diff options
Diffstat (limited to 'chromium/components/safe_browsing/core/common')
8 files changed, 103 insertions, 34 deletions
diff --git a/chromium/components/safe_browsing/core/common/fbs/client_model.fbs b/chromium/components/safe_browsing/core/common/fbs/client_model.fbs index 2cc099860a4..7bb1c227223 100644 --- a/chromium/components/safe_browsing/core/common/fbs/client_model.fbs +++ b/chromium/components/safe_browsing/core/common/fbs/client_model.fbs @@ -39,6 +39,7 @@ table ClientSideModel { tflite_model_input_width: int (deprecated); tflite_model_input_height: int (deprecated); tflite_metadata:safe_browsing.flat.TfLiteModelMetadata; + dom_model_version:int; } root_type ClientSideModel; diff --git a/chromium/components/safe_browsing/core/common/features.cc b/chromium/components/safe_browsing/core/common/features.cc index 15ac35d23fa..f516af703a2 100644 --- a/chromium/components/safe_browsing/core/common/features.cc +++ b/chromium/components/safe_browsing/core/common/features.cc @@ -46,13 +46,25 @@ extern const base::Feature kClientSideDetectionModelTag{ const base::Feature kClientSideDetectionReferrerChain{ "ClientSideDetectionReferrerChain", base::FEATURE_ENABLED_BY_DEFAULT}; +const base::Feature kClientSideDetectionKillswitch{ + "ClientSideDetectionKillswitch", +#if BUILDFLAG(IS_MAC) + base::FEATURE_ENABLED_BY_DEFAULT +#else + base::FEATURE_DISABLED_BY_DEFAULT +#endif +}; + const base::Feature kConnectorsScanningAccessToken{ - "ConnectorsScanningAccessToken", base::FEATURE_DISABLED_BY_DEFAULT}; + "ConnectorsScanningAccessToken", base::FEATURE_ENABLED_BY_DEFAULT}; -// TODO(b/197749390): Add tests for this feature being enabled when it's -// finalized. const base::Feature kConnectorsScanningReportOnlyUI{ - "ConnectorsScanningReportOnlyUI", base::FEATURE_DISABLED_BY_DEFAULT}; + "ConnectorsScanningReportOnlyUI", base::FEATURE_ENABLED_BY_DEFAULT}; + +#if BUILDFLAG(IS_ANDROID) +const base::Feature kCreateSafebrowsingOnStartup{ + "CreateSafebrowsingOnStartup", base::FEATURE_DISABLED_BY_DEFAULT}; +#endif const base::Feature kDelayedWarnings{"SafeBrowsingDelayedWarnings", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -76,6 +88,10 @@ const base::Feature kEnhancedProtection { #endif }; +const base::Feature kEnhancedProtectionPhase2IOS{ + "SafeBrowsingEnhancedProtectionPhase2IOS", + base::FEATURE_DISABLED_BY_DEFAULT}; + const base::Feature kExtensionTelemetry{"SafeBrowsingExtensionTelemetry", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -86,6 +102,11 @@ const base::Feature kExtensionTelemetryPersistence{ const base::FeatureParam<int> kExtensionTelemetryUploadIntervalSeconds{ &kExtensionTelemetry, "UploadIntervalSeconds", /*default_value=*/3600}; + +const base::FeatureParam<int> kExtensionTelemetryWritesPerInterval{ + &kExtensionTelemetry, "NumberOfWritesInInterval", + /*default_value=*/4}; + const base::Feature kExtensionTelemetryTabsExecuteScriptSignal{ "SafeBrowsingExtensionTelemetryTabsExecuteScriptSignal", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -110,9 +131,6 @@ const base::Feature kOmitNonUserGesturesFromReferrerChain{ const base::Feature kSafeBrowsingCsbrrWithToken{ "SafeBrowsingCsbrrWithToken", base::FEATURE_DISABLED_BY_DEFAULT}; -const base::Feature kSafeBrowsingCTDownloadWarning{ - "SafeBrowsingCTDownloadWarning", base::FEATURE_DISABLED_BY_DEFAULT}; - const base::Feature kSafeBrowsingEnterpriseCsd{ "SafeBrowsingEnterpriseCsd", base::FEATURE_ENABLED_BY_DEFAULT}; @@ -129,7 +147,7 @@ const base::Feature kSafeBrowsingRemoveCookiesInAuthRequests{ const base::Feature kSendSampledPingsForProtegoAllowlistDomains{ "SafeBrowsingSendSampledPingsForProtegoAllowlistDomains", - base::FEATURE_DISABLED_BY_DEFAULT}; + base::FEATURE_ENABLED_BY_DEFAULT}; const base::Feature kSuspiciousSiteTriggerQuotaFeature{ "SafeBrowsingSuspiciousSiteTriggerQuota", base::FEATURE_ENABLED_BY_DEFAULT}; @@ -137,10 +155,6 @@ const base::Feature kSuspiciousSiteTriggerQuotaFeature{ const base::Feature kThreatDomDetailsTagAndAttributeFeature{ "ThreatDomDetailsTagAttributes", base::FEATURE_DISABLED_BY_DEFAULT}; -const