File: security_state_utils.mm

package info (click to toggle)
chromium 138.0.7204.157-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,864 kB
  • sloc: cpp: 34,936,859; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,967; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (119 lines) | stat: -rw-r--r-- 4,845 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/security_state/ios/security_state_utils.h"

#include <memory>

#import "components/safe_browsing/ios/browser/safe_browsing_url_allow_list.h"
#include "components/security_state/core/security_state.h"
#include "ios/web/public/navigation/navigation_item.h"
#import "ios/web/public/navigation/navigation_manager.h"
#include "ios/web/public/security/security_style.h"
#include "ios/web/public/security/ssl_status.h"
#import "ios/web/public/web_state.h"
#include "url/origin.h"

namespace security_state {

MaliciousContentStatus GetMaliciousContentStatus(
    const web::WebState* web_state) {
  using enum safe_browsing::SBThreatType;

  // There is no known malicious content if there is no allow list or no visible
  // item.
  const SafeBrowsingUrlAllowList* allow_list =
      SafeBrowsingUrlAllowList::FromWebState(web_state);
  web::NavigationItem* visible_item =
      web_state->GetNavigationManager()->GetVisibleItem();
  if (!allow_list || !visible_item)
    return security_state::MALICIOUS_CONTENT_STATUS_NONE;

  // There is no malicious content if there is no allowed unsafe resource and no
  // pending decision.
  const GURL& visible_url = visible_item->GetURL();
  std::set<safe_browsing::SBThreatType> threats;
  bool is_unsafe_resource_allowed_or_pending =
      allow_list->AreUnsafeNavigationsAllowed(visible_url, &threats) ||
      allow_list->IsUnsafeNavigationDecisionPending(visible_url, &threats);
  if (!is_unsafe_resource_allowed_or_pending)
    return security_state::MALICIOUS_CONTENT_STATUS_NONE;

  // Return the appropriate MaliciousContentStatus from the allowed or pending
  // threat type.
  DCHECK(!threats.empty());
  switch (*threats.begin()) {
    case SB_THREAT_TYPE_UNUSED:
    case SB_THREAT_TYPE_SAFE:
    case SB_THREAT_TYPE_URL_PHISHING:
    case SB_THREAT_TYPE_URL_CLIENT_SIDE_PHISHING:
      return security_state::MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING;
    case SB_THREAT_TYPE_URL_MALWARE:
      return security_state::MALICIOUS_CONTENT_STATUS_MALWARE;
    case SB_THREAT_TYPE_URL_UNWANTED:
      return security_state::MALICIOUS_CONTENT_STATUS_UNWANTED_SOFTWARE;
    case SB_THREAT_TYPE_SAVED_PASSWORD_REUSE:
    case SB_THREAT_TYPE_SIGNED_IN_SYNC_PASSWORD_REUSE:
    case SB_THREAT_TYPE_SIGNED_IN_NON_SYNC_PASSWORD_REUSE:
    case SB_THREAT_TYPE_ENTERPRISE_PASSWORD_REUSE:
    case SB_THREAT_TYPE_BILLING:
      return security_state::MALICIOUS_CONTENT_STATUS_BILLING;
    case SB_THREAT_TYPE_MANAGED_POLICY_WARN:
      return security_state::MALICIOUS_CONTENT_STATUS_MANAGED_POLICY_WARN;
    case SB_THREAT_TYPE_MANAGED_POLICY_BLOCK:
      return security_state::MALICIOUS_CONTENT_STATUS_MANAGED_POLICY_BLOCK;
    case DEPRECATED_SB_THREAT_TYPE_URL_PASSWORD_PROTECTION_PHISHING:
    case DEPRECATED_SB_THREAT_TYPE_URL_CLIENT_SIDE_MALWARE:
    case SB_THREAT_TYPE_URL_BINARY_MALWARE:
    case SB_THREAT_TYPE_EXTENSION:
    case SB_THREAT_TYPE_API_ABUSE:
    case SB_THREAT_TYPE_SUBRESOURCE_FILTER:
    case SB_THREAT_TYPE_CSD_ALLOWLIST:
    case SB_THREAT_TYPE_AD_SAMPLE:
    case SB_THREAT_TYPE_BLOCKED_AD_POPUP:
    case SB_THREAT_TYPE_BLOCKED_AD_REDIRECT:
    case SB_THREAT_TYPE_SUSPICIOUS_SITE:
    case SB_THREAT_TYPE_APK_DOWNLOAD:
    case SB_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST:
      // These threat types are not currently associated with
      // interstitials, and thus resources with these threat types are
      // not ever whitelisted or pending whitelisting.
      NOTREACHED();
  }
  return security_state::MALICIOUS_CONTENT_STATUS_NONE;
}

std::unique_ptr<security_state::VisibleSecurityState>
GetVisibleSecurityStateForWebState(const web::WebState* web_state) {
  auto state = std::make_unique<security_state::VisibleSecurityState>();

  state->malicious_content_status = GetMaliciousContentStatus(web_state);

  const web::NavigationItem* item =
      web_state->GetNavigationManager()->GetVisibleItem();
  if (!item || item->GetSSL().security_style == web::SECURITY_STYLE_UNKNOWN)
    return state;

  state->connection_info_initialized = true;
  state->url = item->GetURL();
  const web::SSLStatus& ssl = item->GetSSL();
  state->certificate = ssl.certificate;
  state->cert_status = ssl.cert_status;
  state->displayed_mixed_content =
      (ssl.content_status & web::SSLStatus::DISPLAYED_INSECURE_CONTENT) ? true
                                                                        : false;

  return state;
}

security_state::SecurityLevel GetSecurityLevelForWebState(
    const web::WebState* web_state) {
  if (!web_state) {
    return security_state::NONE;
  }
  return security_state::GetSecurityLevel(
      *GetVisibleSecurityStateForWebState(web_state));
}

}  // namespace security_state