| // Copyright 2022 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CHROME_BROWSER_DOWNLOAD_DOWNLOAD_ITEM_WARNING_DATA_H_ |
| #define CHROME_BROWSER_DOWNLOAD_DOWNLOAD_ITEM_WARNING_DATA_H_ |
| |
| #include <optional> |
| #include <vector> |
| |
| #include "base/supports_user_data.h" |
| #include "base/time/time.h" |
| #include "components/safe_browsing/core/common/proto/csd.pb.h" |
| |
| namespace download { |
| class DownloadItem; |
| } |
| |
| // Per DownloadItem data for storing warning events on download warnings. The |
| // data is only set if a warning is shown. These events are added to Safe |
| // Browsing reports. |
| class DownloadItemWarningData : public base::SupportsUserData::Data { |
| public: |
| // The surface that the warning is shown. See |
| // go/chrome-download-warning-surfaces for details. |
| // These values are persisted to logs. Entries should not be renumbered and |
| // numeric values should never be reused. |
| enum class WarningSurface { |
| // Applicable actions: DISCARD, OPEN_SUBPAGE |
| BUBBLE_MAINPAGE = 1, |
| // Applicable actions: PROCEED, DISCARD, DISMISS, CLOSE, BACK, |
| // PROCEED_DEEP_SCAN, ACCEPT_DEEP_SCAN, OPEN_LEARN_MORE_LINK |
| BUBBLE_SUBPAGE = 2, |
| // Applicable actions: DISCARD, KEEP, PROCEED, ACCEPT_DEEP_SCAN |
| // PROCEED on the downloads page indicates saving a "suspicious" download |
| // directly, without going through the prompt. In contrast, KEEP indicates |
| // opening the prompt, for a "dangerous" download. |
| DOWNLOADS_PAGE = 3, |
| // Applicable actions: PROCEED, CANCEL |
| DOWNLOAD_PROMPT = 4, |
| // Applicable actions: OPEN_SUBPAGE |
| // Note: This is only used on Lacros. DownloadItemWarningData is only |
| // applied for v2 notifications on ChromeOS Lacros, not for the legacy |
| // ChromeOS notifications used on ChromeOS Ash and on Lacros pre-v2. Other |
| // platforms do not have desktop notifications for downloads. |
| // TODO(chlily): CLOSE should be logged as well but there is currently no |
| // way to tell when a download is dangerous on the Ash side, which handles |
| // the notification close. |
| DOWNLOAD_NOTIFICATION = 5, |
| kMaxValue = DOWNLOAD_NOTIFICATION |
| }; |
| |
| // Users action on the warning surface. |
| // These values are persisted to logs. Entries should not be renumbered and |
| // numeric values should never be reused. |
| enum class WarningAction { |
| // The warning is shown. This is a special action that may not be triggered |
| // by user. We will use the first instance of this action as the anchor to |
| // track the latency of other actions. |
| SHOWN = 0, |
| // The user clicks proceed, which means the user decides to bypass the |
| // warning. This is a terminal action. |
| // Note that this corresponds to DownloadCommands::Command::KEEP, despite |
| // the confusing naming. |
| PROCEED = 1, |
| // The user clicks discard, which means the user decides to obey the |
| // warning and the dangerous download is deleted from disk. |
| DISCARD = 2, |
| // The user has clicked the keep button on the surface, which causes another |
| // surface (e.g. download prompt) to be displayed. This is not a terminal |
| // action. |
| KEEP = 3, |
| // The user has clicked the close button on the surface. |
| CLOSE = 4, |
| // The user clicks cancel on the download prompt. |
| CANCEL = 5, |
| // The user has dismissed the bubble by clicking anywhere outside |
| // the bubble. |
| DISMISS = 6, |
| // The user has clicked the back button on the bubble subpage to go back |
| // to the bubble main page. |
| BACK = 7, |
| // The user has opened the download bubble subpage. |
| OPEN_SUBPAGE = 8, |
| // The user clicks proceed on a prompt for deep scanning. |
| PROCEED_DEEP_SCAN = 9, |
| // The user clicks the learn more link on the bubble subpage. |
| OPEN_LEARN_MORE_LINK = 10, |
| // The user accepts starting a deep scan. |
| ACCEPT_DEEP_SCAN = 11, |
| kMaxValue = ACCEPT_DEEP_SCAN |
| }; |
| |
| struct WarningActionEvent { |
| WarningSurface surface; |
| WarningAction action; |
| // The latency between when the warning is shown for the first time and when |
| // this event has happened. |
| int64_t action_latency_msec; |
| // A terminal action means that the warning disappears after this event, |
| // the download is either deleted or saved. |
| bool is_terminal_action = false; |
| |
| WarningActionEvent(WarningSurface surface, |
| WarningAction action, |
| int64_t action_latency_msec, |
| bool is_terminal_action); |
| |
| // Serializes the surface, action, and action_latency_msec into a string |
| // in a colon-separated format such as "DOWNLOADS_PAGE:DISCARD:10000". |
| std::string ToString() const; |
| }; |
| |
| // Enum representing the trigger of the scan request. |