base::Feature kTriggerThrottlerDailyQuotaFeature{ - "SafeBrowsingTriggerThrottlerDailyQuota", - base::FEATURE_DISABLED_BY_DEFAULT}; - const base::Feature kUseNewDownloadWarnings{"UseNewDownloadWarnings", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -168,6 +182,7 @@ constexpr struct { {&kDelayedWarnings, true}, {&kDownloadBubble, true}, {&kEnhancedProtection, true}, + {&kEnhancedProtectionPhase2IOS, true}, {&kExtensionTelemetry, true}, {&kExtensionTelemetryReportContactedHosts, true}, {&kExtensionTelemetryPersistence, true}, @@ -179,7 +194,6 @@ constexpr struct { {&kSendSampledPingsForProtegoAllowlistDomains, true}, {&kSuspiciousSiteTriggerQuotaFeature, true}, {&kThreatDomDetailsTagAndAttributeFeature, false}, - {&kTriggerThrottlerDailyQuotaFeature, false}, }; // Adds the name and the enabled/disabled status of a given feature. diff --git a/chromium/components/safe_browsing/core/common/features.h b/chromium/components/safe_browsing/core/common/features.h index 8c66f7be89f..ca50054e3a1 100644 --- a/chromium/components/safe_browsing/core/common/features.h +++ b/chromium/components/safe_browsing/core/common/features.h @@ -43,6 +43,13 @@ const char kClientSideDetectionTagParamName[] = "reporter_omaha_tag"; // Enables client side detection referrer chain. extern const base::Feature kClientSideDetectionReferrerChain; +// Killswitch for client side phishing detection. Since client side models are +// run on a large fraction of navigations, crashes due to the model are very +// impactful, even if only a small fraction of users have a bad version of the +// model. This Finch flag allows us to remediate long-tail component versions +// while we fix the root cause. +extern const base::Feature kClientSideDetectionKillswitch; + // Controls whether an access token is attached to scanning requests triggered // by enterprise Connectors. extern const base::Feature kConnectorsScanningAccessToken; @@ -53,6 +60,13 @@ extern const base::Feature kConnectorsScanningAccessToken; // instead of just showing an "Open Now" button with the blocking UI. extern const base::Feature kConnectorsScanningReportOnlyUI; +// Controls whether to connect to the Safe Browsing service early on startup. +// The alternative is to connect as soon as the first Safe Browsing check is +// made associated with a URK request. Android only. On this platform getting +// the notification about the success of establishing the connection can be +// delayed by several seconds. +extern const base::Feature kCreateSafebrowsingOnStartup; + // Controls whether the delayed warning experiment is enabled. extern const base::Feature kDelayedWarnings; // True if mouse clicks should undelay the warnings immediately when delayed @@ -65,6 +79,9 @@ extern const base::Feature kDownloadBubble; // Enables Enhanced Safe Browsing. extern const base::Feature kEnhancedProtection; +// Phase 2 of Enhanced Safe Browsing changes. +extern const base::Feature kEnhancedProtectionPhase2IOS; + // Enables collection of signals related to extension activity and uploads // of telemetry reports to SB servers. extern const base::Feature kExtensionTelemetry; @@ -75,6 +92,11 @@ extern const base::Feature kExtensionTelemetryPersistence; // Specifies the upload interval for extension telemetry reports. extern const base::FeatureParam<int> kExtensionTelemetryUploadIntervalSeconds; + +// Specifies the number of writes the telemetry service will perform during +// a full upload interval. +extern const base::FeatureParam<int> kExtensionTelemetryWritesPerInterval; + // Enables collection of telemetry signal whenever an extension invokes the // tabs.executeScript API call. extern const base::Feature kExtensionTelemetryTabsExecuteScriptSignal; @@ -96,10 +118,6 @@ extern const base::Feature kOmitNonUserGesturesFromReferrerChain; // for Enhanced Safe Browsing users extern const base::Feature kSafeBrowsingCsbrrWithToken; -// Controls whether users will see an account compromise specific warning -// when Safe Browsing determines a file is associated with stealing cookies. -extern