Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi

This commit is contained in:
Richard Barnes 2015-09-09 15:14:27 -04:00
parent 6b8f88891b
commit c67f5e2338
8 changed files with 114 additions and 5 deletions

View File

@ -142,6 +142,7 @@
#include "nsIXULRuntime.h"
#include "gfxDrawable.h"
#include "ImageOps.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "nsMemoryInfoDumper.h"
#include "nsMemoryReporterManager.h"
#include "nsServiceManagerUtils.h"
@ -4175,6 +4176,17 @@ ContentParent::RecvIsSecureURI(const uint32_t& type,
return NS_SUCCEEDED(rv);
}
bool
ContentParent::RecvAccumulateMixedContentHSTS(const URIParams& aURI, const bool& aActive)
{
nsCOMPtr<nsIURI> ourURI = DeserializeURI(aURI);
if (!ourURI) {
return false;
}
nsMixedContentBlocker::AccumulateMixedContentHSTS(ourURI, aActive);
return true;
}
bool
ContentParent::RecvLoadURIExternal(const URIParams& uri)
{

View File

@ -626,6 +626,8 @@ private:
virtual bool RecvIsSecureURI(const uint32_t& aType, const URIParams& aURI,
const uint32_t& aFlags, bool* aIsSecureURI) override;
virtual bool RecvAccumulateMixedContentHSTS(const URIParams& aURI, const bool& aActive) override;
virtual bool DeallocPHalParent(PHalParent*) override;
virtual PIccParent* AllocPIccParent(const uint32_t& aServiceId) override;

View File

@ -751,6 +751,8 @@ parent:
sync IsSecureURI(uint32_t type, URIParams uri, uint32_t flags)
returns (bool isSecureURI);
async AccumulateMixedContentHSTS(URIParams uri, bool active);
sync GetLookAndFeelCache()
returns (LookAndFeelInt[] lookAndFeelIntCache);

View File

@ -134,6 +134,7 @@ LOCAL_INCLUDES += [
'/dom/geolocation',
'/dom/media/webspeech/synth/ipc',
'/dom/mobilemessage/ipc',
'/dom/security',
'/dom/storage',
'/dom/workers',
'/editor/libeditor',

View File

@ -33,6 +33,8 @@ UNIFIED_SOURCES += [
'SRIMetadata.cpp',
]
include('/ipc/chromium/chromium-config.mozbuild')
FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
'/caps',
@ -40,5 +42,5 @@ LOCAL_INCLUDES += [
]
if CONFIG['GNU_CC']:
CFLAGS += ['-Wshadow', '-Wformat-security']
CXXFLAGS += ['-Wshadow', '-Wformat-security']
CFLAGS += ['-Wformat-security']
CXXFLAGS += ['-Wformat-security']

View File

@ -32,8 +32,13 @@
#include "nsIChannelEventSink.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "mozilla/LoadInfo.h"
#include "nsISiteSecurityService.h"
#include "mozilla/Logging.h"
#include "mozilla/Telemetry.h"
#include "mozilla/dom/ContentChild.h"
#include "mozilla/ipc/URIUtils.h"
using namespace mozilla;
@ -342,7 +347,7 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
// callers of this method don't know whether the load went through cached
// image redirects. This is handled by direct callers of the static
// ShouldLoad.
nsresult rv = ShouldLoad(false, //aHadInsecureImageRedirect
nsresult rv = ShouldLoad(false, // aHadInsecureImageRedirect
aContentType,
aContentLocation,
aRequestingLocation,
@ -381,7 +386,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// Make decision to block/reject by default
*aDecision = REJECT_REQUEST;
// Notes on non-obvious decisions:
//
// TYPE_DTD: A DTD can contain entity definitions that expand to scripts.
@ -718,6 +722,33 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
nsresult stateRV = securityUI->GetState(&state);
// At this point we know that the request is mixed content, and the only
// question is whether we block it. Record telemetry at this point as to
// whether HSTS would have fixed things by making the content location
// into an HTTPS URL.
//
// Note that we count this for redirects as well as primary requests. This
// will cause some degree of double-counting, especially when mixed content
// is not blocked (e.g., for images). For more detail, see:
// https://bugzilla.mozilla.org/show_bug.cgi?id=1198572#c19
//
// We do not count requests aHadInsecureImageRedirect=true, since these are
// just an artifact of the image caching system.
bool active = (classification == eMixedScript);
if (!aHadInsecureImageRedirect) {
if (XRE_IsParentProcess()) {
AccumulateMixedContentHSTS(aContentLocation, active);
} else {
// Ask the parent process to do the same call
mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
if (cc) {
mozilla::ipc::URIParams uri;
SerializeURI(aContentLocation, uri);
cc->SendAccumulateMixedContentHSTS(uri, active);
}
}
}
// If the content is display content, and the pref says display content should be blocked, block it.
if (sBlockMixedDisplay && classification == eMixedDisplay) {
if (allowMixedContent) {
@ -857,3 +888,54 @@ nsMixedContentBlocker::ShouldProcess(uint32_t aContentType,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
}
enum MixedContentHSTSState {
MCB_HSTS_PASSIVE_NO_HSTS = 0,
MCB_HSTS_PASSIVE_WITH_HSTS = 1,
MCB_HSTS_ACTIVE_NO_HSTS = 2,
MCB_HSTS_ACTIVE_WITH_HSTS = 3
};
// Record information on when HSTS would have made mixed content not mixed
// content (regardless of whether it was actually blocked)
void
nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive)
{
// This method must only be called in the parent, because
// nsSiteSecurityService is only available in the parent
if (!XRE_IsParentProcess()) {
MOZ_ASSERT(false);
return;
}
bool hsts;
nsresult rv;
nsCOMPtr<nsISiteSecurityService> sss = do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
return;
}
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, 0, &hsts);
if (NS_FAILED(rv)) {
return;
}
if (!aActive) {
if (!hsts) {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_PASSIVE_NO_HSTS);
}
else {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_PASSIVE_WITH_HSTS);
}
} else {
if (!hsts) {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_ACTIVE_NO_HSTS);
}
else {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_ACTIVE_WITH_HSTS);
}
}
}

View File

@ -59,6 +59,7 @@ public:
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aDecision);
static void AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive);
static bool sBlockMixedScript;
static bool sBlockMixedDisplay;
};

View File

@ -7334,6 +7334,13 @@
"n_values": 3,
"description": "A simple counter of daily mixed-content unblock operations and top documents loaded"
},
"MIXED_CONTENT_HSTS": {
"alert_emails": ["seceng@mozilla.org"],
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 10,
"description": "How often would blocked mixed content be allowed if HSTS upgrades were allowed? 0=display/no-HSTS, 1=display/HSTS, 2=active/no-HSTS, 3=active/HSTS"
},
"NTLM_MODULE_USED_2": {
"expires_in_version": "never",
"kind": "enumerated",