| // These values are persisted to logs. Entries should not be renumbered and |
| // numeric values should never be reused. |
| // LINT.IfChange |
| enum class DeepScanTrigger { |
| // The trigger is unknown. |
| TRIGGER_UNKNOWN = 0, |
| |
| // The trigger is the standard prompt in the download bubble, |
| // shown for Advanced Protection or Enhanced Protection users. |
| TRIGGER_CONSUMER_PROMPT = 1, |
| |
| // The trigger is the enterprise policy. |
| TRIGGER_POLICY = 2, |
| |
| // The trigger is the encrypted archive prompt in the download |
| // bubble, which requires the password as well as the file. |
| TRIGGER_ENCRYPTED_CONSUMER_PROMPT = 3, |
| |
| // The trigger is automatic deep scanning, with no prompt, which |
| // applies only to Enhanced Protection users. |
| TRIGGER_IMMEDIATE_DEEP_SCAN = 4, |
| |
| kMaxValue = TRIGGER_IMMEDIATE_DEEP_SCAN, |
| }; |
| // LINT.ThenChange(/tools/metrics/histograms/metadata/sb_client/enums.xml) |
| |
| ~DownloadItemWarningData() override; |
| |
| // Gets all warning actions associated with this `download`. Returns an |
| // empty vector if there's no warning data or there is no warning shown for |
| // this `download`. |
| static std::vector<WarningActionEvent> GetWarningActionEvents( |
| const download::DownloadItem* download); |
| |
| // Adds an `action` triggered on `surface` for `download`. It may not be |
| // added if `download` is not dangerous, null or the length of events |
| // associated with this `download` exceeds the limit. |
| static void AddWarningActionEvent(download::DownloadItem* download, |
| WarningSurface surface, |
| WarningAction action); |
| |
| // Returns whether the download was an encrypted archive at the |
| // top-level (i.e. the encryption was not within a nested archive). |
| static bool IsTopLevelEncryptedArchive( |
| const download::DownloadItem* download); |
| static void SetIsTopLevelEncryptedArchive( |
| download::DownloadItem* download, |
| bool is_top_level_encrypted_archive); |
| |
| // Returns whether the user has entered an incorrect password for the |
| // archive. |
| static bool HasIncorrectPassword(const download::DownloadItem* download); |
| static void SetHasIncorrectPassword(download::DownloadItem* download, |
| bool has_incorrect_password); |
| |
| // Converts an `event` to the Safe Browsing report proto format. |
| static safe_browsing::ClientSafeBrowsingReportRequest::DownloadWarningAction |
| ConstructCsbrrDownloadWarningAction(const WarningActionEvent& event); |
| |
| // Returns whether we have shown a local password decryption prompt for this |
| // download. |
| static bool HasShownLocalDecryptionPrompt( |
| const download::DownloadItem* download); |
| static void SetHasShownLocalDecryptionPrompt(download::DownloadItem* download, |
| bool has_shown); |
| |
| // Returns the reason we initiated deep scanning for the download. |
| static DeepScanTrigger DownloadDeepScanTrigger( |
| const download::DownloadItem* download); |
| static void SetDeepScanTrigger(download::DownloadItem* download, |
| DeepScanTrigger trigger); |
| |
| // Returns whether an encrypted archive was fully extracted. |
| static bool IsFullyExtractedArchive(const download::DownloadItem* download); |
| static void SetIsFullyExtractedArchive(download::DownloadItem* download, |
| bool extracted); |
| |
| // Time and surface of the first SHOWN event. Time will be null if SHOWN has |
| // not yet been logged. Surface will return nullopt if SHOWN has not yet been |
| // logged. |
| static base::Time WarningFirstShownTime( |
| const download::DownloadItem* download); |
| static std::optional<WarningSurface> WarningFirstShownSurface( |
| const download::DownloadItem* download); |
| |
| private: |
| DownloadItemWarningData(); |
| |
| template <typename F, typename V> |
| static V GetWithDefault(const download::DownloadItem* download, |
| F&& f, |
| V&& default_value); |
| static DownloadItemWarningData* GetOrCreate(download::DownloadItem* download); |
| |
| std::vector<WarningActionEvent> ActionEvents() const; |
| |
| static const char kKey[]; |
| |
| base::Time warning_first_shown_time_; |
| std::optional<WarningSurface> warning_first_shown_surface_ = std::nullopt; |
| std::vector<WarningActionEvent> action_events_; |
| bool is_top_level_encrypted_archive_ = false; |
| bool has_incorrect_password_ = false; |
| bool has_shown_local_decryption_prompt_ = false; |
| bool fully_extracted_archive_ = false; |
| // Whether a "shown" event has been logged for the Downloads Page for this |
| // download. Not persisted across restarts. |
| bool logged_downloads_page_shown_ = false; |
| DeepScanTrigger deep_scan_trigger_ = DeepScanTrigger::TRIGGER_UNKNOWN; |
| }; |
| |
| #endif // CHROME_BROWSER_DOWNLOAD_DOWNLOAD_ITEM_WARNING_DATA_H_ |