const base::Feature kSafeBrowsingCTDownloadWarning; - // Controls whether we are performing enterprise download checks for users // with the appropriate policies enabled. extern const base::Feature kSafeBrowsingEnterpriseCsd; @@ -138,16 +156,6 @@ extern const base::Feature kTailoredSecurityIntegration; // be lower case. extern const base::Feature kThreatDomDetailsTagAndAttributeFeature; -// Controls the daily quota for data collection triggers. It's a single param -// containing a comma-separated list of pairs. The format of the param is -// "T1,Q1,T2,Q2,...Tn,Qn", where Tx is a TriggerType and Qx is how many reports -// that trigger is allowed to send per day. -// TODO(crbug.com/744869): This param should be deprecated after ad sampler -// launch in favour of having a unique quota feature and param per trigger. -// Having a single shared feature makes it impossible to run multiple trigger -// trials simultaneously. -extern const base::Feature kTriggerThrottlerDailyQuotaFeature; - // Controls whether Chrome uses new download warning UX. extern const base::Feature kUseNewDownloadWarnings; diff --git a/chromium/components/safe_browsing/core/common/proto/client_model.proto b/chromium/components/safe_browsing/core/common/proto/client_model.proto index 3c74599ef8a..920711a5700 100644 --- a/chromium/components/safe_browsing/core/common/proto/client_model.proto +++ b/chromium/components/safe_browsing/core/common/proto/client_model.proto @@ -70,9 +70,11 @@ message ClientSideModel { // Page terms in page_term contain at most this many page words. required int32 max_words_per_term = 5; - // Model version number. Every model that we train should have a different - // version number and it should always be larger than the previous model - // version. + optional int32 dom_model_version = 18; + + // The overall client model version number. Every model update should have a + // different version number and it should always be larger than the previous + // model version. optional int32 version = 6; // List of known bad IP subnets. @@ -107,7 +109,7 @@ message ClientSideModel { optional TfLiteModelMetadata tflite_metadata = 17; - // next available tag number: 18 + // next available tag number: 19 } message TfLiteModelMetadata { diff --git a/chromium/components/safe_browsing/core/common/proto/csd.proto b/chromium/components/safe_browsing/core/common/proto/csd.proto index 0ab63881eee..4112daa103f 100644 --- a/chromium/components/safe_browsing/core/common/proto/csd.proto +++ b/chromium/components/safe_browsing/core/common/proto/csd.proto @@ -109,6 +109,18 @@ message ChromeUserPopulation { // Note: This field is set as repeated to support tokens from multiple // sources. repeated PageLoadToken page_load_tokens = 14; + + // The current state of account-level enhanced safe browsing (A-ESB) as is + // known by the client. This is an optional field and represents the state of + // A-ESB as the client has observed it to be. This value will be set for sync + // users as well as signed-in users. The state on the server may be + // different from the value that the client has when setting this field. + // See: go/esb-mms-integration-dd. + optional bool is_aesb_enabled = 15; + + // The time when the account-level enhanced safe browsing (A-ESB) bit state + // was last sent updated on the client. This is an optional field. + optional int64 aesb_last_update_time_windows_epoch_micros = 16; } message ClientPhishingRequest { @@ -148,6 +160,9 @@ message ClientPhishingRequest { // sent to the scorer and which resulted in client_score being computed. repeated Feature feature_map = 5; + // The version of the DOM model used for classification + optional int32 dom_model_version = 27; + // The version number of the model that was used to compute the client-score. // Copied from ClientSideModel.version(). optional int32 model_version = 6; @@ -215,7 +230,7 @@ message ClientPhishingRequest { // users. optional VisualFeatures visual_features = 26; - // next available tag number: 27. + // next available tag number: 28. } message ClientPhishingResponse { diff --git a/chromium/components/safe_browsing/core/common/safe_browsing_prefs.cc b/chromium/components/safe_browsing/core/common/safe_browsing_prefs.cc index f63da778f92..cf55188e9e5 100644 --- a/chromium/components/safe_browsing/core/common/safe_browsing_prefs.cc +++ b/chromium/components/safe_browsing/core/common/safe_browsing_prefs.cc @@ -9,6 +9,7 @@ #include "base/metrics/histogram_macros.h" #include "base/notreached.h" #include "base/strings/string_number_conversions.h" +#include "base/time/time.h" #include "components/pref_registry/pref_registry_syncable.h" #include "components/prefs/pref_registry_simple.h" #include "components/prefs/pref_service.h" @@ -111,7 +112,8 @@ const char kAccountTailoredSecurityShownNotification[] = "safebrowsing.aesb_shown_notification"; const char kEnhancedProtectionEnabledViaTailoredSecurity[] = "safebrowsing.esb_enabled_via_tailored_security"; - +const char kExtensionTelemetryLastUploadTime[] = + "safebrowsing.extension_telemetry_last_upload_time"; } // namespace prefs namespace safe_browsing { @@ -231,6 +233,17 @@ void RegisterProfilePrefs(PrefRegistrySimple* registry) { prefs::kAccountTailoredSecurityShownNotification, false); registry->RegisterBooleanPref( prefs::kEnhancedProtectionEnabledViaTailoredSecurity, false); + registry->RegisterTimePref(prefs::kExtensionTelemetryLastUploadTime, + base::Time::Now()); +} + +base::Time GetLastUploadTimeForExtensionTelemetry(PrefService& prefs) { + return (prefs.GetTime(prefs::kExtensionTelemetryLastUploadTime)); +} + +void SetLastUploadTimeForExtensionTelemetry(PrefService& prefs, + const base::Time& time) { + prefs.SetTime(prefs::kExtensionTelemetryLastUploadTime, time); } void RegisterLocalStatePrefs(PrefRegistrySimple* registry) { diff --git a/chromium/components/safe_browsing/core/common/safe_browsing_prefs.h b/chromium/components/safe_browsing/core/common/safe_browsing_prefs.h index 05136ba29e4..c32c617df1d 100644 --- a/chromium/components/safe_browsing/core/common/safe_browsing_prefs.h +++ b/chromium/components/safe_browsing/core/common/safe_browsing_prefs.h @@ -18,6 +18,10 @@ class PrefRegistrySimple; class PrefService; class GURL; +namespace base { +class Time; +} + namespace prefs { // A list of times at which CSD pings were sent. extern const char kSafeBrowsingCsdPingTimestamps[]; @@ -123,6 +127,10 @@ extern const char kAccountTailoredSecurityShownNotification[]; // account tailored security. extern const char kEnhancedProtectionEnabledViaTailoredSecurity[]; +// The last time the Extension Telemetry Service successfully +// uploaded its data. +extern const char kExtensionTelemetryLastUploadTime[]; + } // namespace prefs namespace safe_browsing { @@ -251,6 +259,14 @@ void SetExtendedReportingPrefAndMetric(PrefService* prefs, // This variant is used to simplify test code by omitting the location. void SetExtendedReportingPrefForTests(PrefService* prefs, bool value); +// Sets the last time the Extension Telemetry Service successfully uploaded +// its data. +void SetLastUploadTimeForExtensionTelemetry(PrefService& prefs, + const base::Time& time); + +// Returns the `kExtensionTelemetryLastUploadTime` user preference. +base::Time GetLastUploadTimeForExtensionTelemetry(PrefService& prefs); + // Sets the currently active Safe Browsing Enhanced Protection to the specified // value. void SetEnhancedProtectionPrefForTests(PrefService* prefs, bool value); diff --git a/chromium/components/safe_browsing/core/common/utils.cc b/chromium/components/safe_browsing/core/common/utils.cc index e9f7c2984a5..b43b1db95cb 100644 --- a/chromium/components/safe_browsing/core/common/utils.cc +++ b/chromium/components/safe_browsing/core/common/utils.cc @@ -51,7 +51,7 @@ std::string ShortURLForReporting(const GURL& url) { ChromeUserPopulation::ProfileManagementStatus GetProfileManagementStatus( const policy::BrowserPolicyConnector* bpc) { #if BUILDFLAG(IS_WIN) - if (base::IsMachineExternallyManaged()) + if (base::IsManagedDevice()) return ChromeUserPopulation::ENTERPRISE_MANAGED; else return ChromeUserPopulation::NOT_MANAGED; |