav_event_traced->source_main_frame_url,
last_nav_event_traced->source_tab_id);
if (!last_nav_event_traced)
return;
AddToReferrerChain(out_referrer_chain, last_nav_event_traced,
last_main_frame_url_traced,
ReferrerChainEntry::CLIENT_REDIRECT);
// Stop searching if the size of out_referrer_chain already reached its
// limit.
if (out_referrer_chain->size() == kReferrerChainMaxLength)
return;
last_main_frame_url_traced = last_nav_event_traced->source_main_frame_url;
}
current_user_gesture_count++;
// If the source_url and source_main_frame_url of current navigation event
// are empty, and is_user_initiated is true, this is a browser initiated
// navigation (e.g. trigged by typing in address bar, clicking on bookmark,
// etc). We reached the end of the referrer chain.
if (last_nav_event_traced->source_url.is_empty() &&
last_nav_event_traced->source_main_frame_url.is_empty()) {
DCHECK(last_nav_event_traced->is_user_initiated);
return;
}
last_nav_event_traced = navigation_event_list_.FindNavigationEvent(
last_nav_event_traced->source_url,
last_nav_event_traced->source_main_frame_url,
last_nav_event_traced->source_tab_id);
if (!last_nav_event_traced)
return;
AddToReferrerChain(
out_referrer_chain, last_nav_event_traced, last_main_frame_url_traced,
GetURLTypeAndAdjustAttributionResult(
current_user_gesture_count == user_gesture_count_limit,
out_result));
// Stop searching if the size of out_referrer_chain already reached its
// limit.
if (out_referrer_chain->size() == kReferrerChainMaxLength)
return;
last_main_frame_url_traced = last_nav_event_traced->source_main_frame_url;
}
}
} // namespace safe_browsing
|
